date/time : 2021-06-02, 12:40:16, 48ms computer name : CT1 user name : webbackup registered owner : Windows User operating system : Windows 2016 x64 build 14393 system language : English system up time : 90 days 21 hours program up time : 1 hour 14 minutes processors : 2x Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz physical memory : 11982/16383 MB (free/total) free disk space : (C:) 52.22 GB display mode : 1024x768, 32 bit process id : $1858 allocated memory : 63.51 MB largest free block : 1.94 GB command line : "C:\Program Files (x86)\Automise 5\ATCMD.EXE" -co "C:\CTDB_scripts\OA Integration.atz5" executable : ATCMD.EXE exec. date/time : 2021-02-24 11:01 version : 5.0.0.1302 compiled with : Delphi XE7 madExcept version : 5.1.0 callstack crc : $af347bfd, $cbe3b3a4, $1b6e168a thread $9a0: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 77e70f84 ntdll.dll KiUserCallbackDispatcher 77be5d68 user32.dll PeekMessageW 011a48cb vsoft.core.bpl OtlEventMonitor 298 TOmniEventMonitor.ProcessMessages 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 0049f687 ATCMD.EXE VSoft.Console.Main 643 TFBConsoleApplication.InternalRun 004a4aea ATCMD.EXE VSoft.Console.Main 1073 TFBConsoleApplication.Run 004f34aa ATCMD.EXE VSoft.Console.Startup 108 Run 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $1614: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 763a3773 KERNELBASE.dll WaitForMultipleObjects 0091c2ee vsoft.core.db.bpl nxllMemoryManagerImpl 484 CleanupThreadProc 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $151c (TMessageDispatcherThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 50059c58 rtl210.bpl System @FreeMem 50061391 rtl210.bpl System @UStrArrayClr 50059c58 rtl210.bpl System @FreeMem 5006132c rtl210.bpl System @UStrClr 50063678 rtl210.bpl System @FinalizeArray 500635c0 rtl210.bpl System @FinalizeRecord 500636c0 rtl210.bpl System @FinalizeArray 500635c0 rtl210.bpl System @FinalizeRecord 50059c58 rtl210.bpl System @FreeMem 5005f000 rtl210.bpl System TObject.FreeInstance 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 01206b1a vsoft.core.bpl VSoft.Core.Messaging.Dispatchers 186 TMessageDispatcherThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 5016a678 rtl210.bpl System Classes.TThread.Create thread $26b8: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 639be776 clr.dll thread $1a84: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 638f5ca7 clr.dll thread $1bbc: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 638f5ca7 clr.dll thread $1a80: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 639fc8b7 clr.dll thread $22b0: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 639fc8b7 clr.dll thread $660: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 7639611d KERNELBASE.dll WaitForSingleObject 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $1a80 at: 639eb510 clr.dll thread $a2c (TMessageDispatcherThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0188734e vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 56 {System.Generics.Collections}TDictionary>.GetBucketIndex 01898704 vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 161 {Spring.Collections.Stacks}TStack.Changed 50066a9c rtl210.bpl System @IntfClear 0187f06b vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 1012 TFBLogArchiveDBImpl.Receiver_StartMessageGroup 018e83fa vsoft.core.bpl VSoft.Core.Logging.Archive 841 TFBLogArchive.Receiver_StartMessageGroup 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 01206b1a vsoft.core.bpl VSoft.Core.Messaging.Dispatchers 186 TMessageDispatcherThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 5016a678 rtl210.bpl System Classes.TThread.Create thread $2b44 (TnxSimpleTimerThread): 763961c3 KERNELBASE.dll WaitForSingleObjectEx 7639611d KERNELBASE.dll WaitForSingleObject 00923677 vsoft.core.db.bpl nxllSync 233 TnxEvent.WaitForQuietly 009ddfe4 vsoft.core.db.bpl nxllThread 910 TnxTimerThread.InnerExecute 009dd9ae vsoft.core.db.bpl nxllThread 648 TnxInternalInitThread.DoExecute 009dd709 vsoft.core.db.bpl nxllThread 483 TnxThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 009dd647 vsoft.core.db.bpl nxllThread 408 TnxThread.Create thread $16dc (TOmniThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 77be7cb1 user32.dll MsgWaitForMultipleObjectsEx 0116e33f vsoft.core.bpl OtlSync 1875 TWaitFor.MsgWaitAny 011b607e vsoft.core.bpl OtlTaskControl 2948 TOmniTaskExecutor.WaitForEvent 011b4df5 vsoft.core.bpl OtlTaskControl 2584 TOmniTaskExecutor.MainMessageLoop 011b38bf vsoft.core.bpl OtlTaskControl 2258 TOmniTaskExecutor.DispatchMessages 011b1fb1 vsoft.core.bpl OtlTaskControl 1985 TOmniTaskExecutor.Asy_Execute 011b1109 vsoft.core.bpl OtlTaskControl 1575 TOmniTask.InternalExecute 011b0ec9 vsoft.core.bpl OtlTaskControl 1493 TOmniTask.Execute 011b911c vsoft.core.bpl OtlTaskControl 3814 TOmniThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $9a0 at: 011b9081 vsoft.core.bpl OtlTaskControl 3803 TOmniThread.Create thread $2418 (TOmniThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 763a3773 KERNELBASE.dll WaitForMultipleObjects 018edfab vsoft.core.bpl VSoft.Core.Process.Impl 606 TFBProcess.WaitForProcessCompletion 018edc91 vsoft.core.bpl VSoft.Core.Process.Impl 459 TFBProcess.DoRedirectedExecute 018eda3e vsoft.core.bpl VSoft.Core.Process.Impl 399 TFBProcess.Execute 0173ee8b vsoft.core.bpl VSoft.Core.Actions.ExecuteBaseAction 429 TFBExecuteAbstractAction.Execute 0171f6b7 vsoft.core.bpl VSoft.Core.Actions.Base 995 TFBAction.InternalExecute 0171fa13 vsoft.core.bpl VSoft.Core.Actions.Base 1073 TFBAction.DoExecute 0164d61d vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1630 TTargetRunner.StepAction 0164f039 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 2252 TTargetRunner.DoRun 0164a099 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 510 TTargetRunner.HandleCommandRunFrom 0164b3fd vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1017 TTargetRunner.ProcessInitialStepMode 0161a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01766d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01699dd4 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 802 TTargetDependencyRunner.StepTarget 01697e25 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 336 TTargetDependencyRunner.DoTargetRun 0169a1db vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 853 TTargetDependencyRunner.HandleCommandRunFrom 0161abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0161a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01766d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 016a9870 vsoft.core.bpl VSoft.Core.Actions.RunActionListAction 308 TRunActionListAction.Execute 0171f6b7 vsoft.core.bpl VSoft.Core.Actions.Base 995 TFBAction.InternalExecute 0171fa13 vsoft.core.bpl VSoft.Core.Actions.Base 1073 TFBAction.DoExecute 0164d61d vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1630 TTargetRunner.StepAction 0164f039 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 2252 TTargetRunner.DoRun 0164a099 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 510 TTargetRunner.HandleCommandRunFrom 0164b3fd vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1017 TTargetRunner.ProcessInitialStepMode 0161a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01766d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01699dd4 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 802 TTargetDependencyRunner.StepTarget 01697e25 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 336 TTargetDependencyRunner.DoTargetRun 0169a1db vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 853 TTargetDependencyRunner.HandleCommandRunFrom 0161abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0161a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01766d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 0192bfd8 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 644 TProjectTask.RunTarget 0192c2ac vsoft.core.bpl VSoft.Core.Stepping.Project.Task 667 TProjectTask.RunTargets 0192c333 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 680 TProjectTask.HandleCommandRun 0192c355 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 688 TProjectTask.HandleCommandRunFrom 0161abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0161a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01766d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 0192a702 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 168 TProjectTask.CommandProcessing 011b1f8b vsoft.core.bpl OtlTaskControl 1974 TOmniTaskExecutor.Asy_Execute 011b1109 vsoft.core.bpl OtlTaskControl 1575 TOmniTask.InternalExecute 011b0ec9 vsoft.core.bpl OtlTaskControl 1493 TOmniTask.Execute 011b911c vsoft.core.bpl OtlTaskControl 3814 TOmniThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $16dc (TOmniThread) at: 011b9081 vsoft.core.bpl OtlTaskControl 3803 TOmniThread.Create thread $2848 (TFBPipeReader): 763a4944 KERNELBASE.dll SleepEx 763a48aa KERNELBASE.dll Sleep 5016b4cd rtl210.bpl System Classes.TThread.Sleep 018ec3b6 vsoft.core.bpl VSoft.Core.Process.Pipe 474 TFBPipeReader.DoReadFromPipe 018ec45f vsoft.core.bpl VSoft.Core.Process.Pipe 508 TFBPipeReader.PipeThreadExecute 018ebfe8 vsoft.core.bpl VSoft.Core.Process.Pipe 308 TFBPipeThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2418 (TOmniThread) at: 018ebf8a vsoft.core.bpl VSoft.Core.Process.Pipe 295 TFBPipeThread.Create thread $1804 (TFBPipeReader): 763a4944 KERNELBASE.dll SleepEx 763a48aa KERNELBASE.dll Sleep 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2418 (TOmniThread) at: 018ebf8a vsoft.core.bpl VSoft.Core.Process.Pipe 295 TFBPipeThread.Create thread $1f54: 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $24ac: 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $1dfc: 75d062c2 KERNEL32.DLL BaseThreadInitThunk modules: 00400000 ATCMD.EXE 5.0.0.1302 C:\Program Files (x86)\Automise 5 00910000 vsoft.core.db.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 00ed0000 vsoft.core.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 01f00000 spring.base.delphixe7.bpl C:\Program Files (x86)\Automise 5 02120000 vclimg210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 02180000 fbdreamruntime.bpl C:\Program Files (x86)\Automise 5 02250000 indysystem210.bpl C:\Program Files (x86)\Automise 5 022c0000 indycore210.bpl C:\Program Files (x86)\Automise 5 02340000 indyprotocols210.bpl C:\Program Files (x86)\Automise 5 02600000 raizecomponentsvcl210.bpl 6.1.10.0 C:\Program Files (x86)\Automise 5 12980000 FBActiveDirectorySupport.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 129a0000 FBADO.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 12a60000 NxCommonRun_dxe7.bpl C:\Program Files (x86)\Automise 5 12ad0000 NxGridRun_dxe7.bpl C:\Program Files (x86)\Automise 5 12b50000 FBCDBurner.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 12bf0000 FBForms.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13090000 FBCompression.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13160000 FBDotNetFrameWork.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13310000 FBMiscComponents210.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13350000 FBFile.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 137c0000 FBFileListCopyMove.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 137f0000 FBWindowExists.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13830000 FBInteractive.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13900000 FBInternetActions.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13a70000 FBWaitFor.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13ac0000 FBNTServices.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13af0000 FBPDF.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14080000 FBSQLServer.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14100000 FBProfessional.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 141d0000 FBwmi.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14220000 FBWinAdmin.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 142a0000 FBXML.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14340000 VSAutomationSupport.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14b90000 FB80ActionCtx.dll 8.0.1.0 C:\Program Files (x86)\Common Files\VSoft 46480000 security.dll 10.0.14393.0 C:\Windows\SYSTEM32 50050000 rtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50590000 vcl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50960000 vclx210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50c40000 dbrtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50cf0000 xmlrtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 51330000 adortl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 61620000 mscorlib.ni.dll 4.7.3750.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7a6433ea98437b9578c53323dc24e096 63860000 clr.dll 4.7.3750.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 66ef0000 propsys.dll 7.0.14393.4169 C:\Windows\system32 69aa0000 mpr.dll 10.0.14393.2879 C:\Windows\SYSTEM32 69d60000 Fwpuclnt.dll 10.0.14393.0 C:\Windows\SYSTEM32 6a160000 sxs.dll 10.0.14393.4169 C:\Windows\SYSTEM32 6bf00000 SAMCLI.DLL 10.0.14393.0 C:\Windows\SYSTEM32 6dd30000 uxtheme.dll 10.0.14393.4169 C:\Windows\SYSTEM32 6ddb0000 iertutil.dll 11.0.14393.4169 C:\Windows\SYSTEM32 6e4a0000 urlmon.dll 11.0.14393.4169 C:\Windows\SYSTEM32 6ea60000 comctl32.dll 6.10.14393.4169 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8 6fc40000 jscript.dll 5.812.10240.16384 C:\Windows\System32 70460000 ntmarta.dll 10.0.14393.1378 C:\Windows\SYSTEM32 70600000 gdiplus.dll 10.0.14393.4169 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4169_none_f678e5aef25054c6 70cc0000 clrjit.dll 4.7.3750.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 70ee0000 windowscodecs.dll 10.0.14393.3930 C:\Windows\system32 71160000 MsVfW32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71200000 DDRAW.dll 10.0.14393.953 C:\Windows\SYSTEM32 71580000 WINSTA.dll 10.0.14393.0 C:\Windows\SYSTEM32 717f0000 FaultRep.dll 10.0.14393.4046 C:\Windows\SYSTEM32 71a70000 MSACM32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71a90000 WINMMBASE.dll 10.0.14393.0 C:\Windows\SYSTEM32 71ac0000 opengl32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71eb0000 wsock32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71ed0000 netapi32.dll 10.0.14393.0 C:\Windows\SYSTEM32 721e0000 GLU32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72400000 usp10.dll 10.0.14393.3321 C:\Windows\SYSTEM32 72420000 olepro32.dll 10.0.14393.3930 C:\Windows\SYSTEM32 72470000 winspool.drv 10.0.14393.4169 C:\Windows\SYSTEM32 724e0000 mscoreei.dll 4.7.3468.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 72560000 mscoree.dll 10.0.14393.0 C:\Windows\SYSTEM32 725c0000 msxml6.dll 6.30.14393.4169 C:\Windows\System32 72800000 winmm.dll 10.0.14393.0 C:\Windows\SYSTEM32 72870000 symamsi.dll 15.8.5.90 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\bin 72b60000 avifil32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72bd0000 IdnDL.dll 10.0.14393.0 C:\Windows\SYSTEM32 72be0000 oledlg.dll 10.0.14393.0 C:\Windows\SYSTEM32 72c90000 oleacc.dll 7.2.14393.4169 C:\Windows\SYSTEM32 72cf0000 DCIMAN32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72d00000 SHFolder.dll 10.0.14393.0 C:\Windows\SYSTEM32 72e70000 vbscript.dll 5.812.10240.16384 C:\Windows\System32 73630000 amsi.dll 10.0.14393.4169 C:\Windows\SYSTEM32 73a50000 wininet.dll 11.0.14393.4169 C:\Windows\SYSTEM32 73dd0000 MSVCR120_CLR0400.dll 12.0.52519.0 C:\Windows\SYSTEM32 740a0000 rsaenh.dll 10.0.14393.2457 C:\Windows\system32 740d0000 bcrypt.dll 10.0.14393.4046 C:\Windows\SYSTEM32 74100000 wtsapi32.dll 10.0.14393.0 C:\Windows\SYSTEM32 74110000 CRYPTSP.dll 10.0.14393.2457 C:\Windows\SYSTEM32 74280000 iphlpapi.dll 10.0.14393.2339 C:\Windows\SYSTEM32 743c0000 dbgcore.DLL 10.0.14321.1024 C:\Windows\SYSTEM32 743f0000 dbghelp.dll 10.0.14321.1024 C:\Windows\SYSTEM32 74650000 version.dll 10.0.14393.0 C:\Windows\SYSTEM32 747f0000 USERENV.dll 10.0.14393.3986 C:\Windows\SYSTEM32 74810000 SECUR32.DLL 10.0.14393.2273 C:\Windows\SYSTEM32 748c0000 CRYPTBASE.dll 10.0.14393.0 C:\Windows\System32 748d0000 SspiCli.dll 10.0.14393.2580 C:\Windows\System32 748f0000 WINTRUST.dll 10.0.14393.4046 C:\Windows\System32 74940000 ole32.dll 10.0.14393.4169 C:\Windows\System32 74e40000 cfgmgr32.dll 10.0.14393.0 C:\Windows\System32 74e80000 advapi32.dll 10.0.14393.2515 C:\Windows\System32 74fa0000 kernel.appcore.dll 10.0.14393.2312 C:\Windows\System32 74fb0000 GDI32.dll 10.0.14393.4169 C:\Windows\System32 74fe0000 MSASN1.dll 10.0.14393.0 C:\Windows\System32 74ff0000 shcore.dll 10.0.14393.4169 C:\Windows\System32 751c0000 gdi32full.dll 10.0.14393.4169 C:\Windows\System32 75320000 clbcatq.dll 2001.12.10941.16384 C:\Windows\System32 753b0000 shlwapi.dll 10.0.14393.4169 C:\Windows\System32 75400000 ws2_32.dll 10.0.14393.3241 C:\Windows\System32 75470000 msvcrt.dll 7.0.14393.2457 C:\Windows\System32 75530000 RPCRT4.dll 10.0.14393.4169 C:\Windows\System32 75600000 comdlg32.dll 10.0.14393.4169 C:\Windows\System32 756f0000 windows.storage.dll 10.0.14393.4169 C:\Windows\System32 75c60000 win32u.dll 10.0.14393.0 C:\Windows\System32 75c80000 Normaliz.dll 10.0.14393.0 C:\Windows\System32 75c90000 bcryptPrimitives.dll 10.0.14393.4046 C:\Windows\System32 75cf0000 KERNEL32.DLL 10.0.14393.3630 C:\Windows\System32 75dd0000 profapi.dll 10.0.14393.0 C:\Windows\System32 75de0000 sechost.dll 10.0.14393.3808 C:\Windows\System32 75e30000 ucrtbase.dll 10.0.14393.3659 C:\Windows\System32 76080000 combase.dll 10.0.14393.4169 C:\Windows\System32 762a0000 imm32.dll 10.0.14393.0 C:\Windows\System32 762d0000 KERNELBASE.dll 10.0.14393.3986 C:\Windows\System32 764e0000 powrprof.dll 10.0.14393.0 C:\Windows\System32 76530000 oleaut32.dll 10.0.14393.3808 C:\Windows\System32 765d0000 msvcp_win.dll 10.0.14393.2999 C:\Windows\System32 76660000 shell32.dll 10.0.14393.4169 C:\Windows\System32 77a40000 crypt32.dll 10.0.14393.4169 C:\Windows\System32 77bd0000 user32.dll 10.0.14393.4169 C:\Windows\System32 77d30000 IMAGEHLP.DLL 10.0.14393.0 C:\Windows\System32 77e00000 ntdll.dll 10.0.14393.3986 C:\Windows\SYSTEM32 processes: 0000 Idle 0 0 0 0004 System 0 0 0 0118 smss.exe 0 0 0 0170 csrss.exe 0 0 0 01c0 wininit.exe 0 0 0 01c8 csrss.exe 1 0 0 01fc winlogon.exe 1 0 0 0240 services.exe 0 0 0 0248 lsass.exe 0 0 0 02a4 svchost.exe 0 0 0 02e0 svchost.exe 0 0 0 0344 LogonUI.exe 1 0 0 035c dwm.exe 1 0 0 0374 svchost.exe 0 0 0 0390 svchost.exe 0 0 0 03c0 svchost.exe 0 0 0 03c8 svchost.exe 0 0 0 0100 svchost.exe 0 0 0 0308 svchost.exe 0 0 0 0450 svchost.exe 0 0 0 04b0 svchost.exe 0 0 0 0570 svchost.exe 0 0 0 06bc spoolsv.exe 0 0 0 0704 svchost.exe 0 0 0 0744 svchost.exe 0 0 0 075c sqlwriter.exe 0 0 0 076c svchost.exe 0 0 0 0780 vmtoolsd.exe 0 0 0 0788 VGAuthService.exe 0 0 0 0790 TaniumClient.exe 0 0 0 0798 ccSvcHst.exe 0 0 0 07a0 ccSvcHst.exe 0 0 0 07f4 sepWscSvc64.exe 0 0 0 09b0 dllhost.exe 0 0 0 0aa4 WmiPrvSE.exe 0 0 0 0adc sqlceip.exe 0 4 0 below normal 0aec sqlservr.exe 0 4 0 normal 0c94 WmiPrvSE.exe 0 0 0 0d9c msdtc.exe 0 0 0 0fdc fdlauncher.exe 0 4 0 normal 0ff4 fdhost.exe 0 4 0 normal C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn 0ffc conhost.exe 0 0 0 1560 svchost.exe 0 0 0 1470 ccSvcHst.exe 0 0 0 1900 WmiPrvSE.exe 0 0 0 20e8 WmiPrvSE.exe 0 0 0 26e0 csrss.exe 60 0 0 0940 winlogon.exe 60 0 0 1bcc dwm.exe 60 0 0 25b8 rdpclip.exe 60 0 0 1524 ccSvcHst.exe 60 0 0 2370 RuntimeBroker.exe 60 0 0 1e40 svchost.exe 60 0 0 normal 1e34 sihost.exe 60 0 0 1b10 taskhostw.exe 60 0 0 1a40 explorer.exe 60 0 0 1644 ShellExperienceHost.exe 60 0 0 0804 SearchUI.exe 60 0 0 0d70 dllhost.exe 60 0 0 268c jusched.exe 60 0 0 1f0c jucheck.exe 60 0 0 1630 WmiPrvSE.exe 0 0 0 2b28 CcmExec.exe 0 0 0 1fd4 CmRcService.exe 0 0 0 121c WmiPrvSE.exe 0 0 0 1688 WmiPrvSE.exe 0 0 0 2dc0 WmiPrvSE.exe 0 0 0 0e20 SCNotification.exe 60 0 0 1adc csrss.exe 76 0 0 2838 winlogon.exe 76 0 0 2a10 dwm.exe 76 0 0 2bc8 rdpclip.exe 76 0 0 27dc ccSvcHst.exe 76 0 0 1ed4 svchost.exe 76 0 0 normal 0754 sihost.exe 76 0 0 25cc taskhostw.exe 76 0 0 29b8 RuntimeBroker.exe 76 0 0 2e90 notepad.exe 76 0 0 normal C:\Windows\System32 2dd4 notepad.exe 76 0 0 normal C:\Windows\System32 2cc8 explorer.exe 76 0 0 27c4 notepad.exe 76 0 0 normal C:\Windows\System32 185c ShellExperienceHost.exe 76 0 0 24e4 SearchUI.exe 76 0 0 0638 SCNotification.exe 76 0 0 2fa8 jusched.exe 76 0 0 2d4c jucheck.exe 76 0 0 13ec OpenAirManager.exe 0 18 43 normal C:\im_shortcuts\User_Download_US_oabundle 1cbc OpenAirManager.exe 0 4 1 normal C:\im_shortcuts\Project Download_oabundle 2f3c OpenAirManager.exe 0 4 1 normal C:\im_shortcuts\Project Download_oabundle 2044 OpenAirManager.exe 0 4 1 normal C:\im_shortcuts\Project Download_oabundle 2040 csrss.exe 84 0 0 2a94 winlogon.exe 84 0 0 2fb0 dwm.exe 84 0 0 26e8 ccSvcHst.exe 84 0 0 0720 rdpclip.exe 84 0 0 04f8 sihost.exe 84 0 0 21fc svchost.exe 84 0 0 normal 2d08 taskhostw.exe 84 0 0 188c RuntimeBroker.exe 84 0 0 2434 explorer.exe 84 0 0 2ccc notepad.exe 84 0 0 normal C:\Windows\System32 0a10 notepad.exe 84 0 0 normal C:\Windows\System32 281c notepad.exe 84 0 0 normal C:\Windows\System32 1d0c ShellExperienceHost.exe 84 0 0 17f0 SearchUI.exe 84 0 0 2574 SCNotification.exe 84 0 0 21bc jusched.exe 84 0 0 13a0 jucheck.exe 84 0 0 1638 Taskmgr.exe 84 0 0 normal C:\Windows\System32 0870 TaniumClient.exe 0 0 0 286c conhost.exe 0 0 0 25f0 mmc.exe 84 0 0 normal C:\Windows\System32 1858 ATCMD.exe 0 88 19 below normal C:\Program Files (x86)\Automise 5 10ac conhost.exe 0 15 8 below normal C:\Windows\System32 1b88 OpenAirManager.exe 0 4 1 normal C:\im_shortcuts\Project Download_oabundle 284c TaniumClient.exe 0 0 0 1fbc conhost.exe 0 0 0 2118 TaniumCX.exe 0 0 0 0ee8 TaniumCX.exe 0 0 0 0b74 TaniumCX.exe 0 0 0 08d0 TaniumCX.exe 0 0 0 23c0 TaniumDetectEngine.exe 0 0 0 0d64 WmiPrvSE.exe 0 0 0 1f3c WmiPrvSE.exe 0 0 0 24f0 WmiPrvSE.exe 0 0 0 2ba4 madTraceProcess32.exe 84 0 0 normal C:\Users\JMeltzer\Downloads 2404 ATCMD.exe 0 88 19 below normal C:\Program Files (x86)\Automise 5 071c conhost.exe 0 15 8 below normal C:\Windows\System32 1974 TaniumClient.exe 0 0 0 hardware: + {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc} - Microsoft Print to PDF - Microsoft XPS Document Writer - Root Print Queue + {36fc9e60-c465-11cf-8056-444553540000} - Standard USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) - USB Composite Device - USB Root Hub (xHCI) + {4d36e965-e325-11ce-bfc1-08002be10318} - NECVMWar VMware SATA CD00 + {4d36e966-e325-11ce-bfc1-08002be10318} - ACPI x64-based PC + {4d36e967-e325-11ce-bfc1-08002be10318} - VMware Virtual disk SCSI Disk Device + {4d36e968-e325-11ce-bfc1-08002be10318} - VMware SVGA 3D (driver 8.16.1.20) + {4d36e96a-e325-11ce-bfc1-08002be10318} - ATA Channel 0 - ATA Channel 1 - Intel(R) 82371AB/EB PCI Bus Master IDE Controller - Standard SATA AHCI Controller + {4d36e96b-e325-11ce-bfc1-08002be10318} - Remote Desktop Keyboard Device - Standard PS/2 Keyboard + {4d36e96e-e325-11ce-bfc1-08002be10318} - Generic Non-PnP Monitor + {4d36e96f-e325-11ce-bfc1-08002be10318} - HID-compliant mouse - Remote Desktop Mouse Device - VMware Pointing Device (driver 12.5.7.0) - VMware USB Pointing Device (driver 12.5.7.0) + {4d36e972-e325-11ce-bfc1-08002be10318} - Microsoft ISATAP Adapter - Microsoft Kernel Debug Network Adapter - vmxnet3 Ethernet Adapter (driver 1.8.16.0) + {4d36e97b-e325-11ce-bfc1-08002be10318} - LSI Adapter, SAS 3000 series, 8-port with 1068 (driver 1.34.3.83) - Microsoft Storage Spaces Controller + {4d36e97d-e325-11ce-bfc1-08002be10318} - ACPI Fixed Feature Button - Composite Bus Enumerator - CPU to PCI Bridge - Direct memory access controller - EISA programmable interrupt controller - Generic Bus - High precision event timer - Microsoft ACPI-Compliant System - Microsoft Basic Display Driver - Microsoft Basic Render Driver - Microsoft Hyper-V Generation Counter - Microsoft System Management BIOS Driver - Microsoft Virtual Drive Enumerator - Motherboard resources - Motherboard resources - NDIS Virtual Network Adapter Enumerator - PCI Bus - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI to ISA Bridge - PCI-to-PCI Bridge - PCI-to-PCI Bridge - Plug and Play Software Device Enumerator - Remote Desktop Device Redirector Bus - System CMOS/real time clock - System speaker - System timer - UMBus Enumerator - UMBus Root Bus Enumerator - VMware VMCI Bus Device (driver 9.8.16.0) - VMware VMCI Host Device (driver 9.8.6.0) - Volume Manager + {50127dc3-0f36-415e-a6cc-4cb3be910b65} - Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz - Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz + {62f9c741-b25a-46ce-b54c-9bccce08b6f2} - Microsoft IPv4 IPv6 Transition Adapter Bus - Microsoft Passport Container Enumeration Bus - Microsoft Radio Device Enumeration Bus - Smart Card Device Enumeration Bus + {72631e54-78a4-11d0-bcf7-00aa00b7b32a} - Microsoft AC Adapter + {745a17a0-74d3-11d0-b6fe-00a0c90f57da} - USB Input Device - USB Input Device disassembling: [...] 763a3870 push ecx 763a3871 push ebx 763a3872 push eax 763a3873 push dword ptr [ebp-$12c] 763a3879 push esi 763a387a > call dword ptr [$7644979c] ; NtWaitForMultipleObjects (ntdll.dll) 763a3880 mov edi, eax 763a3882 mov [ebp-$130], edi 763a3888 test edi, edi 763a388a js loc_763a3890 763a388c test ebx, ebx [...]