Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 2.26%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.10%
6.3.9600.16384 (winblue_rtm.130821-1623) 1.85%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.04%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.10%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.10%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.02%
6.2.9200.16518 (win8_gdr.130201-1704) 0.18%
6.2.9200.16398 (win8_gdr_oobssr.120820-1900) 0.14%
6.2.9200.16398 (win8_gdr_oobssr.120820-1900) 0.70%
6.2.9200.16398 (win8_gdr_oobssr.120820-1900) 0.80%
6.2.9200.16398 (win8_gdr_oobssr.120820-1900) 0.14%
6.2.9200.16384 (win8_rtm.120725-1247) 0.72%
6.2.9200.16384 (win8_rtm.120725-1247) 7.08%
6.2.9200.16384 (win8_rtm.120725-1247) 1.05%
6.2.9200.16384 (win8_rtm.120725-1247) 6.03%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.02%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.02%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.04%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.04%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.02%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.02%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.04%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 17.52%
View more

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
ReportEventW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetEntriesInAclW, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegDisablePredefinedCache, RegSetValueExW, MakeSelfRelativeSD, GetSecurityDescriptorLength, AddAce, InitializeAcl, GetLengthSid, CopySid, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegOpenKeyExW, RevertToSelf, SetThreadToken, RegisterEventSourceW, DeregisterEventSource, ImpersonateLoggedOnUser, OpenProcessToken, GetAclInformation, OpenThreadToken, ConvertStringSecurityDescriptorToSecurityDescriptorW, MakeAbsoluteSD, MapGenericMask, AccessCheck, RegQueryValueExW, GetTokenInformation, TraceMessage, RegDeleteKeyW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, EventUnregister, EventRegister, EventWrite
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-com-l1-1-0.dll
CoGetClassObject, CoCreateGuid, CoRevertToSelf, CoImpersonateClient, CoSwitchCallContext, CoGetCallContext, StringFromGUID2, CLSIDFromString, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoRegisterClassObject, CoCreateInstance, CoFreeUnusedLibrariesEx, CoInitializeSecurity, CoRevokeClassObject, CoUninitialize, CoInitializeEx
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, GetLastError, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError
api-ms-win-core-handle-l1-1-0.dll
CloseHandle, DuplicateHandle
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation, GetProcessHeap, HeapCreate, HeapDestroy, HeapAlloc, HeapFree
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapDestroy, HeapCreate, GetProcessHeap, HeapSetInformation, HeapAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedExchange, InterlockedIncrement, InterlockedDecrement, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, InterlockedIncrement
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedIncrement, InterlockedDecrement, InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-kernel32-legacy-l1-1-0.dll
GetStartupInfoA
api-ms-win-core-kernel32-legacy-l1-1-1.dll
GetStartupInfoA
api-ms-win-core-libraryloader-l1-1-1.dll
GetModuleFileNameW, GetModuleHandleExW, FreeLibrary, GetModuleHandleA, GetProcAddress
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleA, FreeLibrary, GetModuleHandleExW, GetModuleFileNameW, GetProcAddress
api-ms-win-core-localization-l1-1-1.dll
LCMapStringW
api-ms-win-core-localization-l1-2-0.dll
LCMapStringW
api-ms-win-core-localization-l1-2-1.dll
LCMapStringW
api-ms-win-core-memory-l1-1-1.dll
UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, MapViewOfFile
api-ms-win-core-memory-l1-1-2.dll
OpenFileMappingW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile
api-ms-win-core-processenvironment-l1-1-0.dll
GetCommandLineW
api-ms-win-core-processenvironment-l1-1-1.dll
GetCommandLineW
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW
api-ms-win-core-processthreads-l1-1-1.dll
TlsAlloc, TerminateProcess, GetCurrentProcessId, TlsFree, GetCurrentThreadId, CreateThread, GetCurrentProcess, SetThreadToken, GetCurrentThread, OpenThreadToken, SwitchToThread, OpenProcessToken, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
TlsAlloc, GetCurrentProcess, GetCurrentThreadId, GetCurrentThread, OpenThreadToken, GetCurrentProcessId, OpenProcessToken, SwitchToThread, CreateThread, TerminateProcess, TlsFree, SetThreadToken
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegSetValueExW, RegDeleteKeyExW, RegCreateKeyExW, RegQueryValueExW, RegCloseKey, RegOpenKeyExW
api-ms-win-core-string-l1-1-0.dll
GetStringTypeExW, CompareStringW
api-ms-win-core-synch-l1-1-1.dll
WaitForSingleObject, CreateEventW, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, SetEvent, Sleep, WaitForMultipleObjectsEx, EnterCriticalSection
api-ms-win-core-synch-l1-2-0.dll
WaitForMultipleObjectsEx, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, Sleep, WaitForSingleObject, CreateEventW, SetEvent, EnterCriticalSection, DeleteCriticalSection
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-threadpool-l1-1-1.dll
ChangeTimerQueueTimer
api-ms-win-core-threadpool-legacy-l1-1-0.dll
ChangeTimerQueueTimer
api-ms-win-eventing-provider-l1-1-0.dll
EventUnregister, EventRegister, EventWrite
api-ms-win-legacy-kernel32-l1-1-0.dll
GetStartupInfoA
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree, LocalAlloc
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, GetTokenInformation, SetSecurityDescriptorOwner, FreeSid, GetAclInformation, InitializeSecurityDescriptor, MapGenericMask, AccessCheck, MakeAbsoluteSD, RevertToSelf, MakeSelfRelativeSD, GetSecurityDescriptorLength, GetLengthSid, CopySid, AddAce, InitializeAcl, ImpersonateLoggedOnUser, AllocateAndInitializeSid
api-ms-win-security-base-l1-2-0.dll
InitializeSecurityDescriptor, RevertToSelf, MakeAbsoluteSD, ImpersonateLoggedOnUser, GetAclInformation, AllocateAndInitializeSid, AccessCheck, FreeSid, MakeSelfRelativeSD, GetSecurityDescriptorLength, AddAce, InitializeAcl, GetTokenInformation, MapGenericMask, GetLengthSid, CopySid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl
kernel32.dll
WaitForMultipleObjects, Sleep, GetCurrentThreadId, TerminateProcess, GetCurrentProcess, GetProcAddress, FreeLibrary, GetModuleHandleExW, WaitForSingleObject, DuplicateHandle, HeapSetInformation, CreateThread, lstrlenW, GetModuleFileNameW, InterlockedDecrement, GetVersionExW, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, EnterCriticalSection, LeaveCriticalSection, TlsAlloc, TlsFree, ChangeTimerQueueTimer, InterlockedExchange, InitializeCriticalSectionAndSpinCount, SwitchToThread, CreateEventW, LCMapStringW, GetTickCount, GetCurrentThread, GetStringTypeExW, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, GetProcessHeap, UnhandledExceptionFilter, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, SetEvent, InterlockedIncrement, CloseHandle, GetCurrentProcessId, GetLastError, GetCommandLineW, CompareStringW, LocalFree, InterlockedCompareExchange, DeleteCriticalSection, UnmapViewOfFile, WaitForMultipleObjectsEx
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiEventSourceDisconnect, WmiDestroyObject, WmiSetAndCommitObject
ntdll.dll
NtQuerySystemInformation, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwTraceMessage, RtlLengthSid, RtlCreateAcl, RtlNtStatusToDosError, RtlAddAccessAllowedAce
ole32.dll
CoImpersonateClient, CLSIDFromString, CoGetClassObject, CoCreateGuid, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoFreeUnusedLibrariesEx, CoRegisterClassObject, CoCreateInstance, CoInitializeSecurity, CoRevertToSelf, CoInitializeEx, StringFromGUID2, CoGetCallContext, CoSwitchCallContext, CoRevokeClassObject
user32.dll
LoadCursorW, DefWindowProcW, DeleteMenu, GetSystemMenu, UpdateWindow, ShowWindow, CreateWindowExW, RegisterClassW, LoadIconW, UnregisterClassW, DestroyWindow, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, PostMessageW

Wmiprvse.exe

WMI Provider Host by Microsoft

Remove Wmiprvse.exe
Version:   6.1.7601.17514 (win7sp1_rtm.101119-1850)
MD5:   4fb491ac8d46aaf22ba8bc5c73dabef7
SHA1:   8bf1819659b79d10121294f37f7d9cf7d95559c1
SHA256:   cbe2392792d209e15e44ac29e906ffdd5fbf6eed8bab0d97d66e109ab2c5c56e
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is Wmiprvse.exe?

WMI provides a uniform interface for any local or remote applications or scripts that obtain management data from a computer system, a network, or an enterprise. The uniform interface is designed such that WMI client applications and scripts do not have to call a wide variety of operating system application programming interfaces (APIs). Many APIs cannot be called by automation clients like scripts or Visual Basic applications. Other APIs do not make calls to remote computers.

About Wmiprvse.exe (from Microsoft)

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrati

DetailsDetails

File name:wmiprvse.exe
Publisher:Microsoft Corporation
Product name:WMI Provider Host
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\wbem\wmiprvse.exe
File version:6.1.7601.17514 (win7sp1_rtm.101119-1850)
Product version:6.1.7601.17514
Size:251.5 KB (257,536 bytes)
Digital DNA
Entropy:6.464498
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details
Network connections
  • [UDP] listens on port 59202

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.11612039%
    0.028634%
    Kernel CPU:0.08358090%
    0.013761%
    User CPU:0.03253949%
    0.014873%
    Kernel CPU time:126,969,894 ms/min
    100,923,805ms/min
    CPU cycles:4,230,575/sec
    17,470,203/sec
    Context switches:85/sec
    284/sec
    Memory
    Private memory:9.45 MB
    21.59 MB
    Private (maximum):10.49 MB
    Private (minimum):5.93 MB
    Non-paged memory:9.45 MB
    21.59 MB
    Virtual memory:59.09 MB
    140.96 MB
    Virtual memory (peak):65.05 MB
    169.69 MB
    Working set:12.59 MB
    18.61 MB
    Working set (peak):14.46 MB
    37.95 MB
    Page faults:2,345,029/min
    2,039/min
    I/O
    I/O read transfer:17.23 KB/sec
    1.02 MB/min
    I/O read operations:2/sec
    343/min
    I/O write transfer:158 Bytes/sec
    274.99 KB/min
    I/O write operations:2/sec
    227/min
    I/O other transfer:14.54 KB/sec
    448.09 KB/min
    I/O other operations:9,864/sec
    1,671/min
    Resource allocations
    Threads:10
    12
    Handles:247
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:32-bit
    Command lines:
    • C:\Windows\System32\wbem\wmiprvse.exe
    • C:\windows\syswow64\wbem\wmiprvse.exe -embedding
    • C:\windows\syswow64\wbem\wmiprvse.exe -secured -embedding
    Owner:SYSTEM
    Parent process:svchost.exe (Host Process for Windows Services by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:2.67926264%
    0.272967%
    Kernel CPU:1.54746734%
    0.107585%
    User CPU:1.13179530%
    0.165382%
    CPU cycles:57,354,339/sec
    5,741,424/sec
    Context switches:97/sec
    79/sec
    Memory:1.23 MB
    1.16 MB
    cimwin32.dll
    Total CPU:0.16651150%
    Kernel CPU:0.14069626%
    User CPU:0.02581523%
    CPU cycles:2,914,470/sec
    Context switches:4/sec
    Memory:1.29 MB
    WmiPerfClass.dll
    Total CPU:0.13383188%
    Kernel CPU:0.11105199%
    User CPU:0.02277989%
    CPU cycles:1,859,842/sec
    Context switches:4/sec
    Memory:96 KB
    ole32.dll
    Total CPU:0.06730018%
    Kernel CPU:0.00001525%
    User CPU:0.06728493%
    CPU cycles:448,976/sec
    Context switches:1/sec
    Memory:1.36 MB
    CorperfmonExt.dll
    Total CPU:0.05967504%
    Kernel CPU:0.04494606%
    User CPU:0.01472898%
    CPU cycles:1,604,050/sec
    Memory:132 KB
    perfdisk.dll
    Total CPU:0.04772130%
    Kernel CPU:0.04568847%
    User CPU:0.00203283%
    CPU cycles:45,948/sec
    Memory:40 KB
    rasctrs.dll
    Total CPU:0.02051308%
    Kernel CPU:0.01820690%
    User CPU:0.00230618%
    CPU cycles:30,813/sec
    Memory:28 KB
    wmiprvse.exe (main module)
    Total CPU:0.01742167%
    Kernel CPU:0.01356483%
    User CPU:0.00385684%
    CPU cycles:368,293/sec
    Memory:260 KB
    aspnet_perf.dll
    Total CPU:0.00648357%
    Kernel CPU:0.00648357%
    User CPU:0.00000000%
    CPU cycles:322,855/sec
    Memory:36 KB
    NCObjAPI.DLL
    Total CPU:0.00241289%
    Kernel CPU:0.00241289%
    User CPU:0.00000000%
    CPU cycles:382/sec
    Memory:60 KB
    ADVAPI32.dll
    Total CPU:0.00234404%
    Kernel CPU:0.00202159%
    User CPU:0.00032244%
    CPU cycles:10,822/sec
    Memory:640 KB
    framedynos.dll
    Total CPU:0.00001005%
    Kernel CPU:0.00001005%
    User CPU:0.00000000%
    CPU cycles:483/sec
    Memory:212 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 32.00%
    Windows 8.1 21.50%
    Windows 7 Ultimate 9.00%
    Windows 8.1 Pro 6.50%
    Windows 8 5.00%
    Windows 8 Single Language 5.00%
    Windows 8.1 Single Language 4.50%
    Windows 7 Professional 4.00%
    Windows 8 Pro 3.50%
    Windows 8.1 Pro with Media Center 2.50%
    Windows 7 Home Basic 2.50%
    Windows Vista Home Premium 1.50%
    Windows 8 Enterprise 1.00%
    Windows 8.1 N 0.50%
    Windows Seven Black Edition 0.50%
    Windows 8.1 Enterprise Evaluation 0.50%

    Distribution by countryDistribution by country

    United States installs about 44.72% of WMI Provider Host.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Dell 23.75%
    Hewlett-Packard 18.01%
    ASUS 16.86%
    Acer 12.64%
    Toshiba 8.43%
    Lenovo 8.43%
    Sony 5.36%
    GIGABYTE 2.30%
    Alienware 1.92%
    Samsung 1.53%
    Intel 0.77%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE