Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-12 14:21:37 | 2025-06-12 14:52:24 | 1847 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,490 [root] INFO: Date set to: 20250611T17:27:30, timeout set to: 1800 2025-06-11 18:27:30,329 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad 2025-06-11 18:27:30,329 [root] DEBUG: Storing results at: C:\nvRcCS 2025-06-11 18:27:30,329 [root] DEBUG: Pipe server name: \\.\PIPE\ygcqzFMNOh 2025-06-11 18:27:30,329 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 18:27:30,329 [root] INFO: analysis running as an admin 2025-06-11 18:27:30,345 [root] INFO: analysis package specified: "exe" 2025-06-11 18:27:30,345 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 18:27:31,173 [root] DEBUG: imported analysis package "exe" 2025-06-11 18:27:31,173 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 18:27:31,173 [lib.common.common] INFO: wrapping 2025-06-11 18:27:31,173 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 18:27:31,173 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\wmpnetwk.exe 2025-06-11 18:27:31,173 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 18:27:31,173 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 18:27:31,173 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 18:27:31,173 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 18:27:31,376 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 18:27:31,423 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 18:27:31,485 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 18:27:31,501 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 18:27:31,517 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 18:27:31,517 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 18:27:31,517 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 18:27:31,517 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 18:27:31,517 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 18:27:31,517 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 18:27:31,517 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 18:27:31,517 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 18:27:31,517 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 18:27:31,517 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 18:27:31,517 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 18:27:31,517 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 18:27:31,532 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 18:27:31,532 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 18:27:31,688 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-11 18:27:31,688 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 18:27:31,688 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 18:27:31,688 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 18:27:31,688 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 18:27:31,688 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 18:27:31,688 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 18:27:31,704 [modules.auxiliary.disguise] INFO: Disguising GUID to 39b7a744-2c4b-4000-9bd2-b2682ae61ef5 2025-06-11 18:27:31,704 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 18:27:31,704 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 18:27:31,704 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 18:27:31,704 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 18:27:31,704 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 18:27:31,704 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 18:27:31,704 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 18:27:31,704 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 18:27:31,704 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 18:27:31,704 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 18:27:31,720 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 18:27:31,720 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 18:27:31,720 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 18:27:31,720 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 18:27:31,720 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 18:27:31,720 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 18:27:31,720 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 18:27:31,735 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 18:27:31,735 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\SvhbRq.dll, loader C:\tmpjeo7jmad\bin\DAYmMlFe.exe 2025-06-11 18:27:31,814 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 18:27:31,814 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\SvhbRq.dll. 2025-06-11 18:27:31,860 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 18:27:31,860 [root] INFO: Disabling sleep skipping. 2025-06-11 18:27:31,860 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 18:27:31,860 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 18:27:31,860 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 18:27:31,860 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 18:27:31,860 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 18:27:31,876 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 18:27:31,892 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 18:27:31,892 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 18:27:31,892 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8247D0000, thread 6136, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000 2025-06-11 18:27:31,892 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 18:27:31,892 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 18:27:31,907 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 18:27:31,907 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\SvhbRq.dll. 2025-06-11 18:27:31,907 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 18:27:31,907 [root] DE <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-12 14:21:37 | 2025-06-12 14:52:04 | none |
File Details
| File Name |
wmpnetwk.exe
|
|---|---|
| File Type | PE32+ executable (console) x86-64, for MS Windows |
| File Size | 1114112 bytes |
| MD5 | da094771c21f8fd92c4a68312a087a4d |
| SHA1 | 90e41a9a15318d64135ceed624d8345fb04929e7 |
| SHA256 | a9c8dc72b50c0deaf09db1eae874d892082cdaa42a51b99a09e4f93c43d3d78e [VT] [MWDB] [Bazaar] |
| SHA3-384 | 5287e22c48fae33ddb89e62f31162fd9ac1bded0f56df7b082af62284bea03ae2771a6ea9cdfd8d84f6f71bd948b0d64 |
| CRC32 | CB0DD4BB |
| TLSH | T197356C15A3CC4095D1BB917889668F4AFAB1780E1F328ACB0270A71C2F77AE55F35B16 |
| Ssdeep | 24576:hvsnwi/wc5wv5WD9JrhUgRGjrn7VyhEKI:anwiIowv+rK3nByhEK |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
fD9$Fu
T$lA+
@.data
D$hE3
Software\Microsoft\MediaPlayer\Preferences\HME
urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar
SVWATAVAWH
microsoft:userEffectiveRatingInStars
FIpSinkProtocolInfoWWW
pA_ARG_TYPE_ObjectIDd
Search_Sort_Criteria
B I;@(u
t0fA90u
t*E8b
hA_A^A]A\_^[]
<friendlyName>
StartingIndex
MFCreateWMPMDEOpCenter
H9C0w
t#D8y
t*@8q
GetStartupInfoW
IUPnPService_ContentDirectoryWWWd
x ATAUAWH
APPID
Hcq A
f9<Ju
Objwriter_Act_Write_Album_Art_Element
IsStream
<r,L;
microsoft:artistConductor
WATAUH
sX9shv
fD9<Ou
r-D;u
<mimetype>image/png</mimetype>
pA_ARG_TYPE_ConnectionManagerWWW
fD9!tUM
fD91I
H;F(u
System.Search.EntryID IS NOT NULL
u*9Q<|%
A_ARG_TYPE_ResultWWW
t'A8Z
tCfE9
fC94Yu
t.fA99t+I
Composer
@A_A\_
DLNADOC/
t5fE90u
System.Media.ClassSecondaryID = '{E3E689E2-BA8C-4330-96DF-A0EEEFFA6876}'
T$ Hc
;\$Ps
t0fE99u
A_A^A\_^][
t:fD91u
tcE8b
no space on device
IsDeviceGiven
Property SystemUpdateIDWWW
t!A8r
t$ fD
upnp:channelName
8r'Hk
C$9wLu
Gpf9T
RegSetValueExW
MDE ID
object.container.album.musicAlbum
GetSecurityDescriptorControl
fC9,Yu
System.Media.UniqueFileIdentifier
not a directory
Property SourceProtocolInfoWWW
fD9$Bu
CertNameToStrW
]@t3H
(CONTAINS(System.ContentType, 'audio/') AND NOT
xmHcK
<DIDL-Lite xmlns:dc="http://purl.org/dc/elements/1.1/"
D9t$@u
upnp:producer
Malgun Gothic
(System.Media.Duration IS NOT NULL AND System.Media.Duration <= %I64d)
HasRenderingControl
SetEntriesInAclW
@Searchable
@A_A^A]_]
t%@8y
UVATAVAWH
t0fD92u
DeleteTimerQueueTimer
H AVH
JPEG_LRG
AND System.Rating >= %d
GetCurrentConnectionInfo
VWAVH
upnp:storageTotal
8_^][
audio/L16
sH9sXv
PA_A^A]A\_^[
u99t$`u3H
http-get:*:
(System.Music.AlbumTitle IS NOT NULL AND NOT System.Music.AlbumTitle LIKE '%
t-E8B
system
f94Gu
SystemUpdateIDWW
o\$PH
+D$lD3
Microsoft Corporation
Search_Write_Result
T$(fD
L$hf9
LoadLibraryExW
t,E8b
memcmp
PathFindFileNameW
CountAdded
microsoft:authorComposer
System.Author
SELECT System.Title FROM SystemIndex
Is_Allowed
OutputDebugStringA
MaxLength
Dw=]:s
_XcptFilter
DlnaFriendlyName
Browse_Sort_Criteria
0A_A^A]A\]
D$BD9m
@(H;C(u
X\?E/5
_lock
GetNameInfoW
USVWATAUAVAWH
E;Fx|
0123456789
@SUVWAVH
H;C(u
Property A_ARG_TYPE_ConnectionManagerW
fD9<ru
WS2_32.dll
\$@A;
t(fA91t%I
[%ws]
tU@8y
resource unavailable try again
FindCloseChangeNotification
_initterm
+:10245
.?AVlogic_error@std@@
stdole2.tlbWWW
fD9,Bu
SetServiceStatus
0,1,6
.idata$5
LcD$xA
LoadLibraryW
]`D9c
L$ VWATAVAWH
Linksys
fE92L
x#HcL$@H
l$PE3
l$8E3
not connected
CoMarshalInterface
BrowseDirectChildren
System.Rating IS NOT NULL AND System.Rating >= %u AND System.Rating < %u
TYPELIB
protocol_not_supported
A_A]A\_^
PSGetPropertyDescriptionByName
S~=5p
Content Type
h H;{
.pdata
H9Y(vH
u#D9R
NtQuerySystemInformation
HcVLH
wcschr
CLSIDFromProgID
<microsoft:remoteConnection>
Microsoft
image/jpeg
i^pPeerConnectionManagerWW
desc@id
ImageState
WMP_Search
t)A8Z
D9L$l
operation_in_progress
D$0Lc
.didat$2
<friendlyName>%FRIENDLYNAME%</friendlyName>
@UVWAVAWH
t$PHc
%' OR (System.Media.SubTitle IS NULL AND System.Title IS NOT NULL AND NOT System.Title LIKE '%
t6fA9
L95Lz
</friendlyName>
fD9,Hu
D9|$4A
pRegistrationRespMsg
^[0-9A-F][0-9A-F]-[0-9A-F][0-9A-F]-[0-9A-F][0-9A-F]-[0-9A-F][0-9A-F]-[0-9A-F][0-9A-F]-[0-9A-F][0-9A-F]$
Microsoft JhengHei UI
GetSystemUpdateID
.?AVCAtlException@ATL@@
A^A\_
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
MPEG1
0StartingIndexWWW
tD9whu0D9wlu*
.data$r$brc
desc@type
a([a-zA-Z0-9])
Property X_RemoteSharingEnabledWWW
G.f;E
CloseServiceHandle
D-Link Systems, Inc
Verify_UPnP_Class
host_unreachable
DLNA.ORG_OP=
audio/L16;rate=44100;channels=2
System.RecordedTV.RecordingTime
OANOCACHE=1
System.Audio.SampleRate
WMCID
BrowseFlagWW
f;D$8
fD94Bu
Method BrowseW
</modelName>
ew0hp
SetEvent
connection refused
read only file system
A_ARG_TYPE_SearchCriteriaWWW
KeepAwake
_exit
v@M9>
0,2,A
DisableRMESetting
fD9,Ou
H;F`u
L;s(u
%SERIALNUMBER%
</SOAP-ENV:Body></SOAP-ENV:Envelope>
fD9,Zu
m]#0D
RegSetKeySecurity
heightAspect
ORDER BY System.ItemNameDisplay ASC
fE9$Hu
t$@8q
operation would block
t D8a
0A^_^
<depth>16</depth>
HttpTerminate
System.ItemType
thumbnail=true,
0,2,E
upnp:searchClass@name
fB9,_u
f9,Xu
<SCPDURL>Network Sharing\ConnectionManager.xml</SCPDURL>
b6:oC
;\$@tHA
SearchCapabilitiesWW
f4Og|
Rockford Corporation
0A_A^A\_^
fC9<Yu
|$pA;
Method UpdateObjectWWW
D;W8|
System.DRM.IsProtected
A9RXu
object.item.videoItem.movie
WMC_On_Content_Prov_Added
urn:upnp-org:serviceId:ConnectionManager
p WAVAWH
tDL;H u
towupper
SHCreateItemFromParsingName
H;{xr
WTSEnumerateSessionsW
SearchCapabilities
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
F D9|(
D$,f9C
System\CurrentControlSet\Control\Lsa
Ic_ M9w
MinStars
PathCreateFromUrlW
t=fD;?t7H
<serialNumber>%SERIALNUMBER%</serialNumber>
D+t$lI
CoCreateInstance
H9HPI
HttpDeleteServiceConfiguration
TEMP(
pA^A]A\_^[]
!t$xH
x9L9w
System.Music.Composer
AllStars
fD;?t
fD9<Vu
uYL9w
http://+:10243/WMPNSSv4/
t0fE9*u
9|$PvoH
upnp:writeStatus
t*D8i
cH;~Xw4H
\$xE+
Yu Gothic UI Semibold
argument out of domain
RMEClientAuthentication
{D1607DBC-E323-4be2-86A1-48A42A28441E}
fG94Qu
HA_A^_^[]
audio/L8;
t"D8y
System.Shell.SFGAOFlagsStrings = SOME ARRAY['stream'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['hidden'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['link'] AND System.Shell.OmitFromView != 'true' AND System.ContentType IS NOT NULL
H;Q(tIH
.CRT$XIA
x{HcK
RtlNtStatusToDosError
RequestsOutstanding
A;JPv
Update_Requests_Oustanding
https://+:10245/WMPNSSv4/%ls/
Svc_Is_Authorized
B(I;@(u
iT$`p
|$(E3
DispatchMessageW
audio/L16;rate=44100;channels=8
<microsoft:magicPacketWakeSupported xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0">1</microsoft:magicPacketWakeSupported>
fB94Iu
LcJ E3
OpenEventW
Microsoft JhengHei UI Bold
connection_already_in_progress
xRH;{
generic
<width>48</width>
L!M@H
HTTPAPI.dll
ResetEvent
SourceProtocolInfoWW
t5D8`
L$l;M
K SUVWATAVAWH
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
AllowRMESharingOnDomainForTest
FileDescription
t(D8y
t'fD;G
HasConnectionManager
DSM-320RD
ul%G1
r8I;^
\Videos.library-ms
Criteria
WrittenCount
A D9X
fD;t$8
Svc_Filter_Endpoint
f;D$ u)
CreatePropertyStore
UWATAVAWH
H;S v
\$@E9l$
MHL9>t
bgOne
9D$hu$D9}
FunctionalDMRCount
WHERE System.Music.AlbumTitle IS NULL AND
ntdll.dll
fD;DC
fA91M
fD;7t
t";{
D$HL+
no stream resources
0,3,B
UVWAUAWH
<microsoft:remoteUrl>
WMVSPML_BASE
upnp:storageMedium
TEMP8
pA_ARG_TYPE_IndexWWWd
directory not empty
t(@8q
UserRating
win:Informational
InitializeCriticalSection
Hct$xH;w
UPHcE`Hk
A_A^A\_^
D;SXr
uHf9C
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
L$hE3
WMPAtom
t.f9*u
network reset
UnregisterGPNotification
microsoft:userRatingInStars
l$`M;
object.item.videoItem.musicVideoClip
System.Music.Genre
l$0E3
%s AND %s IS NULL
A_ARG_TYPE_Direction
NtAllocateLocallyUniqueId
DLNAProfileIDNumber
Property ContainerUpdateIDsWWW
D;L$ps
HcB H
LsaLookupAuthenticationPackage
AND System.Rating IS NULL
UPnPDeviceID
FALSE
DLNA.ORG_PN=
N0I!~(
D$(E3
0,1,7
System.Video.FrameHeight
fD9<Hu
fD;,Ct
Software\Microsoft\Multimedia\WMPlayer\Extensions\
A_ARG_TYPE_UpdateIDW
fA9<Hu
fA9,Qu
SetSecurityDescriptorGroup
object.item.videoItem
<library>
no protocol option
Svc_Register_Device_Reg_Device
boolean
%ls %ls
DeviceDiscovery
t"A8z
(System.Media.ClassSecondaryID = '{BA7F258A-62F7-47a9-B21F-4651C42A000E}' OR CONTAINS(System.Kind, 'recordedtv') AND (System.Media.ClassSecondaryID IS NULL OR System.Media.ClassSecondaryID = '{00000000-0000-0000-0000-000000000000}'))
CDS_On_Container_Changed
0A_A^_^]
pA_A^A]A\^[]
ConvertSidToStringSidW
GetTickCount64
;DLNA.ORG_MAXSP=
UWATH
WMP_On_Container_Changed
H VWATAUAVH
L$(E3
video/3gpp2
H UATAUAVAWH
memmove_s
System.Media.SubTitle IS NOT NULL AND System.Media.SubTitle LIKE '%
no buffer space
EwD9`
u~9E(uyH
UVWAVAWH
uoH9u
L$0E3
GetDynamicTimeZoneInformation
t D8y
L$8H3
Method IsAuthorizedWWW
punkRemoteEndpointInfoWW
H;^(r
WMDRM_
9\$@|
ElementExists
UATAWH
A_A^A\_]
%' OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NULL AND CONTAINS(System.Keywords, '
I9^`v,I;^`
System.Media.ContentDistributor
</m:%lsResponse>
\$PD9l$D
D;t$xr
9t$`}
fD94Zu
System.Title IS NOT NULL AND System.Title != '
Generate_Album_Art_Element
ValidationSucceededUpdateIDW
D9t$xu
t.E8z
H!\$0E3
9\$0|
L9c`t
TerminateProcess
System.Search.EntryID IS NULL
H!_8H
ext-ms-win-casting-receiver-l1-1-0
t'@8y
u8D9R
Dw=y:s
t-fD9)t*I
format
f9,Au
]fpA_ARG_TYPE_TagValueListd
D;Blt
<manufacturer>Microsoft Corporation</manufacturer>
L;a(H
D$X9X
t5fE9!u
H;A u
t'HcI
\$ A;
H;^(u
IS NOT NULL
t.fE9(u
fD9<zu
CompareStringW
pX_RemoteSharingEnabledWd
A_A^A]
CONTAINS(System.Kind, 'picture') AND
k AVH
folderPath
Global\%ls
fD9t$`
bad_address
@A_A^A]A\_^[
object.item.imageItem
@USVWATAUAWH
System.Video.FourCC
0A^A\_
C(H;F(u
PA_A^A\_^
formatID=%u
PropVariantToString
xNA;X
HttpQueryServiceConfiguration
tKE8j
ChangeServiceConfig2W
.text$x
<eventSubURL></eventSubURL>
fD;8u5
T$ E3
D$h9X
not_connected
_wtoi
albumArt
too many links
IsValidated
f9,Ju
On_Suspend
x_HcA
SockAddr
D$"f9C
Obj_Initialize
rtsp-rtp-udp
wcstoul
Results_Initialize
fE9,Hu
4NH;t$8
.xdata$x
f;D$pu
L$HH3
WATAWH
MPEG_PS_PAL_XAC3
A^_^
TotalRetry
GetModuleHandleW
Segoe UI
D$p0u
microsoft:sourceUrl
IcF H
D9#uJH
inappropriate io control operation
ORDER BY
%lsCount
NdisPMCapabilityState
L$ E3
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Server Settings
upnp:originalTrackNumber
Check_Server_KeepAwake
upnp:episodeNumber
.giats
MPEG4_P2_ASF_SP_G726
VAVAWH
.rsrc
D9l$X
fD9<Fu
xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0/"
connection reset
|$0H!D$ L
9^ t1H
CertCreateContext
height
=v@H+
connection aborted
t#A8B
Microsoft-Windows-WMPNSS-Service/Diagnostic
0A_A^_
t.E8j
OriginalFilename
win:Start
PstValidate
LG Electronics, Inc.
t&@8q
LsaLookupNames2
XA_A^_^[]
destination_address_required
Property SortCapabilitiesW
FileTimeToSystemTime
NetworkID
tCfD9
CurrentConnectionIDs
upnp:storageMaxPartition
Manufacturer
System.ItemNameDisplay
t!D8a
|$`M;
MaxSearchBrowseOutstanding
D;Shr
PowerCreateRequest
fE94Iu
EL9BL
8}u@H
TEMP\
fD94Au
audio/3gpp
VWATH
D;d$hs
microsoft:authorOriginalLyricist
CompatFlags
Callback
GetFullPathNameW
fA9,@u
System.Keywords
) OR (System.RecordedTV.OriginalBroadcastDate IS NULL AND System.RecordedTV.RecordingTime IS NOT NULL AND
fE94Du
D9p s
pSearchCapabilitiesWd
<url>Network Sharing\wmpnss_color48.bmp</url>
Svc_Register_Device_Start_Detection
WTSQuerySessionInformationW
fA94Hu
upnp:scheduledStartTime
UVWATAUAVAWH
L9n0u~
t'D8a
CloseHandle
|$(M;
@A__^
H;_(sDH
0A^A]_
f;D$ u3L
@.reloc
fE9:L
t,A8B
swscanf
HasAVTransport
PA]A\_
L9<1tNH
H;Gxt
9\$Xu8D
HA_A^A]A\_^[]
0A_A^A]_^
Q D9Z
t$E8r
L$x;M
WSALookupServiceBeginW
width
l$xE3
D$@L+
%MAGICPACKETELEMENT%
LoadResource
_purecall
A_ARG_TYPE_RcsID
\7\H;
_BrowseWW
L9@XH
WSOCK32.dll
JfD;m
T$(fA
ChangeServiceConfigW
timed_out
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\MAC Access Control
H;P(u
GetSystemTimeAsFileTime
ALLIP
A_ARG_TYPE_TagValueListW
A^_]
0,1,4
9D$pu!D9u
fE9,Ku
TEMP$
I\$xH
xKD9}
level="asInvoker"
F D9<(
ConnectionID
pSearchCapsWd
07gY79
,IFOFile=true
D$P9\$Du
xv#?H
</serviceList>
t$HL9w
_ltow_s
??0exception@@QEAA@AEBQEBDH@Z
System.Media.MCDI
xXfD;e
ID$hA
object.container
t E8z
RME_LIVE_LIBRARY_OWNER_PSEUDO_MAC_ADDR
Leelawadee UI Bold
SetUnhandledExceptionFilter
dt:dt
res@av:imageConvertBGColor
wcscmp
_xH9_
D$`f;
network down
System.Media.Writer
A;v s
<mimetype>image/bmp</mimetype>
System.Video.FrameRate
System.Audio.ChannelCount
executable format error
B D9X
albumArt=true
floor
D$ E3
.text
upnp:storageFree
C89F8u
fD9,Gu
l$PD8i
@parentID
s89sHv
@UATAUAVAWH
H;Opu
\pA_ARG_TYPE_ConnectionStatus
GetIpAddrTable
pA__^[]
w$H;q
fE99H
.rdata$brc
Conductor
@USVWATAUAVH
@E9l$
TotalUDNRenderersAdded
ControlService
pCurrentConnectionIDsWWW
<modelName>
WAUAVH
Obj_Get_Artist_Author_Element_Data
9\$Xu-A
TEMP`
D9fLt
t!@8i
UpdateObject
hu1/[^
{6FB2E74A-B8CB-40BB-93F3-FAC5F00FA203}
FailureReason
t-fD9)t*H
formatID
microsoft:artistAlbumArtist
t-f99t+I
uWf9_
https://
microsoft:artistPerformer
LocalAlloc
tDf9E
upnp:userAnnotation
L9u0u8
.idata$4
http-get:*:audio/L16:*,http-get:*:audio/wav:*,http-get:*:audio/mpeg:*,http-get:*:audio/x-ms-wma:*,http-get:*:audio/L8:*,http-get:*:video/avi:*,http-get:*:video/mpeg:*,http-get:*:video/x-ms-wmv:*,http-get:*:video/x-ms-asf:*,http-get:*:video/x-ms-dvr:*,http-get:*:image/bmp:*,http-get:*:image/gif:*,http-get:*:image/jpeg:*,http-get:*:image/png:*,http-get:*:image/tiff:*,http-get:*:image/x-ycbcr-yuv420:*
MS-DeviceCaps/
music
PowerClearRequest
18,1B
fD9,pu
DeviceType
D$tD3
fE94Hu
PA^_]
t&A9B@t
Callback_Get_Object
Microsoft YaHei UI Bold
HttpInitialize
__dllonexit
t%E8j
connection_aborted
identifier removed
qq@cS
RegEnumKeyExW
MPEG4_P2_ASF_ASP_L5_SO_G726
GetStringTypeExW
&
8<t'fA
r0L;{
u$;Wlu
pA_ARG_TYPE_RegistrationReqMsgWW
rtsp://
CP_Get_Attrib
operation not supported
InitializeSecurityDescriptor
cross device link
MFAllocateWorkQueueEx
HcT$hH;S
Convert_Sort
System.ItemType IS NULL
urn:upnp-org:serviceId:ContentDirectory
HttpUserAgent
fD91t
D$(L+
5pA_ARG_TYPE_ConnectionID
LsaLogonUser
z([0-9]+)
%s AND CONTAINS(%s, '%s')
fD9,zu
xjHcK
CONTAINS(%s, '%s')
__C_specific_handler
@USVWAVAWH
f9<Au
{01CD0F29-DA4E-4157-897B-6275D50C4F11}
t0fE9+u
TraceMessage
A_ARG_TYPE_Index
%ux%u
object.container.album.photoAlbum
Objwriter_Get_Element_Value
t$D8y
0A_A^A]A\_^]
%REMOTEELEMENT%
no link
System.Media.Year
VUUUE3
CertFreeCertificateContext
Software\Microsoft\MediaPlayer\Preferences\HME\
DLNA.ORG_PN
|$@E3
pku2u
upnp:longDescription
oLW\f
TEMP0
l}AuthorizationGrantedUpdateID
System.Image.BitDepth
CreateEventW
BrowseIndex
bad allocation
K@@8y(t
OR System.Rating IS NULL
DeleteObject
I H;O(u
win:Verbose
9^4u29^8u-H
t"@8i
t$ WH
.text$mn$00
CharUpperBuffW
System.Video.Compression
SetLastError
0,1,5
Filter
SendARP
F 9C uMH
t-D8a
H9\$X
.rsrc$01
Method IsValidated
UserLiveIDs
Microsoft JhengHei UI Light
%' OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NOT NULL AND NOT System.Title LIKE '%
control
ContainerID
Y@H9;u%L
\$hHc|$0
;FilterWW
System.Audio.EncodingBitrate
\Music.library-ms
A_A^A]A\_^[]
fA9,Hu
RegDeleteValueW
D$pE3
_wputenv
D$xE9G
CDS_Search
Svc_Query_Mediaserver
</UDN>
D;l$0u
x"f;l$`t
A_A^A]
MFCreateMFByteStreamOnStream
t#A8z
<specVersion>
IUPnPDevice
System.Image.HorizontalSize
A_ARG_TYPE_AVTransportID
WMPPlayer-RMEAllowed
Svc_Is_Validated
@refID
On_Content_Prov_Changed
InitializeAcl
NetApiBufferFree
qsort_s
System.Title
USERENV.dll
8BtAf
<server xmlns="urn:schemas-microsoft-com:WMPNSSRME-1-0/">
<device>
Lct$`M
GetSecurityDescriptorDacl
System.RecordedTV.StationName
upnp:searchClass
upnp:rating
http-get:
GetTraceEnableLevel
permission_denied
Convert_Query
<serviceType>urn:schemas-upnp-org:service:ContentDirectory:1</serviceType>
x!f;l$`t
_CxxThrowException
m`D;}
System.Photo.DateTaken
$(SQO
t5fE9)u
res@protection
LeaveCriticalSection
RequestedCount
L$ USVWAVH
H9C(u
tW@8y
resource deadlock would occur
WSALookupServiceNextW
Objwriter_Get_Res_Elements
<manufacturerURL>http://www.microsoft.com</manufacturerURL>
too many files open in system
X_GetRemoteSharingStatus
t3D9k
wPH!\$(!\$ L
fE9 H
Method GetProtocolInfo
IsControlPoint
GetTraceLoggerHandle
ElementCount
SELECT System.ItemNameDisplay, System.FileAttributes FROM SystemIndex WHERE System.Shell.SFGAOFlagsStrings = SOME ARRAY['stream'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['hidden'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['link'] AND System.Shell.OmitFromView != 'true' AND System.ContentType IS NOT NULL
audio/vnd.dlna.adts
address not available
C,H;s
<serviceType>urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1</serviceType>
IsSelected
dc:description
Microsoft Corporation. All rights reserved.
Xbox 360
.?AVexception@@
MUSIC
L$PH3
message size
D9d$Tt
L$PI;
^:fE9
H;O(tSH
<description>Media Sharing Service</description>
SUCCEEDED
pSourceW
@A^_^][
.text$yd
\$PD9k
@A^A]A\_^
fA94Fu
System.Rating IS NOT NULL AND System.Rating >= %u
D9t$@
tAD9 u<D9`
%DLNAELEMENT%%REMOTEELEMENT%%MAGICPACKETELEMENT% <iconList>
WMABASE
WATAVH
t5fA98u
LcA<E3
DONOTAuthenticateRMEClient
t7fE9
ws2_32.dll
fE98D
@USVWAUAVAWH
D9d$4u-D9
EvA_ARG_TYPE_Count
Wadvapi32.dll
f;D$huQD
image/x-ycbcr-yuv420
D9|$xt
System.Comment
t"D8i
._%')
TEMPD
TotalDevicesAdded
H WATAUAVAWH
|$`E9l$
<%ls>
upnp:albumArtURI
res@av:pixelAspectRatio
fE9<Ju
Objwriter_Act_Write_Res_Element
Property A_ARG_TYPE_Result"
ServiceName
%s LIKE '%%%s%%'
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
byjA`
RegisterWaitForSingleObject
H!|$hH
fE9"L
XA_A^A\_^[
%' OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NOT NULL AND System.Title LIKE '%
`A_A^A]A\_^]
l$ E3
protocol not supported
D$xD3
Obj_Get_Desc_Element_Value
LegalCopyright
s~pTotalMatchesWWW
xMpSystemUpdateIDWd
PRVAX
@8~ u3H;
ATL$__a
CancelMibChangeNotify2
Method X_GetRemoteSharingStatusWWW
System.Search.EntryID IS NOT NULL AND System.Search.EntryID =
Property A_ARG_TYPE_BrowseFlag
</DIDL-Lite>
Malgun Gothic Semilight
,B>DY
rMSearchCriteriaWWd
container
H9_xt
f;D$0u{H
fD94Yu
t(D8A
zuWL9
@A_A^_[]
OPCOx
O88Y(t
@A]A\_^]
f9<Fu
9t$huQH
System.Video.EncodingBitrate
D;S8r
Ly^X`
H UVWATAUAVAWH
H;Q(tnH
@A_A^A]A\_^]
Search_Filter_Fields
L$0H3
SearchWW
AlwaysAllowMachineToSleep
' OR (System.Title IS NULL AND System.ItemNameDisplay LIKE '
%') OR (System.Media.SubTitle IS NULL AND System.Title IS NULL AND System.ItemNameDisplay LIKE '%
WHERE
audio/L16;
A;J@s1A
E;(uqL
HeapDestroy
{NpA_ARG_TYPE_CountWWWd
18,1C
fD9<Bu
dc:creator
xmlns:dlna="urn:schemas-dlna-org:metadata-1-0/"
.rdata$zzzdbg
9_8~1L
f94Au
t A8z
WAxK0i
AllowByDefault
WAVAWH
A__^
DpResultW
IsDeviceAuthorized
xGA;x
.rdata
realloc
System.Music.DisplayArtist
H;Q(r4H+Q(L
SELECT System.ItemNameDisplay FROM SystemIndex
D9k8u
??1type_info@@UEAA@XZ
IS NOT NULL AND
<width>120</width>
<modelURL>http://go.microsoft.com/fwlink/?LinkId=105926</modelURL>
RegDeleteKeyW
<service>
too many files open
A_A^_^[]
xsD9'v(
OpenSCManagerW
E9]0t4H;
|$0H;
NetShareGetInfo
Da6N^
System.Search.EntryID
D8r$t
y`L;yhr
Objwriter_Act_Write_Element
%UM;%
win:Error
0,2,9
wcsstr
Property SinkProtocolInfoW
no lock available
L$ WH
video/mp4
D$$I;
IcG$L
IsWow64Process
D8D$0u
res@sampleFrequency
WMP_On_Content_Prov_Added
x AWH
fD9,Au
pA_A^A]A\_^[
D$0D9h
rFill
fA9<@u
E@Lc@
taD8i
18,19
System.Video.TotalBitrate
D8s(u
M0H9NH
EL9FL
dc:date
WaitForSingleObject
install
RtlInitUnicodeString
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices
T$pA+
Callback_Get_Profile
address in use
dc:publisher
FROM SystemIndex
tVE8r
Property A_ARG_TYPE_DirectionW
&GetSearchCapabilitiesWWW
L9R t
Svc_Register_Device_Parse_Req
<url>Network Sharing\wmpnss_color120.png</url>
Microsoft-Windows-WMPNSS-Service/Operational
8}uo3
@A_A^]
RhpA_ARG_TYPE_BrowseFlagWWd
LiD$0
IsAlbumArt
;\$@s
0A^A]A\_^
PowerSetRequest
SELECT System.ItemNameDisplay, System.ItemUrl FROM SystemIndex WHERE System.Shell.SFGAOFlagsStrings = SOME ARRAY['stream'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['hidden'] AND System.Shell.OmitFromView != 'true' AND (System.ItemType = '.wpl' OR System.ItemType = '.m3u')
video/vnd.dlna.mpeg-tts
taD8y
SVWATAUAVAWH
owner dead
0A_A^A\
SOFTWARE\Policies\Microsoft\WindowsMediaPlayer
FindResourceExW
AND (System.Media.Year IS NOT NULL OR System.Media.Year IS NULL AND (CONTAINS(System.Kind, 'music')) AND System.DateModified IS NOT NULL OR System.RecordedTV.RecordingTime IS NOT NULL OR System.RecordedTV.OriginalBroadcastDate IS NOT NULL OR System.Photo.DateTaken IS NOT NULL OR System.RecordedTV.RecordingTime IS NULL AND System.RecordedTV.OriginalBroadcastDate IS NULL AND (CONTAINS(System.Kind, 'video') OR CONTAINS(System.Kind, 'recordedtv')) AND System.DateModified IS NOT NULL)
audio
t$8E3
network unreachable
ErrorCode2
SharedLibraryPath
SHGetKnownFolderPath
00-00-00-00-00-00
string
BXE9Cds
H9GXt
derivedfrom
System.Media.Producer
;|$Ps
Property A_ARG_TYPE_SortCriteriaWW
D:P(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;NS)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)
GetBestInterfaceEx
Callback_Id
memcpy
%') OR (System.Media.SubTitle IS NULL AND System.Title IS NULL AND NOT System.ItemNameDisplay LIKE '%
.idata$3
XA_A^A]A\_^[]
</service>
CPR_Get_Attrib
L$pA;
LcL$xE
WakeOnMagicPacket
invalid seek
xof;T$pthH
f9<Pu
A_ARG_TYPE_RegistrationRespMsgWW
.didat$5
+|$lD+
t3fD9:u
dc:contributor
PathRemoveExtensionW
H!|$8H
is a directory
' AND
WSALookupServiceEnd
object.container.person
SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo
(CONTAINS(System.Kind, 'video') AND System.Video.Compression IS NULL AND System.ItemType = '.3gp')
(D$pA
I;FPr
ew|>&=4_
TotalMatches
d([0-9])
w([a-zA-Z]+)
string too long
fE9)L
8IsAuthorized
SRMSECURITY
f94Ju
audio/L16;rate=44100;channels=%u
DeleteTimerQueueEx
RegGetKeySecurity
fD9;u
pA_ARG_TYPE_RcsIDWWW
LocalPort
A9Clt
pValidationSucceededUpdateID
@A_A^A]_^[]
no child process
t'E8b
movie
x(HcC
Hci 3
RMEClientEnumLibQuery
fD9$Zu
D8v$H
EXIcF H
(_^][
object.container.album.photoAlbum.dateTaken
t&f;G
__setusermatherr
A_ARG_TYPE_RegistrationReqMsgWWW
IsFunctionalDMR
UATAUAVAWH
Writer
HeapFree
invalid string position
UWATAUAVH
no message available
@A_A^A\_^
Property CurrentConnectionIDsW$
Malgun Gothic Bold
t&E8b
GetTickCount
fE9,Gu
^{[\+\-]?\d*}:{[0-5]\d}:{[0-5]\d}\.{\d+}/{\d+}$
uQf9_
video/mpeg
WMPPlayer-RMESecurityGroupAllowed
Microsoft YaHei UI Light
System.MIMEType = '
^[^\\\"]+
L$@E3
D$@D;
Objwriter_Write_Element
D$xL;
HcD$xH;
WTSFreeMemory
.CRT$XIY
fA;8u
res@bitrate
fA94Bu
L$@H3
pUpdateIDWWWd
IS NULL
tHfD9*u
fE9dE
t<8]Pt
D$XH;
Callback_End_Close
WEVT_TEMPLATE
<deviceType>urn:schemas-upnp-org:device:MediaServer:1</deviceType>
0,12,13
System.Copyright
RemoteCert
fE91L
E@-/%
DeviceAdded
UWAVH
MultiByteToWideChar
uhH9N
WMAPRO
State
A_A^A\
GetSecurityDescriptorSacl
@VWAVH
C<9F<u
System.ParentalRating IS NOT NULL
<serviceList>
connection_reset
E9]0unH
E;(sP
fA9<Iu
9_8~[Hc
https://+:10245/WMPNSSv4/
@childCount
<major>1</major>
x:L9?u
(CONTAINS(System.ContentType, 'video/') OR
res@protocolInfo
\$HD9k
UWAUAVAWH
uninstall
A_ARG_TYPE_DeviceIDW
fE9$Fu
J9n8uED9f
A_ARG_TYPE_BrowseFlagWWW
Q8J2,o
fD9<Yu
object.container.playlistContainer
UnregisterTraceGuids
@SVWAVAWH
8\$pt
Callback_End_Authorize
LIKE '%
+D$pD3
AND (System.ItemType = '.wpl' OR System.ItemType = '.m3u')
StartServiceCtrlDispatcherW
L$xL;
SHELL32.dll
GROUP ON %s AGGREGATE ChildCount() ORDER BY %s ASC OVER (SELECT %s FROM SystemIndex WHERE System.Shell.SFGAOFlagsStrings = SOME ARRAY['stream'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['hidden'] AND NOT System.Shell.SFGAOFlagsStrings = SOME ARRAY['link'] AND System.Shell.OmitFromView != 'true'
res@resolution
Execute_RefId_Exists
L9u0u
<dlna:X_DLNADOC xmlns:dlna="urn:schemas-dlna-org:device-1-0">DMS-1.50</dlna:X_DLNADOC>
TEMPl
GpRcsIDWW
t$hM;
pAuthorizationDeniedUpdateID
object@ID
VC1_ASF_AP_L2_WMA
t!D8{
pIdWd
9D$pu@
99999999
Property ValidationRevokedUpdateID
TimeContentRequestsBecameZero
w@H;s
@A^_]
WMPNetworkSvc
<width>32</width>
9|$@t=H9|$8t6H
<UpdateID %s>%u</UpdateID>
A^A\]
audio/L16;rate=44100;channels=4
_UpdateObject
MPEG4_P2_ASF_ASP_L4_SO_G726
\$HH;
f9,Gu
h([0-9a-fA-F])
t)E8b
9\$Pt
ApiSetQueryApiSetPresence
t4I;}
^{[\+\-]?\d*}:{[0-5]\d}:{[0-5]\d}\.{\d+}$
<remoteUrl>
TEMP|
fD94Ju
System.DRM.IsProtected = TRUE
System.Media.SubTitle IS NOT NULL AND NOT System.Media.SubTitle LIKE '%
%ls%u
Obj_Get_Element_Value_Ex
@SUVWATAVAWH
res@size
{BA7F258A-62F7-47a9-B21F-4651C42A000E}
WATAUAVAWH
VWATAUAVH
Create_Media_Server
)D$@H
GetCurrentConnectionIDsW
Results_Get_Count
System.ParentalRating
t+fA9)t(I
L$ UH
IsValidatedWX
recordedtv
D9d$@
t3fD;?u-
qvids
audio/L16;rate=44100;channels=1
A_A^A]A\_
|$ E3
.CRT$XCAA
\$@E3
t.fA91t.H
GetIpForwardTable
DevicesRemoved
t(fA9)t%I
\$ UH
t"D8a
\$lI;
AND (System.Music.AlbumTitle IS NOT NULL OR System.Media.SubTitle IS NOT NULL AND System.Title IS NOT NULL OR System.Keywords IS NOT NULL)
fA94Ju
ADVAPI32.dll
connection already in progress
t%A8Z
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\DeviceShims
L;I u
fA9)M
t8A8r
no message
10245
Search_Query_Content_Provider
uP;uXsI3
CreateThread
t5fA92u
.00cfg
fD9,Fu
_wcsicmp
MFCreateAsyncResult
FreeLibrary
System.Music.Conductor
@SUVWH
t)f;8t$I
<mimetype>image/jpeg</mimetype>
\Pictures.library-ms
D9t$hu#D9|$xt
t0fE9(u
fD93t
9Flu7
t;E8B
fD9<Cu
'R{=f
(System.Music.AlbumTitle IS NOT NULL AND System.Music.AlbumTitle LIKE '%
T$dE3
NewTagValue
UVWATAVH
ATAVAWH
BLA9Cls
H!T$8H
CompanyName
hgtlCm
f9,Zu
fB9<Iu
H!\$HA
@A_A^_
t%A8r
fD9$Hu
GetCurrentThreadId
(System.Media.Duration IS NOT NULL AND System.Media.Duration >= %I64d AND System.Media.Duration <= %I64d)
audio/l16
<serialNumber>
@UVWATAVH
manifestVersion="1.0">
Property AuthorizationDeniedUpdateIDWW$
DeviceCompatFlags
GROUP ON System.ContentType OVER (SELECT System.ContentType FROM SystemIndex
t&D9{
LsaDeregisterLogonProcess
BP9AXw
object.item
AlbumArtist
u HcA<H
@SVWATAUAVAWH
FreeAddrInfoW
BrowseMetadata
f94Zu
microsoft:authorWriter
(CONTAINS(System.Kind, 'video') AND NOT CONTAINS(System.Kind, 'movie') AND NOT CONTAINS(System.Kind, 'recordedtv') AND NOT CONTAINS(System.ContentType, 'audio/') AND NOT CONTAINS(System.ContentType, 'image/') AND (System.Media.ClassSecondaryID IS NULL OR System.Media.ClassSecondaryID = '{00000000-0000-0000-0000-000000000000}') AND NOT (CONTAINS(System.Kind, 'video') AND System.Video.Compression IS NULL AND System.ItemType = '.3gp'))
CONTAINS(System.Kind, 'music') AND
SELECT * FROM MSNdis_PMCapabilities
IsAllowed
D9mHu
calloc
@restricted
message_size
GetProcessHeap
t(D8i
{ AUAVAWH
Sleep
AliveDeviceCount
fE9<^u
(System.Music.AlbumTitle IS NOT NULL AND System.Music.AlbumTitle
Scope
dc:language
%s AND %s LIKE '%%%s%%'
pA_ARG_TYPE_AVTransportIDWWW
ContainerIDW
SetSecurityInfo
System.RecordedTV.OriginalBroadcastDate
@A_A^A]A\_
fD9<_u
3L$hA
z?801i:It6
L;v(t
<SCPDURL>Network Sharing\MediaReceiverRegistrar.xml</SCPDURL>
audio/l8
fB94Yu
t$ UWATAVAWH
<height>120</height>
E!4$M!7L
t+fD99t(H
</modelNumber>
ServerOrRenderer
D9l$Du
getnameinfo
+D$l3
L;D$HI
f9<Zu
value too large
oT$@f
\$0Hcs
t'D8y
L9sxv(L;sx
4L9'u
_wtol
PreventLibrarySharing
Results_Get_Item
8bt;H
t"A8Z
zJuHI
RegOpenKeyExW
Container@ChildCount
VWATAUAVAWH
0A_A^A]
E9fx~~I
network_unreachable
upnp:createClass
SortCapabilities
ReturnedCount
t/D;a
tKD9r
DeviceFunctionalCount
tmD8q
~ L;~(r
t/f9)u
I;@(t
uEf9_
CoUnmarshalInterface
H!\$pH
ContainerUpdateIDsWW
Callback_End_Url_Transform
_wcsnicmp
<m:%lsResponse xmlns:m="%ls:1">
thD8p
UnregisterWaitEx
fD9,Ju
R1000
PA_A^A]A\_^]
LockResource
AND
RtlIpv4StringToAddressExW
H9\$`
t#A8j
0A_A\_
SetSecurityDescriptorDacl
fA94Iu
l$ VWAVH
`A_A^A\_^[]
fE9,Iu
upnp:searchClass@includeDerived
\$@L;
?what@exception@@UEBAPEBDXZ
A^_^][
PropVariantToStringAlloc
res@colorDepth
KHH;K0
SortItemCount
fE94Au
Search.CollatorDSO.1
A_ARG_TYPE_FilterWWW
SetSecurityDescriptorOwner
A I;@(t
Not Sure What should go here or if we even need it.
tp@8q
L$ SUVWH
|$8E3
ResolveDelayLoadedAPI
SYSTEM\CurrentControlSet\Services\
M1000
fC9<Qu
PWg]#
Default
;Whuv
image/png
System.ItemUrl = '
fA9tE
Execute_RefId_Query
not supported
|$~fD
??0exception@@QEAA@AEBQEBD@Z
Property A_ARG_TYPE_TagValueListWW
dc:title
<r;L;
R$fA;Z*
D9|$pA
Browse_Query_Content_Provider
fD91H
fG9$qu2@
wcsrchr
object.item.audioItem.musicTrack
ttD9 uoD9`
D$\E3
WaitForMultipleObjects
t5fD9"u
A;J@v
UATAVH
8"tCfA
D$PE3
u"H;]
H;^PsH
L9f t
RemoteSharingEnabled
?t<D9~8
microsoft:year
thumbnail
.didat$7
D$xfB
9nXt@L
network_down
CoReleaseMarshalData
memmove
</security>
Method RegisterDeviceW
ErrorCode
t!D8i
fD94Fu
3L$pA
video/3gpp
fD9|$@u3
http-get
strchr
interrupted
A_A]_
@8y(t
\$pI;
FriendlyName
_callnewh
LsaFreeReturnBuffer
fD9*H
System.Audio.SampleSize
f94Bu
StringFromGUID2
audio/
__set_app_type
C@9F@u
Global\ad869ba1-7ad2-4712-a77e-a70ff958b125
Width
RMEClientID
</trustInfo>
U`HcEpHk
WpPeerConnectionIDWWW
wvsprintfA
(System.Media.Duration IS NULL OR System.Media.Duration < %I64d OR System.Media.Duration > %I64d)
formatID=%u,width=%u,height=%u
D$pD9`
UATAUAVAWI
TEMP
Filter_Addr_4
fA9<Du
HttpSetServiceConfiguration
</library>
]otLD
AND (
(System.Media.Duration IS NOT NULL AND System.Media.Duration > %I64d)
GetAce
040904B0
"D8v$t
%s >= '%d/01/01 00:00:00' AND %s <= '%d/12/31 23:59:59'
H951>
84vMf
t"E8b
WMP_On_Content_Prov_Removed
ModelNumber
SizeofResource
wcstol
wrong_protocol_type
^[=<>!]+
u#H91t
BXA9Cds
<manufacturer>Microsoft Corporation</manufacturer>
r\D9f8u
too many symbolic link levels
not enough memory
PA_A^A\_^][
lstrcmpiW
NotifyIpInterfaceChange
Objwriter_Write_Inner_Attrib
ROOT\WMI
HcA<H
Callback_End_Authenticate
.?AVbad_alloc@std@@
A_A^A]A\_^]
WMP_Browse
System.Media.ClassSecondaryID
fD9"H
D9|$@
{`fE;
LG LRM-519
u?f9_
processorArchitecture="X86"
PeekMessageW
A_A^]
MFCreateNetVRoot
JHcH<
SHLWAPI.dll
H9l$`t
L$pLc
GetComputerNameW
<requestedPrivileges>
filename_too_long
certpoleng.dll
t$ IcN
IMAGE_STATE_COMPLETE
Windows Media Player
|$pM;
WHERE System.Music.AlbumTitle = '
upnp:director
f;D$p
<depth>24</depth>
Generate_Res_Element
CreateTimerQueueTimer
T$Hf9
fA94Yu
D$XD9t$@u
@USVWAWH
D$2E3
(D$PA
K SUVWAVH
PROPSYS.dll
xmlns="urn:schemas-upnp-org:metadata-1-0/DIDL-Lite/"
D$`0u
9D$huAL
GetAclInformation
H+FpD9vLt
F0D9h
pSortCapabilitiesWWWd
operation_would_block
WideCharToMultiByte
RegQueryValueExW
User-Agent
@SVWH
VarFileInfo
VWAUAVAWH
TEMP4
LHcH<
_fmode
'pContainerUpdateIDsWd
WMC_On_Content_Prov_Removed
no such file or directory
Flush_Memory
D$&f9C
<serviceId>urn:upnp-org:serviceId:ContentDirectory</serviceId>
IdleSecondsUntilSleep
CreateStreamOnHGlobal
x D9f8u
VWAWH
AND NOT
^{\d\d\d\d}-{[01][0-9]}-{[0-3][0-9]}$
fA94I
^\d+[Xx]\d+$
System.Media.Year
video
_vsnwprintf
WMPNetwk.pdb
l$ VWATAUAVH
qWMV3
Objwriter_Write_Result
t%E8b
Results_Create_Browse_Metadata_Inst
_ui64tow_s
t-D8i
System.Media.Duration
object.container.person.movieActor
D9t$p
IsTranscode
^[\+\-][_A-Za-z@][_A-Za-z0-9:@\.\-]*(,[\+\-][_A-Za-z@][_A-Za-z0-9:@\.\-]*)*$
fE94Yu
fD98t
8\7\t4
t&D8I
Gd9FXtEA
System.Media.Publisher
transcoding
Property A_ARG_TYPE_ObjectIDWW
H;^Ps^
f94Xu
res@microsoft:codec
address family not supported
RegGetValueW
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Log
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Media Servers
\$xI;
t)E8j
USVWATAUAVH
L$PE3
BHA9Cxw'A
<height>48</height>
DLNA.ORG_CI=1
OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NOT NULL AND System.Title
stream timeout
System.Rating
>buyH
A^A]]
FormatMessageW
_wcstoui64
Obj_Get_Element_Attribute_Value
u"!D$ D
<security>
tBD8a
PA^A]_[]
D$XH9D$P
audio/mp4
t5A8r
CoUninitialize
res@dlna:ifoFileURI
<!-- Copyright (c) Microsoft Corporation -->
Microsoft Windows Media Player Network Sharing Service Content Directory Service LibraryWW
Method GetSystemUpdateIDWW
A_A^A]A\_
fA98L
Results_Pop_Sortmap
D$@fD
%ls:*:%ls:%ls
System.Music.Artist
H9S(u
t4f9:u
RefID
VC1_ASF_AP_L1_WMA
fE94Ju
AttributesWritten
sQPI[5T
DeleteCriticalSection
Playlists
RaiseException
FindFirstChangeNotificationW
object.container.storageFolder
E9Cdw
CancelIPChangeNotify
RtlCaptureContext
albumArt=true,
win:Info
System.Music.AlbumTitle
t?fE93u
fE91H
NETAPI32.dll
Objwriter_Get_Element_Attrib_Value
x ATAVAWH
io error
d|BNeU
upnp:class
D$@I;
H(M;}
pA_ARG_TYPE_FilterWWd
operation canceled
(L$`A
GetProtocolInfoW
RegisterDeviceWW
EqualSid
win:ResponseTime
fE94Cu
r/D9{
t.A8r
</icon>
SOME ARRAY['
SHH;S0
System.ItemUrl
WMVSPML_MP3
H;GHu
H9Y@u
http://
A^A]A\_^[]
%DLNAELEMENT%
HeapReAlloc
b5WMPNSSCDSWWW
GetLengthSid
L9} u8
uUE8o
application/octet-stream
%FRIENDLYNAME%
A_A^_
PathFindExtensionW
<NULL>
\$xt8H
%' OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NULL AND NOT CONTAINS(System.Keywords, '
upnp:seriesTitle
L9} u^
|$0D9o
L9} u
)t$PI
H9l$`
L9U0u_
A_A^A\
H!\$XA
xuD;v
H9\$P
dc:rights
8&t5fA
%s IS NULL
invalid_argument
L9#tUL
upnp:albumArtURI@dlna:profileID
PublishAllAlbumArts
fE9|}
Browse_Filter_Fields
t0fE92u
x AUAVAWH
x9H9w
Hcs A;
fB9,Wu
VUUUUUUUH
System.Title IS NOT NULL AND System.Title = '
@USVWATAVAWH
0,2,8
_strlwr_s
T$xA+
t5fE9*u
D;SHr
name="wmpnetwk"
D$p)Ex
AUTHZ.dll
^BNQ,^
WMPNSSv4
|$`A;
pA_ARG_TYPE_RegistrationRespMsgW
t E8j
B0I;@(u
TEMPL
WMVMED_BASE
9_8~0H
fF9<ru
Input
GetIpNetEntry2
t0fE9:u
t A8B
X(H9>u
__wgetmainargs
microsoft:userRating
Property A_ARG_TYPE_RcsIDW
H9>t(H
urn:schemas-microsoft-com:WMPNSS-1-0/
NotifyAddrChange
wvsprintfW
System.Search.EntryID IS NULL
u$L97t
t.f92u
9Y ~gH
MsgWaitForMultipleObjectsEx
H;Q(s
RtlLookupFunctionEntry
ChangeTimerQueueTimer
Query
GetTraceEnableFlags
L$xH;
\$0M;
fF9<Qu
RemoteAddress
QueryPerformanceCounter
SystemIndex
x.H;{
MPEG_PS_NTSC
Reason
https://+:10245/WMPNSSv4/LibraryInfo/
D9d$X
<Result %ls>
System.Video.FrameWidth
t A8r
t$A8Z
Aauds
EventWriteEx
msvcrt.dll
VY$[X
\$ UVWATAUAVAWH
StringFileInfo
RegNotifyChangeKeyValue
WakeOnMagicPacketEnabled
oD$ f
t$ WAVAWH
{DB9830BD-3AB3-4fab-8A37-1A995F7FF74B}
t%D8a
12.0.17763.1
0A_A^A]A\_
Microsoft YaHei UI
ole32.dll
%pA_ARG_TYPE_UpdateIDd
(H;QHs
AuthzFreeResourceManager
DeviceRemoved
t.fE99t+H
gxI3!'
t-fD9)t,H
Obj_Get_Search_Class_Element_Data
NetworkInterface
L;H u
s WATAUAVAWH
D9l$lv>M
F(D9h
already_connected
upnp:artist@role
UPnPClassToReturn
Vving1
@A_A^^
t6fE9
IcE$H
$>b~t
fD; E
7T})gW
@A_A^A]
.text$mn
9D$pu%9U
l$ VWAUAVAWH
PstGetUserNameForCertificate
broken pipe
GetSecurityDescriptorGroup
pAuthorizationGrantedUpdateIDWWW
System.Audio.Format
NOT_WRITABLE
L$hfD9 t
scope='file:
DeviceCountUpdate
BrowseSearchSizeOverride
IP Address
file:
_ultoa_s
SearchComplete
LookupAccountSidW
t%D8y
9D$puGL
pValidationRevokedUpdateIDWW
x ATAUAVH
u+L9?u
protocol error
t5fD9:u
L$pHc
LsaFreeMemory
0,3,D
RegisterServiceCtrlHandlerExW
BrowseChildren
t0LcG
uiAccess="false"/>
fB94Qu
f9<Cu
(t$PH
H!|$xH
Execute_Query
SUVWATAUAVAWH
Property ValidationSucceededUpdateIDWW"
BLA9Cl
text file busy
Property A_ARG_TYPE_AVTransportIDW
f;D$ht
<url>Network Sharing\wmpnss_color32.bmp</url>
@UWAVH
I;^`r
<TestData xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="bin.base64">
LsaOpenPolicy
GetAdaptersAddresses
f;D$Xu
EventWriteTransfer
hwp1p0
fD9,Cu
KEYWD
PNG_LRG
;pA_ARG_TYPE_SortCriteriad
t$@L!t$PH
Obj_Pop_Artist_Author
%MODELNUMBER%
<!-- Identify the application security requirements. -->
Object@restricted
L9d$`t
oL$0f
<requestedExecutionLevel
@A\_^
D8D$1
\$(H3
CONTAINS(System.Kind, 'video') AND
u\D9d$0vUH
NetworkGUID
t-f91t.I
L$`H3
L9U0uO
address_family_not_supported
</service>
fD9$Cu
WHERE
D$@E3
res@av:imageConvertMode
t"D9Y
Property AuthorizationGrantedUpdateIDW$
L$ VWATAUAWH
t%D8x
xDH;^(sSH
+D$PA+
A_A\]
OHcP<
<url>Network Sharing\wmpnss_color120.jpg</url>
<url>Network Sharing\wmpnss_color48.png</url>
xEfD9}
<?xml version="1.0"?>
.didat$6
preinstall
t(D8a
d$`H;
installwithfiles
H;Q(t H
@:{`txH
T$@D8l$Ct
formatID=%u,width=%u,height=%u,thumbnail=false,aspectRatio=%u:%u,rFill=%u,gFill=%u,bFill=%u
E0H!]
SubStatus
AuthzAccessCheck
RunServiceAtInstall
Callback_Get_Local_Path
timed out
@ H;C(u
CompareStringA
fD99H
8A^_^[
T$HL;
pProtocolInfoWWW
fD9,yu
HA_A^A]A\_^][
MFPutWorkItem
H;O`u
fD92H
t-fD;
Obj_Get_Search_Class_Element_Value
A^A\_^]
??1exception@@UEAA@XZ
<minor>0</minor>
Property A_ARG_TYPE_IndexW
@A_A^A\
directory='file:
GetSystemUpdateIDWWW
!D$pH
CoCreateGuid
permission denied
RequestedCountWW
t,D8A
fA99L
RtlVirtualUnwind
object.container.genre
text/xml ; charset="UTF-8"
Property A_ARG_TYPE_Filter
_wcmdln
) OR (System.Photo.DateTaken IS NOT NULL AND
|$ UH
fF9,Yu
GetModuleFileNameW
@SVWATAUAVAW
%s = %s
H;Q(t%H
??3@YAXPEAX@Z
pA_A^_^]
upnp:author@role
state not recoverable
@A^A]A\_^[]
IFOFile
+dBVY
audio/L16;rate=44100;channels=6
A_A^A]_^
</Result>
H97tBH
zt#=4
f;L$h
R_wHI
System
SELECT System.ItemType, System.ContentType, System.Kind, System.Media.ClassSecondaryID, System.Video.EncodingBitrate, System.Video.Compression, System.DRM.IsProtected FROM SystemIndex
(System.Rating >=
tR@8q
AuthzInitializeContextFromToken
LIUPnPService_MediaReceiverRegistrarW
' OR (System.Title IS NULL AND System.ItemNameDisplay NOT LIKE '
t!D8q
u>9]@t9A
<modelNumber>%MODELNUMBER%</modelNumber>
t&D8q
.CRT$XCA
w9X!P/
lstrcmpW
GetSecurityInfo
<modelName>%MODELNAME%</modelName>
t D8q
T$p;T$xr
Property A_ARG_TYPE_CountW
KERNEL32.dll
88tGf
A^A]A\_]
t7fD9
"A_ARG_TYPE_ProtocolInfoW
</microsoft:remoteUrl>
fE9*L
tM@8q
AuthzFreeContext
non-transcoding
FWph?r
UnhandledExceptionFilter
Search_Remote_Address
bin.base64
Performer
MFPlat.DLL
image/
microsoft:fileIdentifier
f9,Cu
FindResourceW
operation in progress
EventUnregister
t"D8p
xmlns:upnp="urn:schemas-upnp-org:metadata-1-0/upnp/"
audio/L8
ChangeCount
wcscpy_s
c([a-zA-Z])
JHA9Kxs
SetSecurityDescriptorControl
Property A_ARG_TYPE_RegistrationRespMsgWWW%
D$*f9C
t$D8i
@SUVWATAUAVAWH
t#D8a
</root>
Filter_Addr_1
uP9MX
t#D8A
upnp:programTitle
%ws:%u
object.container.genre.movieGenre
_wcslwr_s
f9<Yu
VS_VERSION_INFO
System.Language
System.Size
QueryServiceStatusEx
A_A]_^]
@A^A]_
x UATAUAVAWH
microsoft:serviceProvider
A_A^_^]
video/
filename too long
Handle_Network_Change
.CRT$XCZ
Property A_ARG_TYPE_SearchCriteria
TEMPP
MACAddress
<UDN>
^{[\+\-]?\d*}:{[0-5]\d}:{[0-5]\d}\.?$
f9,Bu
00:00:00'
fE9$Ju
Wh;WluJ9olu
WMVSPLL_BASE
ElementValue
@UWATAVAWH
|MpSortCapsWWWd
System.Video.Director
V0D9b
M9<$A
`A^_^[]
uRA9G
video/x-ms-asf
H9_Ht
Filter_Caller_IP_Address
too_many_files_open
t.fD9:u
ubM;}
System.Rating IS NOT NULL AND System.Rating < %u
10243
false
.data
CRYPT32.dll
.pA_ARG_TYPE_ConnectionIDW
A_A^A]A\_^][
fE9|E
Cleanup_Devices
Create_And_Register_Server
device or resource busy
Segoe UI SemiBold
93u*H
(CONTAINS(System.ContentType, 'image/') AND NOT
fE9<Yu
Property A_ARG_TYPE_ConnectionIDWW!
L$8H;
memset
IcF$H
[%hs]
D93|"H
AttributeValue
unknown error
</microsoft:remoteConfig>
iswdigit
fA94Au
result out of range
BX9Ad
9A98u6A9x
(System.Media.Duration IS NOT NULL AND System.Media.Duration >= %I64d)
t%@8q
t0fE9"u
\$ UVWAVAWH
GetProcAddress
<serviceId>urn:upnp-org:serviceId:ConnectionManager</serviceId>
l6s+o
</server>
Method GetSearchCapabilitiesWW
(System.Media.ClassSecondaryID = '{A9B87FC9-BD47-4bf0-AC4F-655B89F7D868}' OR CONTAINS(System.Kind, 'movie') AND NOT CONTAINS(System.Kind, 'recordedtv') AND NOT CONTAINS(System.ContentType, 'audio/') AND NOT CONTAINS(System.ContentType, 'image/') AND (System.Media.ClassSecondaryID IS NULL OR System.Media.ClassSecondaryID = '{00000000-0000-0000-0000-000000000000}'))
ProductName
%s = '%s'
wgpA_ARG_TYPE_DirectionWWW
9]t.D
</serialNumber>
L9c u~
PMCapabilitiesParam
9D$huE
Browse_Remote_Address
0123456789abcdef-]
t3fD92u
pDirectionWW
fE9<Fu
t%A8j
InternetSharingSecurityGroup
.idata$6
fD9$Ju
<controlURL></controlURL>
object.item.playlistItem
HomeUsers
t'f91t%I
;oxt9H
System.Media.SubTitle
DLNA.ORG_PS=
D$`E3
Dw=c:s
D$8L+
ItemsOnly
H9HXI
no such process
Invalid parameter passed to C runtime function.
SHCreateItemWithParent
t!D8p
<microsoft:errorDescription xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0/" %ls>%ls</microsoft:errorDescription>
picture
]PD9c
Element
@A_A^_^]
<SCPDURL>Network Sharing\ContentDirectory.xml</SCPDURL>
D$HE3
System.Music.TrackNumber
LsaConnectUntrusted
t.fD99t+I
AddAce
L$8D;oh
A_A^A\^]
Search_Setup
not_a_socket
bFill
fE91M
UnregisterPowerSettingNotification
0,3,C
ItemCount
0A^A]A\
bad_file_descriptor
q("[^"]*")|('[^']*')
PA^_^
t9fE91t6I
t$ UWAVH
I93tRH
t9@8q
FileVersion
$u:fD9y
ParentalRatingData
HeapSize
X_RemoteSharingEnabledWW
Method GetSortCapabilities
t!E8b
%kE1hp
Execute_ReturnAllChildren
fD9$Au
WTSAPI32.dll
|$hA;
System.Media.Year IS NULL
Method GetCurrentConnectionInfoWWW
strncmp
.?AVlength_error@std@@
SVWAVH
p AWH
doesNotContain
(System.Rating < %u OR System.Rating >= %u)
H9yxv&H;yxs8H
gFill
CL$HH
1'A_ARG_TYPE_ObjectIDW
rY&'K
Count
9\$PvpH
Value
t$ E3
Height
t.D8y
L+a(I
t,D8y
Property A_ARG_TYPE_UpdateIDWW
Original Lyricist
<onlineID>
fB9,Au
bad address
@W=7A=
L$XD9}
SELECT TOP 1 System.Author, System.Music.Artist, System.Music.Genre, System.Music.DisplayArtist, System.Music.Conductor, System.Media.Writer, System.Music.Composer FROM SystemIndex
GetProcessMitigationPolicy
fileInfo
fA9Z*v$A
A_A^_
UAVAWH
t+fE99t(H
t.fD9*u
memcpy_s
t2D8A
operation not permitted
RtlFreeUnicodeString
RemoteMACAddress
&IFOFile=true
Segoe UI Light
Address
USVWATAVAWH
Windows Media Player Network Sharing Service
G(H9x
t7A8r
Microsoft-Windows-WMPNSS-Service
G0D9p
L9d$`
f9\$H
CompareStringOrdinal
FileTimeToLocalFileTime
) OR (System.Media.Year IS NULL AND CONTAINS(System.ContentType, 'audio/') AND
0A_A^_^[
CoInitializeSecurity
A^A]A\
CONTAINS(
WAUAWH
E9G<uxH
UDNRenderersFunctionalCount
System.Media.DlnaProfileID
fE9<Hu
}1$_=C
xA_A^A]A\_^[]
System.DateModified
;aq1z
MPEG_PS_NTSC_XAC3
tSD8y
PA^A]A\_^[]
{E0236BEB-C281-4ede-A36D-7AF76A3D45B5}
ModelName
Callback_Begin_Select_Profile
SortCriteria
E89B8
MakeAbsoluteSD
<Unknown vt: %d>
D$PH;
FormatID
L$ VWAUAVAWH
CoTaskMemAlloc
Method GetCurrentConnectionIDs
@UVWATAUAVAWH
fE9+L
%s AND %s = '%s'
<NumberReturned %s>%u</NumberReturned>
t)D8Q
EventRegister
d$`I;
) OR (System.RecordedTV.OriginalBroadcastDate IS NOT NULL AND
L9~Ht
t8D8i
PropVariantClear
@UVWH
D9d$H
A_A^_^]
https
CoInitializeEx
System.Media.EpisodeNumber
GDI32.dll
WMVMED_FULL
tbD8y
</specVersion>
.?AVout_of_range@std@@
fA94Gu
[A_ARG_TYPE_ConnectionStatusW
Pku2u
D9|$p
HeapAlloc
A_A^A\_^
t"D8x
ServiceProvider
Container@Searchable
D$@D9p
@USVH
RegisterPowerSettingNotification
CONTAINS(System.Kind, 'recordedtv') AND
D$ f9
t!D8y
0A__^
destination address required
d$`A;
SVWAVAWH
IcG$I
!@#$%^&*()~`;:<>,./?[]{}\|
AllParentalRatings
Lct$pE
I9>uoL
t$A8r
.data$brc
file exists
L$pH3
f9,zu
pA_ARG_TYPE_DeviceID
%04u-%02u-%02u
@FirewallAPI.dll,-31252
H3E H3E
InternalName
type="win32"/>
D$0H!\$@H
strncpy_s
Objwriter_Get_Album_Art_Data
+D$p3
malloc
KHI;N
BLA9Clt
tsE;7wn
t D8i
NetGetJoinInformation
<url>Network Sharing\wmpnss_color48.jpg</url>
fE99L
H9sxt
fA90M
winmde.dll
@refID exists true
aSinkProtocolInfo
H;Q(t
ZeroStars
L$0D+
fD;|$P
<?xml version="1.0" ?><root xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:upnp="urn:schemas-upnp-org:metadata-1-0/upnp/" xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0/">
res@duration
t9fA91t8I
^[_A-Za-z@][A-Za-z0-9@:\-_\.]*
IsProcessorFeaturePresent
author
AUDIO
L9} uO
f;D$0u
xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"
.rsrc$02
Software\Microsoft\Windows NT\CurrentVersion\Winsat
SecondsToCacheFirewallStatus
EnableDlnaTags
IPHLPAPI.DLL
_unlock
iostream
res@bitsPerSample
Obj_Get_Element_Value
0A_A^A]H
fE9(H
"
wrong protocol type
t$HA;
DisplayName
en-US
<TotalMatches %s>%u</TotalMatches>
fE9<Iu
Property A_ARG_TYPE_ProtocolInfoWW
OLEAUT32.dll
Microsoft WM DRM
fC9<Au
CoSetProxyBlanket
Ih;JHs
.text$di
Objwriter_Write_Object
fA92M
D$X!|$PL
USVWAVAWH
t$f;X
%ls (%ls)
H;W(s
t'D8i
G D9@
fD9)H
VWATAVAWH
MulDiv
</requestedPrivileges>
SOFTWARE\Microsoft\Windows Media Player NSS\3.0
JPEG_SM
System.Kind
SkipFirewallCheckOnUPnPAction
bad message
UnregisterClassA
oYGetSortCapabilitiesW
|$`E3
exists
fD9&H
GetCurrentProcessId
s WATAVH
ClassName
9-u(H
L$XH3
pConnectionIDsWW
RegCreateKeyExW
ConvertStringSidToSidW
SetProcessWorkingSetSize
argument list too long
M0H9OH
t$pfD9
host unreachable
FilterItemCount
(H;Q(s
D$h;{
Create_Media_Devices
@UVWATAUH
9wx~+
t(A8B
{E3E689E2-BA8C-4330-96DF-A0EEEFFA6876}
(CONTAINS(System.ContentType, 'audio/') AND System.Media.Year IS NOT NULL AND
network_reset
DelayLoadFailureHook
object.container.album.videoAlbum
iostream stream error
d$(E3
item@refID
]HHcB L
\$H9s
LValidationRevokedUpdateIDWWW
t>@8q
</TestData>
DLNA.ORG_FLAGS=
x.fD;e
fE9$Iu
System.RecordedTV.ProgramDescription
CDS_Browse
upnp:storageUsed
BrowseType
pCurrentTagValueW
CharUpperW
D9t$huhD
f94yu
bad file descriptor
TzSpecificLocalTimeToSystemTime
">RegistrationReqMsgWW
WML11B
no such device or address
DLNA.ORG_PN=JPEG_TN
18,1A
18,1D
Browse
win:Warning
IUPnPService_ConnectionManagerWW
JPEG_TN
@USWH
H;P u
WMPNetwk.exe
uBE9G8u<M
CoTaskMemFree
fE9,Du
`A\_]
%MODELNAME%
L$ptCA
000000000000000000000000
pSinkWWW
AuthzInitializeResourceManager
Callback_Begin_Authorize
Browse_Write_Result
CreateTimerQueue
.CRT$XIZ
fA9L}
address_in_use
t*E8z
Browse_Filter_Endpoint
tJD9m
</iconList>
8L;I u
<assemblyIdentity version="11.0.0.6000"
D+D$lE3
upnp:author
pStatusWd
{A9B87FC9-BD47-4bf0-AC4F-655B89F7D868}
%ls%I64d:%02u:%02u.%03u
@USWAVAWH
D$x9x
D9f8u
!This program cannot be run in DOS mode.
image/x-container
Generate_Trans_Res_Element
upnp:actor
@A^_^
A_A^A]_^[]
d$(;G4uB9_4u
uKf9_
already connected
|$`I;
CreateServiceW
microsoft:folderPath
D$(f9C
D9d$xt.D9d$0t
(CONTAINS(System.Kind, 'picture') AND NOT CONTAINS(System.Kind, 'music') AND NOT CONTAINS(System.Kind, 'video') AND NOT CONTAINS(System.Kind, 'movie') AND NOT CONTAINS(System.Kind, 'recordedtv') AND NOT CONTAINS(System.ContentType, 'video/') AND NOT CONTAINS(System.ContentType, 'audio/') AND (System.Media.ClassSecondaryID IS NULL OR System.Media.ClassSecondaryID = '{00000000-0000-0000-0000-000000000000}'))
object.container.person.musicArtist
S-1-5-4
FindNextChangeNotification
fE9,Ju
A_A^A]A\_^[
Callback_Begin_Url_Transform
LcGh3
IPAddress
object.item.audioItem.audioBook
M2000
^[\+\-][_A-Za-z@][_A-Za-z0-9:@\.\-]*$
D$ht}3
@A^A\_
L$hD9#udE8&t
USER32.dll
upnp:actor@role
RegisterGPNotification
JPEG_MED
StartIndex
@ChildCount
OpenServiceW
x=fD9d$ H
USVATAUAVAWH
|$`H;
Create_Media_Devices_For_Factory
Yu Gothic UI Light
fD9,qu
Property A_ARG_TYPE_RegistrationReqMsg'
ResolveIpNetEntry2
D$XD9`
t0fA9
StrChrW
Lct$lE
^[_A-Za-z@][_A-Za-z0-9:@\.\-]*$
file too large
MFInvokeCallback
DeviceID
not a socket
t%D8q
object
HeapSetInformation
\$(E3
pA_ARG_TYPE_ProtocolInfo
Callback_Begin_Close
f9H\u
t+fD91t(H
EnterCriticalSection
.CRT$XCU
xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4"
RegDeleteKeyExW
\$ E3
t @8y
ConvertStringSecurityDescriptorToSecurityDescriptorW
XA_A^A]A\_^
0x%08x
Svc_Register_Device
EP-/%
_errno
t@fE9
<url>Network Sharing\wmpnss_color32.jpg</url>
}-D9@
L$`H;
D$HH!l$@L
fD;>u
ErrorCode1
CP_Execute_Query
</device>
pA_ARG_TYPE_ResultWWd
SELECT System.FileAttributes, System.ItemUrl, System.ItemNameDisplay
Property A_ARG_TYPE_ConnectionStatusWW%
f;D$ u'
uNE9G<uHE9G
l)-iIA
IdleSecondsUntilMemoryFlush
Search
t.fA9
tKH;^
aspectRatio
ProtocolInfoFields
8A_A^A]A\_^[]
9D$pu!D9m
`A_A^_^]
Svc_Register_Device_Create_Device_Reg
;EPu.I
GetCurrentProcess
fA9(M
8A_A^_^[]
ext-ms-win-casting-receiver-l1-1-1
t3fA9(u
(CONTAINS(System.Kind, 'music') AND NOT CONTAINS(System.Kind, 'video') AND NOT CONTAINS(System.Kind, 'movie') AND NOT CONTAINS(System.Kind, 'recordedtv') AND NOT CONTAINS(System.Kind, 'playlist') AND NOT CONTAINS(System.ContentType, 'video/') AND NOT CONTAINS(System.ContentType, 'image/') AND (System.Media.ClassSecondaryID IS NULL OR System.Media.ClassSecondaryID = '{00000000-0000-0000-0000-000000000000}'))
<UDN>uuid:32d0d20f-2613-46a1-add3-5198c3d6a24d</UDN>
uuid:32d0d20f-2613-46a1-add3-5198c3d6a24d
Leelawadee UI Semilight
OR System.Music.AlbumTitle IS NULL AND System.Media.SubTitle IS NULL AND System.Keywords
win:Stop
<Id %s>%u</Id>
GetXboxWirelessNetworkInterfaceIndex
CHI;}
H;x u
<height>32</height>
D$(0u
fD9t$`E
|$PH;|$Xr
K SWH
</remoteUrl>
http://+:10243/WMPNSSv4/%ls/
d$ E3
Objwriter_Write_Object_Attrib
t @8q
Method SearchW
pAVTransportIDWW
WMVHIGH_PRO
object.container.album
object@parentID
not a stream
LocalFree
uuid:
t0fE91u
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events
ObjectID
D$8E3
3pNumberReturnedW
object.item.imageItem.photo
L;A s
</assembly>
oartist
.didat$3
upnp:artist
WHERE
%d,%ws
fD9<Ju
12.0.17763.1 (WinBuild.160101.0800)
Translation
fE98L
tAE8r
t1f9*u
t5fA91u
A_A^A]A\_^]
C$9wDt
pSourceProtocolInfoW
A(D9X
widthAspect
b([ \t])
ATL$__z
fE90L
fE9$Gu
A(I;@(t
RtlInitString
S-1-5-80-2375682873-768044350-3534595160-1005545032-2873800392
System.Search.EntryID IS NOT NULL
L$hM;
operation_not_supported
MPEG_PS_PAL
D8l)0
strcpy_s
D9Gx~AA
8)u;3
D;sHu7O
??_V@YAXPEAX@Z
t9fD;#t3A
GetNamedSecurityInfoW
Callback_End_Select_Profile
microsoft:playOrder
RegisterTraceGuidsW
H;Ght
uWD9n
address_not_available
wcsncmp
x/fD;e
;oL}9D
v`HcVLI
%' OR (System.Media.SubTitle IS NULL AND System.Title IS NOT NULL AND System.Title LIKE '%
Rw:Hc
9L$hu'D9|$xt
ueD9c
fD9<Gu
L$0H;
UNKNOWN_SERVICE
ProductVersion
WinSta0
object.container.genre.musicGenre
\$hL9e
Secur32.dll
mediasrv
f94Cu
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State
fA9,Du
xOfD9e
CD9FD
tEL;I(u
WMVHIGH_FULL
.didat$4
DSM-320
9t$hH
__CxxFrameHandler3
(CONTAINS(System.ContentType, 'video/') AND NOT
ignored
TEMP<
connection_refused
IsValidSid
_onexit
t.fA99t.I
<root xmlns="urn:schemas-upnp-org:device-1-0">
?IFOFile=true
wpA_ARG_TYPE_SearchCriteriaWWd
` UAUAVH
LcC03
fD94ru
t @8i
D9D$4A
@A_A^A\_^[]
fD9:H
.CRT$XIAA
fD9<Au
NT AUTHORITY\NetworkService
LocalAddress
WMAFULL
D9|$pv>M
no_protocol_option
YUV420
t.fD9&t+H
1o?-XfF
A_A^A\_^[]
upnp:class@name
x_H;u
LsaClose
upnp:album
Windows
function not supported
System.Image.VerticalSize
tAA8B
H9HXH
iphlpapi.dll
NetEvent
D;wx|
D$0E3
D95:V
invalid argument
=L9o<
CustomFriendlyName
]HD9k
@searchable
OnlyItemsInSearchResults
Results_Create_Browse_Children_Inst
api-ms-win-core-apiquery-l1-1-0.dll
no such device
.idata$2
SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers
L$8E2
A;JPr
x AVH
fE;,$t
t.fE9 u
.CRT$XCL
Yu Gothic UI
PSGetPropertyKeyFromName
Browse_Setup
`A_A]A\_^[]
_ultow_s
illegal byte sequence
NHcH<
video/x-container
D$8L;
nameSpace="urn:schemas-microsoft-com:WMPNSS-1-0/" xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0/"
fE93M
object.item.audioItem
contains
I9<$u0
G`fD94Ht
E9/soH
fD94Cu
<serviceType>urn:schemas-upnp-org:service:ConnectionManager:1</serviceType>
object.item.videoItem.videoBroadcast
IsDeviceValidated
AuthorizationDeniedUpdateIDW
fC9,Qu
@USWAUAVH
@VWATAVAWH
.xdata
J5NewTagValueWd
.gfids
DefaultAuthorization
A9}8t
TotalResultLength
wXD9c
9D$hu!D9}
\Default
Segoe Pseudo
t5fE98u
BLA9C|
vHI9G
On_Resume
ComputerDisabledSharing
</onlineID>
??0exception@@QEAA@AEBV0@@Z
t0fD9:u
#vA_ARG_TYPE_SortCriteriaW
Operating System
t+fE91t(H
Obj_Get_Desc_Element_Data
Filter_Addr_2
%1!ls!: %2!ls!:
D;L$ls
t5@8q
f;D$(
L97u=H
@.didat
ext-ms-win-casting-receiver-l1-1-0.dll
IIDFromString
GetModuleHandleExW
FAILED
WMVMED_PRO
<modelNumber>
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body>
AllowOnlineID
_cexit
23:59:59')
InitPropVariantFromCLSID
audio/x-container
GetSecurityDescriptorOwner
EventData
<icon>
@VWAWH
fE9tE
Objwriter_Get_Element_Value_Ex
VG2/iI
video/x-ms-wmv
t%D8i
|$0E3
C 9F u&
Generate_Nontrans_Res_Element
<serviceId>urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar</serviceId>
<UI4: %d>
%04u-%02u-%02uT%02u:%02u:%02u
) OR (System.RecordedTV.OriginalBroadcastDate IS NULL AND System.RecordedTV.RecordingTime IS NULL AND (CONTAINS(System.Kind, 'video') OR CONTAINS(System.Kind, 'recordedtv')) AND
TEMP@
t$ WATAUAVAWH
AccessPrivateContent
GetLastError
@USVWATAUAVAWH
o L;o(r
UWAWH
H;Q(r9H+Q(L
\$@H;
res@nrAudioChannels
_commode
(System.Media.Duration IS NOT NULL AND System.Media.Duration < %I64d)
t3f9:u
image
_amsg_exit
D$Hf#
fD9$Gu
D$`Ic
p WATAUAVAWH
Callback_Begin_Authenticate
fA94Du
t-D8y
?terminate@@YAXXZ
_i64tow_s
DESC
AUAVAWH
fE9!L
RM4100
Search_Filter_Endpoint
System.ContentType
|$ UAVAWH
fD94Ku
ConvertSecurityDescriptorToStringSecurityDescriptorW
tDL;H
@A^A\_^]
fD94Hu
audio/x-ms-wma
Unknown
fD94Gu
CurrentTagValue
M0H9OP
L$ VH
A_A]A\
System.Media.ClassSecondaryID = '{D1607DBC-E323-4be2-86A1-48A42A28441E}'
StartServiceW
microsoft:userEffectiveRating
no_buffer_space
Filter_Addr_3
GetAddrInfoW
H;w sz
pA_A^A]A\_^]
DeleteService
upnp:genre
IsRemoteConnection
Initialize_Server
f;D$(u
<microsoft:remoteConfig xmlns:microsoft="urn:schemas-microsoft-com:WMPNSS-1-0/">
audio/mpeg
rtsp://+:8554/WMPNSSv4/%ls/
Software\Microsoft\MediaPlayer\Preferences\
Index
Leelawadee UI
H!\$8E3
u"H!G@H
A_A^A]A\]
A_A^A]_]
t+@8i
rtsp://+:554/WMPNSSv4/%ls/
CopySid
upnp:toc
`.rdata
f9<Bu
t&D8y
D9|$x
X_TestBandwidth
bWti^
L$0M;
D$@H;
RegQueryInfoKeyW
t,L9\
E89F8
RegCloseKey
GetFileAttributesExW
Property A_ARG_TYPE_DeviceIDWW&
</microsoft:remoteConnection>
0A_A^A\_]
Property SearchCapabilitiesWWW
fD9$^u
|$ UATAUAVAWH
!D$`L
A_ARG_TYPE_ConnectionManager
t@fA92u
IS NULL OR
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash |
|---|---|---|---|---|---|---|---|
| 0x140000000 | 0x000c33f0 | 0x00114f1a | 0x00114f1a | 10.0 | WMPNetwk.pdb | 2011-02-03 15:18:09 | 9578d5269e18d1c66d35812c80424cbc |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | Windows Media Player Network Sharing Service |
| FileVersion | 12.0.17763.1 (WinBuild.160101.0800) |
| InternalName | Windows Media Player Network Sharing Service |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | WMPNetwk.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 12.0.17763.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x000c7e8f | 0x000c8000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.50 |
| .rdata | 0x000c8400 | 0x000c9000 | 0x0002b97c | 0x0002ba00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.97 |
| .data | 0x000f3e00 | 0x000f5000 | 0x00005d00 | 0x00003a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.23 |
| .pdata | 0x000f7800 | 0x000fb000 | 0x000054fc | 0x00005600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.89 |
| .didat | 0x000fce00 | 0x00101000 | 0x00000158 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.16 |
| .rsrc | 0x000fd000 | 0x00102000 | 0x00011e70 | 0x00012000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.20 |
| .reloc | 0x0010f000 | 0x00114000 | 0x00000ec8 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.31 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| MUI | 0x00113d68 | 0x00000108 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.86 | None |
| TYPELIB | 0x00111750 | 0x00002618 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.98 | None |
| WEVT_TEMPLATE | 0x001028d0 | 0x0000e0f2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.77 | None |
| RT_VERSION | 0x001024c0 | 0x00000410 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_MANIFEST | 0x00102200 | 0x000002ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.94 | None |
| None | 0x001109c8 | 0x00000d88 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.84 | None |
Imports
| Name | Address |
|---|---|
| _ui64tow_s | 0x1400cc598 |
| _ltow_s | 0x1400cc5a0 |
| _i64tow_s | 0x1400cc5a8 |
| _CxxThrowException | 0x1400cc5b0 |
| memcpy | 0x1400cc5b8 |
| exit | 0x1400cc5c0 |
| _exit | 0x1400cc5c8 |
| _cexit | 0x1400cc5d0 |
| _initterm | 0x1400cc5d8 |
| __setusermatherr | 0x1400cc5e0 |
| memmove | 0x1400cc5e8 |
| wcsrchr | 0x1400cc5f0 |
| strchr | 0x1400cc5f8 |
| memset | 0x1400cc600 |
| ?what@exception@@UEBAPEBDXZ | 0x1400cc608 |
| ceil | 0x1400cc610 |
| ??1type_info@@UEAA@XZ | 0x1400cc618 |
| realloc | 0x1400cc620 |
| _onexit | 0x1400cc628 |
| __dllonexit | 0x1400cc630 |
| _amsg_exit | 0x1400cc638 |
| __wgetmainargs | 0x1400cc640 |
| __set_app_type | 0x1400cc648 |
| floor | 0x1400cc650 |
| _unlock | 0x1400cc658 |
| _lock | 0x1400cc660 |
| ?terminate@@YAXXZ | 0x1400cc668 |
| _commode | 0x1400cc670 |
| _fmode | 0x1400cc678 |
| _wcmdln | 0x1400cc680 |
| memcmp | 0x1400cc688 |
| ??0exception@@QEAA@AEBV0@@Z | 0x1400cc690 |
| ??0exception@@QEAA@AEBQEBDH@Z | 0x1400cc698 |
| ??0exception@@QEAA@AEBQEBD@Z | 0x1400cc6a0 |
| _callnewh | 0x1400cc6a8 |
| strncpy_s | 0x1400cc6b0 |
| strcpy_s | 0x1400cc6b8 |
| wcschr | 0x1400cc6c0 |
| _strlwr_s | 0x1400cc6c8 |
| strncmp | 0x1400cc6d0 |
| _ultoa_s | 0x1400cc6d8 |
| _ultow_s | 0x1400cc6e0 |
| _wtol | 0x1400cc6e8 |
| _wtoi | 0x1400cc6f0 |
| qsort_s | 0x1400cc6f8 |
| _wcsicmp | 0x1400cc700 |
| _vsnwprintf | 0x1400cc708 |
| swscanf | 0x1400cc710 |
| wcsstr | 0x1400cc718 |
| wcstol | 0x1400cc720 |
| _wcslwr_s | 0x1400cc728 |
| _wcsnicmp | 0x1400cc730 |
| wcsncmp | 0x1400cc738 |
| iswdigit | 0x1400cc740 |
| towupper | 0x1400cc748 |
| _wcstoui64 | 0x1400cc750 |
| wcstoul | 0x1400cc758 |
| _errno | 0x1400cc760 |
| _purecall | 0x1400cc768 |
| calloc | 0x1400cc770 |
| malloc | 0x1400cc778 |
| wcscpy_s | 0x1400cc780 |
| free | 0x1400cc788 |
| _wputenv | 0x1400cc790 |
| memmove_s | 0x1400cc798 |
| memcpy_s | 0x1400cc7a0 |
| __C_specific_handler | 0x1400cc7a8 |
| ??_V@YAXPEAX@Z | 0x1400cc7b0 |
| __CxxFrameHandler3 | 0x1400cc7b8 |
| ??3@YAXPEAX@Z | 0x1400cc7c0 |
| ??1exception@@UEAA@XZ | 0x1400cc7c8 |
| _XcptFilter | 0x1400cc7d0 |
| wcscmp | 0x1400cc7d8 |
| Name | Address |
|---|---|
| CharUpperW | 0x1400cc4d0 |
| wvsprintfW | 0x1400cc4d8 |
| RegisterPowerSettingNotification | 0x1400cc4e0 |
| UnregisterPowerSettingNotification | 0x1400cc4e8 |
| PeekMessageW | 0x1400cc4f0 |
| DispatchMessageW | 0x1400cc4f8 |
| MsgWaitForMultipleObjectsEx | 0x1400cc500 |
| CharUpperBuffW | 0x1400cc508 |
| wvsprintfA | 0x1400cc510 |
| UnregisterClassA | 0x1400cc518 |
| Name | Address |
|---|---|
| UnRegisterTypeLib | 0x1400cc388 |
| SysAllocStringLen | 0x1400cc390 |
| VariantClear | 0x1400cc398 |
| SafeArrayDestroy | 0x1400cc3a0 |
| SysStringLen | 0x1400cc3a8 |
| LoadRegTypeLib | 0x1400cc3b0 |
| RegisterTypeLib | 0x1400cc3b8 |
| LoadTypeLib | 0x1400cc3c0 |
| VarBstrCmp | 0x1400cc3c8 |
| VariantChangeTypeEx | 0x1400cc3d0 |
| VariantInit | 0x1400cc3d8 |
| SystemTimeToVariantTime | 0x1400cc3e0 |
| VariantTimeToSystemTime | 0x1400cc3e8 |
| SafeArrayUnlock | 0x1400cc3f0 |
| SafeArrayPtrOfIndex | 0x1400cc3f8 |
| SafeArrayLock | 0x1400cc400 |
| SetErrorInfo | 0x1400cc408 |
| CreateErrorInfo | 0x1400cc410 |
| SafeArrayCopy | 0x1400cc418 |
| SysAllocString | 0x1400cc420 |
| SysFreeString | 0x1400cc428 |
| SafeArrayCreate | 0x1400cc430 |
| Name | Address |
|---|---|
| CoSetProxyBlanket | 0x1400cc838 |
| StringFromGUID2 | 0x1400cc840 |
| IIDFromString | 0x1400cc848 |
| CLSIDFromProgID | 0x1400cc850 |
| CoTaskMemAlloc | 0x1400cc858 |
| CoTaskMemFree | 0x1400cc860 |
| CoUnmarshalInterface | 0x1400cc868 |
| CoReleaseMarshalData | 0x1400cc870 |
| CoMarshalInterface | 0x1400cc878 |
| CreateStreamOnHGlobal | 0x1400cc880 |
| PropVariantClear | 0x1400cc888 |
| CoInitializeSecurity | 0x1400cc890 |
| CoInitializeEx | 0x1400cc898 |
| CoUninitialize | 0x1400cc8a0 |
| CoCreateInstance | 0x1400cc8a8 |
| CoCreateGuid | 0x1400cc8b0 |
| Name | Address |
|---|---|
| WSAGetLastError | 0x1400cc540 |
| inet_ntoa | 0x1400cc548 |
| ntohs | 0x1400cc550 |
| htons | 0x1400cc558 |
| Name | Address |
|---|---|
| SHCreateItemWithParent | 0x1400cc470 |
| SHGetKnownFolderPath | 0x1400cc478 |
| SHCreateItemFromParsingName | 0x1400cc480 |
| Name | Address |
|---|---|
| SendARP | 0x1400cc048 |
| GetIpNetEntry2 | 0x1400cc050 |
| GetIpForwardTable | 0x1400cc058 |
| NotifyAddrChange | 0x1400cc060 |
| GetIpAddrTable | 0x1400cc068 |
| GetBestInterfaceEx | 0x1400cc070 |
| GetAdaptersAddresses | 0x1400cc078 |
| NotifyIpInterfaceChange | 0x1400cc080 |
| CancelIPChangeNotify | 0x1400cc088 |
| ResolveIpNetEntry2 | 0x1400cc090 |
| CancelMibChangeNotify2 | 0x1400cc098 |
| Name | Address |
|---|---|
| StrChrW | 0x1400cc490 |
| PathCreateFromUrlW | 0x1400cc498 |
| PathFindExtensionW | 0x1400cc4a0 |
| PathRemoveExtensionW | 0x1400cc4b8 |
| PathFindFileNameW | 0x1400cc4c0 |
| Name | Address |
|---|---|
| RtlLookupFunctionEntry | 0x1400cc7e8 |
| RtlCaptureContext | 0x1400cc7f0 |
| RtlFreeUnicodeString | 0x1400cc7f8 |
| RtlVirtualUnwind | 0x1400cc800 |
| RtlInitString | 0x1400cc808 |
| RtlInitUnicodeString | 0x1400cc810 |
| RtlNtStatusToDosError | 0x1400cc818 |
| RtlIpv4StringToAddressExW | 0x1400cc820 |
| NtAllocateLocallyUniqueId | 0x1400cc828 |
| Name | Address |
|---|---|
| UnregisterGPNotification | 0x1400cc528 |
| RegisterGPNotification | 0x1400cc530 |
| Name | Address |
|---|---|
| NetApiBufferFree | 0x1400cc368 |
| NetGetJoinInformation | 0x1400cc370 |
| NetShareGetInfo | 0x1400cc378 |
| Name | Address |
|---|---|
| WTSEnumerateSessionsW | 0x1400cc568 |
| WTSQuerySessionInformationW | 0x1400cc570 |
| WTSFreeMemory | 0x1400cc578 |
| Name | Address |
|---|---|
| InitPropVariantFromCLSID | 0x1400cc440 |
| PSGetPropertyKeyFromName | 0x1400cc448 |
| PSGetPropertyDescriptionByName | 0x1400cc450 |
| PropVariantToString | 0x1400cc458 |
| PropVariantToStringAlloc | 0x1400cc460 |
| Name | Address |
|---|---|
| DeleteObject | 0x1400cc038 |
| Name | Address |
|---|---|
| ApiSetQueryApiSetPresence | 0x1400cc588 |
Usage
Processing ( 11.88 seconds )
- 10.949 ProcessMemory
- 0.902 CAPE
- 0.018 BehaviorAnalysis
- 0.007 AnalysisInfo
- 0.001 Debug
Signatures ( 0.07 seconds )
- 0.011 ransomware_files
- 0.008 ransomware_extensions
- 0.006 antianalysis_detectfile
- 0.006 antiav_detectreg
- 0.003 infostealer_ftp
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 uac_bypass_cmstpcom
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 persistence_shim_database
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.007 CAPASummary
- 0.002 JsonDump
Signatures
The PE file contains a PDB path
pdbpath: WMPNetwk.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
Possible date expiration check, exits too soon after checking local time
process: wmpnetwk.exe, PID 6612
The binary contains an unknown PE section name indicative of packing
unknown section: {'name': '.didat', 'raw_address': '0x000fce00', 'virtual_address': '0x00101000', 'virtual_size': '0x00000158', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '2.16'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 6612 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\Globalization\Sorting\sortdefault.nls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilMemoryFlush
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\SecondsToCacheFirewallStatus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Microsoft\Multimedia\WMPlayer\Extensions\
HKEY_CLASSES_ROOT\.3g2
HKEY_CURRENT_USER\Software\Classes\.3g2\Content Type
HKEY_CLASSES_ROOT\.3gp
HKEY_CURRENT_USER\Software\Classes\.3gp\Content Type
HKEY_CLASSES_ROOT\.3gp2
HKEY_CURRENT_USER\Software\Classes\.3gp2\Content Type
HKEY_CLASSES_ROOT\.3gpp
HKEY_CURRENT_USER\Software\Classes\.3gpp\Content Type
HKEY_CLASSES_ROOT\.aac
HKEY_CURRENT_USER\Software\Classes\.aac\Content Type
HKEY_CLASSES_ROOT\.adt
HKEY_CURRENT_USER\Software\Classes\.adt\Content Type
HKEY_CLASSES_ROOT\.adts
HKEY_CURRENT_USER\Software\Classes\.adts\Content Type
HKEY_CLASSES_ROOT\.aif
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aif\Content Type
HKEY_CLASSES_ROOT\.aifc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\Content Type
HKEY_CLASSES_ROOT\.aiff
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aiff\Content Type
HKEY_CLASSES_ROOT\.asf
HKEY_CURRENT_USER\Software\Classes\.asf\Content Type
HKEY_CLASSES_ROOT\.asx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asx\Content Type
HKEY_CLASSES_ROOT\.au
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\Content Type
HKEY_CLASSES_ROOT\.avi
HKEY_CURRENT_USER\Software\Classes\.avi\Content Type
HKEY_CLASSES_ROOT\.bmp
HKEY_CURRENT_USER\Software\Classes\.bmp\Content Type
HKEY_CLASSES_ROOT\.cda
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\Content Type
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc\Alias
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilMemoryFlush
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\SecondsToCacheFirewallStatus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Microsoft\Multimedia\WMPlayer\Extensions\
HKEY_CLASSES_ROOT\.3g2
HKEY_CURRENT_USER\Software\Classes\.3g2\Content Type
HKEY_CLASSES_ROOT\.3gp
HKEY_CURRENT_USER\Software\Classes\.3gp\Content Type
HKEY_CLASSES_ROOT\.3gp2
HKEY_CURRENT_USER\Software\Classes\.3gp2\Content Type
HKEY_CLASSES_ROOT\.3gpp
HKEY_CURRENT_USER\Software\Classes\.3gpp\Content Type
HKEY_CLASSES_ROOT\.aac
HKEY_CURRENT_USER\Software\Classes\.aac\Content Type
HKEY_CLASSES_ROOT\.adt
HKEY_CURRENT_USER\Software\Classes\.adt\Content Type
HKEY_CLASSES_ROOT\.adts
HKEY_CURRENT_USER\Software\Classes\.adts\Content Type
HKEY_CLASSES_ROOT\.aif
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aif\Content Type
HKEY_CLASSES_ROOT\.aifc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\Content Type
HKEY_CLASSES_ROOT\.aiff
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aiff\Content Type
HKEY_CLASSES_ROOT\.asf
HKEY_CURRENT_USER\Software\Classes\.asf\Content Type
HKEY_CLASSES_ROOT\.asx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asx\Content Type
HKEY_CLASSES_ROOT\.au
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\Content Type
HKEY_CLASSES_ROOT\.avi
HKEY_CURRENT_USER\Software\Classes\.avi\Content Type
HKEY_CLASSES_ROOT\.bmp
HKEY_CURRENT_USER\Software\Classes\.bmp\Content Type
HKEY_CLASSES_ROOT\.cda
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\Content Type
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc\Alias
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilMemoryFlush
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\SecondsToCacheFirewallStatus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_CURRENT_USER\Software\Classes\.3g2\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gp\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gp2\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gpp\Content Type
HKEY_CURRENT_USER\Software\Classes\.aac\Content Type
HKEY_CURRENT_USER\Software\Classes\.adt\Content Type
HKEY_CURRENT_USER\Software\Classes\.adts\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aif\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aiff\Content Type
HKEY_CURRENT_USER\Software\Classes\.asf\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asx\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\Content Type
HKEY_CURRENT_USER\Software\Classes\.avi\Content Type
HKEY_CURRENT_USER\Software\Classes\.bmp\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\Content Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc\Alias
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\IdleSecondsUntilMemoryFlush
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\SecondsToCacheFirewallStatus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_CURRENT_USER\Software\Classes\.3g2\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gp\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gp2\Content Type
HKEY_CURRENT_USER\Software\Classes\.3gpp\Content Type
HKEY_CURRENT_USER\Software\Classes\.aac\Content Type
HKEY_CURRENT_USER\Software\Classes\.adt\Content Type
HKEY_CURRENT_USER\Software\Classes\.adts\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aif\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aiff\Content Type
HKEY_CURRENT_USER\Software\Classes\.asf\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asx\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\Content Type
HKEY_CURRENT_USER\Software\Classes\.avi\Content Type
HKEY_CURRENT_USER\Software\Classes\.bmp\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\Content Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc\Alias
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.