EurekaLog 7.9.0.0 42165D359F81214AACE29926D35FA191 E39F2624B7FAEA44B4183884EB75EC53 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 1555F93E5E3BE442ABD8A4DF39DA97F3 Application: ------------------------------------------------------------------------- 1.1 Start Date : Thu, 25 Nov 2021 22:36:03 +0300 1.2 Name/Description: mcserv.exe - (MyChat Server) 1.3 Version Number : 8.13.0.1 1.4 Parameters : 1.5 Compilation Date: Mon, 22 Nov 2021 10:58:25 +0300 1.6 Up Time : 4 day(s), 16 hour(s), 23 minute(s), 31 second(s) 1.7 Elevated : 1 1.10 RAM : 626659328 (597.63 Mb); Max: 952668160 (908.54 Mb) 1.11 Private : 980602880 (935.18 Mb); Max: 1363738624 (1.27 Gb) 1.12 Virtual : 1667268608 (1.55 Gb) Exception: --------------------------------------------------------------------------------------- 2.1 Date : Tue, 30 Nov 2021 14:59:34 +0300 2.2 Address : 0104051A 2.3 Module Name : mcserv.exe - (MyChat Server) 2.4 Module Version: 8.13.0.1 2.5 Type : EOutOfMemory 2.6 Message : Out of memory: (total allocated: 702071752; virtual: 1661046784). 2.7 ID : 752420EB 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 1 User: ----------------------------------------------------------------- 3.1 ID : Admin 3.2 Name : Admin 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON (default) SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON (default) SeCreateGlobalPrivilege - ON (default) SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF SeDelegateSessionUserImpersonatePrivilege - OFF 3.6 Admin : limited 3.7 Restricted: 0 Active Controls: ----------------------------------------- 4.1 Form Class : TMainForm 4.2 Form Text : MyChat Server 8.13.0 4.3 Control Class: 4.4 Control Text : Computer: --------------------------------------------------------------------------------------------------------------------------- 5.1 Name : MYCHAT 5.2 Total Memory : 21507149824 (20.03 Gb) 5.3 Free Memory : 15629594624 (14.56 Gb) 5.4 Total Disk : 3356920373248 (3.05 Tb) 5.5 Free Disk : 3293761634304 (3.00 Tb) 5.6 System Up Time : 18 day(s), 1 hour(s), 48 minute(s), 16 second(s) / 18 day(s), 1 hour(s), 49 minute(s), 22 second(s) 5.7 Processor : Intel(R) Xeon(R) Gold 5220R CPU @ 2.20GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Microsoft Hyper-V Video (driver 10.0.19041.1) 5.11 Printer : PDF24 (driver 10.0.19041.906) 5.12 Virtual Machine: Hypervisor 5.13 System Idle : 7 hour(s), 18 minute(s), 49 second(s) Operating System: ----------------------------------------------------- 6.1 Type : Microsoft Windows 10 (64 bit) 6.2 Build # : 2009 (10.0.19043.1348) 6.3 Update : 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) 6.8 Edition : Enterprise 6.9 UAC : 1 Network: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7.1 IP Address : 192.168.111.202 - fe80::8828:4534:f13:c178%8 - 192.168.110.061 - 192.168.113.230 - 192.168.114.230 - fe80::384f:639:2e47:580b%10 - 192.168.115.230 - 192.168.116.230 - 192.168.117.230 - fe80::9111:b55:c593:affc%21 - 192.168.118.230 - fe80::c088:a727:2374:458c%23 - 192.168.119.230 7.2 Submask : 255.255.255.000 - /64 - 255.255.255.000 - 255.255.255.000 - 255.255.255.000 - /64 - 255.255.255.000 - 255.255.255.000 - 255.255.255.000 - /64 - 255.255.255.000 - /64 - 255.255.255.000 7.3 Gateway : 192.168.111.009 - - 192.168.110.001 - 000.000.000.000 - 000.000.000.000 - - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - - 000.000.000.000 - - 000.000.000.000 7.4 DNS 1 : 192.168.111.002 - - 192.168.110.001 - 000.000.000.000 - 000.000.000.000 - fec0:0:0:ffff::1%1 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - fec0:0:0:ffff::1%1 - 000.000.000.000 - fec0:0:0:ffff::1%1 - 000.000.000.000 7.5 DNS 2 : 000.000.000.000 - - 008.008.008.008 - 000.000.000.000 - 000.000.000.000 - fec0:0:0:ffff::2%1 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - fec0:0:0:ffff::2%1 - 000.000.000.000 - fec0:0:0:ffff::2%1 - 000.000.000.000 7.6 DHCP : OFF - ON - OFF - OFF - OFF - OFF - OFF - OFF - OFF 7.7 Description: 111 - 110 - 113 - 114 - 115 - 116 - 117 - 118 - 119 Steps to reproduce: ------------ 8.1 Text: Custom Information: --------------------------------- 9.1 ServerHWID: 6-5-7-600000000 9.2 License : COMMERCIAL Call Stack Information: ------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Source |Unit |Class |Procedure/Method |Line | ------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=9768; Parent=16880; Priority=-2 | |Class=TTCPThrd; Name=CID 491844 (mccore.TTCPThrd.Execute) | |DeadLock=0; Wait Chain= | |Comment= | |-----------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|04 |00000000|0104051A|mcserv.exe |00C4051A|Imaging.pas |Imaging | |ConvertImage |1396[33] | |00000040|04 |43C6FC88|01049577|mcserv.exe |00C49577|myImages.pas|myImages| |ConvertImageFileToFile|224[38] | |00000040|04 |43C6FCE8|010E4145|mcserv.exe |00CE4145|mcparse.pas |mcparse | |mcGetImageThumbs |1892[32] | |00000040|04 |43C6FD70|011BE1B3|mcserv.exe |00DBE1B3|mccore.pas |mccore |TTCPThrd |Parse |1012[415] | |00000040|04 |43C6FDFC|011BACEE|mcserv.exe |00DBACEE|mccore.pas |mccore |TTCPThrd |Execute |556[241] | |00000040|04 |43C6FECC|0056EF45|mcserv.exe |0016EF45|EBase.pas |EBase |TThreadEx|DoExecute |3966[7] | |7FFF7FFE|03 |43C6FF74|7672FA27|kernel32.dll|0001FA27|KERNEL32.DLL|KERNEL32| |BaseThreadInitThunk | | |7FFFFFFE|04 |00000000|011BA126|mcserv.exe |00DBA126|mccore.pas |mccore |TTCPThrd |Create |268[1] | ------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcserv.exe |MyChat Server |8.13.0.1 |23619416|2021-11-22 19:06:06|C:\Program Files (x86)\MyChat Server\ | |06F40000|normaliz.dll |Unicode Normalization DLL |6.2.19041.546 |5120 |2021-04-09 16:50:46|C:\Windows\System32\ | |07890000|wintrust.dll |Microsoft Trust Verification APIs |6.2.19041.1266 |289200 |2021-11-08 17:15:10|C:\Windows\System32\ | |53400000|icmp.dll |ICMP DLL |6.2.19041.1 |2560 |2019-12-07 12:09:57|C:\Windows\System32\ | |6A2B0000|winrnr.dll |LDAP RnR Provider DLL |6.2.19041.546 |34304 |2021-04-09 16:50:47|C:\Windows\System32\ | |6A2C0000|nlaapi.dll |Network Location Awareness 2 |6.2.19041.546 |71168 |2021-04-09 16:50:48|C:\Windows\System32\ | |6A2E0000|pnrpnsp.dll |Поставщик пространства имен PNRP |6.2.19041.546 |70656 |2021-04-09 16:51:11|C:\Windows\System32\ | |6A300000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.2.19041.546 |54784 |2021-04-09 16:50:37|C:\Windows\System32\ | |6A840000|wshbth.dll |Windows Sockets Helper DLL |6.2.19041.546 |50688 |2021-04-09 16:50:44|C:\Windows\System32\ | |6AB90000|wsock32.dll |Windows Socket 32-Bit DLL |6.2.19041.1 |16384 |2019-12-07 12:09:15|C:\Windows\System32\ | |6ABB0000|edputil.dll |Служебная программа EDP |6.2.19041.546 |93696 |2021-04-09 16:50:47|C:\Windows\System32\ | |6ADF0000|apphelp.dll |Клиентская библиотека совместимости приложений |6.2.19041.1320 |639488 |2021-11-10 10:53:52|C:\Windows\System32\ | |70480000|OneCoreCommonProxyStub.dll |OneCore Common Proxy Stub |6.2.19041.1081 |231936 |2021-11-08 17:15:03|C:\Windows\System32\ | |704C0000|msvcp110_win.dll |Microsoft® STL110 C++ Runtime Library |6.2.19041.546 |408000 |2021-04-09 16:50:33|C:\Windows\System32\ | |70530000|policymanager.dll |Policy Manager DLL |6.2.19041.1320 |533536 |2021-11-10 10:53:53|C:\Windows\System32\ | |705C0000|Windows.StateRepositoryPS.dll|Windows StateRepository Proxy/Stub Server |6.2.19041.844 |602176 |2021-04-09 16:50:42|C:\Windows\System32\ | |70660000|MpClient.dll |Client Interface |4.18.2110.6 |909024 |2021-11-08 15:03:37|C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\X86\ | |70740000|FWPolicyIOMgr.dll |FwPolicyIoMgr DLL |6.2.19041.1266 |189440 |2021-11-08 17:15:10|C:\Windows\System32\ | |70780000|libssl-1_1.dll |OpenSSL library |1.1.1.12 |715480 |2021-08-25 12:37:06|C:\Program Files (x86)\MyChat Server\ | |70840000|libcrypto-1_1.dll |OpenSSL library |1.1.1.12 |2382040 |2021-08-25 12:36:58|C:\Program Files (x86)\MyChat Server\ | |70A90000|dbghelp.dll |Windows Image Helper |6.2.19041.1052 |1494016 |2021-11-08 17:15:13|C:\Windows\System32\ | |70C50000|sxs.dll |Fusion 2.5 |6.2.19041.546 |548544 |2021-04-09 16:50:35|C:\Windows\System32\ | |70CE0000|wer.dll |Библиотека сообщений об ошибках Windows |6.2.19041.1081 |711760 |2021-11-08 17:15:13|C:\Windows\System32\ | |70DA0000|dbgcore.dll |Windows Core Debugging Helpers |6.2.19041.546 |138752 |2021-04-09 16:50:46|C:\Windows\System32\ | |70DD0000|Faultrep.dll |Библиотека отчетов о сбоях в пользовательском режиме Windows |6.2.19041.1081 |410088 |2021-11-08 17:15:13|C:\Windows\System32\ | |714C0000|WinTypes.dll |Библиотека DLL основных типов Windows |6.2.19041.1348 |896088 |2021-11-10 10:53:52|C:\Windows\System32\ | |715A0000|CoreUIComponents.dll |Microsoft Core UI Components Dll |6.2.19041.546 |2621720 |2021-04-09 16:50:39|C:\Windows\System32\ | |71820000|CoreMessaging.dll |Microsoft CoreMessaging Dll |6.2.19041.867 |630592 |2021-04-09 16:50:46|C:\Windows\System32\ | |718C0000|textinputframework.dll |"TextInputFramework.DYNLINK" |6.2.19041.1320 |753568 |2021-11-10 10:53:51|C:\Windows\System32\ | |71A10000|OneCoreUAPCommonProxyStub.dll|OneCoreUAP Common Proxy Stub |6.2.19041.1320 |3827304 |2021-11-10 10:53:52|C:\Windows\System32\ | |72700000|fwbase.dll |Firewall Base DLL |6.2.19041.1266 |131584 |2021-11-08 17:15:10|C:\Windows\System32\ | |72730000|FirewallAPI.dll |API брандмауэра Защитника Windows |6.2.19041.1320 |424448 |2021-11-10 10:53:51|C:\Windows\System32\ | |728F0000|iertutil.dll |Служебная программа времени выполнения для Internet Explorer |11.0.19041.1266 |2269976 |2021-11-08 17:15:14|C:\Windows\System32\ | |72B20000|srvcli.dll |Server Service Client DLL |6.2.19041.546 |76952 |2021-04-09 16:50:46|C:\Windows\System32\ | |72D10000|urlmon.dll |Расширения OLE32 для Win32 |11.0.19041.1320 |1678848 |2021-11-10 10:53:53|C:\Windows\System32\ | |73040000|winmm.dll |MCI API DLL |6.2.19041.546 |149272 |2021-04-09 16:50:34|C:\Windows\System32\ | |73250000|usp10.dll |Uniscribe Unicode script processor |6.2.19041.546 |77824 |2021-04-09 16:50:46|C:\Windows\System32\ | |73470000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.2.19041.746 |138936 |2021-04-09 16:50:46|C:\Windows\System32\ | |738E0000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем|6.10.19041.1110 |2152264 |2021-10-05 20:22:36|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\| |73AF0000|shfolder.dll |Shell Folder Service |6.2.19041.1 |8704 |2019-12-07 12:09:32|C:\Windows\System32\ | |73B10000|MpDetoursCopyAccelerator.dll |Malware Protection Copy Accelerator Detours Dll |4.18.2110.6 |61664 |2021-11-08 15:03:37|C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\X86\ | |73B20000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.2.19041.546 |93488 |2021-04-09 16:50:46|C:\Windows\System32\ | |73BE0000|secur32.dll |Security Support Provider Interface |6.2.19041.546 |23040 |2021-04-09 16:50:49|C:\Windows\System32\ | |73BF0000|idndl.dll |Downlevel DLL |6.2.19041.1 |8192 |2019-12-07 12:09:29|C:\Windows\System32\ | |73C60000|TextShaping.dll | | |611960 |2021-11-08 17:15:08|C:\Windows\System32\ | |73D00000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.2.19041.1266 |455168 |2021-11-08 17:15:04|C:\Windows\System32\ | |73D90000|netutils.dll |Net Win32 API Helpers DLL |6.2.19041.546 |37176 |2021-04-09 16:50:46|C:\Windows\System32\ | |73DA0000|netapi32.dll |Net Win32 API DLL |6.2.19041.546 |68680 |2021-04-09 16:50:36|C:\Windows\System32\ | |73DD0000|msimg32.dll |GDIEXT Client DLL |6.2.19041.546 |7168 |2021-04-09 16:50:46|C:\Windows\System32\ | |74030000|sspicli.dll |Security Support Provider Interface |6.2.19041.906 |123480 |2021-04-09 16:50:34|C:\Windows\System32\ | |74060000|winsta.dll |Winstation Library |6.2.19041.546 |270640 |2021-04-09 16:50:36|C:\Windows\System32\ | |740B0000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.2.19041.546 |52664 |2021-04-09 16:50:36|C:\Windows\System32\ | |740C0000|winspool.drv |Драйвер диспетчера очереди Windows |6.2.19041.1288 |449024 |2021-11-08 17:15:04|C:\Windows\System32\ | |74140000|npmproxy.dll |Network List Manager Proxy |6.2.19041.546 |26112 |2021-04-09 16:50:48|C:\Windows\System32\ | |74150000|netprofm.dll |Network List Manager |6.2.19041.746 |182784 |2021-04-09 16:50:48|C:\Windows\System32\ | |74190000|version.dll |Version Checking and File Installation Libraries |6.2.19041.546 |27320 |2021-04-09 16:50:50|C:\Windows\System32\ | |74210000|profapi.dll |User Profile Basic API |6.2.19041.844 |89360 |2021-04-09 16:50:34|C:\Windows\System32\ | |74230000|userenv.dll |Userenv |6.2.19041.572 |141008 |2021-04-09 16:50:46|C:\Windows\System32\ | |743F0000|dhcpcsvc6.dll |Клиент DHCPv6 |6.2.19041.546 |61440 |2021-04-09 16:50:46|C:\Windows\System32\ | |74440000|dhcpcsvc.dll |Служба DHCP-клиента |6.2.19041.546 |73728 |2021-04-09 16:50:46|C:\Windows\System32\ | |74460000|propsys.dll |Система страниц свойств (Майкрософт) |7.0.19041.1023 |791808 |2021-11-08 17:15:10|C:\Windows\System32\ | |74530000|wldp.dll |Политика блокировки Windows |6.2.19041.1320 |146648 |2021-11-10 10:53:52|C:\Windows\System32\ | |74560000|windows.storage.dll |API хранения Microsoft WinRT |6.2.19041.1320 |6359112 |2021-11-10 10:53:51|C:\Windows\System32\ | |74B70000|gpapi.dll |Клиентские функции API групповой политики |6.2.19041.572 |111024 |2021-04-09 16:50:48|C:\Windows\System32\ | |74B90000|msasn1.dll |ASN.1 Runtime APIs |6.2.19041.546 |50616 |2021-04-09 16:50:46|C:\Windows\System32\ | |74BA0000|umpdc.dll | | |47472 |2021-04-09 16:50:42|C:\Windows\System32\ | |74BB0000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.2.19041.546 |268080 |2021-04-09 16:50:46|C:\Windows\System32\ | |74C00000|ntmarta.dll |Поставщик Windows NT MARTA |6.2.19041.546 |152904 |2021-04-09 16:50:46|C:\Windows\System32\ | |74C30000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.2.19041.964 |342016 |2021-11-08 17:15:10|C:\Windows\System32\ | |74C90000|rasadhlp.dll |Remote Access AutoDial Helper |6.2.19041.546 |12800 |2021-04-09 16:50:50|C:\Windows\System32\ | |74CA0000|IPHLPAPI.DLL |API вспомогательного приложения IP |6.2.19041.546 |196784 |2021-04-09 16:50:46|C:\Windows\System32\ | |74CE0000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.2.19041.1320 |587744 |2021-11-10 10:53:52|C:\Windows\System32\ | |74D80000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0|6.2.19041.546 |324416 |2021-04-09 16:50:46|C:\Windows\System32\ | |74DE0000|kernel.appcore.dll |AppModel API Host |6.2.19041.546 |52672 |2021-04-09 16:50:42|C:\Windows\System32\ | |74E50000|ucrtbase.dll |Microsoft® C Runtime Library |6.2.19041.789 |1181208 |2021-04-09 16:50:46|C:\Windows\System32\ | |75020000|win32u.dll |Win32u |6.2.19041.1320 |92960 |2021-11-10 10:53:52|C:\Windows\System32\ | |75040000|SHCore.dll |SHCORE |6.2.19041.1320 |547496 |2021-11-10 10:53:52|C:\Windows\System32\ | |75160000|gdi32.dll |GDI Client DLL |6.2.19041.1202 |140976 |2021-11-08 17:15:08|C:\Windows\System32\ | |75190000|shell32.dll |Общая библиотека оболочки Windows |6.2.19041.1320 |6000208 |2021-11-10 10:53:54|C:\Windows\System32\ | |75750000|cfgmgr32.dll |Configuration Manager DLL |6.2.19041.1151 |236536 |2021-11-08 17:15:13|C:\Windows\System32\ | |75C90000|clbcatq.dll |COM+ Configuration Catalog |2001.12.10941.16384|504552 |2021-04-09 16:50:45|C:\Windows\System32\ | |75D10000|msvcrt.dll |Windows NT CRT DLL |7.0.19041.546 |775256 |2021-04-09 16:50:34|C:\Windows\System32\ | |75DD0000|combase.dll |Microsoft COM для Windows |6.2.19041.1348 |2637712 |2021-11-10 10:53:52|C:\Windows\System32\ | |76060000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.2.19041.906 |475712 |2021-04-09 16:50:34|C:\Windows\System32\ | |760E0000|bcryptPrimitives.dll |Windows Cryptographic Primitives Library |6.2.19041.1348 |383264 |2021-11-10 10:53:44|C:\Windows\System32\ | |76140000|gdi32full.dll |GDI Client DLL |6.2.19041.1320 |895056 |2021-11-10 10:53:53|C:\Windows\System32\ | |76220000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.2.19041.1348 |2180656 |2021-11-10 10:53:44|C:\Windows\System32\ | |76450000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.2.19041.546 |397728 |2021-04-09 16:50:34|C:\Windows\System32\ | |764C0000|advapi32.dll |Расширенная библиотека API Windows 32 |6.2.19041.1052 |489656 |2021-11-08 17:15:04|C:\Windows\System32\ | |76540000|oleaut32.dll |OLEAUT32.DLL |6.2.19041.985 |606888 |2021-11-08 17:15:13|C:\Windows\System32\ | |765E0000|msctf.dll |Серверная библиотека MSCTF |6.2.19041.1202 |858880 |2021-11-08 17:15:04|C:\Windows\System32\ | |766C0000|shlwapi.dll |Библиотека небольших программ оболочки |6.2.19041.1023 |275808 |2021-11-08 17:15:17|C:\Windows\System32\ | |76710000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.2.19041.1348 |640824 |2021-11-10 10:53:48|C:\Windows\System32\ | |76850000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.2.19041.1288 |781432 |2021-11-08 17:15:04|C:\Windows\System32\ | |76910000|psapi.dll |Process Status Helper |6.2.19041.546 |17016 |2021-04-09 16:50:45|C:\Windows\System32\ | |76920000|bcrypt.dll |Библиотека криптографических примитивов Windows |6.2.19041.1023 |96032 |2021-11-08 17:15:13|C:\Windows\System32\ | |76940000|crypt32.dll |API32 криптографии |6.2.19041.1320 |1013344 |2021-11-10 10:53:53|C:\Windows\System32\ | |76A40000|nsi.dll |NSI User-mode interface DLL |6.2.19041.610 |20144 |2021-04-09 16:50:22|C:\Windows\System32\ | |76A50000|msvcp_win.dll |Microsoft® C Runtime Library |6.2.19041.789 |495840 |2021-04-09 16:50:46|C:\Windows\System32\ | |76CA0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.2.19041.546 |143056 |2021-04-09 16:50:46|C:\Windows\System32\ | |76CD0000|imagehlp.dll |Windows NT Image Helper |6.2.19041.546 |95496 |2021-04-09 16:50:22|C:\Windows\System32\ | |76CF0000|ole32.dll |Microsoft OLE для Windows |6.2.19041.1202 |926560 |2021-11-08 17:15:13|C:\Windows\System32\ | |76DE0000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.2.19041.1348 |1694616 |2021-11-10 10:53:52|C:\Windows\System32\ | |76F90000|ntdll.dll |Системная библиотека NT |6.2.19041.1288 |1696752 |2021-11-08 17:15:04|C:\Windows\System32\ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority |Threads|Path |User |Session| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |1464 |Taskmgr.exe |Диспетчер задач |6.2.19041.1202 |37556224 |Normal |15 |C:\Windows\System32\ |Admin |1 | |1588 |csrss.exe |Процесс исполнения клиент-сервер |6.2.19041.546 |1933312 |Normal |13 |C:\Windows\SysNative\ |СИСТЕМА|1 | |1676 |winlogon.exe |Программа входа в систему Windows |6.2.19041.1266 |1503232 |High |5 |C:\Windows\SysNative\ |СИСТЕМА|1 | |1912 |fontdrvhost.exe |Usermode Font Driver Host |6.2.19041.1320 |1126400 |Normal |5 |C:\Windows\System32\ |UMFD-1 |1 | |2116 |dwm.exe |Диспетчер окон рабочего стола |6.2.19041.746 |81297408 |High |38 |C:\Windows\SysNative\ |DWM-1 |1 | |2232 |UserOOBEBroker.exe | | |4669440 |Normal |1 |C:\Windows\System32\oobe\ |Admin |1 | |2240 |dllhost.exe |COM Surrogate |6.2.19041.546 |708608 |Normal |5 |C:\Windows\System32\ |Admin |1 | |2636 |TextInputHost.exe | |2001.22012.0.3920 |8355840 |Normal |10 |C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\ |Admin |1 | |2700 |msedge.exe |Microsoft Edge |96.0.1054.34 |39907328 |Normal |27 |C:\Program Files (x86)\Microsoft\Edge\Application\ |Admin |1 | |4124 |LockApp.exe |LockApp.exe |6.2.19041.1320 |794624 |Normal |11 |C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\ |Admin |1 | |4456 |ShellExperienceHost.exe |Windows Shell Experience Host |6.2.19041.1320 |44429312 |Normal |24 |C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |Admin |1 | |4860 |FamItrfc.Exe |Radmin component |3.5.2.1205 |520192 |High |1 |C:\Windows\SysWOW64\rserver30\ |СИСТЕМА|1 | |5060 |OneDrive.exe |Microsoft OneDrive |21.220.1024.5 |24911872 |Normal |26 |C:\Users\Admin\AppData\Local\Microsoft\OneDrive\ |Admin |1 | |6400 |svchost.exe |Хост-процесс для служб Windows |6.2.19041.546 |2433024 |Normal |1 |C:\Windows\System32\ |Admin |1 | |6940 |svchost.exe |Хост-процесс для служб Windows |6.2.19041.546 |1208320 |Normal |1 |C:\Windows\System32\ |Admin |1 | |7356 |taskhostw.exe |Хост-процесс для задач Windows |6.2.19041.906 |9625600 |Normal |8 |C:\Windows\SysNative\ |Admin |1 | |7392 |RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |7655424 |Normal |7 |C:\Windows\SysNative\ |Admin |1 | |7640 |sihost.exe |Shell Infrastructure Host |6.2.19041.746 |21970944 |Normal |8 |C:\Windows\SysNative\ |Admin |1 | |7668 |svchost.exe |Хост-процесс для служб Windows |6.2.19041.546 |6930432 |Normal |3 |C:\Windows\System32\ |Admin |1 | |7696 |svchost.exe |Хост-процесс для служб Windows |6.2.19041.546 |18923520 |Normal |3 |C:\Windows\System32\ |Admin |1 | |7792 |TeamViewer.exe |TeamViewer 13 |13.2.36224.0 |12685312 |Normal |40 |C:\Program Files (x86)\TeamViewer\ |Admin |1 | |8040 |RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |12177408 |Normal |2 |C:\Windows\SysNative\ |Admin |1 | |8144 |RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |19054592 |Normal |7 |C:\Windows\SysNative\ |Admin |1 | |8152 |explorer.exe |Проводник |6.2.19041.1348 |86548480 |Normal |61 |C:\Windows\ |Admin |1 | |8200 |ctfmon.exe |CTF-загрузчик |6.2.19041.1 |8228864 |High |11 |C:\Windows\System32\ |Admin |1 | |8272 |svchost.exe |Хост-процесс для служб Windows |6.2.19041.546 |9064448 |Normal |4 |C:\Windows\System32\ |Admin |1 | |8592 |pdf24.exe |PDF24 Backend |10.3.0.0 |2568192 |Normal |9 |C:\Program Files\PDF24\ |Admin |1 | |8688 |tv_w32.exe |TeamViewer 13 |13.2.36224.0 |815104 |Normal |1 |C:\Program Files (x86)\TeamViewer\ |СИСТЕМА|1 | |8708 |tv_x64.exe |TeamViewer 13 |13.2.36224.0 |696320 |Normal |1 |C:\Program Files (x86)\TeamViewer\ |СИСТЕМА|1 | |8756 |StartMenuExperienceHost.exe| | |25640960 |Normal |7 |C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\ |Admin |1 | |8960 |RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |17756160 |Normal |2 |C:\Windows\SysNative\ |Admin |1 | |9144 |SearchApp.exe |Search application |6.2.19041.1320 |103641088|Normal |40 |C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\ |Admin |1 | |9624 |RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |11706368 |Normal |1 |C:\Windows\SysNative\ |Admin |1 | |9900 |SystemSettingsBroker.exe |System Settings Broker |6.2.19041.746 |2023424 |Normal |2 |C:\Windows\SysNative\ |Admin |1 | |9968 |SecurityHealthSystray.exe |Windows Security notification icon|6.2.19041.1 |3665920 |Normal |1 |C:\Windows\SysNative\ |Admin |1 | |10420|Microsoft.Photos.exe | |2021.21090.10008.0|36626432 |Normal |18 |C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\|Admin |1 | |10892|ApplicationFrameHost.exe |Application Frame Host |6.2.19041.746 |724992 |Normal |2 |C:\Windows\SysNative\ |Admin |1 | |10924|SystemSettings.exe |Параметры |6.2.19041.1320 |770048 |Normal |17 |C:\Windows\ImmersiveControlPanel\ |Admin |1 | |11344|msedge.exe |Microsoft Edge |96.0.1054.34 |12726272 |Normal |10 |C:\Program Files (x86)\Microsoft\Edge\Application\ |Admin |1 | |11624|dllhost.exe |COM Surrogate |6.2.19041.546 |684032 |Normal |2 |C:\Windows\System32\ |Admin |1 | |11920|msedge.exe |Microsoft Edge |96.0.1054.34 |4161536 |Normal |7 |C:\Program Files (x86)\Microsoft\Edge\Application\ |Admin |1 | |11936|turnserver.exe | | |5595136 |Normal |64 |C:\ProgramData\MyChat Server\turn\bin\ |Admin |1 | |12048|RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |14540800 |Normal |7 |C:\Windows\SysNative\ |Admin |1 | |12476|msedge.exe |Microsoft Edge |96.0.1054.34 |1064960 |Normal |7 |C:\Program Files (x86)\Microsoft\Edge\Application\ |Admin |1 | |13208|YourPhone.exe |YourPhone |1.21102.134.0 |17100800 |Normal |28 |C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21102.134.0_x64__8wekyb3d8bbwe\ |Admin |1 | |13524|FamItrf2.Exe |Radmin component |3.5.2.1205 |1028096 |High |3 |C:\Windows\SysWOW64\rserver30\ |СИСТЕМА|1 | |13536|RuntimeBroker.exe |Runtime Broker |6.2.19041.746 |5173248 |Normal |1 |C:\Windows\SysNative\ |Admin |1 | |14668|conhost.exe |Хост окна консоли |6.2.19041.1320 |1654784 |Normal |3 |C:\Windows\SysNative\ |Admin |1 | |15636|mcserv.exe |MyChat Server |8.13.0.1 |623607808|Normal |409 |C:\Program Files (x86)\MyChat Server\ |Admin |1 | |15840|FamItrfc.Exe |Radmin component |3.5.2.1205 |11186176 |High |9 |C:\Windows\SysWOW64\rserver30\ |Admin |1 | |15916|node.exe |Node.js: Server-side JavaScript |4.8.3.0 |212217856|Normal |9 |C:\Program Files (x86)\MyChat Server\node\ |Admin |1 | |16944|msedge.exe |Microsoft Edge |96.0.1054.34 |4812800 |Above-Normal|26 |C:\Program Files (x86)\Microsoft\Edge\Application\ |Admin |1 | |17240|conhost.exe |Хост окна консоли |6.2.19041.1320 |6823936 |Normal |3 |C:\Windows\SysNative\ |Admin |1 | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ------------------------------------------------------------------------------------------------- ; Base Address: $1040000, Allocation Base: $400000, Region Size: 2768896 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; Imaging.ConvertImage (Line=1389 - Offset=235) ; --------------------------------------------- 010404DF 33C0 XOR EAX, EAX 010404E1 5A POP EDX 010404E2 59 POP ECX 010404E3 59 POP ECX 010404E4 648910 MOV FS:[EAX], EDX 010404E7 E937030000 JMP +$0337 ; ($01040823) Imaging.ConvertImage (Line=1466) ; ; Line=1392 - Offset=248 ; ---------------------- 010404EC 807B3400 CMP BYTE PTR [EBX+$34], 0 010404F0 0F8595020000 JNZ +$0295 ; ($0104078B) Imaging.ConvertImage (Line=1458) 010404F6 807E3400 CMP BYTE PTR [ESI+$34], 0 010404FA 0F858B020000 JNZ +$028B ; ($0104078B) Imaging.ConvertImage (Line=1458) ; ; Line=1394 - Offset=268 ; ---------------------- 01040500 8B45FC MOV EAX, [EBP-4] 01040503 8B00 MOV EAX, [EAX] 01040505 8B55FC MOV EDX, [EBP-4] 01040508 F76A04 IMUL DWORD PTR [EDX+4] 0104050B 8945EC MOV [EBP-$14], EAX ; ; Line=1395 - Offset=282 ; ---------------------- 0104050E 8B4621 MOV EAX, [ESI+$21] 01040511 F76DEC IMUL DWORD PTR [EBP-$14] 01040514 8945F0 MOV [EBP-$10], EAX ; ; Line=1396 - Offset=291 ; ---------------------- 01040517 8B45F0 MOV EAX, [EBP-$10] ; ; Line=1396 - Offset=294 ; ---------------------- 0104051A E82D6E3CFF CALL -$C391D3 ; ($0040734C) System._GetMem ; <-- EXCEPTION 0104051F 8BF8 MOV EDI, EAX ; ; Line=1397 - Offset=301 ; ---------------------- 01040521 8BC7 MOV EAX, EDI 01040523 33C9 XOR ECX, ECX 01040525 8B55F0 MOV EDX, [EBP-$10] 01040528 E823803CFF CALL -$C37FDD ; ($00408550) System._FillChar ; ; Line=1398 - Offset=313 ; ---------------------- 0104052D 8B4629 MOV EAX, [ESI+$29] 01040530 03C0 ADD EAX, EAX 01040532 03C0 ADD EAX, EAX 01040534 E8136E3CFF CALL -$C391ED ; ($0040734C) System._GetMem 01040539 8945F4 MOV [EBP-$0C], EAX ; ; Line=1399 - Offset=328 ; ---------------------- 0104053C 8B5629 MOV EDX, [ESI+$29] 0104053F 03D2 ADD EDX, EDX 01040541 03D2 ADD EDX, EDX 01040543 8B45F4 MOV EAX, [EBP-$0C] 01040546 33C9 XOR ECX, ECX 01040548 E803803CFF CALL -$C37FFD ; ($00408550) System._FillChar Registers: ----------------------------- EAX: ???????? EDI: ???????? EBX: ???????? ESI: ???????? ECX: ???????? EBP: ???????? EDX: ???????? ESP: ???????? EIP: ???????? FLG: ???????? EXP: 0104051A STK: 43C6EE10 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 43C6EE4C: 00000000 0104051A: E8 2D 6E 3C FF 8B F8 8B C7 33 C9 8B 55 F0 E8 23 .-n<.....3..U..# 43C6EE48: 00000000 0104052A: 80 3C FF 8B 46 29 03 C0 03 C0 E8 13 6E 3C FF 89 .<..F)......n<.. 43C6EE44: 00000000 0104053A: 45 F4 8B 56 29 03 D2 03 D2 8B 45 F4 33 C9 E8 03 E..V).....E.3... 43C6EE40: 00000000 0104054A: 80 3C FF 80 7B 33 00 0F 84 8E 00 00 00 80 7E 33 .<..{3........~3 43C6EE3C: 00000000 0104055A: 00 74 22 53 56 8B 45 FC 8B 40 11 50 8B 45 F4 50 .t"SV.E..@.P.E.P 43C6EE38: 00000000 0104056A: 8B 55 FC 8B 52 0D 8B CF 8B 45 EC E8 8E 61 F7 FF .U..R....E...a.. 43C6EE34: 00000000 0104057A: E9 B4 01 00 00 80 7E 2D 00 74 1E 53 56 8B 45 FC ......~-.t.SV.E. 43C6EE30: 00000000 0104058A: 8B 40 11 50 8B 55 FC 8B 52 0D 8B CF 8B 45 EC E8 .@.P.U..R....E.. 43C6EE2C: 00000000 0104059A: AA 62 F7 FF E9 90 01 00 00 80 7E 2F 00 74 1E 53 .b........~/.t.S 43C6EE28: 00000000 010405AA: 56 8B 45 FC 8B 40 11 50 8B 55 FC 8B 52 0D 8B CF V.E..@.P.U..R... 43C6EE24: 00000000 010405BA: 8B 45 EC E8 CE 63 F7 FF E9 6C 01 00 00 53 56 8B .E...c...l...SV. 43C6EE20: 00000000 010405CA: 45 FC 8B 40 11 50 8B 55 FC 8B 52 0D 8B CF 8B 45 E..@.P.U..R....E 43C6EE1C: 00000000 010405DA: EC E8 6C 61 F7 FF E9 4E 01 00 00 80 7B 2D 00 74 ..la...N....{-.t 43C6EE18: 00000000 010405EA: 72 80 7E 33 00 74 1B 53 56 8B 45 F4 50 8B 55 FC r.~3.t.SV.E.P.U. 43C6EE14: 00000000 010405FA: 8B 52 0D 8B CF 8B 45 EC E8 51 5A F7 FF E9 27 01 .R....E..QZ...'. 43C6EE10: 00000000 0104060A: 00 00 80 7E 2D 00 74 17 53 56 8B 55 FC 8B 52 0D ...~-.t.SV.U..R.