ÿþEurekaLog 7.4.8.0 RC 1 Application: ------------------------------------------------------- 1.1 Start Date : Fri, 11 May 2018 09:09:24 +0300 1.2 Name/Description: mcclient.exe 1.3 Version Number : 6.4.0.13 1.4 Parameters : 1.5 Compilation Date: Wed, 1 Nov 2017 20:26:19 +0300 1.6 Up Time : 41 minute(s), 29 second(s) Exception: ----------------------------------------------------- 2.1 Date : Fri, 11 May 2018 09:50:53 +0300 2.2 Address : 0052AEDA 2.3 Module Name : mcclient.exe 2.4 Module Version: 6.4.0.13 2.5 Type : EInOutError 2.6 Message : B:070=> 2 4>ABC?5. 2.7 ID : 1EF50000 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 1 User: ------------------------------------------------------- 3.1 ID : argument_torg 3.2 Name : argument_torg 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: ----------------------------------------------------------------------------------------------------------------------- 4.1 Form Class : TMainForm 4.2 Form Text : MyChat Client 6.4.0 - 0:5520 .. [ "=>3>DC=:F8>=0;L=K9 F5=B@ :;8=8G5A:>3> ?8B0=8O"] ( A5B8) 4.3 Control Class: TRichViewEdit 4.4 Control Text : Computer: ------------------------------------------------------------------------------------ 5.1 Name : ARGUMENT_TORGPC 5.2 Total Memory : 4080889856 (3,80 Gb) 5.3 Free Memory : 1019785216 (972,54 Mb) 5.4 Total Disk : 986089254912 (918,37 Gb) 5.5 Free Disk : 916257738752 (853,33 Gb) 5.6 System Up Time : 43 minute(s), 47 second(s) 5.7 Processor : Intel(R) Xeon(R) CPU E3-1225 V2 @ 3.20GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) HD Graphics (driver 10.18.10.3958 - RAM 1906227200) 5.11 Printer : HP LaserJet 400 MFP M425 PCL 6 (driver 6.1.7601.17514) 5.12 Virtual Machine: Operating System: ---------------------------------------------------- 6.1 Type : Microsoft Windows 7 (64 bit) 6.2 Build # : 7601 (6.1.7601.18015) 6.3 Update : Service pack 1 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) Network: --------------------------------- 7.1 IP Address: 192.168.150.062 7.2 Submask : 255.255.255.000 7.3 Gateway : 192.168.150.001 7.4 DNS 1 : 192.168.000.019 7.5 DNS 2 : 091.211.208.012 7.6 DHCP : ON Steps to reproduce: ------------ 8.1 Text: Custom Information: ------------------------------------------------- 9.1 ServerHWID: 329673260_4366_6-14-4-631619650 9.2 License : COMMERCIAL 9.3 ClientHWID: 6-10-9-652351066 Call Stack Information: ------------------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Unit |Class |Procedure/Method |Line | ------------------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=208; Parent=0; Priority=2 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|0052AEDA|mcclient.exe |0012AEDA|System.IOUtils |TFile |Copy | | |00000040|04 |0018FA1C|01007767|mcclient.exe |00C07767|mcclcorefunctions| |mcCoreSendImageFileToThePrivate |3229[8] | |00000040|04 |0018FA54|0111B1FD|mcclient.exe |00D1B1FD|fm_main |TMainForm |PopupChN1Click |8195[97] | |00000040|04 |0018FABC|00F39B18|mcclient.exe |00B39B18|frame_private |TPrivateFrame |inpdataKeyDown |834[86] | |00000040|03 |0018FAE8|006380E5|mcclient.exe |002380E5|Vcl.Controls |TWinControl |KeyDown | | |00000040|04 |0018FB10|00DBB040|mcclient.exe |009BB040|RichView |TCustomRichView |KeyDown |2358[1] | |00000040|04 |0018FB28|00CF2FA5|mcclient.exe |008F2FA5|RVEdit |TCustomRichViewEdit|KeyDown |2090[2] | |00000040|03 |0018FB44|00638182|mcclient.exe |00238182|Vcl.Controls |TWinControl |DoKeyDown | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4396; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 112C / 4396 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |03CBFF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4608; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 1200 / 4608 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |051EFE70|747D19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |051EFEB8|75F7087C|user32.dll |0002087C|USER32 | | (possible PeekMessageW+682) | | |00000040|03 |051EFF0C|75F70B7C|user32.dll |00020B7C|USER32 | |MsgWaitForMultipleObjects | | |00000040|03 |051EFF28|67207921|GdiPlus.dll |00047921|gdiplus | | (possible GdipCreateSolidFill+2256) | | |00000040|03 |051EFF74|67207844|GdiPlus.dll |00047844|gdiplus | | (possible GdipCreateSolidFill+2035) | | |00000040|03 |051EFF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4724; Parent=0; Priority=1 | |Class=; Name= | |DeadLock=0; Wait Chain= | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ECF989|ntdll.dll |0001F989|ntdll | |NtRemoveIoCompletion | | |00000040|03 |09D7FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4748; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 128C / 4748 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |0A38FDC0|747D19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0A38FE08|747D2687|kernel32.dll |00012687|kernel32 | |WaitForMultipleObjects | | |00000040|03 |0A38FF5C|6556E494|dsound.dll |0002E494|dsound | |DirectSoundCreate | | |00000040|03 |0A38FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4752; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 1290 / 4752 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |0A8DFE40|747D19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0A8DFE88|75F7087C|user32.dll |0002087C|USER32 | | (possible PeekMessageW+682) | | |00000040|03 |0A8DFEDC|662320FB|MMDevAPI.dll |000020FB|MMDevApi | | (possible DllCanUnloadNow+2618) | | |00000040|03 |0A8DFF84|662327E9|MMDevAPI.dll |000027E9|MMDevApi | | (possible DllCanUnloadNow+4392) | | |00000040|03 |0A8DFF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4756; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain= | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED1F76|ntdll.dll |00021F76|ntdll | |ZwWaitForWorkViaWorkerFactory | | |00000040|03 |0AA1FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4760; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 1298 / 4760 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |0AB5FD8C|747D19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0AB5FDD4|747D2687|kernel32.dll |00012687|kernel32 | |WaitForMultipleObjects | | |00000040|03 |0AB5FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4764; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 129C / 4764 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ECF901|ntdll.dll |0001F901|ntdll | |NtWaitForSingleObject | | |00000040|03 |0AD9FF38|747D118F|kernel32.dll |0001118F|kernel32 | |WaitForSingleObjectEx | | |00000040|03 |0AD9FF50|747D1143|kernel32.dll |00011143|kernel32 | |WaitForSingleObject | | |00000040|03 |0AD9FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4768; Parent=0; Priority=2 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 12A0 / 4768 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ED018D|ntdll.dll |0002018D|ntdll | |NtWaitForMultipleObjects | | |00000040|03 |0AEDFED4|747D19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0AEDFF1C|747D2687|kernel32.dll |00012687|kernel32 | |WaitForMultipleObjects | | |00000040|03 |0AEDFF38|11021514|bass.dll |00021514|bass | | (possible BASS_Init+3815) | | |00000040|03 |0AEDFF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4772; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 12A4 / 4772 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ECF901|ntdll.dll |0001F901|ntdll | |NtWaitForSingleObject | | |00000040|03 |0B01FF60|747D118F|kernel32.dll |0001118F|kernel32 | |WaitForSingleObjectEx | | |00000040|03 |0B01FF78|11020F17|bass.dll |00020F17|bass | | (possible BASS_Init+2282) | | |00000040|03 |0B01FF98|76EE9830|ntdll.dll |00039830|ntdll | | (possible RtlInitializeExceptionChain+97)| | |00000040|03 |0B01FFD8|76EE9800|ntdll.dll |00039800|ntdll | | (possible RtlInitializeExceptionChain+49)| | |-----------------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4784; Parent=0; Priority=-2 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 12B0 / 4784 ] is blocked | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|76ECFDC1|ntdll.dll |0001FDC1|ntdll | |ZwDelayExecution | | |00000040|03 |0B77FEF8|76264607|KERNELBASE.dll|00014607|KERNELBASE | |Sleep | | |00000040|03 |0B77FF08|004F2979|mcclient.exe |000F2979|System.Classes |TThread |Sleep | | |00000040|03 |0B77FF4C|004F1AB2|mcclient.exe |000F1AB2|System.Classes | |ThreadProc | | |00000040|04 |0B77FF7C|005AA5CC|mcclient.exe |001AA5CC|EThreadsManager | |NakedBeginThreadWrapper |1331[5] | |00000040|03 |0B77FF8C|747D343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | ------------------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe | |6.4.0.13 |23173712|2017-11-01 19:27:56|C:\Program Files (x86)\MyChat Client\ | |04D60000|libeay32.dll |OpenSSL Shared Library |1.0.2.1 |1359872 |2015-03-20 01:15:54|C:\Program Files (x86)\MyChat Client\ | |09D80000|AntiCAPS.dll | | |1024512 |2017-11-22 09:17:44|C:\Users\argument_torg\AppData\Local\MyChat Client\plugins\AntiCAPS\bin\ | |09FD0000|Beeper.dll | | |1023488 |2017-11-22 09:17:44|C:\Users\argument_torg\AppData\Local\MyChat Client\plugins\Beeper\bin\ | |11000000|bass.dll |BASS |2.4.10.0 |107584 |2013-02-16 12:02:02|C:\Program Files (x86)\MyChat Client\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.1 |355328 |2015-03-20 01:15:54|C:\Program Files (x86)\MyChat Client\ | |651D0000|EhStorShell.dll |81;8>B5:0 DLL @0AH8@5=8O >1>;>G:8 Windows Enhanced Storage |6.1.7600.16385 |189952 |2009-07-14 04:15:14|C:\Windows\System32\ | |65250000|xmllite.dll |Microsoft XmlLite Library |1.3.1001.0 |180224 |2013-02-11 21:45:29|C:\Windows\System32\ | |65280000|cabinet.dll |Microsoft® Cabinet File API |6.1.7601.17514 |73216 |2010-11-21 06:24:00|C:\Windows\System32\ | |652A0000|Faultrep.dll |81;8>B5:0 >BG5B>2 > A1>OE 2 ?>;L7>20B5;LA:>< @568<5 Windows |6.1.7601.17514 |320512 |2010-11-21 06:24:15|C:\Windows\System32\ | |65300000|Telemetry.dll |Telemetry Library |16.4.6013.910 |537560 |2015-08-17 15:47:12|C:\Users\argument_torg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\ | |65390000|msvcr110.dll |Microsoft® C Runtime Library |11.0.50727.1 |862664 |2015-08-17 15:47:11|C:\Users\argument_torg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\ | |65470000|msvcp110.dll |Microsoft® C Runtime Library |11.0.50727.1 |534480 |2015-08-17 15:47:11|C:\Users\argument_torg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\ | |65500000|SkyDriveShell.dll |Microsoft SkyDrive Shell Extension |16.4.6013.910 |220632 |2015-08-17 15:47:12|C:\Users\argument_torg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\ | |65540000|dsound.dll |DirectSound |6.1.7600.16385 |453632 |2009-07-14 04:15:13|C:\Windows\System32\ | |655E0000|AudioSes.dll |!50=A >1@01>B:8 72C:0 |6.1.7601.23471 |195072 |2016-06-14 18:21:18|C:\Windows\System32\ | |65620000|idndl.dll |Downlevel DLL |6.1.7600.16385 |33792 |2009-07-14 04:15:27|C:\Windows\System32\ | |65630000|logging.dll |Logging Library |16.4.6013.910 |38360 |2015-08-17 15:47:11|C:\Users\argument_torg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\ | |65640000|WindowsCodecs.dll |Microsoft Windows Codecs Library |6.2.9200.21830 |1230848 |2016-04-09 07:20:04|C:\Windows\System32\ | |65A80000|ntshrui.dll | 0AH8@5=8O >1>;>G:8, >15A?5G820NI85 4>ABC? : @5AC@A0< |6.1.7601.17755 |442880 |2013-02-11 21:49:25|C:\Windows\System32\ | |65B80000|browcli.dll |Browser Service Client DLL |6.1.7601.17887 |41984 |2013-02-11 21:59:20|C:\Windows\System32\ | |66230000|MMDevAPI.dll |MMDevice API |6.1.7601.17514 |213504 |2010-11-21 06:23:51|C:\Windows\System32\ | |67040000|slc.dll |Software Licensing Client DLL |6.1.7600.16385 |27136 |2009-07-14 04:16:15|C:\Windows\System32\ | |671C0000|GdiPlus.dll |Microsoft GDI+ |6.1.7601.23894 |1629696 |2017-08-16 18:10:13|C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e\ | |67510000|uxtheme.dll |81;8>B5:0 B5< UxTheme (Microsoft) |6.1.7600.16385 |245760 |2009-07-14 04:11:24|C:\Windows\System32\ | |67B30000|msacm32.dll |$8;LB@ 48A?5BG5@0 0C48>A60B8O Microsoft |6.1.7600.16385 |72192 |2009-07-14 04:15:42|C:\Windows\System32\ | |67B50000|cscapi.dll |Offline Files Win32 API |6.1.7601.17514 |34816 |2010-11-21 06:24:02|C:\Windows\System32\ | |68A40000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-21 06:24:16|C:\Windows\System32\ | |693E0000|olepro32.dll | |6.1.7601.17514 |90112 |2010-11-21 06:24:03|C:\Windows\System32\ | |69400000|oleacc.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2013-02-11 21:46:10|C:\Windows\System32\ | |69830000|winspool.drv |@0925@ 48A?5BG5@0 >G5@548 Windows |6.1.7601.17514 |320000 |2010-11-21 06:24:08|C:\Windows\System32\ | |69A40000|linkinfo.dll |Windows Volume Tracking |6.1.7600.16385 |22016 |2009-07-14 04:15:36|C:\Windows\System32\ | |69A50000|dwmapi.dll |Microsoft Desktop Window Manager API |6.1.7601.18917 |67584 |2015-07-09 20:42:54|C:\Windows\System32\ | |6AB00000|comctl32.dll |81;8>B5:0 >1I8E M;5<5=B>2 C?@02;5=8O |5.82.7601.18837 |530432 |2015-04-24 20:56:58|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\| |6AD70000|shfolder.dll |Shell Folder Service |6.1.7600.16385 |7168 |2009-07-14 04:16:14|C:\Windows\System32\ | |6ADA0000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 04:15:44|C:\Windows\System32\ | |6ADB0000|mpr.dll |81;8>B5:0 <0@H@CB870F88 4;O =5A:>;L:8E A;C61 4>ABC?0 |6.1.7600.16385 |64000 |2009-07-14 04:15:41|C:\Windows\System32\ | |6ADD0000|aswhookx.dll |Hook Library |18.3.3.26493 |199448 |2018-04-13 13:23:23|C:\Program Files\AVAST Software\Avast\ | |6CDE0000|ntmarta.dll |>AB02I8: Windows NT MARTA |6.1.7600.16385 |121856 |2009-07-14 04:16:11|C:\Windows\System32\ | |6D8C0000|comctl32.dll |81;8>B5:0 M;5<5=B>2 C?@02;5=8O 2708<>459AB28O A ?>;L7>20B5;5<|6.10.7601.18837 |1680896 |2015-04-24 20:54:13|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\ | |6DA60000|winrnr.dll |LDAP RnR Provider DLL |6.1.7600.16385 |20992 |2009-07-14 04:16:19|C:\Windows\System32\ | |6DA70000|pnrpnsp.dll |>AB02I8: ?@>AB@0=AB20 8<5= PNRP |6.1.7600.16385 |65024 |2009-07-14 04:16:12|C:\Windows\System32\ | |6DA90000|NapiNSP.dll |>AB02I8: >1>;>G:8 A>2<5AB8<>AB8 4;O 8<5= M;5:B@>==>9 ?>GBK |6.1.7600.16385 |52224 |2009-07-14 04:16:02|C:\Windows\System32\ | |6DAA0000|nlaapi.dll |Network Location Awareness 2 |6.1.7601.24000 |52224 |2018-01-01 05:00:07|C:\Windows\System32\ | |6DAB0000|dhcpcsvc.dll |!;C610 DHCP-:;85=B0 |6.1.7600.16385 |61952 |2009-07-14 04:15:11|C:\Windows\System32\ | |6DAD0000|dhcpcsvc6.DLL |;85=B DHCPv6 |6.1.7601.17970 |44032 |2013-02-11 22:10:26|C:\Windows\System32\ | |6DB00000|FWPUCLNT.DLL |API ?>;L7>20B5;LA:>3> @568<0 FWP/IPsec |6.1.7601.24000 |216576 |2018-01-01 05:00:02|C:\Windows\System32\ | |6DB40000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 04:16:12|C:\Windows\System32\ | |6DB50000|wship6.dll |81;8>B5:0 DLL ?><>I=8:0 Winsock2 (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 04:16:20|C:\Windows\System32\ | |6DB60000|WSHTCPIP.DLL |81;8>B5:0 DLL ?><>I=8:0 A;C61K Winsock2 (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 04:16:20|C:\Windows\System32\ | |6DB70000|mswsock.dll | 0AH8@5=85 ?>AB02I8:0 A;C61K API Microsoft Windows Sockets 2.0|6.1.7601.23451 |231424 |2016-05-11 18:19:16|C:\Windows\System32\ | |6DD10000|apphelp.dll |;85=BA:0O 181;8>B5:0 A>2<5AB8<>AB8 ?@8;>65=89 |6.1.7601.18777 |295936 |2015-03-04 07:10:53|C:\Windows\System32\ | |6DD60000|propsys.dll |!8AB5<0 AB@0=8F A2>9AB2 (Microsoft) |7.0.7601.17514 |988160 |2010-11-21 06:24:08|C:\Windows\System32\ | |6E880000|hunspelldll.dll | | |223232 |2006-05-27 15:34:22|C:\Program Files (x86)\MyChat Client\ | |71450000|powrprof.dll |DLL <>4C;O ?>445@6:8 ?@>D8;O C?@02;5=8O ?8B0=85< |6.1.7600.16385 |145408 |2009-07-14 04:16:12|C:\Windows\System32\ | |725B0000|winsta.dll |Winstation Library |6.1.7601.18540 |157696 |2014-07-17 04:40:03|C:\Windows\System32\ | |72C40000|samcli.dll |Security Accounts Manager Client DLL |6.1.7601.17514 |51200 |2010-11-21 06:23:54|C:\Windows\System32\ | |72C50000|wkscli.dll |Workstation Service Client DLL |6.1.7601.17514 |47104 |2010-11-21 06:23:51|C:\Windows\System32\ | |72C60000|srvcli.dll |Server Service Client DLL |6.1.7601.17514 |90112 |2010-11-21 06:24:16|C:\Windows\System32\ | |72C80000|netutils.dll |Net Win32 API Helpers DLL |6.1.7601.17514 |22528 |2010-11-21 06:24:16|C:\Windows\System32\ | |72C90000|netapi32.dll |Net Win32 API DLL |6.1.7601.17887 |57344 |2013-02-11 21:59:20|C:\Windows\System32\ | |73180000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.1.7601.17514 |40448 |2010-11-21 06:23:54|C:\Windows\System32\ | |73550000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.1.7600.16385 |242936 |2009-07-14 04:17:54|C:\Windows\System32\ | |73590000|cryptsp.dll |Cryptographic Service Provider API |6.1.7601.23471 |80896 |2016-06-14 18:21:20|C:\Windows\System32\ | |73800000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 04:16:17|C:\Windows\System32\ | |73830000|dnsapi.dll |8=0<8G5A:0O 181;8>B5:0 API DNS-:;85=B0 |6.1.7601.17570 |270336 |2013-02-11 21:39:38|C:\Windows\System32\ | |738A0000|webio.dll |API ?@>B>:>;>2 ?5@540G8 ?> 51 |6.1.7601.17725 |314880 |2011-11-17 08:35:02|C:\Windows\System32\ | |738F0000|winhttp.dll |!;C61K HTTP Windows |6.1.7601.24000 |351744 |2018-01-01 05:00:14|C:\Windows\System32\ | |73950000|winnsi.dll |Network Store Information RPC interface |6.1.7601.23889 |16384 |2017-08-11 09:19:44|C:\Windows\System32\ | |73960000|IPHLPAPI.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-21 06:24:32|C:\Windows\System32\ | |73D70000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 04:16:20|C:\Windows\System32\ | |74750000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7601.24117 |36352 |2018-04-23 02:18:32|C:\Windows\SysWOW64\ | |74760000|sspicli.dll |Security Support Provider Interface |6.1.7601.24117 |96768 |2018-04-23 02:41:01|C:\Windows\SysWOW64\ | |747C0000|kernel32.dll |81;8>B5:0 :;85=B0 Windows NT BASE API |6.1.7601.24117 |1114112 |2018-04-23 02:41:01|C:\Windows\SysWOW64\ | |748D0000|lpk.dll |Language Pack |6.1.7601.24082 |25600 |2018-03-09 21:12:56|C:\Windows\SysWOW64\ | |748E0000|imagehlp.dll |Windows NT Image Helper |6.1.7601.18288 |159232 |2013-10-19 04:36:59|C:\Windows\SysWOW64\ | |74920000|rpcrt4.dll |81;8>B5:0 C40;5==>3> 2K7>20 ?@>F54C@ |6.1.7601.24117 |666112 |2018-04-23 02:41:01|C:\Windows\SysWOW64\ | |74A10000|comdlg32.dll |81;8>B5:0 >1I8E 480;>3>2KE >:>= |6.1.7601.17514 |485888 |2010-11-21 06:23:48|C:\Windows\SysWOW64\ | |74BC0000|devobj.dll |Device Information Set DLL |6.1.7601.17621 |64512 |2013-02-11 21:44:00|C:\Windows\SysWOW64\ | |74BE0000|ws2_32.dll |32-@07@O4=0O 181;8>B5:0 Windows Socket 2.0 |6.1.7601.23451 |206336 |2016-05-11 18:19:26|C:\Windows\SysWOW64\ | |74C20000|psapi.dll |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |74D20000|api-ms-win-downlevel-version-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |3072 |2013-07-03 02:05:10|C:\Windows\SysWOW64\ | |74D30000|msctf.dll |!5@25@=0O 181;8>B5:0 MSCTF |6.1.7601.23915 |830464 |2017-09-13 18:09:01|C:\Windows\SysWOW64\ | |74E00000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7601.18869 |92160 |2015-05-25 21:01:39|C:\Windows\SysWOW64\ | |74E20000|usp10.dll |Uniscribe Unicode script processor |1.626.7601.23894 |629760 |2017-08-16 18:10:30|C:\Windows\SysWOW64\ | |74EC0000|normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 04:09:00|C:\Windows\SysWOW64\ | |74ED0000|wininet.dll | 0AH8@5=8O =B5@=5B0 4;O Win32 |11.0.9600.19003 |2767872 |2018-04-22 09:08:25|C:\Windows\SysWOW64\ | |75180000|api-ms-win-downlevel-advapi32-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |10752 |2013-07-03 02:05:10|C:\Windows\SysWOW64\ | |75190000|cfgmgr32.dll |Configuration Manager DLL |6.1.7601.17621 |145920 |2013-02-11 21:44:00|C:\Windows\SysWOW64\ | |751C0000|clbcatq.dll |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 04:15:03|C:\Windows\SysWOW64\ | |75250000|advapi32.dll | 0AH8@5==0O 181;8>B5:0 API Windows 32 |6.1.7601.24117 |644096 |2018-04-23 02:40:53|C:\Windows\SysWOW64\ | |75300000|shell32.dll |1I0O 181;8>B5:0 >1>;>G:8 Windows |6.1.7601.24000 |12880384|2018-01-01 05:00:12|C:\Windows\SysWOW64\ | |75F50000|user32.dll |=>3>?>;L7>20B5;LA:0O 181;8>B5:0 :;85=B0 USER API Windows |6.1.7601.23594 |833024 |2016-11-10 19:19:40|C:\Windows\SysWOW64\ | |76050000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2013-02-11 21:52:04|C:\Windows\SysWOW64\ | |76250000|KERNELBASE.dll |81;8>B5:0 :;85=B0 Windows NT BASE API |6.1.7601.24117 |275456 |2018-04-23 02:41:01|C:\Windows\SysWOW64\ | |762B0000|api-ms-win-downlevel-user32-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |4096 |2013-07-03 02:05:10|C:\Windows\SysWOW64\ | |762C0000|oleaut32.dll | |6.1.7601.24117 |582144 |2018-04-23 02:40:58|C:\Windows\SysWOW64\ | |76360000|api-ms-win-downlevel-shlwapi-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |9728 |2013-07-03 02:05:10|C:\Windows\SysWOW64\ | |763A0000|api-ms-win-downlevel-normaliz-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |2560 |2013-07-03 02:05:10|C:\Windows\SysWOW64\ | |763B0000|userenv.dll |Userenv |6.1.7601.17514 |81920 |2010-11-21 06:24:16|C:\Windows\SysWOW64\ | |763D0000|iertutil.dll |Run time utility for Internet Explorer |11.0.9600.19003 |2295296 |2018-04-22 10:00:32|C:\Windows\SysWOW64\ | |76610000|gdi32.dll |GDI Client DLL |6.1.7601.23914 |312832 |2017-09-08 18:10:06|C:\Windows\SysWOW64\ | |766A0000|setupapi.dll |Windows Setup API |6.1.7601.17514 |1667584 |2010-11-21 06:23:51|C:\Windows\SysWOW64\ | |76840000|nsi.dll |NSI User-mode interface DLL |6.1.7601.23889 |8704 |2017-08-11 09:19:39|C:\Windows\SysWOW64\ | |76850000|shlwapi.dll |81;8>B5:0 =51>;LH8E ?@>3@0<< >1>;>G:8 |6.1.7601.17514 |350208 |2010-11-21 06:23:48|C:\Windows\SysWOW64\ | |768B0000|Wldap32.dll |Win32 LDAP API DLL |6.1.7601.23889 |271360 |2017-08-11 09:19:44|C:\Windows\SysWOW64\ | |76900000|ole32.dll |Microsoft OLE 4;O Windows |6.1.7601.24117 |1417728 |2018-04-23 02:40:58|C:\Windows\SysWOW64\ | |76A60000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |76A70000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |119808 |2010-11-21 06:24:25|C:\Windows\System32\ | |76EB0000|ntdll.dll |!8AB5<=0O 181;8>B5:0 NT |6.1.7601.24117 |1314064 |2018-04-23 02:44:08|C:\Windows\SysWOW64\ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |ID |Name |Description |Version |Memory |Priority |Threads|Path | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |0 |[System Process] | | |0 | |4 | | |4 |System | | |331776 |Normal |151 | | |372 |smss.exe | | |1003520 |Normal |2 |C:\Windows\System32\ | |424 |svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|8613888 |Normal |8 |C:\Windows\System32\ | |432 |svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|10555392 |Normal |11 |C:\Windows\System32\ | |464 |svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|150577152|Normal |17 |C:\Windows\System32\ | |544 |csrss.exe | | |0 |High |10 | | |652 |svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|17039360 |Normal |21 |C:\Windows\System32\ | |752 |wininit.exe |2B>703@C7:0 ?@8;>65=89 Windows |6.1.7600.16385|4112384 |High |3 |C:\Windows\System32\ | |772 |csrss.exe | | |0 |High |12 | | |836 |winlogon.exe | | |6991872 |High |3 |C:\Windows\System32\ | |848 |services.exe | | |7892992 |Normal |12 |C:\Windows\System32\ | |872 |lsass.exe | | |12460032 |Normal |8 |C:\Windows\System32\ | |884 |lsm.exe | | |4308992 |Normal |10 |C:\Windows\System32\ | |932 |chrome.exe |Google Chrome |66.0.3359.139 |84738048 |Low |16 |C:\Program Files (x86)\Google\Chrome\Application\ | |984 |svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|8495104 |Normal |10 |C:\Windows\System32\ | |1032|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|40017920 |Normal |32 |C:\Windows\System32\ | |1076|HeciServer.exe |Intel(R) Capability Licensing Service Interface |1.23.216.0 |4751360 |Normal |4 |C:\Program Files\Intel\iCLS Client\ | |1084|audiodg.exe | | |18944000 |Normal |5 |C:\Windows\System32\ | |1092|OUTLOOK.EXE |Microsoft Outlook |15.0.5007.1000|203767808|Normal |57 |C:\Program Files\Microsoft Office 15\root\office15\ | |1144|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|5660672 |Normal |5 |C:\Windows\System32\ | |1212|TrustedInstaller.exe |#AB0=>2I8: <>4C;59 Windows |6.1.7601.17514|44982272 |Normal |5 |C:\Windows\servicing\ | |1328|mscorsvw.exe |.NET Runtime Optimization Service |4.6.81.0 |10944512 |Normal |7 |C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ | |1352|igfxCUIService.exe | | |7380992 |Normal |4 |C:\Windows\System32\ | |1360|igfxEM.exe | | |12926976 |Normal |6 |C:\Windows\System32\ | |1416|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|13717504 |Normal |16 |C:\Windows\System32\ | |1476|AvastSvc.exe |Avast Service |18.3.3860.0 |227356672|Normal |121 |C:\Program Files\AVAST Software\Avast\ | |1592|spoolsv.exe | | |12906496 |Normal |22 |C:\Windows\System32\ | |1640|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|12591104 |Normal |19 |C:\Windows\System32\ | |1732|FBService.exe |RapidBoot HDD Accelerator Service |1.0.5.7 |4132864 |Normal |4 |C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\ | |1752|armsvc.exe |Adobe Acrobat Update Service |1.824.26.5200 |3792896 |Normal |4 |C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ | |1776|officeclicktorun.exe |Microsoft Office Click-to-Run |15.0.4997.1000|32411648 |Normal |16 |C:\Program Files\Microsoft Office 15\ClientX64\ | |1848|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|10686464 |Normal |12 |C:\Windows\System32\ | |1884|DSAService.exe |DSAService |3.1.2.2 |25120768 |Normal |9 |C:\Program Files (x86)\Intel Driver and Support Assistant\ | |1908|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|9211904 |Normal |19 |C:\Windows\System32\ | |2064|Jhi_service.exe |Intel(R) Dynamic Application Loader Host Interface|8.0.0.1351 |4571136 |Normal |4 |C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\ | |2092|LBAEvent.exe |Lenovo Desktop BIOS Event Utility |1.0.0.6 |2859008 |Normal |3 |C:\Program Files\Lenovo\LBAI\ | |2116|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|3428352 |Normal |4 |C:\Windows\System32\ | |2176|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|3362816 |Normal |4 |C:\Windows\System32\ | |2200|svchost.exe |%>AB-?@>F5AA 4;O A;C61 Windows |6.1.7600.16385|6336512 |Normal |9 |C:\Windows\System32\ | |2224|SurSvc.exe |Intel(R) System Usage Report |2.1.0.3413 |8675328 |Below-Normal|6 |C:\Program Files\Intel\SUR\QUEENCREEK\ | |2392|mcclient.exe | |6.4.0.13 |111337472|Normal |15 |C:\Program Files (x86)\MyChat Client\ | |2780|igfxHK.exe | | |11145216 |Normal |4 |C:\Windows\System32\ | |2948|ULCDRSvr.exe |ULCDRSvr |1.0.0.5 |2449408 |Normal |3 |C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ | |3080|igfxTray.exe | | |15495168 |Normal |4 |C:\Windows\System32\ | |3100|mscorsvw.exe |.NET Runtime Optimization Service |4.6.81.0 |9256960 |Normal |7 |C:\Windows\Microsoft.NET\Framework\v4.0.30319\ | |3260|aswidsagenta.exe |Avast Behavior Shield |18.3.3.26493 |36134912 |Normal |21 |C:\Program Files\AVAST Software\Avast\x64\ | |3332|RAVCpl64.exe |8A?5BG5@ Realtek HD |1.0.0.758 |11444224 |Normal |11 |C:\Program Files\Realtek\Audio\HDA\ | |3368|chrome.exe |Google Chrome |66.0.3359.139 |65933312 |Normal |17 |C:\Program Files (x86)\Google\Chrome\Application\ | |3376|taskhost.exe | | |14888960 |Normal |11 |C:\Windows\System32\ | |3520|unsecapp.exe | | |0 |Normal |3 | | |3796|UNS.exe |User Notification Service |8.0.0.1351 |14843904 |Normal |7 |C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ | |3900|PresentationFontCache.exe|PresentationFontCache.exe |3.0.6920.5011 |23715840 |Normal |6 |C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ | |3948|dwm.exe | | |60432384 |High |5 |C:\Windows\System32\ | |3956|explorer.exe |@>2>4=8: |6.1.7601.17567|81002496 |Normal |61 |C:\Windows\ | |3960|chrome.exe |Google Chrome |66.0.3359.139 |54927360 |Low |16 |C:\Program Files (x86)\Google\Chrome\Application\ | |4088|EXCEL.EXE |Microsoft Excel |15.0.5015.1000|74338304 |Normal |28 |C:\Program Files\Microsoft Office 15\root\office15\ | |4132|IAStorDataMgrSvc.exe |IAStorDataSvc |11.1.0.1006 |27389952 |Normal |11 |C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ | |4188|Zadarma.exe |Zadarma - a lightweight softphone |1.1.0.4572 |23732224 |Normal |16 |C:\Program Files (x86)\Zadarma\ | |4200|AvastUI.exe |Avast Antivirus |18.3.3860.316 |50008064 |Normal |50 |C:\Program Files\AVAST Software\Avast\ | |4236|IAStorIcon.exe |IAStorIcon |11.1.0.1006 |32681984 |Normal |13 |C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ | |4264|iusb3mon.exe |Intel(R) USB 3.0 Monitor |1.0.0.120 |6025216 |Normal |4 |C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\| |4276|SearchIndexer.exe |=45:A0B>@ A;C61K Microsoft Windows Search |7.0.7601.23930|43266048 |Normal |16 |C:\Windows\System32\ | |4644|LMS.exe |Local Manageability Service |8.0.0.1351 |6074368 |Normal |7 |C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ | |4692|PsiService_2.exe |PsiService PsiService |2.0.1.185 |4427776 |Normal |4 |C:\Program Files (x86)\Common Files\Protexis\License Service\ | |4700|SUService.exe |Lenovo System Update Service |5.7.0.70 |19570688 |Normal |9 |C:\Program Files (x86)\Lenovo\System Update\ | |4928|mstsc.exe |>4:;NG5=85 : C40;5==><C @01>G5<C AB>;C |6.3.9600.16415|218451968|Normal |34 |C:\Windows\System32\ | |5064|chrome.exe |Google Chrome |66.0.3359.139 |11112448 |Normal |9 |C:\Program Files (x86)\Google\Chrome\Application\ | |5640|chrome.exe |Google Chrome |66.0.3359.139 |58822656 |Normal |16 |C:\Program Files (x86)\Google\Chrome\Application\ | |5772|SearchProtocolHost.exe |Microsoft Windows Search Protocol Host |7.0.7601.23930|8323072 |Low |15 |C:\Windows\SysWOW64\ | |6044|WINWORD.EXE |Microsoft Word |15.0.4997.1000|117833728|Normal |27 |C:\Program Files\Microsoft Office 15\root\office15\ | |6444|chrome.exe |Google Chrome |66.0.3359.139 |90107904 |Normal |30 |C:\Program Files (x86)\Google\Chrome\Application\ | |6460|chrome.exe |Google Chrome |66.0.3359.139 |6557696 |Normal |7 |C:\Program Files (x86)\Google\Chrome\Application\ | |6620|chrome.exe |Google Chrome |66.0.3359.139 |6717440 |Normal |2 |C:\Program Files (x86)\Google\Chrome\Application\ | |6628|SearchProtocolHost.exe |Microsoft Windows Search Protocol Host |7.0.7601.23930|9510912 |Low |8 |C:\Windows\System32\ | |6856|SearchFilterHost.exe |Microsoft Windows Search Filter Host |7.0.7601.23930|15855616 |Low |6 |C:\Windows\System32\ | |7028|chrome.exe |Google Chrome |66.0.3359.139 |46301184 |Normal |18 |C:\Program Files (x86)\Google\Chrome\Application\ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Assembler Information: --------------------------------------------------------------------------------------------------------------------------------------------------------- ; Base Address: $52A000, Allocation Base: $400000, Region Size: 12738560 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; System.TFile.Copy (Line=0 - Offset=32) ; -------------------------------------- 0052AEA8 8BC7 MOV EAX, EDI 0052AEAA E865FFFFFF CALL -$9B ; ($0052AE14) System.TFile.CheckCopyParameters 0052AEAF 8BCB MOV ECX, EBX 0052AEB1 8BD6 MOV EDX, ESI 0052AEB3 8BC7 MOV EAX, EDI 0052AEB5 E8BE000000 CALL +$BE ; ($0052AF78) System.TFile.DoCopy 0052AEBA 84C0 TEST AL, AL 0052AEBC 7521 JNZ +$21 ; ($0052AEDF) System.TFile.Copy (Line=0) 0052AEBE E891AEEEFF CALL -$11516F ; ($00415D54->747D11C0) kernel32. (possible WaitForSingleObjectEx+111) (Line=0) 0052AEC3 8D55FC LEA EDX, [EBP-4] 0052AEC6 E87DA1F2FF CALL -$0D5E83 ; ($00455048) System.SysErrorMessage 0052AECB 8B4DFC MOV ECX, [EBP-4] 0052AECE B201 MOV DL, 1 0052AED0 A16C754400 MOV EAX, [$0044756C] ; Data as ANSI: '‘eE'; Data as UNICODE: '´eEXeE' 0052AED5 E8D2B0F2FF CALL -$0D4F2E ; ($00455FAC) System.Exception.Create ; ; Line=0 - Offset=82 ; ------------------ 0052AEDA E8BDFAEDFF CALL -$120543 ; ($0040A99C) System._RaiseExcept ; <-- EXCEPTION 0052AEDF 33C0 XOR EAX, EAX 0052AEE1 5A POP EDX 0052AEE2 59 POP ECX 0052AEE3 59 POP ECX 0052AEE4 648910 MOV FS:[EAX], EDX 0052AEE7 68FCAE5200 PUSH $52AEFC ; ($0052AEFC) System.TFile.Copy (Line=0) Data as ANSI: '_^[Y]9 U9 <j'; Data as UNICODE: '_^[Y]ËÀU‹ìjS‹Ø3ÀUhm¯Rdÿ0d‰ ‹Ã...' 0052AEEC 8D45FC LEA EAX, [EBP-4] 0052AEEF E82804EEFF CALL -$11FBD8 ; ($0040B31C) System._UStrClr Registers: ----------------------------- EAX: 0018F954 EDI: 00000001 EBX: 00000000 ESI: 0EEDFADE ECX: 00000007 EBP: 0018F9A4 EDX: 00000000 ESP: 0018F954 EIP: 7625C54F FLG: 00200212 EXP: 0052AEDA STK: 0018F954 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0BC7036C: 07BEB39C 0052AEDA: E8 BD FA ED FF 33 C0 5A 59 59 64 89 10 68 FC AE .....3.ZYYd..h.. 0BC70368: 00456BD0 0052AEEA: 52 00 8D 45 FC E8 28 04 EE FF C3 E9 FE F8 ED FF R..E..(......... 0BC70364: 0018F99C 0052AEFA: EB F0 5F 5E 5B 59 5D C3 8B C0 55 8B EC 6A 00 53 .._^[Y]...U..j.S 0BC70360: 0BB56EB8 0052AF0A: 8B D8 33 C0 55 68 6D AF 52 00 64 FF 30 64 89 20 ..3.Uhm.R.d.0d. 0BC7035C: 0018F9FC 0052AF1A: 8B C3 E8 37 FF FF FF 8B C3 E8 4C 40 F2 FF 84 C0 ...7......L@.... 0BC70358: 0018FA18 0052AF2A: 75 2B E8 23 AE EE FF 83 F8 20 75 21 8D 55 FC B8 u+.#..... u!.U.. 0BC70354: 09B79C4C 0052AF3A: 20 00 00 00 E8 05 A1 F2 FF 8B 4D FC B2 01 A1 6C .........M....l 0BC70350: 07BEB39C 0052AF4A: 75 44 00 E8 5A B0 F2 FF E8 45 FA ED FF 33 C0 5A uD..Z....E...3.Z 0BC7034C: 00000001 0052AF5A: 59 59 64 89 10 68 74 AF 52 00 8D 45 FC E8 B0 03 YYd..ht.R..E.... 0BC70348: 0BB56EB8 0052AF6A: EE FF C3 E9 86 F8 ED FF EB F0 5B 59 5D C3 53 56 ..........[Y].SV 0BC70344: 0052AEDF 0052AF7A: 57 8B D9 8B F2 8B F8 80 F3 01 F6 DB 1B C0 50 8B W.............P. 0BC70340: 00000007 0052AF8A: C6 E8 B4 14 EE FF 50 8B C7 E8 AC 14 EE FF 50 E8 ......P.......P. 0BC7033C: 7625C54F 0052AF9A: 66 AA EE FF 83 F8 01 1B C0 40 5F 5E 5B C3 55 8B f........@_^[.U. 0BC70338: 00000000 0052AFAA: EC 51 53 8B DA 33 D2 89 55 FC 33 D2 55 68 10 B0 .QS..3..U.3.Uh.. 0BC70334: 00000001 0052AFBA: 52 00 64 FF 32 64 89 22 E8 81 01 00 00 89 45 FC R.d.2d."......E. 0BC70330: 0EEDFADE 0052AFCA: 8B 45 FC 8B 10 FF 12 50 8B C3 B9 01 00 00 00 8B .E.....P........