wmic
WMIC
- Windows Management Instrumentation Command-line (WMIC) is a (now deprecated) command-line method of working with WMI.
- The new/supported method is using PowerShell, and commands can be found with
Get-Command -Noun *WMI*andGet-Command -Noun *CIM*
- The new/supported method is using PowerShell, and commands can be found with
WMIC Commands
wmic process list full- List all processes
wmic process get name,parentprocessid,processid- Shows the ID and process ID of each process running
wmic process where processid=[PID] get commandline- See what commands were used to launch the process
- Processes started through mouse/keyboard interaction list the full path of the executable
- Processes started through command line tend to only show the name of the executable and any switches used, but it's anything the person enters into the CLI
- Check the end of the BHIS-SOCC-lab-WindowsCLI for details
- See what commands were used to launch the process
Metadata
Sources
WMI command-line (WMIC) utility - Win32 apps | Microsoft Learn