File name:

Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.7z

Full analysis: https://app.any.run/tasks/6647b77b-854e-4509-84dd-25c4f815d945
Verdict: Malicious activity
Threats:

REvil, also called Sodinokibi, is a notorious ransomware strain known for its use of sophisticated encryption techniques, high-profile targeted attacks, and connections to GandCrab.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 14:24:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
arch-exec
sodinokibi
revil
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

26B622844DD61B4EB168087FC76B2A73

SHA1:

8049B918F3E16A57FDFA21B1CB79F8C2EEC6D3D6

SHA256:

75DA4BB628757ACCE3464D6C926B1F8F589744D0F153E7A0D4AFDD54ABAE37C4

SSDEEP:

1536:DMVWBht8KTHpHKHBbvJeB16bVtvIHUA/IJ64V2:DMVCtbJHwBbvMKbKU7dV2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SODINOKIBI has been detected (YARA)

      • Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe (PID: 1400)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2840)

    • Manual execution by a user

      • Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe (PID: 1400)

    • Checks supported languages

      • Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe (PID: 1400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2019:11:20 19:23:24+00:00
ArchivedFileName: Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #SODINOKIBI trojan-ransom.win32.sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe

Process information

PID
CMD
Path
Indicators
Parent process
1400"C:\Users\admin\Desktop\Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe" C:\Users\admin\Desktop\Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\trojan-ransom.win32.sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2840"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.7zC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 069
Read events
1 046
Write events
23
Delete events
0

Modification events

(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2840) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.7z
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2840WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2840.46945\Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exeexecutable
MD5:F45CB1BD582B3644F777401398E15AAC
SHA256:6D90727156FEC854968D06FF09806D24CA9C400025DD131892B0F49AF18EE8A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted

Threats

No threats detected
Process
Message
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
[DBG]
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
core_init() - Program initialization
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
oz40","wvq90io68","wvs69f4bz","ww4o9","x0t82","x15ev","x16z223t85","x1e16","x1jx07hl","x2fjm","x48l6xg65j","x4kag1j9q","x503b","x6kd9653e","x7a4k","x824h952","x91229w47l","x96gr1ska","xb83q8o0k","xe4x59z6","xgp3g","xhlq26n0u","xo3703k","xr4534","xr6r012a1","xx1v8qk40","xx988","xxzid3o20","xyc1o7cn","xynt91","y072kf2o5","y24099","y25zx3","y390mhp5vw","y3clpysqc","y4ic716a","y51178d33","y6ww2x9b57","y7660697","y77hp1j7","y7849928","y7ftjr","y824ui8","y841m","y8f2x19s52","y8la7ss39q","y95z5","y961cc86q5","y9ppm9","yc4w2","yfzs3y","ygvw3cnt","yj52qq4035","yl4l9r75ig","ylb12hr7y","ymo58396","yo877d9zr3","yob75232z","yp2zz","yp658q341","ys8689","yssj7g56v","yt45a32","z0864mu2b","z0f0ph","z153jck891","z18270ow","z39a5m","z43jjp7a","z452ptb","z5176","z57g0p","z73q4k25i","z7c5m0s4","z8100","z8478vg5","z84p50u4","z8nam5a","za6o5","zc45wk","ze3407v","ze9wv","zg93760u2u","ziy06lm","zj5n6","zk2r6l39","zkw2e0ib72","zq3jr","zto8zxk9","zu3gy","zu59x1wh6","zv9fprcy","zywti1wre","zzaycm1","zzaycm10"]}
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
cfg:{"all":true,"master_sk":"aFJR6UwNrTacHrPYP72Z3QTl7yC96DFevmkXIiDSE00=","ext":["007r5","010402hbt1","012139gmt1","0178va1q","01ai10irq","01mz1u75","01n9912s","01o9f7t","020rmd","023in61bh","02r2b95","038r7iv","03bi52kbtv","042a5n1d","0446s","0449la","04ik88mm12","04iy7","04x5go","0587xu","05oyc6ln04","05y16x","063h5co1","067r5e","06r86n4467","071s65v","076nj1y","07kj45y59","07tgv1q","08i672h4","08psb","08wmtpt32","090dremjuv","09650g","0968v","096rh89hln","098116kag","09p4w2","09yy5","0ad81g","0ask0h2980","0b1uylt3nw","0c378w","0ct4h08td","0cw2187793","0f5x1","0gq03p33k","0i501","0ig5jw6dum","0iq4xk","0j3n0","0j93lw7uc","0kmmot","0kvdu","0lj7u0","0llefiel","0nq299b","0o19z5","0o6w78bkq","0q7yyda6","0ut3h","0w02r8bp","0x6e2qv2","0ya2r974r","0zgp5d91tl","11214oxz","113cic3","11447a0","1153l8uu","11cnyv","11h69","11xt4662","12qts2j","131007","131a4a02","131x43enx","138l4mebhd","13f4y5tg","13nf42","13v2767","144z45i","148405769","14as53o","15p481h8j","16eg5vd8","16vlfc","16xhv8r9ab","175iu","179p40k","17a03scn","17b9r9z","17i8s","17np2","17puz06","17um2z4k2w","19018e","192kjan12","1956el2n5","197yr0w","19a7717zn2","19n0p","19xy61e279","1_89gy3","1_9mk77crjgd","1a14027","1avaw1s","1b8v541jb","1bek45w8","1c6oe","1chdy5433d","1d5rr8g6bo","1d8516a","1ed7x548","1eti4j","1gef9qlz","1gx0xvjf","1ilwe674","1j84tru","1kgaa","1kq9xzfph5","1ky559bbtp","1lm15t2","1ms6j2cad1","1n441ak9","1o564t","1o5rv120m","1q3s9b4","1qjjgw9","1rpmx30","1t41e30c9s","1uh5a3rn","1vf0j213","1wan5vg2b8","1wl7635q1","1y4y5t","1zh19d","20b89376","20l0x9","20nz310","20nz3l0","214mw6q","216w04","22nlp","22oa0day","22wjk73","22x60y7","23398u514h","2357jk","239n5r","23tdoy6x","240n0","2417m6","242acg","249j6w","2500p8p","2524g","2546cb2y","25axx","25h8t0g6b6","25ux1bj","265rn88","267f2m00rm","26fp6z","270ka97933","273868i3d","275orm","2795l093sf","279q8","27j0e3c05","27k41z5m","27x7w7lb4","28jq1","294k0","29f24u","29xfdzc0","2_kr39h48","2aq12m9m","2are7felb","2b0x377","2b16t","2d2g68n1","2dh79j","2f7n6xx38","2hq661a","2hvf3q2","2i3e1","2itie4852u","2jvaq9rxq","2l185ds2w","2lg931c8im","2m2ybzrn4j","2n03802089","2nmq0e4","2o8dy2","2ou17u","2p74i9a70","2p7y4cj","2phxfi4","2pie5ou46","2qm9lob2ez","2rr0o","2ryofx3h45","2snt160","2tgv1s49","2tm1g2zvf","2vea7k","2w1qmau8g","2w32ob","2wgs3hoj6","2wmv1","2x20sa1","2x9cqy53bi","2xq31f","2yog8","2z198971i","2z2x89","305x3je4","30686","30jnso","30k475559k","30mk1lk","312x6e72","318h67","31gw2f8","31wi2k","32m07s23","32z1ap418","3326sm6v","3345fo1h1","335401nh6","33dhwch98","33pba8luyx","33qw8","33w2ez","3433n","344dm975r","344gs0d54","34bn0t79","34jmmi","34o6wt6","34wl5g4vu","352auva28","353nv82","358vw1z","35qnxt9jg","35w3h","364k4jq8a","364y31","367i68k","36pl2","375x99v8","377191y","377wp0","37d3oqq839","37ddtx6k10","381bk76c","381p5d8","382h4","388in12x55","38bqftsp","38cep866","38jl0","39067n","390zz","395p6","3975995wr6","39h81","39lrr8ln","39p093q6oi","39p7098","39pu7dl5wp","3a2pu2rzzt","3a39vf","3a736tc","3b905l01","3cw4uj0853","3e84l","3eep84x","3g03c9","3g15sd9do2","3g55ca6","3g83zp","3gn71t9yw","3hg6e99v","3i13w9v6y","3i610","3kykpi","3l47zwq","3lnw1w","3lx7y","3m116","3m33q1yj8a","3mdom","3mhh38","3mm6ew2pr","3mpji","3o81ikk01u","3osf9","3oz7i2","3p4i927f1t","3p50m6erke","3pgfc","3qqtglz4l","3qvg5","3rlyq32tq9","3s086","3t7a936x7","3tpk4t","3u5a8l4i","3uw7wbaxz","3vi59as","3wonks4","3x0q7k17","3xek500","3xrj062i","3y307r","3z5j45s9","3zw4i684","40232p82","40p60u968","414g84","417gf4","41dh51u9","41kfmkok","41z38","42022fv09","420h2","429hz0q35","42ky8","42nj8w","430jj6y2","433y6j","436t8y4vp","43ojz","43s3cpzqik","44l87b90n0","44p35a","44p6px0h","451c5q6","45na2f","4617fg","4654buk4z1","46j37x40az","46jj9q6u6","46sv9i","474yq88h","47887","47ei5u6","47inya9d5","47irv8m8t","480dl0dk","48109","48l47m9591","48nylvh","48w0uh9f","48zv0i","4955765b9","497mha942","49h1mx","49jvielfr7","4a7927g","4b1m97","4b23z74","4bv470g4","4c860","4cc7bqt7x1","4d3a95s","4d52m3557","4dt77d09","4duw4m","4e61v9h5","4ez2f3r","4fvz7y","4g086b1nc","4g7j58","4go1h9","4h20w6ut5","4h46682b1","4i15q9","4i3v1ss8hq","4i989om6c4","4i9wq0uvw7
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
","4jwo315","4kz3q1xo9","4p8il","4pkirp643l","4q0637","4q4fnnki","4q59v7x","4qn05y","4qts77","4r8y4402p","4skup55j","4t5y65","4t70f3qj3n","4u476jiqo","4uaq44","4upwl","4us7k8","4va4b1e","4vs88umy","4wx7bk255f","4x6wz7x3","4xssl6","4yl49c","4zr8z3i65","50079qd","50429mja71","512900rf8","5136vds","513866671","519023u8tt","51l5re95sa","5206kg9","520w3zc1t","5252y","528409","52ds7i96","52um869u8","53a84dz","53r8lhkw8","542z38x","5447h","54m4967s7","5533315d","55z9qd85k","55zax90zi","5613207t","561s7","5648n4","5670nq2380","568skf7bj9","572zmeud5","57450j6h7","57krc","582a8392","583y02g","585360el5","58m2q","58wpmncvf","590d4e2of","596lbgkdh","5a46a91g","5a5z1y9","5a7nkcv9","5ara5","5ayr9","5b0bt","5c0qf","5c3692g5v","5c8q3","5cj7t4","5d5s59g4","5d9781","5eg7gy7hb","5f01p4t28a","5fi2442g1m","5fw2s677l","5ha2teg9d9","5hyv3ya49","5i3c8","5j895u209","5jkp2c","5l5c3","5mkr2z21","5n6aj742","5o61wdgdr","5oikj3n","5omr7","5ot18d9y2","5pg14a3x","5pn3pt3h","5pn613v4k5","5q05791fef","5r2s75","5r54vz","5r7le47d3","5s300ry4","5s66g4c7","5se0eh4n7n","5sf3oq4a1g","5t87crk","5tv3h228","5u9vf6b59","5v54ey","5wjrifc","5y8w4","5y9anx4d7","5zjypl05","604ms","60qv5r080","60z29","612ecox","61v97g0","61w26j8","61wd394","62avr6225","62d1r9","62ozj","6346021rvb","63afre","63em3rm1","63mmjjqeri","642e07c","64areru4","65zei2lp","661wj696","6653fjkw9c","66ev6r0","67272809t8","673j5","67646r","6764w089q","676xk","67g8sy0","67u312z7b","680wk3v21","6847q","68d31f3","68uj54mme","68y8u3h5dg","69546oj3a","69bj0199","69y9889u3y","6a25l2e99n","6a4baix7g","6a5eep48","6aco1c2","6apj4a4x","6b6mq9tt","6c7nim43","6cp22","6d467","6d4vz1y4a","6di2j","6g94qvq","6hc972n","6hv9822wwf","6hwki8ly","6io2449bb","6iymr","6k5vhxj","6kc2qy13jf","6l325vceb","6lf097o","6m1u74fw","6m675y42","6mh162e0","6o25kz565","6oib4150b","6p6hf1s88","6pgtqkd1l8","6rmbzmlj2f","6rs8yp9","6rw5ztpv","6s5j8y9l","6ss86","6t50h8zem","6trgg3yi2","6uk55a46","6v313","6v695lu1u","6vc4926q","6vppyb","6w83sm8gm","6xx70x0lrh","6y0ri9","6yf45","705cn1zc","711ls94x8","71302","7166i376","7180a","71el2s","71r4rxnq9","71v5e2n1z","71xt1s","71y6i","727q8l","72tb2v30","734u0bi","73igz3b3","73kf86vff","73rf49n2o0","746l0090","749y745j","74eh70","752404ht","757720w","75782g6e","757l7","75urax0k","76240217","76538jru0","76efhualw5","76k7i3m9v","76kp56k90","76o04","779t1l22","77bt87","77i9o2","781dtqc1x5","783on4","78jc590","793lzd","795a9i","797bjh0ck9","79b8890tjb","79fz61s8w","79p82wuif","79w9o4","7b2659z","7b2csl9y","7bn5m","7bnymlw","7bq014","7c0evbwy","7c246t1il","7e01306iy","7e0g2i3m","7e5h5","7e840n35c2","7eo16","7fbjr42vv","7g1p41e5","7h2g2","7h5t3","7hvac14895","7ixin1l8","7k004y1","7k63nv8503","7khru","7kv6r5","7ky3o","7m6su2l02","7m8w98","7mez68","7n0l9x","7n35b","7ner3","7nu5x","7p62z18j","7p83zpa","7placb","7qb16ir","7rllxgj","7sl8s2e","7tv704","7u1o1j5r","7wff57","7wj5dz20d9","7x0877","7y3ydntdg","7zgn9","7zid33bwcq","7zj0h1","7zlj608","7zu3rhzve","806y69u","80aj8b","813u8e0","81pg2","820vf69","825mx2yi","82h13","82h17d4","82ij6371","82r553","831349","831jp04r","83a3i8y6p","83aax","83gym4kwf","83h1tx","83peve","83yxna0n7","84234ve98","843268j80","844j5biiw","85562c9ym4","8565mx98","856vj","857w6870","85867e","85i389c3","8618c8n8","8667r7cu","866aymf5l","866b0fem6a","869je","86lhio","86r7a80","873a25s4","87o1491971","87vm1","88095aw8u3","880pp1p","882g0b2","8849rmb1","884m3047f","88dps0","88j9w579kk","88m9u251","88wo1py","892i8","894wxpg64f","8961p5","896459","896w42e","8979n5rmt","89cai4","89gy3","89i27","8alk1m4","8bo3gsm","8cn830ies8","8coq2cl","8d70l30","8ds40x","8f6y2l60ve","8flr956r","8g0pv7w","8gjv9","8hwpxa788g","8i10oc","8i3a19ds25","8iow2axha9","8j27z6wgj","8j2p8728d","8ja6z","8jwxk4","8n4p72","8nrkf","8qy0tv","8rr6mp","8t2jfam4o6","8thy789dj","8uw7712uy0","8v59pq48","8wfai41cd9","8y8c586q8q","8ye42gk","8yrpgqkf58","8yw4466l9","8z7g66c89","90yva97","9101745z9","912wfk","918foy3v","91ivbi7g","91j05jsdx","91wlmof2","9229z3y","922t29e9h","923a3v3t52","924n8","92dqa40043","92p6f9rd","92xfw","93086z1","931ewu7","933h6r","934ck7","93c22","93m5m810","93t5h89y6j","9489a","948ez","94d08m3ms","94fy2
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
","kd75j9yy17","kh9nyv","khp5100","konv973","kq862uk59","kr39h48","ks3os28i0","kuxw21j9","kv8ci0dnvx","kxeca","kxn4i20","l0030","l0dy7yk37","l10150ak0","l1ji47","l231n3su","l2xzl479mi","l3g3wx8","l3s4x9","l3v2767","l3yl8l","l403e4b08","l4ee0b","l66j0mm00","l9100","l99e9syz8w","l9ibf0","lb4q13","lbe08n","lc0w5k","lc0zu8k","lc3tf2","lg3o9","lgduhk8h7s","li0d8z46r","lke744f78o","ll9gcc","llr6i48r0d","lmwyfny8ww","lo2624hczc","lo7d51","lqnb72k","lrl812fq0","lrlhq1g","ls199","ltlp03u15","lv962f","lxv3x6","lz432cy","lz9km71h8","lzajlo6","lzxpl2vh0","m1i5w2zlr","m21bll8","m22o25f","m244025a","m2bvi8h8","m2f9468ab","m3051g0pk2","m35k64c0i0","m44m12bz8y","m541rb4","m59f821","m5di9k","m658731zx","m737cnpmjg","m7ix4sa317","m8116rq","mcia5","mcsae5","mdlslir4r","me4842l","mg820","ml595","mpa0j8f5p","mr5f603","mtkk6pu4","mx013","mx720312o","myy7o5686","n072796b3","n0bt7988xl","n0et34","n10on9r5f5","n13mzrr3b1","n228k45","n2bdzc","n2s8f1cnp","n3t6lm","n5ulp51p1","n5w53","n6s71","n71j7","n8tc1w5","n8va9","n9k287z70","n9p57v","na6h8","nck27","nfidj4263t","ng18w274k2","ng499","nh1300","ni90x9vw","njzej","nn202o4y","nnl13l","nqf4t","nt08f104g3","ny0kz","o0209714","o0m456x","o0ptln571v","o0s9805u1","o1bep6","o1mi1t740","o22pl622","o2g24","o3bykzbj","o42299x0","o4y4r1","o5rzor03r","o6330hvmi","o771r1ekl","o9kb62c23","oay4od8","oc3ho6","oeu1kbsf","ohqh91","ohqm5d5","ok939ncdvi","om5ox3","om6t43f","openssl","opfk4xq8fm","ot3681","owpg6o","ox19bz","p06wk","p1j52rx8","p2czd55m","p2us5n","p4457k3","p4a4g038o","p5592","p5v5x2m0m9","p77e8u","p7al011g","p8d57","pax97u6","pfhc2","pfmap","pj491oe","pk7nfm","ptiso","pv9rmhr","pvpqp8s","pvq2r4s","pw34e6","pygbimo","q015r6h242","q0hf9112","q19ti8pm","q1zac9","q403fr","q6uoy1g","q7axuro38","q82va0","q8s6f5z3","q9128","q92mp17","q95920l","q978ky","qa1461l","qch28334","qd6k10z","qe0f57237","qfkb2j2m7s","ql572o9","qnr831d","qohy49h","qr3434m3k0","qs11v","qu9sv22i","qwt7eh","qxq205z85p","qyl685m1fq","r008h","r0906","r1dpe","r1l29nt","r2bvmije","r2ffs970","r35j4","r443h6na73","r46f8wu535","r4ev33ux","r528d84x","r583l","r5do9t8","r6847904","r70u3","r71uek","r7n5p5v13v","r8769o45","r888a652","r8egerl5","r9me5bet0i","r9thnx3i","rap8mak04","rb8ou","rc8zu49r","rcv93","rg95d58751","rgd0j","rgl3nz","rgmatii9","ri4f6lu4","rl5835f","rn01o17ei","rrbiu","rs2v665","rwu4rj","ry6ch8v6q","ry7nav34","s04m6uj","s099k","s123440eq","s162jjd5nb","s1f7k","s2p9xv8q9p","s358nd8","s3924op6","s3j33s","s3lv7db05","s4p49v220","s4v21b","s4y458b5f","s5l23c","s72q3","s77dnc","s7mzb29","s80l5jl02","s867o9l8u","s9288lut","s9nbzc507","sa55hjk6l","salsq5","sb0g6","sbtl80","sc98p2","scfkim","shikn8","sj4b4w","sk4sa57o","skj6sw","sn056k922y","snm2r","sp2nn458x","spla93j1","st3fjyo48","suhpl7k49","sut84uk","sy3m963x","szfai8n","t0n028ule7","t0ytch","t1198dt8ph","t31f6790","t400k7m","t4ndzo","t52e94","t5565bc473","t56rnk7nky","t5m79","t5t011gp7","t5xm1drg","t62sdq","t6k14","t7598","t7yu435z","t8jnq1","t938t3e9t0","t9fr7zn9","t9ng16","t9rf67169b","tcg8c0","tdsg7","tf3m98mk5","tfo6bs8t","tgj70w7he8","th3th","thy584n","ti1b4z7","tje7198w","tl9m91h","tlrds0y1a","tq47r010b","tqhj60d3","tqxg68l","tsx02f","tw46435","tw6tw6y3lr","twi18gx910","twq3fxjg","tx3g7u2","tyo0dw","tz9c32r","u0d75b49on","u18270rf4e","u1o9c","u27e5","u2ontw01o","u30t5j5cj5","u3u38lssa","u42hg1","u4jg0462r5","u56y4e","u5k3m4","u5p3z4b03","u62b12","u6933","u6ji28xz","u789p0","u8aei67u","u8l06efj88","u928hm5m3","u9a3d6km0","u9dm0n","u9g5r7m","uac28","ubsak0f","ufg5413v5","ug24ce9","ugd2832","uhh51p12","ui52oy2z","uk6v6d5r","ut7tu0834","ux1gv","v0h3wb","v0syeqs7r","v2266","v26t5","v29n57l66","v2k4a7","v2o75p9","v3516v8al","v3vrpm","v48253k","v4b57","v575jv1e","v5anck0p9","v5eyj8iqz","v6fj3rtm7d","v75480","v7qi065","v824zxhq","v8a4tv","v8en09w","v97aa94","vg4r47e","vh5i9aj","vhh2r","vi607z","vj144gyd","vkgs7nf73","vu35oo6j20","vw5m88k","vy4n176aj2","w219l5","w27pd","w36jc347","w4c0v","w5gb05","w63h3nu","w6dmj54i","w6e85hj82","w8129","w8o6nwom8w","w9h4hv6qr","w9s66","wb69rc5","wbk3g19","wdo6n2638","wfh801y","wi9si","wid_001_k743bcm11","wj21u66776","wn587","wp2btqzs3","wpymksh","wq15
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
[DBG]
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
ky","95744ldow","9593h61","95fu3","95ij3hgie2","95ll0n30hv","95p2o73","95pn3pp11","95u4e48f9e","95u8ao","96057","961ng58","966rm","9681l8","968m113","96cf7","96civ","96fs2","96g90y9g","96z8w","970li86","971zc","9755740","975w8c7","9765819twh","97t967g","981j7g3d91","988rkt1ua","98xg0340t","992c563030","996wwb","99y160g3t9","9a08o8ibmt","9am25476","9b1df734r","9b3t11qrm","9be7v69m97","9bk70","9e4kwp","9fm2vk5tw3","9g0s3el8r8","9h2rw","9i21rq5n11","9j7aesd513","9jfyetrq","9ju8tv96","9k7t9","9lc39z","9mk77crjgd","9mwj85v42f","9n53028","9o0a0675","9od291","9of487a","9ohyoef","9ova69","9qi0t","9qksdyo","9s3yo","9sh2f4","9t0kac4x96","9uwm40","9x22p1","9xljql","9xq4bge7u","9y62r97q3","9z729","9zxg18ou6","a03ib4uti0","a0lzf","a182b2ff9","a29gh97h","a32iz01","a3t40a4f8t","a40564c2t","a435088f","a461z423","a4fzn","a5oif0","a6572e4y","a6cgtlac28","a824yhzrq","a8vtb2","a93hd","a9exyop0","ab72rsh1g3","ac6s1","af9h71","agli0s328","ahb5k389s","ajs80b5d4o","amjl13r1","ar353","arf08","as5zjzcv0","at43zx","auu58wr3","ay328gb07","ayjr8","b1uu50","b30n4h","b3511dl","b47yc6i0","b5k1c","b5oe22g5","b62ypxc","b6zeu0","b76zp","b8ei91l3e","b8yd17","b95pevp0","b986n","bd8hb","bemkv2l81r","bf06171dy8","bgo0s0fm9","bhb42","biw7h3","biyurx","bjzll9v7w","bk1m0x506a","bq9uif8q","bs4yh10","buu5z3","bx215j","bx8sc3tda","bz290w","c0127","c065qlh6","c1akm7","c278tsa","c2a3v5bc","c2bcq1l","c306vd2zg","c30ho","c3266f0829","c42k9mx7","c4b19613","c64e9ii5e","c66307rp3","c7n3clci1v","c7o91x106c","cg66qo","cg996n12t1","chj84l9ud","cjgv0h","cmyt92vyl","cn202u","crheh","ctoi0","cxi87p4a5","cxyypt72c2","d05r8c76m","d0bgc35864","d0h28248","d0o765z","d102l69s","d1skb01","d21ud05","d2305g2b","d23xd5o2i","d266c45a","d2737ay15","d42h8c3q","d46s11c4pa","d4wxg2eo1","d51q9t","d5r5gkoq7p","d6297thj2","d6wg948uc4","d724sntfl","d8ik2n761","d8y59e7d4y","d9104e","d915b3zm80","d9aww","d9rf00","darkgarden","de3d823882","de7440oj1","dh1nw","djvi90i","dn7j571","dpis12","dq5nfyz","drq846rrzc","dsd06","dsh4m0h1","dvm3xwc9","dwuqyr4s9","dx125z","e1d7zb","e25n53e8","e30vf","e3svv3kbp","e53cizv6","e5gs4v2l02","e6657113qm","e8ie3yg","e91xvx0p","e9g2g","ea7rp825r2","eclipse","eg50v","eigja754","ejn0hl","ejr4f8a3","epplus","etvn4b9c46","eu9500kr6x","ew3oxe112","eww1bd8g65","ey3bucm2","ey50zqvd","eyvlj0","ez6vvy","f05hgb64x","f0c37v3m44","f0k9f4h","f1l85h36","f279g","f33c8","f3799cvkri","f3952866","f41047h","f5vj41n1","f6af8nc","f6y4p2t0","f7n4l3","f7p2r7","f94x3p8","fbv01xjq","fe55zy3","fe9sq2","ff58q88h","fl1kc73gud","flnv9o","flt23","fsgwlh","ft268","fu6uy18","fvyli69h","fy18070l0","g07750nxj","g07arc682","g08fhkica3","g1623","g1a6018j","g1h3xfqfs","g1np9txjq0","g220i2sc9b","g25od147g","g2c34c5p","g2gi37hg","g2i2ra023","g2y787tnq5","g49roa3q0","g4t4xpg3f","g5vy727zcy","g6h7160j7","g76d0zl","g78fg","g80i3","g82njam2jc","g839d","g8a20s","g8d9l00i5a","g91yc2","g95cj1","g961u3m0","gfd14p2urp","ggx5lp5u5","gh2l67","gizf0o4","gj4ml6y3z7","gk210e6","gr60w2","gs72a5","gsr9xb","gy5j9","h0s2l0020","h10443","h1e3448z","h1y5d64ka","h20jvx5eku","h28l1","h2oy3z97r5","h2sh8","h32cniw","h392b","h3eoh822o","h40y8","h444tdo","h4gyl8urn","h61mx10","h646md","h733q0","h746x4hr","h7tha","h85l2dj","h86rke5l4","h8f902gux","h8jz3","ha2dy1","hba1w785a","hee7e7u1l","hg591nnt","hgp64y","hkr5n6","hqtayv","hrd1q","hv31im3","hxv95z","hyb4qz400f","i04hucah","i0gd4t43","i0j48p","i20l3","i248a","i2622t8222","i2cyf9","i2e1r","i46ila7","i4yw3n0","i5wbp","i61odel8","i66jq","i703t8od","i739k28","i81g9c96d","i82ir80","i8h7mm0","i932nnbco","ib01pe2","ib7h500","id720","ieuaa71603","ifen97ie03","ifk1qmo5u0","il1j41j","ipd48urbs","irz6a26490","is5d8wyds","is8b5k6w6","iu08nk","iy6t915x7","j05920lmwe","j07t0m","j0hsn1h0cq","j14337xz","j380b","j382x87x5","j3zp9","j4ca1t","j72m1tiv4","j804j","j8qj4mi6","j94odb","ja90ea","jaiow51","jcz2o","jf2b4jbf07","jfb6z","jkf8p3wy","jly651z31","jo3t1s","jp1171hu","jp4v1l6","jsv028","ju0q6","jw100s","jy541","jy8blu","k05pc8o5o7","k0e9539","k14fgrkt5","k26s795p","k2as3","k32l15","k37w2i","k4e848","k52220vns","k56djvl","k68ec4uif","k743bcm11","k84ugqa","k98c7","k9uj8mm0r","kaaw7s4134","kb80897h
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
[DBG]
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.exe
start GUI
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trojan-Ransom.Win32.Sodin.ahx-6d90727156fec854968d06ff09806d24ca9c400025dd131892b0f49af18ee8a2.7z