Ok Kimberly... more info then you ever wanted!!!
*First off I nailed the problem... I have been infected by a variant on the Backdoor.Rustock.B or Spam-Mailbot.C So far I removed the hidden service that was C:\WINDOWS\SYSTEM32:LZX32.SYS
As of yet I need to research and find out how to effectivly clean it out. However I am not certain that I have isolated all the problems yet. I will do some testing to know for sure.
Here is a list of the known malware I was infected with from this event...
Proxy.Small.Bo
Proxy.Agent.lb
Proxy.HJR
Adware.Sahat
Adware.Winad
Adware.WebSearch
Adware.Sidestep
Adware.ISTBAR
Adware.PSGUARD
Backdoor.SDBOT
Downloader.Agent.BC
Downloader.Harnig.AN
Downloader.Delf.lh
Downloader.Delf.wp
Downloader.Small.ctd
Downloader.Small.ctf
Downloader.Tibs
Downloader.wintool.f
Downloader.Zlob.af
Hijacker.Agent.cr
Hijacker.Agent.dj
Logger.Goldun.lv
Logger.Goldun.lk
Logger.Goldun.mc
Trojan.Agent.eq
Trojan.Agent.ff
Trojan.Dialer.lw
Trojan.Favadd.aj
**pant pant pant**
Trojan.ProcKill.DJ
Trojan.Puper.be
Trojan.Puper.bf
Trojan.Sinowal.az
Trojan.Small.ev
Trojan.Zapchast
Worm.Kelvir.al
Worm.VB.CC
Worm.AlcanA
Win32/Nsag
All of these were dumped into my machine on that attack and took A LONG TIME TO TYPE! It's a good thing you have a sexy looking AVATAR :-)
GMER Report...
GMER 1.0.12.11879 -
http://www.gmer.net
Rootkit scan 2006-11-06 20:43:46
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT d346bus.sys ZwClose
SSDT d346bus.sys ZwCreateKey
SSDT d346bus.sys ZwCreatePagingFile
SSDT d346bus.sys ZwEnumerateKey
SSDT d346bus.sys ZwEnumerateValueKey
SSDT d346bus.sys ZwOpenFile
SSDT d346bus.sys ZwOpenKey
SSDT d346bus.sys ZwQueryKey
SSDT d346bus.sys ZwQueryValueKey
SSDT d346bus.sys ZwSetSystemPowerState
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!ZwYieldExecution + 218 804E4914 2 Bytes
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NlsMbOemCodePageTag + -503832 7C901000 49 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnterCriticalSection + 45 7C901032 41 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnterCriticalSection + 88 7C90105D 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnterCriticalSection + 109 7C901072 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnterCriticalSection + 126 7C901083 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnterCriticalSection + 132 7C901089 20 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLeaveCriticalSection + 29 7C90110A 21 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLeaveCriticalSection + 51 7C901120 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTryEnterCriticalSection + 8 7C901133 26 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTryEnterCriticalSection + 35 7C90114E 115 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlActivateActivationContextUnsafeFast + 13 7C9011C2 79 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 24 7C901212 67 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCurrentTeb + 6 7C901256 51 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitString + 46 7C90128A 39 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitAnsiString + 25 7C9012B2 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitAnsiString + 51 7C9012CC 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitUnicodeString + 13 7C9012E3 76 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!cos + 5 7C901330 145 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!cos + 151 7C9013C2 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIlog + 16 7C9013E3 86 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIlog + 103 7C90143A 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIlog + 105 7C90143C 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIlog + 129 7C901454 142 Bytes JMP 7C870476 C:\WINDOWS\system32\kernel32.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIpow + 44 7C9014E3 11 Bytes JMP 083607EA
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIpow + 56 7C9014EF 126 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIpow + 183 7C90156E 227 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIpow + 411 7C901652 68 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIpow + 481 7C901698 61 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIsin + 11 7C9016D6 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_CIsin + 16 7C9016DB 231 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!sqrt + 49 7C9017C3 54 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!sqrt + 104 7C9017FA 48 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!sqrt + 153 7C90182B 42 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldiv + 25 7C901856 185 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldvrm + 37 7C901911 35 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldvrm + 73 7C901935 63 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldvrm + 137 7C901975 13 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldvrm + 151 7C901983 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alldvrm + 202 7C9019B6 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_allmul + 25 7C9019E9 62 Bytes JMP 7C901CC5 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alloca_probe + 31 7C901A28 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alloca_probe + 44 7C901A35 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alloca_probe + 53 7C901A3E 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_alloca_probe + 64 7C901A49 223 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_allshr + 3 7C901B29 79 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_aulldiv + 45 7C901B79 90 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_aulldvrm + 27 7C901BD4 81 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_aulldvrm + 109 7C901C26 234 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_ftol + 32 7C901D11 72 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_memccpy + 61 7C901D5A 85 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!atan + 59 7C901DB0 91 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!atan + 151 7C901E0C 126 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!ceil + 109 7C901E8B 239 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!floor + 30 7C901F7B 20 Bytes JMP 7C901EB9 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!floor + 51 7C901F90 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!floor + 67 7C901FA0 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!floor + 72 7C901FA5 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!floor + 85 7C901FB2 190 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcmp + 92 7C9021AB 35 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcmp + 128 7C9021CF 72 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcpy + 24 7C902218 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcpy + 37 7C902225 147 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcpy + 185 7C9022B9 63 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcpy + 249 7C9022F9 78 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memcpy + 328 7C902348 80 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memmove + 80 7C90258A 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memmove + 85 7C90258F 63 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memmove + 149 7C9025CF 109 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memmove + 259 7C90263D 9 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memmove + 269 7C902647 37 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!memset + 78 7C9028C8 36 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcat + 1 7C9028ED 10 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcat + 12 7C9028F8 110 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcat + 124 7C902968 19 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcat + 144 7C90297C 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcat + 161 7C90298D 9 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcspn + 33 7C902A7C 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcspn + 35 7C902A7E 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strcspn + 37 7C902A80 120 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strlen + 92 7C902AF9 51 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncat + 18 7C902B2D 27 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncat + 46 7C902B49 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncat + 61 7C902B58 17 Bytes JMP 7C902E52 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncat + 79 7C902B6A 37 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncat + 117 7C902B90 133 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strncpy + 174 7C902D2E 376 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!tan + 105 7C902EA7 67 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!tan + 173 7C902EEB 148 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFirstEntrySList 7C902F82 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFirstEntrySList + 31 7C902FA1 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFirstEntrySList + 39 7C902FA9 32 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUlongByteSwap + 1 7C902FCA 32 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUlonglongByteSwap + 13 7C902FEB 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCompareMemory + 5 7C902FFB 85 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCompareMemoryUlong + 6 7C903051 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCompareMemoryUlong + 39 7C903072 29 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFillMemory + 16 7C903090 38 Bytes JMP 08362397
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFillMemory + 56 7C9030B8 251 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMoveMemory + 100 7C9031B5 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMoveMemory + 116 7C9031C5 28 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMoveMemory + 145 7C9031E2 86 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMoveMemory + 232 7C903239 37 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMoveMemory + 270 7C90325F 115 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnlargedUnsignedMultiply + 11 7C9034FA 14 Bytes JMP 7C903634 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnlargedUnsignedDivide + 9 7C903509 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEnlargedUnsignedDivide + 35 7C903523 94 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlExtendedLargeIntegerDivide + 93 7C903582 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlExtendedMagicDivide + 21 7C90359C 45 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlExtendedMagicDivide + 67 7C9035CA 144 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlExtendedIntegerMultiply + 62 7C90365B 18 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlExtendedIntegerMultiply + 81 7C90366E 51 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLargeIntegerShiftLeft + 39 7C9036A2 60 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLargeIntegerArithmeticShift + 10 7C9036DF 33 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLargeIntegerArithmeticShift + 44 7C903701 5 Bytes JMP 7C903A05 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLargeIntegerNegate + 1 7C903707 24 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLargeIntegerSubtract + 1 7C903720 82 Bytes JMP 7C903AE7 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlConvertUlongToLargeInteger + 46 7C903773 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlConvertUlongToLargeInteger + 54 7C90377B 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlConvertUlongToLargeInteger + 62 7C903783 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlConvertUlongToLargeInteger + 79 7C903794 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlConvertUlongToLargeInteger + 89 7C90379E 38 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCaptureContext + 24 7C90385D 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCaptureContext + 37 7C90386A 18 Bytes JMP 7C903DE2 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCaptureContext + 56 7C90387D 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCaptureContext + 69 7C90388A 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCaptureContext + 74 7C90388F 8 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAcceptConnectPort + 3 7C90D37C 17 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheck 7C90D38E 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheck + 15 7C90D39D 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheckByType + 5 7C90D3BD 18 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 3 7C90D3D0 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheckByTypeResultList + 3 7C90D3E5 17 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm 7C90D3F7 27 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 7 7C90D413 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAddAtom + 7 7C90D428 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAddBootEntry + 7 7C90D43D 62 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAlertResumeThread + 7 7C90D47C 60 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAllocateUserPhysicalPages + 5 7C90D4B9 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAllocateUserPhysicalPages + 7 7C90D4BB 28 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAllocateUuids + 15 7C90D4D8 20 Bytes JMP 7C90D67D C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAllocateVirtualMemory + 15 7C90D4ED 10 Bytes JMP 7C90D680 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAreMappedFilesTheSame + 5 7C90D4F8 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtAssignProcessToJobObject + 15 7C90D517 96 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtClearEvent + 7 7C90D578 60 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCompactKeys + 5 7C90D5B5 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCompactKeys + 11 7C90D5BB 87 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtConnectPort + 15 7C90D613 62 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateDirectoryObject + 15 7C90D652 52 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateFile + 5 7C90D687 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateIoCompletion + 7 7C90D69E 24 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateJobObject + 11 7C90D6B7 24 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateJobSet + 15 7C90D6D0 18 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateKey + 13 7C90D6E3 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateKey + 20 7C90D6EA 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateMailslotFile + 8 7C90D6F3 10 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateMutant 7C90D700 69 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreatePort + 7 7C90D746 21 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateProcess + 8 7C90D75C 49 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateProfile + 19 7C90D791 58 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateSymbolicLinkObject + 15 7C90D7CC 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateThread 7C90D7D2 35 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateTimer + 15 7C90D7F6 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateWaitablePort 7C90D811 59 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtDelayExecution 7C90D850 32 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtDeleteAtom + 12 7C90D871 103 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtDeleteValueKey + 11 7C90D8D9 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtDeviceIoControlFile + 7 7C90D8EA 29 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtDisplayString + 19 7C90D90B 77 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtEnumerateKey + 13 7C90D959 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtEnumerateKey + 15 7C90D95B 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtEnumerateValueKey 7C90D976 52 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFilterToken + 11 7C90D9AB 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFindAtom + 11 7C90D9C0 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFlushBuffersFile + 3 7C90D9CD 49 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFlushKey + 11 7C90D9FF 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFlushVirtualMemory 7C90DA09 86 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFsControlFile + 3 7C90DA60 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtFsControlFile + 15 7C90DA6C 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtGetDevicePowerState + 5 7C90DA8C 47 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtGetWriteWatch + 11 7C90DABC 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateAnonymousToken 7C90DAC6 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateAnonymousToken + 13 7C90DAD3 33 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateThread + 5 7C90DAF5 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateThread + 7 7C90DAF7 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateThread + 13 7C90DAFD 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtImpersonateThread + 20 7C90DB04 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtInitiatePowerAction 7C90DB1A 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtIsProcessInJob + 3 7C90DB32 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtIsProcessInJob + 11 7C90DB3A 28 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtListenPort 7C90DB59 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtListenPort + 15 7C90DB68 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLoadKey 7C90DB83 46 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockFile + 5 7C90DBB2 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockFile + 8 7C90DBB5 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockFile + 17 7C90DBBE 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockProductActivationKeys + 13 7C90DBCF 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockProductActivationKeys + 20 7C90DBD6 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockRegistryKey + 18 7C90DBE9 13 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtLockVirtualMemory + 11 7C90DBF7 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtMakePermanentObject + 4 7C90DC05 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtMapUserPhysicalPages + 13 7C90DC38 109 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtNotifyChangeMultipleKeys 7C90DCA9 32 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenDirectoryObject + 12 7C90DCCA 40 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenEventPair + 11 7C90DCF3 49 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenIoCompletion + 19 7C90DD25 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenJobObject + 7 7C90DD2E 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenJobObject + 19 7C90DD3A 152 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenSemaphore + 4 7C90DDD3 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenSymbolicLinkObject + 9 7C90DDED 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenThread + 4 7C90DDFD 58 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenTimer 7C90DE38 79 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtPrivilegeCheck + 17 7C90DE88 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtPrivilegeObjectAuditAlarm + 5 7C90DE91 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtPrivilegeObjectAuditAlarm + 7 7C90DE93 91 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryAttributesFile + 15 7C90DEEF 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryDebugFilterState + 3 7C90DF22 64 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryDirectoryFile + 5 7C90DF63 39 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryEaFile + 4 7C90DF8C 86 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryInformationFile + 7 7C90DFE3 66 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryInformationProcess + 11 7C90E026 110 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryKey 7C90E099 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryKey + 15 7C90E0A8 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryMutant 7C90E0C3 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryObject + 4 7C90E0DC 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryOpenSubKeys + 7 7C90E0F4 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryOpenSubKeys + 15 7C90E0FC 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryPerformanceCounter + 7 7C90E109 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryPerformanceCounter + 13 7C90E10F 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryPerformanceCounter + 15 7C90E111 21 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQueryQuotaInformationFile + 20 7C90E12B 87 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQuerySystemEnvironmentValue + 4 7C90E184 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQuerySystemEnvironmentValueEx + 15 7C90E1A4 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQuerySystemInformation + 15 7C90E1B9 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtQuerySystemTime + 7 7C90E1C6 180 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtReadFile 7C90E27C 77 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtReadVirtualMemory + 15 7C90E2CA 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtReleaseMutant + 5 7C90E2EA 40 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtRemoveIoCompletion + 4 7C90E313 10 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtRemoveIoCompletion + 15 7C90E31E 60 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtReplaceKey + 13 7C90E35B 126 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtRequestPort + 14 7C90E3DA 76 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtResetWriteWatch + 7 7C90E427 6 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtResetWriteWatch + 14 7C90E42E 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtRestoreKey + 5 7C90E43A 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtRestoreKey + 7 7C90E43C 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtResumeProcess + 3 7C90E44D 21 Bytes JMP 7C90E552 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtResumeThread + 7 7C90E466 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSaveKey + 3 7C90E477 21 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSaveKeyEx + 4 7C90E48D 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSaveMergedKeys + 5 7C90E4A3 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSecureConnectPort + 7 7C90E4BA 62 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetContextThread + 7 7C90E4F9 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetDebugFilterState + 4 7C90E50B 62 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetDefaultUILanguage + 5 7C90E54B 29 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetEaFile + 14 7C90E569 13 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetEvent + 7 7C90E577 18 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetEventBoostPriority + 5 7C90E58A 127 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetInformationKey + 7 7C90E60A 24 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetInformationObject + 11 7C90E623 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetInformationObject + 17 7C90E629 346 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetTimer + 7 7C90E784 79 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtSetVolumeInformationFile + 3 7C90E7D4 33 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtShutdownSystem + 18 7C90E7F8 26 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtStartProfile + 4 7C90E814 2 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtStartProfile + 7 7C90E817 201 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtTranslateFilePath 7C90E8E2 154 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtVdmControl + 8 7C90E97D 29 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtWaitForMultipleObjects 7C90E99F 87 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtWriteFile + 5 7C90E9F8 9 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtWriteFile + 15 7C90EA02 104 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtCreateKeyedEvent + 15 7C90EA6B 2 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtOpenKeyedEvent 7C90EA71 45 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!NtWaitForKeyedEvent + 4 7C90EA9F 230 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!KiRaiseUserExceptionDispatcher + 73 7C90EB86 34 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!KiIntSystemCall + 4 7C90EBA9 121 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlRaiseException + 119 7C90EC23 63 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlRaiseException + 184 7C90EC64 132 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strstr + 122 7C90ECE9 205 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strchr + 182 7C90EDB7 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strchr + 197 7C90EDC6 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strchr + 206 7C90EDCF 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strchr + 230 7C90EDE7 18 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!strchr + 251 7C90EDFC 80 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAnsiStringToUnicodeString + 95 7C90F0AB 91 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAnsiStringToUnicodeString + 188 7C90F108 56 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAnsiStringToUnicodeString + 245 7C90F141 55 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAnsiStringToUnicodeString + 301 7C90F179 34 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAnsiStringToUnicodeString + 336 7C90F19C 83 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMultiByteToUnicodeN + 37 7C90F1F0 13 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMultiByteToUnicodeN + 51 7C90F1FE 27 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMultiByteToUnicodeN + 79 7C90F21A 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMultiByteToUnicodeN + 88 7C90F223 17 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlMultiByteToUnicodeN + 106 7C90F235 105 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosError + 29 7C90FB5A 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosError + 42 7C90FB67 39 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 6 7C90FB8F 39 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 47 7C90FBB8 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 52 7C90FBBD 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 73 7C90FBD2 181 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 255 7C90FC88 61 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddRefActivationContext + 4 7C9100E6 10 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddRefActivationContext + 16 7C9100F2 37 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddRefActivationContext + 54 7C910118 61 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddRefActivationContext + 117 7C910157 77 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddRefActivationContext + 195 7C9101A5 31 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlQueryInformationActivationContext + 44 7C91020E 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlQueryInformationActivationContext + 59 7C91021D 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlQueryInformationActivationContext + 71 7C910229 43 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlQueryInformationActivationContext + 115 7C910255 28 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlQueryInformationActivationContext + 145 7C910273 4 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlRestoreLastWin32Error + 2 7C910342 57 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcslen + 34 7C91037C 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcslen + 57 7C910393 271 Bytes JMP 7C91052E C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFreeHeap + 102 7C9104A3 89 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFreeHeap + 193 7C9104FE 229 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAllocateHeap + 18 7C9105E6 33 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAllocateHeap + 54 7C91060A 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAllocateHeap + 85 7C910629 67 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAllocateHeap + 154 7C91066E 68 Bytes JMP 7C9107A2 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAllocateHeap + 223 7C9106B3 85 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageDirectoryEntryToData + 68 7C91089A 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageDirectoryEntryToData + 94 7C9108B4 33 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageDirectoryEntryToData + 128 7C9108D6 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUpcaseUnicodeChar + 25 7C910909 91 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlReleasePebLock + 5 7C910966 16 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlFreeAnsiString + 1 7C910977 134 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlSizeHeap + 18 7C9109FF 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlSizeHeap + 27 7C910A08 42 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlSizeHeap + 70 7C910A33 23 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlSizeHeap + 94 7C910A4B 56 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlReleaseActivationContext + 45 7C910A84 57 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcsncpy + 48 7C910ABF 48 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcsncpy + 98 7C910AF1 42 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcsncpy + 141 7C910B1C 73 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcsncpy + 215 7C910B66 72 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcsncpy + 288 7C910BAF 11 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeleteCriticalSection + 50 7C9118BC 58 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeleteCriticalSection + 109 7C9118F7 80 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeleteCriticalSection + 190 7C911948 7 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeleteCriticalSection + 199 7C911951 198 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDeleteCriticalSection + 398 7C911A18 46 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 29 7C911A47 44 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 74 7C911A74 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 79 7C911A79 61 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 141 7C911AB7 47 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlLogStackBackTrace + 5 7C911AE9 116 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSection + 49 7C911B5E 55 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSection + 105 7C911B96 59 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSection + 165 7C911BD2 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSection + 196 7C911BF1 184 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlInitializeCriticalSection + 381 7C911CAA 182 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTimeToTimeFields + 39 7C912434 19 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTimeToTimeFields + 59 7C912448 25 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTimeToTimeFields + 85 7C912462 298 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTimeToTimeFields + 384 7C91258D 2 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlTimeToTimeFields + 387 7C912590 32 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrAccessResource + 34 7C912CC4 21 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLoadAlternateResourceModule + 5 7C912CDA 77 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLoadAlternateResourceModule + 83 7C912D28 52 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrAlternateResourcesEnabled + 8 7C912D5D 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrAlternateResourcesEnabled + 14 7C912D63 4 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrAlternateResourcesEnabled + 19 7C912D68 61 Bytes JMP 7C912E75 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrAlternateResourcesEnabled + 82 7C912DA7 27 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddressInSectionTable + 18 7C912DC4 22 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlAddressInSectionTable + 41 7C912DDB 45 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageRvaToSection + 37 7C912E09 78 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageRvaToSection + 116 7C912E58 84 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageRvaToSection + 201 7C912EAD 38 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageRvaToSection + 240 7C912ED4 34 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlImageRvaToSection + 276 7C912EF8 29 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeToMultiByteN + 4 7C912F9F 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeToMultiByteN + 36 7C912FBF 164 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeToMultiByteN + 201 7C913064 116 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeStringToAnsiString + 19 7C9130D9 19 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeStringToAnsiString + 40 7C9130EE 89 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeStringToAnsiString + 130 7C913148 12 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeStringToAnsiString + 143 7C913155 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeStringToAnsiString + 159 7C913165 50 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLockLoaderLock + 39 7C913198 15 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLockLoaderLock + 55 7C9131A8 79 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLockLoaderLock + 135 7C9131F8 2 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrLockLoaderLock + 138 7C9131FB 99 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!LdrUnlockLoaderLock + 54 7C91325F 69 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!CsrClientCallServer + 4 7C9132A5 99 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!CsrClientCallServer + 105 7C91330A 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!CsrClientCallServer + 111 7C913310 30 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!CsrClientCallServer + 142 7C91332F 20 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!CsrClientCallServer + 163 7C913344 29 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_strcmpi + 12 7C913380 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_strcmpi + 18 7C913386 33 Bytes JMP 065B36AA
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!_strcmpi + 52 7C9133A8 38 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEqualUnicodeString + 1 7C9133CF 31 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEqualUnicodeString + 33 7C9133EF 14 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlEqualUnicodeString + 48 7C9133FE 117 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!wcscpy + 1 7C913474 100 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlValidSid + 67 7C9134DA 34 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlValidSid + 102 7C9134FD 42 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlValidSid + 146 7C913529 107 Bytes JMP 7C9136D7 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCreateUnicodeStringFromAsciiz + 4 7C913595 89 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsDosDeviceName_U + 47 7C9135EF 32 Bytes JMP 7C9139CC C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsDosDeviceName_U + 81 7C913611 6 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsDosDeviceName_U + 88 7C913618 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsDosDeviceName_U + 90 7C91361A 26 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsDosDeviceName_U + 117 7C913635 7 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCopyLuid + 16 7C913674 59 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCopySid + 46 7C9136B0 64 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeToMultiByteSize + 32 7C9136F2 3 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnicodeToMultiByteSize + 36 7C9136F6 151 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnlockHeap + 3 7C91378E 17 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnlockHeap + 21 7C9137A0 57 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnlockHeap + 79 7C9137DA 5 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlUnlockHeap + 85 7C9137E0 46 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsValidHandle + 26 7C91380F 10 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsValidHandle + 37 7C91381A 54 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlIsValidHandle + 93 7C913852 280 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlCreateUnicodeString + 33 7C91396B 52 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDetermineDosPathNameType_U + 1 7C9139A0 196 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDetermineDosPathNameType_U + 199 7C913A66 67 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDetermineDosPathNameType_U + 267 7C913AAA 39 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDetermineDosPathNameType_U + 307 7C913AD2 292 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDetermineDosPathNameType_U + 600 7C913BF7 28 Bytes
.text ...
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDosPathNameToNtPathName_U + 23 7C914114 109 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlDosPathNameToNtPathName_U + 133 7C914182 64 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlGetFullPathName_U + 18 7C9141C3 57 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlGetFullPathName_U + 76 7C9141FD 8 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlGetFullPathName_U + 85 7C914206 11 Bytes
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdll.dll!RtlPrefixUnicodeString + 2 7C914212 1 Byte
.text C:\WINDOWS\system32\taskmgr.exe[848] ntdl