Chained WMIC Discovery with Dynamic Risk Scoring - APT Pattern

Detects chained use of wmic.exe to execute multiple system inventory queries (users, groups, services, patches, products) by the same actor on the same host. APT actors use WMIC for silent reconnaissance before lateral movement. The query assigns a dynamic risk level (LOW/MEDIUM/HIGH) and calculates total attack duration.