This detection rule identifies the use of the Windows Management Instrumentation Command-line (WMIC) utility for gathering system-specific information such as the operating system details, hardware specifications (CPU, GPU, etc.), memory, display resolution, and BIOS information. The rule is particularly focused on instances where commands indicating system information are executed, specifically monitoring for particular command line inputs commonly associated with WMIC operations. Notably, certain WMIC commands were utilized by malicious software such as Aurora Stealer during late 2022 and early 2023, which elevates the necessity of this detection. The rule employs a process creation category log source and is configured to detect if WMIC is used with certain command line parameters indicative of system information querying. As the usage of WMIC can be legitimate in many contexts, understanding its invocation can help delineate between benign and potentially harmful usages, linking it to techniques identified by the MITRE ATT&CK framework (specifically, T1082) related to system information discovery. This rule carries a medium severity level and presently is in its testing phase, indicating further refinement may be necessary before full deployment.