| URL: | http://195.206.181.219/Bin/ScreenConnect.Client.application?h=195.206.181.219&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQCRzJ%2F0h0Qryjz7R1xj%2FfmPHb0sDQO7kcL4XWY1w%2BxiwmbILzZ7qJ01pKD0C1sNelichLDTwH8ICiy%2BK9uLn6LhsttYa0CkvIX%2FhK%2Fi7%2Fe%2FgbtdnWM%2B7Wkskv0ZAcBA7w13IlW3aucQKTVFAkDNmBljWMn3VBhnTZ4x7FQnaAYArvtJc0KLuG7w%2F9L7E7OWQ5LY87HXXZTQBd4lMmWdCu%2BFz2XYLrNiEPN86nx8OPchXSnu25y3aqT3883ZTjTkka6m6OVDAYvI%2Fx03z88v5aOUhptX0OvpyWdUb7Pp37eMnrN85YOZ1SWgFthqshg6SgU9JIP5HFKYjEZAJGqM%2FUmq&s=01fe2d1f-f96e-4f9a-8a14-6b6b6631ac88&i=12&e=Support&y=Guest&r= |
| Full analysis: | https://app.any.run/tasks/b20f1e42-043b-4b1d-96f1-7a331587e43d |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | October 31, 2018, 16:32:32 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 971E060C02B1F0FAD2AF11E4B3874D3B |
| SHA1: | 5C1F9E1EE3B6128A0368C6BF15B6F381A10A60AB |
| SHA256: | 661D4588052EFE7EBA0B2780D4F178DDADD610B677605262328DE3645BFD299E |
| SSDEEP: | 12:A2uzm+v/EqFJdIWSwu4ttbWvbraM1neXt2GeTSOsScC65AOM:As+v/EodIWSwH6vbhlytaSOsSc5m |
MALICIOUS
Loads dropped or rewritten executable
- dfsvc.exe (PID: 3212)
- ScreenConnect.WindowsClient.exe (PID: 3512)
- ScreenConnect.ClientService.exe (PID: 2668)
- ScreenConnect.ClientService.exe (PID: 2388)
- ScreenConnect.WindowsClient.exe (PID: 624)
- ScreenConnect.WindowsClient.exe (PID: 2952)
Downloads executable files from IP
- dfsvc.exe (PID: 3212)
Downloads executable files from the Internet
- dfsvc.exe (PID: 3212)
Application was dropped or rewritten from another process
- ScreenConnect.WindowsClient.exe (PID: 3512)
- ScreenConnect.ClientService.exe (PID: 2668)
- ScreenConnect.ClientService.exe (PID: 2388)
- ScreenConnect.WindowsClient.exe (PID: 624)
- ScreenConnect.WindowsClient.exe (PID: 2952)
SUSPICIOUS
Reads Internet Cache Settings
- dfsvc.exe (PID: 3212)
Creates files in the user directory
- dfsvc.exe (PID: 3212)
Executable content was dropped or overwritten
- dfsvc.exe (PID: 3212)
Reads internet explorer settings
- dfsvc.exe (PID: 3212)
Creates files in the program directory
- ScreenConnect.ClientService.exe (PID: 2388)
Reads CPU info
- ScreenConnect.WindowsClient.exe (PID: 2952)
INFO
Reads Internet Cache Settings
- iexplore.exe (PID: 2208)
Changes internet zones settings
- iexplore.exe (PID: 3384)
Reads settings of System Certificates
- dfsvc.exe (PID: 3212)
Reads internet explorer settings
- iexplore.exe (PID: 2208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
44
Monitored processes
9
Malicious processes
7
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 624 | "C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe" "RunRole" "636645ce-b4be-44cb-80c0-74f40a188ed5" "User" | C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe | — | ScreenConnect.ClientService.exe | |||||||||||
User: admin Company: ScreenConnect Software Integrity Level: MEDIUM Description: ScreenConnect Client Exit code: 0 Version: 6.1.12292.6236 Modules
| |||||||||||||||
| 1968 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: ClickOnce Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 Modules
| |||||||||||||||
| 2208 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3384 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 2388 | "C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.ClientService.exe" "?y=Guest&h=195.206.181.219&p=443&s=01fe2d1f-f96e-4f9a-8a14-6b6b6631ac88&k=BgIAAACkAABSU0ExAAgAAAEAAQCRzJ%2f0h0Qryjz7R1xj%2ffmPHb0sDQO7kcL4XWY1w%2bxiwmbILzZ7qJ01pKD0C1sNelichLDTwH8ICiy%2bK9uLn6LhsttYa0CkvIX%2fhK%2fi7%2fe%2fgbtdnWM%2b7Wkskv0ZAcBA7w13IlW3aucQKTVFAkDNmBljWMn3VBhnTZ4x7FQnaAYArvtJc0KLuG7w%2f9L7E7OWQ5LY87HXXZTQBd4lMmWdCu%2bFz2XYLrNiEPN86nx8OPchXSnu25y3aqT3883ZTjTkka6m6OVDAYvI%2fx03z88v5aOUhptX0OvpyWdUb7Pp37eMnrN85YOZ1SWgFthqshg6SgU9JIP5HFKYjEZAJGqM%2fUmq&r=&i=12" "1" | C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.ClientService.exe | services.exe | ||||||||||||
User: SYSTEM Integrity Level: SYSTEM Exit code: 0 Version: 6.1.12292.6236 Modules
| |||||||||||||||
| 2668 | "C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.ClientService.exe" "?y=Guest&h=195.206.181.219&p=443&s=01fe2d1f-f96e-4f9a-8a14-6b6b6631ac88&k=BgIAAACkAABSU0ExAAgAAAEAAQCRzJ%2f0h0Qryjz7R1xj%2ffmPHb0sDQO7kcL4XWY1w%2bxiwmbILzZ7qJ01pKD0C1sNelichLDTwH8ICiy%2bK9uLn6LhsttYa0CkvIX%2fhK%2fi7%2fe%2fgbtdnWM%2b7Wkskv0ZAcBA7w13IlW3aucQKTVFAkDNmBljWMn3VBhnTZ4x7FQnaAYArvtJc0KLuG7w%2f9L7E7OWQ5LY87HXXZTQBd4lMmWdCu%2bFz2XYLrNiEPN86nx8OPchXSnu25y3aqT3883ZTjTkka6m6OVDAYvI%2fx03z88v5aOUhptX0OvpyWdUb7Pp37eMnrN85YOZ1SWgFthqshg6SgU9JIP5HFKYjEZAJGqM%2fUmq&r=&i=12" "1" | C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.ClientService.exe | ScreenConnect.WindowsClient.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Version: 6.1.12292.6236 Modules
| |||||||||||||||
| 2952 | "C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe" "RunRole" "ac38a4f0-52c6-474b-994e-3c6cb33569ce" "System" | C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe | — | ScreenConnect.ClientService.exe | |||||||||||
User: SYSTEM Company: ScreenConnect Software Integrity Level: SYSTEM Description: ScreenConnect Client Exit code: 0 Version: 6.1.12292.6236 Modules
| |||||||||||||||
| 3212 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: ClickOnce Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 Modules
| |||||||||||||||
| 3384 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 3512 | "C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe" | C:\Users\admin\AppData\Local\Apps\2.0\N1WRVL54.2KO\G0AYXJTK.JTK\scre..tion_2c2536e5112611c9_0006.0001_bc244c0eceb4005a\ScreenConnect.WindowsClient.exe | — | dfsvc.exe | |||||||||||
User: admin Company: ScreenConnect Software Integrity Level: MEDIUM Description: ScreenConnect Client Exit code: 0 Version: 6.1.12292.6236 Modules
| |||||||||||||||
Total events
1 214
Read events
956
Write events
228
Delete events
30
Modification events
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
| Operation: | write | Name: | SecuritySafe |
Value: 1 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| Operation: | write | Name: | SavedLegacySettings |
Value: 4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active |
| Operation: | write | Name: | {9FEAF2E3-DD2A-11E8-BFAB-5254004AAD11} |
Value: 0 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Type |
Value: 4 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Count |
Value: 3 | |||
| (PID) Process: | (3384) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Time |
Value: E2070A0003001F00100020003B000400 | |||
Executable files
12
Suspicious files
9
Text files
22
Unknown types
3
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 2208 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ScreenConnect.Client[1].application | — | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF56D5E9882EEC41A3.TMP | — | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9FEAF2E4-DD2A-11E8-BFAB-5254004AAD11}.dat | — | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF938359A75A694D40.TMP | — | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9FEAF2E3-DD2A-11E8-BFAB-5254004AAD11}.dat | — | |
MD5:— | SHA256:— | |||
| 2208 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018103120181101\index.dat | dat | |
MD5:— | SHA256:— | |||
| 3384 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018103120181101\index.dat | dat | |
MD5:— | SHA256:— | |||
| 2208 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log | text | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
4
DNS requests
1
Threats
11
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2208 | iexplore.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Client.application?h=195.206.181.219&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQCRzJ%2F0h0Qryjz7R1xj%2FfmPHb0sDQO7kcL4XWY1w%2BxiwmbILzZ7qJ01pKD0C1sNelichLDTwH8ICiy%2BK9uLn6LhsttYa0CkvIX%2FhK%2Fi7%2Fe%2FgbtdnWM%2B7Wkskv0ZAcBA7w13IlW3aucQKTVFAkDNmBljWMn3VBhnTZ4x7FQnaAYArvtJc0KLuG7w%2F9L7E7OWQ5LY87HXXZTQBd4lMmWdCu%2BFz2XYLrNiEPN86nx8OPchXSnu25y3aqT3883ZTjTkka6m6OVDAYvI%2Fx03z88v5aOUhptX0OvpyWdUb7Pp37eMnrN85YOZ1SWgFthqshg6SgU9JIP5HFKYjEZAJGqM%2FUmq&s=01fe2d1f-f96e-4f9a-8a14-6b6b6631ac88&i=12&e=Support&y=Guest&r= | GB | xml | 24.8 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Client.manifest | GB | xml | 8.17 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Client.application?h=195.206.181.219&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQCRzJ%2F0h0Qryjz7R1xj%2FfmPHb0sDQO7kcL4XWY1w%2BxiwmbILzZ7qJ01pKD0C1sNelichLDTwH8ICiy%2BK9uLn6LhsttYa0CkvIX%2FhK%2Fi7%2Fe%2FgbtdnWM%2B7Wkskv0ZAcBA7w13IlW3aucQKTVFAkDNmBljWMn3VBhnTZ4x7FQnaAYArvtJc0KLuG7w%2F9L7E7OWQ5LY87HXXZTQBd4lMmWdCu%2BFz2XYLrNiEPN86nx8OPchXSnu25y3aqT3883ZTjTkka6m6OVDAYvI%2Fx03z88v5aOUhptX0OvpyWdUb7Pp37eMnrN85YOZ1SWgFthqshg6SgU9JIP5HFKYjEZAJGqM%2FUmq&s=01fe2d1f-f96e-4f9a-8a14-6b6b6631ac88&i=12&e=Support&y=Guest&r= | GB | xml | 24.8 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.ClientService.exe | GB | executable | 48.6 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.WindowsClient.exe.config | GB | xml | 259 b | suspicious |
3384 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Client.dll | GB | executable | 47.2 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Windows.dll | GB | executable | 580 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.ClientService.dll | GB | executable | 13.1 Kb | suspicious |
3212 | dfsvc.exe | GET | 200 | 195.206.181.219:80 | http://195.206.181.219/Bin/ScreenConnect.Core.dll | GB | executable | 116 Kb | suspicious |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3212 | dfsvc.exe | 195.206.181.219:80 | — | — | GB | suspicious |
2388 | ScreenConnect.ClientService.exe | 195.206.181.219:443 | — | — | GB | suspicious |
3384 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2208 | iexplore.exe | 195.206.181.219:80 | — | — | GB | suspicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.bing.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
3212 | dfsvc.exe | A Network Trojan was detected | ET INFO Executable Download from dotted-quad Host |
3212 | dfsvc.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3212 | dfsvc.exe | Misc activity | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3212 | dfsvc.exe | A Network Trojan was detected | ET INFO Executable Download from dotted-quad Host |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
3212 | dfsvc.exe | Potentially Bad Traffic | ET INFO SUSPICIOUS Dotted Quad Host MZ Response |
1 ETPRO signatures available at the full report
Process | Message |
|---|---|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status Originated: -1073741772
*** Source File: d:\iso_whid\x86fre\base\isolation\win32\isoreg_direct.cpp, line 1127
|
dfsvc.exe |
*** Status Originated: -1073741772
*** Source File: d:\iso_whid\x86fre\base\isolation\win32\isoreg_direct.cpp, line 1127
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|