Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'Unlock26 ransomware'

malicious

Threat Score: 100/100 AV Detection: 86% Labeled as: Trojan.CryptXXX #Unlock26 #ransomware #upx

Unlock26 ransomware

This report is generated from a file or URL submitted to this webservice on February 23rd 2017 14:05:36 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v6.10 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Fingerprint: Reads the active computer name
Reads the cryptographic machine GUID

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 7
Environment Awareness
- The input sample contains a known anti-VM trick
  
  details
  
  "Found VM detection artifact "CPUID trick" in "Unlock26 ransomware.exe.bin" (Offset: 399420)
  
  source
  
  Binary File
  
  relevance
  
  5/10
External Systems
- Sample was identified as malicious by a large number of Antivirus engines
  
  details
  
  19/58 Antivirus vendors marked sample as malicious (32% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  19/58 Antivirus vendors marked sample as malicious (32% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Contains ability to start/interact with device drivers
  
  details
  
  DeviceIoControl@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  8/10
Pattern Matching
- YARA signature match
  
  details
  
  YARA signature "UPX" classified file "Unlock26 ransomware.exe.bin" as "upx" based on indicators: "UPX0,UPX1,UPX!" (Author: Kevin Breen <kevin@techanarchy.net>)
  
  source
  
  YARA Signature
  
  relevance
  
  10/10
Unusual Characteristics
- Entrypoint in PE header is within an uncommon section
  
  details
  
  "Unlock26 ransomware.exe.bin" has an entrypoint in section "UPX1"
  
  source
  
  Static Parser
  
  relevance
  
  5/10
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 17
Anti-Reverse Engineering
- PE file has unusual entropy sections
  
  details
  
  UPX1 with unusual entropies 7.77471507287
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- PE file is packed with UPX
  
  details
  
  "Unlock26 ransomware.exe.bin" has a section named "UPX0"
  "Unlock26 ransomware.exe.bin" has a section named "UPX1"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
Environment Awareness
- Reads the active computer name
  
  details
  
  "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "firefox.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
- Reads the cryptographic machine GUID
  
  details
  
  "<Input Sample>" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
General
- Opened the service control manager
  
  details
  
  "firefox.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
  
  source
  
  API Call
  
  relevance
  
  10/10
- Reads configuration files
  
  details
  
  "<Input Sample>" read file "%PROGRAMFILES%\desktop.ini"
  "<Input Sample>" read file "%ALLUSERSPROFILE%\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\ABCPY.INI"
  
  source
  
  API Call
  
  relevance
  
  4/10
- Requested access to a system service
  
  details
  
  "firefox.exe" called "OpenService" to access the "Sens" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
  "firefox.exe" called "OpenService" to access the "RASMAN" service
  
  source
  
  API Call
  
  relevance
  
  10/10
System Destruction
- Opens file with deletion access rights
  
  details
  
  "<Input Sample>" opened "C:\$Recycle.Bin\S-1-5-21-4162757579-3804539371-4239455898-1000\desktop.ini" with delete access
  "<Input Sample>" opened "C:\autoexec.bat" with delete access
  "<Input Sample>" opened "C:\MSOCache\All Users\{90140000-0012-0000-0000-0000000FF1CE}-C\ose.exe" with delete access
  "<Input Sample>" opened "C:\MSOCache\All Users\{90140000-0012-0000-0000-0000000FF1CE}-C\setup.exe" with delete access
  "<Input Sample>" opened "C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe" with delete access
  "<Input Sample>" opened "C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\Setup.ini" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\ABCPY.INI" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\setup.exe" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Oracle\Java\javapath\java.exe" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Oracle\Java\javapath\javaw.exe" with delete access
  "<Input Sample>" opened "%USERPROFILE%\Oracle\Java\javapath\javaws.exe" with delete access
  
  source
  
  API Call
  
  relevance
  
  7/10
System Security
- Modifies proxy settings
  
  details
  
  "<Input Sample>" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "<Input Sample>" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
- Queries sensitive IE security settings
  
  details
  
  "<Input Sample>" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
  
  source
  
  Registry Access
  
  relevance
  
  8/10
Unusual Characteristics
- Imports suspicious APIs
  
  details
  
  VirtualProtect
  GetProcAddress
  LoadLibraryA
  ShellExecuteW
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Reads information about supported languages
  
  details
  
  "<Input Sample>" (Path: "HKCU\CONTROL PANEL\INTERNATIONAL\GEO"; Key: "NATION")
  "firefox.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
Hiding 5 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 16
Anti-Reverse Engineering
- Contains ability to register a top-level exception handler (often used as anti-debugging trick)
  
  details
  
  SetUnhandledExceptionFilter@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  SetUnhandledExceptionFilter@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  SetUnhandledExceptionFilter@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
Environment Awareness
- Contains ability to query machine time
  
  details
  
  GetSystemTimeAsFileTime@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetSystemTimeAsFileTime@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query the machine version
  
  details
  
  GetVersion@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query the system locale
  
  details
  
  GetUserDefaultLCID@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  EnumSystemLocalesA@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetUserDefaultLCID@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  EnumSystemLocalesA@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetUserDefaultLCID@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Makes a code branch decision directly after an API that is environment aware
  
  details
  
  Found API call GetVersion@KERNEL32.DLL (Target: "Unlock26 ransomware.exe"; Stream UID: "00018059-00001484-51950-3577-011C34C0")
  which is directly followed by "cmp eax, 80000000h" and "jnc 011C35B8h". See related instructions: "...
  +127 call 01233A4Fh
  +132 add esp, 10h
  +135 mov byte ptr [esp+00000103h], 00h
  +143 call dword ptr [0126B038h] ;GetVersion
  +149 cmp eax, 80000000h
  +154 jnc 011C35B8h" ... from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Possibly tries to detect the presence of a debugger
  
  details
  
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from Unlock26 ransomware.exe (PID: 1484) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
General
- Creates a writable file in a temporary directory
  
  details
  
  "<Input Sample>" created file "%TEMP%\ReadMe-Q1u.html"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\d3da77d4f38e1e7bf42125ebb8a5611f786fdeba06005fd3d4dabb81506c97ee"
  "\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\FirefoxStartupMutex"
  "\Sessions\1\BaseNamedObjects\Global\MozillaUpdateMutex-aeVcDEW6vlSu+PLYtSFCvWhPsG0="
  "\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!roaming!microsoft!windows!cookies!"
  "\Sessions\1\BaseNamedObjects\Local\c:!users!pspubws!appdata!local!microsoft!windows!history!history.ie5!"
  "\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
  "\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
  "\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
  "\Sessions\1\BaseNamedObjects\RasPbFile"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Launches a browser
  
  details
  
  Launches browser "firefox.exe" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
- Spawns new processes
  
  details
  
  Spawned process "firefox.exe" with commandline "-osint -url "%TEMP%\ReadMe-Q1u.html"" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Connects to LPC ports
  
  details
  
  "<Input Sample>" connecting to "\ThemeApiPort"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Dropped files
  
  details
  
  "desktop.ini" has type "data"
  "autoexec.bat" has type "data"
  "Tulips.jpg" has type "data"
  "ReadMe-Q1u.html" has type "HTML document ASCII text with very long lines with no line terminators"
  "extensions.json.tmp" has type "ASCII text with very long lines with no line terminators"
  "uxeventlog.txt" has type "data"
  "Jellyfish.jpg" has type "data"
  "Setup.ini" has type "data"
  "places.sqlite" has type "SQLite 3.x database"
  "dd_depcheck_NETFX30_EXP_35.txt" has type "data"
  "extensions.ini.tmp" has type "ASCII text with CRLF line terminators"
  "cert8.db" has type "Berkeley DB 1.85 (Hash version 2 native byte-order)"
  
  source
  
  Binary File
  
  relevance
  
  3/10
- Touches files in the Windows directory
  
  details
  
  "<Input Sample>" touched file "%WINDIR%\system32\rsaenh.dll"
  "<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
  "<Input Sample>" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
  "<Input Sample>" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
  "<Input Sample>" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "http://www.openssl.org/"
  Heuristic match: "up.nO"
  
  source
  
  String
  
  relevance
  
  10/10
System Security
- Opens the Kernel Security Device Driver (KsecDD) of Windows
  
  details
  
  "<Input Sample>" opened "\Device\KsecDD"
  
  source
  
  API Call
  
  relevance
  
  10/10
Unusual Characteristics
- Matched Compiler/Packer signature
  
  details
  
  "Unlock26 ransomware.exe.bin" was detected as "UPX v1.25 (Delphi) Stub"
  
  source
  
  Static Parser
  
  relevance
  
  10/10

File Details

All Details:

Unlock26 ransomware

Filename: Unlock26 ransomware
Size: 537KiB (549606 bytes)
Type: peexe executable
Description: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Architecture
: WINDOWS
SHA256
: d03d843a0abfcd2308dfbedc5b6dc6c128e340f875542c7c94cf2c65791bed68
MD5
: 5af7a3aeb21f380833f31434fe82e919
SHA1
: 2687f7e46d9ad4987d4de3b2db2b6e2a2ba8f1a7
ssdeep
: 12288:HFHSMBmninxdL1+oxBbbNxcFKMRjpFwEEZe49EYdve9p:pSMBpnxPPuKMRjpAe49ECUp
imphash
: cda4586f07d21bae0846fbd0150f0b6d
authentihash
: 606fdb66814be59c7927e29db95d51a5fb99e3983730eeb14fb76f8dac66d7b6
Compiler/Packer
: UPX v1.25 (Delphi) Stub

Resources

Language
: ENGLISH
Icon

Visualization

Input File (PortEx)

Classification (TrID)

41.7% (.EXE) UPX compressed Win32 Executable
37.7% (.EXE) Win64 Executable (generic)
8.9% (.DLL) Win32 Dynamic Link Library (generic)
6.1% (.EXE) Win32 Executable (generic)
2.7% (.EXE) Generic Win/DOS Executable

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5	Characteristics
Name UPX0 Entropy 0 Virtual Address 0x1000 Virtual Size 0x85000 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	UPX0	0	0x1000	0x85000	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name UPX1 Entropy 7.77471507287 Virtual Address 0x86000 Virtual Size 0x86000 Raw Size 0x85800 MD5 7fda7959e9abaefe877a6659f37b1f34	UPX1	7.77471507287	0x86000	0x86000	0x85800	7fda7959e9abaefe877a6659f37b1f34	-
Name .rsrc Entropy 4.36854453234 Virtual Address 0x10c000 Virtual Size 0x1000 Raw Size 0x400 MD5 3903e3d365f836b957e4c4ed72a8f5fc	.rsrc	4.36854453234	0x10c000	0x1000	0x400	3903e3d365f836b957e4c4ed72a8f5fc	-

File Imports

ReportEventA

ExitProcess

GetProcAddress

LoadLibraryA

VirtualProtect

CoInitialize

ShellExecuteW

MessageBoxA

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 2 processes in total (System Resource Monitor).

Unlock26 ransomware.exe (PID: 1484)
- firefox.exe -osint -url "%TEMP%\ReadMe-Q1u.html" (PID: 3056)

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

Download All Memory Strings (2.8KiB)

!"#$%&'()*+,-./

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!$L<xtX<XtT4a

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!)#)?)G)])e)i)o)u)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!+-=?OUiy

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!19=IWacgou{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"!"%"+"1"9"K"

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

",v3\v3H

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"4?@@677X

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"t@PAD@_bi

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"Vr:#555;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#%+/5CIMOUY_k

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#'#)#/#3#5#E#Q#S#Y#c#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#-->55M---

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#.-2:&00(9/0_10

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#0A 6i

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#1 RSA_rs

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#3 DH

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#7 SIGNED Dq

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#__unalC.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

#zWPj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

$)$=$A$C$M$_$g$k$y$}$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

$`(1'9'6?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

$alDriveStrIs

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

$i ElectronAw

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

%'%1%=%C%K%O%s%

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

%02d%02d%02d%02d%02d%02dZ

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

%04d%02d%02d%02d%02d%02dZ

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

%s'po) != NULL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

%s(%d): OpenSSL internal error, assertion failed: %s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

%s0x%lx)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

&(BP)6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

&,PV

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

&jl66Z~??A

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

' ) - 3 G M Q _ c e i w }

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'5'7'M'S'U'_'k'

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'::random_

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'Archive C

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'assockb

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'fPSh

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'l4BC (default

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

's2

Ansi based on Runtime Data (Unlock26 ransomware.exe )

'S7"dC"f7#7

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(!(1(=(?(I(Q([(](a(g(

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(((A/(0K9O

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(?>?|[

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(`_7.86l?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(G\(,0-s('

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(hybrid):

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(KSUBTREE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(l`n_RaY-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(Nega

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(Qjp7QMgHaDRP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(use MSIL`

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(V?4ENSIO6P

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(x$xj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

),W^

Ansi based on Runtime Data (Unlock26 ransomware.exe )

).*\.lnk$)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

)1s<u

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

)?TO

Ansi based on Runtime Data (Unlock26 ransomware.exe )

)D;D?DEDKDQDSDYDeDoD

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

)}(j1,xjU

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

*%*/*O*U*_*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

*lWo

Ansi based on Runtime Data (Unlock26 ransomware.exe )

+'+1+3+=+?+K+O+U+i+m+o+{+

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+7VFW,RfL`E

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+BWmi

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+placeOfBir%3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+rs

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+Smartcardlog

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+sn_packM

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+VE!@<J

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

, Type=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

,#4);}#r{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,'`S7

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,+WscGetSecurityP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,\"hD03U*FGB

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,Arial,sans-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,name:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

,value:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

-'-ccLK.1

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

-;-C-I-M-a-e-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

-dwi

Ansi based on Runtime Data (Unlock26 ransomware.exe )

-osint -url "%TEMP%\ReadMe-Q1u.html"

Ansi based on Process Commandline (firefox.exe)

-RMovS

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.$;K<4#.)$)^

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.%.-.3.7.9.?.W.[.o.y.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.\crypto\asn1\a_bitstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_dup.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_gentm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_int.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_mbstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_object.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_time.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_utctm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\bio_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\evp_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_dec.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_new.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\b_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bf_buff.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bio_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_file.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_mem.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_add.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_ctx.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_div.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_exp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gcd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gf2m.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mont.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_rand.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_recp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_shift.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buf_str.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buffer.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_dd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_io.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_pwri.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_sd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_api.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_def.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cryptlib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_win32.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec2_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ecp_smpl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_init.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_table.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_asnmth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_cipher.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_pkmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\err\err.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.\crypto\evp\bio_b64.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\encode.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_pbe.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\m_sigver.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_fn.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ex_data.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hm_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hmac.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\lhash\lhash.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\mem_dbg.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_dat.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pss.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_saos.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\stack\stack.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509_att.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509name.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_bitst.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_conf.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_ia5.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_purp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_skey.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.onion.casaTbr><

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.rsrc

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.wrap{maxf:46

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

/,5,9,A,W,Y,i,w,

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/.~y/-||//t

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/0_N

Ansi based on Runtime Data (Unlock26 ransomware.exe )

/353A3G3[3_3g3k3s3y3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/4zsP$a[

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/?/

Ansi based on Runtime Data (Unlock26 ransomware.exe )

/css">.!{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/DHBa_MaO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/internal Hor,

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/M#J#A'L5T+(Y/`^"<,0=#aK

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/o,<#*;Uu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

0)M$0D^|2

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

00#0)070;0U0Y0[0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

0123456789abcdef

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

0123456789ABCDEF

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

0____

Ansi based on Image Processing (screen_5.png)

0K7#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

0L$8Y;0040

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1!1'1-191C1E1K1]1a1

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1-94 with

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

123456789ABCDEFF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1400..10

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

145C-4c5e-B005-3BC753F42475}-onc

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1^.F

Ansi based on Runtime Data (Unlock26 ransomware.exe )

1IGP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1onomous:Nu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

2)252Y2]2c2k2o2u2w2{2

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

272onb239

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

312X509V3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

3_Locimp@l

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

3fN"yf8/|

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

3L+'@.relo(

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

4+,D

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

474E4U4W4c4

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

4?+Pj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

4LD,s0AJ;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

4R:haliased;c

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

4WSRUQe,R

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

5-535;5A5Q5e5o5q5w5{5}5

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

5676;6M6O6S6Y6a6k6m6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

5=A3/$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

6 block transform

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

6+Oscar-0/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

61kg1*/||-yz)#s}s{ $y]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

64OMD2'xB

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

6m___0____

Ansi based on Image Processing (screen_5.png)

6Y?9,t;hj&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

79EVP_MAX_IV_LENGTo

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

7?7E7I7O7]7a7u7

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

7__J__J

Ansi based on Image Processing (screen_5.png)

7_ATTR_VERIFYi

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

7D}2teHtFHt&Hu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

7K8k>::::CAk9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

8;D$@u;T$7

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

8],#

Ansi based on Runtime Data (Unlock26 ransomware.exe )

8^?kalia

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

8e o`D.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

8Pt8O1O~Q

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

8ZHH4ZHI,C

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

9#9%9)9/9=9A9M9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

92?TVC}

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

9|$$v]O

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:':+:1:K:Q:[:c:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:CorExitP&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

:qdbibeKe

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

;!;#;-;9;E;S;Y;_;q;{;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;&?&K&S&Y&e&i&o&{&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;'gdsi

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;d22Vt::N

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;lacterwic-two-I

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;Sing98&User

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

<!DOCTYPE html><html><head><title>Your data was locked!</title><style type="text/css">.submit{text-decoration:none;display:inline-block;padding:1.1em 2em 1.1em;font-size:0.8em;font-weight:bold;line-height:0.9em;color:#555;vertical-align:text-bottom;background:#fff;border:1px solid #d3d3d3;border-radius:2px;outline:none;-webkit-transition:background 0.2 sease;transition:background 0.2 sease;-webkit-font-smoothing:antialiased;cursor:pointer;margin:20px;margin-top:0px;}.wrap{max-width:460px;margin:40px auto 0;box-shadow:0 2px 20px rgba(0,0,0,0.1);border-radius:2px;background:#fff;text-align:center;color:#2f373b;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:15px;}body{background-color:#d9dbdd;background-image:radial-gradient(circle,#fff,#d9dbdd);}#r{border-bottom:1px solid rgba(0,0,0,0.1);}.t2{margin-bottom:3px;font-weight:600;color:#000;}.status{background-color:#f87056;color:#b41c1c;font-size:18px;}.status p{margin:20px 02 4px;padding:20px;}</style></head><body><div class="wrap"><div class="pre-captcha-wrapper"><div class="captcha-wrapper"><div class="status"><p>Your data was locked!</p></div><div id="r"><pid="t2">To unlock your data follow the instructions below</p></div><p id="t1">Go to one of this sites</p><a class="submit"href="https://unlock26ozqwoyfv.onion.to/?signature=bBgeMVz6jn6FdpdKuyf7reokFcevpgqJEfZiyLAeoPYlMOw9bNFF9d2qVc5a1I@Dm@M9RwqFv@BjJPc3PFbq4E2I5QWuaYR-PnqEcQGSCwcEqDIr57O-yCJd2RgYGdGKetoKeRc6mDnL@zy0Mp16Ni47jT4g69Fh8hoyAKK9cBiM@Bt2pzETV4Ptysv8WNy0nUuNa5LThQsTz-9URo7p4e0wHila4FPCDyrV9osrfHb980drsuO53KloFzJZhRIPT3yZjyPEXNqFrqsz@XVkM-FoTH6suexXWP1hbKlC9vmEvG8NvOc5mD3WM2-9x9stK3UnUHt5DcvvGsgp8MzxrPNk2@LuszQquv9plTCyHt22gW27ej91BH8GyhXXP4YoF2gG0lRiMOiLW@NRaXOzv9sdu2gkM3grnv@grzmXy2IQj5R0w9gK3gm4hmCndQ8VOkLb-P1OiAZhBjaMpvF@tdUe2OfKTJJydk-LGvcdzb@U2KOLE73t7@FO6cfq2yjQqMYjM6GF8s6Y516EpvwIsX-5DfO7klgoqQaDLzafGZIbMjs5BAIjLKDFptJqNYKJg-y@U@mfsVJruYGOeMNvf84fYLWjhq4-D970isqMoeAvf74p4mOjZL-DmbNd9lEVPlaSkQbU@9GAY1JkqW0FpkqiBcRMTyLWaeC1-AezQVo!">unlock26ozqwoyfv.onion.to</a><br><a class="submit"href="https://unlock26ozqwoyfv.onion.nu/?signature=bBgeMVz6jn6FdpdKuyf7reokFcevpgqJEfZiyLAeoPYlMOw9bNFF9d2qVc5a1I@Dm@M9RwqFv@BjJPc3PFbq4E2I5QWuaYR-PnqEcQGSCwcEqDIr57O-yCJd2RgYGdGKetoKeRc6mDnL@zy0Mp16Ni47jT4g69Fh8hoyAKK9cBiM@Bt2pzETV4Ptysv8WNy0nUuNa5LThQsTz-9URo7p4e0wHila4FPCDyrV9osrfHb980drsuO53KloFzJZhRIPT3yZjyPEXNqFrqsz@XVkM-FoTH6suexXWP1hbKlC9vmEvG8NvOc5mD3WM2-9x9stK3UnUHt5DcvvGsgp8MzxrPNk2@LuszQquv9plTCyHt22gW27ej91BH8GyhXXP4YoF2gG0lRiMOiLW@NRaXOzv9sdu2gkM3grnv@grzmXy2IQj5R0w9gK3gm4hmCndQ8VOkLb-P1OiAZhBjaMpvF@tdUe2OfKTJJydk-LGvcdzb@U2KOLE73t7@FO6cfq2yjQqMYjM6GF8s6Y516EpvwIsX-5DfO7klgoqQaDLzafGZIbMjs5BAIjLKDFptJqNYKJg-y@U@mfsVJruYGOeMNvf84fYLWjhq4-D970isqMoeAvf74p4mOjZL-DmbNd9lEVPlaSkQbU@9GAY1JkqW0FpkqiBcRMTyLWaeC1-AezQVo!">unlock26ozqwoyfv.onion.nu</a><br><a class="submit"href="https://unlock26ozqwoyfv.onion.casa/?signature=bBgeMVz6jn6FdpdKuyf7reokFcevpgqJEfZiyLAeoPYlMOw9bNFF9d2qVc5a1I@Dm@M9RwqFv@BjJPc3PFbq4E2I5QWuaYR-PnqEcQGSCwcEqDIr57O-yCJd2RgYGdGKetoKeRc6mDnL@zy0Mp16Ni47jT4g69Fh8hoyAKK9cBiM@Bt2pzETV4Ptysv8WNy0nUuNa5LThQsTz-9URo7p4e0wHila4FPCDyrV9osrfHb980drsuO53KloFzJZhRIPT3yZjyPEXNqFrqsz@XVkM-FoTH6suexXWP1hbKlC9vmEvG8NvOc5mD3WM2-9x9stK3UnUHt5DcvvGsgp8MzxrPNk2@LuszQquv9plTCyHt22gW27ej91BH8GyhXXP4YoF2gG0lRiMOiLW@NRaXOzv9sdu2gkM3grnv@grzmXy2IQj5R0w9gK3gm4hmCndQ8VOkLb-P1OiAZhBjaMpvF@tdUe2OfKTJJydk-LGvcdzb@U2KOLE73t7@FO6cfq2yjQqMYjM6GF8s6Y516EpvwIsX-5DfO7klgoqQaDLzafGZIbMjs5BAIjLKDFptJqNYKJg-y@U@mfsVJruYGOeMNvf84fYLWjhq4-D970isqMoeAvf74p4mOjZL-DmbNd9lEVPlaSkQbU@9GAY1JkqW0FpkqiBcRMTyLWaeC1-AezQVo!">unlock26ozqwoyfv.onion.casa</a><br><a class="submit"href="https://unlock26ozqwoyfv.hiddenservice.net/?signature=bBgeMVz6jn6FdpdKuyf7reokFcevpgqJEfZiyLAeoPYlMOw9bNFF9d2qVc5a1I@Dm@M9RwqFv@BjJPc3PFbq4E2I5QWuaYR-PnqEcQGSCwcEqDIr57O-yCJd2RgYGdGKetoKeRc6mDnL@zy0Mp16Ni47jT4g69Fh8hoyAKK9cBiM@Bt2pzETV4Ptysv8WNy0nUuNa5LThQsTz-9URo7p4e0wHila4FPCDyrV9osrfHb980drsuO53KloFzJZhRIPT3yZjyPEXNqFrqsz@XVkM-FoTH6suexXWP1hbKlC9vmEvG8NvOc5mD3WM2-9x9stK3UnUHt5DcvvGsgp8MzxrPNk2@LuszQquv9plTCyHt22gW27ej91BH8GyhXXP4YoF2gG0lRiMOiLW@NRaXOzv9sdu2gkM3grnv@grzmXy2IQj5R0w9gK3gm4hmCndQ8VOkLb-P1OiAZhBjaMpvF@tdUe2OfKTJJydk-LGvcdzb@U2KOLE73t7@FO6cfq2yjQqMYjM6GF8s6Y516EpvwIsX-5DfO7klgoqQaDLzafGZIbMjs5BAIjLKDFptJqNYKJg-y@U@mfsVJruYGOeMNvf84fYLWjhq4-D970isqMoeAvf74p4mOjZL-DmbNd9lEVPlaSkQbU@9GAY1JkqW0FpkqiBcRMTyLWaeC1-AezQVo!">unlock26ozqwoyfv.hiddenservice.net</a></div></div></div></body></html>

Ansi based on Dropped File (ReadMe-Q1u.html)

<)<5<C<O<S<[<e<k<q<

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<+t(<-t$:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<91@0pg2

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<<ERROR>>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<= xMD_SIZ

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo></assembly>PA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<at9<rt,<wf

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<INVALID]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<NULL>

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

<style \="text

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

= (int)sizeof(ctx->buf)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

=!=-=3=7=?=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

=99__

Ansi based on Image Processing (screen_0.png)

=a04@X

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

>#>)>/>3>A>W>c>e>w>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

>>>HERE>>>

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

>@u\F

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

?$num_getMistreambuf

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?,?m______

Ansi based on Image Processing (screen_5.png)

?/SVWUj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?0_

Ansi based on Image Processing (screen_5.png)

?7?;?=?A?Y?_?e?g?y?}?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?@o_SET_ANF,VU

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?_?______

Ansi based on Image Processing (screen_3.png)

?___?_

Ansi based on Image Processing (screen_0.png)

?___?_?__?__0_

Ansi based on Image Processing (screen_3.png)

?`]Dm

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?au(gp

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?d.x400IWdNS

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?it2!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?L`*+Gp

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

?T=4S<utx

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

?v__?,?_

Ansi based on Image Processing (screen_5.png)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

@! heap%

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@!@%@+@1@?@C@E@]@a@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@GetQueueStatu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@Module32

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@x`$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

[%s] %s=%s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

[[%s]]

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

[] closure

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

[ExtensionDirs]

Ansi based on Dropped File (extensions.ini.tmp)

[ExtensionDirs][ThemeDirs]Extension0=%PROGRAMFILES%\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[MultiprocessIncompatibleExtensions]

Ansi based on Dropped File (extensions.ini.tmp)

[MultiprocessIncompatibleExtensions]

Ansi based on Dropped File (extensions.ini.tmp)

[OMeAqCIni

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

[ThemeDirs]

Ansi based on Dropped File (extensions.ini.tmp)

[you should not |x

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

\3\wYlF's=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

\?Rece3'Cd.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

\lmNZ~^PF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

\ThemeApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

]_[9qH

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

]pWgjLY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

]S$\| Acc

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

^";*WT2^R

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

^'L)R5:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

^]Z]Wj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

_0,___q_______

Ansi based on Image Processing (screen_3.png)

_9~<<1 &{ h

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

_?m___q____?v____

Ansi based on Image Processing (screen_0.png)

_?T$8SNWR

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

__'_q,_'i'

Ansi based on Image Processing (screen_0.png)

__,f_tf_

Ansi based on Image Processing (screen_3.png)

___,,

Ansi based on Image Processing (screen_0.png)

___0?_

Ansi based on Image Processing (screen_3.png)

___0_

Ansi based on Image Processing (screen_3.png)

___0_JJ

Ansi based on Image Processing (screen_5.png)

_____

Ansi based on Image Processing (screen_3.png)

______

Ansi based on Image Processing (screen_5.png)

_______[

Ansi based on Image Processing (screen_3.png)

________q0_?___

Ansi based on Image Processing (screen_3.png)

____f

Ansi based on Image Processing (screen_5.png)

_a___

Ansi based on Image Processing (screen_0.png)

_B6i7>dC4

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_caseIgnoreIA5St(gSy

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_CIPHER_CTX_iv_length

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_cipher}l

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_d8inguisheYM

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_Gd@PAUHINSTAN

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_lock owns already

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_mp0k_Lk

Ansi based on Image Processing (screen_5.png)

_mport

Ansi based on Image Processing (screen_5.png)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

_OPENSSL_isservice

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

_QUALS

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_SERVICELOC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_sess_cert

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_Symbolicu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_y == 1 ||

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_Zu_uc_

Ansi based on Image Processing (screen_3.png)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

`S#_CONTENT'

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

`~!@#$%^&*()-_=+[]{};:'",./<>?uW`?q

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

a Firefox|Goog

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A regular expression cannot start with the alternation operator |.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

A repetition operator cannot be applied to a zero-width assertion.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

A v$v$ +v+

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A!A3A5A;A?AYAeAkAwA{A

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A/E/K/M/Q/W/o/u/}/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

a4_off + iP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A8G8K8S8W8_8e8o8q8}8

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aBhailed:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

AC Target

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ADVAPI32.dll

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ag*g*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aI73Djh0,R

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ALLUSERSPRO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

alpha

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Alternation operators are not allowed inside a DEFINE block.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

always_TI

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

AlwaysShowExt

Unicode based on Runtime Data (Unlock26 ransomware.exe )

An invalid combination of regular expression syntax flags was used.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

An invalid or unterminated recursive sub-expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

AndSpin63

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ANSI X9.6Oa;-X9-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Any Extended

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aomod-cmp200q7

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aReleaseCxl

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

art of OpenSSL 1.0.1u 22 Sep 20

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ASCII escape sequence terminated prematurely.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ask Alg

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

askGenAlg:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ass="submit"#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ass__Lnt

Ansi based on Image Processing (screen_5.png)

assembly d

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ATE REQUEST

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ategory@system2+T&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

atHCA RW'

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Attempt to access an uninitialzed boost::match_results<> class.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Attributes

Unicode based on Runtime Data (Unlock26 ransomware.exe )

AUTHORITY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

AutoDetect

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Ax#)V=)2>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aY9Iw\x4,(Y

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A|/faq.htmS.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

b <= sizeof ctx->final

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

B#B)B/BCBSBUB

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

b.net</a></div

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

b?A0xa7eda586o

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

bad cast

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bad exception

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bad locale name

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

BASIC ca

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

BC>/G<G6/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

bio\bss_ ;CERTIFIC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

bl <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Blowfish$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

boost unique_lock has no mutex

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost unique_lock owns already the mutex

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::construct

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::operator++

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to string

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to wstring

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::status

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::random_device:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::thread_resource_error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

BrowseInPlace

Unicode based on Runtime Data (Unlock26 ransomware.exe )

bs~%lu:%\D

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

by POSIX b

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C t~.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C%C'C3C7C9COCWCiC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C00k_es

Ansi based on Image Processing (screen_3.png)

C00k_Ls

Ansi based on Image Processing (screen_5.png)

c9RSA_blinding:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C:>tead|F.e0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C=o=s=u=y={=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CallForAttributes

Unicode based on Runtime Data (Unlock26 ransomware.exe )

CallJ7)s1

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Can't terminate a sub-expression with an alternation operator |.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Category

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ccs1G]Ps-=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

cd dvcs

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CE__@@P6AXPAX@Zk;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CEIPEnable

Unicode based on Runtime Data (Unlock26 ransomware.exe )

CF;\$$@D.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ch_results<> c

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Char=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Chec~

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Chrome|Edge

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

cipher

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ckJ64

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CoInitialize

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Com+Enabled

Unicode based on Runtime Data (Unlock26 ransomware.exe )

com+store

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ComputerName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

CONOUT$

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Content Type

Unicode based on Runtime Data (Unlock26 ransomware.exe )

CorExitProcess

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Could not acquire CSP context

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Could not release CSP context

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

cpeyambigu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CreateToolhelp32Snapshot

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

crossCert/Pai

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Cryptographic Service Provider

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ct-asciiText

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ct.bak|i,cache.db|ntuser.d|T

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ctx->buf_len <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_len >= ctx->buf_off

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off + i < (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off < (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buflen <= ctx->bufsize

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 || ctx->cipher->block_size == 16

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->digest->md_size <= EVP_MAX_MD_SIZE

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->length <= (int)sizeof(ctx->enc_data)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->tmp_len <= 3

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

cure device {

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CurrentThreadId3LastE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CWDIllegalInDLLSearch

Unicode based on Runtime Data (Unlock26 ransomware.exe )

d lova=puerto-\@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

D$IjD *S+

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

D&G7[

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

d.ediPartZ

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

D9|$4u9D$8

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

D:\libs\w

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Daten

Ansi based on Image Processing (screen_3.png)

DatLn

Ansi based on Image Processing (screen_5.png)

Day of month is not valid for year

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Day of month value is out of range 1..31

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

day:MonTue:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

DCtFx=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

debug_mal

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

DebugHeapFlags

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DecodePointer

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

DefaMLCV/l

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

default

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

DEFINE

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

DEK-In:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

deltaRevolList

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

des-ede3'"

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Description

Unicode based on Runtime Data (Unlock26 ransomware.exe )

destin*Ind\

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

DevicePath

Unicode based on Runtime Data (Unlock26 ransomware.exe )

dh_paramgen_generator

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

dh_paramgen_prime_len

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

dincorrectly.Pbw

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

DIRECTORYExw

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Disable

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DisableFixSecuritySettings

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DisableImprovedZoneCheck

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DisableMetaFiles

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DisableSecuritySettingsCheck

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DisableUserModeCallbackFilter

Unicode based on Runtime Data (Unlock26 ransomware.exe )

dnL*qS]Si.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

doapr()

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

DocObject

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DontPrettyPath

Unicode based on Runtime Data (Unlock26 ransomware.exe )

DqH1y

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Dr-pon7 {

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

DriveMask

Unicode based on Runtime Data (Unlock26 ransomware.exe )

dsa_paramgen_bits

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

dsa_paramgen_md

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

dsa_paramgen_q_bits

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

du2gkM3grnv@grzmXy2IQj5R0w9gK3gm4hmCndQ8VOkLb-P1OiAZhBjaMpvF@tdUe2OfKTJJydk-LGvcdzb@U2KOLE73t7@FO6cfq2yjQqMYjM6GF8s6Y516EpvwIsX-5DfO7klgoqQaDLzafGZIbMjs5BAIjLKDFptJqNYKJg-y@U@mfsVJruYGOeMNvf84fYLWjhq4-D970isqMoeAvf74p4mOjZL-DmbNd9lEVPlaSkQbU@9GAY1JkqW0FpkqiBcR

Ansi based on Runtime Data (Unlock26 ransomware.exe )

dwEs&hk5AQ

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

e to a mark

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

E+E1EAEIESEUE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ec_paramgen_curve

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ECDSA_SIG

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ed a func/that was

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ed'SYSTEMROOTssysF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

EDIPARTY|+pb

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

elliptic curve8

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

en-US

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Enabled

Unicode based on Runtime Data (Unlock26 ransomware.exe )

EncodePointer

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Encountered a forward reference to a marked sub-expression that does not exist.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Encountered a forward reference to a recursive sub-expression that does not exist.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Encountered an infinite recursion.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

enhancedSearchGu>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ent(circle,N

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

er'hex-m.XG

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Error in thread safety code: could not acquire a lock

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

error while reading

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Escape sequence did not encode a valid character.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Escape sequence terminated prematurely.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

etApiBufferFre&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

eToolhel@Snapshot

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

evp_pkey6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ew9iond03

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ex70per/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ExitProcess

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Exp.-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Extension0=%PROGRAMFILES%\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Ansi based on Dropped File (extensions.ini.tmp)

eXWS<KO[T^U5_VK<="#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

F&HSHBjtl

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

F09~(uWj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

F0l9ende

Ansi based on Image Processing (screen_3.png)

F0lgLndL

Ansi based on Image Processing (screen_5.png)

f87056,b41c1c

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

f_tf_

Ansi based on Image Processing (screen_5.png)

false

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

FALSE

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Fav0r_ten

Ansi based on Image Processing (screen_3.png)

Fav0r_tLn

Ansi based on Image Processing (screen_5.png)

favouriteDrink

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ferredDeliveryM

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

fH$HMAC rout

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Field=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

filename(

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

FipsAlgorithmPolicy

Unicode based on Runtime Data (Unlock26 ransomware.exe )

firefox.exe

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Flags

Unicode based on Runtime Data (Unlock26 ransomware.exe )

FlushConsoleInputBuff

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Fnxcmsjs_sD\

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

FO0attribute

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

FolderTypeID

Unicode based on Runtime Data (Unlock26 ransomware.exe )

fopen('

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Found a closing ) with no corresponding openening parenthesis.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Found a closing repetition operator } with no corresponding {.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

fQa`S

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

FreeLibrary

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

friendlyCountryVp

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

fS{ggRcjh

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

fw?CPS.C NE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

g 5pumvirt

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

g_aM@std@E*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

gc048>"t

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GENERALIZEDTIM^+UTC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Generation

Unicode based on Runtime Data (Unlock26 ransomware.exe )

GetActiveWindow

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

GetLastActivePopup

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

GetProcAddress

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GetProcessWindowStation

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

getservbynamF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GetTickCount64

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

GetUserObjectInformationA

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

GHIJKLMNOPQRST

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ghijklmnopqrstu9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Gorer\Quick L

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GOST R 3410-2001 Par

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

gpxry3'_3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

grave-a]D"0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

group=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Gtag6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

has no !Z

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

HasNavigationEnum

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Hexadecimal escape sequence terminated prematurely.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Hexadecimal escape sequence was invalid.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

hexkey

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

HGAlloF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

HGHt5Ht#Ht

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Hidden

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HideFileExt

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HideFolderVerbs

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HideIcons

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HideInWebView

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HideOnDesktopPerUser

Unicode based on Runtime Data (Unlock26 ransomware.exe )

HODInpu&L3C#?w

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Hold I#u6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

host{,aOBIOO;andW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

hv#,?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

h|amesand

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

i <= n

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

I/Base rog

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

I1#QNA&1#IN

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ialnumalphablankcn

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ICC or token*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ichtenstein'a

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

idCodePPe

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

iled (/clr)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Im_rti_r_n...

Ansi based on Image Processing (screen_5.png)

Image Path

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Imp0k-Ass__ent

Ansi based on Image Processing (screen_3.png)

Imp0k_ek

Ansi based on Image Processing (screen_3.png)

InfoTip

Unicode based on Runtime Data (Unlock26 ransomware.exe )

InitFolderHandler

Unicode based on Runtime Data (Unlock26 ransomware.exe )

InprocServer32

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Internet0pt_0n

Ansi based on Image Processing (screen_3.png)

IntLrn_0pt_0nLn

Ansi based on Image Processing (screen_5.png)

IntranetName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Invalid alternation operators within (?...) block.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Invalid lookbehind assertion encountered in the regular expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

invalid map/set<T> iterator

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Invalid octal escape sequence.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Invalid or empty zero width assertion.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Invalid regular expression object

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

invalid string position

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

invalid vector<T> subscript

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ion fragP:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

iQkjd H}Ky.V

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ircumfleP]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

is_an,F@D

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

IsDebuggerP3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

isl&

Ansi based on Runtime Data (Unlock26 ransomware.exe )

IsShortcut

Unicode based on Runtime Data (Unlock26 ransomware.exe )

It$pj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

itializeC|icalSect

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ityLabell

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

iType

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

j <= (int)sizeof(ctx->key)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

j <= sizeof(c->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

j+-iso-itu-t

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

j@j #`G}`}i?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

JE"0>*8YZ%;r&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

JL3?1<$<@0$=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

JO<kA(j]O<&\

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

joervZGy/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

JOINT-ISO-ITU-T

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

jojxa

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

K#94!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

K28147-8`

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

KA \|L@

Ansi based on Runtime Data (Unlock26 ransomware.exe )

kernel32

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

KERNEL32.DLL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

KEY5FILE p

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Kkp

Ansi based on Runtime Data (Unlock26 ransomware.exe )

Kp,!T"Kp,B9N

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

k}descriptor

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

l <= sizeof(c->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

l$ PV

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

L(E; &lt?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

l.,=?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

l\{C15730E2-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

LdapClientIntegrity

Unicode based on Runtime Data (Unlock26 ransomware.exe )

leLevel,dSA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

lg-PWRI-KEK

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

list<T> too long

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

LkedIncrr

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

LoadAppInit_DLLs

Unicode based on Runtime Data (Unlock26 ransomware.exe )

LoadLibraryA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

loadrC wlib

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

lobalMemo

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

LocalizedName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

LocalRedirectOnly

Unicode based on Runtime Data (Unlock26 ransomware.exe )

lowersw

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

LSQY=pYRH

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

lvadKKecu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

lW7sxitDstuf

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

M,9u@M,RT

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

m0mentan

Ansi based on Image Processing (screen_3.png)

m0mLntan

Ansi based on Image Processing (screen_5.png)

m1known>wB

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

mac-shaNA!256-CBC-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

MachineGuid

Unicode based on Runtime Data (Unlock26 ransomware.exe )

MachinePreferredUILanguages

Unicode based on Runtime Data (Unlock26 ransomware.exe )

mailPrefer

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

map/set<cgX

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

map/set<T> too long

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

MapNetDriveVerbs

Unicode based on Runtime Data (Unlock26 ransomware.exe )

margin:20

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

MartaExtension

Unicode based on Runtime Data (Unlock26 ransomware.exe )

MaxRpcSize

Unicode based on Runtime Data (Unlock26 ransomware.exe )

maxsize=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

MaxSxSHashCount

Unicode based on Runtime Data (Unlock26 ransomware.exe )

MayJunJulAugSepOctNov

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

meKHARACTERISTIC_

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

MessageBoxA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

microsof#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Microsoft Visual C++ Runtime Library

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

MinghuaQu)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

minsize=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Missing } in hexadecimal escape sequence.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Module32First

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Module32Next

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

MONETARYC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Montgomer,

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Month number is out of range 1..12

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

More than one alternation operator | was encountered inside a conditional expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

most likex

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Mozilla Firefox

Unicode based on Runtime Data (Unlock26 ransomware.exe )

mscoree.dll

Unicode based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

mSRIX}MX.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

mtrailerFiel

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

MultiByteToWideChar

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

n < (int)sizeof(ctx->enc_data)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

n32' sharedOr!E

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

n___fchfn

Ansi based on Image Processing (screen_3.png)

name=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Nation

Unicode based on Runtime Data (Unlock26 ransomware.exe )

NETAPI)KERNEL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

NETSCAPE_jb

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

NeverShowExt

Unicode based on Runtime Data (Unlock26 ransomware.exe )

noconv

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

NoFileFolderJunction

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Norwegian-Nynorsk

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Not After:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Not Before:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Not sui

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Nothing to repeat.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Nt+N`@PQq

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

O SV-t3tP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

o vonem6s Q

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O!Y![!_!s!}!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O"c"g"s"u"

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O-M/{BO-ur%FF}+:wZDNi:[>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O8PjD<PjE/a

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

o_?

Ansi based on Runtime Data (Unlock26 ransomware.exe )

oA6Vy\KZ`

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

oaAh8X?ON

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Oakley-EC2N-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Oany7[wap-w

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OBJBU:EVc

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OCIMPLICI1{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Octal escape sequence is invalid.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

oDot$j|$8

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OIllegal byte/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ole32.dll

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

om number

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OMMIT

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

OOBEInProgress

Unicode based on Runtime Data (Unlock26 ransomware.exe )

OpenMutex

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OpenSSL

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

OpenSSL: FATAL

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

OPENSSL_ia32cap

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Oprivileg

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

oPVUj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OQntpunctspace

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ostalCode

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

OZ DESCRIPTO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ozmatcsxpe

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O{homePsg

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

o{PENTANOMIA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

p Body

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

p&k7U

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

P),PolynomialD

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PageAllocatorSystemHeapIsPrivate

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PageAllocatorUseSystemHeap

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PARAMETER

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ParentFolder

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ParsingName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

partial

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

PAYLOAD

Ansi based on Image Processing (screen_0.png)

pbeWith_Andw

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PinToNameSpaceTree

Unicode based on Runtime Data (Unlock26 ransomware.exe )

piredSymmAlg

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PjT*R+PjU

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

pointer != NULL

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

POLICY_MAPP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Pq~F~

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PreCreate

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PreferExternalManifest

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PreferredUILanguages

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PrivateKeyLifetimeSeconds

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PrivKeyCacheMaxItems

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PrivKeyCachePurgeIntervalSeconds

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Proc-Type

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

procwhirlpoo

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Program Files

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ProgramFilesDir

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ProxyBypass

Unicode based on Runtime Data (Unlock26 ransomware.exe )

PSQXU9[ewdL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PTOGAMS by <appro@openssl.org>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PUB/public

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PUBLIC KEY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PublishExpandedPath

Unicode based on Runtime Data (Unlock26 ransomware.exe )

punct

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Q, http://www.openssl.org/>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

qa xprpty

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

qeachip.z

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

qj:G

Ansi based on Runtime Data (Unlock26 ransomware.exe )

qscape Serve

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

QueryForInfoTip

Unicode based on Runtime Data (Unlock26 ransomware.exe )

QueryForOverlay

Unicode based on Runtime Data (Unlock26 ransomware.exe )

QueryPerformance

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

R6034An a

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

r_m___v____

Ansi based on Image Processing (screen_5.png)

rAK&\r!Agg`g_fToxgjiJ<tf5NW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

raphic Provider v1.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

rasman

Ansi based on Runtime Data (firefox.exe )

RASMAN

Ansi based on Runtime Data (firefox.exe )

rc5VRC5-z

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

re has problems, re

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

regular e

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

RelativePath

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ReleaseSemaphor

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ReportEventA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

RestrictedAttributes

Unicode based on Runtime Data (Unlock26 ransomware.exe )

revoked

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Roamable

Unicode based on Runtime Data (Unlock26 ransomware.exe )

roleOccupan`c

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

RpcCacheTimeout

Unicode based on Runtime Data (Unlock26 ransomware.exe )

rror:%08lX:%s

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Runtime Error!Program:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

rW;S/(`/Wo

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

rY$r't;.u

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

s below</Pp E1">G

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

s!2+yt v.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

s. TArefa8

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

S99F@t@9G@t;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

S[r]GCO'O

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SafeDllSearchMode

Unicode based on Runtime Data (Unlock26 ransomware.exe )

sal Princip

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

saltLeY?Y

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

sBITWRAP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

sD4f}$YY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

se64 enco

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SecH, Inc.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

section:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Security

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Security_HKLM_only

Unicode based on Runtime Data (Unlock26 ransomware.exe )

sequenCbad C

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Service-0x

Unicode based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

SEtU_lTY

Ansi based on Image Processing (screen_0.png)

SetWaitableTimerEx

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

SgRIVOKEY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

shas]$*f2.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SHELL32.dll

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ShellExecuteW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ShellState

Unicode based on Runtime Data (Unlock26 ransomware.exe )

shiLh

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ShowCompColor

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ShowInfoTip

Unicode based on Runtime Data (Unlock26 ransomware.exe )

signature has problems, re-make with post SSLeay045

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

simileTelephon

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SINGLEM

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SOOarriage-r

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Sourc CryptAcqui1

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

SourcePath

Unicode based on Runtime Data (Unlock26 ransomware.exe )

SPLAYTEXTwP\TABLS

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

spqsqt-unoti5

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ssl_method

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Stream

Unicode based on Runtime Data (Unlock26 ransomware.exe )

StreamResource

Unicode based on Runtime Data (Unlock26 ransomware.exe )

StreamResourceType

Unicode based on Runtime Data (Unlock26 ransomware.exe )

string too long

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

string=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

SunMonTueWed

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

swedish-finC

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

symname(

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

System.NamespaceCLSID

Unicode based on Runtime Data (Unlock26 ransomware.exe )

SystemSetupInProgress

Unicode based on Runtime Data (Unlock26 ransomware.exe )

t "eynal"C

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

T $XT$T (((

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

T$,PQ/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

t$D1 ;|$V

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

T$XSWRWud

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

T/_objNO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

t2">To unR

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

tchekh take2h

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

TED?INTEGEf

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Terminate

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

TGA;|$ !LtUTt

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

The error occurred while parsing the regular expression fragment: '

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

The error occurred while parsing the regular expression: '

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

The recursive sub-expression refers to an invalid marking group, or is unterminated.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ThemeApiConnectionRequest

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ThreadingModel

Unicode based on Runtime Data (Unlock26 ransomware.exe )

ThuFriS?JanFebMarApr

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

tModuleFileNameW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

token_finderF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

traits@D/w32-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

TransparentEnabled

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Type=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

TYPE=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

TYPE=0BIGNUx

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

u)C92u"9}

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

U)l:T^8rv

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

U0ithms/0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

U4UUz&b;p

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

uDD(-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

UDeregis?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

uFPFjeu(9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

UmoneyQ%,a]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Unable to open message catalog:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

UNCAsIntranet

Unicode based on Runtime Data (Unlock26 ransomware.exe )

UNICODE

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

UNIVERSAL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

unknown error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Unknown error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Unlock26 ransomware.exe

Unicode based on Runtime Data (Unlock26 ransomware.exe )

unspecified

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Unterminated named capture.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

up.nO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

upper

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Usag!any

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

USAGE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Usage Error: Can't mix regular expression captures with POSIX matching rules

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

UseDropHandler

Unicode based on Runtime Data (Unlock26 ransomware.exe )

UseHostnameAsAlias

Unicode based on Runtime Data (Unlock26 ransomware.exe )

UseOldHostResolutionOrder

Unicode based on Runtime Data (Unlock26 ransomware.exe )

USER32.DL0HP@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

USER32.dll

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

USER32.DLL

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

UTF-16LE

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

UTF-8

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

utoff

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ux0c@?MD$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

V/==Vg/V*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

V1L0]L$<1L2

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

V20L8/3YA3I,3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

value.imp9itlyCA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

vector<bool> too long

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

vector<T> too long

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Verlauf

Ansi based on Image Processing (screen_3.png)

VggjeK uO5n

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

VIDEOTEX4

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

VirtualProtect

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Visual C++ CRT: Not enough memory to complete call to strerror.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Visual C++ CRT:C0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

VKP3WOOoO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

VLFFNFHtHL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

VLrlauf

Ansi based on Image Processing (screen_5.png)

vtaHtTD%u

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

vv == NULL

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

w05xtugKs

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

W9l$PtP

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

w] republic

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

WantsAliasedNotifications

Unicode based on Runtime Data (Unlock26 ransomware.exe )

WantsFORDISPLAY

Unicode based on Runtime Data (Unlock26 ransomware.exe )

WantsFORPARSING

Unicode based on Runtime Data (Unlock26 ransomware.exe )

WantsParseDisplayName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

WantsUniversalDelegate

Unicode based on Runtime Data (Unlock26 ransomware.exe )

wbinary f=.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

wBistics4

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Werden

Ansi based on Image Processing (screen_3.png)

wH<(

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

wLrdLn

Ansi based on Image Processing (screen_5.png)

wrarUunknow

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

X#!^#D$p!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

X+ISSUER_W

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

x-shadow:0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

x509Crl

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

x86, CRY

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

X9.57 CM ?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

X9_62_CURVE

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

x:f%

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

xI&&

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

xleast %d char

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

xPj<|Pj=E

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y Multiplication -

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y P.J. Plauger, lic

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y:"Helvet

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y:Augus]ep:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Year is out of valid range: 1400..10000

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Zd by Dinkumware,

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

zec_Eamgen

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

zero-width asse

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ZIU2?.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

zq}[lU~\f

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

zuCd3XjAji

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{ (I PSS PA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{"schemaVersion":16,"addons":[{"id":"{972ce4c6-7e08-4474-a285-3208198ce6fd}","syncGUID":"WnvyXo5XN3Ed","location":"app-global","version":"35.0.1","type":"theme","internalName":"classic/1.0","updateURL":null,"updateKey":null,"optionsURL":null,"optionsType":null,"aboutURL":null,"iconURL":null,"icon64URL":null,"defaultLocale":{"name":"Default","description":"The default theme.","creator":"Mozilla","homepageURL":null,"contributors":["Mozilla Contributors"]},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"descriptor":"C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}","installDate":1424004302312,"updateDate":1424004302312,"applyBackgroundUpdates":1,"skinnable":true,"size":3175,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"hasBinaryComponents":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","minVersion":"35.0.1","maxVersion":"35.0.1"}],"targetPlatforms":[]}]}

Ansi based on Dropped File (extensions.json.tmp)

{+&TransW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{-cf6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6

Unicode based on Runtime Data (Unlock26 ransomware.exe )

{\x= n

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{wDt6X@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

|1..31f

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

|J>hPj8lPj9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

|S?7

Ansi based on Runtime Data (Unlock26 ransomware.exe )

} in quan

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}+oQT$s4V6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}HZD$HxL*b

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}In2ropr]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}R)Kfiv)P

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}T$0,;AA0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}vtUWlGBOdCHN?\CvG

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

~l;#(]$Y;=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!"#$%&'()*+,-./

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!)#)?)G)])e)i)o)u)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!19=IWacgou{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"4?@@677X

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

"t@PAD@_bi

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#'#)#/#3#5#E#Q#S#Y#c#

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

#.-2:&00(9/0_10

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

$)$=$A$C$M$_$g$k$y$}$

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

%s'po) != NULL

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

%s(%d): OpenSSL internal error, assertion failed: %s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

&(BP)6

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

' ) - 3 G M Q _ c e i w }

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

'::random_

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(!(1(=(?(I(Q([(](a(g(

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(((A/(0K9O

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(?>?|[

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(`_7.86l?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(G\(,0-s('

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(hybrid):

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

(use MSIL`

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

).*\.lnk$)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

)}(j1,xjU

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

+VE!@<J

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

,#4);}#r{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

-osint -url "%TEMP%\ReadMe-Q1u.html"

Ansi based on Process Commandline (firefox.exe)

.$;K<4#.)$)^

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.%.-.3.7.9.?.W.[.o.y.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.\crypto\asn1\a_bitstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_dup.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_gentm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_int.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_mbstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_object.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_time.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_utctm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\bio_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\evp_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_dec.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_new.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\b_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bf_buff.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bio_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_file.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_mem.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_add.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_ctx.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_div.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_exp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gcd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gf2m.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mont.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_rand.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_recp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_shift.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buf_str.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buffer.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_dd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_io.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_pwri.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_sd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_api.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_def.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cryptlib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_win32.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec2_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ecp_smpl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_init.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_table.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_asnmth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_cipher.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_pkmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\err\err.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.\crypto\evp\bio_b64.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\encode.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_pbe.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\m_sigver.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_fn.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ex_data.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hm_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hmac.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\lhash\lhash.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\mem_dbg.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_dat.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pss.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_saos.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\stack\stack.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509_att.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509name.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_bitst.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_conf.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_ia5.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_purp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_skey.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.onion.casaTbr><

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

.wrap{maxf:46

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/.~y/-||//t

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/353A3G3[3_3g3k3s3y3

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/4zsP$a[

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/?/

Ansi based on Runtime Data (Unlock26 ransomware.exe )

/css">.!{

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

/M#J#A'L5T+(Y/`^"<,0=#aK

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

00#0)070;0U0Y0[0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1!1'1-191C1E1K1]1a1

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

1400..10

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

2)252Y2]2c2k2o2u2w2{2

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

3L+'@.relo(

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

5-535;5A5Q5e5o5q5w5{5}5

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

61kg1*/||-yz)#s}s{ $y]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

7K8k>::::CAk9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

9#9%9)9/9=9A9M9

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:':+:1:K:Q:[:c:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

;!;#;-;9;E;S;Y;_;q;{;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

;d22Vt::N

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

Ansi based on Dropped File (ReadMe-Q1u.html)

<)<5<C<O<S<[<e<k<q<

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

<+t(<-t$:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

= (int)sizeof(ctx->buf)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

>#>)>/>3>A>W>c>e>w>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

>@u\F

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@! heap%

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@!@%@+@1@?@C@E@]@a@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

@GetQueueStatu

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

[%s] %s=%s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

[[%s]]

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

[] closure

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

[ExtensionDirs]

Ansi based on Dropped File (extensions.ini.tmp)

[ExtensionDirs][ThemeDirs]Extension0=%PROGRAMFILES%\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[MultiprocessIncompatibleExtensions]

Ansi based on Dropped File (extensions.ini.tmp)

[MultiprocessIncompatibleExtensions]

Ansi based on Dropped File (extensions.ini.tmp)

[ThemeDirs]

Ansi based on Dropped File (extensions.ini.tmp)

\3\wYlF's=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

\?Rece3'Cd.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

\ThemeApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

]_[9qH

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

]S$\| Acc

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

^'L)R5:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

^]Z]Wj

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_Gd@PAUHINSTAN

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

_mport

Ansi based on Image Processing (screen_5.png)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

`~!@#$%^&*()-_=+[]{};:'",./<>?uW`?q

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A regular expression cannot start with the alternation operator |.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

A!A3A5A;A?AYAeAkAwA{A

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A/E/K/M/Q/W/o/u/}/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Alternation operators are not allowed inside a DEFINE block.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

An invalid combination of regular expression syntax flags was used.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

art of OpenSSL 1.0.1u 22 Sep 20

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Attempt to access an uninitialzed boost::match_results<> class.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ax#)V=)2>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

aY9Iw\x4,(Y

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

A|/faq.htmS.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

B#B)B/BCBSBUB

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

b.net</a></div

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

bad locale name

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

BC>/G<G6/

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

bl <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::construct

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::operator++

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to string

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to wstring

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::status

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::random_device:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::thread_resource_error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bs~%lu:%\D

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

C:>tead|F.e0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CE__@@P6AXPAX@Zk;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

CF;\$$@D.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ct.bak|i,cache.db|ntuser.d|T

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ctx->buf_len <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off + i < (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off < (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->buf_off <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ctx->length <= (int)sizeof(ctx->enc_data)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

d lova=puerto-\@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

D:\libs\w

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Day of month value is out of range 1..31

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

day:MonTue:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

dnL*qS]Si.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

doapr()

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

Encountered a forward reference to a marked sub-expression that does not exist.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Encountered a forward reference to a recursive sub-expression that does not exist.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Encountered an infinite recursion.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ent(circle,N

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Error in thread safety code: could not acquire a lock

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Extension0=%PROGRAMFILES%\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Ansi based on Dropped File (extensions.ini.tmp)

firefox.exe

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Found a closing ) with no corresponding openening parenthesis.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Found a closing repetition operator } with no corresponding {.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

g_aM@std@E*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GetProcAddress

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GetProcessWindowStation

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

getservbynamF

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

GetUserObjectInformationA

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

iled (/clr)

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Im_rti_r_n...

Ansi based on Image Processing (screen_5.png)

Invalid alternation operators within (?...) block.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Invalid lookbehind assertion encountered in the regular expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

iQkjd H}Ky.V

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ircumfleP]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

j <= (int)sizeof(ctx->key)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

j <= sizeof(c->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

j@j #`G}`}i?

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

JO<kA(j]O<&\

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

KA \|L@

Ansi based on Runtime Data (Unlock26 ransomware.exe )

l <= sizeof(c->iv)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

l\{C15730E2-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

LocalizedName

Unicode based on Runtime Data (Unlock26 ransomware.exe )

LocalRedirectOnly

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Missing } in hexadecimal escape sequence.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Month number is out of range 1..12

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

More than one alternation operator | was encountered inside a conditional expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

mscoree.dll

Unicode based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

mSRIX}MX.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

n < (int)sizeof(ctx->enc_data)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

O!Y![!_!s!}!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

O-M/{BO-ur%FF}+:wZDNi:[>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

PTOGAMS by <appro@openssl.org>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Q, http://www.openssl.org/>

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

rAK&\r!Agg`g_fToxgjiJ<tf5NW

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

ReportEventA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

rror:%08lX:%s

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Runtime Error!Program:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

rW;S/(`/Wo

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

s!2+yt v.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

S99F@t@9G@t;

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

S[r]GCO'O

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

shas]$*f2.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

T $XT$T (((

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

The error occurred while parsing the regular expression fragment: '

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

The error occurred while parsing the regular expression: '

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

traits@D/w32-

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

u)C92u"9}

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

U)l:T^8rv

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Unlock26 ransomware.exe

Unicode based on Runtime Data (Unlock26 ransomware.exe )

up.nO

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Usage Error: Can't mix regular expression captures with POSIX matching rules

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

USER32.DL0HP@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

V/==Vg/V*

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Visual C++ CRT: Not enough memory to complete call to strerror.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Visual C++ CRT:C0

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

wbinary f=.

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

X#!^#D$p!

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y P.J. Plauger, lic

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

y:Augus]ep:

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Year is out of valid range: 1400..10000

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

zq}[lU~\f

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{ (I PSS PA

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Dropped File (extensions.json.tmp)

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6

Unicode based on Runtime Data (Unlock26 ransomware.exe )

{\x= n

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

{wDt6X@

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

|1..31f

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}In2ropr]

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}R)Kfiv)P

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

}vtUWlGBOdCHN?\CvG

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

~l;#(]$Y;=

Ansi based on Memory/File Scan (Unlock26 ransomware.exe.bin)

Ansi based on Dropped File (ReadMe-Q1u.html)

%02d%02d%02d%02d%02d%02dZ

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

%04d%02d%02d%02d%02d%02dZ

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

%s(%d): OpenSSL internal error, assertion failed: %s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

's2

Ansi based on Runtime Data (Unlock26 ransomware.exe )

),W^

Ansi based on Runtime Data (Unlock26 ransomware.exe )

)?TO

Ansi based on Runtime Data (Unlock26 ransomware.exe )

*lWo

Ansi based on Runtime Data (Unlock26 ransomware.exe )

, Type=

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

,name:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

,value:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

-dwi

Ansi based on Runtime Data (Unlock26 ransomware.exe )

.\crypto\asn1\a_bitstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_dup.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_gentm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_int.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_mbstr.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_object.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_time.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\a_utctm.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\asn1_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\bio_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\evp_asn1.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_dec.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_new.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\asn1\tasn_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\b_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bf_buff.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bio_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_file.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bio\bss_mem.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_add.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_ctx.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_div.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_exp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gcd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_gf2m.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_mont.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_print.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_rand.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_recp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\bn\bn_shift.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buf_str.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\buffer\buffer.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_dd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_io.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_pwri.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cms\cms_sd.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_api.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_def.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\conf\conf_mod.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\cryptlib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dh\dh_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dsa\dsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\dso\dso_win32.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec2_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_mult.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ec_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ec\ecp_smpl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdh\ech_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ecdsa\ecs_ossl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_init.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\eng_table.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_asnmth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_cipher.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\engine\tb_pkmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\err\err.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\bio_b64.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\digest.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\encode.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_enc.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\evp_pbe.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\m_sigver.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\p_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_fn.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\evp\pmeth_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\ex_data.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hm_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\hmac\hmac.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\lhash\lhash.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\mem_dbg.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_dat.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\objects\obj_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_key.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\pkcs12\p12_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_gen.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_lib.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pmeth.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_pss.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_saos.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\rsa\rsa_sign.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\stack\stack.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509_att.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509\x509name.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_bitst.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_conf.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_ia5.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_purp.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_skey.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

.\crypto\x509v3\v3_utl.c

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

/0_N

Ansi based on Runtime Data (Unlock26 ransomware.exe )

0123456789abcdef

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

0123456789ABCDEF

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

1^.F

Ansi based on Runtime Data (Unlock26 ransomware.exe )

8],#

Ansi based on Runtime Data (Unlock26 ransomware.exe )

:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

<NULL>

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

>>>HERE>>>

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

[%s] %s=%s

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

[[%s]]

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

\ThemeApiPort

Unicode based on Runtime Data (Unlock26 ransomware.exe )

_OPENSSL_isservice

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Ansi based on Runtime Data (Unlock26 ransomware.exe )

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (Unlock26 ransomware.exe )

A regular expression cannot start with the alternation operator |.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

A repetition operator cannot be applied to a zero-width assertion.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

alpha

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Alternation operators are not allowed inside a DEFINE block.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

AlwaysShowExt

Unicode based on Runtime Data (Unlock26 ransomware.exe )

An invalid combination of regular expression syntax flags was used.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

An invalid or unterminated recursive sub-expression.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

ASCII escape sequence terminated prematurely.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Attempt to access an uninitialzed boost::match_results<> class.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Attributes

Unicode based on Runtime Data (Unlock26 ransomware.exe )

AutoDetect

Unicode based on Runtime Data (Unlock26 ransomware.exe )

b <= sizeof ctx->final

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bad cast

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bad exception

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bad locale name

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

bl <= (int)sizeof(ctx->buf)

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost unique_lock has no mutex

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost unique_lock owns already the mutex

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::construct

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::directory_iterator::operator++

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to string

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::path codecvt to wstring

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::filesystem::status

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::random_device:

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

boost::thread_resource_error

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

BrowseInPlace

Unicode based on Runtime Data (Unlock26 ransomware.exe )

CallForAttributes

Unicode based on Runtime Data (Unlock26 ransomware.exe )

Can't terminate a sub-expression with an alternation operator |.

Ansi based on Hybrid Analysis (Unlock26 ransomware.exe , 00018059-00001484.00000000.18559.011B0000.00000002.mdmp)

Extracted Files

Displaying 31 extracted file(s). The remaining 107 file(s) are available in the full version and XML/JSON reports.

Informative Selection 1
- ReadMe-Q1u.html
  
  Download Disabled Hash Seen Before
  
  Size
  4.3KiB (4445 bytes)
  
  Type
  HTML document, ASCII text, with very long lines, with no line terminators
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  c94ea14cccfe3865acf34e7f4779b4d2
  
  SHA1
  
  84ea4345c0266f19578445641aad4f8e83d45216
  
  SHA256
  
  1a69ad6f633366bf4e05a7a414801817ec9543341240c0757839f69805443804

Informative 30
- cert8.db
  
  Download Disabled Hash Seen Before
  
  Size
  64KiB (65536 bytes)
  
  Type
  Berkeley DB 1.85 (Hash, version 2, native byte-order)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  a5ae49867124ac75f029a9a33af31bad
  
  SHA1
  
  d272a7b58364862613d44261c5744f7a336bf177
  
  SHA256
  
  e45105a21696a26c834cfaa3f664c42426c99546094e22fbe3a5e1dd3fbc1f33
- key3.db
  
  Download Disabled Hash Seen Before
  
  Size
  16KiB (16384 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  54b4986bc0eaf8bb036521e0a4257a0c
  
  SHA1
  
  776a627cad68a58df4ea9e882bedb06a478333d2
  
  SHA256
  
  7826db7133afd5a51127ade0f9df49a215cea9febc4e7f95d2c98e597a53b34d
- secmod.db
  
  Download Disabled Hash Seen Before
  
  Size
  16KiB (16384 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  4d40805582d96130fc3a3ac748b301dd
  
  SHA1
  
  3032dcd8e30b03d276079fc68155b7d0f666dacc
  
  SHA256
  
  3cea7e0c8c01aff4fe806120ea7472c4ca535201437d8e62ede8861719ec01e0
- compatibility.ini
  
  Download Disabled Hash Seen Before
  
  Size
  196B (196 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  c7778cd074f5b50c73765eab94d18e95
  
  SHA1
  
  46ecc5d00ea209dd6a3f75985ee7078f46f2d78b
  
  SHA256
  
  3f80e67c8d28c529a63078402a6c80476785cbb9f443105570b6fcafc4a7aa6f
- cookies.sqlite
  
  Download Disabled Hash Seen Before
  
  Size
  512KiB (524288 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  ffe3fe5d52a7c9f931ab53ec01811330
  
  SHA1
  
  1ade095c7668fc8f64d426f57849f64072f5c3ed
  
  SHA256
  
  48b8807a5df158c1e2e578dd175302e15e1b1baa4869e0eab51f313d89a88664
- cookies.sqlite-journal
  
  Download Disabled Hash Seen Before
  
  Size
  33KiB (33288 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  3a4d0e0c66e2175a6ac5f788e31666a0
  
  SHA1
  
  b509c840857481701d5a84d2c1285957d7324f7c
  
  SHA256
  
  50361f6293f24615ea7662d69f94f82ccb77d4b0648d11a698e21087bfda4ae4
- store.json.mozlz4.tmp
  
  Overview Download Disabled Hash Seen Before
  
  Size
  66B (66 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  a6338865eb252d0ef8fcf11fa9af3f0d
  
  SHA1
  
  cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
  
  SHA256
  
  078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
- state.json.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  51B (51 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  ec1ccda4ae03e946b808b32da659f230
  
  SHA1
  
  5a814b03412c3b0b9587d0b9293bebbabf5ed71a
  
  SHA256
  
  a8640308123735fe4451107ff739a07098b15e9722d814dbe18b0da45e3369e0
- extensions.ini.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  175B (175 bytes)
  
  Type
  ASCII text, with CRLF line terminators
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  b63106984c9a3aa70ec4b6cef5123ff8
  
  SHA1
  
  d984f92eb5c2eb41184c0999b50af610b2405bd0
  
  SHA256
  
  83d73480064e4f8162a866479c34489d7e720fc18d55621d6a71d1323fd893e9
- extensions.json.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  1KiB (1040 bytes)
  
  Type
  ASCII text, with very long lines, with no line terminators
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  3f1c2bdc28625e5ee7e9e886f8b96e04
  
  SHA1
  
  a2befb8f1ce7e35bcf17af2b16ad085eaedaec06
  
  SHA256
  
  ed540e6a431174704914e36cab7e4ac5e18c67bb4b5db2d8b535d58875a1a958
- healthreport.sqlite
  
  Download Disabled Hash Seen Before
  
  Size
  1.1MiB (1146880 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  2b49eb66ab81172ea0d5edcb1708d19a
  
  SHA1
  
  a96761819ee494869d047429f1d06dbbb377ce8d
  
  SHA256
  
  59534143fab439817645eed08b29f255d5e7af161b8abf04580ca124ec0a9799
- healthreport.sqlite-journal
  
  Download Disabled Hash Seen Before
  
  Size
  512B (512 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  0894bfea37beb4996588488ed726a1bd
  
  SHA1
  
  85f946c75cba7211ea62ebc550e22160981b7982
  
  SHA256
  
  75cf8726c74b66e5b9d86fcda095bff441bfb8020e5b1e90625f717c0f46e3d3
- healthreport.sqlite-wal
  
  Download Disabled Hash Seen Before
  
  Size
  1.2MiB (1246128 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  b36ddc6763552521a796f8be4c16681a
  
  SHA1
  
  a9cf040ab154a3fc4136679faf8a2eb57542348c
  
  SHA256
  
  87a4410cc8f1e007c492a558c1cb413ed3d07bb4c34593aa2ba39846ce8f54e1
- permissions.sqlite
  
  Download Disabled Hash Seen Before
  
  Size
  64KiB (65536 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  cbc0af498144601971fe176c7d8417fd
  
  SHA1
  
  e76cae676b19fa02c7792f0e5646567cd7a16d87
  
  SHA256
  
  5bb7502de72c4e03b576ddd9be6d549d96fc20e4abaa63e7c43faf77a21a4aa0
- permissions.sqlite-journal
  
  Download Disabled Hash Seen Before
  
  Size
  33KiB (33288 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  04dc03c91d4bcac237341abc3bce14e5
  
  SHA1
  
  09f00a8a42314a422b523a7885812975506db48c
  
  SHA256
  
  53135b5a3085b2a72685faa9c51bc42f79889758f73dc9ec9332cc1068711352
- places.sqlite
  
  Download Disabled Hash Seen Before
  
  Size
  32KiB (32768 bytes)
  
  Type
  SQLite 3.x database
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  f2e6e37872f179fc832b2747c72771ab
  
  SHA1
  
  c4f1e776a13e4cf2a1cbb0de246c30ee52684397
  
  SHA256
  
  9e4178103d33cdf274e524d30b86f9b41738144b03aadb3976930c96366ccb43
- places.sqlite-journal
  
  Download Disabled Hash Seen Before
  
  Size
  512B (512 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  4176dabf8cc1cb0cccfb868457abac50
  
  SHA1
  
  578eae3101624bfbcbd391037c1d1003b18cbd38
  
  SHA256
  
  fd6767f89a3fe8fb89fed6dbd72f8aebf0c89403ac3d21fe7ab9304860d84947
- prefs.js
  
  Download Disabled Hash Seen Before
  
  Size
  286B (286 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  6330b2d3e79ced13ca253617a7328b8e
  
  SHA1
  
  daaf09112b50a94922d394768d8ffc285e794754
  
  SHA256
  
  602e8910dea238a561fb3f2e2df6ec1388bad41265ea2886b3ffd5c61250f0d3
- search.json.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  108KiB (110241 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  3150d65c9b63a2b6437a891e4138de4f
  
  SHA1
  
  69cad5f6530f192820511a807ce9fc95bcf02dea
  
  SHA256
  
  82430c4a479289c167b95148e22c5fade0f77d2f7da7cccc53bf91329c8d59db
- times.json
  
  Download Disabled Hash Seen Before
  
  Size
  29B (29 bytes)
  
  Runtime Process
  firefox.exe (PID: 3056)
  
  MD5
  
  fde71b7ee208dd21db7b5d05a14aec3c
  
  SHA1
  
  5d804605abf4f2cc04607594b296374640c2b004
  
  SHA256
  
  01ce65ac864d94a4b04ba5d2582c97ad8ac5c82771811128f7305b93baa98d22
- Mozilla Firefox.lnk
  
  Download Disabled Hash Seen Before
  
  Size
  2.4KiB (2426 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  da7bf1916d22b08b8b5635806327ca80
  
  SHA1
  
  88392f39b790953b8d73e33499f2d78b39ea1a3d
  
  SHA256
  
  3e281be7aa54f993a369c43cd5db6a7b345bb1a50de4c2203e575d9c1426a2f1
- java.exe
  
  Download Disabled Hash Seen Before
  
  Size
  172KiB (176552 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  f12b6ef181cd69a1655e1c3bc2b7be0b
  
  SHA1
  
  2fbbedf055c31436268b3c5d806a28d364cfa3dc
  
  SHA256
  
  7e3f830eeac60438d12a56d10741f03062625f6a817445f5780d00afb400129d
- javaw.exe
  
  Download Disabled Hash Seen Before
  
  Size
  172KiB (176552 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  01a21a39760c12d2934a140c64586fd6
  
  SHA1
  
  9a5562a91ed18adad90ada1f63ba7d8b37c8e981
  
  SHA256
  
  baec00db50a78e8ff35dc4beae2497616dfa2f38e6217d61f8b06c6794700e90
- javaws.exe
  
  Download Disabled Hash Seen Before
  
  Size
  266KiB (272296 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  50612a85f6fc83851969cd0240c8caab
  
  SHA1
  
  9e6d17218c45028c0f0911e2307990fbe97b5ae9
  
  SHA256
  
  66c3db2e90f1550f6f1d08580d2af4141ed59b113ba07b815659f9620369d9c7
- ose.exe
  
  Download Disabled Hash Seen Before
  
  Size
  146KiB (149352 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  b693c2f2682d9d717ef89bd90b5ad575
  
  SHA1
  
  3891797816fe39d19b6f3f27dd11a44b777239be
  
  SHA256
  
  c9d6c3c8cbdcb213675e831bed09bc37c1d0c5bd1dd74f70ab15f000e72c76dd
- setup.exe
  
  Download Disabled Hash Seen Before
  
  Size
  356KiB (365000 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  8b2ae8e5a89962cef777b1d5dcfd301f
  
  SHA1
  
  d07ae9ece49b8add5e1cb47231342892130afb33
  
  SHA256
  
  f2644027a1a28fd4fdd2fc4b35d0603b5f9d573a07ad33b107fa2db082336a1b
- DW20.EXE
  
  Download Disabled Hash Seen Before
  
  Size
  819KiB (838536 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  1b95806aebc63cc24fda57e36078d005
  
  SHA1
  
  743a844d25ef3f43af768e42941ad8c2edde0b9f
  
  SHA256
  
  37acfd56564b8fe4bac45624e4f56953e603f74bee849988fbede437cbdb4ea8
- dwtrig20.exe
  
  Download Disabled Hash Seen Before
  
  Size
  507KiB (519584 bytes)
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  880fc5193db22f0b9abdc20b2df5aa98
  
  SHA1
  
  225fa82ce144cc0c58089f7073a1135b442f2318
  
  SHA256
  
  40299e346148f9212a53c644ddd5e85453099d008b3c5059797dccd6ff03ad77
- autoexec.bat
  
  Download Disabled Hash Seen Before
  
  Size
  24B (24 bytes)
  
  Type
  data
  
  Runtime Process
  Unlock26 ransomware.exe (PID: 1484)
  
  MD5
  
  8d6ede9c94f9b62057251b173013b984
  
  SHA1
  
  babf102b21dae7ff23b4d8cbff0d6da3f7380be4
  
  SHA256
  
  c2f98f942dd78c9ab3b08d04581e85532c020b8963682c1c28b9a7cadaf05b50
- UserCache.bin
  
  Download Disabled Hash Seen Before
  
  Size
  110KiB (112582 bytes)
  
  MD5
  
  c5b7d4d3b1a9d062beffcf7bc20b8436
  
  SHA1
  
  1859c0e931a01445453e3165ea5105df3a17fd1d
  
  SHA256
  
  905be75cbb0cc4cde2e65f0e73d19d3678d003d83e06a4fe43ed675e228fb7f0

Notifications

Runtime

Added comment to Virus Total report

Not all sources for signature ID "binary-0" are available in the report

Community

Amigo commented 6 years ago updated

#Unlock26 #Ransomware http://id-ransomware.blogspot.ru/2017/02/unlock26-ransomware.html

You must be logged in to submit a comment.

Unlock26 ransomware

Incident Response

Risk Assessment

Indicators

Malicious Indicators 7

Suspicious Indicators 17

Informative 16

File Details

Unlock26 ransomware

Resources

Visualization

Classification (TrID)

File Sections

File Imports

Screenshots

System Resource Monitor

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

HTTP Traffic

Extracted Strings

Extracted Files

Informative Selection 1

ReadMe-Q1u.html

Informative 30

cert8.db

key3.db

secmod.db

compatibility.ini

Notifications

Runtime

Community

Amigo commented 6 years ago updated

Latest News

Vetting required

Request Report Deletion

Link