Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Y3hoUa55dT.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-0BU0T.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3DMAJ.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-L64E0.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-RDQCU.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\ait_67.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\arc_67.dat
|
data
|
dropped
|
||
|
C:\ProgramData\resource-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\resource-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3S2MD.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-GDA60.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-GK0JO.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\is-RCHTO.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\snapshot_blob.bin (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.dat
|
InnoSetup Log CD-DVD-Runner, version 0x2a, 3904 bytes, 910646\user, "C:\Users\user\AppData\Local\CD-DVD-Runner"
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\v8_context_snapshot.bin (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\CD-DVD-Runner\vk_swiftshader_icd.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-21TFJ.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Y3hoUa55dT.exe
|
"C:\Users\user\Desktop\Y3hoUa55dT.exe"
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
|
"C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
|
"C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp
|
"C:\Users\user\AppData\Local\Temp\is-5D58D.tmp\is-LN43L.tmp" /SL4 $2042C "C:\Users\user\Desktop\Y3hoUa55dT.exe" 3710753 52224
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bnkbuqg.com/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b617e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee969e3cce69921f
|
45.88.90.160
|
|
|
|
http://bnkbuqg.com/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc15c7ec939e32
|
45.88.90.160
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
http://vovsoft.com
|
unknown
|
||
|
https://vovsoft.com/newsletter/
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
https://vovsoft.com/contact/.
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://45.88.90.160/
|
unknown
|
||
|
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
|
https://vovsoft.com/contact/
|
unknown
|
||
|
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://www.openssl.org).
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
|
unknown
|
||
|
http://45.88.90.160/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86ec958644
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.openssl.org/f
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bnkbuqg.com
|
45.88.90.160
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.160
|
bnkbuqg.com
|
Bulgaria
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmartCD
|
ig_i67_2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmartCD
|
ig_s67_12
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2717000
|
heap
|
page read and write
|
|
|
|
2B41000
|
direct allocation
|
page execute and read and write
|
|
|
|
301E000
|
stack
|
page read and write
|
||
|
20CE000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
3876000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
680000
|
direct allocation
|
page execute and read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
48D000
|
unkown
|
page read and write
|
||
|
49E000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
49E000
|
unkown
|
page readonly
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
2334000
|
direct allocation
|
page read and write
|
||
|
2620000
|
direct allocation
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
992000
|
direct allocation
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
6D6000
|
heap
|
page read and write
|
||
|
38FC000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
570000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
344D000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
A20000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
3439000
|
heap
|
page read and write
|
||
|
34D9000
|
heap
|
page read and write
|
||
|
3494000
|
heap
|
page read and write
|
||
|
3437000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
338D000
|
heap
|
page read and write
|
||
|
338E000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
2D2B000
|
stack
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
338E000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
3422000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2371000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2305000
|
direct allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
3389000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
34CF000
|
heap
|
page read and write
|
||
|
4C3000
|
unkown
|
page write copy
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
3170000
|
direct allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
4C3000
|
unkown
|
page write copy
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
980000
|
direct allocation
|
page read and write
|
||
|
4C1000
|
unkown
|
page write copy
|
||
|
9B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2067000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
3388000
|
heap
|
page read and write
|
||
|
2B7A000
|
direct allocation
|
page execute and read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
327F000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
3387000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
3387000
|
heap
|
page read and write
|
||
|
26F0000
|
direct allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
523000
|
unkown
|
page execute and write copy
|
||
|
25A0000
|
direct allocation
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
3170000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
317E000
|
stack
|
page read and write
|
||
|
2670000
|
direct allocation
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
256F000
|
stack
|
page read and write
|
||
|
3448000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
3381000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
3389000
|
heap
|
page read and write
|
||
|
6C4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33CD000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
2679000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
AA8000
|
heap
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
ADA000
|
heap
|
page read and write
|
||
|
A00000
|
direct allocation
|
page read and write
|
||
|
930000
|
direct allocation
|
page read and write
|
||
|
2AA9000
|
heap
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
3383000
|
heap
|
page read and write
|
||
|
990000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
358F000
|
stack
|
page read and write
|
||
|
26A0000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2308000
|
direct allocation
|
page read and write
|
||
|
2C2C000
|
stack
|
page read and write
|
||
|
2061000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page write copy
|
||
|
945000
|
heap
|
page read and write
|
||
|
A32000
|
direct allocation
|
page read and write
|
||
|
3439000
|
heap
|
page read and write
|
||
|
2331000
|
direct allocation
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
2629000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
3426000
|
heap
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
48D000
|
unkown
|
page write copy
|
||
|
344F000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2061000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
900000
|
direct allocation
|
page read and write
|
||
|
3387000
|
heap
|
page read and write
|
||
|
344E000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
3385000
|
heap
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
34E5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
338C000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2314000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
523000
|
unkown
|
page execute and write copy
|
||
|
34D8000
|
heap
|
page read and write
|
||
|
20A4000
|
direct allocation
|
page read and write
|
||
|
A30000
|
direct allocation
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
246F000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
20F4000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
350F000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
A40000
|
direct allocation
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
343D000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2062000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
There are 206 hidden memdumps, click here to show them.