WMIC Abuse via Non-Standard Parent Process (APT-Style)

Detects WMIC.exe executions spawned by unusual parent processes matching APT reconnaissance and lateral movement techniques. Excludes legitimate management tools and classifies risk by frequency.