EurekaLog 7.9.0.0 D1ABA1B7D457384FACF27851A4CB5B98 8FA70300FF03C145A9AFA84311B28F8E DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 15F4D9469D382C40878358814A8D2A0B Application: ------------------------------------------------------------------------- 1.1 Start Date : Sun, 14 Mar 2021 14:49:26 +0300 1.2 Name/Description: mcclient.exe - (mcclient) 1.3 Version Number : 8.5.3.8 1.4 Parameters : /auto -server "SERVER_IP" 1.5 Compilation Date: Mon, 1 Mar 2021 15:39:49 +0300 1.6 Up Time : 2 minute(s), 16 second(s) 1.7 Elevated : 1 1.10 RAM : 123764736 (118,03 Mb); Max: 130527232 (124,48 Mb) 1.11 Private : 93204480 (88,89 Mb); Max: 93761536 (89,42 Mb) 1.12 Virtual : 292143104 (278,61 Mb) Exception: ----------------------------------------------------- 2.1 Date : Sun, 14 Mar 2021 14:51:43 +0300 2.2 Address : 01147E94 2.3 Module Name : mcclient.exe - (mcclient) 2.4 Module Version: 8.5.3.8 2.5 Type : EZCompressionError 2.6 Message : Buffer error. 2.7 ID : 628BCD86 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 0 User: ---------------------------------------------------------------- 3.1 ID : user 3.2 Name : user 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON (default) SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON (default) SeCreateGlobalPrivilege - ON (default) SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF 3.6 Admin : limited 3.7 Restricted: 0 Active Controls: --------------------------------------------- 4.1 Form Class : NotifyIconOverflowWindow 4.2 Form Text : 4.3 Control Class: Button 4.4 Control Text : ОК Computer: -------------------------------------------------------------------------------------------------------------- 5.1 Name : SERVER_NAME 5.2 Total Memory : 68718940160 (64,00 Gb) 5.3 Free Memory : 54117281792 (50,40 Gb) 5.4 Total Disk : 107005079552 (99,66 Gb) 5.5 Free Disk : 27441664000 (25,56 Gb) 5.6 System Up Time : 54 day(s), 16 hour(s), 4 minute(s), 37 second(s) / 54 day(s), 16 hour(s), 30 second(s) 5.7 Processor : AMD EPYC 7401P 24-Core Processor 5.8 Display Mode : 1560 x 1006, 32 bit 5.9 Display DPI : 96 5.10 Video Card : RDPUDD Chained DD (driver - RAM 4194304) 5.11 Printer : Kyocera ECOSYS M3655idn KX (driver 5,0,0,0) 5.12 Virtual Machine: Hypervisor (RDP session) 5.13 System Idle : few seconds Operating System: ---------------------------------------------------------- 6.1 Type : Microsoft Windows 2012 R2 (64 bit) 6.2 Build # : 9600 (6.3.9600.18217) 6.3 Update : 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) 6.8 Edition : 6.9 UAC : 1 Network: ---------------------------------------------------------------------------------------------- 7.1 IP Address : fe80::c102:64ef:2d9f:c66%12 - 010.144.011.145 - fe80::5efe:10.144.11.145%13 7.2 Submask : /64 - 255.255.255.000 - /128 7.3 Gateway : - 010.144.011.252 - 7.4 DNS 1 : - 010.144.011.041 - 7.5 DNS 2 : - 010.121.050.013 - 7.6 DHCP : OFF - OFF 7.7 Description: Ethernet - [UNPLGGD] TUNNEL : Steps to reproduce: ------------ 8.1 Text: Custom Information: ----------------------------------------------------------------- 9.1 ServerHWID: 494162025_6270_6-14-4-645186338 9.2 License : FREE 9.3 ClientHWID: 43A5043A4454275594282B68001C431426605F1D458614F Call Stack Information: --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Source |Unit |Class |Procedure/Method |Line | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=9096; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|04 |00000000|01147E94|mcclient.exe|00D47E94|ZLibEx.pas |ZLibEx | |ZCompressCheck |715[5] | |00000020|04 |0018F9AC|01147F65|mcclient.exe|00D47F65|ZLibEx.pas |ZLibEx | |ZInternalCompress |1025[16] | |00000020|03 |0018F9B4|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018F9DC|011481E2|mcclient.exe|00D481E2|ZLibEx.pas |ZLibEx | |ZCompress2 |1128[6] | |00000020|04 |0018FA30|0114827D|mcclient.exe|00D4827D|ZLibEx.pas |ZLibEx | |ZCompressString2 |1269[1] | |00000020|04 |0018FA5C|01148777|mcclient.exe|00D48777|ZLibExGZ.pas |ZLibExGZ | |GZCompressString |498[3] | |00000020|03 |0018FA70|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FA90|011487E3|mcclient.exe|00D487E3|ZLibExGZ.pas |ZLibExGZ | |GZCompressString |540[1] | |00000020|04 |0018FAA4|0114B0D6|mcclient.exe|00D4B0D6|mcclcore.pas |mcclcore |TMyChat |SendCommandToServer |432[13] | |00000020|03 |0018FAAC|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FB24|012A5CCD|mcclient.exe|00EA5CCD|mccadditional.pas |mccadditional | |LoginToMyChatServer |3850[103] | |00000020|03 |0018FB30|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FB98|012A7212|mcclient.exe|00EA7212|mccadditional.pas |mccadditional | |mcAcceptConnection |4047[1] | |00000020|03 |0018FBA0|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FBB0|01148F9D|mcclient.exe|00D48F9D|mcparse.pas |mcparse | |Parser |51[23] | |00000020|03 |0018FBB8|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FBF4|01423C33|mcclient.exe|01023C33|fm_main.pas |fm_main |TMainForm |EventParse |4497[10] | |00000020|03 |0018FBFC|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FC10|01422CAC|mcclient.exe|01022CAC|fm_main.pas |fm_main |TMainForm |WndProc |4004[56] | |00000020|03 |0018FC18|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0018FC40|0093E829|mcclient.exe|0053E829|DynamicSkinForm.pas|DynamicSkinForm|TspDynamicSkinForm|NewWndProc |19435[1287] | |00000020|03 |0018FC48|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|03 |0018FC5C|0040B03A|mcclient.exe|0000B03A|System.pas |System |TMonitor |Exit | | |00000020|03 |0018FC68|0040B096|mcclient.exe|0000B096|System.pas |System |TMonitor |Exit | | |00000020|03 |0018FC70|0065EB2F|mcclient.exe|0025EB2F|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018FC74|0065EB3A|mcclient.exe|0025EB3A|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018FC80|00689198|mcclient.exe|00289198|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018FC88|006891AD|mcclient.exe|002891AD|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018FC8C|006891B8|mcclient.exe|002891B8|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018FC98|77D2933F|ntdll.dll |0004933F|ntdll.dll |ntdll | |RtlDeactivateActivationContextUnsafeFast| | |00000020|03 |0018FCB0|005372B0|mcclient.exe|001372B0|System.Classes.pas |System.Classes | |StdWndProc | | |00000020|03 |0018FCC8|75E28FFF|user32.dll |00008FFF|USER32.dll |USER32 | | (possible CallNextHookEx+175) | | |00000020|03 |0018FCF4|75E2925C|user32.dll |0000925C|USER32.dll |USER32 | | (possible CallNextHookEx+780) | | |00000020|03 |0018FD04|75E292C8|user32.dll |000092C8|USER32.dll |USER32 | | (possible CallNextHookEx+888) | | |00000020|03 |0018FD08|75E29273|user32.dll |00009273|USER32.dll |USER32 | | (possible CallNextHookEx+803) | | |00000020|03 |0018FD0C|0040B384|mcclient.exe|0000B384|System.pas |System |TMonitor |TryEnter | | |00000020|03 |0018FD14|0040AEAC|mcclient.exe|0000AEAC|System.pas |System |TMonitor |Enter | | |00000020|03 |0018FD24|0040AD18|mcclient.exe|0000AD18|System.pas |System |TMonitor |CheckOwningThread | | |00000020|03 |0018FD2C|0040B03A|mcclient.exe|0000B03A|System.pas |System |TMonitor |Exit | | |00000020|03 |0018FD38|0040B096|mcclient.exe|0000B096|System.pas |System |TMonitor |Exit | | |00000020|03 |0018FD40|0065EB2F|mcclient.exe|0025EB2F|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018FD44|0065EB3A|mcclient.exe|0025EB3A|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0018FD50|00689198|mcclient.exe|00289198|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018FD58|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|03 |0018FD64|0040B6B6|mcclient.exe|0000B6B6|System.pas |System | |_HandleAnyException | | |00000060|03 |0018FD80|005372B0|mcclient.exe|001372B0|System.Classes.pas |System.Classes | |StdWndProc | | |00000060|03 |0018FD98|75E28FFF|user32.dll |00008FFF|USER32.dll |USER32 | | (possible CallNextHookEx+175) | | |00000060|03 |0018FDC4|75E2925C|user32.dll |0000925C|USER32.dll |USER32 | | (possible CallNextHookEx+780) | | |00000020|03 |0018FE08|75E29158|user32.dll |00009158|USER32.dll |USER32 | | (possible CallNextHookEx+520) | | |00000020|03 |0018FE40|77D1C1B6|ntdll.dll |0003C1B6|ntdll.dll |ntdll | |ZwFindAtom | | |00000060|03 |0018FE58|75E2A7FA|user32.dll |0000A7FA|USER32.dll |USER32 | | (possible GetMessageW+586) | | |00000020|03 |0018FE90|75E2C31D|user32.dll |0000C31D|USER32.dll |USER32 | |GetPropW | | |00000060|03 |0018FEC4|75E2A86B|user32.dll |0000A86B|USER32.dll |USER32 | |DispatchMessageW | | |00000020|03 |0018FED0|00781137|mcclient.exe|00381137|Vcl.Forms.pas |Vcl.Forms |TApplication |ProcessMessage | | |00000020|03 |0018FEEC|0078117A|mcclient.exe|0038117A|Vcl.Forms.pas |Vcl.Forms |TApplication |HandleMessage | | |00000020|03 |0018FF10|007814AD|mcclient.exe|003814AD|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000020|03 |0018FF18|007814BA|mcclient.exe|003814BA|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000030|03 |0018FF24|007814F5|mcclient.exe|003814F5|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000020|04 |0018FF40|0145402C|mcclient.exe|0105402C|mcclient.dpr |mcclient | |Initialization |474[245] | |00000030|04 |0018FF48|0145404C|mcclient.exe|0105404C|mcclient.dpr |mcclient | |Initialization |479[250] | |7FFF7FFE|03 |0018FF84|754D6A12|kernel32.dll|00016A12|KERNEL32.DLL |KERNEL32 | |BaseThreadInitThunk | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe |mcclient |8.5.3.8 |25761032|2021-03-01 14:40:54|C:\Program Files (x86)\MyChat Client\ | |08640000|normaliz.dll |Unicode Normalization DLL |6.3.9600.17415 |4096 |2014-11-21 07:49:00|C:\Windows\System32\ | |0AB30000|Beeper.dll | | |1184256 |2021-03-12 16:56:50|D:\Users\user\AppData\Local\MyChat Client\plugins\Beeper\bin\ | |0ADA0000|VNCServer.dll | | |1290240 |2021-03-12 16:56:50|D:\Users\user\AppData\Local\MyChat Client\plugins\VNCServer\bin\ | |10000000|hunspelldll.dll |libhunspell |1.3.1.0 |381440 |2012-03-23 20:01:16|C:\Program Files (x86)\MyChat Client\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 16:08:22|C:\Program Files (x86)\MyChat Client\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 16:08:22|C:\Program Files (x86)\MyChat Client\ | |57560000|ntshrui.dll |Расширения оболочки, обеспечивающие общий доступ |6.3.9600.18458 |678400 |2016-08-25 22:40:56|C:\Windows\System32\ | |58630000|oleacc.dll |Active Accessibility Core Component |7.2.9600.17415 |306688 |2014-11-21 07:47:37|C:\Windows\System32\ | |59190000|MMDevAPI.dll |MMDevice API |6.3.9600.17415 |331048 |2014-11-21 07:47:47|C:\Windows\System32\ | |5B610000|linkinfo.dll |Windows Volume Tracking |6.3.9600.17415 |23040 |2014-11-21 07:49:19|C:\Windows\System32\ | |5BA50000|rdpendp.dll |Конечная точка аудио RDP |6.3.9600.17415 |272648 |2014-11-21 07:47:37|C:\Windows\System32\ | |5BE60000|wer.dll |Библиотека сообщений об ошибках Windows |6.3.9600.19752 |450296 |2020-06-12 19:56:40|C:\Windows\System32\ | |5BEF0000|Faultrep.dll |Библиотека отчетов о сбоях в пользовательском режиме Windows |6.3.9600.19721 |373888 |2020-05-13 04:23:21|C:\Windows\System32\ | |5C630000|bass.dll |BASS |2.4.14.0 |127669 |2019-01-16 14:34:32|C:\Program Files (x86)\MyChat Client\ | |5C6A0000|TSAPPCMP.dll |DLL-библиотека совместимости приложения служб удаленных рабочих столов|6.3.9600.16384 |66560 |2017-06-07 15:56:44|C:\Windows\System32\ | |5C820000|msacm32.dll |Фильтр диспетчера аудиосжатия Microsoft |6.3.9600.17415 |89816 |2014-11-21 07:47:48|C:\Windows\System32\ | |5E210000|wininet.dll |Расширения Интернета для Win32 |11.0.9600.19781 |4387328 |2020-07-14 06:07:24|C:\Windows\System32\ | |68DC0000|comctl32.dll |Библиотека общих элементов управления |5.82.9600.17810 |549888 |2015-04-25 05:33:20|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_7c5b6194aa0716f1\| |68EB0000|GdiPlus.dll |Microsoft GDI+ |6.3.9600.19782 |1494016 |2020-07-18 06:38:06|C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.19782_none_dadfbbea5bc58d4e\ | |69810000|iertutil.dll |Служебная программа времени выполнения для Internet Explorer |11.0.9600.19724 |2304000 |2020-05-20 13:40:59|C:\Windows\System32\ | |69C80000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.3.9600.17415 |102728 |2014-11-21 07:47:37|C:\Windows\System32\ | |69D80000|usp10.dll |Uniscribe Unicode script processor |6.3.9600.17415 |77312 |2014-11-21 07:47:37|C:\Windows\System32\ | |6D590000|cscapi.dll |Offline Files Win32 API |6.3.9600.17415 |43520 |2014-11-21 07:49:04|C:\Windows\System32\ | |6D740000|winrnr.dll |LDAP RnR Provider DLL |6.3.9600.17415 |23040 |2014-11-21 07:49:12|C:\Windows\System32\ | |6D750000|nlaapi.dll |Network Location Awareness 2 |6.3.9600.18895 |65536 |2018-01-02 07:11:41|C:\Windows\System32\ | |6D770000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.3.9600.17415 |55296 |2014-11-21 07:49:14|C:\Windows\System32\ | |6E720000|winsta.dll |Winstation Library |6.3.9600.17415 |276816 |2014-11-21 07:47:33|C:\Windows\System32\ | |6EC30000|propsys.dll |Система страниц свойств (Майкрософт) |7.0.9600.17415 |1287112 |2014-11-21 07:49:19|C:\Windows\System32\ | |6EF90000|idndl.dll |Downlevel DLL |6.3.9600.17415 |33280 |2014-11-21 07:49:00|C:\Windows\System32\ | |70C70000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.3.9600.17415 |87224 |2014-11-21 07:49:29|C:\Windows\System32\ | |71060000|rasadhlp.dll |Remote Access AutoDial Helper |6.3.9600.17415 |12288 |2014-11-21 07:49:18|C:\Windows\System32\ | |71070000|dhcpcsvc.dll |Служба DHCP-клиента |6.3.9600.19423 |64512 |2019-07-09 19:58:24|C:\Windows\System32\ | |71090000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.3.9600.19780 |499712 |2020-07-11 18:54:30|C:\Windows\System32\ | |71110000|dhcpcsvc6.dll |Клиент DHCPv6 |6.3.9600.19423 |57344 |2019-07-09 19:58:30|C:\Windows\System32\ | |71470000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0 |6.3.9600.18340 |286208 |2016-05-14 00:35:16|C:\Windows\System32\ | |72950000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.3.9600.19644 |272384 |2020-02-01 19:34:42|C:\Windows\System32\ | |729B0000|olepro32.dll | |6.3.9600.18508 |86016 |2016-10-04 23:08:20|C:\Windows\System32\ | |729D0000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.3.9600.19597 |949760 |2019-12-17 02:44:56|C:\Windows\System32\ | |72AC0000|browcli.dll |Browser Service Client DLL |6.3.9600.17415 |44544 |2014-11-21 07:49:29|C:\Windows\System32\ | |72AF0000|winnsi.dll |Network Store Information RPC interface |6.3.9600.17415 |26304 |2014-11-21 07:47:22|C:\Windows\System32\ | |72B00000|IPHLPAPI.DLL |API вспомогательного приложения IP |6.3.9600.18264 |121912 |2016-03-12 03:47:34|C:\Windows\System32\ | |731F0000|wkscli.dll |Workstation Service Client DLL |6.3.9600.17415 |59904 |2014-11-21 07:49:29|C:\Windows\System32\ | |73210000|srvcli.dll |Server Service Client DLL |6.3.9600.17415 |110512 |2014-11-21 07:49:29|C:\Windows\System32\ | |73230000|netutils.dll |Net Win32 API Helpers DLL |6.3.9600.17415 |35592 |2014-11-21 07:49:29|C:\Windows\System32\ | |73240000|netapi32.dll |Net Win32 API DLL |6.3.9600.17415 |68168 |2014-11-21 07:49:11|C:\Windows\System32\ | |73260000|secur32.dll |Security Support Provider Interface |6.3.9600.17415 |24064 |2014-11-21 07:49:12|C:\Windows\System32\ | |73AC0000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.3.9600.18191 |192120 |2016-01-09 04:49:43|C:\Windows\System32\ | |73AF0000|cryptsp.dll |Cryptographic Service Provider API |6.3.9600.17415 |96032 |2014-11-21 07:49:29|C:\Windows\System32\ | |746B0000|devobj.dll |Device Information Set DLL |6.3.9600.17415 |127552 |2014-11-21 07:49:28|C:\Windows\System32\ | |746E0000|WINMMBASE.dll |Base Multimedia Extension API DLL |6.3.9600.17415 |134280 |2014-11-21 07:47:47|C:\Windows\System32\ | |74A60000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.3.9600.17415 |52664 |2014-11-21 07:47:33|C:\Windows\System32\ | |74A80000|winmm.dll |MCI API DLL |6.3.9600.17415 |136840 |2014-11-21 07:47:47|C:\Windows\System32\ | |74AB0000|msimg32.dll |GDIEXT Client DLL |6.3.9600.17415 |6144 |2014-11-21 07:47:37|C:\Windows\System32\ | |74AC0000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем |6.10.9600.19393 |2107392 |2019-06-02 19:05:07|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19394_none_a9f59c4f01325ed5\ | |74CD0000|winspool.drv |Драйвер диспетчера очереди Windows |6.3.9600.19293 |399360 |2019-02-09 19:16:49|C:\Windows\System32\ | |74D40000|wsock32.dll |Windows Socket 32-Bit DLL |6.3.9600.17415 |16384 |2014-11-21 07:49:14|C:\Windows\System32\ | |74E60000|version.dll |Version Checking and File Installation Libraries |6.3.9600.17415 |26304 |2014-11-21 07:49:19|C:\Windows\System32\ | |74F70000|SHCore.dll |SHCORE |6.3.9600.19750 |561896 |2020-06-11 07:37:56|C:\Windows\System32\ | |75000000|profapi.dll |User Profile Basic API |6.3.9600.17415 |52152 |2014-11-21 07:49:12|C:\Windows\System32\ | |75010000|userenv.dll |Userenv |6.3.9600.19543 |98296 |2019-10-28 05:40:50|C:\Windows\System32\ | |75100000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.3.9600.17415 |255136 |2014-11-21 07:48:59|C:\Windows\System32\ | |75170000|bcrypt.dll |Библиотека криптографических примитивов Windows |6.3.9600.18541 |111104 |2016-11-19 20:22:21|C:\Windows\System32\ | |75440000|kernel.appcore.dll |AppModel API Host |6.3.9600.17415 |29920 |2014-11-21 07:49:04|C:\Windows\System32\ | |75450000|bcryptPrimitives.dll|Windows Cryptographic Primitives Library |6.3.9600.18895 |341384 |2018-01-02 09:03:25|C:\Windows\System32\ | |754B0000|CRYPTBASE.dll |Base cryptographic API DLL |6.3.9600.17415 |30984 |2014-11-21 07:49:12|C:\Windows\System32\ | |754C0000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.3.9600.19719 |1040384 |2020-05-10 07:03:52|C:\Windows\System32\ | |75600000|ole32.dll |Microsoft OLE для Windows |6.3.9600.19724 |1214720 |2020-05-20 14:40:54|C:\Windows\System32\ | |75740000|clbcatq.dll |COM+ Configuration Catalog |2001.12.10530.17415|569128 |2014-11-21 07:49:07|C:\Windows\System32\ | |75830000|nsi.dll |NSI User-mode interface DLL |6.3.9600.17415 |20120 |2014-11-21 07:47:22|C:\Windows\System32\ | |759D0000|msvcrt.dll |Windows NT CRT DLL |7.0.9600.17415 |800008 |2014-11-21 07:49:54|C:\Windows\System32\ | |75AB0000|shlwapi.dll |Библиотека небольших программ оболочки |6.3.9600.17415 |278352 |2014-11-21 07:49:19|C:\Windows\System32\ | |75B00000|gdi32.dll |GDI Client DLL |6.3.9600.19781 |1088512 |2020-07-14 06:27:17|C:\Windows\System32\ | |75C10000|sspicli.dll |Security Support Provider Interface |6.3.9600.17415 |104960 |2014-11-21 07:49:12|C:\Windows\System32\ | |75DB0000|psapi.dll |Process Status Helper |6.3.9600.17415 |16504 |2014-11-21 07:49:04|C:\Windows\System32\ | |75E20000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.3.9600.19780 |1377792 |2020-07-11 18:53:17|C:\Windows\System32\ | |75F80000|comdlg32.dll |Библиотека общих диалоговых окон |6.3.9600.17415 |609280 |2014-11-21 07:49:19|C:\Windows\System32\ | |76020000|combase.dll |Microsoft COM для Windows |6.3.9600.19724 |1560272 |2020-05-20 14:40:55|C:\Windows\System32\ | |761A0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.3.9600.17415 |141312 |2014-11-21 07:47:37|C:\Windows\System32\ | |761D0000|advapi32.dll |Расширенная библиотека API Windows 32 |6.3.9600.18895 |507176 |2018-01-02 08:48:48|C:\Windows\System32\ | |76250000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.3.9600.18340 |320720 |2016-05-14 23:01:26|C:\Windows\System32\ | |762A0000|msctf.dll |Серверная библиотека MSCTF |6.3.9600.19724 |1124800 |2020-05-20 14:44:59|C:\Windows\System32\ | |763C0000|imagehlp.dll |Windows NT Image Helper |6.3.9600.17415 |74824 |2014-11-21 07:47:22|C:\Windows\System32\ | |763E0000|shell32.dll |Общая библиотека оболочки Windows |6.3.9600.19750 |19803064|2020-06-11 07:37:58|C:\Windows\System32\ | |776B0000|cfgmgr32.dll |Configuration Manager DLL |6.3.9600.17415 |241168 |2014-11-21 07:49:28|C:\Windows\System32\ | |776F0000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.3.9600.19749 |255104 |2020-06-09 07:31:23|C:\Windows\System32\ | |777D0000|setupapi.dll |Windows Setup API |6.3.9600.17415 |1782912 |2014-11-21 07:49:00|C:\Windows\System32\ | |77990000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.3.9600.19724 |861696 |2020-05-20 13:53:54|C:\Windows\System32\ | |77A70000|oleaut32.dll | |6.3.9600.19750 |613528 |2020-06-11 07:33:08|C:\Windows\System32\ | |77B10000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.3.9600.19719 |747520 |2020-05-10 06:23:08|C:\Windows\System32\ | |77CE0000|ntdll.dll |Системная библиотека NT |6.3.9600.19678 |1500888 |2020-03-31 07:49:31|C:\Windows\System32\ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority|Threads|Path |User |Session| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |17364 |taskhostex.exe| | |6742016 |Normal |4 |C:\Windows\System32\ |user|231 | |18588 |rdpclip.exe | | |9502720 |Normal |7 |C:\Windows\System32\ |user|231 | |22912 |pdf24.exe |PDF24 Creator |6.6.0.0 |6549504 |Normal |7 |C:\Program Files (x86)\PDF24\ |user|231 | |54380 |mcclient.exe |mcclient |8.5.3.8 |117379072|Normal |25 |C:\Program Files (x86)\MyChat Client\ |user|231 | |58420 |winlogon.exe | | |5976064 |High |2 |C:\Windows\System32\ |СИСТЕМА |231 | |62184 |explorer.exe |Проводник |6.3.9600.18231|93491200 |Normal |34 |C:\Windows\ |user|231 | |62228 |csrss.exe | | |26849280 |Normal |9 |C:\Windows\System32\ |СИСТЕМА |231 | |72660 |conhost.exe | | |6565888 |Normal |2 |C:\Windows\System32\ |user|231 | |82676 |dwm.exe | | |65654784 |High |13 |C:\Windows\System32\ |DWM-231 |231 | |83480 |Taskmgr.exe |Диспетчер задач |6.3.9600.17415|34664448 |Normal |12 |C:\Windows\System32\ |user|231 | |95956 |vmtoolsd.exe |VMware Tools Core Service |9.4.0.25793 |14340096 |Normal |4 |C:\Program Files\VMware\VMware Tools\ |user|231 | |100252|Far.exe |File and archive manager |3.0.4828.0 |32956416 |Normal |8 |C:\Program Files (x86)\Far\ |user|231 | |105952|regedit.exe |Редактор реестра |6.3.9600.17415|12517376 |Normal |1 |C:\Windows\ |user|231 | |106972|avp.exe |Kaspersky Endpoint Security for Windows|11.4.0.233 |6627328 |Normal |12 |C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\|user|231 | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ---------------------------------------------------------------------------------------------- ; Base Address: $1147000, Allocation Base: $400000, Region Size: 3203072 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; ZLibEx.ZCompressCheck (Line=710 - Offset=0) ; ------------------------------------------- 01147E78 55 PUSH EBP 01147E79 8BEC MOV EBP, ESP 01147E7B 53 PUSH EBX 01147E7C 8BD8 MOV EBX, EAX ; ; Line=711 - Offset=6 ; ------------------- 01147E7E 8BC3 MOV EAX, EBX ; ; Line=713 - Offset=8 ; ------------------- 01147E80 85DB TEST EBX, EBX 01147E82 7D15 JGE +$15 ; ($01147E99) ZLibEx.ZCompressCheck (Line=717) ; ; Line=715 - Offset=12 ; -------------------- 01147E84 6A00 PUSH 0 01147E86 8BCB MOV ECX, EBX 01147E88 B201 MOV DL, 1 01147E8A A1187D1401 MOV EAX, [$01147D18] ; Delphi Class "EZCompressionError" 01147E8F E884040000 CALL +$0484 ; ($01148318) ZLibEx.EZLibError.Create ; ; Line=715 - Offset=28 ; -------------------- 01147E94 E8733B2CFF CALL -$D3C48D ; ($0040BA0C) System._RaiseExcept ; <-- EXCEPTION ; ; Line=717 - Offset=33 ; -------------------- 01147E99 5B POP EBX 01147E9A 5D POP EBP Registers: ----------------------------- EAX: 00180998 EDI: 014F14D0 EBX: FFFFFFFB ESI: 0000000A ECX: 00000007 EBP: 001809F0 EDX: 00000000 ESP: 00180998 EIP: 779A56E8 FLG: 00000212 EXP: 01147E94 STK: 00180998 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 001809D4: CCCCCCCC 01147E94: E8 73 3B 2C FF 5B 5D C3 55 8B EC 53 8B D8 8B C3 .s;,.[].U..S.... 001809D0: CCCCCCCC 01147EA4: 85 DB 7D 1F 83 FB FB 0F 95 C1 0A D1 74 15 6A 00 ..}.........t.j. 001809CC: CCCCCCCC 01147EB4: 8B CB B2 01 A1 C8 7D 14 01 E8 56 04 00 00 E8 45 ......}...V....E 001809C8: CCCCCCCC 01147EC4: 3B 2C FF 5B 5D C3 8B C0 55 8B EC 51 53 56 57 8B ;,.[]...U..QSVW. 001809C4: 00180A24 01147ED4: DA 89 45 FC BF D0 14 4F 01 8B C1 BE 0A 00 00 00 ..E....O........ 001809C0: 00180A28 01147EE4: 99 F7 FE 03 C1 83 C0 0C 05 FF 00 00 00 25 00 FF .............%.. 001809BC: 014F14D0 01147EF4: FF FF 8B 55 08 89 02 8B 45 0C 33 D2 89 10 33 D2 ...U....E.3...3. 001809B8: 0000000A 01147F04: 55 68 21 80 14 01 64 FF 32 64 89 22 33 D2 55 68 Uh!...d.2d."3.Uh 001809B4: FFFFFFFB 01147F14: F7 7F 14 01 64 FF 32 64 89 22 8B 45 FC 89 18 8B ....d.2d.".E.... 001809B0: 0A8861D8 01147F24: 45 FC 89 48 04 8B 55 08 8B 12 8B 45 0C E8 C6 F4 E..H..U....E.... 001809AC: 01147E99 01147F34: 2B FF 8B 45 0C 8B 00 8B 55 FC 03 42 14 8B 55 FC +..E....U..B..U. 001809A8: 00000007 01147F44: 89 42 0C 8B 45 08 8B 00 8B 55 FC 2B 42 14 8B 55 .B..E....U.+B..U 001809A4: 779A56E8 01147F54: FC 89 42 10 33 C0 8B 14 87 8B 45 FC E8 97 8F FF ..B.3.....E..... 001809A0: 00000000 01147F64: FF E8 0E FF FF FF 8B D8 8B 45 08 81 00 00 01 00 .........E...... 0018099C: 00000001 01147F74: 00 83 FB 01 74 09 8B 45 FC 83 78 04 00 75 A6 4B ....t..E..x..u.K 00180998: 0EEDFADE 01147F84: 74 56 8B 55 08 8B 12 8B 45 0C E8 69 F4 2B FF 8B tV.U....E..i.+..