MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 168d0a4c71f4257fef77d64a85bfb52d570f07581156b8d2abd4168422845f83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 4

Intelligence 4 IOCs YARA 13 File information Comments

SHA256 hash:	168d0a4c71f4257fef77d64a85bfb52d570f07581156b8d2abd4168422845f83
SHA3-384 hash:	5b671886bfaaea446ba59bd05461c19d59e513a3d3b2f2fb9859c3b19a74ee0b0092ace9109616112754f0fd5dfb9c4e
SHA1 hash:	1655cde25eccbace5767962fe5fcf8169d368795
MD5 hash:	91f3f3ff1e71683ab7a9a11b83792835
humanhash:	alanine-oranges-colorado-nebraska
File name:	i№st@113R ver.4.8__P@$$ 0135.rar
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	16'550'182 bytes
First seen:	2025-07-11 18:03:18 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
Note:	This file is a password protected archive. The password is: 0135
ssdeep	393216:ipR5gGydg2zJFqoskolH3u2+dBB2mGlWe6NTR4lg/x:AgNNjiddoBFGlj6hRP
TLSH	T185F633CF0F328EEBC799E06D4199B7B563A58880BD988742EA0F07F7C3275E5961542C
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	aachum
Tags:	147-45-177-106 ACRStealer AmateraStealer HIjackLoader IDATLoader pw-0135 rar

iamaachum

https://chefupdates.rest/ => https://mega.nz/file/eJ5wkYiY#LPojHNSU2pYN3K4eNi0kFrrY2bXBsVUMVQgDwlWN5Ms

ACR/Amatera C2: 147.45.177.106

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file is a password protected archive. The password is: 0135

This file archive contains 214 file(s), sorted by their relevance:

File name:	Snis.adml
File size:	2'612 bytes
SHA256 hash:	d764ea69ba0c9bf3b83d8d497820419a8ec755b4a81c4394db5a73c6ff19cdfb
MD5 hash:	80c54c63c7d081f9c7d7738d50f1d92a
MIME type:	text/xml
Signature	ACRStealer

File name:	InetRes.adml
File size:	457'561 bytes
SHA256 hash:	9775d601260260ca0bdb805fd89aa5c3c126b8706458404a2405711dfd708647
MD5 hash:	10590ce50b19c233ddb6eec95850c5f4
MIME type:	text/xml
Signature	ACRStealer

File name:	Winsrv.adml
File size:	1'453 bytes
SHA256 hash:	41331bf31c4ba79b1ff7169efa27cf37aee5ed269c1c6894af78f3f6fb40ae59
MD5 hash:	76d4b8899387bcd0c081d4301e1b18de
MIME type:	text/xml
Signature	ACRStealer

File name:	Setup.exe
File size:	1'677'584 bytes
SHA256 hash:	596b4428300507563e212b75f53c7ef63a0d99f187d30a9a3a78514e2382129f
MD5 hash:	893d856c0bc16da230bfc30fa967cde9
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	AppXRuntime.adml
File size:	4'462 bytes
SHA256 hash:	42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec
MD5 hash:	bf19db2e91edefe517515ba23b30103e
MIME type:	text/xml
Signature	ACRStealer

File name:	WDI.adml
File size:	3'666 bytes
SHA256 hash:	4a49d6f192ff5e859fe003db2584049d5f54615f80e5b977156f7d51f4752105
MD5 hash:	3c7a58453a2a54c65a82137819fcbfa2
MIME type:	text/xml
Signature	ACRStealer

File name:	InkWatson.adml
File size:	1'426 bytes
SHA256 hash:	3930adc5cc37ac32f2c02c1c3f288cad45f18ddb232d5226b78e9cf7632014c2
MD5 hash:	386afc1d42fda5da7b89c46b35c02635
MIME type:	text/xml
Signature	ACRStealer

File name:	AddRemovePrograms.adml
File size:	10'736 bytes
SHA256 hash:	c97cd236f8be2b235685d3d16632482839208604db3f550f9524eafda33b9ca9
MD5 hash:	dfe20a0ca8674d6eaea280c139e2688a
MIME type:	text/xml
Signature	ACRStealer

File name:	DiskDiagnostic.adml
File size:	4'016 bytes
SHA256 hash:	3ee2d33b8c14490d4315f669873b1e4747ef4c99cf83cb3214fbe02774df322d
MD5 hash:	98fb5567e5194e5e7430c553fd07ee50
MIME type:	text/xml
Signature	ACRStealer

File name:	Updater.exe.config
File size:	1'106 bytes
SHA256 hash:	091afff3bb63024b5a7b14ea30306b6753858fd1a33fc8c98e3b5e65fe92fbe7
MD5 hash:	75e66ab540561a0c7d4160271f518243
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-synch-l1-2-0.dll
File size:	18'384 bytes
SHA256 hash:	9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
MD5 hash:	659e4febc208545a2e23c0c8b881a30d
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	CtrlAltDel.adml
File size:	3'490 bytes
SHA256 hash:	23eaf2144b343acce5ec33dfb0363ba5b53e1ed8f5e0557f7597f02c1a659b0c
MD5 hash:	8eb6cbecfcfb7fb15e453e235713f0d2
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsRemoteManagement.adml
File size:	14'554 bytes
SHA256 hash:	a8b80a925fcc599e485029b1833c58865a6a16d872fb8766f9acb8a1e0752d93
MD5 hash:	e24b954c1451f81fc8559a0f42d8b804
MIME type:	text/xml
Signature	ACRStealer

File name:	ReAgent.adml
File size:	1'817 bytes
SHA256 hash:	11ab21a9f9176cbc644dbdc5020fa4791086234fb126a5f0885315efd299bb35
MD5 hash:	74a0325268266b2cde0e3f5f1597f203
MIME type:	text/xml
Signature	ACRStealer

File name:	AuditSettings.adml
File size:	1'846 bytes
SHA256 hash:	6928faad9624bbf4c74f6c138496a4c6ae8d04919c3de9591568300c1dd39e59
MD5 hash:	71075fce08402095aeafbe57962a1f5b
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-timezone-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
MD5 hash:	69df2cce4528c9e38d04a461ba1f992b
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	WindowsMail.adml
File size:	1'162 bytes
SHA256 hash:	9c7a2043d9d255f11092ce1303abfd599bbefc4459d1c87308d4738e2e7225a2
MD5 hash:	2cded79a2dd5c6d41bfaa7567008f5cd
MIME type:	text/xml
Signature	ACRStealer

File name:	WordWheel.adml
File size:	2'619 bytes
SHA256 hash:	8cb5f08bc1d73ee9c83ef7043a8bda0cf250e7bedd1c84e700e6a8a913beaf86
MD5 hash:	a5fe2005e14e5e7e8792ce0c2bdf53a8
MIME type:	text/xml
Signature	ACRStealer

File name:	RemoteAssistance.adml
File size:	10'373 bytes
SHA256 hash:	428ccc88349680a1684a33176fed4e4b8bc544ec7b29dcd71cb17bffe274d16f
MD5 hash:	f239e9c6b37abe7aee14c64fcd64d86a
MIME type:	text/xml
Signature	ACRStealer

File name:	EventViewer.adml
File size:	2'368 bytes
SHA256 hash:	8911189fb55d6de6da90e3ed57336aa7f2323520cf2719ced2e91b76b4ab085d
MD5 hash:	45eb132cb1f927d22c54ec385a552153
MIME type:	text/xml
Signature	ACRStealer

File name:	zlibwapi.dll
File size:	132'880 bytes
SHA256 hash:	f76c0e6779655910b3da012a01a09e08ad64f9905ff3e8d2ac7bdf06788f91ff
MD5 hash:	a5865c36d6794b2af292c0df174e7e90
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	api-ms-win-core-profile-l1-1-0.dll
File size:	17'360 bytes
SHA256 hash:	d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
MD5 hash:	6ee66dca31c5cce57740d677c85b4ce7
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	FolderRedirection.adml
File size:	7'951 bytes
SHA256 hash:	0144a87b8d59221d8c76b55a64743f6ad72fec812242669c05421d4d07321383
MD5 hash:	b0e17494d027c66ad4cc97fe5d2e6108
MIME type:	text/xml
Signature	ACRStealer

File name:	TaskScheduler.adml
File size:	7'038 bytes
SHA256 hash:	00250a97bc62d5c01e534907317937337008b28110dd7ab88a5d32aa347a3b9e
MD5 hash:	09bb6bbd535e6b16043d7de703670523
MIME type:	text/xml
Signature	ACRStealer

File name:	BugSplat64.dll
File size:	558'464 bytes
SHA256 hash:	8fe9be5391cef47155ba98879ec86747b9e5e31c5d1f18079fd389c52901b4b9
MD5 hash:	e41209afb442b87d598f845eb549c387
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	api-ms-win-crt-process-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	542a22540cdb7df46d957a0208d50507916f7c737bea833931239d56ebe8d68c
MD5 hash:	66f4e530a19ed2f6862b5ce946437875
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Updater.ex
File size:	424'552 bytes
SHA256 hash:	52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c
MD5 hash:	a341d9bfaae6a784cb9e2ea49c183fb4
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	ControlPanelDisplay.adml
File size:	21'011 bytes
SHA256 hash:	a4f9a17502e8aba9e82c5c324cbed40e109a565ca2e27b3d79389f1a595b3ccd
MD5 hash:	61cb7046c23a14515c58521dad36ab6f
MIME type:	text/xml
Signature	ACRStealer

File name:	ServerManager.adml
File size:	4'955 bytes
SHA256 hash:	e47082b33aca0fb727e6486eca05ed0f7e309923d214df7d6d1e9e1bb6b58a93
MD5 hash:	65c390cededfd130518b61fa1235250a
MIME type:	text/xml
Signature	ACRStealer

File name:	NetworkProjection.adml
File size:	2'267 bytes
SHA256 hash:	615e09eec96e2e99550ca7014ad5e7249c031e1e19b2241032c1be983622729d
MD5 hash:	1aea64ee82cccf20be4e7178e0d9c569
MIME type:	text/xml
Signature	ACRStealer

File name:	TSLogSDK.dll
File size:	855'816 bytes
SHA256 hash:	ad2933bde1c9fc096cbd7d519e8f2234a3094fa20975de6b2014a5c3a1f72e2f
MD5 hash:	0f61ec1794edafa62a4c737d7995f92a
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	WindowsAnytimeUpgrade.adml
File size:	1'059 bytes
SHA256 hash:	38866cdad4284842c711350a8e5e9a0e3743b21bb66f0d849073fd73d4137a0f
MD5 hash:	42a08790f9d22d63fc6d832bc97cab7c
MIME type:	text/xml
Signature	ACRStealer

File name:	WCM.adml
File size:	5'728 bytes
SHA256 hash:	5ec9152e44738d44848ab532d269ec0d51612fd60b5fa8a7a3d53dc0395164a2
MD5 hash:	7d5b3a4f151213cb0efdacfa335a6aa3
MIME type:	text/xml
Signature	ACRStealer

File name:	Windows.adml
File size:	7'341 bytes
SHA256 hash:	fd871c109b4be893167d85e6c37792b70e2f251ddb9370d039161e3fe735bdcc
MD5 hash:	091ae0ec426bbe821c7c4a313fa3e5a5
MIME type:	text/xml
Signature	ACRStealer

File name:	ShellWelcomeCenter.adml
File size:	1'034 bytes
SHA256 hash:	778a48685463098ecbab0e95ec4ba4cc299704453a10b790404d636c78495a6f
MD5 hash:	e1c3a48a813c8e8d7f076966fff1782f
MIME type:	text/xml
Signature	ACRStealer

File name:	DCOM.adml
File size:	5'072 bytes
SHA256 hash:	bd0e69bf353115e23b4344875da15df78bd4adf676eeab35aed30a21c129ebed
MD5 hash:	7df9e61d5f72660a48741a9d1ae6df2a
MIME type:	text/xml
Signature	ACRStealer

File name:	Power.adml
File size:	29'740 bytes
SHA256 hash:	0f8b66f7b315426abec4b71912d2ff5f1f4a573ac391cd8e0a10738af808f8a6
MD5 hash:	c0e2a98755b3da961dbbcfa1a621154b
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsFirewall.adml
File size:	43'147 bytes
SHA256 hash:	5625f229bc2ce0518f0689c32b02f208d1b160274d5c9ac00707a15fd4f254ab
MD5 hash:	0dddc70e928c3191d6db487772fcddd6
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-private-l1-1-0.dll
File size:	70'608 bytes
SHA256 hash:	696c10112d8b86a46e5057cbd0bf40728e79c6bb49cda1f2c67fe45d0fc1258d
MD5 hash:	ad8d9a6ea592a6c8a78c67a805cec952
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Radar.adml
File size:	2'714 bytes
SHA256 hash:	8c710dc3983ed5962c5f7d40c3390c660ae7597cea71f2bf8ff68b6efc594cb7
MD5 hash:	64afb930e79cdcdf1d967b37180dec5c
MIME type:	text/xml
Signature	ACRStealer

File name:	TerminalServer.adml
File size:	127'562 bytes
SHA256 hash:	ff74be25815c0ca023fad48ea35e6fa32566065485534d01842d617eb39f8ace
MD5 hash:	3602b346f09097d79eaa8029915b67f9
MIME type:	text/xml
Signature	ACRStealer

File name:	MMCSnapIns2.adml
File size:	3'258 bytes
SHA256 hash:	258d9502cbd3b2b6e342d1b705a17a6537865d066bec2227bd4bd5a4d3e411f9
MD5 hash:	181edeab7f0fa1fd7da1d157121386d1
MIME type:	text/xml
Signature	ACRStealer

File name:	Logon.adml
File size:	16'832 bytes
SHA256 hash:	cff8bfad325c4f3be418a491d37bb367e126f24ee22fa39c809c83aed6c07033
MD5 hash:	7deb6528b7bf721da0bc53b65116e4b2
MIME type:	text/xml
Signature	ACRStealer

File name:	CredUI.adml
File size:	3'126 bytes
SHA256 hash:	625371bba40530a9a4a88e167b4870634f7583bb601d16954ed8ff4a0e5242e9
MD5 hash:	1c00f0e54b646baca8571fc0b7be9582
MIME type:	text/xml
Signature	ACRStealer

File name:	LinkLayerTopologyDiscovery.adml
File size:	3'646 bytes
SHA256 hash:	14daff44ecbec76cde21ccc68d5558bd6119a5f58c6884b9692b6341ead643dd
MD5 hash:	92dbad98f0e768c7bfe966bd839bb017
MIME type:	text/xml
Signature	ACRStealer

File name:	tcpip.adml
File size:	13'466 bytes
SHA256 hash:	89ec65c0144936de7a31b903d9a8dbd2e436fd098de9aa91eaf164a5a8b6db1b
MD5 hash:	0b0da2277fe7b257b26ed87e595cdcf5
MIME type:	text/xml
Signature	ACRStealer

File name:	CipherSuiteOrder.adml
File size:	6'011 bytes
SHA256 hash:	4e01b6a54c1b3933d33645729af7f69e50d687c37db985a924917e6f8acab15b
MD5 hash:	f7e00a4abe6853a853d65fb722604674
MIME type:	text/xml
Signature	ACRStealer

File name:	ParentalControls.adml
File size:	1'084 bytes
SHA256 hash:	fc70bc44adaec32e39a503ceec2f52b98c697d61be6c120a96480445a968fe5a
MD5 hash:	2dd43aea1d0f6713f020401fc72878bc
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-heap-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	0166edfb23cfc77519c97862a538a69b5d805d6a17d6e235f46927af5c04b3c9
MD5 hash:	9c373c00ac3138233bdf1655c7be8e86
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Desktop.adml
File size:	22'651 bytes
SHA256 hash:	f8da2c6952ebaba7c70f5bb5941532a2e6112955e3e340f003581e96bb7b0881
MD5 hash:	3b0954050c6dff90cae771936c61f536
MIME type:	text/xml
Signature	ACRStealer

File name:	iSCSI.adml
File size:	5'220 bytes
SHA256 hash:	68b3df1ed58900e693440d614266c2f8fa20a87f75b9183a5bebfab5c3c6b4c2
MD5 hash:	fe14e28c69993accec221be3c7a99e5c
MIME type:	text/xml
Signature	ACRStealer

File name:	MMCSnapins.adml
File size:	10'156 bytes
SHA256 hash:	48663270c2b2ed9475692772cbf5b12b635d75fa293e3059f8b81d8b4d02382e
MD5 hash:	a30ab3fb1ba97bfd3ad477ad18d0be28
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsExplorer.adml
File size:	57'954 bytes
SHA256 hash:	d350f2161317cca32ad7bb4d6cf369f3aa81467122855f9fa8b8b0ba15f14893
MD5 hash:	c1fbabfe3bc28d72ceb06dabdd8dcdda
MIME type:	text/xml
Signature	ACRStealer

File name:	IIS.adml
File size:	1'408 bytes
SHA256 hash:	73b3cbe01f0416f6de28395e5b9ac286c8149d0f46bab6ae86b6ac4e58b0f803
MD5 hash:	426b83ec085ae7511ef7836624778786
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-util-l1-1-0.dll
File size:	17'872 bytes
SHA256 hash:	68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
MD5 hash:	c6553959aecd5bac01c0673cfdf86b68
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	MSI.adml
File size:	30'569 bytes
SHA256 hash:	bea0490ca9e830b84869a273d0011683a54fa4e92e0eff63b9f123cfffc40c60
MD5 hash:	281e7ffccbcb02fc616febf6f291b411
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsBackup.adml
File size:	3'483 bytes
SHA256 hash:	33a81cbc22929db64640e0da5046f30634f5b9dc9271f9601ca7abcbc0e656d7
MD5 hash:	8015a772382be975c6e6145b1a25f71a
MIME type:	text/xml
Signature	ACRStealer

File name:	Help.adml
File size:	5'647 bytes
SHA256 hash:	8ddb25b03aeac60067ca82f72ede2b7ebceb1e48e196bad69995c052fd2d2e86
MD5 hash:	3b1ad1ecf110f12067554fa487c740fd
MIME type:	text/xml
Signature	ACRStealer

File name:	DeviceCompat.adml
File size:	1'012 bytes
SHA256 hash:	5fe3fc627dfaeddeddd5c617d4ddd1ab367353a97026268c27ab45b8a9025472
MD5 hash:	8c5bfc23602cf18e6ec73bdf468c5c65
MIME type:	text/xml
Signature	ACRStealer

File name:	FileServerVSSProvider.adml
File size:	1'516 bytes
SHA256 hash:	da1fff29710b8b4d5d3361e38fe64b66d7a39f70ab98d23f02c2f285c7298817
MD5 hash:	bfbe8a2102d1dad98fc3b6a7c9d49809
MIME type:	text/xml
Signature	ACRStealer

File name:	Netlogon.adml
File size:	46'428 bytes
SHA256 hash:	14b401fbe6f5fd279430d383196f16ac0d93ee665d0225c7f2c4c3dd56d7b847
MD5 hash:	b6cb2af44b11487f92d14a3e9b7b4f70
MIME type:	text/xml
Signature	ACRStealer

File name:	RacWmiProv.adml
File size:	1'378 bytes
SHA256 hash:	4befe402e1d8baf094346887c509331398720109298eeb4dd947879dfe0a9216
MD5 hash:	b8793f540e47ee449a0369a0569cfb8a
MIME type:	text/xml
Signature	ACRStealer

File name:	GroupPolicy-Server.adml
File size:	1'487 bytes
SHA256 hash:	a87bb0424e1d7def0f6d544530a32abb9ed6d448969feb8c5985f30e0fd71b65
MD5 hash:	721de72286ed158412b12054999d879d
MIME type:	text/xml
Signature	ACRStealer

File name:	FileSys.adml
File size:	5'047 bytes
SHA256 hash:	40a867eb9b6b1644cdf87ac77d346485da153b245603237fa9a76e2c68acfd4b
MD5 hash:	f1951fb8c3b9eebe23abef5ee23dba39
MIME type:	text/xml
Signature	ACRStealer

File name:	SkyDrive.adml
File size:	3'086 bytes
SHA256 hash:	0d9f815210f123d3a3201ea0530f0c5f4c8c2b3cf6ae146402d1b3d7e83e77c6
MD5 hash:	7c6abef96d8fc4473b348f9cc6ab14ca
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsMediaDRM.adml
File size:	1'636 bytes
SHA256 hash:	eeff3058ed45fa9e18846ee53be4ef621b20ba2d7bb4535a81cdbf8066604e68
MD5 hash:	0bef85c5a51f0980d97b8f87cc124c6b
MIME type:	text/xml
Signature	ACRStealer

File name:	AttachmentManager.adml
File size:	9'845 bytes
SHA256 hash:	6974aebdcb65ab63decd224d3c060f0afca11e00c781657ead44f64073094bf8
MD5 hash:	156adebca5cd43e0d849f921b26594c3
MIME type:	text/xml
Signature	ACRStealer

File name:	MMC.adml
File size:	4'806 bytes
SHA256 hash:	5ce95bdc6780550fad262390a824cdb07d6b426683fe1e8afa533d6a47a8e79b
MD5 hash:	e7286b16ab9a79a941457d0e5f7ac2d9
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-synch-l1-1-0.dll
File size:	19'920 bytes
SHA256 hash:	8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
MD5 hash:	979c67ba244e5328a1a2e588ff748e86
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Thumbnails.adml
File size:	2'359 bytes
SHA256 hash:	36e567db6f269f42865bc122835cbf10c7de187aff70ba93ba81c045486a134a
MD5 hash:	9dddbe09ee87b401376670f58f52b8cb
MIME type:	text/xml
Signature	ACRStealer

File name:	DiskNVCache.adml
File size:	4'247 bytes
SHA256 hash:	d94738c802a64bda9cca3947096a97b4dac05730bd55441ed552595422103a9f
MD5 hash:	74ff3350ef82b0e11ef64c762cf28be3
MIME type:	text/xml
Signature	ACRStealer

File name:	GroupPolicyPreferences.adml
File size:	133'320 bytes
SHA256 hash:	d79eed1ffb6836c73a921b8bd79195f3787c17cb15ceb9e27d682f27daea3aef
MD5 hash:	d1a5cf9f95b52d0c47de6c6bba860d0a
MIME type:	text/xml
Signature	ACRStealer

File name:	Taskbar.adml
File size:	11'395 bytes
SHA256 hash:	17a7e0c29f6fad55f06306ece4251a6bf7d40bb30c3178385d01cffc805a1164
MD5 hash:	b04329c131f6270e21143e3a48884e73
MIME type:	text/xml
Signature	ACRStealer

File name:	MSDT.adml
File size:	4'822 bytes
SHA256 hash:	91692970671c4a0ac5a872a787f7c8d5b7c69bc36503d2815408443ea7b820db
MD5 hash:	cd6f4b94c65a6a5f650eedcc4108c1f9
MIME type:	text/xml
Signature	ACRStealer

File name:	Printing2.adml
File size:	14'598 bytes
SHA256 hash:	28d160709a578ae08008ce9f84efa853f0cd30c05ac418ed0085133b7f5be4f8
MD5 hash:	5ba865d69814055e09d5698701921315
MIME type:	text/xml
Signature	ACRStealer

File name:	DistributedLinkTracking.adml
File size:	1'218 bytes
SHA256 hash:	25d3882376cc864e14bf8cbd16065971c8c5f1c88fcef7c60b4213604f893272
MD5 hash:	8b49abca606df290d14944330f11a796
MIME type:	text/xml
Signature	ACRStealer

File name:	SharedFolders.adml
File size:	1'850 bytes
SHA256 hash:	3649d182a6d570c693d564e11b80127960e3f34bd98c2dabc5e5a1f640b7eacf
MD5 hash:	b512ac9ca34bc2605d206fa9d22778f1
MIME type:	text/xml
Signature	ACRStealer

File name:	DeviceSetup.adml
File size:	8'722 bytes
SHA256 hash:	4e1bc9fda548eebf29a499b61ce0462983dd461db84f4b2c63150636b917036b
MD5 hash:	9e7c326dccfd5bdae53f0ff7359042cf
MIME type:	text/xml
Signature	ACRStealer

File name:	HelpAndSupport.adml
File size:	3'089 bytes
SHA256 hash:	c121b0c89956299e7ea7212d382e199bdf50f51fe94634740934c56bac669cac
MD5 hash:	ff9ef4c6bce28ed5d6c68034cf5fb683
MIME type:	text/xml
Signature	ACRStealer

File name:	wlansvc.adml
File size:	1'977 bytes
SHA256 hash:	a59e2ed355ac803474c9ef02a60076bb98adbb33ad6aa6884ab1b4850bac4c02
MD5 hash:	13e20c78e89e7fc58934bcff584e12a1
MIME type:	text/xml
Signature	ACRStealer

File name:	msched.adml
File size:	3'422 bytes
SHA256 hash:	c65da0df5066f72eff8b61edf4f7b900650462fe38260c98c43a2dfcbeef8634
MD5 hash:	224beabeb0b0c06f17cd758d7f5ca442
MIME type:	text/xml
Signature	ACRStealer

File name:	COM.adml
File size:	1'670 bytes
SHA256 hash:	44fa3b1e818ef70305ad41012d78cf140851ec0949d4f2457f60c295e31c8edc
MD5 hash:	33757eac0441251ace18bd74ff8e2bd0
MIME type:	text/xml
Signature	ACRStealer

File name:	DFS.adml
File size:	1'550 bytes
SHA256 hash:	7c621bdfa9aafbb72c6e3eaa6bd9dadb9b87b76ff3085c3ab85f94a4ba74148b
MD5 hash:	59649458234fa8ec0fa1ccf6d1a1f000
MIME type:	text/xml
Signature	ACRStealer

File name:	Globalization.adml
File size:	25'531 bytes
SHA256 hash:	7fcb7f49fcea58d4cfd70a65394dd7e7fd5404d7e51225fbb212035cea78df79
MD5 hash:	76a8a380a63a9348769b4a94d9eef57f
MIME type:	text/xml
Signature	ACRStealer

File name:	WorkplaceJoin.adml
File size:	1'317 bytes
SHA256 hash:	4754f8a9b020216a0f9ca4c7357a6794d3c98735d9b7857fcbc19ed1401021e3
MD5 hash:	68e7e1bee13094c1c0f9896f82b4d741
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsConnectNow.adml
File size:	3'410 bytes
SHA256 hash:	1471aca2b4bcd0a4d5bf43330741cc0314a243de0757db0383452a7c473e1644
MD5 hash:	7fde7c285c5bfbcd2e562db3f37096ec
MIME type:	text/xml
Signature	ACRStealer

File name:	Shell-CommandPrompt-RegEditTools.adml
File size:	5'239 bytes
SHA256 hash:	bec7cf7ec0cdfd01bb8677c20c887988a642742f136c0437d49a67f218087842
MD5 hash:	3925d35054ab425a8f3690c2fa33bdfc
MIME type:	text/xml
Signature	ACRStealer

File name:	SystemRestore.adml
File size:	2'647 bytes
SHA256 hash:	79b2c3ca033b5ccecb7d24032ffbf7a718ec34baf4c8ba66e862917337b9fbb5
MD5 hash:	f0306b958ec9daf0c4e5d2ba8355a02e
MIME type:	text/xml
Signature	ACRStealer

File name:	Explorer.adml
File size:	4'363 bytes
SHA256 hash:	6cba67bf6d239fa46e6f2566f1f8653dcba053dc828aa731dd768c525af1bb1d
MD5 hash:	b8789197191f1a2c461797c595fd8415
MIME type:	text/xml
Signature	ACRStealer

File name:	TPM.adml
File size:	19'376 bytes
SHA256 hash:	62154d9046066523b2833a380fb4a6841ab369d4e7502d1ef8ad93462e0cce12
MD5 hash:	62d34160550f61471f77f778aa1280ca
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsRemoteShell.adml
File size:	5'497 bytes
SHA256 hash:	35c10ecd562212b9c242abcea3eecd82965f173b8f8f2a848f1dd94f725ef0a1
MD5 hash:	157a758a1233f9764cdffcb79f8adab2
MIME type:	text/xml
Signature	ACRStealer

File name:	Resource.ct
File size:	3'136'432 bytes
SHA256 hash:	37a5a53b7d95439b05b5e4f394de8b931a500f6df97aaf1a82cb8a66c11478f2
MD5 hash:	cf83372ce8462708f58817b1560e7006
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	RemovableStorage.adml
File size:	13'642 bytes
SHA256 hash:	61727d2632e0e816a562c6489e5732206a94d3f3581d35042f72fc03a7ecd3d0
MD5 hash:	3c7c9203b770747e42f16415384aca91
MIME type:	text/xml
Signature	ACRStealer

File name:	Sharing.adml
File size:	2'463 bytes
SHA256 hash:	56d6e0e7fd98836c698d345735b4f7633df49c455500c41b20e7b5d6fdf40ab3
MD5 hash:	f76cbcdf77eac5fef366f9f9d45f5e76
MIME type:	text/xml
Signature	ACRStealer

File name:	VCRUNTIME140.dll
File size:	92'432 bytes
SHA256 hash:	b490a65a7a23ab2387339f081b8f1d9665a13b03023dbb3bcafe016324857abe
MD5 hash:	d3acd80cd5759cfd9ac4eb0f1900ad9a
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	PerformancePerftrack.adml
File size:	1'205 bytes
SHA256 hash:	82c7f47d059ed97ef6ac7068e43e6933e84ace56543fd8c945065a51c0644a63
MD5 hash:	ef84a579bc8272236e53ab9f5bee92cb
MIME type:	text/xml
Signature	ACRStealer

File name:	MobilePCMobilityCenter.adml
File size:	1'205 bytes
SHA256 hash:	94d9c7aaf148f31b6129b5567f963832427de828dcd7e0b31f1bcbdbd5dbed3c
MD5 hash:	f4ed8285ac3f6d33796eceb5a7d654d7
MIME type:	text/xml
Signature	ACRStealer

File name:	ExternalBoot.adml
File size:	2'806 bytes
SHA256 hash:	f8b25ed02542858011f65ae02ebd1c4a62558ee28b76a281656fcf1a70e772bc
MD5 hash:	8417153a964b75197b8a08f35d62c381
MIME type:	text/xml
Signature	ACRStealer

File name:	Bits.adml
File size:	32'159 bytes
SHA256 hash:	80d730b14bbb66b29360c108c8a57e09aa33e57dc1c9eaffcad5d66b3ef98c31
MD5 hash:	f6e746cd330a73b928c14770d9645bd0
MIME type:	text/xml
Signature	ACRStealer

File name:	ErrorReporting.adml
File size:	30'768 bytes
SHA256 hash:	0e087d6f548b2cdbf2c2ea12ce78dc4f8b9d1a4979ae6fd955cac4d350aafabd
MD5 hash:	8ab1308cba6530c458f432ab454c3070
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-math-l1-1-0.dll
File size:	27'088 bytes
SHA256 hash:	c7115159babdaa1f52e478e67b4e612da2332fda4e4036999b29425fe303b6e8
MD5 hash:	bc418a3461c5fdfa1a0d75f7e03d08a7
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	EventForwarding.adml
File size:	2'548 bytes
SHA256 hash:	ef69c13304dba64691227ac0c87f03c89120beb6003722c43e390bda572331ad
MD5 hash:	0a764bb7fd1c2bc83cbba71bdc3f8eb0
MIME type:	text/xml
Signature	ACRStealer

File name:	Kerberos.adml
File size:	19'138 bytes
SHA256 hash:	4148df3125629abe00141facef7519bbde4d3877067a234f35c0a63b740810f6
MD5 hash:	aa29f707b1fe528f5f856ec64e771dac
MIME type:	text/xml
Signature	ACRStealer

File name:	ActiveXInstallService.adml
File size:	5'601 bytes
SHA256 hash:	f49428cabb6f6671d95ef214133100c268d2ab04dbf0f095dd08b0105ed9d8a7
MD5 hash:	46876b1e6c8ba1fbf3abc838ccf809b0
MIME type:	text/xml
Signature	ACRStealer

File name:	MobilePCPresentationSettings.adml
File size:	1'482 bytes
SHA256 hash:	ec7d1b396b99416f267f99ba8d7a81199284c01cae1a19081f2670233fa02f20
MD5 hash:	3d1bc388407e64d128728e5259adac99
MIME type:	text/xml
Signature	ACRStealer

File name:	TouchInput.adml
File size:	2'055 bytes
SHA256 hash:	a376991d45dd68cd83e2a76c75f136b75033fde16297ec2868755268af2869e2
MD5 hash:	9562339e02d38bece2d7d3c89ee47766
MIME type:	text/xml
Signature	ACRStealer

File name:	v8_context_snapshot.bin
File size:	613'840 bytes
SHA256 hash:	169fc7f80834acf1d59b62c2adbe6d1ad477cf2564ee84150dfffd36caa1ca33
MD5 hash:	753be41d649d31812067ec2b85c10f0e
MIME type:	application/octet-stream
Signature	ACRStealer

File name:	W32Time.adml
File size:	16'499 bytes
SHA256 hash:	b62d8648eb65a947ae783f67a0e3f2276545df1cd265cf4aa513dc53df6882e0
MD5 hash:	7faf3a73c8dbae90e511742bbb51aadd
MIME type:	text/xml
Signature	ACRStealer

File name:	NAudio.xml
File size:	1'054'613 bytes
SHA256 hash:	8e58ffd1ba32ab7eae118f2861ed1449f49a3cd0c459df2ac26a1ff1bf4d7245
MD5 hash:	224d05879c6f2b9708edbb7cf244e76e
MIME type:	text/xml
Signature	ACRStealer

File name:	PreviousVersions.adml
File size:	5'301 bytes
SHA256 hash:	dc5a3de3d24654b83d269b2a74148b777261995a56abad7943616bba648a28ae
MD5 hash:	4dae700a902336a7acd9315f2dcb6f00
MIME type:	text/xml
Signature	ACRStealer

File name:	DnsClient.adml
File size:	31'344 bytes
SHA256 hash:	a60ea72f20c54dc7362cb26a10970b4bedac5e257e20317bd2caca1e289db08d
MD5 hash:	7b88f32185e7aee9d215d367f531c628
MIME type:	text/xml
Signature	ACRStealer

File name:	AppCompat.adml
File size:	10'119 bytes
SHA256 hash:	0ac43a8df0e8795968c0f9b6ecc6fbf620b761c128545ad689eec5dff21f5f1d
MD5 hash:	93c28840d18ed15af63308926f5aac66
MIME type:	text/xml
Signature	ACRStealer

File name:	PeerToPeerCaching.adml
File size:	24'638 bytes
SHA256 hash:	673cb9f3c9b5b753c41c6b44519a04c32a10abd90533cec88e4ad20a0e564d55
MD5 hash:	b5d667d298e0edcc6d2fb6f0c01b7223
MIME type:	text/xml
Signature	ACRStealer

File name:	srm-fci.adml
File size:	7'668 bytes
SHA256 hash:	e6f4193f29666226d72365c364e473f1f9deb47405dfedca38a215eb61fff967
MD5 hash:	7b04e3f4356b26d851628246dac94705
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsMessenger.adml
File size:	2'609 bytes
SHA256 hash:	ba36f02c4f20e6a6075c3091d0fd5bc81f6589552889fe4055c4bd90831a7699
MD5 hash:	3b589ade17cce578d294ff56d65f5321
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-rtlsupport-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
MD5 hash:	0069fd29263c0dd90314c48bbce852ef
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	WindowsServer.adml
File size:	1'011 bytes
SHA256 hash:	a96786faa32516c2738c2ec94e676f3d339732ab39318d7cdffa478a2bae1231
MD5 hash:	14aea48e9379243660e8b568a71ef533
MIME type:	text/xml
Signature	ACRStealer

File name:	DeviceInstallation.adml
File size:	20'516 bytes
SHA256 hash:	ead0368b0ab7404addc0b8bd016e04d43c7a1e370a2875a6785863a53cc94095
MD5 hash:	b0d80e37838946a958789511d6090800
MIME type:	text/xml
Signature	ACRStealer

File name:	ControlPanel.adml
File size:	6'210 bytes
SHA256 hash:	2d07c5b7079ed696aa73a4806a1b1feb2863b6a579033ef1f0a10e3d5d5e5fbc
MD5 hash:	02f20efb8f224de1bece4fa4fadf1442
MIME type:	text/xml
Signature	ACRStealer

File name:	FramePanes.adml
File size:	2'163 bytes
SHA256 hash:	cadf1a1ed7af5758824ac8a710730356758359e4cf0b61b989b76a3ba9dadff0
MD5 hash:	15395250abfe245e09edea1b6537814e
MIME type:	text/xml
Signature	ACRStealer

File name:	CredSsp.adml
File size:	20'162 bytes
SHA256 hash:	91a36f497d459ef96b4cedb88ee0884651d8b5c0eabce1c1f4fec6d49ff71a31
MD5 hash:	3f887766536ae5c7677e841c9a1e86f6
MIME type:	text/xml
Signature	ACRStealer

File name:	AutoPlay.adml
File size:	4'884 bytes
SHA256 hash:	8773998440c8d534fa69833174d05d09088f07e6e5c0e41d7c04a229c7903879
MD5 hash:	935c602dad3f4335bd16c269e66dbfaa
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-filesystem-l1-1-0.dll
File size:	19'920 bytes
SHA256 hash:	85b1b189ce9e3c6f4d2efdd4cd82b0807f681bea2d28851caaf545990de99000
MD5 hash:	14f407d94c77b1b0039ae2c89b07a2ff
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Setup.adml
File size:	2'060 bytes
SHA256 hash:	f0af5022e574f037feff288b1944788e08e9f1c3cc29e2968022b05ee8a12d71
MD5 hash:	9940a876376dfaca4c22aeb49d5e98d1
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-conio-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
MD5 hash:	7190cbfad2d7773d3b88ccc25533a651
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	WindowsFileProtection.adml
File size:	4'257 bytes
SHA256 hash:	d7293fb074e7098858e2090db60c7e3a8dc96fa062facbabda34af48c57a4a8a
MD5 hash:	2652912f37e3671937bb50f97c05fadf
MIME type:	text/xml
Signature	ACRStealer

File name:	PswdSync.adml
File size:	4'835 bytes
SHA256 hash:	5a277c91d697fecaebecfd1aa4a38f6027c5800bfb4b5ebebba90251c788beab
MD5 hash:	81a4179a1f50b390a55cec61b95f6752
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-processthreads-l1-1-1.dll
File size:	18'384 bytes
SHA256 hash:	e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
MD5 hash:	29001f316ccfc800e2246743df9b15b3
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	AppxPackageManager.adml
File size:	3'093 bytes
SHA256 hash:	5cd8b222aecbdeac3df2de6b774af7e02988981136f6e5e9cd3d12735c6a6416
MD5 hash:	b182f0b429a84d7e97c3d50eadf154a5
MIME type:	text/xml
Signature	ACRStealer

File name:	ffmpeg.dll
File size:	2'704'792 bytes
SHA256 hash:	5883d041c5f5020ac4b66314d5f89cb6331db3c4ec1c912f72b3ebb9aa8c41e2
MD5 hash:	449bf7a46490fa07881d969b6d52c0f1
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	RPC.adml
File size:	13'725 bytes
SHA256 hash:	a1595a8f7f77496cb3dae9ba4a8787985ff7c5c7b50bce6ea19ecc823b874c57
MD5 hash:	c7d0520662b4d6f3a33cd02e7d078832
MIME type:	text/xml
Signature	ACRStealer

File name:	EventLog.adml
File size:	7'756 bytes
SHA256 hash:	2863ef5940ec4685d1cf61891191647ce435f325720bc9626a0f2214f56e6ec9
MD5 hash:	b58d99d32df6e1076e976fa8abc3eeea
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsProducts.adml
File size:	5'639 bytes
SHA256 hash:	c662d7e4bf2848728b8f335734cb6500c40e88727f1abfabcd1e097b4c6b4fb3
MD5 hash:	14c496dde1d1acc8b3809cf194122870
MIME type:	text/xml
Signature	ACRStealer

File name:	NetworkConnections.adml
File size:	41'991 bytes
SHA256 hash:	e86f5ad0d0a55ed34d90a2ee7222564656c684fca48f9ce2c0363266c7c10ece
MD5 hash:	0f0684fa5cf664eaf158690457e68d92
MIME type:	text/xml
Signature	ACRStealer

File name:	WinInit.adml
File size:	2'477 bytes
SHA256 hash:	00ff3d345ddd3586734720ddde1e688a31ac0ca468ed85b8a322cbcfd4bb03ee
MD5 hash:	0cdeab62595877530194386c7f6a6661
MIME type:	text/xml
Signature	ACRStealer

File name:	d3dcompiler_47.dll
File size:	4'917'656 bytes
SHA256 hash:	9f5b1ad41183ba50896eb09be917b1382980224e212a97080d33c0bf3dee40dd
MD5 hash:	b37cc24fcfdcca9dead17a498e66db9c
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	FileRecovery.adml
File size:	2'975 bytes
SHA256 hash:	3a5992e2dc42003e6f1547ce4253134cf8c6270da6f68fcb6e3fa854b07fade1
MD5 hash:	353e01c633cbaf640b8238c535a4e3bc
MIME type:	text/xml
Signature	ACRStealer

File name:	LocationProviderAdm.adml
File size:	1'212 bytes
SHA256 hash:	f4edef9970d1e3ee016e880537db88d7b6a3b5abd142d791fc39d39fc4e1ffa9
MD5 hash:	fe47798fe9b3f4c43e782df1af166a87
MIME type:	text/xml
Signature	ACRStealer

File name:	WorkFolders-Client.adml
File size:	3'464 bytes
SHA256 hash:	b6a4f7ebe7a44f81b7a5d4c7a38fea3fcfcd184fa16e46863c1535323197be1a
MD5 hash:	f6075fa597f6343205f02cfaf7cf87a7
MIME type:	text/xml
Signature	ACRStealer

File name:	Sensors.adml
File size:	2'056 bytes
SHA256 hash:	b102166cf6a473dce4adc301156086d0eba710efffa1c4a569ea480994a7f5b4
MD5 hash:	7caff134d90fb9d9bffd1931a3b7a077
MIME type:	text/xml
Signature	ACRStealer

File name:	Smartcard.adml
File size:	13'897 bytes
SHA256 hash:	cf6f61b50cd4bf427834fec9d7d5c6fbdc0cdb3c5e8e07a66f04ba3d60e093b9
MD5 hash:	8ee4a00ed150375834d94cdf3644bb08
MIME type:	text/xml
Signature	ACRStealer

File name:	trading_api64.dll
File size:	289'568 bytes
SHA256 hash:	f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
MD5 hash:	2bca4e2c047ec969cb3cff277e7fc184
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	GroupPolicy.adml
File size:	60'292 bytes
SHA256 hash:	bf01a53e4dd9d9a982152bb2af4f6b78db2e6b26d0e3f80d192ac647fafd3261
MD5 hash:	3ec08bdffa220598c2fe18e65dc57f55
MIME type:	text/xml
Signature	ACRStealer

File name:	LanmanServer.adml
File size:	6'322 bytes
SHA256 hash:	3393d80184e3c251a2e8249c13bbbe99a9045ad37550d8497d960371964bf8b7
MD5 hash:	33f09cdada6d62bae3f0dc0a3e1a2c2a
MIME type:	text/xml
Signature	ACRStealer

File name:	WinCal.adml
File size:	1'085 bytes
SHA256 hash:	5d5fd8758ffcd1bcb7a28025e05d5749ac4b691adf0b9e2589c096b75e5dc5c4
MD5 hash:	8d40ca00ff9cb0aeabed1f9b98d06b2b
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-core-sysinfo-l1-1-0.dll
File size:	18'896 bytes
SHA256 hash:	1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
MD5 hash:	cef4b9f680faae322170b961a3421c5b
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	SettingSync.adml
File size:	9'740 bytes
SHA256 hash:	044a3c384ec4e46e9ee6aa4bf4d28f3027a758de7a9163324fe80ee466e935e5
MD5 hash:	a46525dcc0bbeff3717004aa7d5e686b
MIME type:	text/xml
Signature	ACRStealer

File name:	DigitalLocker.adml
File size:	1'186 bytes
SHA256 hash:	348b0a60bca267759ca52611c67b06ab3347cab23786c257d984eb7f3f94c6a2
MD5 hash:	a4eeca9fc18fd2f595ecc98fd40e0f5f
MIME type:	text/xml
Signature	ACRStealer

File name:	FileHistory.adml
File size:	988 bytes
SHA256 hash:	9341a249c8db566c91bd171482daa2faf9d17ef757db6cbe6829f75d4fce9492
MD5 hash:	76ef9c90cfe65de37cdbcd4847d584be
MIME type:	text/xml
Signature	ACRStealer

File name:	ICM.adml
File size:	19'360 bytes
SHA256 hash:	cab1dd5c4b264cd58f17f3cd2c16775a7abf379558f7506dd55fc363ca90c656
MD5 hash:	17cae97bbe2a02c66c6fbdd54652b33e
MIME type:	text/xml
Signature	ACRStealer

File name:	CEIPEnable.adml
File size:	1'949 bytes
SHA256 hash:	7651f59a99180721f39b02391bb51d382b39dbcd15e3e2245b10778b7a8a5d95
MD5 hash:	cb1e5dcf00dd4aa26834f7f02ea4aa0e
MIME type:	text/xml
Signature	ACRStealer

File name:	EarlyLaunchAM.adml
File size:	2'537 bytes
SHA256 hash:	5a5bad4a99052a7dffad794a712f606f4421d0323af8ba4121bb02034c917c1c
MD5 hash:	75aae2a1219696c7d046f25da1c331b8
MIME type:	text/plain
Signature	ACRStealer

File name:	PowerShellExecutionPolicy.adml
File size:	8'601 bytes
SHA256 hash:	1963de8a3d77000a3dcf16b751132920f2f8ed0274905285c914469d1597f11d
MD5 hash:	6e1645beeb36b67e2486df156ad73713
MIME type:	text/xml
Signature	ACRStealer

File name:	NetworkIsolation.adml
File size:	6'746 bytes
SHA256 hash:	d7fdcfbcad3f6a8cae618320a16e408b4ef7a2830ebe54ac141f8cd37c4b26d2
MD5 hash:	39e7220d62b6a3dbb2c126fbb57233ba
MIME type:	text/plain
Signature	ACRStealer

File name:	api-ms-win-crt-convert-l1-1-0.dll
File size:	21'968 bytes
SHA256 hash:	77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
MD5 hash:	3e415147ccd7c712618868bdd7a200cd
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	wwansvc.adml
File size:	2'971 bytes
SHA256 hash:	8f1f6c7509f5c7c27b8f6e5dcf81fb8c02ae3ffee825f6cfa4171a712be018d4
MD5 hash:	761af87d50f53f0ce9947b5d486c30fa
MIME type:	text/xml
Signature	ACRStealer

File name:	NAPXPQec.adml
File size:	1'216 bytes
SHA256 hash:	156ac533de885de2086d1506713b46bfbcfdeb20fcd783b16c3cd4c143868549
MD5 hash:	a4208900fde8b3665e5c81e299ca7bff
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsDefender.adml
File size:	75'437 bytes
SHA256 hash:	03dd8b1e813023915a4f0143749e9ce752f81edb973d4071ca522a03028ce619
MD5 hash:	f1a80f0c326a0fde6917dd3ad03c6561
MIME type:	text/plain
Signature	ACRStealer

File name:	NCSI.adml
File size:	5'609 bytes
SHA256 hash:	5e583582c0a4a933c3a0e4a4270e034de6b8dd23b2676a1ecad986db71f28e7d
MD5 hash:	c62cbb79e2af2e3cc1fd69206d0c9716
MIME type:	text/xml
Signature	ACRStealer

File name:	pca.adml
File size:	6'236 bytes
SHA256 hash:	899c5ff462e34e8319ac0c59a9bc794695166970ba28495c473754fa5c3de457
MD5 hash:	78021a8deb0981dd65154025032bb7d5
MIME type:	text/xml
Signature	ACRStealer

File name:	WPN.adml
File size:	7'410 bytes
SHA256 hash:	058509712bf20a49cc276bdf4ab6b0ccdc3550501da0f2c4529e234e9aae6068
MD5 hash:	77c2a2eb749ebca17124b632612ce191
MIME type:	text/xml
Signature	ACRStealer

File name:	CredentialProviders.adml
File size:	5'460 bytes
SHA256 hash:	ff1b853b846ea63064ad460b42c44230de008297b6a2ddb8daa48991a5684c14
MD5 hash:	b735ff00bd6511f0525c74881042cfbf
MIME type:	text/xml
Signature	ACRStealer

File name:	FileRevocation.adml
File size:	2'614 bytes
SHA256 hash:	1e5e1b42cfb88b5072dadeb281779586616fc8a3493f66ee17557a19d9abc27d
MD5 hash:	85e6dec7d2e9d6a930ae1a7b4c9e6ce9
MIME type:	text/xml
Signature	ACRStealer

File name:	KDC.adml
File size:	10'440 bytes
SHA256 hash:	db2f6e21fdb453cd8e67c278038547d12eb5c58c1d0280776670d618aeded64f
MD5 hash:	7783b0d4b182be9230a649d6e8dc56ad
MIME type:	text/xml
Signature	ACRStealer

File name:	Biometrics.adml
File size:	4'309 bytes
SHA256 hash:	4222d7c39b72f570c01f76ee084278bd32619d039f197a1aae0b508c4e2caf32
MD5 hash:	c32f834c78dc4db3c12084ab5115e4a5
MIME type:	text/xml
Signature	ACRStealer

File name:	StartMenu.adml
File size:	54'118 bytes
SHA256 hash:	030e413af912ffcbfdb98b2e96a898b6826f7653c1ed021f4ceedcc7b8c2127e
MD5 hash:	41f89434f7fd242c4772afb8152909bd
MIME type:	text/xml
Signature	ACRStealer

File name:	QOS.adml
File size:	22'100 bytes
SHA256 hash:	39b7a57e44813affef1380fc4a2ce929edaaab031b457c50381a76996fd6b654
MD5 hash:	5a29bfd51f48a0377276834f0b8baf80
MIME type:	text/xml
Signature	ACRStealer

File name:	Sidebar.adml
File size:	2'181 bytes
SHA256 hash:	70198bcd06b06cbbfbe1ccdddc0815d3bb2239cad51403e32340c20b892a06d9
MD5 hash:	ff097ecd6b6d14beeb70b111deb1ee8c
MIME type:	text/xml
Signature	ACRStealer

File name:	MediaCenter.adml
File size:	1'133 bytes
SHA256 hash:	dd91079c05795bd2bba3c3f0a7167a5b8760a540c2e3000f379d4058d2e67258
MD5 hash:	7efc78cee6a256186f169d12466f667d
MIME type:	text/xml
Signature	ACRStealer

File name:	Servicing.adml
File size:	2'386 bytes
SHA256 hash:	0fb29a9479b51033fde4838e9e61d1d382b173ef4f43c00799ef97940f0e498c
MD5 hash:	c16e4d55b366521038b07e5b2eaa4d1a
MIME type:	text/xml
Signature	ACRStealer

File name:	lib_TSCommunication_sdk.dll
File size:	1'134'864 bytes
SHA256 hash:	9e08e9c16bb2b5f02bf7c9122f0460eed720827bae8e9c826dc6463c98ae4ca9
MD5 hash:	baca87b0b1135ee07f1cd7a7fa06671e
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Flibkair.gih
File size:	1'328'146 bytes
SHA256 hash:	2a30b70b27e83fdec4519ddfe2b1441df8a466c3ecfeacbdc300d534417f7b0e
MD5 hash:	0cf44708ca5cb47efd20a83c5ad145a8
MIME type:	application/octet-stream
Signature	ACRStealer

File name:	VolumeEncryption.adml
File size:	97'809 bytes
SHA256 hash:	cc9bcbdb2fbbd9b3a529cfefaee37231be9d712840e0fbd456d8af9947e15f14
MD5 hash:	11cdf6a637203126a5f35982f599c1af
MIME type:	text/xml
Signature	ACRStealer

File name:	SoundRec.adml
File size:	1'152 bytes
SHA256 hash:	f44e48d84c8a5914aaebc31206f09194dc1041f3dea70ad7ecd0e402ee3df165
MD5 hash:	9c112ed54f6d15614fba9b6aa1cdfbb0
MIME type:	text/xml
Signature	ACRStealer

File name:	DWM.adml
File size:	4'823 bytes
SHA256 hash:	844bf77e54e0c353537b0d1349f0173049dd36c0cb64eaee900663cd0a227ab4
MD5 hash:	8c0c1f2ac3237b8aa71f88a5650c0e68
MIME type:	text/xml
Signature	ACRStealer

File name:	P2P-pnrp.adml
File size:	15'965 bytes
SHA256 hash:	d262b118b555e83840a9ac077963b0e50f589c09950f77eb5865d25776d1a78b
MD5 hash:	4ce12cd17365ae6e6c922ae0c3d70110
MIME type:	text/xml
Signature	ACRStealer

File name:	WinLogon.adml
File size:	8'978 bytes
SHA256 hash:	0e5ba42e689b38880e0dcb236fc16c4eb9e1809dc94cfcf5aa511b79fafba26f
MD5 hash:	ad266ac436809bbdc0a19a05e80904a8
MIME type:	text/xml
Signature	ACRStealer

File name:	Pruseer.smqo
File size:	16'956 bytes
SHA256 hash:	4428c058d79f3de5041051f45085b9bdc523b326df7e604aa960068cc94fa616
MD5 hash:	85ee0e5132d06688c409fe724732a444
MIME type:	application/octet-stream
Signature	ACRStealer

File name:	UserProfiles.adml
File size:	43'896 bytes
SHA256 hash:	d9459ccad7106cc5a8665076c9d74c39d211d11a6f33870385528389826264d9
MD5 hash:	5f55e2d434e9be9d2ac4108c2ae42106
MIME type:	text/xml
Signature	ACRStealer

File name:	TabletPCInputPanel.adml
File size:	14'958 bytes
SHA256 hash:	c170a92e97b43769613f0217d452b39d28a856ad93e95c0cd2e9a40fcc04e6a0
MD5 hash:	0f06155d65fca728f2d46f0a96f4801b
MIME type:	text/xml
Signature	ACRStealer

File name:	devtools_resources.pak
File size:	6'175'880 bytes
SHA256 hash:	94b15729530fcf90d11156d38ffd0152ace21182ee44e63c51dc5e2af25345d2
MD5 hash:	731a70d555b49a74607efa43d407948f
MIME type:	application/octet-stream
Signature	ACRStealer

File name:	Securitycenter.adml
File size:	2'466 bytes
SHA256 hash:	f49034ef8c96f7e5a19afb7873afb1a3f289630390e36c163b12fd2ddc15637a
MD5 hash:	bb7c4cf9b3ddfefae5ff4c38b5026eb3
MIME type:	text/xml
Signature	ACRStealer

File name:	TerminalServer-Server.adml
File size:	19'641 bytes
SHA256 hash:	e827705fa042fdd68c493b5f0159fe68b10f6b310c957a7f23f45f20db14666e
MD5 hash:	f835ca2b1226b25600345f974b8706c4
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsMediaPlayer.adml
File size:	22'067 bytes
SHA256 hash:	ac668c6094254bed8d12f1bf3b6d8e60b552c288acf47fab101ab889ba9d824e
MD5 hash:	2e98c6915989ddc7243efcc53275a5fc
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsColorSystem.adml
File size:	1'427 bytes
SHA256 hash:	dff8fe621764236769b2c17aec64c4a8496dd967cf2d3eb9e2f8103bd503e12c
MD5 hash:	39eddc1eba0c76841d195659381a44b5
MIME type:	text/xml
Signature	ACRStealer

File name:	icudtl.dat
File size:	10'717'680 bytes
SHA256 hash:	7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9
MD5 hash:	74bded81ce10a426df54da39cfa132ff
MIME type:	application/octet-stream
Signature	ACRStealer

File name:	PerformanceDiagnostics.adml
File size:	8'181 bytes
SHA256 hash:	29f060d6a4ca93a94f33d46150af949b5f2eb63214af05c5700e552555f81c54
MD5 hash:	1242b4e18bc034195d7064e4cdeb8b92
MIME type:	text/xml
Signature	ACRStealer

File name:	DiskQuota.adml
File size:	9'312 bytes
SHA256 hash:	9ea35d39fab49421022e213be5b8a66404b41beb2202e17c94bf557fb8c349c4
MD5 hash:	40ca6688dcc63c37adc92b8ce44a47e1
MIME type:	text/xml
Signature	ACRStealer

File name:	TabletShell.adml
File size:	6'673 bytes
SHA256 hash:	88f472a0da1243ea84662ae4d730d6b86ee53e1901d7cc73eea724218bd9ebe4
MD5 hash:	166e80c965ced6606c2da93d9a03b421
MIME type:	text/xml
Signature	ACRStealer

File name:	hotspotauth.adml
File size:	1'509 bytes
SHA256 hash:	8a6601421a6de212b6b1ff4990ed462251f3c4c75cb37d7bba0afc814b0c50f1
MD5 hash:	c8f213bdf5b362440a28d5d5fdd86fb8
MIME type:	text/xml
Signature	ACRStealer

File name:	GameExplorer.adml
File size:	1'897 bytes
SHA256 hash:	9f9f0778aba650963783d793c7253ca72b4a7cef436a4e34d4b5aea6dd65bb95
MD5 hash:	85ee206ddbf793929ac0467a02312d46
MIME type:	text/xml
Signature	ACRStealer

File name:	EAIME.adml
File size:	7'775 bytes
SHA256 hash:	f54ffc98753d1f03710f912f456b1639b18ec692d2e41ff529a79c5ba8a38b8b
MD5 hash:	a2f0fa1f7b955635baef6d42e1019fad
MIME type:	text/xml
Signature	ACRStealer

File name:	LeakDiagnostic.adml
File size:	1'590 bytes
SHA256 hash:	1fad47d1bcfc5110370b1e428f800dd67b65037c2c029c39355d1f0af51b4712
MD5 hash:	fab2c03a061cf266e4bf99d9ad8410cc
MIME type:	text/xml
Signature	ACRStealer

File name:	EncryptFilesonMove.adml
File size:	1'260 bytes
SHA256 hash:	e32ecf04721c0695c125f1f8e3ecc0ed14179fc85045c1c44c0d4ccdaa74d085
MD5 hash:	f09a4e370d3321a61fc7456b9a007360
MIME type:	text/xml
Signature	ACRStealer

File name:	Printing.adml
File size:	33'066 bytes
SHA256 hash:	90d12a7bc2ecae124c62a43069fcd48e3aaa6f214325372ea82e5727f290d184
MD5 hash:	587143e4c31af88a0591c34f205db7fb
MIME type:	text/xml
Signature	ACRStealer

File name:	fthsvc.adml
File size:	1'812 bytes
SHA256 hash:	1264f3a19797d8daee79006048cf0430fc85d1fa8aac8c64c5a60351c7753901
MD5 hash:	418d7ac091847ab77d095c57fa41a684
MIME type:	text/xml
Signature	ACRStealer

File name:	Cpls.adml
File size:	1'585 bytes
SHA256 hash:	ef075f5436a4117c29f2d6689a8ed6acc3ba22eafbdeea20c2349dba5cfe1f33
MD5 hash:	3a236d3ed9a6eae336de47bd71132d58
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-locale-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	f16447b5fc7fe6fb8a6699a3cef1b2b8ba92d408579bcc272d3dd76acd801e2a
MD5 hash:	c5d747f96237b6e9aa85c58745d30c80
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	api-ms-win-crt-environment-l1-1-0.dll
File size:	18'384 bytes
SHA256 hash:	6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
MD5 hash:	ad0cbb9978fcf60d9e9ca45de6a28d30
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Scripts.adml
File size:	12'538 bytes
SHA256 hash:	ebc840298b0a1fb37f1db1df288fc5faea981b2f8ae4be9e0e07d11a1e9e0fb5
MD5 hash:	6b1c987d0c322dd0dd627ec2020f90ac
MIME type:	text/xml
Signature	ACRStealer

File name:	OfflineFiles.adml
File size:	50'909 bytes
SHA256 hash:	169924eb41bd644647f5f4710438c757f1c3bef0196d4d09cbf9b52d05d17a47
MD5 hash:	845935d73456e658b4dd9cb27224cbf7
MIME type:	text/xml
Signature	ACRStealer

File name:	Programs.adml
File size:	7'022 bytes
SHA256 hash:	5ee2df374170a87f773008d43aebebef3e1c451f0e9a530b6f2cd5c1601e0012
MD5 hash:	14d4b2677604a342b26891efc3597078
MIME type:	text/xml
Signature	ACRStealer

File name:	nca.adml
File size:	8'481 bytes
SHA256 hash:	6e3e490033e86709bbead8a1ca4f35dd478297bd932a76c3d9942dd59f8ac27f
MD5 hash:	913c464cfbd79fbb24dddb6a91d1c375
MIME type:	text/plain
Signature	ACRStealer

File name:	api-ms-win-core-string-l1-1-0.dll
File size:	17'872 bytes
SHA256 hash:	3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
MD5 hash:	2e5c29fc652f432b89a1afe187736c4d
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	Reliability.adml
File size:	5'310 bytes
SHA256 hash:	3fc94a050b5b845bf0d21ab6d0718a5bc0fd292624a6aa4e7d8e06317de34863
MD5 hash:	0b7db39b4e35b6787c19c79280664c11
MIME type:	text/xml
Signature	ACRStealer

File name:	Conf.adml
File size:	10'980 bytes
SHA256 hash:	032f6bb5fba082ca24ea70f6cbdc25e913fd43b68a44582ab30aeb29509fc2ed
MD5 hash:	797657fcfbc025f92f896b0095d1f6e4
MIME type:	text/xml
Signature	ACRStealer

File name:	EdgeUI.adml
File size:	4'475 bytes
SHA256 hash:	59b4266a7e379e4047910594d63b44f4a251684a3c97f74cc16585b2779871ad
MD5 hash:	47245202b642c2b6443c63a220226b22
MIME type:	text/xml
Signature	ACRStealer

File name:	WindowsUpdate.adml
File size:	34'731 bytes
SHA256 hash:	2aec8dcd9608b57d3d65321b399faa530552027f0e3ca814f477816df803e201
MD5 hash:	1b4df1c94fae81c341abea40c9adad9c
MIME type:	text/xml
Signature	ACRStealer

File name:	Msi-FileRecovery.adml
File size:	3'082 bytes
SHA256 hash:	1fa3057260f8642adaf7c30d68cbdf5703bcbe983acbeb0335fd31347d8ce4cb
MD5 hash:	da778ed24de53ef1baf75408032e34a8
MIME type:	text/xml
Signature	ACRStealer

File name:	PenTraining.adml
File size:	1'208 bytes
SHA256 hash:	a00bb104395f6dc86af2921893af3bc129d7a2a2ddfa5cca22ff6d055af11e31
MD5 hash:	7b4ec129e00834b2e499bebce8e75083
MIME type:	text/xml
Signature	ACRStealer

File name:	api-ms-win-crt-multibyte-l1-1-0.dll
File size:	26'064 bytes
SHA256 hash:	c6b4e1d903b3cc83bfaffbe4e82eee634cff8f97f12217caa45b464ddc4e1455
MD5 hash:	9e9c6f83a015029808f5257f7b7e39c6
MIME type:	application/x-dosexec
Signature	ACRStealer

File name:	sdiageng.adml
File size:	3'289 bytes
SHA256 hash:	f2483555c3531d0821703d3696acbfe5528a031d762661249cd6df8434accfc3
MD5 hash:	145eb767dfaac5b7d79a9df8c4fd6504
MIME type:	text/xml
Signature	ACRStealer

File name:	Snmp.adml
File size:	5'042 bytes
SHA256 hash:	205a6ccff312fb39d59b754925b871ca51845deb5224ec0bf41b48be64589c7d
MD5 hash:	c5f44a83c74633615bb7005a8530b912
MIME type:	text/xml
Signature	ACRStealer

File name:	AnyDataRecoverySDK.dll
File size:	3'941'648 bytes
SHA256 hash:	7d27dfa5fa896af9fcf1e9928ab0606ed69b594cab8e466e04475d317bf65add
MD5 hash:	7449e2d4b4d2b930e216017e3be7ace2
MIME type:	application/x-dosexec
Signature	ACRStealer

Vendor Threat Intelligence

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6862863a0fceda814b47468c

Tags:

infosteal

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/91f3f3ff1e71683ab7a9a11b83792835

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/168d0a4c71f4257fef77d64a85bfb52d570f07581156b8d2abd4168422845f83/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2025-07-12 01:14:00 UTC

File Type:

Binary (Archive)

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=c2gqutdr6qsx733x2zfilp5vfvlq6b2ycfllruvl2qliiiuel6bq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	botnet_plaintext_c2 Create hunting rule
Author:	cip
Description:	Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang Create hunting rule

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	identity_golang Create hunting rule
Author:	Eric Yocam
Description:	find Golang malware

Rule name:	Indicator_MiniDumpWriteDump Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)