CIM_ProcessExecutable, ROOT\cimv2 - Instances

Class | Methods | Properties (6) | Qualifiers (7) | Instances (40) | Namespaces (2)
Samples: VB Script | C# | VB.Net | Search on:Microsoft

Instances of CIM_ProcessExecutable

This section contains sample wmi instances of CIM_ProcessExecutable class with their properties from Microsoft Windows Server 2012 R2 Datacenter Evaluation.

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\wininit.exe\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\wininit.exe"' //String
   'BaseAddress' : '140702696669184' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : -431947776 //Long, 0xE6410000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\ntdll.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\ntdll.dll"' //String
   'BaseAddress' : '140722238849024' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1930362880 //Long, 0x730F0000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\KERNEL32.DLL\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\KERNEL32.DLL"' //String
   'BaseAddress' : '140722201624576' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1893138432 //Long, 0x70D70000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\KERNELBASE.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\KERNELBASE.dll"' //String
   'BaseAddress' : '140722192973824' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1884487680 //Long, 0x70530000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\msvcrt.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\msvcrt.dll"' //String
   'BaseAddress' : '140722236293120' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1927806976 //Long, 0x72E80000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\RPCRT4.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\RPCRT4.dll"' //String
   'BaseAddress' : '140722229870592' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1921384448 //Long, 0x72860000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\sechost.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\sechost.dll"' //String
   'BaseAddress' : '140722233606144' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1925120000 //Long, 0x72BF0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\profapi.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\profapi.dll"' //String
   'BaseAddress' : '140722192121856' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1883635712 //Long, 0x70460000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\wininitext.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\wininitext.dll"' //String
   'BaseAddress' : '140722192056320' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1883570176 //Long, 0x70450000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\USER32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\USER32.dll"' //String
   'BaseAddress' : '140722224496640' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1916010496 //Long, 0x72340000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\GDI32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\GDI32.dll"' //String
   'BaseAddress' : '140722228035584' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1919549440 //Long, 0x726A0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\WS2_32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\WS2_32.dll"' //String
   'BaseAddress' : '140722224037888' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1915551744 //Long, 0x722D0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\NSI.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\NSI.dll"' //String
   'BaseAddress' : '140722224431104' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1915944960 //Long, 0x72330000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\mswsock.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\mswsock.dll"' //String
   'BaseAddress' : '140722183798784' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1875312640 //Long, 0x6FC70000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\sspicli.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"532\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\sspicli.dll"' //String
   'BaseAddress' : '140722189893632' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="532"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1881407488 //Long, 0x70240000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\winlogon.exe\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\winlogon.exe"' //String
   'BaseAddress' : '140701799350272' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : -1329266688 //Long, 0xB0C50000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\ntdll.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\ntdll.dll"' //String
   'BaseAddress' : '140722238849024' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1930362880 //Long, 0x730F0000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\KERNEL32.DLL\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\KERNEL32.DLL"' //String
   'BaseAddress' : '140722201624576' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1893138432 //Long, 0x70D70000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\KERNELBASE.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\KERNELBASE.dll"' //String
   'BaseAddress' : '140722192973824' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1884487680 //Long, 0x70530000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\msvcrt.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\msvcrt.dll"' //String
   'BaseAddress' : '140722236293120' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1927806976 //Long, 0x72E80000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\advapi32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\advapi32.dll"' //String
   'BaseAddress' : '140722232885248' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1924399104 //Long, 0x72B40000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\sechost.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\sechost.dll"' //String
   'BaseAddress' : '140722233606144' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1925120000 //Long, 0x72BF0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\powrprof.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\powrprof.dll"' //String
   'BaseAddress' : '140722191728640' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1883242496 //Long, 0x70400000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\RPCRT4.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\RPCRT4.dll"' //String
   'BaseAddress' : '140722229870592' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1921384448 //Long, 0x72860000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\winlogonext.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\winlogonext.dll"' //String
   'BaseAddress' : '140722191597568' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1883111424 //Long, 0x703E0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\USER32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\USER32.dll"' //String
   'BaseAddress' : '140722224496640' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1916010496 //Long, 0x72340000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\GDI32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\GDI32.dll"' //String
   'BaseAddress' : '140722228035584' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1919549440 //Long, 0x726A0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\IMM32.DLL\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\IMM32.DLL"' //String
   'BaseAddress' : '140722232623104' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1924136960 //Long, 0x72B00000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\MSCTF.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\MSCTF.dll"' //String
   'BaseAddress' : '140722237014016' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1928527872 //Long, 0x72F30000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\profapi.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\profapi.dll"' //String
   'BaseAddress' : '140722192121856' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1883635712 //Long, 0x70460000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\winsta.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\winsta.dll"' //String
   'BaseAddress' : '140722191204352' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1882718208 //Long, 0x70380000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\uxinit.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\uxinit.dll"' //String
   'BaseAddress' : '140722162499584' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1854013440 //Long, 0x6E820000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\UxTheme.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\UxTheme.dll"' //String
   'BaseAddress' : '140722161254400' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1852768256 //Long, 0x6E6F0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\SYSTEM32\\\\combase.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\SYSTEM32\\combase.dll"' //String
   'BaseAddress' : '140722226069504' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1917583360 //Long, 0x724C0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\CRYPT32.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\CRYPT32.dll"' //String
   'BaseAddress' : '140722194808832' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1886322688 //Long, 0x706F0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\MSASN1.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\MSASN1.dll"' //String
   'BaseAddress' : '140722192842752' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1884356608 //Long, 0x70510000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\DPAPI.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\DPAPI.dll"' //String
   'BaseAddress' : '140722166824960' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1858338816 //Long, 0x6EC40000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\CRYPTBASE.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\CRYPTBASE.dll"' //String
   'BaseAddress' : '140722190483456' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1881997312 //Long, 0x702D0000
   'ProcessCount' : 6 //Long, 0x6
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\bcryptPrimitives.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\bcryptPrimitives.dll"' //String
   'BaseAddress' : '140722190090240' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1881604096 //Long, 0x70270000
   'ProcessCount' : 0 //Long, 0x0
}

Instance \\W2012SDC\ROOT\cimv2:CIM_ProcessExecutable.Antecedent="\\\\W2012SDC\\root\\cimv2:CIM_DataFile.Name=\"C:\\\\Windows\\\\system32\\\\SspiCli.dll\"",Dependent="\\\\W2012SDC\\root\\cimv2:Win32_Process.Handle=\"576\""

Properties={
   'Antecedent' : '\\.\root\cimv2:CIM_DataFile.Name="C:\\Windows\\system32\\SspiCli.dll"' //String
   'BaseAddress' : '140722189893632' //String
   'Dependent' : '\\.\root\cimv2:Win32_Process.Handle="576"' //String
   'GlobalProcessCount' : null
   'ModuleInstance' : 1881407488 //Long, 0x70240000
   'ProcessCount' : 6 //Long, 0x6
}
comments powered by Disqus
WUtils.com