.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\lsass.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\lsm.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0xffffffff8918e890}
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0xffffffff8918e590}
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0xffffffff8918e090}
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\System32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\System32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\System32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\svchost.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\system32\svchost.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076ee16d0 5 bytes JMP 0000000077040390
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076ee1710 5 bytes JMP 00000000770402e0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ee1760 5 bytes JMP 0000000077040440
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076ee1790 5 bytes JMP 00000000770402d0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076ee17b0 5 bytes JMP 0000000077040310
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076ee17f0 5 bytes JMP 00000000770403c0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076ee1840 5 bytes JMP 00000000770403f0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076ee19a0 1 byte JMP 0000000077040230
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076ee19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ee1b60 5 bytes JMP 0000000077040490
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076ee1b90 5 bytes JMP 00000000770403a0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076ee1c70 5 bytes JMP 00000000770402f0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076ee1c80 5 bytes JMP 0000000077040350
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076ee1ce0 5 bytes JMP 0000000077040290
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076ee1d70 5 bytes JMP 00000000770402b0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ee1d90 5 bytes JMP 00000000770403d0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076ee1da0 1 byte JMP 0000000077040330
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076ee1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076ee1e10 5 bytes JMP 0000000077040410
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076ee1e40 5 bytes JMP 0000000077040240
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076ee2100 5 bytes JMP 00000000770401e0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076ee21c0 1 byte JMP 0000000077040250
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076ee21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076ee21f0 5 bytes JMP 00000000770404a0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076ee2200 5 bytes JMP 00000000770404b0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076ee2230 5 bytes JMP 0000000077040300
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076ee2240 5 bytes JMP 0000000077040360
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076ee22a0 5 bytes JMP 00000000770402a0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076ee22f0 5 bytes JMP 00000000770402c0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076ee2320 5 bytes JMP 0000000077040380
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076ee2330 5 bytes JMP 0000000077040340
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076ee2620 5 bytes JMP 0000000077040450
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076ee2820 5 bytes JMP 0000000077040260
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076ee2830 5 bytes JMP 0000000077040270
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ee2840 5 bytes JMP 0000000077040400
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076ee2a00 5 bytes JMP 00000000770401f0
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076ee2a10 5 bytes JMP 0000000077040210
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076ee2a80 5 bytes JMP 0000000077040200
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076ee2ae0 5 bytes JMP 0000000077040420
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076ee2af0 5 bytes JMP 0000000077040430
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076ee2b00 5 bytes JMP 0000000077040220
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076ee2be0 5 bytes JMP 0000000077040280
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076ee13c0 5 bytes JMP 0000000077040470
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076ee1410 5 bytes JMP 0000000077040460
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076ee1570 5 bytes JMP 0000000077040370
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076ee15c0 5 bytes JMP 0000000077040480
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ee15d0 5 bytes JMP 00000000770403e0
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076ee1680 5 bytes JMP 0000000077040320
.text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ee16b0 5 bytes JMP 00000000770403b0