File name:

Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459

Full analysis: https://app.any.run/tasks/e2645e86-29d3-4279-8022-76530db094ab
Verdict: Malicious activity
Analysis date: May 15, 2025, 17:15:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
auto-reg
ip-check
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

D95C21043D6A37A4959D03824BBEF2DF

SHA1:

4BD2B200D8A77BCCAEFE517E1F154C688619EAD0

SHA256:

0C2043E1006B52CA4F7E7485D7167AEE4A49C2AD5E3CB0555AC36CE2780868E1

SSDEEP:

6144:N16wN91+AQv9PLHJFXmsDDdtcyw/qjBZLRbkS7Bx:qw9WvlzJFXmMDAy9j/NbkS7L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

  • SUSPICIOUS

    • Start notepad (likely ransomware note)

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Executes application which crashes

      • notepad.exe (PID: 5608)
      • notepad.exe (PID: 5392)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Potential Corporate Privacy Violation

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • There is functionality for capture public ip (YARA)

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

  • INFO

    • Checks supported languages

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Auto-launch of the file from Registry key

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Reads the computer name

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Reads the machine GUID from the registry

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 4740)
      • WerFault.exe (PID: 4112)

    • Reads the software policy settings

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5556)
      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)
      • slui.exe (PID: 5588)

    • Manual execution by a user

      • Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe (PID: 5596)

    • Checks proxy server information

      • slui.exe (PID: 5588)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:04:25 08:54:15+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.43
CodeSize: 179712
InitializedDataSize: 78336
UninitializedDataSize: -
EntryPoint: 0xfc0f
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
8
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe notepad.exe werfault.exe no specs svchost.exe sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe notepad.exe werfault.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4112C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5392 -s 368C:\Windows\SysWOW64\WerFault.exenotepad.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
4740C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5608 -s 392C:\Windows\SysWOW64\WerFault.exenotepad.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
5392"C:\Windows\System32\notepad.exe"C:\Windows\SysWOW64\notepad.exe
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
3221225477
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\win32u.dll
5556"C:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe" C:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
5588C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5596C:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exeC:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\rpcrt4.dll
5608"C:\Windows\System32\notepad.exe"C:\Windows\SysWOW64\notepad.exe
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
3221225477
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
Total events
13 494
Read events
13 492
Write events
2
Delete events
0

Modification events

(PID) Process:(5556) Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:'
Value:
C:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
(PID) Process:(5596) Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:'
Value:
C:\Users\admin\Desktop\Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
Executable files
0
Suspicious files
6
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
4740WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_notepad.exe_826b242e421c7306d8e5ad3188fb14f57a1ab2f_28b0c9c3_ca0a2339-3f4b-4865-b0b0-efbee86c3d9a\Report.wer
MD5:
SHA256:
4112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_notepad.exe_3cb42df376b9fb4b1a8d37879b5964759e290_28b0c9c3_3d4409b9-1b89-4099-a331-611956abc034\Report.wer
MD5:
SHA256:
4112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERF08C.tmp.dmpbinary
MD5:0D47CC4DB765AEEC3C5E4A5D8FED8D84
SHA256:7272F799BF9B0468A6E009E1B170E964483BB61DF11FE308602D6AE175770E0E
4740WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDE3D.tmp.WERInternalMetadata.xmlbinary
MD5:B44012EFB520BAED1FF61B294C691494
SHA256:29A4DA0A5AF52BCF47304F7B1F448AF7D81A477F5A3A74B3D25B725C8C95DF61
5556Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exeC:\Users\admin\Desktop\client_log.txttext
MD5:E118C6E41309DE41562289B3C2F6C3C8
SHA256:97019F244487315E0B1332E0BA90C5DE0CB27DFBA46F9A748BD75A72DDAB74D1
4740WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\notepad.exe.5608.dmpbinary
MD5:893CE6DC987D42217B0A70BF076BD6D5
SHA256:EC8EC3C37AF572C9E2B97E69F5779D9292DADE0AD7BDF4956841CDC345D31D23
4112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERF0CB.tmp.WERInternalMetadata.xmlbinary
MD5:7A8CFC00AB89D06160695BDCDB81BFC6
SHA256:9DCB89640F37C18F8DFDE07B9BB59995A72240D7E1D7F6EE0BB6D53693FF69CE
4740WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDD52.tmp.dmpbinary
MD5:1E70670172E834B3A838216CAD6CF62A
SHA256:013BA81D3480CCFF7E3E14B24DC504DB8825939142AB235C672BFBBABCB4D108
4740WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERDEBB.tmp.xmlxml
MD5:758B7B63C337F358664D6FF98B0B5471
SHA256:FD284FB738D3BC08845AE7DBC9627754D01A0802666192E8745D1E60F30875B1
4112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERF0EC.tmp.xmlxml
MD5:21F40F1841C9D4DF7FE462D33F6A3D9F
SHA256:6FEAD8D1825C2053DBDB982BC8BB8E05EC3322945098E59C918BFF5941375970
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
60
DNS requests
48
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.191:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
23.48.23.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
23.48.23.139:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
5640
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.160.5:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.5:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
23.48.23.191:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5556
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
172.67.74.152:443
api.ipify.org
CLOUDFLARENET
US
shared
2104
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5556
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
104.26.9.44:443
ipapi.co
CLOUDFLARENET
US
shared

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 4.231.128.59
whitelisted
login.live.com
  • 20.190.160.5
  • 20.190.160.14
  • 40.126.32.72
  • 20.190.160.66
  • 40.126.32.134
  • 20.190.160.65
  • 40.126.32.76
  • 40.126.32.133
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 23.48.23.191
  • 23.48.23.179
  • 23.48.23.186
  • 23.48.23.174
  • 23.48.23.189
  • 23.48.23.183
  • 23.48.23.177
  • 23.48.23.175
  • 23.48.23.190
  • 23.48.23.139
  • 23.48.23.138
  • 23.48.23.195
  • 23.48.23.142
  • 23.48.23.141
  • 23.48.23.140
  • 23.48.23.192
whitelisted
api.ipify.org
  • 172.67.74.152
  • 104.26.13.205
  • 104.26.12.205
shared
www.microsoft.com
  • 69.192.161.161
  • 95.101.149.131
whitelisted
ipapi.co
  • 104.26.9.44
  • 104.26.8.44
  • 172.67.69.226
shared
iamnotarobot.sbs
malicious
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted

Threats

PID
Process
Class
Message
5556
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
Potential Corporate Privacy Violation
ET INFO Possible IP Check api.ipify.org
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
5556
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
Device Retrieving External IP Address Detected
ET INFO External IP Lookup api.ipify.org
Device Retrieving External IP Address Detected
POLICY [ANY.RUN] External IP Lookup by HTTP (api .ipify .org)
5596
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
Potential Corporate Privacy Violation
ET INFO Possible IP Check api.ipify.org
5596
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
Device Retrieving External IP Address Detected
ET INFO External IP Lookup api.ipify.org
Device Retrieving External IP Address Detected
POLICY [ANY.RUN] External IP Lookup by HTTP (api .ipify .org)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sigmanly_0c9e856ed44e2cb420ffae5bf6067b31494fd6495cc2b7ea9cfdb13bcce98459