File name:	88b76184c1e21f2aed7b1de4180ea65525baf418d3009f0f3aa95d86dd4d9d52.exe
Full analysis:	https://app.any.run/tasks/5a2f76c3-deaf-407d-95ba-d94eeedaa1d3
Verdict:	Malicious activity
Analysis date:	October 25, 2025, 16:07:08
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	golang
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32+ executable (GUI) x86-64, for MS Windows, 9 sections
MD5:	9B11E97F92DF54733BD5980507FA5428
SHA1:	9BC330C406880DDE5F26CEA0FA8A49DD950AB083
SHA256:	88B76184C1E21F2AED7B1DE4180EA65525BAF418D3009F0F3AA95D86DD4D9D52
SSDEEP:	49152:ymHwViV1niRXOiLolT5FpnM6TYBSbPuz6N/pw6Vgmvolx70dbCxNykQnGQdF25Sv:ypUoXuTDpnQBeLnJu762zc

.exe	\|	Win64 Executable (generic) (87.3)
.exe	\|	Generic Win/DOS Executable (6.3)
.exe	\|	DOS Executable Generic (6.3)

MachineType:	AMD AMD64
TimeStamp:	0000:00:00 00:00:00
ImageFileCharacteristics:	Executable, Large address aware
PEType:	PE32+
LinkerVersion:	3
CodeSize:	1240064
InitializedDataSize:	196608
UninitializedDataSize:	-
EntryPoint:	0x72040
OSVersion:	6.1
ImageVersion:	1
SubsystemVersion:	6.1
Subsystem:	Windows GUI
FileVersionNumber:	96.0.0.0
ProductVersionNumber:	96.0.0.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Windows, Latin1
CompanyName:	SteelSeries ApS
FileDescription:	SteelSeries GG installer
FileVersion:	96.0.0
LegalCopyright:	Copyright (C) 2023 SteelSeries ApS
ProductName:	SteelSeries GG
ProductVersion:	96.0.0.0

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
1252	svchost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
1252	svchost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6432	backgroundTaskHost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D	unknown	—	—	whitelisted
7400	backgroundTaskHost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D	unknown	—	—	whitelisted
5220	SIHClient.exe	GET	200	2.20.154.94:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl	unknown	—	—	whitelisted
5220	SIHClient.exe	GET	200	2.20.154.94:80	http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl	unknown	—	—	whitelisted

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
1036	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5596	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1252	svchost.exe	20.190.160.20:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
7088	SearchApp.exe	2.16.241.222:443	www.bing.com	Akamai International B.V.	DE	whitelisted
—	—	2.17.190.73:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
1252	svchost.exe	2.17.190.73:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
7364	backgroundTaskHost.exe	2.16.241.222:443	www.bing.com	Akamai International B.V.	DE	whitelisted
7088	SearchApp.exe	2.16.106.200:443	th.bing.com	Akamai International B.V.	DE	whitelisted
3440	svchost.exe	172.211.123.249:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	FR	whitelisted

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 40.127.240.158 4.231.128.59	whitelisted
login.live.com	20.190.160.20 20.190.160.2 40.126.32.138 20.190.160.131 20.190.160.66 20.190.160.128 20.190.160.4 40.126.32.140	whitelisted
google.com	142.250.185.206	whitelisted
www.bing.com	2.16.241.222 2.16.241.204 2.16.241.201 2.16.241.218 2.16.241.216 2.16.241.205 2.16.241.206 2.16.241.211 2.16.241.207	whitelisted
ocsp.digicert.com	2.17.190.73	whitelisted
th.bing.com	2.16.106.200 2.16.106.196 2.16.106.207	whitelisted
client.wns.windows.com	172.211.123.249	whitelisted
arc.msn.com	20.199.58.43 20.223.35.26	whitelisted
fd.api.iris.microsoft.com	20.74.47.205	whitelisted
slscr.update.microsoft.com	135.232.92.137	whitelisted

General Info

88b76184c1e21f2aed7b1de4180ea65525baf418d3009f0f3aa95d86dd4d9d52.exe

9B11E97F92DF54733BD5980507FA5428

9BC330C406880DDE5F26CEA0FA8A49DD950AB083

88B76184C1E21F2AED7B1DE4180EA65525BAF418D3009F0F3AA95D86DD4D9D52

49152:ymHwViV1niRXOiLolT5FpnM6TYBSbPuz6N/pw6Vgmvolx70dbCxNykQnGQdF25Sv:ypUoXuTDpnQBeLnJu762zc

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Executing a file with an untrusted certificate

SUSPICIOUS

There is functionality for taking screenshot (YARA)

INFO

Application based on Golang

The sample compiled with english language support

Checks supported languages

Checks proxy server information

Reads the software policy settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings