NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
1966080
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00a10000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00bb0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73f31000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73f32000
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
1507328
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ff0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02120000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00372000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003a5000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003ab000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003a7000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0038c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0037a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0039a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00397000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0038a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b1000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00396000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b2000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b3000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b4000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b5000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b6000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b7000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b8000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ff0178
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ff01a0
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ff01c8
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02005efe
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02005ef2
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
72
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ff0208
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf00
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf20
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf28
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf2c
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf34
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf38
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf3c
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf40
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf48
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf4c
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf50
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf58
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtProtectVirtualMemory
|
process_identifier:
1208
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01ffdf5c
process_handle:
0xffffffff
|
|
3221225550 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006ba000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006bb000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0037c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006bc000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006bd000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
NtAllocateVirtualMemory
|
process_identifier:
1208
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0484f000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|