ÿþEurekaLog 7.4.8.0 RC 1 Application: ------------------------------------------------------ 1.1 Start Date : Tue, 2 Jul 2019 12:34:44 +0300 1.2 Name/Description: mcclient.exe 1.3 Version Number : 7.5.1.4 1.4 Parameters : 1.5 Compilation Date: Thu, 6 Jun 2019 15:49:56 +0300 1.6 Up Time : 3 minute(s), 39 second(s) Exception: -------------------------------------------------------------------------------------------------------------- 2.1 Date : Tue, 2 Jul 2019 12:38:23 +0300 2.2 Address : 00E3C2A2 2.3 Module Name : mcclient.exe 2.4 Module Version: 7.5.1.4 2.5 Type : EAccessViolation 2.6 Message : Access violation at address 00E3C2A2 in module 'mcclient.exe'. Read of address 00000058. 2.7 ID : 477A0000 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 1 User: ------------------------------------------------------- 3.1 ID : MCSCLAD001 3.2 Name : MSclad001 3.3 Email : 3.4 Company : 3.5 Privileges: SeShutdownPrivilege - OFF SeChangeNotifyPrivilege - ON SeUndockPrivilege - OFF SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF Active Controls: ------------------------------ 4.1 Form Class : ad_win#2 4.2 Form Text : AnyDesk 4.3 Control Class: 4.4 Control Text : Computer: ----------------------------------------------------------------------------------------- 5.1 Name : MCSCLAD001PC 5.2 Total Memory : 4203663360 (3,91 Gb) 5.3 Free Memory : 2090819584 (1,95 Gb) 5.4 Total Disk : 485976174592 (452,60 Gb) 5.5 Free Disk : 399207223296 (371,79 Gb) 5.6 System Up Time : 34 minute(s), 43 second(s) 5.7 Processor : Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) HD Graphics 4600 (driver 10.18.10.3412 - RAM 1866950656) 5.11 Printer : HP LaserJet 400 MFP M425 PCL 6 (driver 6.1.7601.17514) 5.12 Virtual Machine: Operating System: ---------------------------------------------------- 6.1 Type : Microsoft Windows 7 (64 bit) 6.2 Build # : 7601 (6.1.7601.18015) 6.3 Update : Service pack 1 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) Network: --------------------------------- 7.1 IP Address: 192.168.125.057 7.2 Submask : 255.255.255.000 7.3 Gateway : 192.168.125.001 7.4 DNS 1 : 192.168.000.019 7.5 DNS 2 : 008.008.008.008 7.6 DHCP : ON Steps to reproduce: ------------ 8.1 Text: Custom Information: -------------------------------------------------------------------- 9.1 ServerHWID: 329673260_4366_6-13-7-600000000 9.2 License : COMMERCIAL 9.3 ClientHWID: B5414491BB0F4161E490447480D7342AAB4137208AE4192021 Call Stack Information: ----------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Unit |Class |Procedure/Method |Line | ----------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=7048; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|04 |00000000|00E3C2A2|mcclient.exe |00A3C2A2|frame_private |TPrivateFrame|ThreadDone_DownloadOfflineFiles |1854[3] | |00000040|04 |0018FAB0|00E3A5EA|mcclient.exe |00A3A5EA|frame_private |TPrivateFrame|FTPOfflineDownloaderHandler |1182[24] | |00000040|03 |0018FAD0|00626F9D|mcclient.exe |00226F9D|Vcl.Controls |TControl |WndProc | | |00000040|03 |0018FBFC|0062BA31|mcclient.exe |0022BA31|Vcl.Controls |TWinControl |WndProc | | |00000040|04 |0018FC48|00E3D56E|mcclient.exe |00A3D56E|frame_private |TPrivateFrame|WndProc |2277[1] | |00000040|03 |0018FC64|0062B074|mcclient.exe |0022B074|Vcl.Controls |TWinControl |MainWndProc | | |00000040|03 |0018FC94|004F5428|mcclient.exe |000F5428|System.Classes | |StdWndProc | | |00000040|03 |0018FCAC|764062F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815) | | |00000040|03 |0018FCD8|76406D35|user32.dll |00016D35|USER32 | | (possible GetThreadDesktop+210) | | |00000040|03 |0018FD50|76406DE3|user32.dll |00016DE3|USER32 | | (possible GetThreadDesktop+384) | | |00000040|03 |0018FDAC|76406E41|user32.dll |00016E41|USER32 | | (possible GetThreadDesktop+478) | | |00000040|03 |0018FDE8|77E50137|ntdll.dll |00010137|ntdll | |KiUserCallbackDispatcher | | |00000040|03 |0018FE48|76410764|user32.dll |00020764|USER32 | | (possible PeekMessageW+402) | | |00000040|03 |0018FE74|00714DA4|mcclient.exe |00314DA4|Vcl.Forms |TApplication |ProcessMessage | | |00000040|04 |0018FEF4|0115BC6F|mcclient.exe |00D5BC6F|mcclient | |Initialization |487[290] | |00000040|03 |0018FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=568; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 0238 / 568 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E6018D|ntdll.dll |0002018D|ntdll | |ZwWaitForMultipleObjects | | |00000040|03 |03F6FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=5100; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 13EC / 5100 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E6018D|ntdll.dll |0002018D|ntdll | |ZwWaitForMultipleObjects | | |00000040|03 |0548FE70|75BE19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0548FEB8|7641087C|user32.dll |0002087C|USER32 | | (possible PeekMessageW+682) | | |00000040|03 |0548FF0C|76410B7C|user32.dll |00020B7C|USER32 | |MsgWaitForMultipleObjects | | |00000040|03 |0548FF28|6ED47991|GdiPlus.dll |00047991|gdiplus | | (possible GdipCreateSolidFill+2256) | | |00000040|03 |0548FF74|6ED478B4|GdiPlus.dll |000478B4|gdiplus | | (possible GdipCreateSolidFill+2035) | | |00000040|03 |0548FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=900; Parent=0; Priority=1 | |Class=; Name= | |DeadLock=0; Wait Chain= | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E5F989|ntdll.dll |0001F989|ntdll | |ZwRemoveIoCompletion | | |00000040|03 |0933FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=5084; Parent=0; Priority=-3 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 13DC / 5084 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E5F901|ntdll.dll |0001F901|ntdll | |NtWaitForSingleObject | | |00000040|03 |0B27FF00|75BE118F|kernel32.dll |0001118F|kernel32 | |WaitForSingleObjectEx | | |00000040|03 |0B27FF18|75BE1143|kernel32.dll |00011143|kernel32 | |WaitForSingleObject | | |00000040|03 |0B27FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4732; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 127C / 4732 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E5F901|ntdll.dll |0001F901|ntdll | |NtWaitForSingleObject | | |00000040|03 |0B37FF38|75BE118F|kernel32.dll |0001118F|kernel32 | |WaitForSingleObjectEx | | |00000040|03 |0B37FF50|75BE1143|kernel32.dll |00011143|kernel32 | |WaitForSingleObject | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=5832; Parent=0; Priority=2 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 16C8 / 5832 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E6018D|ntdll.dll |0002018D|ntdll | |ZwWaitForMultipleObjects | | |00000040|03 |0B47FEC8|75BE19F7|kernel32.dll |000119F7|kernel32 | |WaitForMultipleObjectsEx | | |00000040|03 |0B47FF10|75BE2687|kernel32.dll |00012687|kernel32 | |WaitForMultipleObjects | | |00000040|03 |0B47FF2C|692EDC9E|bass.dll |0001DC9E|bass | | (possible BASS_GetCPU+2473) | | |00000040|03 |0B47FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=2592; Parent=0; Priority=15 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 0A20 / 2592 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E5F901|ntdll.dll |0001F901|ntdll | |NtWaitForSingleObject | | |00000040|03 |0B57FF60|75BE118F|kernel32.dll |0001118F|kernel32 | |WaitForSingleObjectEx | | |00000040|03 |0B57FF98|77E79800|ntdll.dll |00039800|ntdll | | (possible RtlInitializeExceptionChain+97)| | |00000040|03 |0B57FFD8|77E797D0|ntdll.dll |000397D0|ntdll | | (possible RtlInitializeExceptionChain+49)| | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4452; Parent=0; Priority=-2 | |Class=; Name= | |DeadLock=0; Wait Chain=thread: [ 1164 / 4452 ] is blocked | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E5FDC1|ntdll.dll |0001FDC1|ntdll | |NtDelayExecution | | |00000040|03 |09A1FEF8|76524662|KERNELBASE.dll|00014662|KERNELBASE | |Sleep | | |00000040|03 |09A1FF08|004F28DD|mcclient.exe |000F28DD|System.Classes |TThread |Sleep | | |00000040|03 |09A1FF4C|004F1A16|mcclient.exe |000F1A16|System.Classes | |ThreadProc | | |00000040|04 |09A1FF7C|0059ABF4|mcclient.exe |0019ABF4|EThreadsManager| |NakedBeginThreadWrapper |1331[5] | |00000040|03 |09A1FF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | |---------------------------------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=3800; Parent=0; Priority=0 | |Class=; Name= | |DeadLock=0; Wait Chain= | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|77E61F76|ntdll.dll |00021F76|ntdll | |NtWaitForWorkViaWorkerFactory | | |00000040|03 |0D1CFF8C|75BE343B|kernel32.dll |0001343B|kernel32 | |BaseThreadInitThunk | | ----------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe | |7.5.1.4 |19665152|2019-06-06 15:51:30|C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |09340000|AntiCAPS.dll | | |1024512 |2019-07-02 12:34:46|C:\Users\MSclad001\AppData\Local\MyChat Client\plugins\AntiCAPS\bin\ | |0AB20000|Beeper.dll | | |1023488 |2019-07-02 12:34:46|C:\Users\MSclad001\AppData\Local\MyChat Client\plugins\Beeper\bin\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 17:08:22|C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 17:08:22|C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |5CD20000|ntshrui.dll | 0AH8@5=8O >1>;>G:8, >15A?5G820NI85 4>ABC? : @5AC@A0< |6.1.7601.17755 |442880 |2012-01-04 11:58:41|C:\Windows\System32\ | |66C30000|api-ms-win-downlevel-advapi32-l2-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |3584 |2013-01-14 00:12:46|C:\Windows\System32\ | |69030000|WindowsCodecs.dll |Microsoft Windows Codecs Library |6.2.9200.22551 |1230848 |2018-08-30 04:47:47|C:\Windows\System32\ | |692D0000|bass.dll |BASS |2.4.14.0 |127669 |2019-01-16 15:34:32|C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |6A230000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-21 06:24:16|C:\Windows\System32\ | |6A270000|msacm32.dll |$8;LB@ 48A?5BG5@0 0C48>A60B8O Microsoft |6.1.7600.16385 |72192 |2009-07-14 04:15:42|C:\Windows\System32\ | |6A2F0000|comctl32.dll |81;8>B5:0 >1I8E M;5<5=B>2 C?@02;5=8O |5.82.7601.18837 |530432 |2015-04-24 20:56:58|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\| |6AC20000|dwmapi.dll |=B5@D59A API 48A?5BG5@0 >:>= @01>G53> AB>;0 (09:@>A>DB) |6.1.7601.18917 |67584 |2015-07-09 20:42:54|C:\Windows\System32\ | |6BEE0000|cscapi.dll |Offline Files Win32 API |6.1.7601.24197 |34304 |2018-06-29 18:09:59|C:\Windows\System32\ | |6BF10000|oleacc.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2011-08-27 07:26:27|C:\Windows\System32\ | |6BF50000|winsta.dll |Winstation Library |6.1.7601.18540 |157696 |2014-07-17 04:40:03|C:\Windows\System32\ | |6C210000|mpr.dll |81;8>B5:0 <0@H@CB870F88 4;O =5A:>;L:8E A;C61 4>ABC?0 |6.1.7600.16385 |64000 |2009-07-14 04:15:41|C:\Windows\System32\ | |6C9F0000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 04:16:20|C:\Windows\System32\ | |6CB00000|dhcpcsvc6.DLL |;85=B DHCPv6 |6.1.7601.17970 |44032 |2012-10-09 20:40:31|C:\Windows\System32\ | |6CB10000|dhcpcsvc.dll |!;C610 DHCP-:;85=B0 |6.1.7600.16385 |61952 |2009-07-14 04:15:11|C:\Windows\System32\ | |6DA60000|propsys.dll |!8AB5<0 AB@0=8F A2>9AB2 (Microsoft) |7.0.7601.17514 |988160 |2010-11-21 06:24:08|C:\Windows\System32\ | |6DCF0000|uxtheme.dll |81;8>B5:0 B5< UxTheme (Microsoft) |6.1.7600.16385 |245760 |2009-07-14 04:11:24|C:\Windows\System32\ | |6DD70000|comctl32.dll |81;8>B5:0 M;5<5=B>2 C?@02;5=8O 2708<>459AB28O A ?>;L7>20B5;5<|6.10.7601.24460 |1681408 |2019-05-09 18:17:10|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24460_none_2b1e532a457961ba\ | |6E0A0000|FWPUCLNT.DLL |API ?>;L7>20B5;LA:>3> @568<0 FWP/IPsec |6.1.7601.24000 |216576 |2018-01-01 05:00:02|C:\Windows\System32\ | |6E0E0000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 04:16:12|C:\Windows\System32\ | |6E0F0000|dnsapi.dll |8=0<8G5A:0O 181;8>B5:0 API DNS-:;85=B0 |6.1.7601.24168 |269824 |2018-06-08 18:54:41|C:\Windows\System32\ | |6E880000|hunspelldll.dll | | |223232 |2006-05-27 16:34:22|C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |6EAD0000|pnrpnsp.dll |>AB02I8: ?@>AB@0=AB20 8<5= PNRP |6.1.7600.16385 |65024 |2009-07-14 04:16:12|C:\Windows\System32\ | |6EB00000|winrnr.dll |LDAP RnR Provider DLL |6.1.7600.16385 |20992 |2009-07-14 04:16:19|C:\Windows\System32\ | |6EB40000|msimg32.dll |GDIEXT Client DLL |6.1.7601.24467 |4608 |2019-05-23 04:58:32|C:\Windows\System32\ | |6EBC0000|NapiNSP.dll |>AB02I8: >1>;>G:8 A>2<5AB8<>AB8 4;O 8<5= M;5:B@>==>9 ?>GBK |6.1.7600.16385 |52224 |2009-07-14 04:16:02|C:\Windows\System32\ | |6EBD0000|nlaapi.dll |Network Location Awareness 2 |6.1.7601.24000 |52224 |2018-01-01 05:00:07|C:\Windows\System32\ | |6EBE0000|wship6.dll |81;8>B5:0 DLL ?><>I=8:0 Winsock2 (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 04:16:20|C:\Windows\System32\ | |6EBF0000|WSHTCPIP.DLL |81;8>B5:0 DLL ?><>I=8:0 A;C61K Winsock2 (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 04:16:20|C:\Windows\System32\ | |6EC00000|mswsock.dll | 0AH8@5=85 ?>AB02I8:0 A;C61K API Microsoft Windows Sockets 2.0|6.1.7601.23451 |231424 |2016-05-11 18:19:16|C:\Windows\System32\ | |6EC40000|apphelp.dll |;85=BA:0O 181;8>B5:0 A>2<5AB8<>AB8 ?@8;>65=89 |6.1.7601.19050 |295936 |2015-10-29 20:49:58|C:\Windows\System32\ | |6ECA0000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.1.7600.16385 |242936 |2009-07-14 04:17:54|C:\Windows\System32\ | |6ECE0000|cryptsp.dll |Cryptographic Service Provider API |6.1.7601.24460 |80896 |2019-05-09 18:17:23|C:\Windows\System32\ | |6ED00000|GdiPlus.dll |Microsoft GDI+ |6.1.7601.24467 |1636352 |2019-05-23 04:58:18|C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24467_none_5c08a697a00c8eef\ | |6EEA0000|winspool.drv |@0925@ 48A?5BG5@0 >G5@548 Windows |6.1.7601.24383 |321536 |2019-02-16 08:50:54|C:\Windows\System32\ | |6F640000|samcli.dll |Security Accounts Manager Client DLL |6.1.7601.17514 |51200 |2010-11-21 06:23:54|C:\Windows\System32\ | |6F650000|wkscli.dll |Workstation Service Client DLL |6.1.7601.17514 |47104 |2010-11-21 06:23:51|C:\Windows\System32\ | |6F660000|srvcli.dll |Server Service Client DLL |6.1.7601.17514 |90112 |2010-11-21 06:24:16|C:\Windows\System32\ | |70E50000|netutils.dll |Net Win32 API Helpers DLL |6.1.7601.17514 |22528 |2010-11-21 06:24:16|C:\Windows\System32\ | |70E60000|netapi32.dll |Net Win32 API DLL |6.1.7601.17887 |57344 |2012-07-05 00:16:56|C:\Windows\System32\ | |70E80000|winnsi.dll |Network Store Information RPC interface |6.1.7601.23889 |16384 |2017-08-11 09:19:44|C:\Windows\System32\ | |70E90000|IPHLPAPI.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-21 06:24:32|C:\Windows\System32\ | |70EB0000|secur32.dll |Security Support Provider Interface |6.1.7601.24475 |22016 |2019-05-16 18:18:56|C:\Windows\System32\ | |72C90000|ntmarta.dll |>AB02I8: Windows NT MARTA |6.1.7600.16385 |121856 |2009-07-14 04:16:11|C:\Windows\System32\ | |72E90000|powrprof.dll |DLL <>4C;O ?>445@6:8 ?@>D8;O C?@02;5=8O ?8B0=85< |6.1.7600.16385 |145408 |2009-07-14 04:16:12|C:\Windows\System32\ | |735C0000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 04:16:17|C:\Windows\System32\ | |735D0000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.1.7601.17514 |40448 |2010-11-21 06:23:54|C:\Windows\System32\ | |744C0000|EhStorShell.dll |81;8>B5:0 DLL @0AH8@5=8O >1>;>G:8 Windows Enhanced Storage |6.1.7600.16385 |189952 |2009-07-14 04:15:14|C:\Windows\System32\ | |749E0000|avrt.dll |Multimedia Realtime Runtime |6.1.7600.16385 |14336 |2009-07-14 04:14:58|C:\Windows\System32\ | |749F0000|AudioSes.dll |!50=A >1@01>B:8 72C:0 |6.1.7601.24475 |195072 |2019-05-16 18:17:52|C:\Windows\System32\ | |74A30000|MMDevAPI.dll |MMDevice API |6.1.7601.17514 |213504 |2010-11-21 06:23:51|C:\Windows\System32\ | |74B30000|olepro32.dll | |6.1.7601.23452 |90624 |2016-05-12 18:18:31|C:\Windows\System32\ | |74B80000|idndl.dll |Downlevel DLL |6.1.7600.16385 |33792 |2009-07-14 04:15:27|C:\Windows\System32\ | |74BA0000|shdocvw.dll |81;8>B5:0 >1J5:B>2 4>:C<5=B>2 8 M;5<5=B>2 C?@02;5=8O >1>;>G:8|6.1.7601.23896 |180224 |2017-08-19 18:10:53|C:\Windows\System32\ | |74C20000|slc.dll |Software Licensing Client DLL |6.1.7600.16385 |27136 |2009-07-14 04:16:15|C:\Windows\System32\ | |74C60000|linkinfo.dll |Windows Volume Tracking |6.1.7600.16385 |22016 |2009-07-14 04:15:36|C:\Windows\System32\ | |74C70000|browcli.dll |Browser Service Client DLL |6.1.7601.17887 |41984 |2012-07-05 00:14:34|C:\Windows\System32\ | |75550000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7601.24475 |36352 |2019-05-16 17:45:38|C:\Windows\SysWOW64\ | |75560000|sspicli.dll |Security Support Provider Interface |6.1.7601.24475 |96768 |2019-05-16 18:19:09|C:\Windows\SysWOW64\ | |755C0000|ws2_32.dll |32-@07@O4=0O 181;8>B5:0 Windows Socket 2.0 |6.1.7601.23451 |206336 |2016-05-11 18:19:26|C:\Windows\SysWOW64\ | |75600000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |75610000|imagehlp.dll |Windows NT Image Helper |6.1.7601.18288 |159232 |2013-10-19 04:36:59|C:\Windows\SysWOW64\ | |75640000|setupapi.dll |Windows Setup API |6.1.7601.17514 |1667584 |2010-11-21 06:23:51|C:\Windows\SysWOW64\ | |757E0000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 10:52:58|C:\Windows\SysWOW64\ | |75890000|cfgmgr32.dll |Configuration Manager DLL |6.1.7601.17621 |145920 |2011-05-24 13:39:38|C:\Windows\SysWOW64\ | |758C0000|msctf.dll |!5@25@=0O 181;8>B5:0 MSCTF |6.1.7601.23915 |830464 |2017-09-13 18:09:01|C:\Windows\SysWOW64\ | |75990000|iertutil.dll |Run time utility for Internet Explorer |11.0.9600.19377 |2297344 |2019-05-25 03:42:39|C:\Windows\SysWOW64\ | |75BD0000|kernel32.dll |81;8>B5:0 :;85=B0 Windows NT BASE API |6.1.7601.24475 |1114112 |2019-05-16 18:19:09|C:\Windows\SysWOW64\ | |75D70000|api-ms-win-downlevel-normaliz-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |2560 |2013-01-14 00:17:02|C:\Windows\SysWOW64\ | |75D80000|normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 04:09:00|C:\Windows\SysWOW64\ | |75DF0000|api-ms-win-downlevel-version-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |3072 |2013-01-14 00:11:07|C:\Windows\SysWOW64\ | |75E00000|api-ms-win-downlevel-advapi32-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |10752 |2013-01-14 00:16:42|C:\Windows\SysWOW64\ | |75E10000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7601.18869 |92160 |2015-05-25 21:01:39|C:\Windows\SysWOW64\ | |75E30000|api-ms-win-downlevel-user32-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |4096 |2013-01-14 00:11:21|C:\Windows\SysWOW64\ | |75E40000|ole32.dll |Microsoft OLE 4;O Windows |6.1.7601.24440 |1425920 |2019-04-16 18:17:31|C:\Windows\SysWOW64\ | |75FA0000|usp10.dll |Uniscribe Unicode script processor |1.626.7601.24467 |628224 |2019-05-23 04:58:39|C:\Windows\SysWOW64\ | |76040000|urlmon.dll | 0AH8@5=8O OLE32 4;O Win32 |11.0.9600.19377 |1323008 |2019-05-25 02:59:06|C:\Windows\SysWOW64\ | |762C0000|comdlg32.dll |81;8>B5:0 >1I8E 480;>3>2KE >:>= |6.1.7601.17514 |485888 |2010-11-21 06:23:48|C:\Windows\SysWOW64\ | |76340000|nsi.dll |NSI User-mode interface DLL |6.1.7601.23889 |8704 |2017-08-11 09:19:39|C:\Windows\SysWOW64\ | |76350000|api-ms-win-downlevel-shlwapi-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |9728 |2013-01-14 00:17:03|C:\Windows\SysWOW64\ | |76390000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |119808 |2010-11-21 06:24:25|C:\Windows\System32\ | |763F0000|user32.dll |=>3>?>;L7>20B5;LA:0O 181;8>B5:0 :;85=B0 USER API Windows |6.1.7601.23594 |833024 |2016-11-10 19:19:40|C:\Windows\SysWOW64\ | |764F0000|userenv.dll |Userenv |6.1.7601.24453 |83968 |2019-04-25 18:18:26|C:\Windows\SysWOW64\ | |76510000|KERNELBASE.dll |81;8>B5:0 :;85=B0 Windows NT BASE API |6.1.7601.24475 |275968 |2019-05-16 18:19:09|C:\Windows\SysWOW64\ | |76560000|clbcatq.dll |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 04:15:03|C:\Windows\SysWOW64\ | |765F0000|oleaut32.dll | |6.1.7601.24440 |583680 |2019-04-16 18:17:31|C:\Windows\SysWOW64\ | |76690000|wininet.dll | 0AH8@5=8O =B5@=5B0 4;O Win32 |11.0.9600.19377 |4386304 |2019-05-25 03:02:21|C:\Windows\SysWOW64\ | |76AD0000|api-ms-win-downlevel-ole32-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |5632 |2013-01-14 00:11:08|C:\Windows\SysWOW64\ | |76AE0000|advapi32.dll | 0AH8@5==0O 181;8>B5:0 API Windows 32 |6.1.7601.24475 |644096 |2019-05-16 18:17:51|C:\Windows\SysWOW64\ | |76B90000|psapi.dll |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |76BA0000|shlwapi.dll |81;8>B5:0 =51>;LH8E ?@>3@0<< >1>;>G:8 |6.1.7601.17514 |350208 |2010-11-21 06:23:48|C:\Windows\SysWOW64\ | |76C00000|Wldap32.dll |Win32 LDAP API DLL |6.1.7601.23889 |271360 |2017-08-11 09:19:44|C:\Windows\SysWOW64\ | |76C50000|lpk.dll |Language Pack |6.1.7601.24439 |25600 |2019-04-14 08:40:22|C:\Windows\SysWOW64\ | |76C60000|gdi32.dll |GDI Client DLL |6.1.7601.24467 |313344 |2019-05-23 04:58:40|C:\Windows\SysWOW64\ | |76CF0000|rpcrt4.dll |81;8>B5:0 C40;5==>3> 2K7>20 ?@>F54C@ |6.1.7601.24475 |666112 |2019-05-16 18:19:09|C:\Windows\SysWOW64\ | |76DF0000|devobj.dll |Device Information Set DLL |6.1.7601.17621 |64512 |2011-05-24 13:40:05|C:\Windows\SysWOW64\ | |76E10000|shell32.dll |1I0O 181;8>B5:0 >1>;>G:8 Windows |6.1.7601.24468 |12880384|2019-05-25 02:59:03|C:\Windows\SysWOW64\ | |77E40000|ntdll.dll |!8AB5<=0O 181;8>B5:0 NT |6.1.7601.24475 |1314112 |2019-05-16 18:21:03|C:\Windows\SysWOW64\ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |ID |Name |Description |Version |Memory |Priority |Threads|Path | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |0 |[System Process] | | |0 | |4 | | |4 |System | | |0 |Normal |204 | | |464 |smss.exe | | |0 |Above-Normal|2 | | |472 |services.exe | | |0 |Normal |9 | | |528 |csrss.exe | | |0 |High |11 | | |784 |svchost.exe | | |0 |Normal |11 | | |840 |csrss.exe | | |0 |High |9 | | |876 |winlogon.exe | | |0 |High |3 | | |888 |lsass.exe | | |0 |Normal |11 | | |908 |lsm.exe | | |0 |Normal |10 | | |1000|wininit.exe | | |0 |High |3 | | |1008|svchost.exe | | |0 |Normal |10 | | |1068|svchost.exe | | |0 |Normal |20 | | |1108|svchost.exe | | |0 |Normal |21 | | |1136|svchost.exe | | |0 |Normal |13 | | |1164|svchost.exe | | |0 |Normal |36 | | |1244|audiodg.exe | | |22290432 |Normal |10 |C:\Windows\System32\ | |1292|svchost.exe | | |0 |Normal |5 | | |1408|AnyDesk.exe | |5.2.1.0 |28368896 |High |4 |C:\Users\MSclad001\Documents\MyChat\75 - /:>2;52 .\ | |1424|DisplayLinkManager.exe | | |0 |Normal |21 | | |1488|HPLaserJetService.exe | | |0 |Normal |18 | | |1508|svchost.exe | | |0 |Normal |5 | | |1600|DisplayLinkUserAgent.exe| | |0 |High |7 | | |1632|svchost.exe | | |0 |Normal |16 | | |1648|HPBDSService.exe | | |0 |Normal |6 | | |1700|svchost.exe | | |0 |Normal |10 | | |1772|spoolsv.exe | | |0 |Normal |15 | | |1824|svchost.exe | | |0 |Normal |19 | | |1920|mcclient.exe | |7.5.1.4 |110329856|Normal |15 |C:\Users\MSclad001\AppData\Local\NSS\MyChat Client\ | |1960|armsvc.exe | | |0 |Normal |4 | | |2032|avp.exe | | |0 |Normal |148 | | |2064|HeciServer.exe | | |0 |Normal |4 | | |2096|svchost.exe | | |0 |Normal |4 | | |2140|SCCM_Agent.exe | | |0 |Normal |3 | | |2184|Server.exe | | |0 |Normal |2 | | |2208|pdf24.exe | | |0 |Normal |6 | | |2468|WUDFHost.exe | | |0 |Normal |8 | | |2544|mstsc.exe |>4:;NG5=85 : C40;5==><C @01>G5<C AB>;C |6.2.9200.17053|202555392|Normal |26 |C:\Windows\System32\ | |2644|svchost.exe | | |0 |Normal |4 | | |2664|svchost.exe | | |0 |Normal |9 | | |3080|WmiPrvSE.exe | | |0 |Normal |7 | | |3256|TrustedInstaller.exe | | |0 |Normal |4 | | |3292|hpwuschd2.exe |hpwuSchd Application |80.1.1.0 |4157440 |Normal |1 |C:\Program Files (x86)\HP\HP Software Update\ | |3608|HPStatusAlerts.exe |HPStatusAlerts |50.34.153.0 |19636224 |Normal |15 |C:\Program Files (x86)\HP\StatusAlerts\bin\ | |3628|taskhost.exe | | |36761600 |Normal |11 |C:\Windows\System32\ | |3636|avp.exe |Kaspersky Endpoint Security for Windows |11.0.1.90 |6275072 |Normal |14 |C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\ | |3736|dwm.exe | | |42332160 |High |5 |C:\Windows\System32\ | |3760|explorer.exe |@>2>4=8: |6.1.7601.23537|108425216|Normal |38 |C:\Windows\ | |3824|iusb3mon.exe |iusb3mon |2.5.0.19 |6193152 |Normal |4 |C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\| |3948|hkcmd.exe | | |7467008 |Normal |3 |C:\Windows\System32\ | |3956|igfxpers.exe | | |7708672 |Normal |4 |C:\Windows\System32\ | |3988|igfxsrvc.exe | | |8572928 |Normal |4 |C:\Windows\System32\ | |4048|hppfaxprintersrv.exe |hppfaxprintersrv |5.0.7.20 |7888896 |Normal |4 |C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\ | |4176|SearchIndexer.exe | | |0 |Normal |14 | | |4200|CCFManager.exe |Intel® Common Connectivity Framework Manager|3.0.0.0 |42823680 |Normal |17 |C:\Program Files\Intel\ConnectCenter\bin\ | |4248|AnyDesk.exe | |5.2.1.0 |23494656 |Normal |8 |C:\Users\MSclad001\Documents\MyChat\75 - /:>2;52 .\ | |4460|PWMDBSVC.exe | | |0 |Normal |5 | | |4564|wmpnetwk.exe | | |0 |Normal |9 | | |4672|vapm.exe | | |0 |Normal |21 | | |4676|Jhi_service.exe | | |0 |Normal |4 | | |4688|rundll32.exe |%>AB-?@>F5AA Windows (Rundll32) |6.1.7601.23755|4595712 |Normal |1 |C:\Windows\SysWOW64\ | |4720|SCHTASK.exe |Power Manager Power Agenda |1.0.0.1 |6811648 |Normal |3 |C:\Program Files (x86)\Lenovo\PowerMgr\ | |4752|rundll32.exe |%>AB-?@>F5AA Windows (Rundll32) |6.1.7601.23755|11685888 |Normal |6 |C:\Windows\System32\ | |4760|taskeng.exe |1@01>BG8: ?;0=8@>2I8:0 7040=89 |6.1.7601.17514|7221248 |Normal |6 |C:\Windows\System32\ | |4796|RAVCpl64.exe |8A?5BG5@ Realtek HD |1.0.0.912 |1052672 |Below-Normal|11 |C:\Program Files\Realtek\Audio\HDA\ | |4876|RAVBg64.exe |HD Audio Background Process |1.0.0.171 |1032192 |Below-Normal|7 |C:\Program Files\Realtek\Audio\HDA\ | |4900|svchost.exe | | |0 |Normal |13 | | |5108|unsecapp.exe | | |0 |Normal |4 | | |5164|klnagent.exe | | |0 |Normal |37 | | |5396|STCServ.exe | | |0 |Normal |43 | | |5676|avpsus.exe | | |0 |Normal |18 | | |5780|IAStorDataMgrSvc.exe | | |0 |Normal |8 | | |5856|AnyDesk.exe | |5.2.1.0 |31367168 |Normal |14 |C:\Users\MSclad001\Documents\MyChat\75 - /:>2;52 .\ | |5908|SUService.exe | | |0 |Normal |9 | | |5932|OSPPSVC.EXE | | |0 |Normal |3 | | |6536|WmiPrvSE.exe | | |0 |Normal |9 | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Assembler Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------- ; Base Address: $E3C000, Allocation Base: $400000, Region Size: 3276800 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; frame_private.TPrivateFrame.ThreadDone_DownloadOfflineFiles (Line=1851 - Offset=0) ; ---------------------------------------------------------------------------------- 00E3C278 55 PUSH EBP 00E3C279 8BEC MOV EBP, ESP 00E3C27B 83C4F4 ADD ESP, -$0C 00E3C27E 53 PUSH EBX 00E3C27F 56 PUSH ESI 00E3C280 33D2 XOR EDX, EDX 00E3C282 8955FC MOV [EBP-4], EDX 00E3C285 8BD8 MOV EBX, EAX 00E3C287 33C0 XOR EAX, EAX 00E3C289 55 PUSH EBP 00E3C28A 689BC3E300 PUSH $E3C39B ; ($00E3C39B->0040A838) System._HandleFinally Data as ANSI: '9˜4\O;@^[9 5]U9 <9 <.'; Data as UNICODE: 'é˜ä\ÿëð^[‹å]ÃU‹ì‹€<' 00E3C28F 64FF30 PUSH DWORD PTR FS:[EAX] 00E3C292 648920 MOV FS:[EAX], ESP ; ; Line=1852 - Offset=29 ; --------------------- 00E3C295 8BC3 MOV EAX, EBX 00E3C297 E8D0060000 CALL +$06D0 ; ($00E3C96C) frame_private.TPrivateFrame.HideFilesRecievePanel ; ; Line=1854 - Offset=36 ; --------------------- 00E3C29C 8B837C040000 MOV EAX, [EBX+$0000047C] ; ; Line=1854 - Offset=42 ; --------------------- 00E3C2A2 8B7058 MOV ESI, [EAX+$58] ; <-- EXCEPTION 00E3C2A5 85F6 TEST ESI, ESI 00E3C2A7 7439 JZ +$39 ; ($00E3C2E2) frame_private.TPrivateFrame.ThreadDone_DownloadOfflineFiles (Line=1866) ; ; Line=1855 - Offset=49 ; --------------------- 00E3C2A9 8D45FC LEA EAX, [EBP-4] 00E3C2AC 50 PUSH EAX 00E3C2AD 8975F4 MOV [EBP-$0C], ESI 00E3C2B0 C645F800 MOV BYTE PTR [EBP-8], 0 00E3C2B4 8D55F4 LEA EDX, [EBP-$0C] 00E3C2B7 A1901D1F01 MOV EAX, [$011F1D90] ; Data as ANSI: ',>.., ..!. >.., . _±..[!.lU±....'; Data as UNICODE: ',î,–²Ä! „îÜ–²Œ_±ž! l¾±...' 00E3C2BC 8B8060040000 MOV EAX, [EAX+$00000460] 00E3C2C2 33C9 XOR ECX, ECX 00E3C2C4 E87B3861FF CALL -$9EC785 ; ($0044FB44) System.Format ; ; Line=1856 - Offset=81 ; --------------------- 00E3C2C9 6A01 PUSH 1 00E3C2CB 6A01 PUSH 1 00E3C2CD 6A16 PUSH $16 00E3C2CF 6A04 PUSH 4 00E3C2D1 B90B000000 MOV ECX, $0000000B Registers: ----------------------------- EAX: 00000000 EDI: 00000000 EBX: 06FC8230 ESI: 0018FC98 ECX: 76410CB7 EBP: 0018FAAC EDX: 00000000 ESP: 001