NtProtectVirtualMemory
|
process_identifier:
2948
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73702000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
596
region_size:
6492160
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02f30000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
596
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x03560000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755dc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755fc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755dc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755fc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72933000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x729d7000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x76809000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x756b2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755c2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
596
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x033c0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72ac2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
596
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6e1d1000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1812
region_size:
2625536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02ac0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1812
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02d40000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7560f000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755dc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755fc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755dc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755fc000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72933000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x729d7000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x76809000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x756b2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755c2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755c7000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755df000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755c6000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x75733000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x773fd000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x75737000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755b8000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x755bd000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x773e2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x773d2000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x74ac6000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x767a4000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1812
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x767a3000
process_handle:
0xffffffff
|
1
|
0 |
0
|