LoFP / legitimate activity by administrators and scripts

condition: all of selection_*
selection_cli:
  CommandLine|contains:
  - ' use '
  - ' \\\\'
selection_img:
- Image|endswith:
  - \net.exe
  - \net1.exe
- OriginalFileName:
  - net.exe
  - net1.exe