EurekaLog 7.4.8.0 RC 1 Application: ------------------------------------------------------------ 1.1 Start Date : Tue, 5 Nov 2019 09:01:08 +0700 1.2 Name/Description: mcclient.exe 1.3 Version Number : 7.7.0.0 1.4 Parameters : 1.5 Compilation Date: Fri, 6 Sep 2019 20:10:55 +0700 1.6 Up Time : 1 hour(s), 52 minute(s), 9 second(s) Exception: ---------------------------------------------------------------------------------------------------------------------------------- 2.1 Date : Tue, 5 Nov 2019 10:53:17 +0700 2.2 Address : 004094DB 2.3 Module Name : mcclient.exe 2.4 Module Version: 7.7.0.0 2.5 Type : EInvalidPointer 2.6 Message : Application made attempt to free invalid or unknown memory block: $07151210 DATA [TSizeConstraints] 0 bytes. 2.7 ID : 31400000 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 0 User: ------------------------------------------------------- 3.1 ID : Manager 3.2 Name : qwerty1232212@outlook.com 3.3 Email : 3.4 Company : 3.5 Privileges: SeLockMemoryPrivilege - OFF SeShutdownPrivilege - OFF SeChangeNotifyPrivilege - ON SeUndockPrivilege - OFF SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF Active Controls: ----------------------------------------------------------------------------------------------------- 4.1 Form Class : TMainForm 4.2 Form Text : MyChat Client 7.7.0 - ОСП15 Кедровка #Юлия/Елена [ООО МКК "ТГК-АЛЬЯНС"] (В сети) 4.3 Control Class: TRichViewEdit 4.4 Control Text : Computer: ------------------------------------------------------------------------------------- 5.1 Name : MANAGERPC15 5.2 Total Memory : 4127490048 (3,84 Gb) 5.3 Free Memory : 1350139904 (1,26 Gb) 5.4 Total Disk : 41891655680 (39,01 Gb) 5.5 Free Disk : 39805833216 (37,07 Gb) 5.6 System Up Time : 19 day(s), 15 hour(s), 50 minute(s), 20 second(s) 5.7 Processor : Intel(R) Celeron(R) CPU N3350 @ 1.10GHz 5.8 Display Mode : 1366 x 768, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) HD Graphics (driver 25.20.100.6373 - RAM 1073741824) 5.11 Printer : RICOH SP 325SNw PCL 6 (driver 6.0.6001.18000) 5.12 Virtual Machine: Operating System: ----------------------------------------------------- 6.1 Type : Microsoft Windows 10 (64 bit) 6.2 Build # : 18362 (10.0.18362.329) 6.3 Update : 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) Network: --------------------------------------------------------------------- 7.1 IP Address: 192.168.001.099 - 000.000.000.000 - 000.000.000.000 7.2 Submask : 255.255.255.000 - 000.000.000.000 - 000.000.000.000 7.3 Gateway : 192.168.001.095 - 000.000.000.000 - 000.000.000.000 7.4 DNS 1 : 192.168.001.095 - 000.000.000.000 - 000.000.000.000 7.5 DNS 2 : 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.6 DHCP : ON - ON - ON Steps to reproduce: ------------ 8.1 Text: Custom Information: ---------------------------------------------------------------------- 9.1 ServerHWID: 323790096_4298_6-7-10-654356374 9.2 License : COMMERCIAL 9.3 ClientHWID: 201E5E422DAC43840E2A0B41203A41B21631D203941D0A432014 Call Stack Information: ------------------------------------------------------------------------------------------------------------------------------------------------------ |Methods |Details|Stack |Address |Module |Offset |Unit |Class |Procedure/Method |Line | ------------------------------------------------------------------------------------------------------------------------------------------------------ |*Exception Thread: ID=3820; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |----------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|004094E0|mcclient.exe|000094E0|System |TObject |FreeInstance | | |00000020|03 |0019F038|00409C26|mcclient.exe|00009C26|System | |_ClassDestroy | | |00000020|03 |0019F03C|004DE0BB|mcclient.exe|000DE0BB|System.Classes |TPersistent |Destroy | | |00000020|03 |0019F048|004095E0|mcclient.exe|000095E0|System |TObject |Free | | |00000020|03 |0019F04C|0062445F|mcclient.exe|0022445F|Vcl.Controls |TControl |Destroy | | |00000020|03 |0019F06C|00628D2D|mcclient.exe|00228D2D|Vcl.Controls |TWinControl |Destroy | | |00000020|03 |0019F080|00709863|mcclient.exe|00309863|Vcl.Forms |TScrollingWinControl|Destroy | | |00000020|03 |0019F08C|0070A941|mcclient.exe|0030A941|Vcl.Forms |TCustomForm |Destroy | | |00000020|03 |0019F0A8|004095E0|mcclient.exe|000095E0|System |TObject |Free | | |00000020|04 |0019F254|005FA11E|mcclient.exe|001FA11E|EDialog |TBaseDialog |CopyReportToClipboard |1595[21] | |00000020|03 |0019F25C|0062B02C|mcclient.exe|0022B02C|Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0019F28C|004F53E0|mcclient.exe|000F53E0|System.Classes | |StdWndProc | | |00000020|03 |0019F2A4|756048E9|user32.dll |000448E9|user32 | | (possible AddClipboardFormatListener+73)| | |00000020|03 |0019F2D0|755E6137|user32.dll |00026137|user32 | | (possible CallWindowProcW+2855) | | |00000020|03 |0019F3B4|755E5CD5|user32.dll |00025CD5|user32 | | (possible CallWindowProcW+1733) | | |00000020|03 |0019F3E4|755EEED5|user32.dll |0002EED5|user32 | | (possible RemovePropW+229) | | |00000020|03 |0019F3EC|77451DAA|ntdll.dll |00071DAA|ntdll | |NtCallbackReturn | | |00000020|03 |0019F418|755EE6BD|user32.dll |0002E6BD|user32 | | (possible IsRectEmpty+509) | | |00000020|03 |0019F454|774541CB|ntdll.dll |000741CB|ntdll | | (possible KiUserCallbackDispatcher+75) | | |00000020|03 |0019F4D4|00626F55|mcclient.exe|00226F55|Vcl.Controls |TControl |WndProc | | |00000020|03 |0019F544|0062B9E9|mcclient.exe|0022B9E9|Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0019F600|0062B9E9|mcclient.exe|0022B9E9|Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0019F64C|0070BC31|mcclient.exe|0030BC31|Vcl.Forms |TCustomForm |WndProc | | |00000020|04 |0019F678|0112306B|mcclient.exe|00D2306B|fm_main |TMainForm |WndProc |8291[105] | |00000020|04 |0019F6A4|00845083|mcclient.exe|00445083|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19291[1285] | |00000020|03 |0019F818|755E615B|user32.dll |0002615B|user32 | | (possible CallWindowProcW+2891) | | |00000020|03 |0019F84C|00626B90|mcclient.exe|00226B90|Vcl.Controls |TControl |Perform | | |00000020|03 |0019F868|0062ADD5|mcclient.exe|0022ADD5|Vcl.Controls |TWinControl |UpdateShowing | | |00000020|03 |0019F8A0|0062AEE4|mcclient.exe|0022AEE4|Vcl.Controls |TWinControl |UpdateControlState | | |00000020|03 |0019F8B4|0062DB1A|mcclient.exe|0022DB1A|Vcl.Controls |TWinControl |CMVisibleChanged | | |00000020|03 |0019F8E8|755E58E8|user32.dll |000258E8|user32 | | (possible CallWindowProcW+728) | | |00000020|04 |0019F930|00427C31|mcclient.exe|00027C31|EMemLeaks | |SetOurPointer |2920[8] | |00000020|03 |0019F9E8|0062B9E9|mcclient.exe|0022B9E9|Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0019FA34|0070BC31|mcclient.exe|0030BC31|Vcl.Forms |TCustomForm |WndProc | | |00000020|04 |0019FA60|0112306B|mcclient.exe|00D2306B|fm_main |TMainForm |WndProc |8291[105] | |00000020|04 |0019FA8C|00845083|mcclient.exe|00445083|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19291[1285] | |00000020|04 |0019FB54|00427ED4|a |00027ED4|recursive |area |removed |2[0] | |00000020|04 |0019FB64|00427E55|mcclient.exe|00027E55|EMemLeaks | |CheckOurPointer |3032[12] | |00000020|04 |0019FBE8|0094C3AC|mcclient.exe|0054C3AC|superobject |TSuperObject |_Release |4260[1] | |00000020|03 |0019FBFC|0040F55C|mcclient.exe|0000F55C|System | |_IntfClear | | |00000020|04 |0019FC08|0094724F|mcclient.exe|0054724F|superobject |TSuperObject |ParseString |2221[7] | |00000020|04 |0019FC28|0094A032|mcclient.exe|0054A032|superobject |TSuperObject |GetO |3552[1] | |00000020|03 |0019FC34|00626B90|mcclient.exe|00226B90|Vcl.Controls |TControl |Perform | | |00000020|03 |0019FC50|00625582|mcclient.exe|00225582|Vcl.Controls |TControl |SetVisible | | |00000020|03 |0019FC64|0070B4AE|mcclient.exe|0030B4AE|Vcl.Forms |TCustomForm |SetVisible | | |00000020|04 |0019FC70|0080E861|mcclient.exe|0040E861|spTrayIcon |TspTrayIcon |HideMainForm |798[6] | |00000020|04 |0019FC78|011272E6|mcclient.exe|00D272E6|fm_main |TMainForm |sHideMainFormToTray |10111[1] | |00000020|04 |0019FC8C|0111E8AE|mcclient.exe|00D1E8AE|fm_main |TMainForm |HideTimerTimer |6617[38] | |00000020|03 |0019FC98|006B3C07|mcclient.exe|002B3C07|Vcl.ExtCtrls |TTimer |Create | | |00000020|03 |0019FCC4|004F53E0|mcclient.exe|000F53E0|System.Classes | |StdWndProc | | |00000020|03 |0019FCDC|756048E9|user32.dll |000448E9|user32 | | (possible AddClipboardFormatListener+73)| | |00000020|03 |0019FD08|755E6137|user32.dll |00026137|user32 | | (possible CallWindowProcW+2855) | | |00000020|03 |0019FDEC|755E5289|user32.dll |00025289|user32 | | (possible DispatchMessageW+553) | | |00000020|03 |0019FE60|755E506B|user32.dll |0002506B|user32 | |DispatchMessageW | | |00000020|03 |0019FE6C|00714E3B|mcclient.exe|00314E3B|Vcl.Forms |TApplication |ProcessMessage | | |00000020|03 |0019FE88|00714E7E|mcclient.exe|00314E7E|Vcl.Forms |TApplication |HandleMessage | | |00000020|03 |0019FEAC|007151B9|mcclient.exe|003151B9|Vcl.Forms |TApplication |Run | | |00000020|04 |0019FEDC|01151C98|mcclient.exe|00D51C98|mcclient | |Initialization |491[285] | |00000020|03 |0019FF74|753F6357|kernel32.dll|00016357|KERNEL32 | |BaseThreadInitThunk | | ------------------------------------------------------------------------------------------------------------------------------------------------------ Mosules Information: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe | |7.7.0.0 |19619584|2019-09-06 16:14:56|D:\USER\MyChat\ | |0AB80000|AntiCAPS.dll | | |1024512 |2019-04-26 14:37:16|C:\Users\Manager\AppData\Local\MyChat\plugins\AntiCAPS\bin\ | |0ADD0000|Beeper.dll | | |1023488 |2019-04-26 14:37:16|C:\Users\Manager\AppData\Local\MyChat\plugins\Beeper\bin\ | |0B020000|VNCServer.dll | | |1109504 |2019-04-26 14:37:16|C:\Users\Manager\AppData\Local\MyChat\plugins\VNCServer\bin\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 17:08:22|D:\USER\MyChat\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 17:08:22|D:\USER\MyChat\ | |6C3E0000|winnsi.dll |Network Store Information RPC interface |6.2.18362.1 |28552 |2019-03-19 11:44:36|C:\Windows\System32\ | |6E880000|hunspelldll.dll | | |223232 |2006-05-27 16:34:22|D:\USER\MyChat\ | |6EE80000|WindowsCodecs.dll |Microsoft Windows Codecs Library |6.2.18362.1 |1484896 |2019-03-19 11:45:13|C:\Windows\System32\ | |6F5B0000|ntmarta.dll |Поставщик Windows NT MARTA |6.2.18362.1 |152896 |2019-03-19 11:45:22|C:\Windows\System32\ | |6F5E0000|CoreMessaging.dll |Microsoft CoreMessaging Dll |6.2.18362.1 |553896 |2019-03-19 11:45:19|C:\Windows\System32\ | |6F670000|CoreUIComponents.dll |Microsoft Core UI Components Dll |6.2.18362.207 |2490712 |2019-09-29 21:18:21|C:\Windows\System32\ | |6F8D0000|TextInputFramework.dll|"TextInputFramework.DYNLINK" |6.2.18362.207 |531464 |2019-09-29 21:18:26|C:\Windows\System32\ | |6FD60000|avrt.dll |Среда выполнения мультимедиа в реальном времени |6.2.18362.1 |27536 |2019-03-19 11:45:07|C:\Windows\System32\ | |6FD70000|WinTypes.dll |Библиотека DLL основных типов Windows |6.2.18362.267 |892488 |2019-09-29 21:18:38|C:\Windows\System32\ | |6FE50000|AudioSes.dll |Сеанс обработки звука |6.2.18362.329 |1154952 |2019-09-29 21:18:14|C:\Windows\System32\ | |6FF70000|devobj.dll |Device Information Set DLL |6.2.18362.1 |137864 |2019-03-19 11:45:22|C:\Windows\System32\ | |6FFA0000|MMDevAPI.dll |MMDevice API |6.2.18362.329 |401832 |2019-09-29 21:18:15|C:\Windows\System32\ | |70370000|ntshrui.dll |Расширения оболочки, обеспечивающие общий доступ |6.2.18362.329 |380416 |2019-09-29 21:18:49|C:\Windows\System32\ | |703E0000|linkinfo.dll |Windows Volume Tracking |6.2.18362.1 |23552 |2019-03-19 11:45:32|C:\Windows\System32\ | |703F0000|dhcpcsvc.dll |Служба DHCP-клиента |6.2.18362.267 |70144 |2019-09-29 21:18:37|C:\Windows\System32\ | |70630000|dhcpcsvc6.DLL |Клиент DHCPv6 |6.2.18362.267 |58368 |2019-09-29 21:18:37|C:\Windows\System32\ | |70650000|rasadhlp.dll |Remote Access AutoDial Helper |6.2.18362.1 |12800 |2019-03-19 11:45:30|C:\Windows\System32\ | |70660000|wshbth.dll |Windows Sockets Helper DLL |6.2.18362.1 |50688 |2019-03-19 11:45:17|C:\Windows\System32\ | |70670000|nlaapi.dll |Network Location Awareness 2 |6.2.18362.1 |70144 |2019-03-19 11:45:29|C:\Windows\System32\ | |70690000|winrnr.dll |LDAP RnR Provider DLL |6.2.18362.1 |23552 |2019-03-19 11:45:22|C:\Windows\System32\ | |706E0000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.2.18362.267 |588256 |2019-09-29 21:18:37|C:\Windows\System32\ | |70780000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0|6.2.18362.1 |324920 |2019-03-19 11:45:20|C:\Windows\System32\ | |707E0000|pnrpnsp.dll |Поставщик пространства имен PNRP |6.2.18362.1 |70656 |2019-03-19 11:46:09|C:\Windows\System32\ | |70800000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.2.18362.1 |54784 |2019-03-19 11:45:12|C:\Windows\System32\ | |709B0000|idndl.dll |Downlevel DLL |6.2.18362.1 |7680 |2019-03-19 11:45:25|C:\Windows\System32\ | |709C0000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.2.18362.113 |311296 |2019-09-29 21:18:34|C:\Windows\System32\ | |73240000|rmclient.dll |Resource Manager Client |6.2.18362.267 |116728 |2019-09-29 21:18:34|C:\Windows\System32\ | |73260000|twinapi.appcore.dll |twinapi.appcore |6.2.18362.1 |1985928 |2019-03-19 11:45:16|C:\Windows\System32\ | |73450000|dxgi.dll |DirectX Graphics Infrastructure |6.2.18362.329 |775768 |2019-09-29 21:18:21|C:\Windows\System32\ | |73520000|dcomp.dll |Microsoft DirectComposition Library |6.2.18362.145 |1473488 |2019-09-29 21:18:36|C:\Windows\System32\ | |73690000|d3d11.dll |Direct3D 11 Runtime |6.2.18362.329 |1957000 |2019-09-29 21:18:21|C:\Windows\System32\ | |73CB0000|iertutil.dll |Служебная программа времени выполнения для Internet Explorer |11.0.18362.329 |2258640 |2019-09-29 21:18:40|C:\Windows\System32\ | |74090000|DXCore.dll |DXCore |6.2.18362.1 |85416 |2019-03-19 11:45:16|C:\Windows\System32\ | |74200000|dataexchange.dll |Data exchange |6.2.18362.1 |182784 |2019-03-19 11:45:13|C:\Windows\System32\ | |74290000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем|6.10.18362.356 |2146104 |2019-09-29 21:18:46|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.356_none_2e71e654278b50d2\ | |744A0000|cscapi.dll |Offline Files Win32 API |6.2.18362.1 |40960 |2019-03-19 11:45:32|C:\Windows\System32\ | |744B0000|olepro32.dll |OLEPRO32.DLL |6.2.18362.113 |88064 |2019-09-29 21:18:48|C:\Windows\System32\ | |744D0000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.2.18362.1 |185912 |2019-03-19 11:45:22|C:\Windows\System32\ | |74500000|srvcli.dll |Server Service Client DLL |6.2.18362.1 |74864 |2019-03-19 11:45:22|C:\Windows\System32\ | |74520000|wkscli.dll |Workstation Service Client DLL |6.2.18362.1 |58336 |2019-03-19 11:45:22|C:\Windows\System32\ | |74530000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.2.18362.267 |135000 |2019-09-29 21:18:36|C:\Windows\System32\ | |74560000|msimg32.dll |GDIEXT Client DLL |6.2.18362.175 |7168 |2019-09-29 21:18:39|C:\Windows\System32\ | |74570000|winsta.dll |Winstation Library |6.2.18362.53 |279624 |2019-09-29 21:18:17|C:\Windows\System32\ | |745C0000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.2.18362.1 |52872 |2019-03-19 11:45:10|C:\Windows\System32\ | |745D0000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.2.18362.329 |476672 |2019-09-29 21:18:17|C:\Windows\System32\ | |74650000|samcli.dll |Security Accounts Manager Client DLL |6.2.18362.1 |70144 |2019-03-19 11:45:22|C:\Windows\System32\ | |74670000|netutils.dll |Net Win32 API Helpers DLL |6.2.18362.1 |37160 |2019-03-19 11:45:22|C:\Windows\System32\ | |74680000|msacm32.dll |Фильтр диспетчера аудиосжатия Microsoft |6.2.18362.1 |93680 |2019-03-19 11:45:07|C:\Windows\System32\ | |746A0000|bass.dll |BASS |2.4.14.0 |127669 |2019-01-16 15:34:32|D:\USER\MyChat\ | |74700000|WINMMBASE.dll |Base Multimedia Extension API DLL |6.2.18362.1 |131176 |2019-03-19 11:45:07|C:\Windows\System32\ | |74730000|propsys.dll |Система страниц свойств (Майкрософт) |7.0.18362.267 |800048 |2019-09-29 21:18:33|C:\Windows\System32\ | |74800000|GdiPlus.dll |Microsoft GDI+ |6.2.18362.356 |1458176 |2019-09-29 21:18:32|C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.356_none_5f5cd939821dcaa0\ | |74970000|netapi32.dll |Net Win32 API DLL |6.2.18362.1 |68680 |2019-03-19 11:45:10|C:\Windows\System32\ | |74990000|wsock32.dll |Windows Socket 32-Bit DLL |6.2.18362.1 |16384 |2019-03-19 11:45:12|C:\Windows\System32\ | |749A0000|IPHLPAPI.DLL |API вспомогательного приложения IP |6.2.18362.1 |196776 |2019-03-19 11:45:20|C:\Windows\System32\ | |749E0000|oleacc.dll |Active Accessibility Core Component |7.2.18362.1 |320000 |2019-03-19 11:45:30|C:\Windows\System32\ | |74A40000|winmm.dll |MCI API DLL |6.2.18362.1 |134320 |2019-03-19 11:45:07|C:\Windows\System32\ | |74A70000|winspool.drv |Драйвер диспетчера очереди Windows |6.2.18362.267 |415232 |2019-09-29 21:18:15|C:\Windows\System32\ | |74AE0000|comctl32.dll |Библиотека общих элементов управления |5.82.18362.356 |568120 |2019-09-29 21:18:46|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.18362.356_none_71d539095ae5ad3b\| |74B70000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.2.18362.1 |89856 |2019-03-19 11:45:22|C:\Windows\System32\ | |74B90000|version.dll |Version Checking and File Installation Libraries |6.2.18362.1 |27328 |2019-03-19 11:45:32|C:\Windows\System32\ | |74BA0000|CRYPTBASE.dll |Base cryptographic API DLL |6.2.18362.1 |31752 |2019-03-19 11:45:07|C:\Windows\System32\ | |74BB0000|sspicli.dll |Security Support Provider Interface |6.2.18362.1 |121888 |2019-03-19 11:45:07|C:\Windows\System32\ | |74BD0000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.2.18362.1 |379112 |2019-03-19 11:45:07|C:\Windows\System32\ | |74C30000|advapi32.dll |Расширенная библиотека API Windows 32 |6.2.18362.329 |488056 |2019-09-29 21:18:16|C:\Windows\System32\ | |74CB0000|normaliz.dll |Unicode Normalization DLL |6.2.18362.1 |5120 |2019-03-19 11:45:22|C:\Windows\System32\ | |74CC0000|psapi.dll |Process Status Helper |6.2.18362.1 |17008 |2019-03-19 11:45:19|C:\Windows\System32\ | |74CD0000|shell32.dll |Общая библиотека оболочки Windows |6.2.18362.356 |5762032 |2019-09-29 21:18:50|C:\Windows\System32\ | |75250000|bcryptPrimitives.dll |Windows Cryptographic Primitives Library |6.2.18362.295 |386320 |2019-09-29 21:17:44|C:\Windows\System32\ | |752B0000|comdlg32.dll |Библиотека общих диалоговых окон |6.2.18362.329 |691712 |2019-09-29 21:18:49|C:\Windows\System32\ | |75360000|msvcp_win.dll |Microsoft® C Runtime Library |6.2.18362.267 |500992 |2019-09-29 21:18:37|C:\Windows\System32\ | |753E0000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.2.18362.329 |628400 |2019-09-29 21:18:18|C:\Windows\System32\ | |754C0000|ole32.dll |Microsoft OLE для Windows |6.2.18362.113 |1007160 |2019-09-29 21:18:36|C:\Windows\System32\ | |755C0000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.2.18362.267 |1661544 |2019-09-29 21:18:35|C:\Windows\System32\ | |75760000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.2.18362.1 |267528 |2019-03-19 11:45:22|C:\Windows\System32\ | |757B0000|shlwapi.dll |Библиотека небольших программ оболочки |6.2.18362.1 |275240 |2019-03-19 11:45:32|C:\Windows\System32\ | |75900000|gdi32full.dll |GDI Client DLL |6.2.18362.356 |1413624 |2019-09-29 21:18:39|C:\Windows\System32\ | |75AC0000|imagehlp.dll |Windows NT Image Helper |6.2.18362.1 |97816 |2019-03-19 11:44:36|C:\Windows\System32\ | |75AE0000|kernel.appcore.dll |AppModel API Host |6.2.18362.1 |51336 |2019-03-19 11:45:16|C:\Windows\System32\ | |75AF0000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.2.18362.267 |478800 |2019-09-29 21:18:15|C:\Windows\System32\ | |75BC0000|oleaut32.dll |OLEAUT32.DLL |6.2.18362.329 |593112 |2019-09-29 21:18:38|C:\Windows\System32\ | |75CF0000|combase.dll |Microsoft COM для Windows |6.2.18362.356 |2586816 |2019-09-29 21:18:37|C:\Windows\System32\ | |75F70000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.2.18362.356 |2081976 |2019-09-29 21:17:44|C:\Windows\System32\ | |76170000|cryptsp.dll |Cryptographic Service Provider API |6.2.18362.1 |68192 |2019-03-19 11:45:20|C:\Windows\System32\ | |761F0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.2.18362.1 |143568 |2019-03-19 11:45:22|C:\Windows\System32\ | |76220000|profapi.dll |User Profile Basic API |6.2.18362.1 |85416 |2019-03-19 11:45:07|C:\Windows\System32\ | |76240000|nsi.dll |NSI User-mode interface DLL |6.2.18362.1 |20352 |2019-03-19 11:44:36|C:\Windows\System32\ | |76250000|msvcrt.dll |Windows NT CRT DLL |7.0.18362.1 |776472 |2019-03-19 11:45:07|C:\Windows\System32\ | |76310000|clbcatq.dll |COM+ Configuration Catalog |2001.12.10941.16384|512304 |2019-03-19 11:45:19|C:\Windows\System32\ | |767F0000|gdi32.dll |GDI Client DLL |6.2.18362.1 |127552 |2019-03-19 11:45:16|C:\Windows\System32\ | |76820000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.2.18362.1 |768488 |2019-03-19 11:45:07|C:\Windows\System32\ | |768E0000|win32u.dll |Win32u |6.2.18362.356 |89328 |2019-09-29 21:18:35|C:\Windows\System32\ | |76900000|SHCore.dll |SHCORE |6.2.18362.1 |538160 |2019-03-19 11:45:19|C:\Windows\System32\ | |76B00000|msctf.dll |Серверная библиотека MSCTF |6.2.18362.356 |1054656 |2019-09-29 21:18:16|C:\Windows\System32\ | |76C10000|umpdc.dll | | |46656 |2019-03-19 11:45:16|C:\Windows\System32\ | |76C80000|ucrtbase.dll |Microsoft® C Runtime Library |6.2.18362.267 |1178608 |2019-09-29 21:18:37|C:\Windows\System32\ | |76DA0000|windows.storage.dll |API хранения Microsoft WinRT |6.2.18362.356 |6081744 |2019-09-29 21:18:33|C:\Windows\System32\ | |77370000|cfgmgr32.dll |Configuration Manager DLL |6.2.18362.1 |236520 |2019-03-19 11:45:22|C:\Windows\System32\ | |773B0000|bcrypt.dll |Библиотека криптографических примитивов Windows |6.2.18362.267 |96032 |2019-09-29 21:18:37|C:\Windows\System32\ | |773E0000|ntdll.dll |Системная библиотека NT |6.2.18362.356 |1664168 |2019-09-29 21:18:15|C:\Windows\System32\ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority |Threads|Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |2 | | |4 |System | | |0 |Normal |149 | | |88 |Registry | | |0 |Normal |4 | | |116 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |272 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |12 | | |344 |smss.exe | | |0 |Above-Normal|3 | | |396 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |480 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |576 |csrss.exe | | |0 |High |11 | | |660 |wininit.exe | | |0 |High |2 | | |780 |firefox.exe |Firefox |70.0.1.7242 |50716672 |Normal |8 |C:\Program Files\Mozilla Firefox\ | |796 |services.exe | | |0 |Normal |6 | | |804 |lsass.exe | | |0 |Normal |8 | | |868 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |9 | | |912 |fontdrvhost.exe |Usermode Font Driver Host |6.2.18362.356 |0 |Normal |6 | | |920 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |988 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |14 | | |1084 |YandexDisk.exe |Яндекс.Диск |1.4.22.5513 |69226496 |Normal |37 |C:\Users\Manager\AppData\Roaming\Yandex\YandexDisk\ | |1120 |SearchUI.exe |Search and Cortana application |6.2.18362.329 |69881856 |Normal |28 |C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ | |1128 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |9 | | |1136 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |1176 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |1184 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |1252 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |1268 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |1328 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |7 | | |1364 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |1380 |csrss.exe | | |0 |High |13 | | |1392 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |1444 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |1544 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |1600 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |1672 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |1692 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |1716 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |1792 |Memory Compression | | |0 |Normal |74 | | |1804 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |1816 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |1852 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |1872 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |1896 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |1936 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |14 | | |1952 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |10 | | |1992 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |8 | | |2028 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |9 | | |2072 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |2112 |SecurityHealthSystray.exe | | |8376320 |Normal |2 |C:\Windows\System32\ | |2140 |dasHost.exe | | |0 |Normal |4 | | |2204 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |2324 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |11 | | |2384 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |2452 |spoolsv.exe | | |0 |Normal |16 | | |2464 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |2516 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |13 | | |2544 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |2708 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |2716 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |12 | | |2732 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |15 | | |2752 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |13 | | |2772 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |8 | | |2776 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |2784 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |2864 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |2872 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |2892 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |2904 |UpdaterDisabler.exe | | |0 |Normal |4 | | |2912 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |7 | | |2928 |winvnc.exe | | |0 |Normal |3 | | |2996 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |3024 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |3160 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |12 | | |3436 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |3732 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |18718720 |Normal |5 |C:\Windows\System32\ | |3784 |MicrosoftEdgeSH.exe | | |10784768 |Normal |9 |C:\Windows\System32\ | |3900 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |3972 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |4012 |taskhostw.exe | | |12648448 |Normal |8 |C:\Windows\System32\ | |4048 |firefox.exe |Firefox |70.0.1.7242 |118767616|Low |20 |C:\Program Files\Mozilla Firefox\ | |4068 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |4084 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |9 | | |4088 |MicrosoftEdgeCP.exe | | |21762048 |Normal |16 |C:\Windows\System32\ | |4172 |dasHost.exe | | |0 |Normal |2 | | |4304 |audiodg.exe | | |11685888 |Normal |10 |C:\Windows\System32\ | |4388 |MicrosoftEdge.exe |Microsoft Edge |11.0.18362.329|52391936 |Normal |34 |C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ | |4472 |SgrmBroker.exe | | |0 |Normal |5 | | |4504 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |19775488 |Normal |5 |C:\Windows\System32\ | |4528 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |4688 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |4712 |soffice.bin |OpenOffice 4.1.6 |4.0.9790.500 |71315456 |Normal |12 |D:\USER\OpenOffice\program\ | |4772 |soffice.exe |OpenOffice 4.1.6 |4.0.9790.500 |7245824 |Normal |2 |D:\USER\OpenOffice\program\ | |4788 |fontdrvhost.exe |Usermode Font Driver Host |6.2.18362.356 |0 |Normal |6 | | |4848 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |9 | | |4908 |RuntimeBroker.exe | | |21884928 |Normal |4 |C:\Windows\System32\ | |5004 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |4 | | |5012 |splwow64.exe |Print driver host for applications |6.2.18362.239 |11403264 |Normal |6 |C:\Windows\ | |5168 |explorer.exe |Проводник |6.2.18362.329 |115126272|Normal |66 |C:\Windows\ | |5256 |HWDeviceService64.exe | | |0 |Normal |5 | | |5316 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |3 | | |5376 |RuntimeBroker.exe | | |13369344 |Normal |4 |C:\Windows\System32\ | |5852 |RuntimeBroker.exe | | |21934080 |Normal |3 |C:\Windows\System32\ | |6060 |SearchIndexer.exe |Индексатор службы Microsoft Windows Search |7.0.18362.329 |0 |Normal |16 | | |6196 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |8 | | |6608 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |2 | | |6792 |WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe|WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe|6.2.18362.329 |39874560 |Normal |10 |C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\ | |6824 |SecurityHealthService.exe | | |0 |Normal |50 | | |6844 |mcclient.exe | |7.7.0.0 |64835584 |Normal |16 |D:\USER\MyChat\ | |6876 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |6 | | |6940 |browser_broker.exe | | |8044544 |Normal |3 |C:\Windows\System32\ | |7164 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |23834624 |Normal |4 |C:\Windows\System32\ | |7228 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |18796544 |Normal |9 |C:\Windows\System32\ | |7280 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |7360 |ApplicationFrameHost.exe | | |25382912 |Normal |3 |C:\Windows\System32\ | |7492 |splwow64.exe |Print driver host for applications |6.2.18362.239 |8806400 |Normal |5 |C:\Windows\ | |7560 |RuntimeBroker.exe | | |14073856 |Normal |3 |C:\Windows\System32\ | |7768 |1cv8c.exe |1cv8c |8.3.14.1779 |187547648|Normal |10 |C:\Program Files (x86)\1cv8\8.3.14.1779\bin\ | |7872 |winvnc.exe | | |0 |Normal |8 | | |8016 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |15 | | |8196 |winlogon.exe | | |0 |High |5 | | |8244 |StartMenuExperienceHost.exe | | |51466240 |Normal |8 |C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\| |8296 |dwm.exe | | |0 |High |14 | | |8524 |NisSrv.exe | | |0 |Normal |7 | | |8624 |firefox.exe |Firefox |70.0.1.7242 |242126848|Normal |65 |C:\Program Files\Mozilla Firefox\ | |8636 |MsMpEng.exe | | |0 |Normal |24 | | |9032 |LockApp.exe |LockApp.exe |6.2.18362.329 |39063552 |Normal |13 |C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\ | |9084 |firefox.exe |Firefox |70.0.1.7242 |239808512|Normal |18 |C:\Program Files\Mozilla Firefox\ | |9144 |firefox.exe |Firefox |70.0.1.7242 |252141568|Normal |26 |C:\Program Files\Mozilla Firefox\ | |9240 |firefox.exe |Firefox |70.0.1.7242 |41320448 |Low |18 |C:\Program Files\Mozilla Firefox\ | |9248 |ShellExperienceHost.exe |Windows Shell Experience Host |6.2.18362.329 |47837184 |Normal |14 |C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ | |9264 |firefox.exe |Firefox |70.0.1.7242 |103305216|Normal |18 |C:\Program Files\Mozilla Firefox\ | |9436 |RuntimeBroker.exe | | |16052224 |Normal |4 |C:\Windows\System32\ | |9684 |sihost.exe | | |26214400 |Normal |8 |C:\Windows\System32\ | |9764 |svchost.exe |Хост-процесс для служб Windows |6.2.18362.1 |0 |Normal |5 | | |10076|ctfmon.exe |CTF-загрузчик |6.2.18362.1 |26017792 |High |9 |C:\Windows\System32\ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ------------------------------------------------------------------------ ; Base Address: $409000, Allocation Base: $400000, Region Size: 13930496 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; System.TObject.FreeInstance (Line=0 - Offset=6) ; ----------------------------------------------- 004094DA 5E POP ESI ; ; Line=0 - Offset=7 ; ----------------- 004094DB 0100 ADD [EAX], EAX ; <-- EXCEPTION 004094DD 008BC3E8EBD5 ADD [EBX-$2A14173D], CL 004094E3 ?? ; unaccessible location Registers: ----------------------------- EAX: ???? EDI: ???? EBX: ???? ESI: ???? ECX: ???? EBP: ???? EDX: ???? ESP: ???? EIP: ???? FLG: ???? EXP: 004094DB STK: 0019E4A0 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0019E4DC: 00000000 004094DB: 01 00 00 8B C3 E8 EB D5 FF FF 5B C3 90 8B 48 04 ..........[...H. 0019E4D8: 00000000 004094EB: 3B 4A 04 75 06 8B 00 3B 02 74 03 33 C0 C3 B0 01 ;J.u...;.t.3.... 0019E4D4: 00000000 004094FB: C3 53 56 8B F2 8B D8 8B D6 8B C3 E8 DD FF FF FF .SV............. 0019E4D0: 00000000 0040950B: 34 01 5E 5B C3 8B 48 04 3B 4A 04 7F 11 8B 48 04 4.^[..H.;J....H. 0019E4CC: 00000000 0040951B: 3B 4A 04 75 06 8B 00 3B 02 7F 03 33 C0 C3 B0 01 ;J.u...;...3.... 0019E4C8: 00000000 0040952B: C3 53 56 8B F2 8B D8 8B D6 8B C3 E8 D5 FF FF FF .SV............. 0019E4C4: 00000000 0040953B: 84 C0 75 12 8B D6 8B C3 E8 A0 FF FF FF 84 C0 75 ..u............u 0019E4C0: 0CA95124 0040954B: 05 33 C0 5E 5B C3 B0 01 5E 5B C3 8B C0 8B 48 04 .3.^[...^[....H. 0019E4BC: 7741B111 0040955B: 3B 4A 04 7C 11 8B 48 04 3B 4A 04 75 06 8B 00 3B ;J.|..H.;J.u...; 0019E4B8: 0CA443D4 0040956B: 02 7C 03 33 C0 C3 B0 01 C3 53 56 8B F2 8B D8 8B .|.3.....SV..... 0019E4B4: 0019E511 0040957B: D6 8B C3 E8 D5 FF FF FF 84 C0 75 12 8B D6 8B C3 ..........u..... 0019E4B0: 0CA44364 0040958B: E8 58 FF FF FF 84 C0 75 05 33 C0 5E 5B C3 B0 01 .X.....u.3.^[... 0019E4AC: 00000011 0040959B: 5E 5B C3 8B C0 83 C0 CC 8B 00 C3 8B C0 84 D2 74 ^[.............t 0019E4A8: 0CA448A4 004095AB: 08 83 C4 F0 E8 20 06 00 00 84 D2 74 0F E8 6F 06 ..... .....t..o. 0019E4A4: 0CA93A0C 004095BB: 00 00 64 8F 05 00 00 00 00 83 C4 0C C3 E8 AF 06 ..d............. 0019E4A0: 0CA4FEAC 004095CB: 00 00 84 D2 7E 05 E8 4E 06 00 00 C3 90 85 C0 74 ....~..N.......t