File name:

PotPlayerSetup64.exe

Full analysis: https://app.any.run/tasks/66bebf13-e7a0-4cbc-9e53-f2b6281aa425
Verdict: Malicious activity
Analysis date: February 17, 2025, 05:25:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

A30E6A868CE2412D120BA45478427EDE

SHA1:

5928B075F8AD3B39020AF2205E64923121A4F688

SHA256:

39736FEE2A1A50C6DB8BB2A559CEA2CBD76FA98A2523CCC716124052D02C8F8B

SSDEEP:

393216:6fIiZaxtsSt4kXk7/nKTGFysuy8a3diHm+j:6flaH+7/7ypy81G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerMini64.exe (PID: 6164)
      • DTDrop64.exe (PID: 6004)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerSetup64.exe (PID: 6956)
      • OpenCodecSetup64.exe (PID: 6944)

    • Reads security settings of Internet Explorer

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4764)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerSetup64.exe (PID: 6956)

    • Application launched itself

      • PotPlayerSetup64.exe (PID: 6768)

    • The process creates files with name similar to system file names

      • PotPlayerSetup64.exe (PID: 6956)
      • OpenCodecSetup64.exe (PID: 6944)

    • Process drops legitimate windows executable

      • PotPlayerSetup64.exe (PID: 6956)

    • Checks Windows Trust Settings

      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4764)
      • PotPlayerSetup64.exe (PID: 6956)

    • Reads the BIOS version

      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 4764)

    • Reads the date of Windows installation

      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 4764)

    • Creates a software uninstall entry

      • PotPlayerSetup64.exe (PID: 6956)

    • Detected use of alternative data streams (AltDS)

      • PotPlayerSetup64.exe (PID: 6956)

    • There is functionality for taking screenshot (YARA)

      • OpenCodecSetup64.exe (PID: 6944)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • OpenCodecSetup64.exe (PID: 6944)
      • PotPlayerSetup64.exe (PID: 6956)

    • Creates file in the systems drive root

      • PotPlayerSetup64.exe (PID: 6956)

  • INFO

    • Reads the computer name

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerSetup64.exe (PID: 6956)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 4764)
      • OpenCodecSetup64.exe (PID: 6944)

    • The sample compiled with korean language support

      • PotPlayerSetup64.exe (PID: 6956)

    • The sample compiled with english language support

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerSetup64.exe (PID: 6956)

    • Checks supported languages

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerSetup64.exe (PID: 6956)
      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4160)
      • DTDrop64.exe (PID: 6004)
      • PotPlayerMini64.exe (PID: 4764)
      • DTDrop64.exe (PID: 6664)
      • OpenCodecSetup64.exe (PID: 6944)
      • KillPot64.exe (PID: 3564)

    • Process checks whether UAC notifications are on

      • PotPlayerSetup64.exe (PID: 6768)

    • Create files in a temporary directory

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerSetup64.exe (PID: 6956)
      • OpenCodecSetup64.exe (PID: 6944)

    • Process checks computer location settings

      • PotPlayerSetup64.exe (PID: 6768)
      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 4764)

    • Reads the machine GUID from the registry

      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerMini64.exe (PID: 4764)
      • PotPlayerSetup64.exe (PID: 6956)

    • Reads the software policy settings

      • PotPlayerMini64.exe (PID: 6164)
      • PotPlayerMini64.exe (PID: 4160)
      • PotPlayerSetup64.exe (PID: 6956)
      • PotPlayerMini64.exe (PID: 4764)

    • Creates files or folders in the user directory

      • PotPlayerSetup64.exe (PID: 6956)

    • Checks proxy server information

      • PotPlayerSetup64.exe (PID: 6956)

    • Creates files in the program directory

      • OpenCodecSetup64.exe (PID: 6944)
      • PotPlayerSetup64.exe (PID: 6956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.7.22071.0
ProductVersionNumber: 1.7.22071.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: PotPlayer Setup File (2023-12-22 오전 11:10:25)
CompanyName: Kakao
FileDescription: PotPlayer Setup File
FileVersion: v231220
LegalCopyright: ⓒ Kakao Corp. All rights reserved.
ProductName: PotPlayer
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
9
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start potplayersetup64.exe potplayersetup64.exe killpot64.exe no specs potplayermini64.exe no specs potplayermini64.exe no specs dtdrop64.exe no specs potplayermini64.exe no specs dtdrop64.exe no specs opencodecsetup64.exe

Process information

PID
CMD
Path
Indicators
Parent process
3564"C:\Program Files\DAUM\PotPlayer\KillPot64.exe"C:\Program Files\DAUM\PotPlayer\KillPot64.exePotPlayerSetup64.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\daum\potplayer\killpot64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
4160"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" /RfPolicyC:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exePotPlayerSetup64.exe
User:
admin
Company:
Kakao
Integrity Level:
HIGH
Description:
PotPlayer
Exit code:
0
Version:
0, 0, 0, 0
Modules
Images
c:\program files\daum\potplayer\potplayermini64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
4764"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" /RegisterAllC:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exePotPlayerSetup64.exe
User:
admin
Company:
Kakao
Integrity Level:
HIGH
Description:
PotPlayer
Exit code:
0
Version:
0, 0, 0, 0
Modules
Images
c:\program files\daum\potplayer\potplayermini64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
6004"C:\Program Files\DAUM\PotPlayer\DTDrop64.exe" /regserverC:\Program Files\DAUM\PotPlayer\DTDrop64.exePotPlayerMini64.exe
User:
admin
Company:
Daum Kakao
Integrity Level:
HIGH
Description:
Shell DragDrop Handler
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\daum\potplayer\dtdrop64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6164"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" /SetLanguage /ENGLISHC:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exePotPlayerSetup64.exe
User:
admin
Company:
Kakao
Integrity Level:
HIGH
Description:
PotPlayer
Exit code:
0
Version:
0, 0, 0, 0
Modules
Images
c:\program files\daum\potplayer\potplayermini64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
6664"C:\Program Files\DAUM\PotPlayer\DTDrop64.exe" /regserverC:\Program Files\DAUM\PotPlayer\DTDrop64.exePotPlayerMini64.exe
User:
admin
Company:
Daum Kakao
Integrity Level:
HIGH
Description:
Shell DragDrop Handler
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\daum\potplayer\dtdrop64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6768"C:\Users\admin\AppData\Local\Temp\PotPlayerSetup64.exe" C:\Users\admin\AppData\Local\Temp\PotPlayerSetup64.exe
explorer.exe
User:
admin
Company:
Kakao
Integrity Level:
MEDIUM
Description:
PotPlayer Setup File
Version:
v231220
Modules
Images
c:\users\admin\appdata\local\temp\potplayersetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6944"C:\Users\admin\AppData\Local\Temp\nsp7053.tmp\OpenCodecSetup64.exe"C:\Users\admin\AppData\Local\Temp\nsp7053.tmp\OpenCodecSetup64.exe
PotPlayerSetup64.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\nsp7053.tmp\opencodecsetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6956"C:\Users\admin\AppData\Local\Temp\PotPlayerSetup64.exe" /UAC:70204 /NCRC C:\Users\admin\AppData\Local\Temp\PotPlayerSetup64.exe
PotPlayerSetup64.exe
User:
admin
Company:
Kakao
Integrity Level:
HIGH
Description:
PotPlayer Setup File
Version:
v231220
Modules
Images
c:\users\admin\appdata\local\temp\potplayersetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
19 955
Read events
18 592
Write events
1 222
Delete events
141

Modification events

(PID) Process:(6956) PotPlayerSetup64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:PotNotify64
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM
Operation:writeName:GUID_POTPLAYER
Value:
CC88C17E41624B3A8EFE217A41AD1DF1
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM
Operation:writeName:GUID_POTPLAYER_HASH
Value:
{1F82DAB2-EE77-EFBB-C992-796A8DB61722}
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\EqulizerList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\PanScanList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\MainShortCutList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\PlayShortCutList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\CaptionFolderList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\AudioFolderList
Operation:delete keyName:(default)
Value:
(PID) Process:(6164) PotPlayerMini64.exeKey:HKEY_CURRENT_USER\SOFTWARE\DAUM\PotPlayerMini64\ShaderCombineList
Operation:delete keyName:(default)
Value:
Executable files
48
Suspicious files
9
Text files
136
Unknown types
0

Dropped files

PID
Process
Filename
Type
6956PotPlayerSetup64.exeC:\Program Files\DAUM\PotPlayer\ffcodec64.dll
MD5:
SHA256:
6768PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsi6AB6.tmp\UAC.dllexecutable
MD5:0BEA21545B130F74AD40160AE8AC05EA
SHA256:3239A185C653B1F2385FBB9716172E116551FC68867E36FFDB96D5D7C8EAEA5B
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\AdvSplash.dllexecutable
MD5:EC4E08A6EF93404B08A4A62CABFFF0A9
SHA256:4BEE4C9D5FFE126A7DAF7EE7DC6DC4C77FE4CF7334132D4D63352EC01A2A37FD
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\UAC.dllexecutable
MD5:0BEA21545B130F74AD40160AE8AC05EA
SHA256:3239A185C653B1F2385FBB9716172E116551FC68867E36FFDB96D5D7C8EAEA5B
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\System.dllexecutable
MD5:4ADD245D4BA34B04F213409BFE504C07
SHA256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\LangDLL.dllexecutable
MD5:50016010FB0D8DB2BC4CD258CEB43BE5
SHA256:32230128C18574C1E860DFE4B17FE0334F685740E27BC182E0D525A8948C9C2E
6956PotPlayerSetup64.exeC:\Program Files\DAUM\PotPlayer\DaumCrashHandler64.dllexecutable
MD5:FDD833F5D0632FC2CEC5030A7CBBA96B
SHA256:6EFD2B8D4ED6B8BF2E29257D41E8FEEB3BB0CCFCAB020424FD628C00841BBE6A
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\modern-wizard.bmpimage
MD5:CEA1D5C912992CAAC10B6E80E311B3D4
SHA256:93BC936B74A5E54F68A6F847D5013F1F4143525FD481D1F3B3DE1326D7BEF51F
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\UserInfo.dllexecutable
MD5:D458B8251443536E4A334147E0170E95
SHA256:4913D4CCCF84CD0534069107CFF3E8E2F427160CAD841547DB9019310AC86CC7
6956PotPlayerSetup64.exeC:\Users\admin\AppData\Local\Temp\nsp7053.tmp\nsDialogs.dllexecutable
MD5:1D8F01A83DDD259BC339902C1D33C8F1
SHA256:4B7D17DA290F41EBE244827CC295CE7E580DA2F7E9F7CC3EFC1ABC6898E3C9ED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
27
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7088
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7088
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6280
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6956
PotPlayerSetup64.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
184.86.251.9:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1412
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2.19.106.8:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
7088
SIHClient.exe
172.202.163.200:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 184.86.251.9
  • 184.86.251.7
  • 184.86.251.21
  • 184.86.251.19
  • 184.86.251.24
  • 184.86.251.22
  • 184.86.251.27
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.0
  • 40.126.31.3
  • 40.126.31.69
  • 40.126.31.1
  • 40.126.31.131
  • 20.190.159.131
  • 40.126.31.128
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PotPlayerSetup64.exe