Wmic

This analytic identifies the use of the WMIC command-line tool to uninstall applications non-interactively, a technique used to evade detection by removing security software, as observed in IcedID campaigns.

This analytic detects the use of `wmic.exe` with the `delete` command to terminate a process by specifying its executable path, often used to disable security tools or critical processes during the setup of malicious activities like cryptocurrency mining.