DealPly
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 345 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 1,149,717 |
| First Seen: | June 1, 2012 |
| Last Seen: | February 2, 2026 |
| OS(es) Affected: | Windows |
DealPly is an adware, which suggests a better price finder for e-commerce. However, DealPly generates and displays annoying pop-up windows when you are buying items from online shops by pushing associated deals. The website of DealPly contains uninstall instructions, but many computer users confront problems deleting DealPly from their machines. It is recommended not to have DealPly on your PC to evade potential harm to your privacy or workstation.
Table of Contents
Aliases
2 security vendors flagged this file as malicious.
| Antivirus Vendor | Detection |
|---|---|
| Symantec | Adware.DealPly |
| Symantec | SecurityRisk.Downldr |
SpyHunter Detects & Remove DealPly
File System Details
DealPly may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | PLHDz.exe | c50449ecb4675edf97de5b1ec690db99 | 3,768 |
| 2. | Reberan.exe | 66810b82f698509b04fff889e3d221c6 | 1,475 |
| 3. | HelperUpdate.exe | 001490591656680baab70ded86ac1041 | 506 |
| 4. | trz4C4C.tmp | 5077228f72b4b166d28144162a07ef4e | 328 |
| 5. | Helper.exe | b2ac1d43c876350e339fd6d644435ba8 | 229 |
| 6. | updane.exe | 04b05171f30e893d44b3783484b07715 | 199 |
| 7. | cumanocace.exe | bd80decf86ba5cc6395db7a6eeedfffa | 181 |
| 8. | Renom.exe | 6aff3c249cca24457438d713e8aa6a40 | 171 |
| 9. | Gomasufa.exe | d8de5f86431ea5a7a6beb283c937ebb8 | 131 |
| 10. | sifudute.exe | 04a2b2be8464b1852b0c3a7e6ddb8f15 | 87 |
| 11. | SyncTask.exe | e335e4cddd7c7784ca79db55133d1214 | 84 |
| 12. | updater.exe | f328eefd8e5a9741d62b7e99001201d9 | 83 |
| 13. | ProductUpdt.exe | 212d996cd8dc8149c6d5a08adb2fce9e | 75 |
| 14. | UpdateTask.exe | 0a110bbf279af06c2a7b767611e5c979 | 72 |
| 15. | SynHelper.exe | be085e509644ee94292d876a0e20769e | 70 |
| 16. | Foniru.exe | 5d7f7e17212bf54ddd7077dbbe78a048 | 60 |
| 17. | UpdTask.exe | b0410c3ce5f63407ecb10423eb5162c7 | 60 |
| 18. | syncversion.exe | 982b61432b504ff73b89e0f3eb045465 | 60 |
| 19. | UpdateTaskUpdate.exe | 6c40b9558d30f76a771c9bb671e49fc1 | 56 |
| 20. | Tededo.exe | caf69c292b37b7fde6b9c1730dddb402 | 18 |
| 21. | Kenigeto.exe | 12692b26e66dfe2e013b3f6e9219c58e | 16 |
| 22. | nironisos.exe | d2128166fe2470ac7c0f0ef5ceab9cec | 15 |
| 23. | trzA89E.tmp | 6ca2f26795fe267b35fd8d17a73f8300 | 13 |
| 24. | Pumobiso.exe | 68c22a39875ccf15841778028c25dc98 | 10 |
| 25. | dibubi.exe | 50f52b4f09b6e7aa01b7828c6fec4e01 | 9 |
| 26. | updatetask1update.exe | 6c95f772062c645d3150cbc46c40bdea | 6 |
| 27. | cenepopo.exe | ce96487b9af27a1482eacdb0e412515a | 5 |
| 28. | trzC6C4.tmp | 15c728b50c29701f9aea15456d4f96fb | 2 |
| 29. | sync.exe | 1a504e1b0bac06214421bbdd4ab39a99 | 1 |
Registry Details
DealPly may create the following registry entry or registry entries:
CLSID
{04E432B8-204C-5E00-4DD4-7BE869BC8770}
{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
{1E0C9B2A-6447-452C-B012-2314A0C29412}
{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
{501CB57A-D4E2-4855-96AD-EDB0A9083395}
{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
{80FABB17-63AF-4655-9F07-B6509EE37AF2}
{83ABA270-8390-4CA6-AE48-FC089F55629E}
{8B218A5F-1A3D-4347-94EF-A79575EB8094}
{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
{9cf699ca-2174-4ed8-bec1-ba82095edce0}
{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
{C536F080-57B7-46D6-8894-C647553F2889}
{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
{EF7BD87A-8024-11E2-F316-F3E56188709B}
{F48FC5B2-094A-44C7-B48C-289738C9582D}
{F7698761-4ABA-45C2-A5BB-D2163922C725}
{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
File name without path
productupdt.exe
synctask.exe
syncversion.exe
synhelper.exe
updane.exe
updtask.exe
Regexp file mask
%APPDATA%\DealPly\UpdateProc\UpdateTask.exe
%APPDATA%\Setup[NUMBERS].exe
%APPDATA%\UpdateTask\productupdt.exe
%APPDATA%\UpdateTask\Sync.exe
%APPDATA%\UpdateTask\SyncTask.exe
%APPDATA%\UpdateTask\syncversion.exe
%APPDATA%\UpdateTask\SynHelper.exe
%APPDATA%\UpdateTask\Updane.exe
%APPDATA%\UpdateTask\updtask.exe
%APPDATA%\w{3,30}.exe.dat
%COMMONPROGRAMFILES%\UpdateTask\productupdt.exe
%COMMONPROGRAMFILES%\UpdateTask\SyncTask.exe
%COMMONPROGRAMFILES%\UpdateTask\syncversion.exe
%COMMONPROGRAMFILES%\UpdateTask\SynHelper.exe
%COMMONPROGRAMFILES%\UpdateTask\Updane.exe
%COMMONPROGRAMFILES%\UpdateTask\updtask.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\productupdt.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\Sync.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\SyncTask.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\syncversion.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\SynHelper.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\Updane.exe
%COMMONPROGRAMFILES(x86)%\UpdateTask\updtask.exe
%LOCALAPPDATA%\UpdateTask\productupdt.exe
%LOCALAPPDATA%\UpdateTask\Sync.exe
%LOCALAPPDATA%\UpdateTask\SyncTask.exe
%LOCALAPPDATA%\UpdateTask\syncversion.exe
%LOCALAPPDATA%\UpdateTask\SynHelper.exe
%LOCALAPPDATA%\UpdateTask\Updane.exe
%LOCALAPPDATA%\UpdateTask\updtask.exe
%UserProfile%\Local Settings\Application Data\UpdateTask\productupdt.exe
%WinDir%\System32\Tasks\Dealply
%WinDir%\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
%WinDir%\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
%WINDIR%\System32\Tasks\DealPlyUpdate
%WinDir%\Tasks\Dealply.job
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineCore.job
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineUA.job
SOFTWARE\Classes\AppID\DealPlyLive.exe
SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass
SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine
SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback.1.0
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc
SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc.1.0
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dealply.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.dealply.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dealply.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.dealply.com
SOFTWARE\Classes\Wow6432Node\AppID\DealPlyLive.exe
SOFTWARE\Classes\Wow6432Node\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
SOFTWARE\Classes\Wow6432Node\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Software\DealPly
Software\DealPlyLive
Software\Microsoft\Internet Explorer\Approved Extensions\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
Software\Microsoft\Internet Explorer\DOMStorage\dealply.com
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Dealply.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Dealply.job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineCore.job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\DealPlyLiveUpdateTaskMachineUA.job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
SOFTWARE\Wow6432Node\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
SOFTWARE\Wow6432Node\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
SOFTWARE\Wow6432Node\DealPly
SOFTWARE\Wow6432Node\DealPlyLive
SOFTWARE\Wow6432Node\DealPlyLive\Update\Clients\{0d629f4e-4984-400f-addb-97a2cb6ae549}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
SYSTEM\ControlSet001\services\dealplylive
SYSTEM\ControlSet001\services\dealplylivem
SYSTEM\ControlSet002\services\dealplylive
SYSTEM\ControlSet002\services\dealplylivem
SYSTEM\CurrentControlSet\services\dealplylive
SYSTEM\CurrentControlSet\services\dealplylivem
Directories
DealPly may create the following directory or directories:
| %ALLUSERSPROFILE%\Application Data\DealPlyLive |
| %ALLUSERSPROFILE%\DealPlyLive |
| %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\DealPly |
| %ALLUSERSPROFILE%\Start Menu\Programs\DealPly |
| %ALLUSERSPROFILE%\cofrags |
| %APPDATA%\DealPly |
| %APPDATA%\Microsoft\Windows\Start Menu\Programs\DealPly |
| %APPDATA%\bodor |
| %APPDATA%\hodor |
| %APPDATA%\wincbee |
| %APPDATA%\wincy |
| %COMMONPROGRAMFILES%\bodor |
| %COMMONPROGRAMFILES%\hodor |
| %COMMONPROGRAMFILES%\wincbee |
| %COMMONPROGRAMFILES%\wincy |
| %COMMONPROGRAMFILES(x86)%\bodor |
| %COMMONPROGRAMFILES(x86)%\hodor |
| %COMMONPROGRAMFILES(x86)%\wincbee |
| %COMMONPROGRAMFILES(x86)%\wincy |
| %LOCALAPPDATA%\DealPly |
| %LOCALAPPDATA%\bodor |
| %LOCALAPPDATA%\hodor |
| %LOCALAPPDATA%\wincbee |
| %LOCALAPPDATA%\wincy |
| %LOCALAPPDATA%\{021D3441-26B5-58F9-4B2D-7D116F458189} |
| %LOCALAPPDATA%\{57E4615F-72B6-0C29-1980-2BFBC552D6C5} |
| %LocalAppData%\DealPlyLive |
| %PROGRAMFILES%\DealPly |
| %PROGRAMFILES%\DealPlyLive |
| %PROGRAMFILES(x86)%\DealPly |
| %PROGRAMFILES(x86)%\DealPlyLive |
| %UserProfile%\Local Settings\Application Data\hodor |
| %UserProfile%\Local Settings\Application Data\wincy |
| %appdata%\opera_helper |
Analysis Report
General information
| Family Name: | Adware.DealPly |
|---|---|
| Packers: | UPX! |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
322bc0d435f066f065abc33a8b4fdf3d
SHA1:
c7569d19cec2afd9e34027e4852fd883c8e161d3
File Size:
2.16 MB, 2155008 bytes
|
|
MD5:
6a8808c097d482ca337a92c6a200470a
SHA1:
9112e93864bc1faec99af3b558b3574573ade653
File Size:
2.01 MB, 2006528 bytes
|
|
MD5:
b06c1158ebb5592b3dfc6bb276c52e05
SHA1:
8be762de4416411d16d6d47cb8eab9d29eb9f852
File Size:
599.04 KB, 599040 bytes
|
|
MD5:
de2b43c3de4a983aba19cff726744077
SHA1:
542faef7dc76c2b77cb461a16d364b6d70507f27
File Size:
642.56 KB, 642560 bytes
|
|
MD5:
792497115e6fa49c2ddc93018b95f7ad
SHA1:
72e5bb8f34e0994a395d367cf1261b6088eafd0b
File Size:
412.16 KB, 412160 bytes
|
Show More
|
MD5:
732d21d29bf4677e656ead230930a30d
SHA1:
b46a9d3317cb811fb1956685e0e6f145210f039e
File Size:
515.07 KB, 515072 bytes
|
|
MD5:
8a2de969cf851d141f9e1e17148ff088
SHA1:
986f26ce1a5e7b77ff45acf8e380091aa385e967
File Size:
2.23 MB, 2231808 bytes
|
|
MD5:
668e3e57dba1916926597fc3e0466a09
SHA1:
48283c9fdc5b17102ae2370e64115a6f962dc699
File Size:
2.04 MB, 2042368 bytes
|
|
MD5:
2e0ed9533d1098c33a1a21a239ff0bdb
SHA1:
159a82e5dfdb5113e0ead5850d857ea28e619342
File Size:
384.00 KB, 384000 bytes
|
|
MD5:
0b328b9ee1f777c09fc240e3f3a2f379
SHA1:
eb1b3033e713164d3ab44be1a06b8ab24eff070b
File Size:
359.94 KB, 359936 bytes
|
|
MD5:
0cd5b743126dc626e470a090d08c2da7
SHA1:
512dfef7ae7b444bb5b2ea68b5355c940e74ff39
File Size:
37.53 KB, 37526 bytes
|
|
MD5:
018d437c10beb863fa6124e3ede3e1cf
SHA1:
d9d3f025f7c453b23875c3cd0c4acc52a29ec52a
File Size:
498.18 KB, 498176 bytes
|
|
MD5:
44dfbf9ba7bde1a4a36346b9afe47385
SHA1:
503e29accbe0a0983279d1f0fa9c2e112aef71e0
File Size:
1.53 MB, 1525248 bytes
|
|
MD5:
f1f918522a5a7cd8d19b3260fb5c95c3
SHA1:
ee8530fe1e57a1baf1b915062ab37dff19e93a0b
File Size:
1.98 MB, 1984000 bytes
|
|
MD5:
a6812f9017064cd5e5fc20f59de5156d
SHA1:
82b1cce19bb602d3e75d6209446ad3c221f58a11
File Size:
2.33 MB, 2329088 bytes
|
|
MD5:
87086f117ccdc3059294cdd8faedb8c2
SHA1:
d1bca28e105acd0b191f602566e87d80ba54c104
File Size:
625.15 KB, 625152 bytes
|
|
MD5:
7c816162d7f24a333d3658881fa258f7
SHA1:
70bf4e6c70ea40f5c67ec2236ff394b85ad2d991
SHA256:
A6D423D4F5841F29C7861C32B31A4F2252E508D865FB37145D929918CB666773
File Size:
158.21 KB, 158208 bytes
|
|
MD5:
39b7aff5d3998ff8c98eb3ce6503cf68
SHA1:
a8ab1897444ae332d7f43b46dadb2ef37bee88a7
SHA256:
13DDE1C43D6A8AF0A75628D059C1147CD2830153E8D9F2C492C708EC0D170026
File Size:
499.71 KB, 499712 bytes
|
|
MD5:
6e4b7660e75dad2f14cda94963e85865
SHA1:
aca4a66ed34951d14853440634137cd1fc64db30
SHA256:
BA3173341F4A31BBB2D4AED2D757F23671BB46C625CEF7BB63573BDBB3856FC5
File Size:
609.28 KB, 609280 bytes
|
|
MD5:
3c5c746e56a0dca067f35ddcc6d2f95a
SHA1:
a6724a8be6c6197e2a23207a19ed7653b1daa4db
SHA256:
FDDC81EB048DF6BB0F19982727954E219262068A398D759AE885BE789C058336
File Size:
450.60 KB, 450603 bytes
|
|
MD5:
333a857872922c43d23e03ce09872623
SHA1:
dcd05d242e539eb26cc08002b65d0c2291698c04
SHA256:
2F2D75891457A14EDD8AFA2DFCF74C68E5D1AA3A209825AF5FFE90B14F782889
File Size:
1.60 MB, 1602349 bytes
|
|
MD5:
b84eecb2d5c7fb7b34ef8e5a28457f68
SHA1:
9d9a3b0ea14bd42ec88c370dacd3d1beeec4b038
SHA256:
9B3D0067264CC47DE8144D49056336D00E36B7BB883AD127A47AC26FD7C309D2
File Size:
497.15 KB, 497152 bytes
|
|
MD5:
384d4b181791db1e6f914f0eaf359130
SHA1:
e1d89325ece435a4cba910a5b601e9bac6273a2f
SHA256:
727EFD5E3D6B2DAD9833A30B63A3287DF29D205521021166F69F1747EE682248
File Size:
931.84 KB, 931840 bytes
|
|
MD5:
96cc1dae061d60b04ebc8c3fa6177ca5
SHA1:
363c4ad49b9bb44d65ae53f0a97c262ccc484e6f
SHA256:
E42F6EFB6EA346FEA4B6D0A7F5BB7D5C72F5468860D8842303A61F7A3A2DA560
File Size:
920.58 KB, 920576 bytes
|
|
MD5:
f598a0bcc700ff4aff3f86e419b7f982
SHA1:
fa51aa0ac6ee3ca3e148c50930da6d90be50c521
SHA256:
3241E78EF1A4288515246FD93FD9FDA74DE1AE11502B387B474BC2B6D69693F0
File Size:
942.08 KB, 942080 bytes
|
|
MD5:
235066543486467f35d324b05d54063b
SHA1:
ddb1077555cbe80a01767f6e181f5558267cc3e8
SHA256:
33B08D1A19262047524508BA1A72B61CAC90B10ED9D0FB3A2D180C486A402228
File Size:
675.84 KB, 675840 bytes
|
|
MD5:
d10584e879e3f64a399bb8bc9b7caf78
SHA1:
7c2029a59bff0828f58206e9c8292a142eab6599
SHA256:
480BBF6243D4A752A41E0721A6E9D6B98934FD8410BDBA224B8AB7DAE7F6E4A1
File Size:
349.18 KB, 349184 bytes
|
|
MD5:
3e0ace9dc816de798323dfafb3ab0102
SHA1:
4ff7ed4feab171e5dcaeb8fc5eafea68e529dfad
SHA256:
7DAA4F1C7ECBA21CDCE01BB41CDA16AB056CF8EE47ABBC7880F9EB02570EB5E9
File Size:
566.27 KB, 566272 bytes
|
|
MD5:
759c005592331dca948839354672ca1d
SHA1:
a452ec87a08a73d635f214f38d28d7ed0fca9d34
SHA256:
C538B0256577E6C6A29BD7D2915CB775CDBC3BCDA155D42FA44D9454B62C1963
File Size:
2.00 MB, 1998848 bytes
|
|
MD5:
e894d2c25840a1b79b8c008f5ae4f3e7
SHA1:
f0b3287e9b3166c8fccd23e3c1bbfd8a1f637988
SHA256:
6530502F0B9CB6CD7D0F802EB1CD190AE7A3BEDC1C795F0A4B7D5387C191139F
File Size:
508.42 KB, 508416 bytes
|
|
MD5:
dad4ba38937626adf18b88d053cce48b
SHA1:
a0fd733aac50c51fa4db8819220334179aa10b99
SHA256:
4F1389EAE6AF1883D059BAC78145D95D67179B57032777542302B0D092023661
File Size:
605.18 KB, 605184 bytes
|
|
MD5:
52ac020ab64ebd75988c1e68f669adb7
SHA1:
91c90d09a42a69930f1a3a8edb687cf68f903d41
SHA256:
FA850306EAE5498AAD59C8CD70FCE63813EF669D59B4C028A3525C8229128B3B
File Size:
569.86 KB, 569856 bytes
|
|
MD5:
a85e51e8f0bd0e35e0c36faec596cf34
SHA1:
a116ddebdfa102a2ca5adb3632d0ecc50c281a77
SHA256:
B4ABD1F903F7E38570B58469E1D82233CB61F7F60F3CB2E6E491FE7A0EF1D18A
File Size:
2.07 MB, 2067968 bytes
|
|
MD5:
2b40ea7a5e1bdf1e7175c269730da854
SHA1:
e171f2026d54989fda4e76602b939074104f0123
SHA256:
25E597D91F30C2AFC061029A57A1F0D78CACB314DA314107EA2CBD0B4BAC8B37
File Size:
865.79 KB, 865792 bytes
|
|
MD5:
4e2c5a0949b2b48c9348cf340fc3cce3
SHA1:
879eac56778f084b8c2ed457a734516cc6cde59f
SHA256:
BF979D84B9CC8501384E87BF07F093F2B4BA48185EC687BBCF5E4C5EB9E4C58E
File Size:
2.02 MB, 2021376 bytes
|
|
MD5:
d9b9fff3ef2c80c50d145c6dc25ad678
SHA1:
924eb6595563d1ef702937324ea398556dea04c0
SHA256:
E610DCD388940039C7778D91F698BFA26BFFBA02EADA342C3B40804C4A43018C
File Size:
2.07 MB, 2072064 bytes
|
|
MD5:
8170e4520fa3d55cfbceae5327844b25
SHA1:
502569d4c42b0e4847035091f2c3cbd7d82cc3f3
SHA256:
AB15E60EFCA233FA4DB7891E9827E7852EEC1F5D4F91176B6C66DB18878E8200
File Size:
504.32 KB, 504320 bytes
|
|
MD5:
0daaf0f048988cd5011d35d2217357f0
SHA1:
8c981b81f7772e230f25853744b37bdf9f88c364
SHA256:
923CC0DBA54F9732DDF9E9B7EEE158B8E104F728498EEB86CD3176580E7A12A2
File Size:
660.99 KB, 660992 bytes
|
|
MD5:
3a2197e3ba68465f95b73483133b9a3f
SHA1:
0cbd62ebfdc86a6e8abcc623a43ef44ccffe20cb
SHA256:
3D9B4C5156CD341FD455A32330EF56E261F5C7046A1D681DEEB94C893D98BD4D
File Size:
2.31 MB, 2305024 bytes
|
|
MD5:
69e4cfdef214423fa29d0d17154784fc
SHA1:
c82668cd4ed6bb85583ef34c4c4f2f6a7167e782
SHA256:
EF48DE7981A01406661537BFD1FC59F4F011D3AEE8906A3F5E99D617AD9E475C
File Size:
159.74 KB, 159744 bytes
|
|
MD5:
cbe9ad3abf9c86e996d66a47495bb36d
SHA1:
a73823e53777f494ed02e85939a7969433038d08
SHA256:
E76BB64F76B552F524CEBA03C6294D0C2DDF5551C22A27EC889149053D7D06A2
File Size:
585.22 KB, 585216 bytes
|
|
MD5:
aced5acdf7d6475b7fc768f91c142e5a
SHA1:
51281e9bfbf71e6b64a2c25a9e796f84f8d3754e
SHA256:
0BBA69FDDEA8ED6DA7E387311E0029B61135B15F54F6BFC55CCC204A8690B02F
File Size:
951.30 KB, 951296 bytes
|
|
MD5:
ddf16ad3c65979aba8241f643733b6a2
SHA1:
ba49833574cd145e1364e91ac4afbbd3623eeff9
SHA256:
EF99F5582E7A43A41180F4E810509CD32EFA30992B842E97B4AB023F45DBA3E7
File Size:
663.04 KB, 663040 bytes
|
|
MD5:
51c9b163296515e18b2dc4ea420c39cd
SHA1:
7cb18b59953212dbd401c2d843c180457db2e901
SHA256:
D2CFCEB5A2C1C3800B8D56AFE120B2E837AD9436FD19A435ABF823F5DC6CFC41
File Size:
2.35 MB, 2348544 bytes
|
|
MD5:
f765e1b5d6607c1c8ee4feb4b3ec321f
SHA1:
0f8693e1d61e9a692db248feaf3fe4207cdd9a06
SHA256:
3AB6EE6B4A0ED5FF5DE8B28D97B569F96BF77312DE8F3775DFF0BED1A140B5DB
File Size:
666.11 KB, 666112 bytes
|
|
MD5:
717b326d477f3c8a028f665532d8b90f
SHA1:
34a40d272707f2035bf41cd8ed0de8c44d0f99b4
SHA256:
A1E9454662B493B22ABE862B84FDA7F2362DD7092D12611394990DB813B67681
File Size:
2.17 MB, 2169856 bytes
|
|
MD5:
7862a33e98f33a12e6dfe1643945c224
SHA1:
6c8e055349ab3dd88b64628c3fb3a2a7f83ae1cb
SHA256:
0C9C041D219793FC3108DD5530585260E1045EE62A8595766CE371BAD8242289
File Size:
2.33 MB, 2334208 bytes
|
|
MD5:
2263e6041435bca6ccb1803dc6a2c848
SHA1:
93efb8447c5fe5f2e449a33d2e1dbd59bea019de
SHA256:
38B4F7DE4D7B368129342DABD6BB3155CA006CF6173D934636F454DD4F540B97
File Size:
479.74 KB, 479744 bytes
|
|
MD5:
c38d83e80ab88b91886fbaf819c460bb
SHA1:
be9f95f0742fa678d9e53a3d8182fb0c7ca5c6f8
SHA256:
FCF063883BB3AF232D4D20796067A9CE98F5ACCCB0645C38B5280AD137A61490
File Size:
640.51 KB, 640512 bytes
|
|
MD5:
7cb1250036269915a830e8dd90ab46da
SHA1:
96902407d27f294ef44c7996172300eb2a9098cb
SHA256:
80E5A535A4341D8EADAF6A835B93CB782A04D6C9B34C4300B588C136DC0054F5
File Size:
594.43 KB, 594432 bytes
|
|
MD5:
ef6076895a548d87749fde90596aa47c
SHA1:
c5904faf185cc0680247a8fd873c6edbb5847907
SHA256:
05A55429AB9B1ADF4F40C761034EF7BCA6C24672E359EDDAA82F5E421ABA0150
File Size:
2.09 MB, 2091520 bytes
|
|
MD5:
9b98e2058c40a5c0f95aa1e2bc8623f8
SHA1:
94285d24aae598c8d391534d2eafb95231afeced
SHA256:
8BE2E6A5AF8F03343C848ECBFB4FAC0D1254DFE2220BD86746F6BE2CAE027FCE
File Size:
2.07 MB, 2067456 bytes
|
|
MD5:
3495607de57b568d139017c2d80d45c0
SHA1:
aaeacfec692f2966e78ee21f728ab7a330b494bc
SHA256:
84B4CDEBB0A0F8ADAE46DDA770FFE4BCE0B3A2F17BE1E725071A3C94F4602BC2
File Size:
576.00 KB, 576000 bytes
|
|
MD5:
a900944e7ccdf250588d26e76c1a05db
SHA1:
a84c2c970414558991897a03f6b0d5e13b2937f1
SHA256:
282C362833EC7E210B579D5A3D380828CFCADD0E4A56B13DD6F76EA75EDDF728
File Size:
646.64 KB, 646640 bytes
|
|
MD5:
53b34401a1999fb45241e2c0cdc976f1
SHA1:
49f5ae0d652eba568efc2663afda755368ab9f4f
SHA256:
45AC0BB83B0824F1EB5D7128FCE3962D90F6428EE07D26DA43FEE84967037A25
File Size:
1.05 MB, 1050624 bytes
|
|
MD5:
256b4f536d22434b1c8471f51209f37b
SHA1:
7d4d311161d85ef022283b129582526b179de2b0
SHA256:
532E593E4F5E68654532B140DC31FAF724AAA040B33D63D36C5E8DD507801A7D
File Size:
582.66 KB, 582656 bytes
|
|
MD5:
703dba0a9a1e01cbb159047653cef09e
SHA1:
de5736d7af9c6d00639466fb5f6967687792e53f
SHA256:
6A7C256F74F734E55B782FFB2429DC8BAF57C31FC0DDA5C5456C0C55874C0CBC
File Size:
2.43 MB, 2428928 bytes
|
|
MD5:
8b6706392b93bae74b913fb20453de3e
SHA1:
08bdbbfaf97b2fcaa36ae52d187bf183f9c23284
SHA256:
683A3F52F7C2496D26802A50F9687C5BF58A84CE4568E0307CF2B8612849EF14
File Size:
2.16 MB, 2159104 bytes
|
|
MD5:
b847bc3d540c4d064d75967ef1563e64
SHA1:
f234efd95070228408e4b8607edcf73e62040b35
SHA256:
E152D63B5B90789EE6F945D8AFBF107047DA0BA81D3C33600BC40A4FFBCB5735
File Size:
517.63 KB, 517632 bytes
|
|
MD5:
27b28f5b4a8f74017f0dfc24188efaa9
SHA1:
2a0060c384fbbf93ad15950bb9e7cf64d31f1f2b
SHA256:
882A7631D99FCFE7876605442E0167C6600CFEF441A84223D9EC8EE5AA7C7045
File Size:
501.25 KB, 501248 bytes
|
|
MD5:
e0db6137b3c9711d66517bbf0b1ac888
SHA1:
6bf16c23ef0d1c1d15660a64edcdc0386d08868a
SHA256:
374A9BA8DB076033DAFD9FC5E7746217B9A88D1F16116CB2479AF4BF65FE3759
File Size:
939.52 KB, 939520 bytes
|
|
MD5:
a864d14776ec3e2b9874f847436d5227
SHA1:
e0e47188742acb7071a2b9c682878212dbb9e241
SHA256:
8833E98DB645805B24D93F88FAED82AD272C14E7778E4035900750D098070472
File Size:
129.54 KB, 129536 bytes
|
|
MD5:
791b6c6f88d7d473d7bbd59a826a5b5a
SHA1:
c6d9a9fd6c41e55159d24aa1d7ff772b1c8d2efa
SHA256:
7CB2942D3F46E6A64D3A3A571F2E475BA8859A2078D6FE4B609354AC14358BA4
File Size:
192.51 KB, 192512 bytes
|
|
MD5:
3cc4136ab646fbb0cedfcd0d30081ec5
SHA1:
d5c155b9659a455bef4b97eea14650d49752b327
SHA256:
929EE7D387289E2A992B54C7167E58E9E474BAFC5C12603A09BBE65D11E47A36
File Size:
555.52 KB, 555520 bytes
|
|
MD5:
f715c11202975c46dbcf4ca62a69f218
SHA1:
cffb13688098c7ca98eb8d821618b9f49efc7ca2
SHA256:
5A1B096A2009BCC93E879E5AE3894B8BB04D092DE23B50A8021151247E8922A7
File Size:
2.38 MB, 2383872 bytes
|
|
MD5:
e1f5879121900adca52e19f42a3db925
SHA1:
27725d7f498aac8284cc8317265487c67d6a1ca5
SHA256:
6E021B5CDF121B0EBEA3AD98BDAC2645B5C1E16831E2B325524C6CD7BE7968BC
File Size:
278.02 KB, 278016 bytes
|
|
MD5:
67ef3cfd4193687a9de0e6753d8923a3
SHA1:
5c93288bdc42955978286516b3bc843d42cdc074
SHA256:
BC3D411D2BA38980C2218C27650FAEC941C479341F8BA2836F6F4EAF413310FA
File Size:
906.24 KB, 906240 bytes
|
|
MD5:
56b950d74b0a575f3c7aeea826fd414a
SHA1:
584eaa94f9435860e1fce9d9d1aa06d5b226162d
SHA256:
8A4DE77DAF825E9169C43A85C761D76ED44A9C00BA1A5250B1AD0A2CCA312E61
File Size:
629.25 KB, 629248 bytes
|
|
MD5:
eaf19794a873ed4a1d52a41c3c3ba3eb
SHA1:
0f8d045bdf3a47b30080bd18d8e290c73c884a00
SHA256:
50C016FB4CC184D8BD39337B01E05C987FE78E2AD5A7827EA8741EEB9ABB8DFD
File Size:
660.99 KB, 660992 bytes
|
|
MD5:
8fa99386ebf5dd3549f0d6b608bf4116
SHA1:
92a3b1e19407e9b0b78f42826aa5a9842f7c0235
SHA256:
9199FD030D2A5A7A0BC7449C5B794C47E6772A84999A7A41795A2C1CB4227F82
File Size:
946.69 KB, 946688 bytes
|
|
MD5:
9053c12618c8313e003cfe43bbaeedbc
SHA1:
567fcec09f972a094300f9dcd67ff17a61ebd7a6
SHA256:
4CB0180620BF58209365FE1830440BC8BB9D5300ADFE22DF3699AA2D30145B42
File Size:
947.20 KB, 947200 bytes
|
|
MD5:
e16b71c9226ec598384f0141503ac10b
SHA1:
23a25568819a94b6c47d0dd7b57056eb97930172
SHA256:
38E381792C785B7EF0A3A62F28E909EBC74DB3274D8CA3021D326A64FA20FFB9
File Size:
507.90 KB, 507904 bytes
|
|
MD5:
ada048b4bf4b327d994a95a1841bb39b
SHA1:
4f318d44404f040b7de15cd1774cd333d8fbe614
SHA256:
C1DE4BB19E18B76201093AE15A68BD2E480B1C7DC20A129E0B429BFDA295BC8F
File Size:
613.89 KB, 613888 bytes
|
|
MD5:
d793a02d49690deca2dafc6712e5faba
SHA1:
e159e51d4eff0f7164d3d3bd0b8f1f215eee725c
SHA256:
715F08A3A448438780A2FD21038EC0DAC4324A51C0448CE82A8096484F403AF0
File Size:
558.08 KB, 558080 bytes
|
|
MD5:
36164d51ceade157bced739f4e50094b
SHA1:
007b88d61b996ba1a4d87a734cd80ed807599baf
SHA256:
6320FFE6D884D92752CEAFCBEC69FA2311BE2582327FE4056F89783EFE097B45
File Size:
2.25 MB, 2248704 bytes
|
|
MD5:
ff8b5bd38a6bb6acca343107a377d625
SHA1:
74d4f3dc8982637a34a18b162b2584c035ebedf3
SHA256:
57A3738E2A83C05A91969004EB54981AD494CF737F8F9B792DE553A6417B7396
File Size:
580.61 KB, 580608 bytes
|
|
MD5:
20d16572dd6dbbccc19d3326a4c78a35
SHA1:
34ba8c0d88ca0e4dbdffe2537b788aca8875071b
SHA256:
DAC0D96F1E0CD66AA29D443D02C3CB43149597BADDB4F49B0775BD7090D1896E
File Size:
2.36 MB, 2359296 bytes
|
|
MD5:
6e24c26cd94d0777a4fe840e01b0811c
SHA1:
8eee45200bfbe97d6e74b340087c48d9018958c1
SHA256:
5041B45BEA6C1E8AAA587C96BB3C2BA98D575C6EBE586849D0B8C78DFECC6B8E
File Size:
983.04 KB, 983040 bytes
|
|
MD5:
434c80c74c93f80a70e2f090f774f53d
SHA1:
b392d79855dfa265b0a7a06ef31edfead9074232
SHA256:
295AFE2B714C47DFBCE0B09BC63E9A96CCEC99DE23B36956DAE4D6910A637858
File Size:
552.96 KB, 552960 bytes
|
|
MD5:
f1ef34fc6a035d81f970aba63019ac36
SHA1:
3b0660c5e44419cbe05f0897b48241fe649ecacc
SHA256:
1FB50492E0FEEB9851884465E96296F198F9622DA8615E86D9FFF19FF00A4C21
File Size:
2.21 MB, 2214400 bytes
|
|
MD5:
21526487a7aff54fa11209f380824c50
SHA1:
432d2634579c0501377437a889a4d86ecc334700
SHA256:
AECEC31FD4A670F22EE0705AE35E2EB526FE70B29B46D9ED02E868AD01D19240
File Size:
2.15 MB, 2153984 bytes
|
|
MD5:
6a27e37a712c6f3c89959c43fd99bf04
SHA1:
d4a4a0125562feaa8d703c333a6ce759f0d52fbe
SHA256:
28A84CED5A384FCE4454F8C3B940CBEECD146D59130D6B31893ADDC17A3EBCD6
File Size:
900.10 KB, 900096 bytes
|
|
MD5:
68896cb33a757bedc600ea7af08b7738
SHA1:
89db61ba1668855d878b13731a8f634d584c7b99
SHA256:
E42AC9690DEF751395A473AE32F84E04349B6FD6496C62CC24240F494F8F4AA4
File Size:
965.12 KB, 965120 bytes
|
|
MD5:
8d9792468349db24d498856c2bbe9dcd
SHA1:
d7f5e808c873618f720852e474dca3719fb0a3fe
SHA256:
433FD86DB828A16B6DC9D8BA33C39BEB8D07E6589DB67F1B8F489E1C50AB3A68
File Size:
624.64 KB, 624640 bytes
|
|
MD5:
dce7e78ea8a9deaeae9759deb8efae33
SHA1:
996e9e3463a2b1cfd063318e330c235a49607035
SHA256:
A6217610AB069C52810FC450CCA56AC86CAA9529AC6535A04C4D9077C26BE4FA
File Size:
544.77 KB, 544768 bytes
|
|
MD5:
0e52a5b6221448683fd3e391ef46c5d2
SHA1:
902b3c281f611eb74f44515cac836b12db953ade
SHA256:
7C88A72FF7EB2FED797F9CA07D5FBC54E514318869FE38097D754B8028F821D8
File Size:
733.18 KB, 733184 bytes
|
|
MD5:
5fd3971293567f80acd804d9ec45e80a
SHA1:
6807a5c663a76d5505305c1a1495f16f6fadb7be
SHA256:
C18225BE3203C15373BAD68BF156E8EF09474CD2997A55046FEDC6253B2A1E94
File Size:
147.46 KB, 147456 bytes
|
|
MD5:
783a8125ab2df6a1b3950c71b952ce9c
SHA1:
2da4c882938e77e6dcf9834673e9cdfd7c02b8a3
SHA256:
74149238BF543731AD4679C87544882DC571A2A6C1F93446FB72D0C319F9C7DA
File Size:
139.26 KB, 139264 bytes
|
|
MD5:
dbd1593dd26dcaf4e194d84e8b4f053b
SHA1:
9f061acc914e77c62f012a91a7f4518dfdc646cb
SHA256:
AB6D85FDC2BFBF42B4619EAF3DEB0B1776507EC6FFA9C7FBDB5C4AF9577186D8
File Size:
2.14 MB, 2137088 bytes
|
|
MD5:
86b85eeb1ea0e8bf985cf02c10c1c5cb
SHA1:
2114d036e9ba75b482a3eb183cd0292e10389603
SHA256:
9E0891075CA93AD4269A980D82A590977E10B6B21A43AACFBA97EA6C51C9AACC
File Size:
778.24 KB, 778240 bytes
|
|
MD5:
f6680d5ed92d293210f7c0a23d00d50c
SHA1:
9ed49213ec4a55c4f71a7c05a3a91c856b333ef4
SHA256:
D7553EA8F66975C4ECD4B51D655C1C8361B2353850FF6C43D5A6EA4E41166F03
File Size:
653.31 KB, 653312 bytes
|
|
MD5:
7eb4b0d64bb712b1260998e056a726ee
SHA1:
0a26839e4eee2f656e10026ef016f742de66c47b
SHA256:
9516D19F7F13638055EF2D078F6F6F0E9701898B57C14996093D41A839195BB6
File Size:
653.82 KB, 653824 bytes
|
|
MD5:
f3c2b738980ab1e82e47c08cde6a7788
SHA1:
409623f32a212680c1b48f05365f190b5405455a
SHA256:
9BB55FFB45A9C827E9FFC57E2E541C72DEE13DEA605A7F204924A2B09F30189E
File Size:
2.26 MB, 2264064 bytes
|
|
MD5:
a0eb7c4fa5cdd69ee37f089eed1e83f5
SHA1:
e44684f85f2c11887dcd0d13067881391013fb84
SHA256:
A9A8DB216D1271BC6F5B8F9249F5FD9236CE24CCC4EE806AB7CB607A13C52611
File Size:
2.49 MB, 2491904 bytes
|
|
MD5:
99828a451bf497edc5439d65a13d539d
SHA1:
f154342d2157c40d6f6f70c98a667630173acd41
SHA256:
D7727B375344F18B98103ECEC1DBA15D03CEDEFD6A2E64E44BD950B726BCC365
File Size:
702.46 KB, 702464 bytes
|
|
MD5:
78a08da66842e64c197c0189f9c98d95
SHA1:
919695be0b85590040e5603afcf88a0395bac27d
SHA256:
78324D14807D64479D96E20A8797E9BA71B1318BAC4EEF192EFF783F897CA364
File Size:
575.49 KB, 575488 bytes
|
|
MD5:
07dc91104b581162b6b74e012097aee9
SHA1:
cab4da4857eaa8e26a8a626cc2674c678479b435
SHA256:
70E7DC35DBAB675BFBC788C0157A80D830BA5B4644109E2411BE8EB52520BA11
File Size:
925.70 KB, 925696 bytes
|
|
MD5:
a283345ebfdaf1e6733f7605724ef45c
SHA1:
9add9ff5f99a83f93a2c3918c20a1611cda6b890
SHA256:
549EECAE1AB2CDF535CD342641800691DA80EB81282A0DFC4C7BF213904DAC4C
File Size:
2.19 MB, 2193920 bytes
|
|
MD5:
ccbb3f6baeca6b2898c7a9c9b48c83ee
SHA1:
25d9320d03055d665bfff30eb7da7e40aabf661f
SHA256:
873160CFF1C9A9B94333A0D620E919771F5D40EE06D1D82F6BC8F5B61B4EF5CA
File Size:
2.25 MB, 2250752 bytes
|
|
MD5:
fc31136017d3bb75f30c6a3a252d734e
SHA1:
7ed0371bc25bfc90deceb4b7cf519a2a63836d8e
SHA256:
7E336D31DE088E06907AEB00749565B9E383030B7D03D1524DA79460D5A9E9BC
File Size:
2.00 MB, 1999360 bytes
|
|
MD5:
5a890dc1f6f1ebbe6950d05caa74c5b9
SHA1:
89fb7260268090cfe766e8a0aa3c9b2259bd0130
SHA256:
262B4D6FB3B7DCFFEB5FBF0C037029E1885469D26F7D4430664F73A534DC4751
File Size:
686.81 KB, 686809 bytes
|
|
MD5:
a5e93396a005f04c5edeba0352e39bea
SHA1:
15544384581d9537a538372534033692e5a82a88
SHA256:
F48650A9FBB574E42DF71CCD5B0F5C7055C760C25EF224B794B4248D7F4BDBFC
File Size:
2.08 MB, 2077696 bytes
|
|
MD5:
2d0de001c71bb1b9515ee550ff411921
SHA1:
d0e5ac4eb92ee0bdfd9b07ee2534911d151e78c9
SHA256:
386153AF470B8F150CA70083FE3A225EF1C9463FD035A55D53011B57D350E8F0
File Size:
2.08 MB, 2083840 bytes
|
|
MD5:
1fd8ac5e4a70a6c11313dfc10adaed39
SHA1:
0ed06cb2bf3bf84a59935965089527d0c2072ad5
SHA256:
A160F446C12A46E9E69DF124AEDE004EE72DCB7A3FF3B2192AD23ED255C950F2
File Size:
2.26 MB, 2262016 bytes
|
|
MD5:
3e3bccbe62ac256a086cac6eb6f4269e
SHA1:
4ab704fce71085ed876d591eb8058a1f8aebc89f
SHA256:
20788D3D0801AB5D393841217AF728B4E0EDC80764DA77A01E069E7CF7B2CA04
File Size:
337.92 KB, 337920 bytes
|
|
MD5:
8810604fb7c50cd66013b91705dd9050
SHA1:
50efbad813b59b5c55d21b6523c34b8bd8b66dec
SHA256:
3176102A3F349A440B5F4C11ECC805D0DF6672892E3928B64B1415E6F60B31A4
File Size:
225.28 KB, 225280 bytes
|
|
MD5:
52be6205a433548c898ec9b42fbdf698
SHA1:
4c80f04ed6f3b5823ca29b3457fac8dc86d9db88
SHA256:
F14348A01F13FAA4CE89973B027C79CE3AD8DAF8A5EB4F845D8390C8B2A137E5
File Size:
613.89 KB, 613888 bytes
|
|
MD5:
4df1f30041341d4f4e3fc6800490a37b
SHA1:
b03f40a3a5c34f8776b736f4295d3a599555a2cb
SHA256:
5B3CBD4B7EB6F89275C34D84FC9ECD4BE5479AE40EE14178A0A5ED527880EDF4
File Size:
681.47 KB, 681472 bytes
|
|
MD5:
70c864a2cd151c07380fd2202d48dbb5
SHA1:
69a10d2f5b98f3e7a93175a2531862d3b2116f94
SHA256:
9A64258438F452C997F59767DC0749AD4C49C48C9A3195CBCCD89383DD6E5CEE
File Size:
3.07 MB, 3072512 bytes
|
|
MD5:
39898d5225d4b3d15c4bd70b38b5e61f
SHA1:
38bfda2e6cd1ca7236aa4c6885695c475932d436
SHA256:
0F2C075ACC457391ED18E24778D1F8632A03756CBB56FC4E8C5A4D68FBD9D185
File Size:
357.89 KB, 357888 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
69 additional icons are not displayed above.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
Show More
|
| File Description |
Show More
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
Show More
|
| Legal Trademarks |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| MP3 Support | thawte Primary Root CA | Root Not Trusted |
File Traits
- 2+ executable sections
- big overlay
- GetConsoleWindow
- HighEntropy
- Installer Manifest
- No Version Info
- packed
- upx
- UPX!
- vb6
Show More
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,849 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 1,839 |
| Unknown Blocks: | 9 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.DSS
- Agent.HJG
- Babar.AI
- Babar.W
- BadJoke.TH
Show More
- BadJoke.XA
- BadJoke.Y
- Banker.AM
- Banker.GF
- Banker.LG
- Banker.RF
- Banload.XG
- Banload.XN
- Casbaneiro.A
- ClipBanker.GS
- Danabot.DI
- DealPly.AS
- DealPly.ASB
- DealPly.G
- DealPly.GB
- DealPly.GC
- DealPly.IA
- Delf.Agent.F
- Delf.FC
- Delf.GG
- Delf.OD
- Delf.ODB
- Filecoder.PB
- Filecoder.RR
- Fugrafa.I
- Gamehack.BSB
- Gamehack.LCG
- Gamehack.PDFA
- Injector.JDA
- Injector.KPP
- Injector.XN
- Installmonstr.EC
- Kagee.A
- Keylogger.DF
- Kryptik.XXBA
- Lamer.B
- Lumma.NB
- MSIL.Agent.FG
- Malat.A
- MyDoom.A
- MyDoom.D
- Poison.X
- Qhost.MA
- Ropalidia.D
- Soft2CN.A
- Swisyn.B
- Talsab.A
- Trojan.Downloader.Gen.FD
- Trojan.Downloader.Gen.KL
- Trojan.Kryptik.Gen.FJ
- Trojan.Kryptik.Gen.MM
- Webalta.A
- Zbot.XAFJ
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\~df4790ce9831af343b.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
| Anti Debug |
|
| Other Suspicious |
|
