NtAllocateVirtualMemory
|
process_identifier:
1796
region_size:
5574656
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002a20000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1796
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002f70000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007756d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077574000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe0c4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff4a1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1796
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003180000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefa7c7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef7019000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1796
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef38a9000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1340
region_size:
6295552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002c10000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1340
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003210000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007756d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077574000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe0c4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff4a1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000772e6000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077696000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000772e1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077560000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007766f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007767b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff7e7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1340
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe064000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|