Use the Windows Management Instrumentation Control to manage (locally or remotely) many aspects of a Windows machine, s.a. processes, services, startup Registry keys and folders and numerous other items.


Add the /node:[targetIP] /user:[admin_user] /password:[password] options to any WMIC command to execute it remotely on the target system. If you leave off the /user and /password, it will pass through the existing user’s credentials (see SMB Sessions).


Execute a command:

wmic process call create [command]

List processes:

wmic process list brief

Kill a process:

wmic process where processid="[PID]" delete
wmic process where name="[name]" delete

Note the [name] is typically the name of its executable, including the .exe suffix.