NtAllocateVirtualMemory
|
process_identifier:
2132
region_size:
4657152
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000031e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2132
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003650000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007756d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077574000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe0c4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff4a1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
2132
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003620000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefa7c7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef7019000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
2132
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fef1e69000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1336
region_size:
13045760
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000027d0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1336
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000003440000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000775c1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007756d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077574000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077592000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefc5c5000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe0c4000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff4a1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755d000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000772e6000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077696000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00000000772e1000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0000000077560000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007755a000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007766f000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000000007767b000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007feff7e7000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1336
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x000007fefe064000
process_handle:
0xffffffffffffffff
|
1
|
0 |
0
|