date/time : 2021-06-03, 07:39:45, 735ms computer name : CT1 user name : webbackup registered owner : Windows User operating system : Windows 2016 x64 build 14393 system language : English system up time : 91 days 16 hours program up time : 10 hours 7 minutes processors : 2x Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz physical memory : 11988/16383 MB (free/total) free disk space : (C:) 245.04 GB display mode : 1024x768, 32 bit process id : $1724 allocated memory : 163.91 MB largest free block : 1.87 GB command line : "C:\Program Files (x86)\Automise 5\ATCMD.EXE" -co "C:\CTDB_scripts\OA Integration.atz5" executable : ATCMD.EXE exec. date/time : 2021-02-24 11:01 version : 5.0.0.1302 compiled with : Delphi XE7 madExcept version : 5.1.0 callstack crc : $af347bfd, $cbe3b3a4, $ed8be3cd thread $2c38: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 77e70f84 ntdll.dll KiUserCallbackDispatcher 77be5d68 user32.dll PeekMessageW 012948cb vsoft.core.bpl OtlEventMonitor 298 TOmniEventMonitor.ProcessMessages 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 0049f687 ATCMD.EXE VSoft.Console.Main 643 TFBConsoleApplication.InternalRun 004a4aea ATCMD.EXE VSoft.Console.Main 1073 TFBConsoleApplication.Run 004f34aa ATCMD.EXE VSoft.Console.Startup 108 Run 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $aac: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 763a3773 KERNELBASE.dll WaitForMultipleObjects 00a0c2ee vsoft.core.db.bpl nxllMemoryManagerImpl 484 CleanupThreadProc 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $2ea0 (TMessageDispatcherThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 50059c58 rtl210.bpl System @FreeMem 50061391 rtl210.bpl System @UStrArrayClr 50059c58 rtl210.bpl System @FreeMem 5006132c rtl210.bpl System @UStrClr 50063678 rtl210.bpl System @FinalizeArray 500635c0 rtl210.bpl System @FinalizeRecord 500636c0 rtl210.bpl System @FinalizeArray 500635c0 rtl210.bpl System @FinalizeRecord 50059c58 rtl210.bpl System @FreeMem 5005f000 rtl210.bpl System TObject.FreeInstance 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 012f6b1a vsoft.core.bpl VSoft.Core.Messaging.Dispatchers 186 TMessageDispatcherThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 5016a678 rtl210.bpl System Classes.TThread.Create thread $1e08: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 639be776 clr.dll thread $71c: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 638f5ca7 clr.dll thread $17c4: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 638f5ca7 clr.dll thread $1504: 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 639fc8b7 clr.dll thread $1a64: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 639fc8b7 clr.dll thread $f54: 763961c3 KERNELBASE.dll WaitForSingleObjectEx 7639611d KERNELBASE.dll WaitForSingleObject 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $1504 at: 639eb510 clr.dll thread $2c2c (TMessageDispatcherThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 0197734e vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 56 {System.Generics.Collections}TDictionary>.GetBucketIndex 01988704 vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 161 {Spring.Collections.Stacks}TStack.Changed 50066a9c rtl210.bpl System @IntfClear 0196f06b vsoft.core.bpl VSoft.Core.Logging.ArchiveDB 1012 TFBLogArchiveDBImpl.Receiver_StartMessageGroup 019d83fa vsoft.core.bpl VSoft.Core.Logging.Archive 841 TFBLogArchive.Receiver_StartMessageGroup 501b63da rtl210.bpl System Syncobjs.THandleObject.WaitFor 012f6b1a vsoft.core.bpl VSoft.Core.Messaging.Dispatchers 186 TMessageDispatcherThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 5016a678 rtl210.bpl System Classes.TThread.Create thread $2750 (TnxSimpleTimerThread): 763961c3 KERNELBASE.dll WaitForSingleObjectEx 7639611d KERNELBASE.dll WaitForSingleObject 00a13677 vsoft.core.db.bpl nxllSync 233 TnxEvent.WaitForQuietly 00acdfe4 vsoft.core.db.bpl nxllThread 910 TnxTimerThread.InnerExecute 00acd9ae vsoft.core.db.bpl nxllThread 648 TnxInternalInitThread.DoExecute 00acd709 vsoft.core.db.bpl nxllThread 483 TnxThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 00acd647 vsoft.core.db.bpl nxllThread 408 TnxThread.Create thread $2834 (TOmniThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 77be7cb1 user32.dll MsgWaitForMultipleObjectsEx 0125e33f vsoft.core.bpl OtlSync 1875 TWaitFor.MsgWaitAny 012a607e vsoft.core.bpl OtlTaskControl 2948 TOmniTaskExecutor.WaitForEvent 012a4df5 vsoft.core.bpl OtlTaskControl 2584 TOmniTaskExecutor.MainMessageLoop 012a38bf vsoft.core.bpl OtlTaskControl 2258 TOmniTaskExecutor.DispatchMessages 012a1fb1 vsoft.core.bpl OtlTaskControl 1985 TOmniTaskExecutor.Asy_Execute 012a1109 vsoft.core.bpl OtlTaskControl 1575 TOmniTask.InternalExecute 012a0ec9 vsoft.core.bpl OtlTaskControl 1493 TOmniTask.Execute 012a911c vsoft.core.bpl OtlTaskControl 3814 TOmniThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2c38 at: 012a9081 vsoft.core.bpl OtlTaskControl 3803 TOmniThread.Create thread $1b80 (TOmniThread): 763a387a KERNELBASE.dll WaitForMultipleObjectsEx 763a3773 KERNELBASE.dll WaitForMultipleObjects 019ddfab vsoft.core.bpl VSoft.Core.Process.Impl 606 TFBProcess.WaitForProcessCompletion 019ddc91 vsoft.core.bpl VSoft.Core.Process.Impl 459 TFBProcess.DoRedirectedExecute 019dda3e vsoft.core.bpl VSoft.Core.Process.Impl 399 TFBProcess.Execute 0182ee8b vsoft.core.bpl VSoft.Core.Actions.ExecuteBaseAction 429 TFBExecuteAbstractAction.Execute 0180f6b7 vsoft.core.bpl VSoft.Core.Actions.Base 995 TFBAction.InternalExecute 0180fa13 vsoft.core.bpl VSoft.Core.Actions.Base 1073 TFBAction.DoExecute 0173d61d vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1630 TTargetRunner.StepAction 0173f039 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 2252 TTargetRunner.DoRun 0173a099 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 510 TTargetRunner.HandleCommandRunFrom 0173b3fd vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1017 TTargetRunner.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01789dd4 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 802 TTargetDependencyRunner.StepTarget 01787e25 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 336 TTargetDependencyRunner.DoTargetRun 0178a1db vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 853 TTargetDependencyRunner.HandleCommandRunFrom 0170abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 0184043d vsoft.core.bpl VSoft.Core.Actions.IncludeProjectAction 597 TCustomIncludeProjectAction.StartRunner 01840f04 vsoft.core.bpl VSoft.Core.Actions.IncludeProjectAction 774 TCustomIncludeProjectAction.Execute 0180f6b7 vsoft.core.bpl VSoft.Core.Actions.Base 995 TFBAction.InternalExecute 0180fa13 vsoft.core.bpl VSoft.Core.Actions.Base 1073 TFBAction.DoExecute 0173d61d vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1630 TTargetRunner.StepAction 0173f039 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 2252 TTargetRunner.DoRun 0173a099 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 510 TTargetRunner.HandleCommandRunFrom 0173b3fd vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1017 TTargetRunner.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01789dd4 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 802 TTargetDependencyRunner.StepTarget 01787e25 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 336 TTargetDependencyRunner.DoTargetRun 0178a1db vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 853 TTargetDependencyRunner.HandleCommandRunFrom 0170abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01799870 vsoft.core.bpl VSoft.Core.Actions.RunActionListAction 308 TRunActionListAction.Execute 0180f6b7 vsoft.core.bpl VSoft.Core.Actions.Base 995 TFBAction.InternalExecute 0180fa13 vsoft.core.bpl VSoft.Core.Actions.Base 1073 TFBAction.DoExecute 0173d61d vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1630 TTargetRunner.StepAction 0173f039 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 2252 TTargetRunner.DoRun 0173a099 vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 510 TTargetRunner.HandleCommandRunFrom 0173b3fd vsoft.core.bpl VSoft.Core.Stepping.Target.Runner 1017 TTargetRunner.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01789dd4 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 802 TTargetDependencyRunner.StepTarget 01787e25 vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 336 TTargetDependencyRunner.DoTargetRun 0178a1db vsoft.core.bpl VSoft.Core.Stepping.Target.DependencyRunner 853 TTargetDependencyRunner.HandleCommandRunFrom 0170abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01a1bfd8 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 644 TProjectTask.RunTarget 01a1c2ac vsoft.core.bpl VSoft.Core.Stepping.Project.Task 667 TProjectTask.RunTargets 01a1c333 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 680 TProjectTask.HandleCommandRun 01a1c355 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 688 TProjectTask.HandleCommandRunFrom 0170abbc vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 195 TStepperTargetBase.ProcessInitialStepMode 0170a9d9 vsoft.core.bpl VSoft.Core.Stepping.StepperTarget.Base 140 TStepperTargetBase.ProcessCommands 01856d75 vsoft.core.bpl VSoft.Core.Stepping.Stepper 617 TStepper.ProcessCommands 01a1a702 vsoft.core.bpl VSoft.Core.Stepping.Project.Task 168 TProjectTask.CommandProcessing 012a1f8b vsoft.core.bpl OtlTaskControl 1974 TOmniTaskExecutor.Asy_Execute 012a1109 vsoft.core.bpl OtlTaskControl 1575 TOmniTask.InternalExecute 012a0ec9 vsoft.core.bpl OtlTaskControl 1493 TOmniTask.Execute 012a911c vsoft.core.bpl OtlTaskControl 3814 TOmniThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $2834 (TOmniThread) at: 012a9081 vsoft.core.bpl OtlTaskControl 3803 TOmniThread.Create thread $11a4 (TFBPipeReader): 763a4944 KERNELBASE.dll SleepEx 763a48aa KERNELBASE.dll Sleep 019dbfe8 vsoft.core.bpl VSoft.Core.Process.Pipe 308 TFBPipeThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $1b80 (TOmniThread) at: 019dbf8a vsoft.core.bpl VSoft.Core.Process.Pipe 295 TFBPipeThread.Create thread $2568 (TFBPipeReader): 763a4944 KERNELBASE.dll SleepEx 763a48aa KERNELBASE.dll Sleep 019dbfe8 vsoft.core.bpl VSoft.Core.Process.Pipe 308 TFBPipeThread.Execute 0046e7cb ATCMD.EXE madExcept HookedTThreadExecute 0046e6b1 ATCMD.EXE madExcept CallThreadProcSafe 0046e716 ATCMD.EXE madExcept ThreadExceptFrame 75d062c2 KERNEL32.DLL BaseThreadInitThunk >> created by thread $1b80 (TOmniThread) at: 019dbf8a vsoft.core.bpl VSoft.Core.Process.Pipe 295 TFBPipeThread.Create thread $23d8: 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $1e28: 75d062c2 KERNEL32.DLL BaseThreadInitThunk thread $24d4: 75d062c2 KERNEL32.DLL BaseThreadInitThunk modules: 00400000 ATCMD.EXE 5.0.0.1302 C:\Program Files (x86)\Automise 5 00a00000 vsoft.core.db.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 00fc0000 vsoft.core.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 01ef0000 spring.base.delphixe7.bpl C:\Program Files (x86)\Automise 5 02110000 vclimg210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 02170000 fbdreamruntime.bpl C:\Program Files (x86)\Automise 5 02240000 indysystem210.bpl C:\Program Files (x86)\Automise 5 022b0000 indycore210.bpl C:\Program Files (x86)\Automise 5 02330000 indyprotocols210.bpl C:\Program Files (x86)\Automise 5 025f0000 raizecomponentsvcl210.bpl 6.1.10.0 C:\Program Files (x86)\Automise 5 12980000 FBActiveDirectorySupport.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 129a0000 FBADO.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 12a60000 NxCommonRun_dxe7.bpl C:\Program Files (x86)\Automise 5 12ad0000 NxGridRun_dxe7.bpl C:\Program Files (x86)\Automise 5 12b50000 FBCDBurner.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 12bf0000 FBForms.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 12cd0000 msadcer.dll 10.0.14393.0 C:\Program Files (x86)\Common Files\System\msadc 12ce0000 FBMiscComponents210.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13110000 FBCompression.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 131e0000 FBDotNetFrameWork.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 133b0000 MSDASQLR.DLL 10.0.14393.0 C:\Program Files (x86)\Common Files\System\Ole DB 13420000 ssleay32.dll 1.0.2.21 C:\Program Files (x86)\Automise 5 13490000 FBFile.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13900000 FBFileListCopyMove.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13930000 FBWinAdmin.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13970000 FBInteractive.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13a40000 FBInternetActions.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13bb0000 FBWaitFor.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13c00000 FBNTServices.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 13c30000 FBPDF.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 141d0000 FBProfessional.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14290000 FBSQLServer.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14310000 FBWindowExists.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 143b0000 FBwmi.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14400000 FBXML.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14480000 VSAutomationSupport.bpl 5.0.0.1302 C:\Program Files (x86)\Automise 5 14ba0000 FB80ActionCtx.dll 8.0.1.0 C:\Program Files (x86)\Common Files\VSoft 16dd0000 libeay32.dll 1.0.2.21 C:\Program Files (x86)\Automise 5 46480000 security.dll 10.0.14393.0 C:\Windows\SYSTEM32 50050000 rtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50590000 vcl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50960000 vclx210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50c40000 dbrtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 50cf0000 xmlrtl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 51330000 adortl210.bpl 21.0.17707.5020 C:\Program Files (x86)\Automise 5 61620000 mscorlib.ni.dll 4.7.3750.0 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7a6433ea98437b9578c53323dc24e096 63860000 clr.dll 4.7.3750.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 66ef0000 propsys.dll 7.0.14393.4169 C:\Windows\system32 69010000 cryptdll.dll 10.0.14393.2969 C:\Windows\SYSTEM32 69120000 DSPARSE.DLL 10.0.14393.0 C:\Windows\SYSTEM32 69aa0000 mpr.dll 10.0.14393.2879 C:\Windows\SYSTEM32 69c80000 ncryptsslp.dll 10.0.14393.3541 C:\Windows\system32 69ca0000 NTASN1.dll 10.0.14393.0 C:\Windows\SYSTEM32 69cd0000 ncrypt.dll 10.0.14393.4046 C:\Windows\SYSTEM32 69cf0000 schannel.dll 10.0.14393.3930 C:\Windows\System32 69d60000 Fwpuclnt.dll 10.0.14393.0 C:\Windows\SYSTEM32 69dc0000 mskeyprotect.dll 10.0.14393.4046 C:\Windows\SYSTEM32 6a160000 sxs.dll 10.0.14393.4169 C:\Windows\SYSTEM32 6b640000 DPAPI.dll 10.0.14393.0 C:\Windows\SYSTEM32 6be10000 SQLSRV32.dll 10.0.14393.0 C:\Windows\system32 6bf00000 SAMCLI.DLL 10.0.14393.0 C:\Windows\SYSTEM32 6bf30000 ODBC32.dll 10.0.14393.3471 C:\Windows\SYSTEM32 6bfd0000 msdasql.dll 10.0.14393.2608 C:\Program Files (x86)\Common Files\System\Ole DB 6c500000 ntdsapi.dll 10.0.14393.0 C:\Windows\SYSTEM32 6c600000 wkscli.dll 10.0.14393.0 C:\Windows\SYSTEM32 6dd30000 uxtheme.dll 10.0.14393.4169 C:\Windows\SYSTEM32 6ddb0000 iertutil.dll 11.0.14393.4169 C:\Windows\SYSTEM32 6e4a0000 urlmon.dll 11.0.14393.4169 C:\Windows\SYSTEM32 6ea60000 comctl32.dll 6.10.14393.4169 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8 6f290000 srvcli.dll 10.0.14393.0 C:\Windows\SYSTEM32 6f9c0000 msadce.dll 10.0.14393.4169 C:\Program Files (x86)\Common Files\System\msadc 70460000 ntmarta.dll 10.0.14393.1378 C:\Windows\SYSTEM32 70600000 gdiplus.dll 10.0.14393.4169 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4169_none_f678e5aef25054c6 70c80000 sqloledb.dll 10.0.14393.2608 C:\Program Files (x86)\Common Files\System\Ole DB 70ed0000 comsvcs.dll 2001.12.10941.16384 C:\Windows\System32 71020000 oledb32.dll 10.0.14393.4169 C:\Program Files (x86)\Common Files\System\Ole DB 710f0000 clrjit.dll 4.7.3750.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 71170000 jscript.dll 5.812.10240.16384 C:\Windows\System32 71220000 windowscodecs.dll 10.0.14393.3930 C:\Windows\system32 71490000 DDRAW.dll 10.0.14393.953 C:\Windows\SYSTEM32 71580000 WINSTA.dll 10.0.14393.0 C:\Windows\SYSTEM32 717f0000 msv1_0.DLL 10.0.14393.3866 C:\Windows\System32 71a40000 DBNETLIB.DLL 10.0.14393.0 C:\Windows\SYSTEM32 71a60000 FaultRep.dll 10.0.14393.4046 C:\Windows\SYSTEM32 71ac0000 opengl32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71ba0000 msado15.dll 10.0.14393.4169 C:\Program Files (x86)\Common Files\System\ado 71eb0000 wsock32.dll 10.0.14393.0 C:\Windows\SYSTEM32 71ec0000 NETUTILS.DLL 10.0.14393.0 C:\Windows\SYSTEM32 71ed0000 netapi32.dll 10.0.14393.0 C:\Windows\SYSTEM32 721e0000 MsVfW32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72400000 usp10.dll 10.0.14393.3321 C:\Windows\SYSTEM32 72420000 MSACM32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72470000 olepro32.dll 10.0.14393.3930 C:\Windows\SYSTEM32 72490000 avifil32.dll 10.0.14393.0 C:\Windows\SYSTEM32 724b0000 GLU32.dll 10.0.14393.0 C:\Windows\SYSTEM32 724e0000 mscoreei.dll 4.7.3468.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319 72560000 mscoree.dll 10.0.14393.0 C:\Windows\SYSTEM32 725c0000 msxml6.dll 6.30.14393.4169 C:\Windows\System32 727b0000 IdnDL.dll 10.0.14393.0 C:\Windows\SYSTEM32 727c0000 winspool.drv 10.0.14393.4169 C:\Windows\SYSTEM32 72870000 symamsi.dll 15.8.5.90 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\bin 72b50000 WINMMBASE.dll 10.0.14393.0 C:\Windows\SYSTEM32 72bd0000 winmm.dll 10.0.14393.0 C:\Windows\SYSTEM32 72c50000 DCIMAN32.dll 10.0.14393.0 C:\Windows\SYSTEM32 72c70000 MSDATL3.dll 10.0.14393.0 C:\Program Files (x86)\Common Files\System\Ole DB 72c90000 oleacc.dll 7.2.14393.4169 C:\Windows\SYSTEM32 72cf0000 oledlg.dll 10.0.14393.0 C:\Windows\SYSTEM32 72df0000 MSDART.DLL 10.0.14393.0 C:\Windows\SYSTEM32 72e40000 SHFolder.dll 10.0.14393.0 C:\Windows\SYSTEM32 72e50000 scrrun.dll 5.812.10240.16384 C:\Windows\System32 72e80000 vbscript.dll 5.812.10240.16384 C:\Windows\System32 72f40000 NtlmShared.dll 10.0.14393.3269 C:\Windows\SYSTEM32 72f60000 odbccp32.dll 10.0.14393.0 C:\Windows\system32 73630000 amsi.dll 10.0.14393.4169 C:\Windows\SYSTEM32 73a50000 wininet.dll 11.0.14393.4169 C:\Windows\SYSTEM32 73dd0000 MSVCR120_CLR0400.dll 12.0.52519.0 C:\Windows\SYSTEM32 740a0000 rsaenh.dll 10.0.14393.2457 C:\Windows\system32 740d0000 bcrypt.dll 10.0.14393.4046 C:\Windows\SYSTEM32 740f0000 rasadhlp.dll 10.0.14393.0 C:\Windows\System32 74100000 wtsapi32.dll 10.0.14393.0 C:\Windows\SYSTEM32 74110000 CRYPTSP.dll 10.0.14393.2457 C:\Windows\SYSTEM32 74220000 NLAapi.dll 10.0.14393.3808 C:\Windows\system32 74240000 winrnr.dll 10.0.14393.0 C:\Windows\System32 74280000 iphlpapi.dll 10.0.14393.2339 C:\Windows\SYSTEM32 742b0000 DNSAPI.dll 10.0.14393.4169 C:\Windows\SYSTEM32 74330000 mswsock.dll 10.0.14393.3659 C:\Windows\system32 743c0000 dbgcore.DLL 10.0.14321.1024 C:\Windows\SYSTEM32 743f0000 dbghelp.dll 10.0.14321.1024 C:\Windows\SYSTEM32 74630000 napinsp.dll 10.0.14393.0 C:\Windows\system32 74650000 version.dll 10.0.14393.0 C:\Windows\SYSTEM32 747f0000 USERENV.dll 10.0.14393.3986 C:\Windows\SYSTEM32 74810000 SECUR32.DLL 10.0.14393.2273 C:\Windows\SYSTEM32 748c0000 CRYPTBASE.dll 10.0.14393.0 C:\Windows\System32 748d0000 SspiCli.dll 10.0.14393.2580 C:\Windows\System32 748f0000 WINTRUST.dll 10.0.14393.4046 C:\Windows\System32 74940000 ole32.dll 10.0.14393.4169 C:\Windows\System32 74e40000 cfgmgr32.dll 10.0.14393.0 C:\Windows\System32 74e80000 advapi32.dll 10.0.14393.2515 C:\Windows\System32 74fa0000 kernel.appcore.dll 10.0.14393.2312 C:\Windows\System32 74fb0000 GDI32.dll 10.0.14393.4169 C:\Windows\System32 74fe0000 MSASN1.dll 10.0.14393.0 C:\Windows\System32 74ff0000 shcore.dll 10.0.14393.4169 C:\Windows\System32 751c0000 gdi32full.dll 10.0.14393.4169 C:\Windows\System32 75320000 clbcatq.dll 2001.12.10941.16384 C:\Windows\System32 753b0000 shlwapi.dll 10.0.14393.4169 C:\Windows\System32 75400000 ws2_32.dll 10.0.14393.3241 C:\Windows\System32 75470000 msvcrt.dll 7.0.14393.2457 C:\Windows\System32 75530000 RPCRT4.dll 10.0.14393.4169 C:\Windows\System32 75600000 comdlg32.dll 10.0.14393.4169 C:\Windows\System32 756f0000 windows.storage.dll 10.0.14393.4169 C:\Windows\System32 75c60000 win32u.dll 10.0.14393.0 C:\Windows\System32 75c80000 Normaliz.dll 10.0.14393.0 C:\Windows\System32 75c90000 bcryptPrimitives.dll 10.0.14393.4046 C:\Windows\System32 75cf0000 KERNEL32.DLL 10.0.14393.3630 C:\Windows\System32 75dd0000 profapi.dll 10.0.14393.0 C:\Windows\System32 75de0000 sechost.dll 10.0.14393.3808 C:\Windows\System32 75e30000 ucrtbase.dll 10.0.14393.3659 C:\Windows\System32 76080000 combase.dll 10.0.14393.4169 C:\Windows\System32 762a0000 imm32.dll 10.0.14393.0 C:\Windows\System32 762d0000 KERNELBASE.dll 10.0.14393.3986 C:\Windows\System32 764e0000 powrprof.dll 10.0.14393.0 C:\Windows\System32 76530000 oleaut32.dll 10.0.14393.3808 C:\Windows\System32 765d0000 msvcp_win.dll 10.0.14393.2999 C:\Windows\System32 76660000 shell32.dll 10.0.14393.4169 C:\Windows\System32 77a40000 crypt32.dll 10.0.14393.4169 C:\Windows\System32 77bc0000 NSI.dll 10.0.14393.3297 C:\Windows\System32 77bd0000 user32.dll 10.0.14393.4169 C:\Windows\System32 77d30000 IMAGEHLP.DLL 10.0.14393.0 C:\Windows\System32 77e00000 ntdll.dll 10.0.14393.3986 C:\Windows\SYSTEM32 processes: 0000 Idle 0 0 0 0004 System 0 0 0 0118 smss.exe 0 0 0 0170 csrss.exe 0 0 0 01c0 wininit.exe 0 0 0 01c8 csrss.exe 1 0 0 01fc winlogon.exe 1 0 0 0240 services.exe 0 0 0 0248 lsass.exe 0 0 0 02a4 svchost.exe 0 0 0 02e0 svchost.exe 0 0 0 0344 LogonUI.exe 1 0 0 035c dwm.exe 1 0 0 0374 svchost.exe 0 0 0 0390 svchost.exe 0 0 0 03c0 svchost.exe 0 0 0 03c8 svchost.exe 0 0 0 0100 svchost.exe 0 0 0 0308 svchost.exe 0 0 0 0450 svchost.exe 0 0 0 04b0 svchost.exe 0 0 0 0570 svchost.exe 0 0 0 06bc spoolsv.exe 0 0 0 0704 svchost.exe 0 0 0 0744 svchost.exe 0 0 0 075c sqlwriter.exe 0 0 0 076c svchost.exe 0 0 0 0780 vmtoolsd.exe 0 0 0 0788 VGAuthService.exe 0 0 0 0790 TaniumClient.exe 0 0 0 0798 ccSvcHst.exe 0 0 0 07a0 ccSvcHst.exe 0 0 0 07f4 sepWscSvc64.exe 0 0 0 09b0 dllhost.exe 0 0 0 0aa4 WmiPrvSE.exe 0 0 0 0adc sqlceip.exe 0 4 0 below normal 0aec sqlservr.exe 0 4 0 normal 0c94 WmiPrvSE.exe 0 0 0 0d9c msdtc.exe 0 0 0 0fdc fdlauncher.exe 0 4 0 normal 0ff4 fdhost.exe 0 4 0 normal C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn 0ffc conhost.exe 0 0 0 1560 svchost.exe 0 0 0 1470 ccSvcHst.exe 0 0 0 1900 WmiPrvSE.exe 0 0 0 20e8 WmiPrvSE.exe 0 0 0 26e0 csrss.exe 60 0 0 0940 winlogon.exe 60 0 0 1bcc dwm.exe 60 0 0 25b8 rdpclip.exe 60 0 0 1524 ccSvcHst.exe 60 0 0 2370 RuntimeBroker.exe 60 0 0 1e40 svchost.exe 60 0 0 normal 1e34 sihost.exe 60 0 0 1b10 taskhostw.exe 60 0 0 1a40 explorer.exe 60 0 0 1644 ShellExperienceHost.exe 60 0 0 0804 SearchUI.exe 60 0 0 0d70 dllhost.exe 60 0 0 268c jusched.exe 60 0 0 1f0c jucheck.exe 60 0 0 1630 WmiPrvSE.exe 0 0 0 2b28 CcmExec.exe 0 0 0 1fd4 CmRcService.exe 0 0 0 121c WmiPrvSE.exe 0 0 0 1688 WmiPrvSE.exe 0 0 0 2dc0 WmiPrvSE.exe 0 0 0 0e20 SCNotification.exe 60 0 0 1adc csrss.exe 76 0 0 2838 winlogon.exe 76 0 0 2a10 dwm.exe 76 0 0 2bc8 rdpclip.exe 76 0 0 27dc ccSvcHst.exe 76 0 0 1ed4 svchost.exe 76 0 0 normal 0754 sihost.exe 76 0 0 25cc taskhostw.exe 76 0 0 29b8 RuntimeBroker.exe 76 0 0 2e90 notepad.exe 76 0 0 normal C:\Windows\System32 2dd4 notepad.exe 76 0 0 normal C:\Windows\System32 2cc8 explorer.exe 76 0 0 27c4 notepad.exe 76 0 0 normal C:\Windows\System32 185c ShellExperienceHost.exe 76 0 0 24e4 SearchUI.exe 76 0 0 0638 SCNotification.exe 76 0 0 2fa8 jusched.exe 76 0 0 2d4c jucheck.exe 76 0 0 11c0 csrss.exe 85 0 0 0aa0 winlogon.exe 85 0 0 1410 dwm.exe 85 0 0 1c2c ccSvcHst.exe 85 0 0 0b84 rdpclip.exe 85 0 0 2ebc svchost.exe 85 0 0 normal 0cf0 sihost.exe 85 0 0 2014 taskhostw.exe 85 0 0 2704 RuntimeBroker.exe 85 0 0 03f4 notepad.exe 85 0 0 normal C:\Windows\System32 1d84 explorer.exe 85 0 0 1b18 notepad.exe 85 0 0 normal C:\Windows\System32 1364 notepad.exe 85 0 0 normal C:\Windows\System32 201c ShellExperienceHost.exe 85 0 0 1414 SearchUI.exe 85 0 0 047c mmc.exe 85 0 0 normal C:\Windows\System32 0a84 SCNotification.exe 85 0 0 2a40 jusched.exe 85 0 0 2a94 jucheck.exe 85 0 0 1254 dllhost.exe 85 0 0 2e78 cmd.exe 85 0 0 0f3c conhost.exe 85 0 0 1974 Taskmgr.exe 85 0 0 normal C:\Windows\System32 1724 ATCMD.exe 0 88 19 below normal C:\Program Files (x86)\Automise 5 2ddc conhost.exe 0 15 8 below normal C:\Windows\System32 0140 OpenAirManager.exe 0 18 43 normal C:\im_shortcuts\User_Download_US_oabundle 0150 TaniumClient.exe 0 0 0 0d1c conhost.exe 0 0 0 2c3c TaniumClient.exe 0 0 0 0184 conhost.exe 0 0 0 21bc TaniumCX.exe 0 0 0 2868 TaniumCX.exe 0 0 0 1b20 TaniumCX.exe 0 0 0 0dc0 TaniumCX.exe 0 0 0 1704 TaniumDetectEngine.exe 0 0 0 2d70 ATCMD.exe 0 88 19 below normal C:\Program Files (x86)\Automise 5 235c conhost.exe 0 15 8 below normal C:\Windows\System32 197c WmiApSrv.exe 0 0 0 2f0c WmiPrvSE.exe 0 0 0 2fa0 WmiPrvSE.exe 0 0 0 19e0 TaniumClient.exe 0 0 0 2368 madTraceProcess32.exe 85 0 0 normal C:\Users\JMeltzer\Downloads hardware: + {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc} - Microsoft Print to PDF - Microsoft XPS Document Writer - Root Print Queue + {36fc9e60-c465-11cf-8056-444553540000} - Standard USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) - USB Composite Device - USB Root Hub (xHCI) + {4d36e965-e325-11ce-bfc1-08002be10318} - NECVMWar VMware SATA CD00 + {4d36e966-e325-11ce-bfc1-08002be10318} - ACPI x64-based PC + {4d36e967-e325-11ce-bfc1-08002be10318} - VMware Virtual disk SCSI Disk Device + {4d36e968-e325-11ce-bfc1-08002be10318} - VMware SVGA 3D (driver 8.16.1.20) + {4d36e96a-e325-11ce-bfc1-08002be10318} - ATA Channel 0 - ATA Channel 1 - Intel(R) 82371AB/EB PCI Bus Master IDE Controller - Standard SATA AHCI Controller + {4d36e96b-e325-11ce-bfc1-08002be10318} - Remote Desktop Keyboard Device - Standard PS/2 Keyboard + {4d36e96e-e325-11ce-bfc1-08002be10318} - Generic Non-PnP Monitor + {4d36e96f-e325-11ce-bfc1-08002be10318} - HID-compliant mouse - Remote Desktop Mouse Device - VMware Pointing Device (driver 12.5.7.0) - VMware USB Pointing Device (driver 12.5.7.0) + {4d36e972-e325-11ce-bfc1-08002be10318} - Microsoft ISATAP Adapter - Microsoft Kernel Debug Network Adapter - vmxnet3 Ethernet Adapter (driver 1.8.16.0) + {4d36e97b-e325-11ce-bfc1-08002be10318} - LSI Adapter, SAS 3000 series, 8-port with 1068 (driver 1.34.3.83) - Microsoft Storage Spaces Controller + {4d36e97d-e325-11ce-bfc1-08002be10318} - ACPI Fixed Feature Button - Composite Bus Enumerator - CPU to PCI Bridge - Direct memory access controller - EISA programmable interrupt controller - Generic Bus - High precision event timer - Microsoft ACPI-Compliant System - Microsoft Basic Display Driver - Microsoft Basic Render Driver - Microsoft Hyper-V Generation Counter - Microsoft System Management BIOS Driver - Microsoft Virtual Drive Enumerator - Motherboard resources - Motherboard resources - NDIS Virtual Network Adapter Enumerator - PCI Bus - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI Express Root Port - PCI to ISA Bridge - PCI-to-PCI Bridge - PCI-to-PCI Bridge - Plug and Play Software Device Enumerator - Remote Desktop Device Redirector Bus - System CMOS/real time clock - System speaker - System timer - UMBus Enumerator - UMBus Root Bus Enumerator - VMware VMCI Bus Device (driver 9.8.16.0) - VMware VMCI Host Device (driver 9.8.6.0) - Volume Manager + {50127dc3-0f36-415e-a6cc-4cb3be910b65} - Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz - Intel(R) Xeon(R) Platinum 8168 CPU @ 2.70GHz + {62f9c741-b25a-46ce-b54c-9bccce08b6f2} - Microsoft IPv4 IPv6 Transition Adapter Bus - Microsoft Passport Container Enumeration Bus - Microsoft Radio Device Enumeration Bus - Smart Card Device Enumeration Bus + {72631e54-78a4-11d0-bcf7-00aa00b7b32a} - Microsoft AC Adapter + {745a17a0-74d3-11d0-b6fe-00a0c90f57da} - USB Input Device - USB Input Device disassembling: [...] 763a3870 push ecx 763a3871 push ebx 763a3872 push eax 763a3873 push dword ptr [ebp-$12c] 763a3879 push esi 763a387a > call dword ptr [$7644979c] ; NtWaitForMultipleObjects (ntdll.dll) 763a3880 mov edi, eax 763a3882 mov [ebp-$130], edi 763a3888 test edi, edi 763a388a js loc_763a3890 763a388c test ebx, ebx [...]