(CommandLine:\ \-u\ system\ * OR CommandLine:\ \-\-user\ system\ * OR CommandLine:\ \-u\ NT* OR CommandLine:\ \-u\ \"NT* OR CommandLine:\ \-u\ 'NT* OR CommandLine:\ \-\-system\ * OR CommandLine:\ \-u\ administrator\ *) (CommandLine:\ \-c\ cmd* OR CommandLine:\ \-c\ \"cmd* OR CommandLine:\ \-c\ powershell* OR CommandLine:\ \-c\ \"powershell* OR CommandLine:\ \-\-command\ cmd* OR CommandLine:\ \-\-command\ powershell* OR CommandLine:\ \-c\ whoami* OR CommandLine:\ \-c\ wscript* OR CommandLine:\ \-c\ cscript*)