Doesn't Administrator account have permission to register new system services (e.g. in services.msc) and have them run as SYSTEM account? I thought it is the case but never tried.
Yes, this is precisely how the (now owned by Microsoft) Sysinternals PsExec [1] tool can spawn a shell as SYSTEM — it creates a service which spawns a shell in your current desktop session.
its worse than that; for instance in w10 the registry will have a whole slew of SYSTEM owned items, but only the TrustedInstaller (still SYSTEM) has permissions to traverse the registry tree; sadly the specfics escape me at the moment (im pretty sure the last ASUS laptop i'll ever own corrupted the nvme drive; so replicating that project that produced the results i was seeking is on the backburner)
i was using NSudo for elevation to that scope when needed (wow looks deprecated now in favor of new tooling, neato)
Those lingering files are likely created/owned by SYSTEM
[1] https://learn.microsoft.com/en-us/windows/security/identity-...