.. / Win32_Process

Represents a process on an operating system

Execute

Launch executable

Invoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = 'C:\tmp\implant.exe'} -CimSession $s

• Create CimSession $s using New-CimSession
• Namespace: ROOT\Cimv2

Processes

List running processes

Get-CimInstance -ClassName Win32_Process -CimSession $s | select ProcessId,Name,CommandLine | ft * -AutoSize -Wrap

• Create CimSession $s using New-CimSession
• Namespace: ROOT\Cimv2