Bulk WMIC Enumeration for System Discovery

Detects multiple WMIC queries executed by the same user on a host, covering enumeration of processes, operating system, accounts, services, and patches — a typical pattern of APT operators performing system discovery as described in APT hunting analysis and the distinction between legitimate IT use vs malicious activity