EurekaLog 7.9.0.0 D1ABA1B7D457384FACF27851A4CB5B98 E1C153F6A3636C419D6D07972BAE170A DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 28C481B0A242B64E9EF8FB074B031BC8 Application: ------------------------------------------------------------------------- 1.1 Start Date : Wed, 7 Apr 2021 07:57:37 +0300 1.2 Name/Description: mcclient.exe - (mcclient) 1.3 Version Number : 8.6.3.6 1.4 Parameters : /autorun 1.5 Compilation Date: Thu, 1 Apr 2021 17:04:55 +0300 1.6 Up Time : 2 minute(s), 16 second(s) 1.7 Elevated : 0 1.8 Integrity : Medium 1.9 Allocated : 9450767 (9,01 Mb) 1.10 RAM : 125292544 (119,49 Mb); Max: 133591040 (127,40 Mb) 1.11 Private : 91516928 (87,28 Mb); Max: 110850048 (105,71 Mb) 1.12 Virtual : 320831488 (305,97 Mb) Exception: -------------------------------------------------------------------------------------------------------------- 2.1 Date : Wed, 7 Apr 2021 07:59:54 +0300 2.2 Address : 012EA389 2.3 Module Name : mcclient.exe - (mcclient) 2.4 Module Version: 8.6.3.6 2.5 Type : EAccessViolation 2.6 Message : Access violation at address 012EA389 in module 'mcclient.exe'. Read of address 00000000. 2.7 ID : 06FE9963 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 1 User: ---------------------------------------------------------------- 3.1 ID : Clerk 3.2 Name : Ольга Корначева 3.3 Email : 3.4 Company : 3.5 Privileges: SeShutdownPrivilege - OFF SeChangeNotifyPrivilege - ON (default) SeUndockPrivilege - OFF SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF 3.6 Admin : limited 3.7 Restricted: 0 Active Controls: ------------------------------------------------------------------------------------ 4.1 Form Class : TMainForm 4.2 Form Text : MyChat Client 8.6.3 - Чечко Ольга Леонидовна [SERVER3] (В сети) 4.3 Control Class: TspCustomEdit 4.4 Control Text : Computer: ------------------------------------------------------------------------------------------------------- 5.1 Name : CLERK 5.2 Total Memory : 17030606848 (15,86 Gb) 5.3 Free Memory : 13239885824 (12,33 Gb) 5.4 Total Disk : 249481580544 (232,35 Gb) 5.5 Free Disk : 178950483968 (166,66 Gb) 5.6 System Up Time : 22 hour(s), 22 minute(s), 53 second(s) / 22 hour(s), 23 minute(s), 23 second(s) 5.7 Processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) UHD Graphics 630 (driver 26.20.100.7262 - RAM 1073741824) 5.11 Printer : HP LaserJet 400 M401 PCL 6 (driver 10.0.18362.836) 5.12 Virtual Machine: 5.13 System Idle : few seconds Operating System: -------------------------------------------------------------- 6.1 Type : Microsoft Windows 10 (64 bit) 6.2 Build # : 1809 (10.0.17763.1158) 6.3 Update : October 2018 Update [Redstone 5] #1158 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) 6.8 Edition : Enterprise 6.9 UAC : 1 Network: ---------------------------------------------------------------------------------------------------- 7.1 IP Address : fe80::25dc:e2a6:52f8:edf1%7 - 172.019.203.052 - 192.168.001.016 - 192.168.005.008 7.2 Submask : /64 - 255.255.255.248 - 255.255.255.000 - 255.255.255.000 7.3 Gateway : - 000.000.000.000 - 192.168.005.002 - 000.000.000.000 7.4 DNS 1 : fec0:0:0:ffff::1%1 - 000.000.000.000 - 192.168.005.006 - 082.209.243.241 7.5 DNS 2 : fec0:0:0:ffff::2%1 - 000.000.000.000 - 082.209.240.241 - 000.000.000.000 7.6 DHCP : OFF - OFF 7.7 Description: Ethernet 2 - Ethernet Steps to reproduce: ------------ 8.1 Text: Custom Information: -------------------------------------------------------------------- 9.1 ServerHWID: 488894944_6209_6-12-3-632970267 9.2 License : FREE 9.3 ClientHWID: 45F4B3244042E42641220194D00035517435554201A0342EA6 Call Stack Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Source |Unit |Class |Procedure/Method |Line | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=12248; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|04 |00000000|012EA389|mcclient.exe|00EEA389|service.pas |service | |GetStringValueFromJSON |781[5] | |00000020|03 |0019FA08|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FA2C|010DAC72|mcclient.exe|00CDAC72|inpdataedittools.pas|inpdataedittools| |GetCutLocalized64TextWithoutTags |5113[23] | |00000020|03 |0019FA34|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FA84|00FEF93E|mcclient.exe|00BEF93E|myTalks.pas |myTalks |TTalkList |AddItemPrivate |332[25] | |00000020|03 |0019FA94|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FAB8|00E698D0|mcclient.exe|00A698D0|myPrivateDialogs.pas|myPrivateDialogs|TPrivateDialogs |RepaintPrivateDialogs |916[43] | |00000020|03 |0019FAEC|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FB28|00E6804A|mcclient.exe|00A6804A|myPrivateDialogs.pas|myPrivateDialogs|TPrivateDialogs |DrawPrivateDialogs |314[3] | |00000020|04 |0019FB30|012B3CE4|mcclient.exe|00EB3CE4|mccadditional.pas |mccadditional | |mcPrivateDialogsParse |1030[3] | |00000020|03 |0019FB38|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FB48|01164F1E|mcclient.exe|00D64F1E|mcparse.pas |mcparse | |Parser |185[157] | |00000020|03 |0019FB50|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FB8C|0143F927|mcclient.exe|0103F927|fm_main.pas |fm_main |TMainForm |EventParse |4528[10] | |00000020|03 |0019FB94|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FBA8|0143E9A0|mcclient.exe|0103E9A0|fm_main.pas |fm_main |TMainForm |WndProc |4033[56] | |00000020|03 |0019FBB0|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|04 |0019FBD8|00955561|mcclient.exe|00555561|DynamicSkinForm.pas |DynamicSkinForm |TspDynamicSkinForm|NewWndProc |19435[1287] | |00000020|03 |0019FBE0|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|03 |0019FBF4|0069076D|mcclient.exe|0029076D|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0019FC00|77AC1CC7|ntdll.dll |00041CC7|ntdll.dll |ntdll | |RtlDeactivateActivationContextUnsafeFast | | |00000020|03 |0019FC1C|00537AB4|mcclient.exe|00137AB4|System.Classes.pas |System.Classes | |StdWndProc | | |00000020|03 |0019FC34|751C5CA9|user32.dll |00045CA9|USER32.dll |USER32 | | (possible AddClipboardFormatListener+73)| | |00000020|03 |0019FC60|751B67B7|user32.dll |000367B7|USER32.dll |USER32 | | (possible CallWindowProcW+2855) | | |00000020|03 |0019FC70|751B6A61|user32.dll |00036A61|USER32.dll |USER32 | | (possible CallWindowProcW+3537) | | |00000020|03 |0019FC74|751B67DB|user32.dll |000367DB|USER32.dll |USER32 | | (possible CallWindowProcW+2891) | | |00000020|03 |0019FC84|006911D6|mcclient.exe|002911D6|Vcl.Controls.pas |Vcl.Controls |TWinControl |WndProc | | |00000020|03 |0019FC90|004118CC|mcclient.exe|000118CC|System.pas |System | |_IntfClear | | |00000020|04 |0019FC94|0094E149|mcclient.exe|0054E149|DynamicSkinForm.pas |DynamicSkinForm |TspDynamicSkinForm|TestActive |16127[1] | |00000020|04 |0019FC9C|0094E48E|mcclient.exe|0054E48E|DynamicSkinForm.pas |DynamicSkinForm |TspDynamicSkinForm|TestActive |16205[79] | |00000020|04 |0019FCA0|0094E499|mcclient.exe|0054E499|DynamicSkinForm.pas |DynamicSkinForm |TspDynamicSkinForm|TestActive |16205[79] | |00000020|03 |0019FCA4|0040B384|mcclient.exe|0000B384|System.pas |System |TMonitor |TryEnter | | |00000020|03 |0019FCAC|0040AEAC|mcclient.exe|0000AEAC|System.pas |System |TMonitor |Enter | | |00000020|03 |0019FCBC|0040AD18|mcclient.exe|0000AD18|System.pas |System |TMonitor |CheckOwningThread | | |00000020|03 |0019FCC4|0040B03A|mcclient.exe|0000B03A|System.pas |System |TMonitor |Exit | | |00000020|03 |0019FCD0|0040B096|mcclient.exe|0000B096|System.pas |System |TMonitor |Exit | | |00000020|03 |0019FCD8|006660EF|mcclient.exe|002660EF|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0019FCDC|006660FA|mcclient.exe|002660FA|Vcl.Graphics.pas |Vcl.Graphics | |FreeMemoryContexts | | |00000020|03 |0019FCE8|00690758|mcclient.exe|00290758|Vcl.Controls.pas |Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0019FCF0|0040B8E6|mcclient.exe|0000B8E6|System.pas |System | |_HandleFinally | | |00000020|03 |0019FCFC|0040B6B6|mcclient.exe|0000B6B6|System.pas |System | |_HandleAnyException | | |00000060|03 |0019FD18|00537AB4|mcclient.exe|00137AB4|System.Classes.pas |System.Classes | |StdWndProc | | |00000060|03 |0019FD30|751C5CA9|user32.dll |00045CA9|USER32.dll |USER32 | | (possible AddClipboardFormatListener+73)| | |00000060|03 |0019FD5C|751B67B7|user32.dll |000367B7|USER32.dll |USER32 | | (possible CallWindowProcW+2855) | | |00000020|03 |0019FDA8|751C312D|user32.dll |0004312D|USER32.dll |USER32 | | (possible IsRectEmpty+525) | | |00000020|03 |0019FDB0|77AF06BA|ntdll.dll |000706BA|ntdll.dll |ntdll | |NtCallbackReturn | | |00000020|03 |0019FDB4|751C3141|user32.dll |00043141|USER32.dll |USER32 | | (possible IsRectEmpty+545) | | |00000020|03 |0019FDD8|751B6605|user32.dll |00036605|USER32.dll |USER32 | | (possible CallWindowProcW+2421) | | |00000060|03 |0019FE40|751B58F6|user32.dll |000358F6|USER32.dll |USER32 | | (possible DispatchMessageW+566) | | |00000020|03 |0019FE78|751C0543|user32.dll |00040543|USER32.dll |USER32 | |GetPropW | | |00000060|03 |0019FEB4|751B56CB|user32.dll |000356CB|USER32.dll |USER32 | |DispatchMessageW | | |00000020|03 |0019FEC0|007886F7|mcclient.exe|003886F7|Vcl.Forms.pas |Vcl.Forms |TApplication |ProcessMessage | | |00000020|03 |0019FEDC|0078873A|mcclient.exe|0038873A|Vcl.Forms.pas |Vcl.Forms |TApplication |HandleMessage | | |00000020|03 |0019FF00|00788A6D|mcclient.exe|00388A6D|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000020|03 |0019FF08|00788A7A|mcclient.exe|00388A7A|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000030|03 |0019FF14|00788AB5|mcclient.exe|00388AB5|Vcl.Forms.pas |Vcl.Forms |TApplication |Run | | |00000020|04 |0019FF30|014702CF|mcclient.exe|010702CF|mcclient.dpr |mcclient | |Initialization |479[246] | |00000030|04 |0019FF38|014702EF|mcclient.exe|010702EF|mcclient.dpr |mcclient | |Initialization |484[251] | |7FFF7FFE|03 |0019FF74|777F0417|kernel32.dll|00020417|KERNEL32.DLL |KERNEL32 | |BaseThreadInitThunk | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe |mcclient |8.6.3.6 |26221832|2021-04-01 17:37:34|C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ | |028A0000|gdi32.dll |GDI Client DLL |6.2.17763.592 |137864 |2019-07-10 14:42:45|C:\Windows\System32\ | |028D0000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.2.17763.771 |384272 |2019-11-04 07:33:31|C:\Windows\System32\ | |0EB80000|Beeper.dll | | |1184256 |2021-01-28 09:27:50|C:\Users\Clerk\AppData\Local\MyChat Client\plugins\Beeper\bin\ | |10000000|hunspelldll.dll |libhunspell |1.3.1.0 |381440 |2012-03-23 21:01:16|C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 17:08:22|C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 17:08:22|C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ | |60150000|resourcepolicyclient.dll|Resource Policy Client |6.2.17763.1 |49560 |2018-09-15 10:29:03|C:\Windows\System32\ | |60160000|avrt.dll |Среда выполнения мультимедиа в реальном времени |6.2.17763.1 |27328 |2018-09-15 10:29:00|C:\Windows\System32\ | |60170000|AudioSes.dll |Сеанс обработки звука |6.2.17763.1075 |1098128 |2020-04-10 15:25:00|C:\Windows\System32\ | |60280000|ntshrui.dll |Расширения оболочки, обеспечивающие общий доступ |6.2.17763.1131 |672256 |2020-05-14 15:19:00|C:\Windows\System32\ | |60330000|linkinfo.dll |Windows Volume Tracking |6.2.17763.1 |23552 |2018-09-15 10:29:12|C:\Windows\System32\ | |60340000|idndl.dll |Downlevel DLL |6.2.17763.1 |7680 |2018-09-15 10:29:10|C:\Windows\System32\ | |60350000|olepro32.dll |OLEPRO32.DLL |6.2.17763.503 |88576 |2019-05-22 17:14:36|C:\Windows\System32\ | |60370000|wer.dll |Библиотека сообщений об ошибках Windows |6.2.17763.1098 |681416 |2020-04-10 15:24:32|C:\Windows\System32\ | |60420000|Faultrep.dll |Библиотека отчетов о сбоях в пользовательском режиме Windows |6.2.17763.1075 |390128 |2020-04-10 15:24:32|C:\Windows\System32\ | |60480000|msacm32.dll |Фильтр диспетчера аудиосжатия Microsoft |6.2.17763.1 |93984 |2018-09-15 10:29:00|C:\Windows\System32\ | |604A0000|bass.dll |BASS |2.4.14.0 |127669 |2019-01-16 15:34:32|C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ | |60500000|GdiPlus.dll |Microsoft GDI+ |6.2.17763.1158 |1485312 |2020-04-12 10:36:25|C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.1158_none_570a5744c2592c53\ | |60670000|oleacc.dll |Active Accessibility Core Component |7.2.17763.1 |324608 |2018-09-15 10:29:13|C:\Windows\System32\ | |609E0000|dcomp.dll |Microsoft DirectComposition Library |6.2.17763.1075 |1427592 |2020-04-10 15:25:06|C:\Windows\System32\ | |60B40000|dataexchange.dll |Data exchange |6.2.17763.1075 |297472 |2020-04-10 15:25:03|C:\Windows\System32\ | |61550000|MMDevAPI.dll |MMDevice API |6.2.17763.1075 |366728 |2020-04-10 15:25:00|C:\Windows\System32\ | |615B0000|rmclient.dll |Resource Manager Client |6.2.17763.678 |114128 |2019-08-15 15:54:35|C:\Windows\System32\ | |61AE0000|twinapi.appcore.dll |twinapi.appcore |6.2.17763.1075 |1720936 |2020-04-10 15:25:03|C:\Windows\System32\ | |61D30000|TextInputFramework.dll |"TextInputFramework.DYNLINK" |6.2.17763.1075 |542504 |2020-04-10 15:25:04|C:\Windows\System32\ | |62B30000|CoreUIComponents.dll |Microsoft Core UI Components Dll |6.2.17763.1 |2538768 |2018-09-15 10:29:03|C:\Windows\System32\ | |62DA0000|CoreMessaging.dll |Microsoft CoreMessaging Dll |6.2.17763.194 |582240 |2019-01-09 14:09:53|C:\Windows\System32\ | |65F50000|usp10.dll |Uniscribe Unicode script processor |6.2.17763.864 |77824 |2019-12-12 12:27:44|C:\Windows\System32\ | |663F0000|comctl32.dll |Библиотека общих элементов управления |5.82.17763.831 |569872 |2019-10-04 06:48:49|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1158_none_b4b1d98b6e775d54\| |6AD80000|dxgi.dll |DirectX Graphics Infrastructure |6.2.17763.1075 |661304 |2020-04-10 15:25:01|C:\Windows\System32\ | |6AE30000|d3d11.dll |Direct3D 11 Runtime |6.2.17763.1075 |2264344 |2020-04-10 15:25:01|C:\Windows\System32\ | |6CA10000|dbgcore.dll |Windows Core Debugging Helpers |6.2.17763.1 |132096 |2018-09-15 10:29:08|C:\Windows\System32\ | |6CA40000|dbghelp.dll |Windows Image Helper |6.2.17763.1 |1522176 |2018-09-15 10:29:08|C:\Windows\System32\ | |6CBD0000|cscapi.dll |Offline Files Win32 API |6.2.17763.404 |40960 |2019-05-22 17:14:36|C:\Windows\System32\ | |6CBE0000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.2.17763.404 |89336 |2019-05-22 17:14:13|C:\Windows\System32\ | |6D220000|wininet.dll |Расширения Интернета для Win32 |11.0.17763.1132 |4628480 |2020-05-14 15:19:00|C:\Windows\System32\ | |6D6A0000|winspool.drv |Драйвер диспетчера очереди Windows |6.2.17763.1075 |415744 |2020-04-10 15:25:00|C:\Windows\System32\ | |6DD10000|WinTypes.dll |Библиотека DLL основных типов Windows |6.2.17763.1158 |902248 |2020-05-14 15:18:48|C:\Windows\System32\ | |705D0000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.2.17763.1075 |140304 |2020-04-10 15:25:06|C:\Windows\System32\ | |70C90000|srvcli.dll |Server Service Client DLL |6.2.17763.1 |74352 |2018-09-15 10:29:08|C:\Windows\System32\ | |710B0000|wkscli.dll |Workstation Service Client DLL |6.2.17763.1 |57816 |2018-09-15 10:29:07|C:\Windows\System32\ | |715B0000|msimg32.dll |GDIEXT Client DLL |6.2.17763.1 |6656 |2018-09-15 10:29:08|C:\Windows\System32\ | |71650000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.2.17763.1075 |481280 |2020-04-10 15:25:01|C:\Windows\System32\ | |71F70000|winsta.dll |Winstation Library |6.2.17763.771 |256704 |2019-11-04 07:33:32|C:\Windows\System32\ | |72EE0000|netutils.dll |Net Win32 API Helpers DLL |6.2.17763.1 |37160 |2018-09-15 10:29:08|C:\Windows\System32\ | |72F10000|secur32.dll |Security Support Provider Interface |6.2.17763.1 |23040 |2018-09-15 10:29:13|C:\Windows\System32\ | |72F20000|netapi32.dll |Net Win32 API DLL |6.2.17763.1 |68680 |2018-09-15 10:29:02|C:\Windows\System32\ | |732A0000|wshbth.dll |Windows Sockets Helper DLL |6.2.17763.1 |50688 |2018-09-15 10:29:05|C:\Windows\System32\ | |732B0000|nlaapi.dll |Network Location Awareness 2 |6.2.17763.134 |70144 |2019-01-09 14:09:53|C:\Windows\System32\ | |732D0000|winrnr.dll |LDAP RnR Provider DLL |6.2.17763.1 |23552 |2018-09-15 10:29:08|C:\Windows\System32\ | |732E0000|pnrpnsp.dll |Поставщик пространства имен PNRP |6.2.17763.1 |70656 |2018-09-15 10:29:33|C:\Windows\System32\ | |73300000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.2.17763.1 |54784 |2018-09-15 10:29:00|C:\Windows\System32\ | |73C80000|dhcpcsvc6.dll |Клиент DHCPv6 |6.2.17763.1 |58368 |2018-09-15 10:29:08|C:\Windows\System32\ | |73CA0000|dhcpcsvc.dll |Служба DHCP-клиента |6.2.17763.1 |69120 |2018-09-15 10:29:08|C:\Windows\System32\ | |742A0000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.2.17763.771 |313856 |2019-11-04 07:33:32|C:\Windows\System32\ | |74300000|rasadhlp.dll |Remote Access AutoDial Helper |6.2.17763.1 |12800 |2018-09-15 10:29:13|C:\Windows\System32\ | |74680000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.2.17763.1131 |583096 |2020-05-14 15:18:48|C:\Windows\System32\ | |74740000|IPHLPAPI.DLL |API вспомогательного приложения IP |6.2.17763.615 |197832 |2019-07-10 14:42:31|C:\Windows\System32\ | |74850000|ntmarta.dll |Поставщик Windows NT MARTA |6.2.17763.1 |153408 |2018-09-15 10:29:07|C:\Windows\System32\ | |74900000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.2.17763.1 |52864 |2018-09-15 10:29:02|C:\Windows\System32\ | |74A40000|WINMMBASE.dll |Base Multimedia Extension API DLL |6.2.17763.1 |132392 |2018-09-15 10:29:00|C:\Windows\System32\ | |74A70000|winmm.dll |MCI API DLL |6.2.17763.1 |134512 |2018-09-15 10:29:00|C:\Windows\System32\ | |74AA0000|propsys.dll |Система страниц свойств (Майкрософт) |7.0.17763.1075 |1573480 |2020-04-10 15:25:04|C:\Windows\System32\ | |74C20000|wship6.dll |Библиотека DLL помощника Winsock2 (TL/IPv6) |6.2.17763.1 |11264 |2018-09-15 10:29:08|C:\Windows\System32\ | |74C30000|wsock32.dll |Windows Socket 32-Bit DLL |6.2.17763.1 |16384 |2018-09-15 10:29:02|C:\Windows\System32\ | |74C40000|WSHTCPIP.DLL |Библиотека DLL помощника службы Winsock2 (TL/IPv4) |6.2.17763.1 |10752 |2018-09-15 10:29:08|C:\Windows\System32\ | |74C50000|wshqos.dll |Библиотека DLL помощника службы QoS Winsock2 |6.2.17763.1 |15872 |2018-09-15 10:29:03|C:\Windows\System32\ | |74C60000|devobj.dll |Device Information Set DLL |6.2.17763.771 |135816 |2019-11-04 07:33:19|C:\Windows\System32\ | |74C90000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.2.17763.1 |185608 |2018-09-15 10:29:07|C:\Windows\System32\ | |74CC0000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем|6.10.17763.1158 |2148168 |2020-04-12 10:50:46|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1158_none_261f645f67c6b285\ | |74ED0000|version.dll |Version Checking and File Installation Libraries |6.2.17763.1 |27328 |2018-09-15 10:29:13|C:\Windows\System32\ | |75070000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0|6.2.17763.292 |324408 |2019-05-22 17:14:12|C:\Windows\System32\ | |750D0000|CRYPTBASE.dll |Base cryptographic API DLL |6.2.17763.1 |31728 |2018-09-15 10:29:00|C:\Windows\System32\ | |750E0000|sspicli.dll |Security Support Provider Interface |6.2.17763.1 |122400 |2018-09-15 10:29:00|C:\Windows\System32\ | |75100000|profapi.dll |User Profile Basic API |6.2.17763.1075 |106376 |2020-04-10 15:25:00|C:\Windows\System32\ | |75180000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.2.17763.1158 |1675008 |2020-05-14 15:18:59|C:\Windows\System32\ | |75320000|ole32.dll |Microsoft OLE для Windows |6.2.17763.1075 |1027000 |2020-04-10 15:25:05|C:\Windows\System32\ | |75420000|normaliz.dll |Unicode Normalization DLL |6.2.17763.1 |5120 |2018-09-15 10:29:07|C:\Windows\System32\ | |75430000|gdi32full.dll |GDI Client DLL |6.2.17763.1158 |1465272 |2020-05-14 15:19:00|C:\Windows\System32\ | |75630000|crypt32.dll |API32 криптографии |6.2.17763.973 |1670800 |2020-02-17 08:02:44|C:\Windows\System32\ | |757D0000|combase.dll |Microsoft COM для Windows |6.2.17763.1158 |2590736 |2020-05-14 15:18:49|C:\Windows\System32\ | |75A50000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.2.17763.864 |782968 |2019-12-12 12:27:42|C:\Windows\System32\ | |75B10000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.2.17763.1075 |492216 |2020-04-10 15:25:00|C:\Windows\System32\ | |75B90000|bcrypt.dll |Библиотека криптографических примитивов Windows |6.2.17763.1 |96760 |2018-09-15 10:29:08|C:\Windows\System32\ | |75D20000|cryptsp.dll |Cryptographic Service Provider API |6.2.17763.1 |67648 |2018-09-15 10:29:08|C:\Windows\System32\ | |75D40000|SHCore.dll |SHCORE |6.2.17763.1075 |555440 |2020-04-10 15:25:05|C:\Windows\System32\ | |76220000|win32u.dll |Win32u |6.2.17763.1 |88304 |2018-09-15 10:29:05|C:\Windows\System32\ | |76240000|msasn1.dll |ASN.1 Runtime APIs |6.2.17763.1 |50608 |2018-09-15 10:29:07|C:\Windows\System32\ | |76250000|shlwapi.dll |Библиотека небольших программ оболочки |6.2.17763.1 |274224 |2018-09-15 10:29:12|C:\Windows\System32\ | |762D0000|bcryptPrimitives.dll |Windows Cryptographic Primitives Library |6.2.17763.678 |398928 |2019-08-15 15:54:30|C:\Windows\System32\ | |76340000|msctf.dll |Серверная библиотека MSCTF |6.2.17763.1075 |1293768 |2020-04-10 15:24:29|C:\Windows\System32\ | |76480000|advapi32.dll |Расширенная библиотека API Windows 32 |6.2.17763.1131 |507400 |2020-05-14 15:18:58|C:\Windows\System32\ | |76560000|oleaut32.dll |OLEAUT32.DLL |6.2.17763.914 |603792 |2020-01-10 08:18:20|C:\Windows\System32\ | |76600000|imagehlp.dll |Windows NT Image Helper |6.2.17763.1 |95488 |2018-09-15 10:28:46|C:\Windows\System32\ | |76620000|msvcrt.dll |Windows NT CRT DLL |7.0.17763.475 |780632 |2019-05-22 17:14:31|C:\Windows\System32\ | |766E0000|shell32.dll |Общая библиотека оболочки Windows |6.2.17763.1131 |5608120 |2020-05-14 15:19:00|C:\Windows\System32\ | |76C40000|kernel.appcore.dll |AppModel API Host |6.2.17763.1 |51336 |2018-09-15 10:29:05|C:\Windows\System32\ | |76C50000|psapi.dll |Process Status Helper |6.2.17763.1 |17208 |2018-09-15 10:29:07|C:\Windows\System32\ | |76C60000|windows.storage.dll |API хранения Microsoft WinRT |6.2.17763.1131 |6318840 |2020-05-14 15:18:59|C:\Windows\System32\ | |77260000|comdlg32.dll |Библиотека общих диалоговых окон |6.2.17763.1131 |993280 |2020-05-14 15:19:00|C:\Windows\System32\ | |773C0000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.2.17763.1 |341560 |2018-09-15 10:29:08|C:\Windows\System32\ | |77420000|nsi.dll |NSI User-mode interface DLL |6.2.17763.831 |20144 |2019-12-12 12:27:41|C:\Windows\System32\ | |77430000|msvcp_win.dll |Microsoft® C Runtime Library |6.2.17763.1 |516496 |2018-09-15 10:29:08|C:\Windows\System32\ | |774B0000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.2.17763.1158 |2078392 |2020-05-14 15:18:57|C:\Windows\System32\ | |77700000|clbcatq.dll |COM+ Configuration Catalog |2001.12.10941.16384|515624 |2018-09-15 10:29:05|C:\Windows\System32\ | |77790000|cfgmgr32.dll |Configuration Manager DLL |6.2.17763.1 |235496 |2018-09-15 10:29:08|C:\Windows\System32\ | |777D0000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.2.17763.1158 |649272 |2020-05-14 15:18:59|C:\Windows\System32\ | |778B0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.2.17763.719 |144080 |2019-09-11 07:57:45|C:\Windows\System32\ | |778E0000|ucrtbase.dll |Microsoft® C Runtime Library |6.2.17763.719 |1191512 |2019-09-11 07:57:27|C:\Windows\System32\ | |77A80000|ntdll.dll |Системная библиотека NT |6.2.17763.1158 |1674480 |2020-05-14 15:18:58|C:\Windows\System32\ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |ID |Name |Description |Version |Memory |Priority |Threads|Path |User |Session| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |684 |ctfmon.exe |CTF-загрузчик |6.2.17763.1 |17014784 |High |10 |C:\Windows\System32\ |Clerk|2 | |748 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|15544320 |Normal |5 |C:\Windows\SysNative\ |Clerk|2 | |1020 |svchost.exe |Хост-процесс для служб Windows |6.2.17763.1 |18792448 |Normal |10 |C:\Windows\System32\ |Clerk|2 | |1444 |svchost.exe |Хост-процесс для служб Windows |6.2.17763.1 |15835136 |Normal |6 |C:\Windows\System32\ |Clerk|2 | |1764 |chrome.exe |Google Chrome |89.0.4389.114 |52633600 |Low |16 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |2328 |chrome.exe |Google Chrome |89.0.4389.114 |92741632 |Low |17 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |2648 |chrome.exe |Google Chrome |89.0.4389.114 |140644352|Normal |32 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |3336 |FamItrfc.Exe |Radmin component |3.5.2.1205 |9228288 |High |4 |C:\Windows\SysWOW64\rserver30\ |Clerk|2 | |3760 |hpwuschd2.exe |hpwuSchd Application |80.1.1.0 |6959104 |Normal |1 |C:\Program Files (x86)\HP\HP Software Update\ |Clerk|2 | |3884 |1cv7s.exe |1C:V7 starter program (for SQL) |7.70.0.27 |27766784 |Normal |4 |C:\Program Files (x86)\1Cv77\BIN\ |Clerk|2 | |3980 |chrome.exe |Google Chrome |89.0.4389.114 |39800832 |Low |13 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |4056 |smartscreen.exe |SmartScreen Защитника Windows |6.2.17763.529 |24199168 |Normal |9 |C:\Windows\SysNative\ |Clerk|2 | |4612 |chrome.exe |Google Chrome |89.0.4389.114 |147333120|Above-Normal|21 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |4640 |chrome.exe |Google Chrome |89.0.4389.114 |69967872 |Low |17 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |4840 |ShellExperienceHost.exe |Windows Shell Experience Host |6.2.17763.1075|80715776 |Normal |23 |C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |Clerk|2 | |4956 |svchost.exe |Хост-процесс для служб Windows |6.2.17763.1 |12353536 |Normal |9 |C:\Windows\System32\ |Clerk|2 | |5204 |sihost.exe |Shell Infrastructure Host |6.2.17763.1075|26660864 |Normal |12 |C:\Windows\SysNative\ |Clerk|2 | |5652 |chrome.exe |Google Chrome |89.0.4389.114 |15200256 |Normal |6 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |5832 |winlogon.exe |Программа входа в систему Windows|6.2.17763.1075|0 |High |4 |C:\Windows\SysNative\ | |2 | |5908 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|25051136 |Normal |7 |C:\Windows\SysNative\ |Clerk|2 | |6284 |fontdrvhost.exe |Usermode Font Driver Host |6.2.17763.1158|0 |Normal |5 |C:\Windows\SysNative\ | |2 | |6540 |SamsungDeX.exe |Samsung DeX |2.0.0.20 |55992320 |Normal |18 |C:\Program Files (x86)\Samsung\Samsung DeX\ |Clerk|2 | |6624 |chrome.exe |Google Chrome |89.0.4389.114 |35274752 |Low |13 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |6720 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|23953408 |Normal |8 |C:\Windows\SysNative\ |Clerk|2 | |6760 |chrome.exe |Google Chrome |89.0.4389.114 |17870848 |Normal |7 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |6856 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|14004224 |Normal |5 |C:\Windows\SysNative\ |Clerk|2 | |7048 |SkypeBackgroundHost.exe | |8.56.0.102 |12271616 |Normal |3 |C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\ |Clerk|2 | |7216 |STerraBelTray.exe | |4.1.0.17758 |11714560 |Normal |3 |C:\Program Files (x86)\Bel VPN Client\ |Clerk|2 | |7480 |Calculator.exe | |10.2005.23.0 |46432256 |Normal |21 |C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2005.23.0_x64__8wekyb3d8bbwe\|Clerk|2 | |7540 |YourPhone.exe |YourPhone |1.20062.97.0 |64479232 |Normal |15 |C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20062.97.0_x64__8wekyb3d8bbwe\ |Clerk|2 | |8620 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|24715264 |Normal |9 |C:\Windows\SysNative\ |Clerk|2 | |8656 |ApplicationFrameHost.exe|Application Frame Host |6.2.17763.1075|26697728 |Normal |4 |C:\Windows\SysNative\ |Clerk|2 | |8760 |SkypeApp.exe |SkypeApp |8.56.0.102 |49901568 |Normal |15 |C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\ |Clerk|2 | |8792 |FamItrfc.Exe |Radmin component |3.5.2.1205 |0 |High |1 |C:\Windows\SysWOW64\rserver30\ | |2 | |8824 |chrome.exe |Google Chrome |89.0.4389.114 |36311040 |Low |13 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |8932 |Viber.exe |Viber |15.0.0.0 |228421632|Normal |42 |C:\Users\Clerk\AppData\Local\Viber\ |Clerk|2 | |9132 |RtkNGUI64.exe |Диспетчер Realtek HD |1.0.548.0 |13996032 |Normal |6 |C:\Program Files\Realtek\Audio\HDA\ |Clerk|2 | |9180 |NetSph.exe |Net Speakerphone |4.6.5.2382 |24825856 |High |11 |C:\Program Files (x86)\Net Speakerphone 4\ |Clerk|2 | |9264 |mcclient.exe |mcclient |8.6.3.6 |124854272|Normal |15 |C:\Users\Clerk\AppData\Local\NSS\MyChat Client\ |Clerk|2 | |9284 |explorer.exe |Проводник |6.2.17763.1131|105259008|Normal |53 |C:\Windows\ |Clerk|2 | |9472 |RuntimeBroker.exe |Runtime Broker |6.2.17763.1075|18345984 |Normal |2 |C:\Windows\SysNative\ |Clerk|2 | |9700 |SearchUI.exe |Search and Cortana application |6.2.17763.1075|163405824|Normal |36 |C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ |Clerk|2 | |9772 |dwm.exe |Диспетчер окон рабочего стола |6.2.17763.831 |0 |High |11 |C:\Windows\SysNative\ | |2 | |9880 |chrome.exe |Google Chrome |89.0.4389.114 |22585344 |Low |13 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |9932 |chrome.exe |Google Chrome |89.0.4389.114 |48140288 |Low |14 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |10248|taskhostw.exe |Хост-процесс для задач Windows |6.2.17763.831 |15077376 |Normal |8 |C:\Windows\SysNative\ |Clerk|2 | |10320|igfxEM.exe |igfxEM Module |6.15.100.7262 |26693632 |Normal |10 |C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\ |Clerk|2 | |10396|avpui.exe |Kaspersky Anti-Virus |21.2.16.590 |3325952 |Normal |18 |C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.2\ |Clerk|2 | |10444|msfeedssync.exe |Microsoft Feeds Synchronization |11.0.17763.1 |8441856 |Below-Normal|4 |C:\Windows\System32\ |Clerk|2 | |10944|chrome.exe |Google Chrome |89.0.4389.114 |19873792 |Normal |9 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |11728|chrome.exe |Google Chrome |89.0.4389.114 |106840064|Low |21 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |11856|chrome.exe |Google Chrome |89.0.4389.114 |36483072 |Normal |13 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |12040|svchost.exe |Хост-процесс для служб Windows |6.2.17763.1 |35278848 |Normal |11 |C:\Windows\System32\ |Clerk|2 | |12044|csrss.exe |Процесс исполнения клиент-сервер |6.2.17763.1 |0 |High |14 |C:\Windows\SysNative\ | |2 | |12064|chrome.exe |Google Chrome |89.0.4389.114 |238256128|Normal |20 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | |12072|chrome.exe |Google Chrome |89.0.4389.114 |7348224 |Normal |8 |C:\Program Files (x86)\Google\Chrome\Application\ |Clerk|2 | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Assembler Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ; Base Address: $12EA000, Allocation Base: $400000, Region Size: 1601536 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; service.GetStringValueFromJSON (Line=776 - Offset=0) ; ---------------------------------------------------- 012EA350 55 PUSH EBP 012EA351 8BEC MOV EBP, ESP 012EA353 6A00 PUSH 0 012EA355 6A00 PUSH 0 012EA357 6A00 PUSH 0 012EA359 6A00 PUSH 0 012EA35B 53 PUSH EBX 012EA35C 56 PUSH ESI 012EA35D 8BF1 MOV ESI, ECX 012EA35F 8955F4 MOV [EBP-$0C], EDX 012EA362 8BD8 MOV EBX, EAX 012EA364 33C0 XOR EAX, EAX 012EA366 55 PUSH EBP 012EA367 68EFA32E01 PUSH $012EA3EF ; ($012EA3EF->0040B868) System._HandleFinally Data as ANSI: 'йt..яла^[‹е]ГU‹мj'; Data as UNICODE: '瓩ሔ廠譛工嗃j噓譗诹诲㏘嗀器...' service.GetStringValueFromJSON (Line=788) 012EA36C 64FF30 PUSH DWORD PTR FS:[EAX] 012EA36F 648920 MOV FS:[EAX], ESP ; ; Line=777 - Offset=34 ; -------------------- 012EA372 8D45FC LEA EAX, [EBP-4] 012EA375 E8122012FF CALL -$EDDFEE ; ($0040C38C) System._UStrClr ; ; Line=779 - Offset=42 ; -------------------- 012EA37A 8D55F8 LEA EDX, [EBP-8] 012EA37D 8BC3 MOV EAX, EBX 012EA37F E8E45B74FF CALL -$8BA41C ; ($00A2FF68) superobject.SO ; ; Line=781 - Offset=52 ; -------------------- 012EA384 B205 MOV DL, 5 012EA386 8B45F8 MOV EAX, [EBP-8] ; ; Line=781 - Offset=57 ; -------------------- 012EA389 8B08 MOV ECX, [EAX] ; <-- EXCEPTION 012EA38B FF91D0000000 CALL DWORD PTR [ECX+$000000D0] 012EA391 84C0 TEST AL, AL 012EA393 7422 JZ +$22 ; ($012EA3B7) service.GetStringValueFromJSON (Line=785) ; ; Line=782 - Offset=69 ; -------------------- 012EA395 8D4DF0 LEA ECX, [EBP-$10] 012EA398 8B55F4 MOV EDX, [EBP-$0C] 012EA39B 8B45F8 MOV EAX, [EBP-8] 012EA39E 8B18 MOV EBX, [EAX] 012EA3A0 FF5324 CALL DWORD PTR [EBX+$24] 012EA3A3 837DF000 CMP DWORD PTR [EBP-$10], 0 012EA3A7 740E JZ +$0E ; ($012EA3B7) service.GetStringValueFromJSON (Line=785) 012EA3A9 8D4DFC LEA ECX, [EBP-4] 012EA3AC 8B55F4 MOV EDX, [EBP-$0C] 012EA3AF 8B45F8 MOV EAX, [EBP-8] 012EA3B2 8B18 MOV EBX, [EAX] 012EA3B4 FF534C CALL DWORD PTR [EBX+$4C] ; ; Line=785 - Offset=103 ; --------------------- 012EA3B7 8B45F8 MOV EAX, [EBP-8] Registers: ----------------------------- EAX: 00000000 EDI: 00000002 EBX: 0B33D38C ESI: 0019E9E8 ECX: 00000000 EBP: 0019E9A0 EDX: 00000005 ESP: 0019E97C EIP: 012EA389 FLG: 00210246 EXP: 012EA389 STK: 0019E97C Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0019E9B8: 00000000 012EA389: 8B 08 FF 91 D0 00 00 00 84 C0 74 22 8D 4D F0 8B ..........t".M.. 0019E9B4: 0B47540E 012EA399: 55 F4 8B 45 F8 8B 18 FF 53 24 83 7D F0 00 74 0E U..E....S$.}..t. 0019E9B0: 0019E9F8 012EA3A9: 8D 4D FC 8B 55 F4 8B 45 F8 8B 18 FF 53 4C 8B 45 .M..U..E....SL.E 0019E9AC: 010DAF7E 012EA3B9: F8 E8 61 FA FF FF 8B C6 8B 55 FC E8 A3 23 12 FF ..a......U...#.. 0019E9A8: 0019EA08 012EA3C9: 33 C0 5A 59 59 64 89 10 68 F6 A3 2E 01 8D 45 F0 3.ZYYd..h.....E. 0019E9A4: 010DAC77 012EA3D9: E8 DE 74 12 FF 8D 45 F8 E8 D6 74 12 FF 8D 45 FC ..t...E...t...E. 0019E9A0: 0019E9F8 012EA3E9: E8 9E 1F 12 FF C3 E9 74 14 12 FF EB E0 5E 5B 8B .......t.....^[. 0019E99C: 00000000 012EA3F9: E5 5D C3 55 8B EC 6A 00 53 56 57 8B F9 8B F2 8B .].U..j.SVW..... 0019E998: 00000000 012EA409: D8 33 C0 55 68 56 A4 2E 01 64 FF 30 64 89 20 8D .3.UhV...d.0d. . 0019E994: 010DAFAC 012EA419: 55 FC 8B C6 E8 62 DC 47 FF 84 DB 74 10 8D 45 FC U....b.G...t..E. 0019E990: 00000000 012EA429: 8B 4D FC BA 70 A4 2E 01 E8 CA 32 12 FF 8B C7 8B .M..p.....2..... 0019E98C: 0000002D 012EA439: 55 FC E8 2C 23 12 FF 33 C0 5A 59 59 64 89 10 68 U..,#..3.ZYYd..h 0019E988: 049C4DA0 012EA449: 5D A4 2E 01 8D 45 FC E8 37 1F 12 FF C3 E9 0D 14 ]....E..7....... 0019E984: 0019E9A0 012EA459: 12 FF EB F0 5F 5E 5B 59 5D C3 00 B0 04 02 00 FF ...._^[Y]....... 0019E980: 012EA3EF 012EA469: FF FF FF 04 00 00 00 57 00 69 00 6E 00 2B 00 00 .......W.i.n.+.. 0019E97C: 0019E9A8 012EA479: 00 00 00 55 8B EC 6A 00 53 56 57 8B FA 8B D8 33 ...U..j.SVW....3