API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 4th, 2015
254
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 83.81 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19357 - http://www.gmer.net
  2. Rootkit scan 2015-02-03 21:24:18
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD321KJ rev.CP100-12 298,09GB
  4. Running: gmer.exe; Driver: C:\Users\HITOKK~1\AppData\Local\Temp\ufldiuog.sys
  5.  
  6.  
  7. ---- Kernel code sections - GMER 2.1 ----
  8.  
  9. INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff8000efbf000 45 bytes [00, 00, 00, 00, 00, 00, 02, ...]
  10. INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff8000efbf02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
  11.  
  12. ---- User code sections - GMER 2.1 ----
  13.  
  14. .text C:\Windows\system32\taskhost.exe[3900] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778a0650 6 bytes {JMP QWORD [RIP+0x879f9e0]}
  15. .text C:\Windows\system32\taskhost.exe[3900] C:\Windows\system32\kernel32.dll!WriteProcessMemory 00000000778cbe80 6 bytes {JMP QWORD [RIP+0x88941b0]}
  16. .text C:\Windows\system32\taskhost.exe[3900] C:\Windows\system32\kernel32.dll!VirtualProtectEx 00000000778cbf20 6 bytes {JMP QWORD [RIP+0x8874110]}
  17. .text C:\Windows\system32\taskhost.exe[3900] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007791acf0 6 bytes {JMP QWORD [RIP+0x8705340]}
  18. .text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x86eea50]}
  19. .text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x870ea10]}
  20. .text C:\Windows\Explorer.EXE[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x86ce830]}
  21. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000778a0650 6 bytes {JMP QWORD [RIP+0x879f9e0]}
  22. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\kernel32.dll!WriteProcessMemory 00000000778cbe80 6 bytes {JMP QWORD [RIP+0x88941b0]}
  23. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\kernel32.dll!VirtualProtectEx 00000000778cbf20 6 bytes {JMP QWORD [RIP+0x8874110]}
  24. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007791acf0 6 bytes {JMP QWORD [RIP+0x8705340]}
  25. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefda59055 3 bytes [B5, 6F, 06]
  26. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefefade90 6 bytes {JMP QWORD [RIP+0x3221a0]}
  27. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefc7490 6 bytes JMP 70005c
  28. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefefd2e18 6 bytes JMP 0
  29. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WSOCK32.dll!recv 000007fef73a1744 6 bytes {JMP QWORD [RIP+0x4e8ec]}
  30. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!WSASend 000007feffd313b0 6 bytes {JMP QWORD [RIP+0x38ec80]}
  31. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feffd318e1 5 bytes {JMP QWORD [RIP+0xce750]}
  32. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!WSARecv 000007feffd32200 6 bytes JMP 0
  33. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!send 000007feffd38000 6 bytes JMP 0
  34. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!sendto 000007feffd3d7f0 6 bytes JMP 370038
  35. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!socket 000007feffd3de90 6 bytes {JMP QWORD [RIP+0xa21a0]}
  36. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!recv 000007feffd3df40 6 bytes JMP ff961b50
  37. .text C:\Windows\Explorer.EXE[3192] C:\Windows\system32\WS2_32.dll!WSAAsyncSelect 000007feffd5e5e0 6 bytes JMP 0
  38. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x87eea50]}
  39. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x880ea10]}
  40. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x87ce830]}
  41. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefefade90 6 bytes {JMP QWORD [RIP+0x3221a0]}
  42. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefc7490 6 bytes {JMP QWORD [RIP+0x2e8ba0]}
  43. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefefd2e18 6 bytes JMP 0
  44. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  45. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  46. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  47. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  48. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  49. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  50. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c9fd64 3 bytes JMP 7130000a
  51. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c9fd68 2 bytes JMP 7130000a
  52. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c9ffa4 3 bytes JMP 712d000a
  53. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c9ffa8 2 bytes JMP 712d000a
  54. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ca00b4 3 bytes JMP 7133000a
  55. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077ca00b8 2 bytes JMP 7133000a
  56. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtAcceptConnectPort 0000000077ca0210 3 bytes [FF, 25, 1E]
  57. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4 0000000077ca0214 2 bytes [23, 71]
  58. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ca088c 3 bytes [FF, 25, 1E]
  59. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077ca0890 2 bytes [29, 71]
  60. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey 0000000077ca17e0 3 bytes [FF, 25, 1E]
  61. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey + 4 0000000077ca17e4 2 bytes [26, 71]
  62. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007693103d 6 bytes {JMP QWORD [RIP+0x71a4001e]}
  63. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076931072 6 bytes {JMP QWORD [RIP+0x71a7001e]}
  64. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000769348f3 6 bytes JMP 7136000a
  65. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007693499f 6 bytes JMP 7139000a
  66. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000765c2c9e 4 bytes CALL 71ac0000
  67. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759870c4 6 bytes {JMP QWORD [RIP+0x7189001e]}
  68. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000759a3264 6 bytes {JMP QWORD [RIP+0x718c001e]}
  69. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownW 00000000759bdc55 6 bytes {JMP QWORD [RIP+0x719b001e]}
  70. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExW 00000000759bdd22 6 bytes {JMP QWORD [RIP+0x7195001e]}
  71. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownA 00000000759bddf7 6 bytes {JMP QWORD [RIP+0x719e001e]}
  72. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\ADVAPI32.dll!InitiateSystemShutdownExA 00000000759bde9e 6 bytes {JMP QWORD [RIP+0x7198001e]}
  73. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!ioctlsocket 0000000075df3084 6 bytes JMP 70f7000a
  74. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!sendto 0000000075df34b5 6 bytes JMP 70fd000a
  75. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075df3918 6 bytes JMP 7109000a
  76. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!socket 0000000075df3eb8 6 bytes JMP 71af000a
  77. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075df4406 6 bytes JMP 70e8000a
  78. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!select 0000000075df6989 6 bytes JMP 70fa000a
  79. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!recv 0000000075df6b0e 6 bytes JMP 70ef000a
  80. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!connect 0000000075df6bdd 6 bytes JMP 7106000a
  81. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!send 0000000075df6f01 6 bytes JMP 7100000a
  82. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075df7089 6 bytes JMP 70eb000a
  83. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000075df7489 6 bytes {JMP QWORD [RIP+0x70e1001e]}
  84. .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2792] C:\Windows\syswow64\WS2_32.dll!WSAAsyncSelect 0000000075e0b014 6 bytes {JMP QWORD [RIP+0x70f3001e]}
  85. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c9fd64 3 bytes [FF, 25, 1E]
  86. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c9fd68 2 bytes [2F, 71]
  87. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c9ffa4 3 bytes [FF, 25, 1E]
  88. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c9ffa8 2 bytes [2C, 71]
  89. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077ca00b4 3 bytes JMP 7133000a
  90. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077ca00b8 2 bytes JMP 7133000a
  91. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtAcceptConnectPort 0000000077ca0210 3 bytes [FF, 25, 1E]
  92. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtAcceptConnectPort + 4 0000000077ca0214 2 bytes [23, 71]
  93. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077ca088c 3 bytes [FF, 25, 1E]
  94. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077ca0890 2 bytes [29, 71]
  95. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey 0000000077ca17e0 3 bytes [FF, 25, 1E]
  96. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey + 4 0000000077ca17e4 2 bytes [26, 71]
  97. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007693103d 6 bytes {JMP QWORD [RIP+0x71a4001e]}
  98. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076931072 6 bytes {JMP QWORD [RIP+0x71a7001e]}
  99. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000769348f3 6 bytes {JMP QWORD [RIP+0x7135001e]}
  100. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[956] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007693499f 6 bytes {JMP QWORD [RIP+0x7138001e]}
  101. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  102. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  103. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  104. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  105. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  106. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  107. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  108. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  109. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  110. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  111. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  112. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  113. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  114. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  115. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  116. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  117. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  118. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  119. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  120. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  121. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  122. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  123. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  124. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  125. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075ee8e4e 5 bytes JMP 00000001100a55a0
  126. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075f0f170 1 byte JMP 00000001100a5574
  127. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\syswow64\USER32.dll!SetForegroundWindow + 2 0000000075f0f172 3 bytes {JMP QWORD [RBX+0x19]}
  128. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f307d7 5 bytes JMP 00000001100a5624
  129. .text C:\Program Files (x86)\Steam\Steam.exe[2080] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 0000000075f46da0 5 bytes JMP 00000001100a55f8
  130. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  131. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  132. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  133. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  134. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  135. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[7952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  136. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  137. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  138. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  139. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  140. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  141. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[8104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  142. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  143. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  144. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  145. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  146. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  147. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[4648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  148. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  149. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  150. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  151. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  152. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  153. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  154. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  155. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  156. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  157. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  158. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  159. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  160. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075ee8e4e 5 bytes JMP 00000001100a55a0
  161. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075f0f170 1 byte JMP 00000001100a5574
  162. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow + 2 0000000075f0f172 3 bytes {JMP QWORD [RBX+0x19]}
  163. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f307d7 5 bytes JMP 00000001100a5624
  164. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 0000000075f46da0 5 bytes JMP 00000001100a55f8
  165. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076061465 2 bytes [06, 76]
  166. .text C:\Users\Hitokkiri\Downloads\avz4 (1)\avz4\avz.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000760614bb 2 bytes [06, 76]
  167. .text ... * 2
  168. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077aa1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  169. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077aa143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  170. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077aa1594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  171. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077aa191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  172. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077aa1bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  173. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077aa1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  174. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077aa1edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  175. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077aa1fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  176. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077aa27b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  177. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077aa27d2 8 bytes {JMP 0x10}
  178. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077aa282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  179. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077aa2898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  180. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077aa2d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  181. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077aa2d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  182. .text ... * 2
  183. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077aa323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  184. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077aa33c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  185. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077aa3a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  186. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077aa3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  187. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077aa3b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  188. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077aa4190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  189. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077aa4241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  190. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077aa42b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  191. .text ... * 3
  192. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077aa43f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  193. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077aa4434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  194. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077aa45d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  195. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077aa46d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  196. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077aa4a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  197. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077aa4b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  198. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077aa4c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  199. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077aa4d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  200. .text ... * 2
  201. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077aa4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  202. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077aa4ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  203. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077aa50f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  204. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077aa52f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  205. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077aa53f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  206. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077aa55e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  207. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077aa64d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  208. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077aa668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  209. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077aa687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  210. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077aa68bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  211. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077aa68d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
  212. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077aa692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
  213. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077aa7166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
  214. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077aa7dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
  215. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077aa7e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
  216. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077af1380 8 bytes JMP 3f3f3f3f
  217. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077af1500 8 bytes JMP 3f3f3f3f
  218. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077af1530 8 bytes JMP 3f3f3f3f
  219. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 8 bytes JMP 3f3f3f3f
  220. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077af1700 8 bytes JMP 3f3f3f3f
  221. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 8 bytes JMP 3f3f3f3f
  222. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077af1f80 8 bytes JMP 3f3f3f3f
  223. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 8 bytes JMP 3f3f3f3f
  224. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  225. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  226. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  227. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  228. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  229. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  230. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077aa1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  231. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077aa143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  232. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077aa1594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  233. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077aa191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  234. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077aa1bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  235. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077aa1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  236. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077aa1edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  237. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077aa1fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  238. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077aa27b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  239. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077aa27d2 8 bytes {JMP 0x10}
  240. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077aa282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  241. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077aa2898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  242. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077aa2d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  243. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077aa2d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  244. .text ... * 2
  245. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077aa323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  246. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077aa33c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  247. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077aa3a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  248. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077aa3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  249. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077aa3b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  250. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077aa4190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  251. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077aa4241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  252. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077aa42b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  253. .text ... * 3
  254. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077aa43f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  255. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077aa4434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  256. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077aa45d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  257. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077aa46d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  258. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077aa4a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  259. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077aa4b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  260. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077aa4c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  261. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077aa4d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  262. .text ... * 2
  263. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077aa4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  264. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077aa4ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  265. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077aa50f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  266. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077aa52f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  267. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077aa53f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  268. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077aa55e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  269. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077aa64d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  270. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077aa668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  271. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077aa687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  272. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077aa68bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  273. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077aa68d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
  274. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077aa692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
  275. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077aa7166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
  276. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077aa7dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
  277. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077aa7e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
  278. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077af1380 8 bytes JMP 3f3f3f3f
  279. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077af1500 8 bytes JMP 3f3f3f3f
  280. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077af1530 8 bytes JMP 3f3f3f3f
  281. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 8 bytes JMP 3f3f3f3f
  282. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077af1700 8 bytes JMP 3f3f3f3f
  283. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 8 bytes JMP 3f3f3f3f
  284. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077af1f80 8 bytes JMP 3f3f3f3f
  285. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 8 bytes JMP 3f3f3f3f
  286. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  287. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  288. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  289. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  290. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  291. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[2640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  292. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077aa1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  293. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077aa143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  294. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077aa1594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  295. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077aa191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  296. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077aa1bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  297. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077aa1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  298. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077aa1edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  299. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077aa1fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  300. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077aa27b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  301. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077aa27d2 8 bytes {JMP 0x10}
  302. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077aa282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  303. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077aa2898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  304. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077aa2d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  305. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077aa2d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  306. .text ... * 2
  307. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077aa323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  308. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077aa33c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  309. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077aa3a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  310. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077aa3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  311. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077aa3b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  312. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077aa4190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  313. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077aa4241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  314. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077aa42b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  315. .text ... * 3
  316. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077aa43f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  317. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077aa4434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  318. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077aa45d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  319. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077aa46d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  320. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077aa4a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  321. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077aa4b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  322. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077aa4c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  323. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077aa4d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  324. .text ... * 2
  325. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077aa4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  326. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077aa4ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  327. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077aa50f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  328. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077aa52f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  329. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077aa53f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  330. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077aa55e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  331. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077aa64d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  332. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077aa668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  333. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077aa687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  334. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077aa68bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  335. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077aa68d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
  336. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077aa692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
  337. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077aa7166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
  338. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077aa7dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
  339. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077aa7e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
  340. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077af1380 8 bytes JMP 3f3f3f3f
  341. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077af1500 8 bytes JMP 3f3f3f3f
  342. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077af1530 8 bytes JMP 3f3f3f3f
  343. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 8 bytes JMP 3f3f3f3f
  344. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077af1700 8 bytes JMP 3f3f3f3f
  345. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 8 bytes JMP 3f3f3f3f
  346. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077af1f80 8 bytes JMP 3f3f3f3f
  347. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 8 bytes JMP 3f3f3f3f
  348. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  349. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  350. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  351. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  352. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  353. .text C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe[6308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  354. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077aa1398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  355. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077aa143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  356. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077aa1594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  357. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077aa191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  358. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077aa1bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  359. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077aa1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  360. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077aa1edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  361. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077aa1fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  362. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077aa27b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  363. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077aa27d2 8 bytes {JMP 0x10}
  364. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077aa282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  365. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077aa2898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  366. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077aa2d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  367. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077aa2d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  368. .text ... * 2
  369. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077aa323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  370. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077aa33c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  371. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077aa3a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  372. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077aa3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  373. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077aa3b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  374. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077aa4190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  375. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077aa4241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  376. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077aa42b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  377. .text ... * 3
  378. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077aa43f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  379. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077aa4434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  380. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077aa45d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  381. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077aa46d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  382. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077aa4a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  383. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077aa4b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  384. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077aa4c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  385. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077aa4d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  386. .text ... * 2
  387. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077aa4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  388. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077aa4ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  389. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077aa50f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  390. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077aa52f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  391. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077aa53f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  392. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077aa55e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  393. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077aa64d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  394. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077aa668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  395. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077aa687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  396. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077aa68bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  397. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077aa68d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
  398. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077aa692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
  399. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077aa7166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
  400. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077aa7dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
  401. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077aa7e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
  402. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077af1380 8 bytes {JMP QWORD [RIP-0x4a220]}
  403. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077af1500 8 bytes {JMP QWORD [RIP-0x49cef]}
  404. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077af1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
  405. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
  406. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077af1700 8 bytes {JMP QWORD [RIP-0x4adda]}
  407. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
  408. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077af1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
  409. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
  410. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000755213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  411. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007552146b 8 bytes {JMP 0xffffffffffffffb0}
  412. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000755216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  413. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000755219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  414. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000755219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  415. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075521a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
  416. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075ee8e4e 5 bytes JMP 00000001100a55a0
  417. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075f0f170 1 byte JMP 00000001100a5574
  418. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\syswow64\USER32.dll!SetForegroundWindow + 2 0000000075f0f172 3 bytes {JMP QWORD [RBX+0x19]}
  419. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f307d7 5 bytes JMP 00000001100a5624
  420. .text C:\Users\Hitokkiri\Downloads\gmer\gmer.exe[4896] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 0000000075f46da0 5 bytes JMP 00000001100a55f8
  421.  
  422. ---- Kernel IAT/EAT - GMER 2.1 ----
  423.  
  424. IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880048abec0] \SystemRoot\system32\DRIVERS\klif.sys [unknown section]
  425.  
  426. ---- Threads - GMER 2.1 ----
  427.  
  428. Thread [3908:3276] 0000000073417a30
  429. Thread [3908:3280] 0000000077cd2e65
  430. Thread [3908:3284] 00000000735ac59c
  431. Thread [3908:3288] 00000000735ac59c
  432. Thread [3908:3292] 00000000735ac59c
  433. Thread [3908:3296] 00000000735ac59c
  434. Thread [3908:164] 00000000735ac59c
  435. Thread [3908:3532] 00000000735ac59c
  436. Thread [3908:3544] 00000000735ac59c
  437. Thread [3908:2360] 000000006defcf5c
  438. Thread [3908:2364] 000000006df7a8c0
  439. Thread [3908:5592] 000000006df7a8c0
  440. Thread [3908:5468] 000000006015aec5
  441. Thread [3908:5576] 0000000075bcd864
  442. Thread [3908:5980] 00000000735ac59c
  443. Thread [3908:5376] 0000000077cd3e85
  444. Thread [3908:7076] 0000000077cd3e85
  445.  
  446. ---- Disk sectors - GMER 2.1 ----
  447.  
  448. Disk \Device\Harddisk0\DR0 unknown MBR code
  449.  
  450. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!