NtAllocateVirtualMemory
|
process_identifier:
2936
region_size:
10096640
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002de0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2936
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003780000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007737d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773a2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077384000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773a2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc575000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc575000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff6f4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefdf81000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2936
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003220000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007391c000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000074943000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
3028
region_size:
16322560
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000002ed0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
3028
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003e60000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773d1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007737d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773a2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077384000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000773a2000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc575000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc575000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff6f4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefdf81000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000076f96000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000774a6000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000076f91000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077370000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007736a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007747f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007748b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff2e7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff694000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
3028
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff691000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|