NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
786432
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003d0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00450000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba1000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba2000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
2097152
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02190000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02350000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00402000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00435000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0043b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00437000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b10000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0040a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0042a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00427000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
327680
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef58000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00426000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
16384
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b11000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b15000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b16000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73772000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b17000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0040c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:33 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b18000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041d000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b19000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b1a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b1b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b1c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b1d000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00b1e000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05070000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05071000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050f0178
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050f01a0
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050f01c8
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0519794e
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05197942
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
72
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050f0208
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05172050
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05172074
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0517207c
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05172080
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
April 14, 2021, 6:34 p.m.
process_identifier:
6240
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05172088
process_handle:
0xffffffff
3221225550
0