NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
2424832
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000000690000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000000860000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1201000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef189b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
786432
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000001fe0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002020000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1202000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1204000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1204000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1204000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1908
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1204000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
655360
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff10000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff10000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff10000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff20000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff00000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fffff00000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a5a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91b0c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91b36000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91b10000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a6c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a7b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91b80000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a6a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a5b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91aac000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a7d000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a52000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bc0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91aad000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bc1000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91a6b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd1000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd2000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd3000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd4000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd5000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1908
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fe91bd6000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|