NtProtectVirtualMemory
April 28, 2021, 9:41 a.m.
process_identifier:
5580
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72279000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
16384
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x722aa000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003a0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003b0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
region_size:
151552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007e0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73801000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
5580
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72c61000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:41 a.m.
process_identifier:
6988
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72279000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
16384
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x722aa000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007f0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00800000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
region_size:
151552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00810000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73801000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
6988
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72c61000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:41 a.m.
process_identifier:
8780
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72279000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
16384
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x722aa000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003e0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003f0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
region_size:
151552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00400000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73801000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
8780
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72c61000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:41 a.m.
process_identifier:
4960
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72279000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
4960
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
16384
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x722aa000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
4960
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007b0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
4960
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007c0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:42 a.m.
process_identifier:
4960
region_size:
151552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007d0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
4960
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73801000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
4960
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72c61000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:41 a.m.
process_identifier:
668
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72279000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
668
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
16384
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x722aa000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
668
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003d0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
668
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003e0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
April 28, 2021, 9:43 a.m.
process_identifier:
668
region_size:
151552
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003f0000
allocation_type:
12288
(MEM_COMMIT|MEM_RESERVE)
process_handle:
0xffffffff
1
0
0