WinMgmt.exe
- File Path:
C:\Windows\system32\wbem\WinMgmt.exe
- Description: WMI Service Control Utility
Hashes
| Type |
Hash |
| MD5 |
7EEBC2D73DB966BC35A8031FA60FC161 |
| SHA1 |
1CE5CC0376C2D939A56AEFD57465EA5D2E311DA9 |
| SHA256 |
720A7ADB445F98C7A71F406711A4AFF6C0E3143AA18A12DF851B806D2D5B00FD |
| SHA384 |
7277500DC1EF5FF3C9D916AEA774E06C16FA6CBA22702BC09812171300C0DFF742D3218D1876B7D53754D23E39334728 |
| SHA512 |
50F88D2093F0D9A3117B4C491AD58FF9E14341C9952385EF5160521938569EB93A46BD51700F193F64A38D17D7EE5C18A99ED948EB76FAFD8C677EC4DD141084 |
| SSDEEP |
1536:tX//E02UqhgvRdShIPoANJLlAXuSXv+qSFEAeOFt:omRshIPFJRAhP2EAeU |
| IMP |
2C3AB885FA820ED6993A6974E34AA636 |
| PESHA1 |
6FA978BB29316380B066BE6DA093C7EFB212FD3D |
| PE256 |
49D9CC5F2C07BAD54B4992C3C821155D5A626822D553C51D6CA2EF3EB632C4EB |
Runtime Data
Usage (stdout):
Invalid parameter
Windows Management Instrumentation
Usage: winmgmt [/backup <filename>] [/restore <filename> <flag>]
[/resyncperf] [/standalonehost [<level>]] [/sharedhost]
[/verifyrepository [<path>]] [/salvagerepository]
[/resetrepository]
/backup <filename>
Causes WMI to back up the repository to the specified file name. The
filename argument should contain the full path to the file location.
This process requires a write lock on the repository so that write
operations to the repository are suspended until the backup process is
completed.
/restore <filename> <flag>
Manually restores the WMI repository from the specified backup file.
The filename argument should contain the full path to the backup file
location. To perform the restore operation, WMI saves the existing
repository to write back if the operation fails. Then the repository is
restored from the backup file that is specified in the filename
argument. If exclusive access to the repository cannot be achieved,
existing clients are disconnected from WMI. The flag argument must be a
1 (force - disconnect users and restore) or 0 (default - restore if no
users connected) and specifies the restore mode.
/resyncperf
Registers the system performance libraries with WMI.
/standalonehost [<level>]
Moves the Winmgmt service to a standalone Svchost process that has a
fixed DCOM endpoint. The default endpoint is "ncacn_ip_tcp.0.24158".
However, the endpoint may be changed by running Dcomcnfg.exe. The level
argument is the authentication level for the Svchost process. If level
is not specified, the default is 4 (RPC_C_AUTHN_LEVEL_PKT).
/sharedhost
Moves the Winmgmt service into the shared Svchost process.
/verifyrepository [<path>]
Performs a consistency check on the WMI repository. When you add the
/verifyrepository switch without the <path> argument, then the live
repository currently used by WMI is verified. When you specify the path
argument, you can verify any saved copy of the repository. In this
case, the path argument should contain the full path to the saved
repository copy. The saved repository should be a copy of the entire
repository folder.
/salvagerepository
Performs a consistency check on the WMI repository, and if an
inconsistency is detected, rebuilds the repository. The content of the
inconsistent repository is merged into the rebuilt repository, if it
can be read. The salvage operation always works with the repository
that the WMI service is currently using. MOF files that contain the
#pragma autorecover preprocessor statement are restored to the
repository.
/resetrepository
The repository is reset to the initial state when the operating system
is first installed. MOF files that contain the #pragma autorecover
preprocessor statement are restored to the repository.
Loaded Modules:
| Path |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\wbem\WinMgmt.exe |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: winmgmt.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/720a7adb445f98c7a71f406711a4aff6c0e3143aa18a12df851b806d2d5b00fd/detection/
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.