Remote Execution via cmd.exe with APT Operator Pattern

Detects cmd.exe /C execution chains with chained reconnaissance commands, a pattern documented in the APT3 profile where operators run whoami, net user, and systeminfo in rapid sequence after compromising systems