Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rRECEIPTTRANSFE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpE622.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\HqEYLS.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HqEYLS.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rRECEIPTTRANSFE.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bct3gdnf.eps.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_duv0sd4o.dby.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dzqze4n2.tqn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ennewxru.vgp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fjgsvzd5.e1h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fwbesiih.wub.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gziboquf.zjn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sprxvpkd.sv3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF7D5.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\HqEYLS.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rRECEIPTTRANSFE.exe
|
"C:\Users\user\Desktop\rRECEIPTTRANSFE.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\rRECEIPTTRANSFE.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HqEYLS.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HqEYLS" /XML "C:\Users\user\AppData\Local\Temp\tmpE622.tmp"
|
|
|
|
C:\Users\user\Desktop\rRECEIPTTRANSFE.exe
|
"C:\Users\user\Desktop\rRECEIPTTRANSFE.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\HqEYLS.exe
|
C:\Users\user\AppData\Roaming\HqEYLS.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HqEYLS" /XML "C:\Users\user\AppData\Local\Temp\tmpF7D5.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\HqEYLS.exe
|
"C:\Users\user\AppData\Roaming\HqEYLS.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.victorytrans.com
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.victorytrans.com
|
112.213.93.72
|
|
|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
112.213.93.72
|
mail.victorytrans.com
|
Viet Nam
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rRECEIPTTRANSFE_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\HqEYLS_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
470A000
|
trusted library allocation
|
page read and write
|
|
|
|
42E000
|
remote allocation
|
page execute and read and write
|
|
|
|
2BA1000
|
trusted library allocation
|
page read and write
|
|
|
|
2A2D000
|
trusted library allocation
|
page read and write
|
|
|
|
2BCD000
|
trusted library allocation
|
page read and write
|
|
|
|
2A01000
|
trusted library allocation
|
page read and write
|
|
|
|
45E9000
|
trusted library allocation
|
page read and write
|
|
|
|
39D1000
|
trusted library allocation
|
page read and write
|
||
|
190D000
|
trusted library allocation
|
page execute and read and write
|
||
|
540C000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
666B000
|
trusted library allocation
|
page read and write
|
||
|
D42000
|
trusted library allocation
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
trusted library section
|
page read and write
|
||
|
2A40000
|
heap
|
page execute and read and write
|
||
|
1900000
|
trusted library allocation
|
page read and write
|
||
|
5FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
417000
|
remote allocation
|
page execute and read and write
|
||
|
351E000
|
trusted library allocation
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ACD000
|
stack
|
page read and write
|
||
|
155B000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CA000
|
stack
|
page read and write
|
||
|
6ABD000
|
stack
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
2BDC000
|
trusted library allocation
|
page read and write
|
||
|
1B2E000
|
stack
|
page read and write
|
||
|
506C000
|
stack
|
page read and write
|
||
|
43B9000
|
trusted library allocation
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
7934000
|
trusted library allocation
|
page read and write
|
||
|
6991000
|
trusted library allocation
|
page read and write
|
||
|
11C6000
|
stack
|
page read and write
|
||
|
2BEA000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
heap
|
page execute and read and write
|
||
|
6513000
|
trusted library allocation
|
page read and write
|
||
|
1542000
|
trusted library allocation
|
page read and write
|
||
|
C05E000
|
stack
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
7B4C000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
5B5F000
|
stack
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
6BB1000
|
trusted library allocation
|
page read and write
|
||
|
C70E000
|
stack
|
page read and write
|
||
|
FE4000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
1546000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
2EAA000
|
heap
|
page read and write
|
||
|
63F0000
|
heap
|
page read and write
|
||
|
191D000
|
trusted library allocation
|
page execute and read and write
|
||
|
186E000
|
stack
|
page read and write
|
||
|
4E36000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
55CC000
|
stack
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
D3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
C25F000
|
stack
|
page read and write
|
||
|
15C6000
|
heap
|
page read and write
|
||
|
4FF1000
|
trusted library allocation
|
page read and write
|
||
|
1552000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
5D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D1000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page execute and read and write
|
||
|
1920000
|
trusted library allocation
|
page read and write
|
||
|
D47000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FE2000
|
trusted library allocation
|
page read and write
|
||
|
422000
|
remote allocation
|
page execute and read and write
|
||
|
39BD000
|
trusted library allocation
|
page read and write
|
||
|
5E55000
|
heap
|
page read and write
|
||
|
4455000
|
trusted library allocation
|
page read and write
|
||
|
BF7E000
|
stack
|
page read and write
|
||
|
B7F000
|
unkown
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
374F000
|
trusted library allocation
|
page read and write
|
||
|
3512000
|
trusted library allocation
|
page read and write
|
||
|
6BA000
|
stack
|
page read and write
|
||
|
AF4000
|
trusted library allocation
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
6222000
|
heap
|
page read and write
|
||
|
B83000
|
heap
|
page read and write
|
||
|
3755000
|
trusted library allocation
|
page read and write
|
||
|
D45000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3E000
|
unkown
|
page read and write
|
||
|
1B8D000
|
trusted library allocation
|
page read and write
|
||
|
544D000
|
stack
|
page read and write
|
||
|
48B9000
|
trusted library allocation
|
page read and write
|
||
|
65BE000
|
unkown
|
page read and write
|
||
|
1B30000
|
trusted library allocation
|
page read and write
|
||
|
3741000
|
trusted library allocation
|
page read and write
|
||
|
62ED000
|
trusted library allocation
|
page read and write
|
||
|
386C000
|
trusted library allocation
|
page read and write
|
||
|
3753000
|
trusted library allocation
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
B0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4407000
|
trusted library allocation
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
866E000
|
stack
|
page read and write
|
||
|
6970000
|
heap
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
45AE000
|
trusted library allocation
|
page read and write
|
||
|
5F5F000
|
stack
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
1900000
|
trusted library allocation
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
5B70000
|
heap
|
page execute and read and write
|
||
|
1B81000
|
trusted library allocation
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
11B7000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
62F0000
|
trusted library allocation
|
page read and write
|
||
|
4EF4000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
7CAE000
|
stack
|
page read and write
|
||
|
4FF6000
|
trusted library allocation
|
page read and write
|
||
|
414000
|
remote allocation
|
page execute and read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
5A53000
|
heap
|
page read and write
|
||
|
4FFD000
|
trusted library allocation
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
C5CF000
|
stack
|
page read and write
|
||
|
14A1000
|
heap
|
page read and write
|
||
|
41B000
|
remote allocation
|
page execute and read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
FCC000
|
stack
|
page read and write
|
||
|
77B2000
|
heap
|
page read and write
|
||
|
D13000
|
trusted library allocation
|
page execute and read and write
|
||
|
C710000
|
trusted library allocation
|
page read and write
|
||
|
3749000
|
trusted library allocation
|
page read and write
|
||
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
8130000
|
trusted library section
|
page read and write
|
||
|
61F0000
|
heap
|
page read and write
|
||
|
7BB3000
|
heap
|
page read and write
|
||
|
7B8E000
|
heap
|
page read and write
|
||
|
4E1E000
|
trusted library allocation
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D70000
|
heap
|
page read and write
|
||
|
47BE000
|
trusted library allocation
|
page read and write
|
||
|
673E000
|
stack
|
page read and write
|
||
|
1634000
|
heap
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
5916000
|
trusted library allocation
|
page read and write
|
||
|
616F000
|
stack
|
page read and write
|
||
|
3763000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
remote allocation
|
page execute and read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
336B000
|
stack
|
page read and write
|
||
|
5002000
|
trusted library allocation
|
page read and write
|
||
|
7B30000
|
heap
|
page read and write
|
||
|
B62E000
|
stack
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
1B60000
|
trusted library allocation
|
page read and write
|
||
|
755E000
|
heap
|
page read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
7D2D000
|
stack
|
page read and write
|
||
|
483B000
|
trusted library allocation
|
page read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
44D1000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
4FDE000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
5ACB000
|
stack
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1916000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page execute and read and write
|
||
|
64F0000
|
trusted library allocation
|
page read and write
|
||
|
B58000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
8AF000
|
unkown
|
page read and write
|
||
|
3747000
|
trusted library allocation
|
page read and write
|
||
|
18F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
1B7E000
|
trusted library allocation
|
page read and write
|
||
|
192A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6980000
|
heap
|
page read and write
|
||
|
373F000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
651D000
|
trusted library allocation
|
page read and write
|
||
|
BE5E000
|
stack
|
page read and write
|
||
|
398C000
|
trusted library allocation
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
5497000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
64D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3757000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
B72E000
|
stack
|
page read and write
|
||
|
403000
|
remote allocation
|
page execute and read and write
|
||
|
149F000
|
heap
|
page read and write
|
||
|
6300000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA7000
|
heap
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
19C7000
|
heap
|
page read and write
|
||
|
4E1B000
|
trusted library allocation
|
page read and write
|
||
|
3440000
|
heap
|
page execute and read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
5D2F000
|
stack
|
page read and write
|
||
|
C07E000
|
stack
|
page read and write
|
||
|
591D000
|
trusted library allocation
|
page read and write
|
||
|
1926000
|
trusted library allocation
|
page execute and read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
trusted library section
|
page readonly
|
||
|
119E000
|
stack
|
page read and write
|
||
|
7FAE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B1000
|
trusted library allocation
|
page read and write
|
||
|
D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
B52E000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
B82D000
|
stack
|
page read and write
|
||
|
C38C000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
6000000
|
trusted library allocation
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
1697000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
14E2000
|
heap
|
page read and write
|
||
|
3761000
|
trusted library allocation
|
page read and write
|
||
|
6231000
|
heap
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
5DD0000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
428000
|
remote allocation
|
page execute and read and write
|
||
|
44A3000
|
trusted library allocation
|
page read and write
|
||
|
C15E000
|
stack
|
page read and write
|
||
|
87A000
|
stack
|
page read and write
|
||
|
2968000
|
trusted library allocation
|
page read and write
|
||
|
E7D000
|
heap
|
page read and write
|
||
|
19B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
154A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
4E31000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
32D5000
|
trusted library allocation
|
page read and write
|
||
|
7C40000
|
trusted library section
|
page read and write
|
||
|
373D000
|
trusted library allocation
|
page read and write
|
||
|
375B000
|
trusted library allocation
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
1910000
|
trusted library allocation
|
page read and write
|
||
|
375D000
|
trusted library allocation
|
page read and write
|
||
|
6640000
|
trusted library allocation
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
1533000
|
trusted library allocation
|
page read and write
|
||
|
6432000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
416000
|
remote allocation
|
page execute and read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
647D000
|
stack
|
page read and write
|
||
|
19A0000
|
heap
|
page read and write
|
||
|
199E000
|
stack
|
page read and write
|
||
|
85EE000
|
stack
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
1B40000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
DC6000
|
heap
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
64BE000
|
stack
|
page read and write
|
||
|
1B86000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library section
|
page readonly
|
||
|
33FE000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
B1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
18EB000
|
stack
|
page read and write
|
||
|
1914000
|
trusted library allocation
|
page read and write
|
||
|
2B3E000
|
trusted library allocation
|
page read and write
|
||
|
B27000
|
trusted library allocation
|
page execute and read and write
|
||
|
3370000
|
trusted library allocation
|
page read and write
|
||
|
AF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BCB000
|
trusted library allocation
|
page read and write
|
||
|
77D000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
795A000
|
trusted library allocation
|
page read and write
|
||
|
E27000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
2A4A000
|
trusted library allocation
|
page read and write
|
||
|
18AE000
|
stack
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
41C000
|
remote allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
39F9000
|
trusted library allocation
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
4E22000
|
trusted library allocation
|
page read and write
|
||
|
B12000
|
trusted library allocation
|
page read and write
|
||
|
606E000
|
stack
|
page read and write
|
||
|
5E20000
|
trusted library allocation
|
page read and write
|
||
|
3A35000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
18DE000
|
stack
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
566D000
|
stack
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
84EF000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
stack
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
2A54000
|
trusted library allocation
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library section
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
389D000
|
trusted library allocation
|
page read and write
|
||
|
361A000
|
trusted library allocation
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
6C50000
|
heap
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
62E3000
|
trusted library allocation
|
page read and write
|
||
|
7B38000
|
heap
|
page read and write
|
||
|
5C50000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
B16000
|
trusted library allocation
|
page execute and read and write
|
||
|
530C000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
B96D000
|
stack
|
page read and write
|
||
|
7FDE000
|
stack
|
page read and write
|
||
|
3395000
|
trusted library allocation
|
page read and write
|
||
|
45C3000
|
trusted library allocation
|
page read and write
|
||
|
5E40000
|
trusted library section
|
page read and write
|
||
|
1523000
|
trusted library allocation
|
page execute and read and write
|
||
|
600D000
|
trusted library allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
5922000
|
trusted library allocation
|
page read and write
|
||
|
1524000
|
trusted library allocation
|
page read and write
|
||
|
1549000
|
heap
|
page read and write
|
||
|
35EB000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
C60E000
|
stack
|
page read and write
|
||
|
D4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C4D000
|
stack
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
687D000
|
stack
|
page read and write
|
||
|
6740000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3C000
|
trusted library allocation
|
page read and write
|
||
|
D36000
|
trusted library allocation
|
page execute and read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
64C0000
|
trusted library allocation
|
page read and write
|
||
|
B25000
|
trusted library allocation
|
page execute and read and write
|
||
|
374B000
|
trusted library allocation
|
page read and write
|
||
|
1922000
|
trusted library allocation
|
page read and write
|
||
|
19A3000
|
heap
|
page read and write
|
||
|
4C6D000
|
stack
|
page read and write
|
||
|
63F8000
|
heap
|
page read and write
|
||
|
18F0000
|
trusted library allocation
|
page read and write
|
||
|
4936000
|
trusted library allocation
|
page read and write
|
||
|
6504000
|
trusted library allocation
|
page read and write
|
||
|
58FB000
|
trusted library allocation
|
page read and write
|
||
|
429000
|
remote allocation
|
page execute and read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
15AA000
|
heap
|
page read and write
|
||
|
67D000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
AFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
15AE000
|
heap
|
page read and write
|
||
|
34CB000
|
trusted library allocation
|
page read and write
|
||
|
77A2000
|
heap
|
page read and write
|
||
|
1047000
|
heap
|
page read and write
|
||
|
BCBE000
|
stack
|
page read and write
|
||
|
BE3E000
|
stack
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
trusted library allocation
|
page read and write
|
||
|
D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
590E000
|
trusted library allocation
|
page read and write
|
||
|
423000
|
remote allocation
|
page execute and read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
3395000
|
trusted library allocation
|
page read and write
|
||
|
3745000
|
trusted library allocation
|
page read and write
|
||
|
5911000
|
trusted library allocation
|
page read and write
|
||
|
7BA000
|
stack
|
page read and write
|
||
|
62AF000
|
stack
|
page read and write
|
||
|
D14000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
6500000
|
trusted library allocation
|
page read and write
|
||
|
E7B000
|
heap
|
page read and write
|
||
|
BCFC000
|
stack
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
BA6E000
|
stack
|
page read and write
|
||
|
4E8C000
|
stack
|
page read and write
|
||
|
1920000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
373A000
|
trusted library allocation
|
page read and write
|
||
|
609E000
|
stack
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
153D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E3D000
|
trusted library allocation
|
page read and write
|
||
|
3743000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
9A9000
|
stack
|
page read and write
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
147F000
|
heap
|
page read and write
|
||
|
812F000
|
stack
|
page read and write
|
||
|
7F590000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
7B72000
|
heap
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
B22000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
D32000
|
trusted library allocation
|
page read and write
|
||
|
54AC000
|
stack
|
page read and write
|
||
|
11A6000
|
stack
|
page read and write
|
||
|
DC3000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
B830000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page execute and read and write
|
||
|
3480000
|
trusted library allocation
|
page execute and read and write
|
||
|
3880000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
7780000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
15E2000
|
heap
|
page read and write
|
||
|
4FDB000
|
trusted library allocation
|
page read and write
|
||
|
152D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
3BD6000
|
trusted library allocation
|
page read and write
|
||
|
B2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF5D000
|
stack
|
page read and write
|
||
|
193B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1903000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
C48C000
|
stack
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CCF000
|
stack
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
59FB000
|
stack
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
978000
|
stack
|
page read and write
|
||
|
5F9D000
|
stack
|
page read and write
|
||
|
4E2E000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7752000
|
trusted library allocation
|
page read and write
|
||
|
1A2F000
|
stack
|
page read and write
|
||
|
776C000
|
heap
|
page read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
32F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
374D000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
unkown
|
page read and write
|
||
|
1B50000
|
heap
|
page execute and read and write
|
||
|
17DE000
|
stack
|
page read and write
|
||
|
1010000
|
unkown
|
page readonly
|
||
|
33F2000
|
trusted library allocation
|
page read and write
|
||
|
4E42000
|
trusted library allocation
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
7CEE000
|
stack
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
7F580000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
801D000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page read and write
|
||
|
DB9000
|
heap
|
page read and write
|
||
|
1937000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CDE000
|
trusted library allocation
|
page read and write
|
||
|
F62000
|
unkown
|
page readonly
|
||
|
5D6E000
|
stack
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
34D1000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1557000
|
trusted library allocation
|
page execute and read and write
|
||
|
862D000
|
stack
|
page read and write
|
||
|
7B78000
|
heap
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
1B6B000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
19C0000
|
heap
|
page read and write
|
||
|
42D000
|
remote allocation
|
page execute and read and write
|
||
|
7550000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
1904000
|
trusted library allocation
|
page read and write
|
||
|
81ED000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
5FA0000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page execute and read and write
|
||
|
33B1000
|
trusted library allocation
|
page read and write
|
||
|
415000
|
remote allocation
|
page execute and read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
46CE000
|
trusted library allocation
|
page read and write
|
||
|
58F4000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
heap
|
page execute and read and write
|
||
|
6666000
|
trusted library allocation
|
page read and write
|
||
|
375F000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
35ED000
|
trusted library allocation
|
page read and write
|
||
|
BF3E000
|
stack
|
page read and write
|
||
|
60DE000
|
stack
|
page read and write
|
||
|
44D9000
|
trusted library allocation
|
page read and write
|
||
|
5A0F000
|
trusted library section
|
page readonly
|
||
|
86AE000
|
stack
|
page read and write
|
||
|
BDFC000
|
stack
|
page read and write
|
||
|
1B45000
|
trusted library allocation
|
page read and write
|
||
|
BBBE000
|
stack
|
page read and write
|
||
|
10AA000
|
stack
|
page read and write
|
||
|
1932000
|
trusted library allocation
|
page read and write
|
||
|
64F7000
|
trusted library allocation
|
page read and write
|
||
|
6480000
|
heap
|
page read and write
|
||
|
2B71000
|
trusted library allocation
|
page read and write
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
trusted library allocation
|
page read and write
|
||
|
1913000
|
trusted library allocation
|
page read and write
|
||
|
7EDE000
|
stack
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page read and write
|
||
|
3759000
|
trusted library allocation
|
page read and write
|
||
|
61AD000
|
stack
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
trusted library allocation
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
179E000
|
stack
|
page read and write
|
||
|
C4CE000
|
stack
|
page read and write
|
||
|
404000
|
remote allocation
|
page execute and read and write
|
||
|
42A000
|
remote allocation
|
page execute and read and write
|
There are 594 hidden memdumps, click here to show them.