|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
1507328
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x009b0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00ae0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtProtectVirtualMemory
|
process_identifier:
1476
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73f61000
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtProtectVirtualMemory
|
process_identifier:
1476
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73f62000
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
1507328
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02240000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02370000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008c2000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008f5000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008fb000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008f7000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008dc000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008dd000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024d0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
16384
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024d1000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008ca000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
24576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024d5000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024db000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024dd000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008e6000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008ea000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008e7000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x024de000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02300000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02301000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008de000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02302000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02303000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02304000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02305000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02306000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
|
NtAllocateVirtualMemory
|
process_identifier:
1476
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02307000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
|
1
|
0 |
0
|
66d98aa7bea3e_newPrime.exe#real