GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-28 20:43:37 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502IJ rev.1AA01113 465,76GB Running: cp46i2ys.exe; Driver: C:\Users\Kacprut\AppData\Local\Temp\kfrirpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8E0E5F80] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8E0E6040] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8E0E6000] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8E0E5FC0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83677A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836B1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 836B8598 4 Bytes [80, 5F, 0E, 8E] {SBB BYTE [EDI+0xe], 0x8e} .text ntkrnlpa.exe!KeRemoveQueueEx + 1314 836B86A9 3 Bytes [60, 0E, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 836B89B4 4 Bytes [00, 60, 0E, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 836B89FC 4 Bytes [C0, 5F, 0E, 8E] {RCR BYTE [EDI+0xe], 0x8e} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 54, A0, 00] {SUB [EAX+0x0], DL} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 57, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 54, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 55, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 56, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 55, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 56, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 54, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtQueryFullAttributesFile + 6 77D7602E 4 Bytes CALL 76D80087 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 55, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 56, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 57, A0, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1008] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 7793F4EB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 38, E5, 00] {SUB [EAX], BH; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 3B, E5, 00] {SUB [EBX], BH; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 38, E5, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 39, E5, 00] {TEST AL, 0x39; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcessToken + 6 77D75DDE 4 Bytes CALL 76D8431C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 3A, E5, 00] {TEST AL, 0x3a; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 39, E5, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 3A, E5, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThreadTokenEx + 6 77D75E6E 4 Bytes CALL 76D843AD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 38, E5, 00] {TEST AL, 0x38; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtQueryFullAttributesFile + 6 77D7602E 4 Bytes CALL 76D8456B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 39, E5, 00] {SUB [ECX], BH; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 3A, E5, 00] {SUB [EDX], BH; IN EAX, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 3B, E5, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1624] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 2C, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 2F, 75, 03] {SUB [EDI], CH; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 2C, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 2D, 75, 03] {TEST AL, 0x2d; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcessToken + 6 77D75DDE 4 Bytes CALL 76DAD310 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 2E, 75, 03] {TEST AL, 0x2e; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 2D, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 2E, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThreadTokenEx + 6 77D75E6E 4 Bytes CALL 76DAD3A1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 2C, 75, 03] {TEST AL, 0x2c; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtQueryFullAttributesFile + 6 77D7602E 4 Bytes CALL 76DAD55F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 2D, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 2E, 75, 03] {SUB [ESI], CH; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 2F, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1756] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 70, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 73, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 70, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 71, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 72, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 71, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 72, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 70, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 71, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 72, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 73, 2E, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1764] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, F4, 6A, 00] {SUB AH, DH; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, F7, 6A, 00] {SUB BH, DH; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, F4, 6A, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, F5, 6A, 00] {TEST AL, 0xf5; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, F6, 6A, 00] {TEST AL, 0xf6; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, F5, 6A, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, F6, 6A, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, F4, 6A, 00] {TEST AL, 0xf4; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, F5, 6A, 00] {SUB CH, DH; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, F6, 6A, 00] {SUB DH, DH; PUSH 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, F7, 6A, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[1880] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 60, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 63, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 60, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 61, 2C, 00] {TEST AL, 0x61; SUB AL, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 62, 2C, 00] {TEST AL, 0x62; SUB AL, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 61, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 62, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 60, 2C, 00] {TEST AL, 0x60; SUB AL, 0x0} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 61, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 62, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 63, 2C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 08, 8F, 00] {SUB [EAX], CL; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 0B, 8F, 00] {SUB [EBX], CL; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 08, 8F, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 09, 8F, 00] {TEST AL, 0x9; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 0A, 8F, 00] {TEST AL, 0xa; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 09, 8F, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 0A, 8F, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 08, 8F, 00] {TEST AL, 0x8; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 09, 8F, 00] {SUB [ECX], CL; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 0A, 8F, 00] {SUB [EDX], CL; POP DWORD [EAX]} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 0B, 8F, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[2836] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 74, 15, 00] {SUB [EBP+EDX+0x0], DH} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 77, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 74, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 75, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 76, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 75, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 76, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 74, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 75, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 76, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 77, 15, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, BC, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, BF, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, BC, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, BD, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, BE, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, BD, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, BE, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, BC, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, BD, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, BE, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, BF, 9C, 00] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3588] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtCreateFile + 6 77D7560E 4 Bytes [28, 4C, 75, 03] {SUB [EBP+ESI*2+0x3], CL} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtCreateFile + B 77D75613 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtMapViewOfSection + 6 77D75C6E 4 Bytes [28, 4F, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtMapViewOfSection + B 77D75C73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenFile + 6 77D75D1E 4 Bytes [68, 4C, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenFile + B 77D75D23 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcess + 6 77D75DCE 4 Bytes [A8, 4D, 75, 03] {TEST AL, 0x4d; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcess + B 77D75DD3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcessToken + 6 77D75DDE 4 Bytes CALL 76DAD330 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcessToken + B 77D75DE3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcessTokenEx + 6 77D75DEE 4 Bytes [A8, 4E, 75, 03] {TEST AL, 0x4e; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenProcessTokenEx + B 77D75DF3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThread + 6 77D75E4E 4 Bytes [68, 4D, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThread + B 77D75E53 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThreadToken + 6 77D75E5E 4 Bytes [68, 4E, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThreadToken + B 77D75E63 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThreadTokenEx + 6 77D75E6E 4 Bytes CALL 76DAD3C1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtOpenThreadTokenEx + B 77D75E73 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtQueryAttributesFile + 6 77D75F7E 4 Bytes [A8, 4C, 75, 03] {TEST AL, 0x4c; JNZ 0x7} .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtQueryAttributesFile + B 77D75F83 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtQueryFullAttributesFile + 6 77D7602E 4 Bytes CALL 76DAD57F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtQueryFullAttributesFile + B 77D76033 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtSetInformationFile + 6 77D7667E 4 Bytes [28, 4D, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtSetInformationFile + B 77D76683 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtSetInformationThread + 6 77D766DE 4 Bytes [28, 4E, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtSetInformationThread + B 77D766E3 1 Byte [E2] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtUnmapViewOfSection + 6 77D769FE 4 Bytes [68, 4F, 75, 03] .text C:\Program Files\Opera\17.0.1241.45\opera.exe[3688] ntdll.dll!NtUnmapViewOfSection + B 77D76A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----