AppMonetizer Installer

Category: Adware and PUAs Protection available since:10 May 2013 02:13:54 (GMT)
Type: Unspecified PUA Last Updated:16 Oct 2016 11:53:30 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of AppMonetizer Installer include:

Example 1

File Information

Size
468K
SHA-1
0e582bf9223c4a396489220f0075e2a1ee8fdc7b
MD5
f38c6559182ab35cd4c5ce001f2b85cb
CRC-32
f5110236
File type
Windows executable
First seen
2016-03-03

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\Math.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\nsExec.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\loading.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\manlib.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\UserInfo.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\registry.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\unchecked.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\checked.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\nsisunz.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\loading.html
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\LoadingBar.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\InstallScreen.html
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\CompleteScreen.html
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\nsNHTML.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\GetVersion.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\OfferAssets.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\start-bullet.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\blowfish.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\but1.png
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016030820160309
    CacheRepair
    0x00000000
Processes Created
  • c:\docume~1\support\locals~1\temp\nsl3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsl3.tmp\ns5.tmp
  • c:\windows\system32\wbem\wmic.exe
DNS Requests
  • www.vrmafcasure.us

Example 2

File Information

Size
3.3M
SHA-1
17f2be3b501e4d00cabdca57f3141808b6f08434
MD5
c0bc9f63e25cce1a114bc0b99b39636f
CRC-32
9999f83a
File type
Windows executable
First seen
2016-02-24

Example 3

File Information

Size
1.6M
SHA-1
19269369134a66fcd504044884a1143081a15090
MD5
af54254f392c9d1e601697f8a9eaf5d6
CRC-32
417dae4d
File type
Windows executable
First seen
2016-10-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\012345UJ\desktop.ini
  • C:\Program Files\Shouxin\update\update.ini
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\desktop.ini
  • C:\Program Files\Shouxin\shouxin.exe
    Size
    2.7M
    SHA-1
    8708eeed6f2c5cf9dcae754af6c53128036fa982
    MD5
    9a4976d7c8d54b9f9656ebccd273f163
    CRC-32
    a83e8d16
    File type
    Windows executable
    First seen
    2016-09-29
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\desktop.ini
  • C:\Program Files\Shouxin\UserData\Default\Bookmarks.db
  • C:\Program Files\Shouxin\defbrow.dll
    Size
    110K
    SHA-1
    f92d5f13d6967061de8f4059c1ec1496849cf8d3
    MD5
    0183e17e6d3489831689908023ffd7f0
    CRC-32
    0ce6f72a
    File type
    Windows executable
    First seen
    2012-03-14
  • C:\Program Files\Shouxin\UserData\Default\Historys.db
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\OPAZ89MN\desktop.ini
  • C:\Program Files\Shouxin\UserCache\Cookies\Default\index.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\sho4CCE.tmp\defbrow.dll
    Size
    110K
    SHA-1
    f92d5f13d6967061de8f4059c1ec1496849cf8d3
    MD5
    0183e17e6d3489831689908023ffd7f0
    CRC-32
    0ce6f72a
    File type
    Windows executable
    First seen
    2012-03-14
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\O961U6YI\desktop.ini
  • C:\Program Files\Shouxin\UserData\Default\lastpage.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\K9MNWPE3\desktop.ini
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
    shouxin.exe
    0x00000001
  • HKCU_Classes\ftp\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin
    (Default)
    ?????
  • HKCU\Software\Classes\shouxinURL\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU\Software\Classes\http
    URL Protocol
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    shouxin.exe
  • HKCU_Classes\shouxinURL\shell
    (Default)
  • HKCR\CLSID\{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E}\TreatAs
    (Default)
    {0002DF01-0000-0000-C000-000000000046}
  • HKCU_Classes\shouxinURL\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\Capabilities
    ApplicationDescription
    ?????????????????????????????????????????????????????????????????????????
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\InstallInfo
    ReinstallCommand
    "C:\Program Files\Shouxin\shouxin.exe" --make-default-browser
  • HKCU\Software\Classes\shouxinURL
    AppUserModelId
    shouxin
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
    shouxin.exe
    0x00000001
  • HKCU_Classes\.shtml
    (Default)
    shouxinURL
  • HKCR\shouxinURL\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht
    Progid
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM
    shouxin.exe
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
    shouxin.exe
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
    shouxin.exe
    0x00000001
  • HKCU_Classes\.html
    (Default)
    shouxinURL
  • HKCU_Classes\https\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\http\shell
    (Default)
    open
  • HKCR\shouxinURL\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Progid
    shouxinURL
  • HKCU\Software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\https\shell
    (Default)
    open
  • HKCU_Classes\ftp\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Classes\https\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKLM\SOFTWARE\RegisteredApplications
    shouxin
    SOFTWARE\Clients\StartMenuInternet\shouxin\Capabilities
  • HKCU\Software\Clients\StartMenuInternet
    (Default)
    ?????
  • HKCU\Software\Classes\.xhtml
    (Default)
    shouxinURL
  • HKCU\Software\Classes\http\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU_Classes\http\shell
    (Default)
    open
  • HKCU_Classes\htmlfile
    URL Protocol
  • HKCU_Classes\https\shell
    (Default)
    open
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe"
  • HKCU_Classes\http\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\Capabilities\StartMenu
    StartMenuInternet
    ?????
  • HKCU\Software\Classes\htmlfile\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG
    shouxin.exe
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\http\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
    shouxin.exe
    0x00000001
  • HKCU_Classes\ftp
    URL Protocol
  • HKCU_Classes\.xhtml
    (Default)
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\.xht
    (Default)
    shouxinURL
  • HKCU_Classes\htmlfile\shell
    (Default)
    open
  • HKCU_Classes\shouxinURL
    AppUserModelId
    shouxin
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml
    Progid
    shouxinURL
  • HKCU\Software\Classes\.htm
    (Default)
    shouxinURL
  • HKCU_Classes\.shtm
    (Default)
    shouxinURL
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm
    Progid
    shouxinURL
  • HKCU\Software\Classes\https\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU_Classes\.htm
    (Default)
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND
    shouxin.exe
    0x00000001
  • HKCR\shouxinURL
    URL Protocol
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS
    shouxin.exe
    0x00000001
  • HKCU_Classes\ftp\shell\open\ddeexec
    (Default)
  • HKCU\Software\Classes\https\shell\open\ddeexec
    (Default)
  • HKCU\Software\Classes\ftp\shell\open\ddeexec
    (Default)
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL
    shouxin.exe
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\shouxin.exe
    Path
    C:\Program Files\Shouxin
  • HKCU_Classes\http
    URL Protocol
  • HKCU\Software\Classes\.mht
    (Default)
    shouxinURL
  • HKCU_Classes\ftp\shell
    (Default)
    open
  • HKCU_Classes\htmlfile\shell\open\ddeexec
    (Default)
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
    c:\test_item.exe
    0x00000001
  • HKCU\Software\Classes\ftp\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Classes\shouxinURL\shell
    (Default)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml
    Progid
    shouxinURL
  • HKCU\Software\Classes\.html
    (Default)
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
    shouxin.exe
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\New Windows
    UseTimerMethod
    0x00000001
  • HKCU_Classes\shouxinURL\Application
    AppUserModelId
    shouxin
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtm
    Progid
    shouxinURL
  • HKCU\Software\Classes\ftp
    URL Protocol
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin.exe
    LocalizedString
    ??□□?□□□□0
  • HKCU\Software\Classes\ftp\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU\Software\Classes\.mhtm
    (Default)
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION
    shouxin.exe
    0x00000000
  • HKCU\Software\Classes\ftp\shell
    (Default)
    open
  • HKCU\Software\Classes\htmlfile\shell
    (Default)
    open
  • HKCU_Classes\.mhtm
    (Default)
    shouxinURL
  • HKCU_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht
    Progid
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\shouxinURL\Application
    AppUserModelId
    shouxin
  • HKCU_Classes\https
    URL Protocol
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin.exe\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe"
  • HKCU_Classes\htmlfile\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU_Classes\https\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL
    shouxin.exe
    0x00000001
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\Capabilities\URLAssociations
    https
    shouxinURL
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Progid
    shouxinURL
  • HKCU\Software\Classes\shouxinURL\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Classes\http\shell\open\ddeexec
    (Default)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml
    Progid
    shouxinURL
  • HKCU_Classes\shouxinURL\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT
    shouxin.exe
    0x00000001
  • HKCU\Software\Classes\htmlfile\shell\open\command
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe" -- "%1"
  • HKCU\Software\Classes\.shtm
    (Default)
    shouxinURL
  • HKCU\Software\shouxin
    import
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING
    shouxin.exe
    0x00000001
  • HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    Progid
    shouxinURL
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1147527-7764-45b4-8821-4D21264C5C89}
    EstimatedSize
    0x00000ac9
  • HKCU_Classes\.mhtml
    (Default)
    shouxinURL
  • HKCU_Classes\https\shell\open\ddeexec
    (Default)
  • HKCU\Software\Classes\htmlfile
    URL Protocol
  • HKCU\Software\Classes\CLSID\{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E}\TreatAs
    (Default)
    {0002DF01-0000-0000-C000-000000000046}
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
    shouxin.exe
    0x00000000
  • HKCU_Classes\.xht
    (Default)
    shouxinURL
  • HKCU\Software\Classes\.mhtml
    (Default)
    shouxinURL
  • HKCU\Software\Classes\.shtml
    (Default)
    shouxinURL
  • HKCU\Software\Classes\https
    URL Protocol
  • HKCU_Classes\CLSID\{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E}\TreatAs
    (Default)
    {0002DF01-0000-0000-C000-000000000046}
  • HKCU_Classes\.mht
    (Default)
    shouxinURL
  • HKCU_Classes\http\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\shouxin.exe
    Path
    C:\Program Files\Shouxin
  • HKCU_Classes\http\shell\open\ddeexec
    (Default)
  • HKCR\shouxinURL\shell
    (Default)
  • HKCU\Software\Classes\htmlfile\shell\open\ddeexec
    (Default)
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
    shouxin.exe
    0x00000001
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
    Progid
    shouxinURL
  • HKLM\SOFTWARE\Clients\StartMenuInternet\shouxin\Capabilities\FileAssociations
    .mhtml
    shouxinURL
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2
    shouxin.exe
    0x00000001
  • HKCU_Classes\htmlfile\DefaultIcon
    (Default)
    C:\Program Files\Shouxin\shouxin.exe,1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
    Progid
    shouxinURL
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    shouxin.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\Cache4
  • HKCR\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
    (Default)
    "C:\Program Files\Shouxin\shouxin.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Program Files\Shouxin\UserCache\Temporary\Default\Content.IE5\Cache2
  • HKLM\SOFTWARE\Clients\StartMenuInternet
    (Default)
    shouxin.exe
Processes Created
  • c:\program files\shouxin\shouxin.exe
HTTP Requests
  • http://172.16.0.2/favicon.ico
  • http://crl.trust-provider.com/UTN-USERFirst-Object.crl
  • http://crls1.wosign.com/ca1-code-3.crl
  • http://crls1.wosign.com/ca1.crl
  • http://go.microsoft.com/favicon.ico
  • http://hao.360.cn/
  • http://hao.360.cn/favicon.ico
  • http://ie.xinshuru.com/inst.htm
  • http://ie.xinshuru.com/update/update.cab
  • http://www.microsoft.com/favicon.ico
DNS Requests
  • crl.trust-provider.com
  • crls1.wosign.com
  • go.microsoft.com
  • hao.360.cn
  • ie.xinshuru.com
  • www.microsoft.com
  • www.so.com

download Try Sophos products for free
Download now