Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-12 23:56:16 | 2025-06-13 00:27:01 | 1845 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:14,912 [root] INFO: Date set to: 20250612T19:03:28, timeout set to: 1800 2025-06-12 20:03:28,444 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-12 20:03:28,444 [root] DEBUG: Storing results at: C:\aHAFZHloeD 2025-06-12 20:03:28,444 [root] DEBUG: Pipe server name: \\.\PIPE\oRAVqRH 2025-06-12 20:03:28,444 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-12 20:03:28,444 [root] INFO: analysis running as an admin 2025-06-12 20:03:28,460 [root] INFO: analysis package specified: "exe" 2025-06-12 20:03:28,460 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-12 20:03:29,209 [root] DEBUG: imported analysis package "exe" 2025-06-12 20:03:29,209 [root] DEBUG: initializing analysis package "exe"... 2025-06-12 20:03:29,225 [lib.common.common] INFO: wrapping 2025-06-12 20:03:29,225 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-12 20:03:29,225 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\diskraid.exe 2025-06-12 20:03:29,225 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-12 20:03:29,225 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-12 20:03:29,225 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-12 20:03:29,225 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-12 20:03:29,381 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-12 20:03:29,397 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-12 20:03:29,444 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-12 20:03:29,444 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-12 20:03:29,553 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-12 20:03:29,553 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-12 20:03:29,553 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-12 20:03:29,553 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-12 20:03:29,569 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-12 20:03:29,569 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-12 20:03:29,569 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-12 20:03:29,569 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-12 20:03:29,569 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-12 20:03:29,569 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-12 20:03:29,569 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-12 20:03:29,569 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-12 20:03:29,569 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-12 20:03:29,569 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-12 20:03:29,772 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-12 20:03:29,772 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-12 20:03:29,772 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-12 20:03:29,772 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-12 20:03:29,772 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-12 20:03:29,772 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-12 20:03:29,772 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-12 20:03:29,772 [modules.auxiliary.disguise] INFO: Disguising GUID to 6d0c1b57-702f-40e9-8290-d49a32d103d1 2025-06-12 20:03:29,772 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-12 20:03:29,772 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-12 20:03:29,772 [root] DEBUG: attempting to configure 'Human' from data 2025-06-12 20:03:29,772 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-12 20:03:29,772 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-12 20:03:29,772 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-12 20:03:29,772 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-12 20:03:29,772 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-12 20:03:29,772 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-12 20:03:29,772 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-12 20:03:29,772 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-12 20:03:29,772 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-12 20:03:29,772 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-12 20:03:29,772 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-12 20:03:29,772 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-12 20:03:29,772 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-12 20:03:29,772 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-12 20:03:29,803 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-12 20:03:29,803 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-12 20:03:29,819 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\HlDAOuyZ.dll, loader C:\tmp_gell1p8\bin\FUhIHDOo.exe 2025-06-12 20:03:29,866 [root] DEBUG: Loader: IAT patching disabled. 2025-06-12 20:03:29,866 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\HlDAOuyZ.dll. 2025-06-12 20:03:29,897 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-12 20:03:29,897 [root] INFO: Disabling sleep skipping. 2025-06-12 20:03:29,897 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-12 20:03:29,897 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-12 20:03:29,897 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-12 20:03:29,897 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-12 20:03:29,897 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-12 20:03:29,913 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-12 20:03:29,913 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-12 20:03:29,928 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-12 20:03:29,928 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 4404, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000 2025-06-12 20:03:29,928 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-12 20:03:29,928 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-12 20:03:29,928 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-12 20:03:29,928 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\HlDAOuyZ.dll. 2025-06-12 20:03:29,944 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-12 20:03:29,944 [r <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-12 23:56:16 | 2025-06-13 00:26:41 | none |
File Details
| File Name |
diskraid.exe
|
|---|---|
| File Type | PE32+ executable (console) x86-64, for MS Windows |
| File Size | 337920 bytes |
| MD5 | e7de148c2d2b431c2069874c766f68eb |
| SHA1 | 61e2ef5743a912f57ff41e983e1bfde8a82d0dc2 |
| SHA256 | 7d4c3d063e8da3250b94a3c81edad89ed3ac218228ea177c3576590a42d027b6 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 5356c86a1054ffb9faa30fd2394dc449ec6362b674db7107a860b6d67244419a6f78c98586d8c70e6b6c5046dd90f193 |
| CRC32 | 37F2B453 |
| TLSH | T1A574184003AA13FDFEBE51B4845EA52BEF313909D3397DA79DA109498B333D1E879249 |
| Ssdeep | 6144:39KZruydrGIPoaP1SLkWPEiBEo4SPujg:39K0ydKadPoEj |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
D$ O$
ReenumerateDrives
L!l$X
@.data
GetDwordFromString for subsystem index
ExecuteCommand
TPORTAL= specified multiple times
TPORTALS
Unrecognised argument [%ws]: expected <none>, SET, CLEAR or APPLY
RAID30
pSelectedPort->GetProperties
DrpGetDriveProperties
No initiator adapter selected
t$hH;
GetDwordFromString to get LUN index
u*9Q<|%
pPortUnk->QueryInterface IID_IVdsControllerPort
Errant provider--path does not have corresponding path policy
DISSOCIATE
DrpInitialize
%s%04dL%02d %-20.20s: 0x%08x LEAVE
pPort->GetController
CommandHelp
LunMaintenanceOp
X UVWATAUAVAWH
pSelectedLun->QueryActiveControllers
AddObjectPropertyToList
SetSelectedStoragePool(-1)
fD9$Bu
Controller port is not associated with the lun
pUnknown->QueryInterface IID_IVdsIscsiPortal
</security>
DrpAddPathInfoToList
DetailPortListPaths
Changing target selection from %d to %d
DrpGetInputLoginType
L9l$XuL
PrintMessageWithArguments(MSG_INFO_LIST_PATH_FC_LINE_NEXT)
VWAVH
tNL9e
CloseDebugLogFile
udD9;u
\$pA;
%d argument(s) parsed:
pSelectedLun->QueryInterface IID_IVdsLunControllerPorts
Microsoft Corporation
pNewAdapterNode->pVdsIAdapter->QueryInitiatorPortals
D9d$P|
D$ !u
pService->QueryInterface IID_IVdsServiceUninstallDisk
_XcptFilter
Errors encountered; exiting from script mode
USVWATAUAVAWH
SUBSETROUNDROBIN
PrintMessage(MSG_INFO_NO_SELECTED_PORT)
D9l$P|D
D$TfD
pEnumControllers->Next
TPortal
Could not convert secret
WS2_32.dll
LUN not found in the cache
pTPGroup->GetTarget
SELECT
SetSelectedLun(-1)
User Entry:[%ws] matches Table Entry:[%ws] Exact:%d
_initterm
OFFLINE
%s%04dL%02d %-20.20s: 0x%08x Login type [%ws] is not recognised
.idata$5
H9} L
twH9~
version="5.1.0.0"
DetailTarget
LOGOUT
D9}ov
ROUNDROBIN
pSubsystemUnk->QueryInterface IID_IVdsSubSystem
The provider doesn't support LUN number
Name too long
NameSubsystem
No controller selected
DetailLunListAssociatedPorts
.pdata
INITIATOR must be specified
Microsoft
COUNT
D$ /#
UNINSTALL
pVdsIAdapter->LogoutFromTarget
%s%04dL%02d %-20.20s: 0x%08x pVdsProvider->GetProperties, Provider Index: %d
AddObjectPropertyToList2
pSelectedDrive->QueryInterface IID_IVdsMaintenance
fD9,Hu
CreateLun
%s%04dL%02d %-20.20s: 0x%08x dwIndex=%d
%s%04dL%02d %-20.20s: 0x%08x pStoragePool=%p
;\$lA
GetPortAtIndex
%s%04dL%02d %-20.20s: 0x%08x pDrState=%p
H9t$puL
SUBSYSTEM
DisplayAutomagicFlags
REFRESH
MSE specified more than once
GetBusTypeDisplayString
Command implementation
pSelectedLun->QueryInterface IID_IVdsLunIscsi
%s%04dL%02d %-20.20s: 0x%08x pSelectedDrive->ClearFlags(0x%08x)
_exit
DetailDriveListAssociatedLuns
InitialiseSubsystems
%s%04dL%02d %-20.20s: 0x%08x Argument [%ws] is invalid
GetDwordFromString for new target portal index
IMPORTTARGET
REPLACE
%s%04dL%02d %-20.20s: 0x%08x pHardwareProvider->Refresh, Provider Index: %d
Second argument must be TPORTAL=, 1
H!t$`
LEASTBLOCKS
MIRROR
Either SIZE or the DRIVES or the POOL parameter must be present
DrpGetIndexForPath
pSubsystem2->GetProperties2
uaD93u
GetInputChapType
ChangeLunPortAssociations
debuglevel
%s%04dL%02d %-20.20s: 0x%08x pSelectedController->SetControllerStatus(%d)
FindIndexForIAdapter
CoCreateInstance
Invalid path ID in PATHS argument
t$ UWAUH
D$ !}
uc9>u
9X(tB
First argument must be DRIVE
ListLunLineLunNumber
fD9<Vu
The LUN number passed in was not found
DrpAddObjectPropertyToList
SelectIPortal
pLun->GetProperties
DetailHbaPort
pTPGroup->GetProperties
pEnumPorts->Next
Unable to allocate controller ID array
Controller
SetSelectedTPGroup
PrintMessageWithArguments(MSG_INFO_LIST_LUN_LINE_2)
No target portal selected
Mismatched inactive port count
pLun->QueryInterface IID_IVdsLunControllerPorts
SetHbaPortAllPathStatusStatus VDS_MPS_ONLINE
Overwriting error to S_FALSE--NOERR specified
.CRT$XIA
Changing target portal group selection from %d to %d
debugfile
pServiceIscsi->SetInitiatorSharedSecret
9]P|xJ
DrpGetIndexForObject
d[%s]:%hu
x UAVAWH
SetSelectedTPGroup(-1)
SIZE= value not specified
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
FileDescription
RtlIpv6AddressToStringEx failed
PrintMessage(MSG_INFO_NO_SELECTED_STORAGEPOOL)
DrpGetSubsystemProperties2FromSubsystemProperties
SIZE= specified multiple times
UWATAVAWH
pDrive->QueryInterface
DrpGetHbaPortAtIndex
DRIVE= specified multiple times
pUnknown->QueryInterface IID_IVdsIscsiTarget
D$ :$
ntdll.dll
pSelectedSubSystem->QueryInterface
fprintf
pController->QueryControllerPorts
D9l$P
pSelectedSubsystemImportTarget->GetImportTarget, failed
InitialiseStoragePoolIndexCache
AddTPGroupTPortal
\$PE9.u
SelectLun
GetExitCode
10.0.17763.1
D$ !t$PL
ListTargets
HBAPORTS
DoMaintenanceOp VDS_CS_ONLINE
SetSelectedController
FLUSHCACHE
<description>Microsoft Diskraid command-line tool</description>
PopFromObjectPropertyList
pLunToAdd->GetProperties
Invalid Bus Type
Wmain
te9\$xu'
!|$PM
FALSE
C:\diskraid.log
pUnknown->QueryInterface IID_IVdsIscsiPortalGroup
D$(E3
D9|$P|
GetBusTypeFromString
pLunNumber->GetLunNumber
E@!]@L
D$ !}@L
SetThreadUILanguage
pEnumDrive->Next
pStoragePool->QueryInterface IID_IVdsMaintenance
Mismatched active port count
.rdata$zETW9
ListStoragePools
K WATAUAVAWH
UVWAVAWH
u^9;u
H9t$xuaA9u
\$PA9>u
A_A^A\_]
u]D9;u
ListTPortalLine
L!|$X
ucD9'u
RECOVER
WWNs or initiators must be specified after ADD
TerminateProcess
ONLINE
EmptyTargetProperties
%s%04dL%02d %-20.20s: 0x%08x Added HBA port index 0, pNode: %p
pService->QueryInterface IID_IVdsServiceIscsi
ReplaceDrive
No command or subtable matches
ua9>u
DetailIPortalListPaths
BUS specified more than once
ListIAdapters
OA9<$u
%s%04dL%02d %-20.20s: 0x%08x pbErrorMessageDone=%p
SetSelectedDrive
PrintMessage(MSG_INFO_SELECTED_STORAGEPOOL)
CloseInputScriptFile
Drive not found in the cache
pUnknown->QueryInterface IID_IVdsControllerPort
ListDriveLine2
First argument must be LUN
.text$x
RAID53
9t$Pt2H
T$ E3
uFH!|$@
_wtoi
uhA9u
C A!{ L
u_E9.u
ListIscsiPathLine
t$ UWATAUAVH
%ws Index:%d GUID:{%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}
pSelectedSubsystem2->CreateLun2
pUnknown->QueryInterface IID_IVdsController
GetModuleHandleW
Invalid TYPE argument
IncreaseDriveContributionInList
No LUN selected
D9sTt)E
E8!}8L
Extent %d: LunId:{%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x} ullSize:%I64lu bUsed:%ws
ulA9<$u
D$ r!
pLun->QueryPlexes
pServiceIscsi->QueryInitiatorAdapters
OriginalFilename
Mismatched active target count
SetLunStatus VDS_LS_ONLINE
ucD9/u
pEnumTPGroup->Next
InitialiseControllerIndexCache
pSelectedSubsystem->ReplaceDrive
%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x
FAILOVER
ORS specified greater than maximum allowed (ULONG_MAX)
9]H}/9
%s%04dL%02d %-20.20s: 0x%08x pVdsIAdapter->GetProperties, Initiator Adapter Index: %d
L$0fD
pLun->QueryInterface IID_IVdsLunMpio
RESET
PrintMessageWithArguments(MSG_INFO_LIST_PATH_ISCSI_LINE_FIRST)
DetailTargetListAssociatedLuns
QueryInterface: IID_IVdsIscsiInitiatorPortal
tiL9}
Overwriting hResult to S_FALSE: NOERR specified
SelectIAdapter
ORA specified more than once
DELETE
D9}H|YL
9t$`|~H
GetFileType
x UATAWH
UVWATAUAVAWH
D$ H!}
DrpGetLunFromLunNumber
@.reloc
_vsnprintf
Subsystem Index:%d GUID:{%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}
HOTSPARE
RtlIpv6AddressToStringExW
RCE specified more than once
GetIAdapterAtIndex
tlL9}
GetSystemTimeAsFileTime
pHwProvider->QueryInterface
AHS specified more than once
PrintMessage(MSG_INFO_SELECTED_SUBSYSTEM)
TPORTAL
RAID3
L9d$Pu
D9}w|wH
D$TD9m
pLun->QueryInterface IID_IVdsDisk
%s%04dL%02d %-20.20s: 0x%08x Unrecognised flag [%ws]
uf97u
D9d$XuJ
%s%04dL%02d %-20.20s: 0x%08x pSelectedLun->SetMask(%ws)
D9mwuG
ListTargetLine
CD9?u
|$!fD
The provider does not support storage pools
GetIpAddressString
SetUnhandledExceptionFilter
%s%04dL%02d %-20.20s: 0x%08x Unrecognised argument [%ws]
EmptyDriveProperties
DrpGetIpAddressString
WWN can only be specified for FC or SAS connected LUNs, 1
DRIVES
InitialisePortIndexCache
SetLunStatus VDS_LS_OFFLINE
LoadAndInitialiseHbaPorts
PrintPoolAttributes
SetSubsystemStatus VDS_SSS_OFFLINE
L9d$p
.text
D9U$t5D
yQD9d$\tJH
pTPortal->QueryAssociatedPortalGroups
%s%04dL%02d %-20.20s: 0x%08x Added initiator portal index %d
pUnknown->QueryInterface IID_IVdsLunPlex
GetSubsystemAtIndex
.rdata$brc
POOL= specified multiple times
Changing port selection from %d to %d
@USVWATAUAVH
pParentStoragePool->QueryAllocatedPools
|$X|O
ubD9?u
LbpSetLun
L$`E3
pEnumTarget->Next
%s%04dL%02d %-20.20s: 0x%08x pVdsIPortal->GetProperties, Initiator Portal Index: %d
A_A^A]A\_[]
LogOutputString
s WAVAWH
LocalAlloc
.idata$4
ugE9.u
pSelectedTarget->GetProperties
D9l$P|hH
D9d$P|kM
RAID01
fclose
VERSION.dll
u`A96u
SUBSYSTEMS
QueryInterface: IID_IVdsServiceHba
SetControllerStatus VDS_CS_OFFLINE
OpenInputScriptFile
DetailTPortal
api-ms-win-core-com-l1-1-0.dll
REMOVE
PrintMessageWithArguments
QueryInterface: IID_IVdsServiceIscsi
DrpGetIndexForSubsystem
GetNextCommand
LoadAndInitialiseInitiator
InitialiseAllPortIndexCaches
pSelectedLun->QueryInterface IID_IVdsMaintenance
FCR specified more than once
pSelectedTPGroup->AddPortal
ChangeLunTargetAssociations
__C_specific_handler
OfflineSubsystem
OpenDebugLogFile
Size greater than ULONG_MAX
%s%04dL%02d %-20.20s: 0x%08x pHardwareProvider->QuerySubSystems ProviderIndex:%d
pSelectedSubsystem->QueryInterface IID_IVdsSubSystemNaming
pSelectedPort->QueryInterface IID_IVdsMaintenance
u_D97u
pServiceUninstallDisk->UninstallDisks hResult2
GetFileVersionInfoExW
SelectHbaPort
9D$Tu
ugD9'u
.text$mn$00
RBV specified more than once
.rsrc$01
A VDS hardware provider failed to initialize
L9ePuB
D9e@}
RemoveTPGroupTPortal
SetDriveStatus
DiskRAID
---- Start diskraid log: Level %d [%02hd:%02hd:%02hd.%02hd %04hd/%02hd/%02hd] ----
PROVIDER
A_A^A]A\_^[]
D$pE3
RAID03
Controller is not associated with the lun
FTL specified more than once
Source and Target drives ought to be different
pLunPlex->GetProperties
pSelectedLunControllerPorts->QueryActiveControllerPorts
pSelectedController->GetProperties
9t$Pu[E
STRIPE
GetSupportedInterconnects
GetDwordFromString for storage pool index
\$PA;
pSelectedLun->Delete
%s%04dL%02d %-20.20s: 0x%08x pStoragePoolProperties=%p
@;t$P
DetailStoragePool
GetLunAtIndex
PopFromObjectIdList
pSelectedSubsystem->CreateLun
OWA specified more than once
GetDwordFromString for new controller port index
pTPortalToAdd->GetProperties
OnlineDrive
GetIPortalAtIndex
IPORTALS
L$`D9|$P
DrpGetDriveProperties2FromDriveProperties
DrDoMaintenanceOp
%s%04dL%02d %-20.20s: 0x%08x Added provider index %d
pA^A]_^]
pSelectedSubsystem->GetProperties
ua97u
Either SIZE or the DRIVES parameter must be present
pVdsIAdapter->LoginToTarget
uND9l$PtGH
9|$tu
Microsoft Corporation. All rights reserved.
%s%04dL%02d %-20.20s: 0x%08x pSelectedDrive->SetStatus(%d)
%s%04dL%02d %-20.20s: 0x%08x Converting hResult to exit code %d
ListLunLine
D$ S&
pEnumControllers->Reset
H90uAH
No args
t*fD;(t$H
%s%04dL%02d %-20.20s: 0x%08x pSelectedLun->SetStatus %d
GetObjectAtIndex
SetSelectedSubsystem(-1)
u_D93u
pUnknown->QueryInterface
D$PA;
9}H|XH
IPORTAL
No storage pool selected
D$ o
LcA<E3
OWS specified more than once
@USVWAUAVAWH
%s%04dL%02d %-20.20s: 0x%08x pHwProviderStoragePool->QueryStoragePools ProviderIndex:%d
xCH9u
ListLunLine2
fD9,xu
FindIndexForPort
@.rsrc
SetSelectedIPortal
STS specified more than once
SetControllerStatus
TARGET must be specified
ChangeMode
pLunUnk->QueryInterface IID_IVdsLun
DetailIPortal
SetSelectedPort
`A_A^A]A\_^]
setvbuf
GetObjectListFromString
LegalCopyright
@USWATAUAVAWH
pEnumLunPlexes->Next
Plex to be added must be different from current LUN
EmptyTPortalProperties
pControllerControllerPort->QueryControllerPorts
D9|$P
L9t$`udD97u
D$ D;
ListDriveLine
x0ueL
DissociatePortsFromLun
xbL9k
pLunMpio->GetPathInfo
UMC specified more than once
SetHbaPortPathsStatus
GetDwordFromString to get plex index
ImportTarget
INVALIDATECACHE
.rdata$zzzdbg
DrRefreshProvider
yED9}
PopFromPathInfoList
SetSelectedController(-1)
LoadStringW
PrintMessage(MSG_INFO_NO_SELECTED_SUBSYSTEM)
No WWN specified after keyword WWN
.rdata
L9k uV
|$XE3
Provider is not selected
%s%04dL%02d %-20.20s: 0x%08x pProvider->QuerySubSystems ProviderIndex:%d
H!}wI
xJfA;.t6
uqA9>u
SetSelectedSubsystem
IADAPTER= not specified
pLoader->LoadService
GetProviderSupport
Changing diskraid mode from 0x%x to 0x%x
9h(t3H
<assemblyIdentity
GetDwordFromString for new drive index
Invalid PATHS argument
tTPGROUP
l$xD9l$P
D$ P%
L$TD9d$P
YNK specified more than once
EmptyControllerProperties
L$ UVWATAUAVAWH
DrpGetInputChapType
ParseCommandLineArguments
ug9;u
pDrive->GetProperties
GetSizeDisplayString-2
udD9/u
%s%04dL%02d %-20.20s: 0x%08x pAsync->Wait hResult2:0x%x
ListTPortals
9|$|u
memcpy
EmptyTPGroupProperties
.idata$3
pDrive->QueryExtents
DetailTPortalListPaths
pLun->QueryActiveControllers
MANUAL
D!l$P
pController->GetProperties
sSTRIPESIZE
SelectSubsystem
Could not allocate secret
Changing storage pool selection from %d to %d
%s%04dL%02d %-20.20s: 0x%08x pHardwareProvider->Reenumerate, Provider Index: %d
PrintWelcomeMessage
pLun->QueryInterface IID_IVdsLunIscsi
%s%04dL%02d %-20.20s: 0x%08x pSubsystemIscsi->QueryTargets, pSubsystem: %p
GetLoadBalancePolicyString
\$XD9+u
PrintMessageWithArguments(MSG_INFO_LIST_DRIVE_LINE)
ORS specified more than once
(_^][
GetTargetAtIndex
__setusermatherr
UATAUAVAWH
AddObjectIdToList
UWATAUAVH
9|$P|DH9}
Done processing command [%ws]
pLunMpio->GetLoadBalancePolicy
:st#f
GetTickCount
EmptyDiskProperties
pEnumTPortals->Next
pSelectedLun->Recover
ListControllers
First argument must be HBAPORT, 1
.CRT$XIY
D$ A'
DissociateTargetsFromLun
name="Microsoft.Windows.DiskRaid"
pUnknown->QueryInterface IID_IVdsStoragePool
OfflineDrive
ChangeLunControllerAssociations
GetPathStatusString
/>
EHD!}HL
_wfopen
pServiceHba->QueryHbaPorts
SetConsoleCtrlHandler
PrintMessage
PrintMessageWithArguments(MSG_INFO_LIST_STORAGEPOOL_LINE)
T$`E3
pSubsystem->GetProperties
UWAVH
RMP specified more than once
fG9$qu
SetDriveFlag
L$XfD
LoadAndInitialiseHardwareProviders
DetailTPGroup
pStoragePool->QueryDriveExtents
EventSetInformation
ListIAdapterLine
GetPortProperties
OSW specified more than once
GetFileVersionInfoSizeExW
UWAUAVAWH
D9gTt-E
DRIVE
%s%04dL%02d %-20.20s: 0x%08x lpArguments=%p
\$h9t$P
pEnumTPortal->Next
ListProviderLine
Ambiguous command
SelectStoragePool
Processing command: [%ws]
!|$TL
D$ Y$
UNINSTALL specified multiple times
A^A\]
D9|$P|eH
|Fi!h
%s%04dL%02d %-20.20s: 0x%08x pDriveExtent=%p
GetDriveAtIndex
EmptyPortProperties
MAINTENANCE
List of ports absent
Changing controller selection from %d to %d
DetailHbaPortListPaths
T$hHc
A9h(M
ChapTarget
\$PA9<$u
FindIndexForTPortal
D$ :#
InitialisePathIndexCache
H9t$XuL
pTarget->GetConnectedInitiators
pEnumIAdapter->Next
processorArchitecture="amd64"
pSubsystem->Reenumerate
A_A^A]A\_
.CRT$XCAA
D$ ?&
\$ UH
Errant provider--returned S_OK with a NULL pointer or number of paths returned is inconsistent
ADVAPI32.dll
%s%04dL%02d %-20.20s: 0x%08x pNode: %p
pSelectedPort->Reset
RAID15
pTarget->GetProperties
.00cfg
t$ UWAUAVAWH
_wcsicmp
9D$P|yH
t(D9~
DeleteTarget
DrpDoCommandLoop
SETFLAG
UVWATAVH
D9l$lt
DETAIL
pLunPlex->QueryExtents
GetIndexForSubsystem
LoginTarget
CompanyName
pTarget->QueryAssociatedLuns
GetCurrentThreadId
GetProperties failed
PATHS= specified multiple times
tfH9s
D9l$PtkH
Path Index:%d Path ID: %I64u
pSelectedController->GetPortProperties
Mismatched drive count
pSelectedLunIscsi->AssociateTargets
D$ "'
GetStoragePoolTypeString
pControllerUnk->QueryInterface IID_IVdsControllerControllerPort
u HcA<H
pLun->GetSubsystem
%s%04dL%02d %-20.20s: 0x%08x lpszTypeString=%p
pSelectedLunNumber->GetLunNumber
pSelectedLunControllerPorts->AssociatePorts
H9t$XueA94$u
NULL interface pointer
Sleep
GetStoragePoolAtIndex
ATAPI
SIMPLE
u|L!|$@L
pTPGroup->QueryAssociatedPortals
fD9<_u
ucE9>u
PrintMessageWithArguments(MSG_INFO_LIST_INITIATOR_LINE)
t$ UWATAVAWH
BreakLunPlex
GetStoragePoolIdAtIndex
IncreaseDriveContributionInLunList
No target selected
{ AVH
REENUMERATE
AssociatePortsToLun
WSAAddressToStringW
pSubsystemInterconnect->GetSupportedInterconnects
NOERR
|$T9|$P
ORA specified greater than maximum allowed (ULONG_MAX)
_wtol
D$pA;
WSAStartup failed
List of targets absent
ListSubsystems
Opening script file [%ws]
GetControllerAtIndex
_wcsnicmp
D$ ^&
Unable to allocate Drive ID array
SetSelectedDrive(-1)
DrpGetLunFlagsDisplayString
%s%04dL%02d %-20.20s: 0x%08x No storage pool at index %d
pSelectedLun->AssociateControllers
SPINUP
T$l9T$P
D$ y
pSelectedTarget->CreatePortalGroup
OnlineSubsystem
USVWAVH
REMEMBER
pEnumTargets->Next
fE9$Au
GetTPGroupAtIndex
L$ SUVWH
D9d$P
WSAAddressToString failed
%s%04dL%02d %-20.20s: 0x%08x pHwProviderStoragePools->QueryStoragePools ProviderIndex:%d
D9d$P|YE
PrintMessageWithArguments(MSG_INFO_LIST_PATH_LBP_FC_LINE)
PrintMessageWithArguments(MSG_INFO_LIST_Target_LINE)
TARGET can only be specified for iSCSI LUNs, 2
DrUnmaskLun
D$ !}oI
PA^A\_^]
VENDORSPECIFIC
%s%04dL%02d %-20.20s: 0x%08x pStoragePoolId=%p
ShrinkLun
D$PE3
%s%04dL%02d %-20.20s: 0x%08x dwLunIndex=%d
u^9>u
pDisk->GetProperties
PrintMessageWithArguments(MSG_INFO_LIST_SUBSYSTEM_LINE)
GetObjectIdAtIndex
]wD9+u
First input must be TPORTAL=, 2
uiAccess="false"
Second argument must be TPORTAL=, 2
SelectProvider
LOGIN
ugA94$u
DrpGetInputLbpType
StringFromGUID2
IADAPTER
__set_app_type
ListPorts
tnL9o
type="win32"
LogoutTarget
ListLuns
ConvertCommandToArgumentList
040904B0
y%A9<$u
GetProviderAtIndex
\E9,$u
TYPE= specified multiple times
MUTUAL
.rdata$zETW2
9u0|hH
@USVWAVH
9wPt5
lstrcmpiW
DetailPoolListLun
Changing initiator adapter selection from %d to %d
HcA<H
A_A^A]A\_^]
GetTPortalAtIndex
InitialiseTargetIndexCache
A_A^]
ucE9/u
Changing HBA Port selection from %d to %d
ListProviders
%s%04dL%02d %-20.20s: 0x%08x pVdsHbaPort->GetProperties, HBA Port Index: %d
%s%04dL%02d %-20.20s: 0x%08x pSelectedDrive->SetFlags(0x%08x)
GetComputerNameW
D8l$`t
GetLunPlexIdAtIndex
FIBRE
pHwProviderType2->GetProviderType2
D$ 2"
ubD97u
GetDwordFromString for target index
PopFromObjectPropertyList, S_FALSE
POOLS
First argument must be TARGET
GetProviderType
DriveMaintenanceOp
DrpGetBusTypeFromString
DeleteLun
Either SET or REMEMBER must be specified
List of controllers absent
A!{ E3
pHwProvider is NULL
pEnumLunPlex->Next
DetailTPortalListAssociatedTPGroups
GetRaidTypeString
WideCharToMultiByte
DiskRaid
t$(E3
|$XD9|$P|
VarFileInfo
%s%04dL%02d %-20.20s: 0x%08x pVdsHbaPort->SetAllPathStatuses %d
_fmode
x0uaL
LBPOLICY
ucE9&u
D9g\t*A
ISCSINAME= specified multiple times
PrintMessageWithArguments(MSG_INFO_SELECTED_STORAGEPOOL)
u\E9.u
L9d$puaE9&u
RAID61
H!\$ L
_vsnwprintf
No initiator portal selected
GetSizeFromString
pSelectedSubsystemNaming->SetFriendlyName
SetSelectedStoragePool
%s%04dL%02d %-20.20s: 0x%08x pDrState->SelectionInfo.dwSelectedStoragePoolIndex=%d
No target portal group selected
pPort->QueryAssociatedLuns
pEnumStoragePool->Next
TPGroup
SetSelectedTarget
DrpPrintWelcomeMessage
D$ u"
D9d$P}
IPS specified multiple times
FormatMessageW
D$`9D$PtHH
InitialiseDriveIndexCache
td9\$|u&
9t$`H
<security>
InitialiseLunIndexCache
pEnumController->Next
CoUninitialize
<!-- Copyright (c) Microsoft Corporation -->
<requestedExecutionLevel
{ UAVAWH
l$!fD
GetPortSpeedString
10.0.17763.1 (WinBuild.160101.0800)
%s%04dL%02d %-20.20s: 0x%08x pProviderNode=%p
Currently selected HbaPort:%d IAdapter:%d IPortal:%d Provider:%d Subsystem:%d Controller:%d Port:%d Drive:%d Lun:%d TPortal:%d Target:%d TPGroup:%d
OWS specified greater than maximum allowed (ULONG_MAX)
RAID6
gSCSI
DoMaintenanceOp
%s%04dL%02d %-20.20s: 0x%08x pSubsystem->QueryControllers, pSubsystem: %p
pEnumAssocTPortals->Next
RtlCaptureContext
uhD9/u
HandleAutomagicFlags
SelectDrive
ListTPGroupLine
OnlineHbaPort
GetStripeSizesDisplayString
PORTS
ListHbaPortLine
pTPortal->GetProperties
----------------------------------------------------------------------------
D$ h!
ListControllerLine
SelectTPortal
` UAVAWH
D9w(tE
POOL= and DRIVES= are both specified
A^A]A\_^[]
%s%04dL%02d %-20.20s: 0x%08x Argument [%ws] present where none was expected
fG9$Nu
PrintMessageWithArguments(MSG_INFO_LIST_TPORTAL_LINE)
GetStdHandle
GetUlongFromString
~LH9]
\$XE3
pSelectedTPGroup->GetProperties
teL9u
pHardwareProvider->QueryInterface
ListIscsiPathLbpLine
L$8fD
WriteFile
AUTOMAGIC
Unable to allocate inactive controller port ID array
NUMBER
9|$P|
%s%04dL%02d %-20.20s: 0x%08x CHAP type [%ws] is not recognised
SECRET
ufE9&u
KD93u
D$ I;
LaunchVds
SelectTarget
HBAPORT
%s%04dL%02d %-20.20s: 0x%08x pParentStoragePool=%p
D!l$PD9l$P
ListSubsystemLine
DetailLunVerboseListPlex
ISCSI
@USVWATAVAWH
L9d$XuE
T$(E3
pSelectedLun->GetProperties
RemoveObjectIdFromList
tsH9}
D9d$p}
Second argument must be TARGET
__wgetmainargs
DetailSubsystem
RtlLookupFunctionEntry
??1CDrCallTracer@@QEAA@XZ
STRIPE= specified multiple times
pController->QueryAssociatedLuns
pSubsystem->QueryLuns
QueryPerformanceCounter
9\$P|
DetailPoolListDrive
SetHbaPortAllPathStatusStatus VDS_MPS_STANDBY
ListStoragePoolLine
LUN not found
msvcrt.dll
\$ UVWATAUAVAWH
StringFileInfo
D9|$P|oH
InitialiseTPortalIndexCache
pEnumTPGroups->Next
?LogMessage@CDrCallTracer@@QEAAXKPEADZZ
Microsoft.Windows.Storage.DiskRaid
pSelectedController->QueryAssociatedLuns
pSelectedLunNaming->SetFriendlyName
INITIATOR
D$
D9d$P|V
SetLunStatus
pSelectedController->FlushCache
pSelectedLun->RemovePlex
.text$mn
u@H!t$@L
setlocale
D9q(t0H
fgetwc
WTC specified more than once
pUnknown->QueryInterface IID_IVdsLun
PrintString
SelectTPGroup
No port selected
D$ Z&
Changing drive selection from %d to %d
GetLunTypeString
pSelectedLun->AddPlex
Changing initiator portal selection from %d to %d
D$ !]@L
t$XE3
EventWriteTransfer
SetSelectedLun
%s%04dL%02d %-20.20s: 0x%08x Added initiator adapter index 0, pNode: %p
D9t$P||L
Either TYPE or the PATHS parameter must be present
pSubsystem->QueryInterface
AssociateControllersToLun
t$XD9d$P
pSelectedController->Reset
pSelectedLun->QueryInterface IID_IVdsLunNaming
AutomagicApplyHintsToLun
IADAPTERS
%s%04dL%02d %-20.20s: 0x%08x Added HBA port index %d
tJL9d$huC
A_A\]
L9;uAH
RAID5
TPGROUPS
DrpGetVdsHintsFromVdsHints2
9|$xu
ALL specified with additional parameters
OfflineLun
ueE9.u
D$ Y%
RAID2
.rdata$zETW1
Drive not found
9]@|pH
D9|$`|UH
RtlVirtualUnwind
PrintMessageWithArguments(MSG_INFO_LIST_PATH_ISCSI_LINE_NEXT)
pSelectedSubsystemImportTarget->GetImportTarget, VDS_E_NO_IMPORT_TARGET
|$ UH
pHwProviderType->GetProviderType
GetModuleFileNameW
D$ )'
ResetPort
RAID51
pEnumSubsystem->Next
CD9>u
D$ q$
;|$P|
pServiceIscsi->RememberTargetSharedSecret
STANDBY
ListIPortalLine
IPORTAL= specified multiple times
pSelectedSubsystemImportTarget->SetImportTarget
9t$`|
TARGET
.CRT$XCA
KERNEL32.dll
A^A]A\_]
:St5f
9]@|PI
GetUlonglongFromString
FlushControllerCache
D$ !]@M
pEnumAssocTPGroups->Next
ud97u
UnhandledExceptionFilter
RAID50
EventUnregister
u`D9'u
tqH9s
DrpGetProviderAtIndex
pSelectedLun->QueryInterface IID_IVdsDisk
VS_VERSION_INFO
pSelectedController->QueryInterface IID_IVdsMaintenance
pSelectedTarget->SetFriendlyName
CheckForCommandMatch
DetailTargetListConnectedInitiators
x UATAUAVAWH
A_A^_^]
GetDwordFromString for target drive index
ucD93u
.CRT$XCZ
MSP specified more than once
DissociateControllersFromLun
pServiceUninstallDisk->UninstallDisks
SubsystemMaintenanceOp
GetDwordFromString for new controller index
First argument must be SUBSYSTEM
GetWwnString
WCE specified more than once
SetAutomagicFlags
DetailPort
\$PE3
MXD specified greater than maximum allowed (ULONG_MAX)
GetDriveFlagDisplayStringDetail
Changing LUN selection from %d to %d
L$pE3
.data
TARGETS
\$`9\$P
EmptyStoragePoolProperties
ExtendLun
ug9>u
memset
NameLun
pEnumLun->Next
tbL9o
SetSelectedProvider(-1)
SetSelectedProvider
pTPortalToRemove->GetProperties
pSelectedTPGroup->RemovePortal
;L$`|
%lu%s
Errant provider--returned S_OK with a NULL pointer
ListTPGroups
level="requireAdministrator"
RAID4
\$ UVWAVAWH
pSubsystem->QueryInterface IID_IVdsMaintenance
uVD9;u
pController->QueryInterface IID_IVdsControllerControllerPort
EDD specified multiple times
</trustInfo>
OnlineController
ProductName
DeleteTPGroup
SPINDOWN
.idata$6
GetSupportedInterconnectsDisplayString
T$xE3
%s%04dL%02d %-20.20s: 0x%08x pbDone=%p
ListDrives
%s%04dL%02d %-20.20s: 0x%08x
pEnumPort->Next
DrpGetSupportedLunTypesDisplayString
D$HE3
Rich[
OnlineLun
D$ ~!
t$xD9d$P
DetailLunVerbose
PA^_^
PrintMessageWithArguments(MSG_INFO_LIST_PATH_LBP_ISCSI_LINE)
t$ UWAVH
FileVersion
[***%ws***]
Object (Type:%d)
pEnumAllocatedLuns->Next
ListFcPathLine
Unable to allocate new node for storage pool
SetSelectedIAdapter
X UVWAVAWH
wmain
GetConsoleMode
No HBA port selected
E8!]8L
GetHbaPortTypeString
First argument must be HBAPORT, 2
UAVAWH
A_A^_
InitialiseStoragePools
xTfA;.t@D
<requestedPrivileges>
%s%04dL%02d %-20.20s: 0x%08x dwSubSystemIndex=%d
pProviderNode is NULL
pSelectedTarget->Delete
Overwriting error to S_FALSE: NOERR was specified
uL9\$TuF
xNL9|$`uGH
pTarget->QueryPortalGroups
uZD9?u
EXTEND
{ UATAUAVAWH
DrpGetBusTypeDisplayString
DetailLunListAssociatedControllers
ChapInitiator
ControllerMaintenanceOp
xA_A^A]A\_^[]
%s%04dL%02d %-20.20s: 0x%08x InitialiseSubsystemIndexCache ProviderIndex:%d
f9<Qu
EMP specified multiple times
DoCommandLoop
pSelectedSubsystemImportTarget->GetImportTarget
D$ H!|$`L
%s%04dL%02d %-20.20s: 0x%08x Added initiator portal index 0, pNode: %p
VerQueryValueW
CoTaskMemAlloc
DiskRaidOperation
%s%04dL%02d %-20.20s: 0x%08x ppStoragePool=%p
EventRegister
u`9>u
L9l$hu_E9.u
pSelectedSubsystemIscsi->CreateTarget
pService->QueryProviders
%s%04dL%02d %-20.20s: 0x%08x pVdsLunProperties=%p
pEnumProvider->Next
SetSelectedTPortal
pDrive2->GetProperties2
CoInitializeEx
VERBOSE
pAssocTPGroup->GetTarget
D9t$PL
L$hD9d$P
GetIndexForObject
%s%04dL%02d %-20.20s: 0x%08x pSubsystem->SetStatus %d
A_A^A\_^
Command not found
PrintMessageWithArguments(MSG_INFO_LIST_PATH_FC_LINE_FIRST)
QueryInterface: IID_IVdsIscsiInitiatorAdapter
D9t$P
D$ I&
%s%04dL%02d %-20.20s: 0x%08x Added provider index 0, pNode: %p
ListHbaPorts
pEnumAllocatedPools->Next
__iob_func
L9l$hu
D9|$P|{H
.data$brc
CLEAR
GetHbaPortStatusString
D9l$p
%s%04dL%02d %-20.20s: 0x%08x Load balance policy type [%ws] is not recognised
H3E H3E
InternalName
%-3lu
RAID60
%s%04dL%02d %-20.20s: 0x%08x %s
malloc
Unrecognised argument [%ws]: expected automagic hint
GetPortIdAtIndex
First input must be PLEX
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
GetDriveFlagDisplayString
GetDwordFromString to get target portal index
uhA94$u
.rsrc$02
uf93u
ClearAutomagicFlags
xRL9e
DetailPortListAssociatedLuns
GetDwordFromString for new target portal group index
Changing provider selection from %d to %d
RegisterApplicationRestart
en-US
pSubsystem->QueryDrives
pStoragePool->GetAttributes
H9D$xuS
ASSOCIATE
ISCSINAME
EmptyLunProperties
RAID05
udA9<$u
DrpGetIAdapterAtIndex
CreateTarget
.edata
9]8|XL
%s%04dL%02d %-20.20s: 0x%08x cchTypeString=%d
GetPathIdAtIndex
SECRET must be specified
9]H|[A
VWATAVAWH
</requestedPrivileges>
%s%04dL%02d %-20.20s: 0x%08x pulSupportedInterconnects=%p
SHRINK
GetCurrentProcessId
WWN can only be specified for FC or SAS connected LUNs, 2
pStoragePool->GetProperties
Invalid path weight in PATHS argument
InitialiseTPGroupIndexCache
Unable to allocate target ID array
.rdata$zETW0
$9|$P
D9e@|SH
SetSelectedTarget(-1)
ucD9+u
L9l$pt
H9t$huL
PrintPoolAllocatedPools
RecoverLun
DetailIAdapterListPaths
For automagic LUNs, SIZE is required, NOERR is optional, anything else is an error.
InvalidateControllerCache
EHD specified multiple times
Mismatched inactive controller count
pSelectedLunMpio->GetLoadBalancePolicy
WriteConsoleW
pPort->GetProperties
fE9$~u
fD;e0
NOERR specified multiple times
PrintMessageWithArguments(MSG_INFO_SELECTED_SUBSYSTEM)
diskraid.pdb
D$ )#
pSelectedLun->QueryInterface IID_IVdsLunMpio
pSelectedLun2->ApplyHints2
CoTaskMemFree
Invalid index
CONTROLLER
OWA specified greater than maximum allowed (ULONG_MAX)
.CRT$XIZ
ResetController
DetailLun
pSelectedSubsystem->QueryLuns
DrpDetailLunListAssociatedTargets
pSelectedLunIscsi->QueryAssociatedTargets
!This program cannot be run in DOS mode.
OfflineController
pSelectedLunMpio->SetLoadBalancePolicy
A_A^A]_^[]
u]93u
SelectController
pSelectedSubsystem->QueryInterface IID_IVdsSubSystemImportTarget failed
StoragePoolMaintenanceOp
Changing target portal selection from %d to %d
pEnumHbaPort->Next
D$ &"
Initialize
A^_^[]
CCE specified more than once
USER32.dll
DetailDrive
ConvertChapSecret
No initiators specified after keyword INITIATOR
x UATAVH
PortMaintenanceOp
tTL9t$`uM
9t$P|jH
NameTarget
First argument must be CONTROLLER
ugE9,$u
ListIPortals
D9|$`
Changing subsystem selection from %d to %d
GetDwordFromString
StoragePool Index:%d GUID:{%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}
HeapSetInformation
f9H\u
ONEWAY
ListPortLine
First input must be TPORTAL=, 1
CreateTPGroup
GetInputLunType
L9t$XuI
D$PD9d$P|"H
PrintMessage(MSG_INFO_NO_SELECTED_TPGROUP)
Target
pSelectedSubsystem->QueryInterface IID_IVdsSubSystemImportTarget
pSelectedLun->Shrink
pVdsIPortal->GetProperties
xGH9]
tXL9|$ptQ9
CHAP= specified multiple times
`A_A^_^]
RBP specified more than once
%s%04dL%02d %-20.20s: 0x%08x pProvider=%p
GetCurrentProcess
9]H|tD
pSelectedLun->Extend
PATHS
pEnumLuns->Next
PRIMARY
DetailLunListContributingDrives
K SWH
QueryInterface: IID_IVdsProvider
QueryInterface: IID_IVdsHbaPort
pEnum->Next
QueryInterface: IID_IVdsHwProvider
MXD specified more than once
pSelectedTPGroup->Delete
SelectPort
GetDriveFreeSpace
No subsystem pointer
%s%04dL%02d %-20.20s: 0x%08x pDrState->SelectionInfo.pSelectedStoragePool=%p
LocalFree
APPLY
??0CDrCallTracer@@QEAA@KQEBD0PEBJ@Z
No provider selected
Initiator
D$ m&
</assembly>
Mismatched active controller count
OSR specified more than once
Translation
DrpGetSubsystemProperties
DYNLQD
%s%04dL%02d %-20.20s: 0x%08x pSubsystemIscsi->QueryPortals, pSubsystem: %p
%s%04dL%02d %-20.20s: 0x%08x Lun type [%ws] is not recognised
pSelectedLun->QueryInterface
pSelectedController->InvalidateCache
pEnumIPortal->Next
pSelectedTarget->RememberInitiatorSharedSecret
pHwProviderStoragePool->CreateLunInStoragePool
DrpSetSelectedSubsystem
E9<$u
BLINK
CREATE
D;w(t
AddLunPlex
ReenumerateSubsystems
%s%04dL%02d %-20.20s: 0x%08x Argument [%ws] present where none or NOERR was expected
GetIndexForPath
%s%04dL%02d %-20.20s: ENTER
9\$P|dH
PrintPoolAllocatedLuns
ProductVersion
%s%04dL%02d %-20.20s: VOID LEAVE
%s%04dL%02d %-20.20s: 0x%08x No subsystem at index %d
Second argument must be LUN=
D$ {"
D$ c'
GetDwordFromString for new target index
No subsystem selected
WEIGHTED
---- End diskraid log: Level %d [%02hd:%02hd:%02hd.%02hd %04hd/%02hd/%02hd] ----
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0">
GetTPortalIdAtIndex
GetSubsystemCapabilitiesDisplayString
NAME= specified multiple times
.CRT$XIAA
diskraid.exe
%s%04dL%02d %-20.20s: 0x%08x lpdwIndex=%p
A_A^A\_^[]
Windows
Drive
GetIndexForStoragePool
Eo!}oL
FindIndexForHbaPort
H USH
.idata$2
DetailTPGroupListAssociatedTPortals
DrpGetIPortalAtIndex
t$X|O
MSR specified more than once
RAID10
STS specified greater than maximum allowed (ULONG_MAX)
D9l$`u
SetSelectedHbaPort
RBP specified greater than maximum allowed (VDS_REBUILD_PRIORITY_MAX)
d$PD9d$P|
uiE9>u
;D$Tt
pSelectedTarget->SetSharedSecret
pLun->QueryInterface IID_IVdsLunNumber
.xdata
pSelectedSubsystem->QueryControllers
.gfids
D9d$P|uM
GetProviderSupportString
SetDriveStatus VDS_DRS_ONLINE
9]H|XA
Drive Extents Reported (Drive ID: {%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x})
No drive selected
Operating System
EwD!}wL
DrpGetULongDisplayString
D9|$P|gH
DrpGetLunCachingPolicyDisplayString
Unable to allocate port ID array
D;g(t
D9d$Pu
GetBooleanFromString
~SL9e
_cexit
pSelectedSubsystem->QueryInterface IID_IVdsSubSystemIscsi
CONTROLLERS
L$XD9|$P
GetLocalTime
pSubsystem->QueryControllers
D9|$P|d
GetSizeDisplayString
PopFromObjectPropertyList2
DetailLunListPaths
EMX specified more than once
UVWAUAVH
SetSubsystemStatus
pSelectedLun->ApplyHints
DetailProvider
GetHbaPortAtIndex
BUS= specified multiple times
GetLastError
@USVWATAUAVAWH
_commode
uaA96u
%s%04dL%02d %-20.20s: 0x%08x Added initiator adapter index %d
D9l$P|
_amsg_exit
NAME parameter must be present
?terminate@@YAXXZ
GetInputLoginType
pLunIscsi->QueryAssociatedTargets
InitialiseSubsystemIndexCache
pLunControllerPorts->QueryActiveControllerPorts
u]D96u
D9}ovGL9}wuA
DetailIAdapter
PrintPoolContributingDrives
Unable to allocate new node for subsystem
pSelectedTPortal->GetProperties
Unable to allocate inactive controller ID array
pTPortalToUse->GetProperties
AssociateTargetsToLun
The HW provider interface pointer is not set in the cache
t$PE9,$u
H9|$XuD
pA_A^A]A\_^]
DetailController
InitialiseLunPlexIndexCache
PROVIDERS
UNMASK
SetSubsystemStatus VDS_SSS_ONLINE
pUnknown->QueryInterface IID_IVdsSubSystem
A_A^A]A\]
A_A^A]_]
ListInitiatorLine
ueD9'u
ListFcPathLbpLine
INITIATOR can only be specified for iSCSI LUNs, 1
GetString
`.rdata
9T$PusH
D9l$P~
PERSISTENT
BREAK
ConvertNewlinesToSpaces
SetSelectedTPortal(-1)
|$ UATAUAVAWH
[%ws]
GetInputLbpType
%s%04dL%02d %-20.20s: 0x%08x InitialiseStoragePoolIndexCache ProviderIndex:%d
9D$TuyH
WaitForServiceReady
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash | Exported DLL Name |
|---|---|---|---|---|---|---|---|---|
| 0x140000000 | 0x000449a0 | 0x00058ed8 | 0x00058ed8 | 10.0 | diskraid.pdb | 2063-11-19 05:56:33 | 701f69cb7f69911a0c2e0d44935719eb | diskraid.exe |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | DiskRAID |
| FileVersion | 10.0.17763.1 (WinBuild.160101.0800) |
| InternalName | diskraid.exe |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | diskraid.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 10.0.17763.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00044080 | 0x00044200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.28 |
| .rdata | 0x00044600 | 0x00046000 | 0x0000ac46 | 0x0000ae00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.47 |
| .data | 0x0004f400 | 0x00051000 | 0x000020c8 | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.23 |
| .pdata | 0x00050a00 | 0x00054000 | 0x00000f54 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.32 |
| .rsrc | 0x00051a00 | 0x00055000 | 0x00000840 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.83 |
| .reloc | 0x00052400 | 0x00056000 | 0x00000260 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 3.79 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| MUI | 0x00055770 | 0x000000d0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.66 | None |
| RT_VERSION | 0x000553e8 | 0x00000388 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.44 | None |
| RT_MANIFEST | 0x000550f0 | 0x000002f4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.86 | None |
Imports
| Name | Address |
|---|---|
| EventSetInformation | 0x140046118 |
| EventRegister | 0x140046120 |
| EventWriteTransfer | 0x140046128 |
| EventUnregister | 0x140046130 |
| Name | Address |
|---|---|
| Sleep | 0x140046140 |
| WideCharToMultiByte | 0x140046148 |
| lstrcmpiW | 0x140046150 |
| GetCurrentThreadId | 0x140046158 |
| GetCurrentProcessId | 0x140046160 |
| SetConsoleCtrlHandler | 0x140046168 |
| GetStdHandle | 0x140046170 |
| GetModuleFileNameW | 0x140046178 |
| SetThreadUILanguage | 0x140046180 |
| GetConsoleMode | 0x140046188 |
| GetLastError | 0x140046190 |
| HeapSetInformation | 0x140046198 |
| GetLocalTime | 0x1400461a0 |
| GetComputerNameW | 0x1400461a8 |
| GetFileType | 0x1400461b0 |
| RegisterApplicationRestart | 0x1400461b8 |
| WriteFile | 0x1400461c0 |
| LocalAlloc | 0x1400461c8 |
| FormatMessageW | 0x1400461d0 |
| WriteConsoleW | 0x1400461d8 |
| LocalFree | 0x1400461e0 |
| GetModuleHandleW | 0x1400461e8 |
| UnhandledExceptionFilter | 0x1400461f0 |
| SetUnhandledExceptionFilter | 0x1400461f8 |
| GetCurrentProcess | 0x140046200 |
| TerminateProcess | 0x140046208 |
| QueryPerformanceCounter | 0x140046210 |
| GetSystemTimeAsFileTime | 0x140046218 |
| GetTickCount | 0x140046220 |
| Name | Address |
|---|---|
| memcpy | 0x1400462c0 |
| __iob_func | 0x1400462c8 |
| ?terminate@@YAXXZ | 0x1400462d0 |
| _commode | 0x1400462d8 |
| _fmode | 0x1400462e0 |
| __C_specific_handler | 0x1400462e8 |
| _initterm | 0x1400462f0 |
| __setusermatherr | 0x1400462f8 |
| _cexit | 0x140046300 |
| _exit | 0x140046308 |
| __set_app_type | 0x140046310 |
| __wgetmainargs | 0x140046318 |
| _XcptFilter | 0x140046320 |
| malloc | 0x140046328 |
| free | 0x140046330 |
| setvbuf | 0x140046338 |
| _wfopen | 0x140046340 |
| _wtoi | 0x140046348 |
| fclose | 0x140046350 |
| _wcsicmp | 0x140046358 |
| setlocale | 0x140046360 |
| exit | 0x140046368 |
| fprintf | 0x140046370 |
| _vsnprintf | 0x140046378 |
| _wtol | 0x140046380 |
| _vsnwprintf | 0x140046388 |
| _wcsnicmp | 0x140046390 |
| fgetwc | 0x140046398 |
| _amsg_exit | 0x1400463a0 |
| memset | 0x1400463a8 |
| Name | Address |
|---|---|
| RtlCaptureContext | 0x1400463b8 |
| RtlIpv6AddressToStringExW | 0x1400463c0 |
| RtlLookupFunctionEntry | 0x1400463c8 |
| RtlVirtualUnwind | 0x1400463d0 |
| Name | Address |
|---|---|
| LoadStringW | 0x140046230 |
| Name | Address |
|---|---|
| WSACleanup | 0x140046260 |
| WSAAddressToStringW | 0x140046268 |
| htons | 0x140046270 |
| WSAStartup | 0x140046278 |
| Name | Address |
|---|---|
| VerQueryValueW | 0x140046240 |
| GetFileVersionInfoExW | 0x140046248 |
| GetFileVersionInfoSizeExW | 0x140046250 |
| Name | Address |
|---|---|
| CoUninitialize | 0x140046288 |
| CoTaskMemAlloc | 0x140046290 |
| CoTaskMemFree | 0x140046298 |
| CoCreateInstance | 0x1400462a0 |
| CoInitializeEx | 0x1400462a8 |
| StringFromGUID2 | 0x1400462b0 |
Exports
| Name | Address | Ordinal |
|---|---|---|
| ??0CDrCallTracer@@QEAA@KQEBD0PEBJ@Z | 0x14000d3b0 | 1 |
| ??1CDrCallTracer@@QEAA@XZ | 0x14000d420 | 2 |
| ?LogMessage@CDrCallTracer@@QEAAXKPEADZZ | 0x14000d4b0 | 3 |
Usage
Processing ( 11.76 seconds )
- 11.126 ProcessMemory
- 0.618 CAPE
- 0.013 BehaviorAnalysis
- 0.007 AnalysisInfo
- 0.001 Debug
Signatures ( 0.05 seconds )
- 0.008 ransomware_files
- 0.005 antianalysis_detectfile
- 0.005 antiav_detectreg
- 0.005 ransomware_extensions
- 0.003 antiav_detectfile
- 0.003 ursnif_behavior
- 0.002 infostealer_bitcoin
- 0.002 infostealer_ftp
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.002 territorial_disputes_sigs
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.005 CAPASummary
- 0.001 JsonDump
Signatures
The PE file contains a PDB path
pdbpath: diskraid.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 6212 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Binary compilation timestomping detected
anomaly: Compilation timestamp is in the future
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\diskraid.exe
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Users\Packager\AppData\Local\Temp\netmsg.dll
C:\Windows\System32\netmsg.dll
C:\Windows\System32\en-US\netmsg.dll.mui
C:\Windows\System32\en\netmsg.dll.mui
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\diskraid.exe
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Users\Packager\AppData\Local\Temp\netmsg.dll
C:\Windows\System32\netmsg.dll
C:\Windows\System32\en-US\netmsg.dll.mui
C:\Windows\System32\en\netmsg.dll.mui
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.