P Philip Nunn [MSFT] Aug 31, 2004 #2 I would suggest using an 'associators of' query something like this: associators of {win32_process.handle='2604'} where AssocClass = CIM_ProcessExecutable It will return all the files that participate in execution of the process.
I would suggest using an 'associators of' query something like this: associators of {win32_process.handle='2604'} where AssocClass = CIM_ProcessExecutable It will return all the files that participate in execution of the process.
