NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
1703936
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x020e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02240000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
1441792
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x020e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02200000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x727a1000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x727a2000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
1179648
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x020e0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x021c0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00482000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02201000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02202000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0048a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0048c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02203000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0049c000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
8192
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x02204000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0069b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00697000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x04860000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00695000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0068a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00687000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00686000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
24576
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x04861000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x04867000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x04868000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x04869000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
20480
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0486a000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0486f000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05bb0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05bb1000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2556
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x05bb2000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
1638400
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00800000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72101000
process_handle:
0xffffffff
1
0
0
NtProtectVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
length:
4096
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x72102000
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
1376256
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x006b0000
allocation_type:
8192
(MEM_RESERVE)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x007c0000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003d2000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00455000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x0045b000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00457000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003ec000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x00600000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003da000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003fa000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003f7000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x003f6000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
327680
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
0
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
1056768
(MEM_RESERVE|MEM_TOP_DOWN)
process_handle:
0xffffffff
1
0
0
NtAllocateVirtualMemory
Sept. 14, 2023, 7:45 a.m.
process_identifier:
2712
region_size:
4096
stack_dep_bypass:
0
stack_pivoted:
0
heap_dep_bypass:
1
protection:
64
(PAGE_EXECUTE_READWRITE)
base_address:
0x7ef50000
allocation_type:
4096
(MEM_COMMIT)
process_handle:
0xffffffff
1
0
0