NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
1703936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00940000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba1000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba2000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
1376256
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x008f0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00312000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00345000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0034b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00347000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0032c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00620000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0031a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0033a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00337000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0032a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
327680
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef58000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73772000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00621000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00336000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:45 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00622000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0032d000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00623000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00624000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00625000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00626000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00627000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00628000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
region_size:
12288
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00629000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050e0178
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050e01a0
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050e01c8
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05157b1e
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05157b12
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
72
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x050e0208
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05131388
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313ac
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313b4
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313b8
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313c0
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313c4
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313c8
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313cc
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313d4
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 3, 2021, 4:47 p.m.
process_identifier:
3576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x051313d8
process_handle:
0xffffffff
3221225550
0