GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-12-13 23:22:00 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-75A0RT0 rev.01.01A01 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Erhu\AppData\Local\Temp\kxldapog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82858339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82891D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\drivers\bviy.sys The system cannot find the path specified. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 1C, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 1F, E6, 00] {SUB [EDI], BL; OUT 0x0, AL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 1C, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 1D, E6, 00] {TEST AL, 0x1d; OUT 0x0, AL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 1E, E6, 00] {TEST AL, 0x1e; OUT 0x0, AL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 1D, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 1E, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 1C, E6, 00] {TEST AL, 0x1c; OUT 0x0, AL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 1D, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 1E, E6, 00] {SUB [ESI], BL; OUT 0x0, AL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 1F, E6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[208] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 54, 90, 00] {SUB [EAX+EDX*4+0x0], DL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 57, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 54, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 55, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763AEDF8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 56, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 55, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 56, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763AEE89 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 54, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763AF047 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 55, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 56, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 57, 90, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2096] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 38, 70, 00] {SUB [EAX], BH; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 3B, 70, 00] {SUB [EBX], BH; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 38, 70, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 39, 70, 00] {TEST AL, 0x39; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763ACDDC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 3A, 70, 00] {TEST AL, 0x3a; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 39, 70, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 3A, 70, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763ACE6D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 38, 70, 00] {TEST AL, 0x38; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763AD02B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 39, 70, 00] {SUB [ECX], BH; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 3A, 70, 00] {SUB [EDX], BH; JO 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 3B, 70, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2468] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 00, 85, 00] {SUB [EAX], AL; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 1 Byte [28] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 03, 85, 00] {SUB [EBX], AL; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 00, 85, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 01, 85, 00] {TEST AL, 0x1; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763AE2A4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 02, 85, 00] {TEST AL, 0x2; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 01, 85, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 02, 85, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763AE335 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 00, 85, 00] {TEST AL, 0x0; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763AE4F3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 01, 85, 00] {SUB [ECX], AL; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 02, 85, 00] {SUB [EDX], AL; TEST [EAX], EAX} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 1 Byte [68] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 03, 85, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[2992] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 5C, 3C, 00] {SUB [ESP+EDI+0x0], BL} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 5F, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 5C, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 5D, 3C, 00] {TEST AL, 0x5d; CMP AL, 0x0} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763A9A00 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 5E, 3C, 00] {TEST AL, 0x5e; CMP AL, 0x0} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 5D, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 5E, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763A9A91 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 5C, 3C, 00] {TEST AL, 0x5c; CMP AL, 0x0} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763A9C4F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 5D, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 5E, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 5F, 3C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3004] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 50, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 53, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 50, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 51, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763AB0F4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 52, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 51, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 52, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763AB185 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 50, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763AB343 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 51, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 52, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 53, 53, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3412] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 24, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 27, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 24, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 25, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 26, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 25, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 26, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 24, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 25, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 26, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 27, F6, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3452] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 88, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 8B, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 88, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 89, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 8A, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 89, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 8A, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 88, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 89, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 8A, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 8B, B8, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, 8C, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, 8F, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, 8C, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, 8D, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, 8E, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, 8D, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, 8E, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, 8C, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, 8D, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, 8E, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, 8F, A2, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3752] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtCreateFile + 6 773A55CE 4 Bytes [28, A8, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtCreateFile + B 773A55D3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtMapViewOfSection + 6 773A5C2E 4 Bytes [28, AB, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtMapViewOfSection + B 773A5C33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenFile + 6 773A5CDE 4 Bytes [68, A8, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenFile + B 773A5CE3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcess + 6 773A5D8E 4 Bytes [A8, A9, 7C, 00] {TEST AL, 0xa9; JL 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcess + B 773A5D93 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcessToken + 6 773A5D9E 4 Bytes CALL 763ADA4C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcessToken + B 773A5DA3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcessTokenEx + 6 773A5DAE 4 Bytes [A8, AA, 7C, 00] {TEST AL, 0xaa; JL 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenProcessTokenEx + B 773A5DB3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThread + 6 773A5E0E 4 Bytes [68, A9, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThread + B 773A5E13 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThreadToken + 6 773A5E1E 4 Bytes [68, AA, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThreadToken + B 773A5E23 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThreadTokenEx + 6 773A5E2E 4 Bytes CALL 763ADADD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtOpenThreadTokenEx + B 773A5E33 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtQueryAttributesFile + 6 773A5F3E 4 Bytes [A8, A8, 7C, 00] {TEST AL, 0xa8; JL 0x4} .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtQueryAttributesFile + B 773A5F43 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtQueryFullAttributesFile + 6 773A5FEE 4 Bytes CALL 763ADC9B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtQueryFullAttributesFile + B 773A5FF3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtSetInformationFile + 6 773A663E 4 Bytes [28, A9, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtSetInformationFile + B 773A6643 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtSetInformationThread + 6 773A669E 4 Bytes [28, AA, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtSetInformationThread + B 773A66A3 1 Byte [E2] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtUnmapViewOfSection + 6 773A69BE 4 Bytes [68, AB, 7C, 00] .text C:\Program Files\Opera\26.0.1656.32\opera.exe[3932] ntdll.dll!NtUnmapViewOfSection + B 773A69C3 1 Byte [E2] ---- EOF - GMER 2.1 ----