EurekaLog 7.4.8.0 RC 1 Application: ------------------------------------------------------- 1.1 Start Date : Thu, 26 Mar 2020 10:05:31 +0300 1.2 Name/Description: mcserv.exe - (MyChat Server) 1.3 Version Number : 7.7.0.1 1.4 Parameters : /autorun 1.5 Compilation Date: Fri, 6 Sep 2019 16:11:02 +0300 1.6 Up Time : 4 second(s) Exception: ---------------------------------------------------------------------------------------------------------- 2.1 Date : Thu, 26 Mar 2020 10:05:36 +0300 2.2 Address : 0079085F 2.3 Module Name : mcserv.exe - (MyChat Server) 2.4 Module Version: 7.7.0.1 2.5 Type : EABSException 2.6 Message : Stream size = 0 too small. Should be at least = 1841648413696 - Native error: 10081. 2.7 ID : B45A0000 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 0 User: ------------------------------------------------------- 3.1 ID : Viskub 3.2 Name : Viskub 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: ---------------------------------- 4.1 Form Class : TApplication 4.2 Form Text : MyChat Server 4.3 Control Class: TApplication 4.4 Control Text : MyChat Server Computer: ----------------------------------------------------------------------------------------- 5.1 Name : VISKUB-ПК 5.2 Total Memory : 4168114176 (3.88 Gb) 5.3 Free Memory : 2571423744 (2.39 Gb) 5.4 Total Disk : 107702382592 (100.31 Gb) 5.5 Free Disk : 35276509184 (32.85 Gb) 5.6 System Up Time : 51 second(s) 5.7 Processor : Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) HD Graphics 4400 (driver 10.18.14.4156 - RAM 1073741824) 5.11 Printer : Canon iR1133 UFRII LT (driver 30.15) 5.12 Virtual Machine: Operating System: ---------------------------------------------------- 6.1 Type : Microsoft Windows 7 (64 bit) 6.2 Build # : 7601 (6.1.7601.17965) 6.3 Update : Service pack 1 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) Network: --------------------------------- 7.1 IP Address: 192.168.002.111 7.2 Submask : 255.255.255.000 7.3 Gateway : 192.168.002.001 7.4 DNS 1 : 192.168.002.001 7.5 DNS 2 : 008.008.008.008 7.6 DHCP : OFF Steps to reproduce: ------------ 8.1 Text: Custom Information: ---------------------------------- 9.1 ServerHWID: 6-12-3-668671128 9.2 License : FREE Call Stack Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Unit |Class |Procedure/Method |Line | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=3432; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|0079085F|mcserv.exe |0039085F|ABSCompression |TABSCompressedBLOBStream|Create | | |00000020|03 |0018E41C|0078E572|mcserv.exe |0038E572|ABSCompression |TABSMemoryStream |Seek | | |00000020|03 |0018E460|007B6DCA|mcserv.exe |003B6DCA|ABSTempEngine |TABSTemporaryTableData |InternalCreateBlobStream | | |00000020|03 |0018E474|757E38A6|kernel32.dll|000138A6|kernel32 | | (possible GetThreadLocale+816) | | |00000020|03 |0018E524|0083830E|mcserv.exe |0043830E|ABSLocalEngine | |DoInternalCreateBlobStream | | |00000020|03 |0018E544|007E5C52|mcserv.exe |003E5C52|ABSBaseEngine |TABSDatabaseData |Lock | | |00000020|03 |0018E554|007E0F21|mcserv.exe |003E0F21|ABSBaseEngine |TABSTableData |Lock | | |00000020|03 |0018E55C|0083859F|mcserv.exe |0043859F|ABSLocalEngine |TABSLocalCursor |InternalCreateBlobStream | | |00000020|03 |0018E568|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018E58C|00848D68|mcserv.exe |00448D68|ABSMain |TABSDataSet |InternalCreateBlobStream | | |00000020|03 |0018E5AC|0040ACD6|a |0000ACD6|recursive |area |removed |2[0] | |00000020|03 |0018E5B8|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018E5D4|00409FFB|mcserv.exe |00009FFB|System | |_ClassCreate | | |00000020|03 |0018E5E4|00859D17|mcserv.exe |00459D17|ABSMain |TABSBLOBStream |Create | | |00000020|03 |0018E608|00848ECF|mcserv.exe |00448ECF|ABSMain |TABSDataSet |CreateBlobStream | | |00000020|03 |0018E614|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018E630|0074E752|mcserv.exe |0034E752|Data.DB |TBlobField |GetAsAnsiString | | |00000020|03 |0018E644|0074F378|mcserv.exe |0034F378|Data.DB |TMemoField |GetAsString | | |00000020|03 |0018E64C|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|04 |0018E664|00F55225|mcserv.exe |00B55225|dbop | |DBLoadStat |573[8] | |00000020|03 |0018E66C|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|04 |0018E684|00BE8EBF|mcserv.exe |007E8EBF|mcCoreStat |TMCServStat |LoadStatFromDB |1614[1] | |00000020|03 |0018E68C|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|04 |0018E6A4|00BD32AA|mcserv.exe |007D32AA|mcCoreStat |TMCServStat |Create |127[19] | |00000020|04 |0018E6C8|00F5053C|mcserv.exe |00B5053C|fm_main |TMainForm |WMAppStartup |1709[229] | |00000020|03 |0018E6D0|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018E724|00627EC5|mcserv.exe |00227EC5|Vcl.Controls |TControl |WndProc | | |00000020|03 |0018E758|756A6AFB|user32.dll |00016AFB|USER32 | |DefWindowProcW | | |00000020|03 |0018E75C|756A62F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815) | | |00000020|03 |0018E790|756A6AFB|user32.dll |00016AFB|USER32 | |DefWindowProcW | | |00000020|03 |0018E798|756A6D8B|user32.dll |00016D8B|USER32 | | (possible GetThreadDesktop+296) | | |00000020|03 |0018E79C|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018E7CC|756A6CE3|user32.dll |00016CE3|USER32 | | (possible GetThreadDesktop+128) | | |00000020|03 |0018E7D0|756A6D8B|user32.dll |00016D8B|USER32 | | (possible GetThreadDesktop+296) | | |00000020|03 |0018E7D4|72B60A6C|comctl32.dll|00030A6C|comctl32 | | (possible HIMAGELIST_QueryInterface+191) | | |00000020|03 |0018E7E8|756A62F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815) | | |00000020|03 |0018E7FC|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018E800|756B0D3A|user32.dll |00020D3A|USER32 | | (possible GetClientRect+192) | | |00000020|03 |0018E82C|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018E850|0062C959|mcserv.exe |0022C959|Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0018E880|006D5EAE|mcserv.exe |002D5EAE|Vcl.Forms |TCustomForm |DefaultHandler | | |00000020|03 |0018E88C|00627EC5|mcserv.exe |00227EC5|Vcl.Controls |TControl |WndProc | | |00000020|03 |0018E89C|006D3B35|mcserv.exe |002D3B35|Vcl.Forms |TCustomForm |WndProc | | |00000020|03 |0018E8B8|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|04 |0018E8C8|00F511B0|mcserv.exe |00B511B0|fm_main |TMainForm |WndProc |1836[1] | |00000020|03 |0018E8D0|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|04 |0018E8F4|008C4143|mcserv.exe |004C4143|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19291[1285] | |00000020|03 |0018E8FC|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018E914|00660182|mcserv.exe |00260182|Vcl.ComCtrls |TCustomTabControl |TCMAdjustRect | | |00000020|03 |0018E934|00627EC5|mcserv.exe |00227EC5|Vcl.Controls |TControl |WndProc | | |00000020|03 |0018E94C|0062F61D|mcserv.exe |0022F61D|Vcl.Controls |TWinControl |CMInvalidate | | |00000020|03 |0018E95C|00627EC5|mcserv.exe |00227EC5|Vcl.Controls |TControl |WndProc | | |00000020|03 |0018E970|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018E994|756A6D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018E99C|0062CA6A|mcserv.exe |0022CA6A|Vcl.Controls |TWinControl |DefaultHandler | | |00000020|03 |0018E9A0|72BB71C5|comctl32.dll|000871C5|comctl32 | | (possible CreateUpDownControl+9196) | | |00000020|03 |0018E9B8|0062C959|mcserv.exe |0022C959|Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0018E9C4|00627EC5|mcserv.exe |00227EC5|Vcl.Controls |TControl |WndProc | | |00000020|03 |0018E9E4|756A6A87|user32.dll |00016A87|USER32 | | (possible gapfnScSendMessage+2751) | | |00000020|03 |0018EA04|006D3B35|mcserv.exe |002D3B35|Vcl.Forms |TCustomForm |WndProc | | |00000020|03 |0018EA14|756A6AFB|user32.dll |00016AFB|USER32 | |DefWindowProcW | | |00000020|04 |0018EA24|008C1240|mcserv.exe |004C1240|DynamicSkinForm|TspDynamicSkinForm |CheckMenuVisible |17945[1] | |00000020|04 |0018EA30|008C4143|mcserv.exe |004C4143|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19291[1285] | |00000020|04 |0018EA38|008C49E8|mcserv.exe |004C49E8|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19548[1542] | |00000020|04 |0018EA3C|008C49F3|mcserv.exe |004C49F3|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19548[1542] | |00000020|03 |0018EA4C|006DBCE5|mcserv.exe |002DBCE5|Vcl.Forms | |Default | | |00000020|03 |0018EA5C|0040A7A4|mcserv.exe |0000A7A4|System |TMonitor |TryEnter | | |00000020|03 |0018EA64|0040A3B4|mcserv.exe |0000A3B4|System |TMonitor |Enter | | |00000020|03 |0018EA70|0040A27C|mcserv.exe |0000A27C|System |TMonitor |CheckOwningThread | | |00000020|03 |0018EA78|0040A536|mcserv.exe |0000A536|System |TMonitor |Exit | | |00000020|03 |0018EA84|0040A587|mcserv.exe |0000A587|System |TMonitor |Exit | | |00000020|03 |0018EA8C|005DE1F6|mcserv.exe |001DE1F6|Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018EA90|005DE1FE|mcserv.exe |001DE1FE|Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018EA9C|0062BF9C|mcserv.exe |0022BF9C|Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018EAA4|0040ACD6|mcserv.exe |0000ACD6|System | |_HandleFinally | | |00000020|03 |0018EAB0|0040AAA6|mcserv.exe |0000AAA6|System | |_HandleAnyException | | |00000020|03 |0018EACC|004F6690|mcserv.exe |000F6690|System.Classes | |StdWndProc | | |00000020|03 |0018EAE4|756A62F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815) | | |00000020|03 |0018EB10|756A6D35|user32.dll |00016D35|USER32 | | (possible GetThreadDesktop+210) | | |00000020|03 |0018EB54|756A6CE3|user32.dll |00016CE3|USER32 | | (possible GetThreadDesktop+128) | | |00000020|03 |0018EB5C|756A6D8B|user32.dll |00016D8B|USER32 | | (possible GetThreadDesktop+296) | | |00000020|03 |0018EB88|756B0D3A|user32.dll |00020D3A|USER32 | | (possible GetClientRect+192) | | |00000020|00 |0018EBC0|07520B97| |00000B97| | | | | |00000020|04 |0018EBE0|0088F9A3|mcserv.exe |0048F9A3|spTrayIcon |TspTrayIcon |HookFormProc |395[30] | |00000020|03 |0018EC08|004F6690|mcserv.exe |000F6690|System.Classes | |StdWndProc | | |00000020|03 |0018EC20|756A62F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815) | | |00000020|03 |0018EC4C|756A6D35|user32.dll |00016D35|USER32 | | (possible GetThreadDesktop+210) | | |00000020|03 |0018EC90|756A6CE3|user32.dll |00016CE3|USER32 | | (possible GetThreadDesktop+128) | | |00000020|03 |0018ECC4|756A77BF|user32.dll |000177BF|USER32 | | (possible CharPrevW+307) | | |00000020|00 |0018ED24|074C1AFF| |00001AFF| | | | | |00000020|03 |0018ED34|006DCD3F|mcserv.exe |002DCD3F|Vcl.Forms |TApplication |ProcessMessage | | |00000020|03 |0018ED50|006DCD82|mcserv.exe |002DCD82|Vcl.Forms |TApplication |HandleMessage | | |00000020|03 |0018ED74|006DD0BD|mcserv.exe |002DD0BD|Vcl.Forms |TApplication |Run | | |00000020|03 |0018ED7C|006DD0CA|mcserv.exe |002DD0CA|Vcl.Forms |TApplication |Run | | |00000020|04 |0018EDA4|01069EA5|mcserv.exe |00C69EA5|mcserv | |Initialization |229[55] | |00000020|03 |0018EDEC|75802B0A|kernel32.dll|00032B0A|kernel32 | | (possible GetWindowsDirectoryA+24) | | |00000020|03 |0018EE00|757E444B|kernel32.dll|0001444B|kernel32 | | (possible IsValidCodePage+24) | | |00000020|03 |0018EE14|757E1105|kernel32.dll|00011105|kernel32 | |Sleep | | |00000020|03 |0018EE28|757E49FD|kernel32.dll|000149FD|kernel32 | | (possible OpenEventA+24) | | |00000020|03 |0018EE3C|761540E4|advapi32.dll|000140E4|ADVAPI32 | |AdjustTokenPrivileges | | |00000020|03 |0018EE50|76154272|advapi32.dll|00014272|ADVAPI32 | |GetTokenInformation | | |00000020|03 |0018EE64|7614C500|advapi32.dll|0000C500|ADVAPI32 | |ImpersonateLoggedOnUser | | |00000020|03 |0018EE78|76154576|advapi32.dll|00014576|ADVAPI32 | |InitializeSecurityDescriptor | | |00000020|03 |0018EE8C|761822CC|advapi32.dll|000422CC|ADVAPI32 | |LookupPrivilegeNameW | | |00000020|03 |0018EEA0|7615425A|advapi32.dll|0001425A|ADVAPI32 | |OpenProcessToken | | |00000020|03 |0018EEB4|76154282|advapi32.dll|00014282|ADVAPI32 | |OpenThreadToken | | |00000020|03 |0018EEC8|761545F3|advapi32.dll|000145F3|ADVAPI32 | |RegCloseKey | | |00000020|03 |0018EEDC|76154054|advapi32.dll|00014054|ADVAPI32 | |RegCreateKeyExW | | |00000020|03 |0018EEF0|7614CEB7|advapi32.dll|0000CEB7|ADVAPI32 | |RegDeleteValueW | | |00000020|03 |0018EF04|7615461E|advapi32.dll|0001461E|ADVAPI32 | |RegEnumKeyExW | | |00000020|03 |0018EF18|76154826|advapi32.dll|00014826|ADVAPI32 | |RegEnumValueW | | |00000020|03 |0018EF2C|761676C5|advapi32.dll|000276C5|ADVAPI32 | |RegFlushKey | | |00000020|03 |0018EF40|76183735|advapi32.dll|00043735|ADVAPI32 | |RegLoadKeyW | | |00000020|03 |0018EF54|761545E3|advapi32.dll|000145E3|ADVAPI32 | |RegOpenKeyExW | | |00000020|03 |0018EF68|76154861|advapi32.dll|00014861|ADVAPI32 | |RegOpenKeyExA | | |00000020|03 |0018EF7C|7615463D|advapi32.dll|0001463D|ADVAPI32 | |RegQueryInfoKeyW | | |00000020|03 |0018EF90|76154603|advapi32.dll|00014603|ADVAPI32 | |RegQueryValueExW | | |00000020|03 |0018EFA4|76154849|advapi32.dll|00014849|ADVAPI32 | |RegQueryValueExA | | |00000020|03 |0018EFB8|761A0FF9|advapi32.dll|00060FF9|ADVAPI32 | |RegReplaceKeyW | | |00000020|03 |0018EFCC|76167C40|advapi32.dll|00027C40|ADVAPI32 | |RegRestoreKeyW | | |00000020|03 |0018EFE0|76151424|advapi32.dll|00011424|ADVAPI32 | |RegSetValueExW | | |00000020|03 |0018EFF4|76183755|advapi32.dll|00043755|ADVAPI32 | |RegUnLoadKeyW | | |00000020|03 |0018F008|761514AA|advapi32.dll|000114AA|ADVAPI32 | | (possible RevertToSelf+11) | | |00000020|03 |0018F01C|761540B4|advapi32.dll|000140B4|ADVAPI32 | |SetSecurityDescriptorDacl | | |00000020|03 |0018F030|75864851|kernel32.dll|00094851|kernel32 | | (possible DosPathToSessionPathA+381) | | |00000020|03 |0018F044|757E3B70|kernel32.dll|00013B70|kernel32 | |CompareStringW | | |00000020|03 |0018F058|757E3C00|kernel32.dll|00013C00|kernel32 | |CompareStringA | | |00000020|03 |0018F06C|757E41FF|kernel32.dll|000141FF|kernel32 | |CreateDirectoryW | | |00000020|03 |0018F080|757E1814|kernel32.dll|00011814|kernel32 | |CreateEventW | | |00000020|03 |0018F094|757E18DF|kernel32.dll|000118DF|kernel32 | |CreateFileMappingW | | |00000020|03 |0018F0A8|757E41F2|kernel32.dll|000141F2|kernel32 | |CreateMutexW | | |00000020|03 |0018F0BC|757E8959|kernel32.dll|00018959|kernel32 | |DeleteFileW | | |00000020|03 |0018F0D0|757E53EA|kernel32.dll|000153EA|kernel32 | |DeleteFileA | | |00000020|03 |0018F0E4|75864985|kernel32.dll|00094985|kernel32 | |EnumCalendarInfoW | | |00000020|03 |0018F0F8|758649E5|kernel32.dll|000949E5|kernel32 | |EnumSystemLocalesW | | |00000020|03 |0018F10C|757EE26C|kernel32.dll|0001E26C|kernel32 | |FileTimeToLocalFileTime | | |00000020|03 |0018F120|757E53D2|kernel32.dll|000153D2|kernel32 | |FileTimeToSystemTime | | |00000020|03 |0018F134|757E43E8|kernel32.dll|000143E8|kernel32 | |FindClose | | |00000020|03 |0018F148|757E43DB|kernel32.dll|000143DB|kernel32 | |FindFirstFileW | | |00000020|03 |0018F15C|757E5494|kernel32.dll|00015494|kernel32 | |FindNextFileW | | |00000020|03 |0018F170|7580B907|kernel32.dll|0003B907|kernel32 | |FlushViewOfFile | | |00000020|03 |0018F184|7580A786|kernel32.dll|0003A786|kernel32 | |FoldStringW | | |00000020|03 |0018F198|757E45C6|kernel32.dll|000145C6|kernel32 | |FormatMessageW | | |00000020|03 |0018F1AC|75805FAB|kernel32.dll|00035FAB|kernel32 | |FormatMessageA | | |00000020|03 |0018F1C0|757E346E|kernel32.dll|0001346E|kernel32 | |FreeLibrary | | |00000020|03 |0018F1D4|757E145A|kernel32.dll|0001145A|kernel32 | |InterlockedCompareExchange | | |00000020|03 |0018F1E8|757E13C6|kernel32.dll|000113C6|kernel32 | |InterlockedDecrement | | |00000020|03 |0018F1FC|757E1438|kernel32.dll|00011438|kernel32 | |InterlockedExchange | | |00000020|03 |0018F210|757E13D6|kernel32.dll|000113D6|kernel32 | |InterlockedIncrement | | |00000020|03 |0018F224|757FD3C9|kernel32.dll|0002D3C9|kernel32 | |FreeResource | | |00000020|03 |0018F238|757E176C|kernel32.dll|0001176C|kernel32 | | (possible OpenFileMappingW+49) | | |00000020|03 |0018F24C|757E512F|kernel32.dll|0001512F|kernel32 | |GetCPInfo | | |00000020|03 |0018F260|7580AF09|kernel32.dll|0003AF09|kernel32 | |GetCPInfoExW | | |00000020|03 |0018F274|757E51C3|kernel32.dll|000151C3|kernel32 | | (possible GetSystemWindowsDirectoryW+16) | | |00000020|03 |0018F288|757E17D9|kernel32.dll|000117D9|kernel32 | | (possible GetCurrentThread+22) | | |00000020|03 |0018F29C|757E11F8|kernel32.dll|000111F8|kernel32 | | (possible TlsGetValue+24) | | |00000020|03 |0018F2B0|757E17BC|kernel32.dll|000117BC|kernel32 | | (possible SetFilePointer+27) | | |00000020|03 |0018F2C4|757FF798|kernel32.dll|0002F798|kernel32 | |GetDiskFreeSpaceW | | |00000020|03 |0018F2D8|75864AC5|kernel32.dll|00094AC5|kernel32 | |GetDiskFreeSpaceA | | |00000020|03 |0018F2EC|757FD4FD|kernel32.dll|0002D4FD|kernel32 | |GetDiskFreeSpaceExW | | |00000020|03 |0018F300|757E4131|kernel32.dll|00014131|kernel32 | |GetDriveTypeW | | |00000020|03 |0018F314|757E1B1E|kernel32.dll|00011B1E|kernel32 | |GetEnvironmentVariableW | | |00000020|03 |0018F328|757FD5A3|kernel32.dll|0002D5A3|kernel32 | |GetExitCodeThread | | |00000020|03 |0018F33C|757E1AEE|kernel32.dll|00011AEE|kernel32 | |GetFileAttributesW | | |00000020|03 |0018F350|757E53BA|kernel32.dll|000153BA|kernel32 | |GetFileAttributesA | | |00000020|03 |0018F364|757E451A|kernel32.dll|0001451A|kernel32 | |GetFileAttributesExW | | |00000020|03 |0018F378|757E1944|kernel32.dll|00011944|kernel32 | |GetFileSize | | |00000020|03 |0018F38C|757E43AD|kernel32.dll|000143AD|kernel32 | |GetFileTime | | |00000020|03 |0018F3A0|757E407A|kernel32.dll|0001407A|kernel32 | |GetFullPathNameW | | |00000020|03 |0018F3B4|757EE28F|kernel32.dll|0001E28F|kernel32 | |GetFullPathNameA | | |00000020|03 |0018F3C8|757E11C0|kernel32.dll|000111C0|kernel32 | | (possible WaitForSingleObjectEx+111) | | |00000020|03 |0018F3DC|757E5A4C|kernel32.dll|00015A4C|kernel32 | |GetLocalTime | | |00000020|03 |0018F3F0|757E3BE8|kernel32.dll|00013BE8|kernel32 | |GetLocaleInfoW | | |00000020|03 |0018F404|757FD5D3|kernel32.dll|0002D5D3|kernel32 | |GetLocaleInfoA | | |00000020|03 |0018F418|75864AF5|kernel32.dll|00094AF5|kernel32 | |GetLogicalDriveStringsW | | |00000020|03 |0018F42C|757E48F6|kernel32.dll|000148F6|kernel32 | |GetModuleFileNameW | | |00000020|03 |0018F440|757E3456|kernel32.dll|00013456|kernel32 | |GetModuleHandleW | | |00000020|03 |0018F454|75864B15|kernel32.dll|00094B15|kernel32 | |GetPriorityClass | | |00000020|03 |0018F468|757E1228|kernel32.dll|00011228|kernel32 | |GetProcAddress | | |00000020|03 |0018F47C|757E14B9|kernel32.dll|000114B9|kernel32 | | (possible HeapFree+32) | | |00000020|03 |0018F490|757ED2C7|kernel32.dll|0001D2C7|kernel32 | |GetShortPathNameW | | |00000020|03 |0018F4A4|757E4CE6|kernel32.dll|00014CE6|kernel32 | |GetStartupInfoW | | |00000020|03 |0018F4B8|757E5159|kernel32.dll|00015159|kernel32 | |GetStdHandle | | |00000020|03 |0018F4CC|757E552C|kernel32.dll|0001552C|kernel32 | |GetStringTypeExW | | |00000020|03 |0018F4E0|7580824C|kernel32.dll|0003824C|kernel32 | |GetStringTypeA | | |00000020|03 |0018F4F4|757E3249|kernel32.dll|00013249|kernel32 | | (possible FindResourceExW+16) | | |00000020|03 |0018F508|7580D376|kernel32.dll|0003D376|kernel32 | | (possible GlobalHandle+202) | | |00000020|03 |0018F51C|757E5009|kernel32.dll|00015009|kernel32 | |GetSystemDirectoryW | | |00000020|03 |0018F530|75863BF4|kernel32.dll|00093BF4|kernel32 | |GetSystemTimes | | |00000020|03 |0018F544|757E4970|kernel32.dll|00014970|kernel32 | |GetSystemInfo | | |00000020|03 |0018F558|757E5A3C|kernel32.dll|00015A3C|kernel32 | |GetSystemTime | | |00000020|03 |0018F56C|757E34AF|kernel32.dll|000134AF|kernel32 | |GetSystemTimeAsFileTime | | |00000020|03 |0018F580|7580D1EC|kernel32.dll|0003D1EC|kernel32 | |GetTempFileNameW | | |00000020|03 |0018F594|757E356F|kernel32.dll|0001356F|kernel32 | | (possible HeapDestroy+24) | | |00000020|03 |0018F5A8|757E4365|kernel32.dll|00014365|kernel32 | |GetThreadPriority | | |00000020|03 |0018F5BC|757E110C|kernel32.dll|0001110C|kernel32 | |Sleep | | |00000020|03 |0018F5D0|757E4600|kernel32.dll|00014600|kernel32 | |GetTimeZoneInformation | | |00000020|03 |0018F5E4|757E3D45|kernel32.dll|00013D45|kernel32 | | (possible CompareStringA+331) | | |00000020|03 |0018F5F8|757E4407|kernel32.dll|00014407|kernel32 | |VirtualQuery | | |00000020|03 |0018F60C|757E1ABB|kernel32.dll|00011ABB|kernel32 | |GetVersionExW | | |00000020|03 |0018F620|757FC856|kernel32.dll|0002C856|kernel32 | |GetVolumeInformationW | | |00000020|03 |0018F634|757E4388|kernel32.dll|00014388|kernel32 | |GetWindowsDirectoryW | | |00000020|03 |0018F648|757E5834|kernel32.dll|00015834|kernel32 | |GlobalAlloc | | |00000020|03 |0018F65C|757E46BD|kernel32.dll|000146BD|kernel32 | |HeapCompact | | |00000020|03 |0018F670|757E49D3|kernel32.dll|000149D3|kernel32 | |HeapCreate | | |00000020|03 |0018F684|757E355D|kernel32.dll|0001355D|kernel32 | |HeapDestroy | | |00000020|03 |0018F698|757FB171|kernel32.dll|0002B171|kernel32 | |HeapValidate | | |00000020|03 |0018F6AC|757FCE3C|kernel32.dll|0002CE3C|kernel32 | |IsValidLocale | | |00000020|03 |0018F6C0|757E4903|kernel32.dll|00014903|kernel32 | |LoadLibraryExW | | |00000020|03 |0018F6D4|757E58F2|kernel32.dll|000158F2|kernel32 | |LoadResource | | |00000020|03 |0018F6E8|7580D544|kernel32.dll|0003D544|kernel32 | |LocalFileTimeToFileTime | | |00000020|03 |0018F6FC|757E2CE2|kernel32.dll|00012CE2|kernel32 | |LocalFree | | |00000020|03 |0018F710|7580CF54|kernel32.dll|0003CF54|kernel32 | |LockFile | | |00000020|03 |0018F724|7580D5B2|kernel32.dll|0003D5B2|kernel32 | |LockFileEx | | |00000020|03 |0018F738|757E58FF|kernel32.dll|000158FF|kernel32 | |LockResource | | |00000020|03 |0018F74C|757E18C7|kernel32.dll|000118C7|kernel32 | |MapViewOfFile | | |00000020|03 |0018F760|757E1741|kernel32.dll|00011741|kernel32 | |OpenFileMappingW | | |00000020|03 |0018F774|757E195C|kernel32.dll|0001195C|kernel32 | |OpenProcess | | |00000020|03 |0018F788|7580D20A|kernel32.dll|0003D20A|kernel32 | |OutputDebugStringW | | |00000020|03 |0018F79C|7580B2B5|kernel32.dll|0003B2B5|kernel32 | |OutputDebugStringA | | |00000020|03 |0018F7B0|757E49FD|kernel32.dll|000149FD|kernel32 | | (possible OpenEventA+24) | | |00000020|03 |0018F7C4|7580CF22|kernel32.dll|0003CF22|kernel32 | |QueryDosDeviceW | | |00000020|03 |0018F7D8|757E16FB|kernel32.dll|000116FB|kernel32 | |QueryPerformanceCounter | | |00000020|03 |0018F7EC|757E4196|kernel32.dll|00014196|kernel32 | |QueryPerformanceFrequency | | |00000020|03 |0018F800|757FCFC2|kernel32.dll|0002CFC2|kernel32 | |ReadProcessMemory | | |00000020|03 |0018F814|757E1124|kernel32.dll|00011124|kernel32 | |ReleaseMutex | | |00000020|03 |0018F828|75864C55|kernel32.dll|00094C55|kernel32 | |RemoveDirectoryW | | |00000020|03 |0018F83C|757E16B3|kernel32.dll|000116B3|kernel32 | |ResetEvent | | |00000020|03 |0018F850|757E4395|kernel32.dll|00014395|kernel32 | |ResumeThread | | |00000020|03 |0018F864|757FCD66|kernel32.dll|0002CD66|kernel32 | |SearchPathW | | |00000020|03 |0018F878|757F122E|kernel32.dll|0002122E|kernel32 | |SetCurrentDirectoryW | | |00000020|03 |0018F88C|757FCE24|kernel32.dll|0002CE24|kernel32 | |SetEndOfFile | | |00000020|03 |0018F8A0|757E8997|kernel32.dll|00018997|kernel32 | |SetEnvironmentVariableW | | |00000020|03 |0018F8B4|757E1AD6|kernel32.dll|00011AD6|kernel32 | |SetErrorMode | | |00000020|03 |0018F8C8|757E169B|kernel32.dll|0001169B|kernel32 | |SetEvent | | |00000020|03 |0018F8DC|757FD4E5|kernel32.dll|0002D4E5|kernel32 | |SetFileAttributesW | | |00000020|03 |0018F8F0|757E17A7|kernel32.dll|000117A7|kernel32 | |SetFilePointer | | |00000020|03 |0018F904|757FECA9|kernel32.dll|0002ECA9|kernel32 | |SetFileTime | | |00000020|03 |0018F918|757E897F|kernel32.dll|0001897F|kernel32 | |SetThreadLocale | | |00000020|03 |0018F92C|757E3261|kernel32.dll|00013261|kernel32 | |SetThreadPriority | | |00000020|03 |0018F940|757E5A6F|kernel32.dll|00015A6F|kernel32 | |SizeofResource | | |00000020|03 |0018F954|757E1105|kernel32.dll|00011105|kernel32 | |Sleep | | |00000020|03 |0018F968|75807D64|kernel32.dll|00037D64|kernel32 | |SuspendThread | | |00000020|03 |0018F97C|757FEFD4|kernel32.dll|0002EFD4|kernel32 | | (possible FindCloseChangeNotification+24)| | |00000020|03 |0018F990|757E5A24|kernel32.dll|00015A24|kernel32 | |SystemTimeToFileTime | | |00000020|03 |0018F9A4|75800640|kernel32.dll|00030640|kernel32 | |SystemTimeToTzSpecificLocalTime | | |00000020|03 |0018F9B8|757FD7F0|kernel32.dll|0002D7F0|kernel32 | |TerminateProcess | | |00000020|03 |0018F9CC|757E79D5|kernel32.dll|000179D5|kernel32 | |TerminateThread | | |00000020|03 |0018F9E0|757E11E6|kernel32.dll|000111E6|kernel32 | |TlsGetValue | | |00000020|03 |0018F9F4|7580CF6C|kernel32.dll|0003CF6C|kernel32 | |UnlockFile | | |00000020|03 |0018FA08|7580D5CA|kernel32.dll|0003D5CA|kernel32 | |UnlockFileEx | | |00000020|03 |0018FA1C|757E17FC|kernel32.dll|000117FC|kernel32 | |UnmapViewOfFile | | |00000020|03 |0018FA30|75864D25|kernel32.dll|00094D25|kernel32 | |VerLanguageNameW | | |00000020|03 |0018FA44|757E182C|kernel32.dll|0001182C|kernel32 | |VirtualAlloc | | |00000020|03 |0018FA58|757E1844|kernel32.dll|00011844|kernel32 | |VirtualFree | | |00000020|03 |0018FA6C|757E4305|kernel32.dll|00014305|kernel32 | |VirtualProtect | | |00000020|03 |0018FA80|757E4400|kernel32.dll|00014400|kernel32 | |VirtualQuery | | |00000020|03 |0018FA94|75864D55|kernel32.dll|00094D55|kernel32 | |VirtualQueryEx | | |00000020|03 |0018FAA8|757E16E3|kernel32.dll|000116E3|kernel32 | |WideCharToMultiByte | | |00000020|03 |0018FABC|757FD9CE|kernel32.dll|0002D9CE|kernel32 | |WriteProcessMemory | | |00000020|03 |0018FAD0|757E58CF|kernel32.dll|000158CF|kernel32 | |lstrcmpW | | |00000020|03 |0018FAE4|756B62CE|user32.dll |000262CE|USER32 | |AdjustWindowRectEx | | |00000020|03 |0018FAF8|756B5AEF|user32.dll |00025AEF|USER32 | |CopyImage | | |00000020|03 |0018FB0C|756E9FC4|user32.dll |00059FC4|USER32 | |GetClipboardData | | |00000020|03 |0018FB20|756B83F2|user32.dll |000283F2|USER32 | |GetClipboardFormatNameW | | |00000020|03 |0018FB34|756F0837|user32.dll |00060837|USER32 | |GetKeyNameTextW | | |00000020|03 |0018FB48|756B08BF|user32.dll |000208BF|USER32 | |MsgWaitForMultipleObjectsEx | | |00000020|03 |0018FB5C|756AA045|user32.dll |0001A045|USER32 | |UnregisterClassW | | |00000020|03 |0018FB70|757E346E|kernel32.dll|0001346E|kernel32 | |FreeLibrary | | |00000020|03 |0018FB84|757E3456|kernel32.dll|00013456|kernel32 | |GetModuleHandleW | | |00000020|03 |0018FB98|757E1662|kernel32.dll|00011662|kernel32 | |LocalAlloc | | |00000020|03 |0018FBAC|757E2CE2|kernel32.dll|00012CE2|kernel32 | |LocalFree | | |00000020|03 |0018FBC0|757E11E6|kernel32.dll|000111E6|kernel32 | |TlsGetValue | | |00000020|03 |0018FBD4|757E14D1|kernel32.dll|000114D1|kernel32 | |TlsSetValue | | |00000020|03 |0018FBE8|757E11C0|kernel32.dll|000111C0|kernel32 | | (possible WaitForSingleObjectEx+111) | | |00000020|03 |0018FBFC|757E1228|kernel32.dll|00011228|kernel32 | |GetProcAddress | | |00000020|03 |0018FC10|757E5159|kernel32.dll|00015159|kernel32 | |GetStdHandle | | |00000020|03 |0018FC24|757E1944|kernel32.dll|00011944|kernel32 | |GetFileSize | | |00000020|03 |0018FC38|757FCE24|kernel32.dll|0002CE24|kernel32 | |SetEndOfFile | | |00000020|03 |0018FC4C|757E17A7|kernel32.dll|000117A7|kernel32 | |SetFilePointer | | |00000020|03 |0018FC60|757E41FF|kernel32.dll|000141FF|kernel32 | |CreateDirectoryW | | |00000020|03 |0018FC74|75864C55|kernel32.dll|00094C55|kernel32 | |RemoveDirectoryW | | |00000020|03 |0018FC88|757E55B7|kernel32.dll|000155B7|kernel32 | |GetCurrentDirectoryW | | |00000020|03 |0018FC9C|757F122E|kernel32.dll|0002122E|kernel32 | |SetCurrentDirectoryW | | |00000020|03 |0018FCB0|757E43E8|kernel32.dll|000143E8|kernel32 | |FindClose | | |00000020|03 |0018FCC4|757E43DB|kernel32.dll|000143DB|kernel32 | |FindFirstFileW | | |00000020|03 |0018FCD8|757FEFD4|kernel32.dll|0002EFD4|kernel32 | | (possible FindCloseChangeNotification+24)| | |00000020|03 |0018FCEC|757E11C0|kernel32.dll|000111C0|kernel32 | | (possible WaitForSingleObjectEx+111) | | |00000020|03 |0018FD00|757E346E|kernel32.dll|0001346E|kernel32 | |FreeLibrary | | |00000020|03 |0018FD14|757E51C3|kernel32.dll|000151C3|kernel32 | | (possible GetSystemWindowsDirectoryW+16) | | |00000020|03 |0018FD28|757E48F6|kernel32.dll|000148F6|kernel32 | |GetModuleFileNameW | | |00000020|03 |0018FD3C|757E3456|kernel32.dll|00013456|kernel32 | |GetModuleHandleW | | |00000020|03 |0018FD50|757E1228|kernel32.dll|00011228|kernel32 | |GetProcAddress | | |00000020|03 |0018FD64|757E4CE6|kernel32.dll|00014CE6|kernel32 | |GetStartupInfoW | | |00000020|03 |0018FD78|757E4903|kernel32.dll|00014903|kernel32 | |LoadLibraryExW | | |00000020|03 |0018FD8C|757E176C|kernel32.dll|0001176C|kernel32 | | (possible OpenFileMappingW+49) | | |00000020|03 |0018FDA0|757E16E3|kernel32.dll|000116E3|kernel32 | |WideCharToMultiByte | | |00000020|03 |0018FDB4|757E3BE8|kernel32.dll|00013BE8|kernel32 | |GetLocaleInfoW | | |00000020|03 |0018FDC8|757E444B|kernel32.dll|0001444B|kernel32 | | (possible IsValidCodePage+24) | | |00000020|03 |0018FDDC|75802B0A|kernel32.dll|00032B0A|kernel32 | | (possible GetWindowsDirectoryA+24) | | |00000020|03 |0018FDF0|757E897F|kernel32.dll|0001897F|kernel32 | |SetThreadLocale | | |00000020|03 |0018FE04|757FCE3C|kernel32.dll|0002CE3C|kernel32 | |IsValidLocale | | |00000020|03 |0018FE18|7580CF84|kernel32.dll|0003CF84|kernel32 | |IsDBCSLeadByteEx | | |00000020|03 |0018FE2C|757E3B70|kernel32.dll|00013B70|kernel32 | |CompareStringW | | |00000020|03 |0018FE40|757E4407|kernel32.dll|00014407|kernel32 | |VirtualQuery | | |00000020|03 |0018FE54|757E4970|kernel32.dll|00014970|kernel32 | |GetSystemInfo | | |00000020|03 |0018FE68|757E110C|kernel32.dll|0001110C|kernel32 | |Sleep | | |00000020|03 |0018FE7C|757E16FB|kernel32.dll|000116FB|kernel32 | |QueryPerformanceCounter | | |00000020|03 |0018FE90|757E4400|kernel32.dll|00014400|kernel32 | |VirtualQuery | | |00000020|03 |0018FEA4|7580D58C|kernel32.dll|0003D58C|kernel32 | |lstrcpynW | | |00000020|03 |0018FEB8|757E16D6|kernel32.dll|000116D6|kernel32 | |lstrlenW | | |00000020|03 |0018FECC|757E182C|kernel32.dll|0001182C|kernel32 | |VirtualAlloc | | |00000020|03 |0018FEE0|757E1844|kernel32.dll|00011844|kernel32 | |VirtualFree | | |00000020|03 |0018FEF4|757E1105|kernel32.dll|00011105|kernel32 | |Sleep | | |00000020|03 |0018FF08|761545F3|advapi32.dll|000145F3|ADVAPI32 | |RegCloseKey | | |00000020|03 |0018FF1C|761545E3|advapi32.dll|000145E3|ADVAPI32 | |RegOpenKeyExW | | |00000020|03 |0018FF30|76154603|advapi32.dll|00014603|ADVAPI32 | |RegQueryValueExW | | |00000020|03 |0018FF8C|757E3368|kernel32.dll|00013368|kernel32 | |BaseThreadInitThunk | | ----------------------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcserv.exe |MyChat Server |7.7.0.1 |19454720|2019-09-06 16:18:12|C:\Program Files (x86)\MyChat Server\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 17:08:22|C:\Program Files (x86)\MyChat Server\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 17:08:22|C:\Program Files (x86)\MyChat Server\ | |6FBA0000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.1.7600.16385 |67072 |2009-07-14 04:15:13|C:\Windows\System32\ | |705E0000|icmp.dll |ICMP DLL |6.1.7600.16385 |3072 |2009-07-14 04:05:46|C:\Windows\System32\ | |705F0000|shfolder.dll |Shell Folder Service |6.1.7600.16385 |7168 |2009-07-14 04:16:14|C:\Windows\System32\ | |70600000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.1.7600.16385 |64000 |2009-07-14 04:15:41|C:\Windows\System32\ | |706B0000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-21 06:24:16|C:\Windows\System32\ | |70720000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 04:16:20|C:\Windows\System32\ | |708D0000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.1.7600.16385 |245760 |2009-07-14 04:11:24|C:\Windows\System32\ | |70950000|sxs.dll |Fusion 2.5 |6.1.7601.17514 |380416 |2010-11-21 06:24:16|C:\Windows\System32\ | |709E0000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 04:15:44|C:\Windows\System32\ | |71D30000|nlaapi.dll |Network Location Awareness 2 |6.1.7601.18685 |52224 |2014-12-06 06:50:19|C:\Windows\System32\ | |71DC0000|dhcpcsvc.dll |Служба DHCP-клиента |6.1.7600.16385 |61952 |2009-07-14 04:15:11|C:\Windows\System32\ | |72590000|dhcpcsvc6.DLL |Клиент DHCPv6 |6.1.7600.16385 |43008 |2009-07-14 04:15:11|C:\Windows\System32\ | |72860000|winsta.dll |Winstation Library |6.1.7601.18540 |157696 |2014-07-17 04:40:03|C:\Windows\System32\ | |728E0000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.1.7601.18283 |216576 |2013-10-12 05:01:25|C:\Windows\System32\ | |729C0000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 04:16:12|C:\Windows\System32\ | |729E0000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.1.7601.17570 |270336 |2011-03-03 08:38:01|C:\Windows\System32\ | |72B30000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем|6.10.7601.18837 |1680896 |2015-04-24 20:54:13|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\| |72CD0000|WSHTCPIP.DLL |Библиотека DLL помощника службы Winsock2 (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 04:16:20|C:\Windows\System32\ | |72CE0000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0|6.1.7601.23451 |231424 |2016-05-11 18:19:16|C:\Windows\System32\ | |72D60000|winspool.drv |Драйвер диспетчера очереди Windows |6.1.7601.17514 |320000 |2010-11-21 06:24:08|C:\Windows\System32\ | |72DC0000|wship6.dll |Библиотека DLL помощника Winsock2 (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 04:16:20|C:\Windows\System32\ | |73010000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.1.7600.16385 |145408 |2009-07-14 04:16:12|C:\Windows\System32\ | |730E0000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.1.7601.17514 |40448 |2010-11-21 06:23:54|C:\Windows\System32\ | |737E0000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.1.7600.16385 |242936 |2009-07-14 04:17:54|C:\Windows\System32\ | |73820000|cryptsp.dll |Cryptographic Service Provider API |6.1.7601.23471 |80896 |2016-06-14 18:21:20|C:\Windows\System32\ | |738C0000|wkscli.dll |Workstation Service Client DLL |6.1.7601.17514 |47104 |2010-11-21 06:23:51|C:\Windows\System32\ | |738D0000|srvcli.dll |Server Service Client DLL |6.1.7601.17514 |90112 |2010-11-21 06:24:16|C:\Windows\System32\ | |738F0000|netutils.dll |Net Win32 API Helpers DLL |6.1.7601.17514 |22528 |2010-11-21 06:24:16|C:\Windows\System32\ | |73900000|netapi32.dll |Net Win32 API DLL |6.1.7601.17887 |57344 |2012-07-05 00:16:56|C:\Windows\System32\ | |73920000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 04:16:17|C:\Windows\System32\ | |739E0000|winnsi.dll |Network Store Information RPC interface |6.1.7600.16385 |16896 |2009-07-14 04:16:19|C:\Windows\System32\ | |739F0000|IPHLPAPI.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-21 06:24:32|C:\Windows\System32\ | |74FF0000|winrnr.dll |LDAP RnR Provider DLL |6.1.7600.16385 |20992 |2009-07-14 04:16:19|C:\Windows\System32\ | |75000000|pnrpnsp.dll |Поставщик пространства имен PNRP |6.1.7600.16385 |65024 |2009-07-14 04:16:12|C:\Windows\System32\ | |75020000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.1.7600.16385 |52224 |2009-07-14 04:16:02|C:\Windows\System32\ | |75030000|idndl.dll |Downlevel DLL |6.1.7600.16385 |33792 |2009-07-14 04:15:27|C:\Windows\System32\ | |75040000|FirewallAPI.dll|API брандмауэра Windows |6.1.7600.16385 |462848 |2009-07-14 04:15:21|C:\Windows\SysWOW64\ | |750E0000|browcli.dll |Browser Service Client DLL |6.1.7601.17887 |41984 |2012-07-05 00:14:34|C:\Windows\System32\ | |75480000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7601.23841 |36352 |2017-06-13 01:05:17|C:\Windows\SysWOW64\ | |75490000|sspicli.dll |Security Support Provider Interface |6.1.7601.23841 |96768 |2017-06-13 01:29:03|C:\Windows\SysWOW64\ | |754F0000|clbcatq.dll |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 04:15:03|C:\Windows\SysWOW64\ | |755F0000|oleaut32.dll | |6.1.7601.23775 |581632 |2017-04-17 18:12:24|C:\Windows\SysWOW64\ | |75690000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.1.7601.23594 |833024 |2016-11-10 19:19:40|C:\Windows\SysWOW64\ | |757D0000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.1.7601.23807 |1114112 |2017-05-12 21:03:20|C:\Windows\SysWOW64\ | |758F0000|normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 04:09:00|C:\Windows\SysWOW64\ | |75A50000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |119808 |2010-11-21 06:24:25|C:\Windows\System32\ | |75AB0000|gdi32.dll |GDI Client DLL |6.1.7601.23807 |313344 |2017-05-12 21:03:20|C:\Windows\SysWOW64\ | |75B40000|setupapi.dll |Windows Setup API |6.1.7601.17514 |1667584 |2010-11-21 06:23:51|C:\Windows\SysWOW64\ | |75E10000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.1.7601.23451 |206336 |2016-05-11 18:19:26|C:\Windows\SysWOW64\ | |75E50000|ole32.dll |Microsoft OLE для Windows |6.1.7601.23775 |1417728 |2017-04-17 18:12:24|C:\Windows\SysWOW64\ | |75FB0000|shlwapi.dll |Библиотека небольших программ оболочки |6.1.7601.17514 |350208 |2010-11-21 06:23:48|C:\Windows\SysWOW64\ | |76010000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7600.16385 |92160 |2009-07-14 04:16:13|C:\Windows\SysWOW64\ | |76030000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 10:52:58|C:\Windows\SysWOW64\ | |760F0000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.1.7601.23807 |275456 |2017-05-12 21:03:20|C:\Windows\SysWOW64\ | |76140000|advapi32.dll |Расширенная библиотека API Windows 32 |6.1.7601.23807 |644096 |2017-05-12 21:03:03|C:\Windows\SysWOW64\ | |761F0000|cfgmgr32.dll |Configuration Manager DLL |6.1.7601.17621 |145920 |2011-05-24 13:39:38|C:\Windows\SysWOW64\ | |76470000|psapi.dll |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |76480000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.1.7601.23841 |666112 |2017-06-13 01:29:03|C:\Windows\SysWOW64\ | |76660000|shell32.dll |Общая библиотека оболочки Windows |6.1.7601.23806 |12880896|2017-05-10 18:12:47|C:\Windows\SysWOW64\ | |772C0000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |77360000|devobj.dll |Device Information Set DLL |6.1.7601.17621 |64512 |2011-05-24 13:40:05|C:\Windows\SysWOW64\ | |77630000|lpk.dll |Language Pack |6.1.7601.23807 |25600 |2017-05-12 21:03:20|C:\Windows\SysWOW64\ | |77640000|nsi.dll |NSI User-mode interface DLL |6.1.7600.16385 |8704 |2009-07-14 04:16:11|C:\Windows\SysWOW64\ | |77650000|imagehlp.dll |Windows NT Image Helper |6.1.7601.18288 |159232 |2013-10-19 04:36:59|C:\Windows\SysWOW64\ | |77680000|usp10.dll |Uniscribe Unicode script processor |1.626.7601.23807 |629760 |2017-05-12 21:03:19|C:\Windows\SysWOW64\ | |77720000|msctf.dll |Серверная библиотека MSCTF |6.1.7601.23572 |829952 |2016-10-11 18:18:29|C:\Windows\SysWOW64\ | |77BF0000|ntdll.dll |Системная библиотека NT |6.1.7601.23807 |1314112 |2017-05-12 21:04:45|C:\Windows\SysWOW64\ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority |Threads|Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |4 | | |4 |System | | |7172096 |Normal |228 | | |480 |smss.exe | | |1298432 |Normal |4 |C:\Windows\System32\ | |500 |winlogon.exe | | |7819264 |High |6 |C:\Windows\System32\ | |516 |lsass.exe | | |12435456|Normal |11 |C:\Windows\System32\ | |548 |services.exe | | |10727424|Normal |30 |C:\Windows\System32\ | |580 |csrss.exe | | |0 |High |10 | | |632 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |41189376|Normal |13 |C:\Windows\System32\ | |792 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |10313728|Normal |16 |C:\Windows\System32\ | |876 |csrss.exe | | |0 |High |9 | | |892 |lsm.exe | | |4628480 |Normal |11 |C:\Windows\System32\ | |960 |wininit.exe |Автозагрузка приложений Windows |6.1.7600.16385 |5083136 |High |9 |C:\Windows\System32\ | |1008|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |10846208|Normal |26 |C:\Windows\System32\ | |1032|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |8462336 |Normal |12 |C:\Windows\System32\ | |1108|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |7843840 |Normal |11 |C:\Windows\System32\ | |1136|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |21225472|Normal |29 |C:\Windows\System32\ | |1168|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |47730688|Normal |32 |C:\Windows\System32\ | |1188|PsiService_2.exe |PsiService PsiService |3.3.0.21 |3985408 |Normal |7 |C:\Program Files (x86)\Common Files\Protexis\License Service\ | |1208|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |17747968|Normal |38 |C:\Windows\System32\ | |1232|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |33173504|Normal |54 |C:\Windows\System32\ | |1312|audiodg.exe | | |23920640|Normal |12 |C:\Windows\System32\ | |1440|igfxCUIService.exe | | |8269824 |Normal |9 |C:\Windows\System32\ | |1520|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |14749696|Normal |20 |C:\Windows\System32\ | |1736|spoolsv.exe | | |20688896|Normal |31 |C:\Windows\System32\ | |1764|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |17985536|Normal |26 |C:\Windows\System32\ | |1848|armsvc.exe |Adobe Acrobat Update Service |1.824.21.4663 |4284416 |Normal |6 |C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ | |1920|AGMService.exe |Adobe Genuine Software Service |6.6.0.204 |8380416 |Normal |8 |C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\ | |1952|AGSService.exe |Adobe Genuine Software Integrity Service |6.6.0.204 |11460608|Normal |8 |C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\ | |1976|avp.exe |Kaspersky Endpoint Security for Windows |11.0.0.6499 |38428672|Normal |48 |C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\| |2024|CnxDIAS.exe |Driver Information Assist Core Module |10.2.8.2813 |9703424 |Normal |12 |C:\Program Files\Canon\DIAS\ | |2052|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |12886016|Normal |14 |C:\Windows\System32\ | |2096|TeamViewer_Service.exe |TeamViewer 14 |14.1.3399.0 |15454208|Normal |21 |C:\Program Files (x86)\TeamViewer\ | |2176|service_update.exe |Yandex |20.3.0.1223 |5648384 |Normal |5 |C:\Program Files (x86)\Yandex\YandexBrowser\20.3.0.1223\ | |2196|service_update.exe |Yandex |20.3.0.1223 |4661248 |Normal |7 |C:\Program Files (x86)\Yandex\YandexBrowser\20.3.0.1223\ | |2524|unsecapp.exe | | |0 |Normal |6 | | |2600|WmiPrvSE.exe | | |0 |Normal |9 | | |3076|mcserv.exe |MyChat Server |7.7.0.1 |92794880|Normal |29 |C:\Program Files (x86)\MyChat Server\ | |3088|taskhost.exe | | |9977856 |Normal |10 |C:\Windows\System32\ | |3144|dwm.exe | | |30126080|High |5 |C:\Windows\System32\ | |3152|PresentationFontCache.exe|PresentationFontCache.exe |3.0.6920.5011 |18665472|Normal |8 |C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ | |3192|explorer.exe |Проводник |6.1.7601.17514 |42029056|Normal |34 |C:\Windows\ | |3232|SearchIndexer.exe |Индексатор службы Microsoft Windows Search |7.0.7601.23861 |10883072|Normal |13 |C:\Windows\System32\ | |3356|SearchFilterHost.exe |Microsoft Windows Search Filter Host |7.0.7601.23861 |7663616 |Low |6 |C:\Windows\System32\ | |3428|acrotray.exe |AcroTray |17.9.20044.25828|5607424 |Normal |2 |C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ | |3472|taskeng.exe |Обработчик планировщика заданий |6.1.7601.17514 |6180864 |Below-Normal|6 |C:\Windows\System32\ | |3504|SearchProtocolHost.exe |Microsoft Windows Search Protocol Host |7.0.7601.23861 |9076736 |Low |8 |C:\Windows\System32\ | |3528|taskeng.exe |Обработчик планировщика заданий |6.1.7601.17514 |7389184 |Normal |6 |C:\Windows\System32\ | |3600|igfxEM.exe | | |11345920|Normal |8 |C:\Windows\System32\ | |3624|igfxHK.exe | | |8544256 |Normal |7 |C:\Windows\System32\ | |3644|igfxTray.exe | | |9822208 |Normal |6 |C:\Windows\System32\ | |3652|RtkNGUI64.exe |Диспетчер Realtek HD |1.0.465.0 |11128832|Normal |13 |C:\Program Files\Realtek\Audio\HDA\ | |3664|CNMFSUT6.EXE |Canon MF Network Scan Utility 64bit |1.0.1.0 |6275072 |Normal |4 |C:\Program Files\Canon\Canon MF Network Scan Utility\ | |3680|StikyNot.exe | | |13168640|Normal |11 |C:\Windows\System32\ | |3776|S6000Mnt.exe |Monitor Function |2.12.301.0 |7708672 |Normal |1 |C:\Windows\WebCam\S6000\ | |4028|mcclient.exe | |7.7.0.0 |76959744|Normal |13 |C:\Users\Viskub\AppData\Local\NSS\MyChat Client\ | |4144|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |8835072 |Normal |6 |C:\Windows\System32\ | |4388|PrintIsolationHost.exe | | |0 |Normal |7 | | |4440|wmpnscfg.exe |Приложение конфигурации службы общих сетевых ресурсов проигрывателя Windows Media|12.0.7600.16385 |6672384 |Normal |1 |C:\Program Files\Windows Media Player\ | |4452|wmpnscfg.exe |Приложение конфигурации службы общих сетевых ресурсов проигрывателя Windows Media|12.0.7600.16385 |6680576 |Normal |1 |C:\Program Files\Windows Media Player\ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ---------------------------------------------------------------------------------------------------------------------------- ; Base Address: $790000, Allocation Base: $400000, Region Size: 12603392 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READWRITE ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; ABSCompression.TABSCompressedBLOBStream.Create (Line=0 - Offset=638) ; -------------------------------------------------------------------- 0079082E 13513C ADC EDX, [ECX+$3C] 00790831 7105 JNO +5 ; ($00790838) ABSCompression.TABSCompressedBLOBStream.Create (Line=0) 00790833 E82C8FC7FF CALL -$3870D4 ; ($00409764) System._IntOver 00790838 8945AC MOV [EBP-$54], EAX 0079083B 8955B0 MOV [EBP-$50], EDX 0079083E 8D45AC LEA EAX, [EBP-$54] 00790841 8945A4 MOV [EBP-$5C], EAX 00790844 C645A810 MOV BYTE PTR [EBP-$58], $10 00790848 8D459C LEA EAX, [EBP-$64] 0079084B 50 PUSH EAX 0079084C 6A01 PUSH 1 0079084E B961270000 MOV ECX, $00002761 00790853 B201 MOV DL, 1 00790855 A1248B7700 MOV EAX, [$00778B24] ; Data as ANSI: 'DaE'; Data as UNICODE: '慄E惨E' 0079085A E81D85FEFF CALL -$017AE3 ; ($00778D7C) ABSExcept.EABSException.Create ; ; Line=0 - Offset=687 ; ------------------- 0079085F E898A5C7FF CALL -$385A68 ; ($0040ADFC) System._RaiseExcept ; <-- EXCEPTION 00790864 EB0B JMP +$0B ; ($00790871) ABSCompression.TABSCompressedBLOBStream.Create (Line=0) 00790866 8A550C MOV DL, [EBP+$0C] 00790869 8B45FC MOV EAX, [EBP-4] 0079086C E8EFE6FFFF CALL -$1911 ; ($0078EF60) ABSCompression.TABSCompressedBLOBStream.InternalCreate 00790871 8B45FC MOV EAX, [EBP-4] 00790874 807DFB00 CMP BYTE PTR [EBP-5], 0 00790878 740F JZ +$0F ; ($00790889) ABSCompression.TABSCompressedBLOBStream.Create (Line=0) 0079087A E8CD97C7FF CALL -$386833 ; ($0040A04C) System._AfterConstruction 0079087F 648F0500000000 POP DWORD PTR FS:[0] 00790886 83C40C ADD ESP, $0C 00790889 8B45FC MOV EAX, [EBP-4] 0079088C 5F POP EDI 0079088D 5E POP ESI 0079088E 8BE5 MOV ESP, EBP 00790890 5D POP EBP Registers: ----------------------------- EAX: 0018E338 EDI: 00000001 EBX: 00000000 ESI: 0EEDFADE ECX: 00000007 EBP: 0018E388 EDX: 00000000 ESP: 0018E338 EIP: 760FC54F FLG: 00000212 EXP: 0079085F STK: 0018E338 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0A5D41AC: 0018E450 0079085F: E8 98 A5 C7 FF EB 0B 8A 55 0C 8B 45 FC E8 EF E6 ........U..E.... 0A5D41A8: 00456760 0079086F: FF FF 8B 45 FC 80 7D FB 00 74 0F E8 CD 97 C7 FF ...E..}..t...... 0A5D41A4: 0018E380 0079087F: 64 8F 05 00 00 00 00 83 C4 0C 8B 45 FC 5F 5E 8B d..........E._^. 0A5D41A0: 09601B80 0079088F: E5 5D C2 0C 00 B0 04 02 00 FF FF FF FF 3A 00 00 .]...........:.. 0A5D419C: 0018E3E0 0079089F: 00 43 00 61 00 6E 00 6E 00 6F 00 74 00 20 00 73 .C.a.n.n.o.t. .s 0A5D4198: 0018E45C 007908AF: 00 65 00 74 00 20 00 73 00 74 00 72 00 65 00 61 .e.t. .s.t.r.e.a 0A5D4194: 095E9EA4 007908BF: 00 6D 00 20 00 70 00 6F 00 73 00 69 00 74 00 69 .m. .p.o.s.i.t.i 0A5D4190: 0018E450 007908CF: 00 6F 00 6E 00 20 00 74 00 6F 00 20 00 25 00 64 .o.n. .t.o. .%.d 0A5D418C: 0078CED0 007908DF: 00 2E 00 20 00 50 00 6F 00 73 00 69 00 74 00 69 ... .P.o.s.i.t.i 0A5D4188: 09601B80 007908EF: 00 6F 00 6E 00 20 00 3D 00 20 00 25 00 64 00 2C .o.n. .=. .%.d., 0A5D4184: 00790864 007908FF: 00 20 00 53 00 69 00 7A 00 65 00 20 00 3D 00 20 . .S.i.z.e. .=. 0A5D4180: 00000007 0079090F: 00 25 00 64 00 00 00 00 00 B0 04 02 00 FF FF FF .%.d............ 0A5D417C: 760FC54F 0079091F: FF 33 00 00 00 53 00 74 00 72 00 65 00 61 00 6D .3...S.t.r.e.a.m 0A5D4178: 00000000 0079092F: 00 20 00 73 00 69 00 7A 00 65 00 20 00 3D 00 20 . .s.i.z.e. .=. 0A5D4174: 00000001 0079093F: 00 25 00 64 00 20 00 74 00 6F 00 6F 00 20 00 73 .%.d. .t.o.o. .s 0A5D4170: 0EEDFADE 0079094F: 00 6D 00 61 00 6C 00 6C 00 2E 00 20 00 53 00 68 .m.a.l.l... .S.h