NtAllocateVirtualMemory
|
process_identifier:
2468
region_size:
15273984
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002f70000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2468
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003e00000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007749d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774c2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774a4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774c2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc4f5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc4f5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefdfd4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe811000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2468
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000034b0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefa2c7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef69f9000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2468
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef4519000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2600
region_size:
6164480
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002630000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2600
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002c10000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774f1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007749d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774c2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774a4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774c2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc4f5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc4f5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefdfd4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe811000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000770b6000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c6000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000770b1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077490000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007759f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775ab000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe327000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2600
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefdf74000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|