GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-13 22:43:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000006c rev. 0,00MB Running: bjq7fg6f.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!EngCreateDeviceSurface + 76 fffff960000d7750 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!EngCreateDeviceSurface + 508 fffff960000d7900 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 784 fffff960000dff70 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000194500 7 bytes [C0, 90, F3, FF, 01, A5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000194508 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000774bfaa8 5 bytes JMP 0000000172a22e10 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774c0038 5 bytes JMP 0000000172a22dd0 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[4776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1924] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[2020] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[1908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes {JMP QWORD [RIP-0x4ca6f]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes {JMP QWORD [RIP-0x4ca99]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes {JMP QWORD [RIP-0x4cf51]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes {JMP QWORD [RIP-0x4cd47]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes {JMP QWORD [RIP-0x4cf83]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes {JMP QWORD [RIP-0x4d1a6]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes {JMP QWORD [RIP-0x4d455]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes {JMP QWORD [RIP-0x4dd71]} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076c91465 2 bytes [C9, 76] .text C:\Users\User\Downloads\OTL.exe[2944] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076c914bb 2 bytes [C9, 76] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[584] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes JMP b03f3f3f .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe[5664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000772c10c5 8 bytes {JMP 0xd} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 380 00000000772c123c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000772c12ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000772c143c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000772c17ce 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000772c19cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000772c1aa0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000772c1c25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000772c1d63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000772c1d8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000772c1e14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000772c1e6d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000772c1e87 8 bytes {JMP 0xb} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 672 00000000772c2130 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 523 00000000772c254b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000772c2570 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000772c2592 8 bytes {JMP 0x10} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000772c25ef 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000772c2650 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000772c2a7b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000772c2abf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000772c2d83 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000772c2f9b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000772c3120 16 bytes {JMP 0x4e} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000772c37be 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000772c3813 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000772c38e5 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000772c3a83 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000772c3e90 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077310680 8 bytes {JMP QWORD [RIP-0x4ca6f]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077310800 8 bytes {JMP QWORD [RIP-0x4ca99]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077310830 8 bytes {JMP QWORD [RIP-0x4cf51]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077310950 8 bytes {JMP QWORD [RIP-0x4cd47]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077310a00 8 bytes {JMP QWORD [RIP-0x4cf83]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077311030 8 bytes {JMP QWORD [RIP-0x4d1a6]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077311280 8 bytes {JMP QWORD [RIP-0x4d455]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077311ae0 8 bytes {JMP QWORD [RIP-0x4dd71]} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074dc13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074dc146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074dc16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074dc16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074dc19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074dc19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074dc1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074dc1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074dc1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\User\Downloads\bjq7fg6f.exe[2300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074dc1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004bb8ec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread [560:596] 000007fefd051f00 Thread [560:600] 000007fefd051c90 Thread [560:604] 000007fefd0b4be4 Thread [560:608] 000007fefd0b3ff0 Thread [560:636] 000007fefd0b4be4 Thread [560:660] 000007fefd053710 Thread [560:664] 000007fefd053710 Thread [560:688] 000007fefd0b4be4 Thread [560:720] 000007fefd053710 Thread C:\Windows\System32\svchost.exe [1008:1308] 000007fefae9f2f4 Thread C:\Windows\System32\svchost.exe [1008:1356] 000007fefb546204 Thread C:\Windows\System32\svchost.exe [1008:1520] 000007fefaa85430 Thread C:\Windows\System32\svchost.exe [1008:4904] 000007fefda5c608 Thread C:\Windows\System32\svchost.exe [1008:2816] 000007fef7dd6b8c Thread C:\Windows\System32\svchost.exe [1008:5560] 000007fef7dd1d88 Thread C:\Windows\System32\svchost.exe [1008:3764] 000007fefabd2070 Thread C:\Windows\System32\svchost.exe [1008:6884] 000007fef8ca5fd0 Thread C:\Windows\System32\svchost.exe [1080:3728] 000007fefb3620c0 Thread C:\Windows\System32\svchost.exe [1080:3744] 000007fefb3626a8 Thread C:\Windows\System32\svchost.exe [1080:3760] 000007fefb3629dc Thread C:\Windows\System32\svchost.exe [1080:4724] 000007fef1a83efc Thread C:\Windows\System32\svchost.exe [1080:3844] 000007fef1ac8a4c Thread C:\Windows\System32\svchost.exe [1080:5156] 000007fef95044e0 Thread C:\Windows\system32\svchost.exe [1108:2436] 000007fef77884d8 Thread C:\Windows\system32\svchost.exe [1108:2540] 000007fef63423a8 Thread C:\Windows\system32\svchost.exe [1108:2568] 000007fef77c0d00 Thread C:\Windows\system32\svchost.exe [1108:2572] 000007fef5ee9498 Thread C:\Windows\system32\svchost.exe [1108:5536] 000007fef198506c Thread C:\Windows\system32\svchost.exe [1108:5524] 000007fef5411c20 Thread C:\Windows\system32\svchost.exe [1108:4264] 000007fef5411c20 Thread C:\Windows\system32\svchost.exe [1108:4220] 000007fef9ea26e0 Thread C:\Windows\system32\svchost.exe [1108:5976] 000007fefae31ab0 Thread C:\Windows\system32\svchost.exe [1108:6816] 000007fefb1a4164 Thread C:\Windows\system32\svchost.exe [1108:5456] 000007feee63e1c4 Thread C:\Windows\system32\svchost.exe [1512:1556] 000007fefaae341c Thread C:\Windows\system32\svchost.exe [1512:1564] 000007fefaae3a2c Thread C:\Windows\system32\svchost.exe [1512:1568] 000007fefaae3768 Thread C:\Windows\system32\svchost.exe [1512:1572] 000007fefaae5c20 Thread C:\Windows\system32\svchost.exe [1512:2012] 000007fef9b0bd88 Thread C:\Windows\system32\svchost.exe [1512:1268] 000007fef94883d8 Thread C:\Windows\system32\svchost.exe [1512:1272] 000007fef94883d8 Thread C:\Windows\system32\svchost.exe [1512:1276] 000007fef94883d8 Thread C:\Windows\system32\svchost.exe [1512:1252] 000007fef94883d8 Thread C:\Windows\system32\svchost.exe [1512:2468] 000007fef62c3f84 Thread C:\Windows\system32\svchost.exe [1512:2488] 000007fef6291a38 Thread C:\Windows\system32\svchost.exe [1512:2500] 000007fef61b5388 Thread C:\Windows\system32\svchost.exe [1512:2524] 000007fef6127738 Thread C:\Windows\system32\svchost.exe [1512:2532] 000007fef6101f90 Thread C:\Windows\system32\svchost.exe [1512:3616] 000007fef9945124 Thread C:\Windows\system32\svchost.exe [1512:5036] 000007fef8f05170 Thread C:\Windows\system32\svchost.exe [1512:5488] 000007fefaae3900 Thread C:\Windows\System32\spoolsv.exe [1660:1408] 000007fef91710c8 Thread C:\Windows\System32\spoolsv.exe [1660:1496] 000007fef8eb6144 Thread C:\Windows\System32\spoolsv.exe [1660:1460] 000007fef8ca5fd0 Thread C:\Windows\System32\spoolsv.exe [1660:1548] 000007fef8c93438 Thread C:\Windows\System32\spoolsv.exe [1660:1544] 000007fef8ca63ec Thread C:\Windows\System32\spoolsv.exe [1660:1732] 000007fef9255e5c Thread C:\Windows\System32\spoolsv.exe [1660:1720] 000007fef9305090 Thread C:\Windows\system32\svchost.exe [1696:2044] 000007fef9df35c0 Thread C:\Windows\system32\svchost.exe [1696:2932] 000007fef9df5600 Thread C:\Windows\system32\svchost.exe [1696:3024] 000007fef59c2888 Thread C:\Windows\system32\svchost.exe [1696:3388] 000007fef47b2940 Thread C:\Windows\system32\taskhost.exe [1888:1940] 000007fef9e62740 Thread C:\Windows\system32\taskhost.exe [1888:1328] 000007fef94c1f38 Thread C:\Windows\system32\taskhost.exe [1888:1304] 000007fef9211010 Thread C:\Windows\system32\taskhost.exe [1888:1260] 000007fefefd9274 Thread C:\Windows\system32\taskhost.exe [1888:3504] 000007fef8f05170 Thread C:\Windows\system32\svchost.exe [2032:1296] 000007fef96d7130 Thread C:\Windows\system32\svchost.exe [2032:1332] 000007fef96cd5c0 Thread C:\Windows\Explorer.EXE [2092:4636] 000007fef3092f9c Thread C:\Windows\Explorer.EXE [2092:4820] 000007fef1392118 Thread C:\Windows\System32\svchost.exe [2376:472] 000007fefb2d9688 Thread C:\Windows\system32\svchost.exe [3972:4740] 000007fef8ca5fd0 Thread C:\Windows\system32\svchost.exe [3972:4744] 000007fef8ca63ec Thread C:\Windows\System32\svchost.exe [4912:4968] 000007fef1a3abc0 Thread C:\Windows\System32\svchost.exe [4912:4380] 000007fef1a35dac Thread C:\Windows\System32\svchost.exe [4912:2212] 000007fef8f05170 Thread C:\Windows\System32\svchost.exe [4912:5784] 000007fef9949874 ---- Processes - GMER 2.1 ---- Library C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [3404](2014-09-13 00:20:58) 0000000003c60000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfiy9y.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [3404](2014-10-13 18:31:03) 00000000040b0000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [3404](2013-08-23 19:01:44) 0000000066040000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [3404] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000656b0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----