File name:

NexusEndpointSovereign.exe

Full analysis: https://app.any.run/tasks/efc74338-bd23-4422-845d-f8feb4392699
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: January 07, 2026, 14:20:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

36B9A44D5EE36BBE5E9547EFF2067727

SHA1:

217C7EA9CDEADF4E86059361065A3124F82DFA2B

SHA256:

7974C4B4A46042DD3A51E162A095D762FAF5084C87AC8E7A909A6BD5B561650D

SSDEEP:

1536:MSS5OfdPtCVorSsQzU+EvmGbbuwi9BuBWRhVclN:MSS5OxtCVoe5KmGbbu/lLY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • NexusEndpointSovereign.exe (PID: 7520)

    • ASYNCRAT has been detected (YARA)

      • NexusEndpointSovereign.exe (PID: 7644)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • NexusEndpointSovereign.exe (PID: 7520)

    • Executing commands from a ".bat" file

      • NexusEndpointSovereign.exe (PID: 7520)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 7560)

    • Executable content was dropped or overwritten

      • NexusEndpointSovereign.exe (PID: 7520)

    • The executable file from the user directory is run by the CMD process

      • NexusEndpointSovereign.exe (PID: 7644)

    • Connects to unusual port

      • NexusEndpointSovereign.exe (PID: 7644)

  • INFO

    • Reads the computer name

      • NexusEndpointSovereign.exe (PID: 7520)
      • NexusEndpointSovereign.exe (PID: 7644)
      • NexusEndpointSovereign.exe (PID: 7936)

    • Checks supported languages

      • NexusEndpointSovereign.exe (PID: 7520)
      • NexusEndpointSovereign.exe (PID: 7644)
      • NexusEndpointSovereign.exe (PID: 7936)

    • Reads the machine GUID from the registry

      • NexusEndpointSovereign.exe (PID: 7520)
      • NexusEndpointSovereign.exe (PID: 7644)
      • NexusEndpointSovereign.exe (PID: 7936)

    • Launching a file from a Registry key

      • NexusEndpointSovereign.exe (PID: 7520)

    • Create files in a temporary directory

      • NexusEndpointSovereign.exe (PID: 7520)

    • Creates files or folders in the user directory

      • NexusEndpointSovereign.exe (PID: 7520)

    • Manual execution by a user

      • NexusEndpointSovereign.exe (PID: 7936)

    • Checks proxy server information

      • slui.exe (PID: 1236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(7644) NexusEndpointSovereign.exe
C2 (8)taixiuonline.jp.net
www.taixiuonline.jp.net
biletik.ru.com
www.biletik.ru.com
entejasen.sa.com
www.entejasen.sa.com
www.hitclub.com.pe
hitclub.com.pe
Ports (9)8848
443
80
8080
6060
4782
4444
6666
5555
Version1.0.7
Options
AutoRuntrue
MutexNSCA_SovereignEndpoint_NexusLock_9f8e7d6c
InstallFolder%AppData%
Certificates
Cert1MIICMDCCAZmgAwIBAgIVAMis7lcdT+wU9VD3/IX301ufmZbDMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMyNzAxMzMzOVoXDTM2MDEwNDAxMzMzOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A...
Server_SignatureCSR/bzJYnRad03R+s7helnlQuUGBWKWzAl7qOu67uI/H584e44RPCXTR2FvJQVC/dZSi/hcUX4A8NeozMsVE+60FMjfDiTlJm7uxUU3lV6KFdoeRYUUeRtKtyjXD3ZRy9Fmw9psGWi52FdAhJFWD5tgX5hJ24aXpEvjsFCp5oA0=
Keys
AES93f7c1757c324a1226b58f0d4ddf8e2e4430f12d0c4fa8a1e600acf3a28a0bfe
SaltDcRatByqwqdanchun
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:01:12 03:47:42+00:00
ImageFileCharacteristics: Executable
PEType: PE32
LinkerVersion: 8
CodeSize: 60416
InitializedDataSize: 5120
UninitializedDataSize: -
EntryPoint: 0x10b9e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2040.3.57803.53892
ProductVersionNumber: 2040.3.57803.53892
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Nexus Sovereign Cyber Alliance (NSCA)
FileDescription: Nexus Sovereign Endpoint Nexus
FileVersion: 2040.3.57803.53892
InternalName: NexusEndpointSovereign
LegalCopyright: Copyright © 2030-2040 Nexus Sovereign Cyber Alliance. All rights reserved.
LegalTrademarks: Nexus Sovereign Endpoint™ and Sovereign Nexus Shield™ are trademarks of NSCA.
OriginalFileName: NexusEndpointSovereign
ProductName: Nexus Sovereign Endpoint Nexus
ProductVersion: 2040.3.57803.53892
AssemblyVersion: 2040.3.57803.53892
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
7
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start nexusendpointsovereign.exe cmd.exe no specs conhost.exe no specs timeout.exe no specs #ASYNCRAT nexusendpointsovereign.exe nexusendpointsovereign.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1236C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7520"C:\Users\admin\AppData\Local\Temp\NexusEndpointSovereign.exe" C:\Users\admin\AppData\Local\Temp\NexusEndpointSovereign.exe
explorer.exe
User:
admin
Company:
Nexus Sovereign Cyber Alliance (NSCA)
Integrity Level:
MEDIUM
Description:
Nexus Sovereign Endpoint Nexus
Exit code:
0
Version:
2040.3.57803.53892
Modules
Images
c:\users\admin\appdata\local\temp\nexusendpointsovereign.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
7560C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\tmpE1AC.tmp.bat""C:\Windows\System32\cmd.exeNexusEndpointSovereign.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
7568\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7620timeout 3 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
7644"C:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exe" C:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exe
cmd.exe
User:
admin
Company:
Nexus Sovereign Cyber Alliance (NSCA)
Integrity Level:
MEDIUM
Description:
Nexus Sovereign Endpoint Nexus
Version:
2040.3.57803.53892
Modules
Images
c:\users\admin\appdata\roaming\nexusendpointsovereign.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
AsyncRat
(PID) Process(7644) NexusEndpointSovereign.exe
C2 (8)taixiuonline.jp.net
www.taixiuonline.jp.net
biletik.ru.com
www.biletik.ru.com
entejasen.sa.com
www.entejasen.sa.com
www.hitclub.com.pe
hitclub.com.pe
Ports (9)8848
443
80
8080
6060
4782
4444
6666
5555
Version1.0.7
Options
AutoRuntrue
MutexNSCA_SovereignEndpoint_NexusLock_9f8e7d6c
InstallFolder%AppData%
Certificates
Cert1MIICMDCCAZmgAwIBAgIVAMis7lcdT+wU9VD3/IX301ufmZbDMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMyNzAxMzMzOVoXDTM2MDEwNDAxMzMzOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A...
Server_SignatureCSR/bzJYnRad03R+s7helnlQuUGBWKWzAl7qOu67uI/H584e44RPCXTR2FvJQVC/dZSi/hcUX4A8NeozMsVE+60FMjfDiTlJm7uxUU3lV6KFdoeRYUUeRtKtyjXD3ZRy9Fmw9psGWi52FdAhJFWD5tgX5hJ24aXpEvjsFCp5oA0=
Keys
AES93f7c1757c324a1226b58f0d4ddf8e2e4430f12d0c4fa8a1e600acf3a28a0bfe
SaltDcRatByqwqdanchun
7936"C:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exe"C:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exeexplorer.exe
User:
admin
Company:
Nexus Sovereign Cyber Alliance (NSCA)
Integrity Level:
MEDIUM
Description:
Nexus Sovereign Endpoint Nexus
Exit code:
0
Version:
2040.3.57803.53892
Modules
Images
c:\users\admin\appdata\roaming\nexusendpointsovereign.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
4 370
Read events
4 369
Write events
1
Delete events
0

Modification events

(PID) Process:(7520) NexusEndpointSovereign.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:NexusEndpointSovereign
Value:
"C:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exe"
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7520NexusEndpointSovereign.exeC:\Users\admin\AppData\Roaming\NexusEndpointSovereign.exeexecutable
MD5:36B9A44D5EE36BBE5E9547EFF2067727
SHA256:7974C4B4A46042DD3A51E162A095D762FAF5084C87AC8E7A909A6BD5B561650D
7520NexusEndpointSovereign.exeC:\Users\admin\AppData\Local\Temp\tmpE1AC.tmp.battext
MD5:6A2C4B8498A29DCCBE9A6F680AFCC8B6
SHA256:F360EA32DFF25DF896A21B8F959C9F661F27914E4C0A3DD32AEA511C80E61840
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
33
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
unknown
whitelisted
7444
SIHClient.exe
GET
200
13.95.31.18:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
7444
SIHClient.exe
GET
200
74.178.240.61:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
7444
SIHClient.exe
GET
304
74.178.240.61:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
4476
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=562&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
5.51 Kb
whitelisted
4476
svchost.exe
GET
200
2.16.164.51:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4476
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4476
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=562&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
1.43 Kb
whitelisted
468
svchost.exe
POST
200
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4476
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6352
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4476
svchost.exe
2.16.164.51:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4476
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
7644
NexusEndpointSovereign.exe
188.114.96.3:8848
taixiuonline.jp.net
CLOUDFLARENET
US
whitelisted
468
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.16.164.51
  • 2.16.164.88
  • 2.16.164.26
  • 2.16.164.27
  • 2.16.164.114
  • 2.16.164.129
  • 2.16.164.120
  • 2.16.164.83
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 23.59.18.102
  • 95.100.102.101
whitelisted
taixiuonline.jp.net
  • 188.114.96.3
  • 188.114.97.3
unknown
login.live.com
  • 40.126.32.140
  • 40.126.32.76
  • 20.190.160.132
  • 20.190.160.3
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.2
  • 40.126.32.136
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
ocsp.digicert.com
  • 23.63.118.230
whitelisted
slscr.update.microsoft.com
  • 74.178.240.61
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NexusEndpointSovereign.exe