WMIC Discovery Chain - APT3 TTP Reconnaissance Detection

Detects wmic.exe usage for reconnaissance queries following documented APT3 TTPs: enumeration of processes, accounts, services, installed products, network shares, and patches. Characteristic pattern of hands-on-keyboard operators identified in CrowdStrike IR investigations.