NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
983040
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00790000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba1000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x6fba2000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
2228224
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x01f70000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02150000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00402000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00710000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00435000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0043b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00437000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0040a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0042a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00427000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
327680
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef58000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
65536
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef40000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00711000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x73772000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:38 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0040c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00712000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0041d000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00713000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00714000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00715000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00716000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00717000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00718000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00719000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x052d0178
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x052d01a0
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x052d01c8
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05383a7e
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
11
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05383a72
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
72
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x052d0208
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d260
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d284
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d28c
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d290
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d298
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d29c
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d2a0
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d2a4
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d2ac
process_handle:
0xffffffff
3221225550
0
NtProtectVirtualMemory
May 21, 2021, 8:40 a.m.
process_identifier:
8564
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
8
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0535d2b0
process_handle:
0xffffffff
3221225550
0