File name: | Google AI Gemini Ultra For PC V1.0.1.msi |
Full analysis: | https://app.any.run/tasks/0ef391d1-20c0-4279-adb6-e89afe28d37f |
Verdict: | Malicious activity |
Analysis date: | February 11, 2024, 22:33:59 |
OS: | Windows 10 Professional (build: 19044, 64 bit) |
Indicators: | |
MIME: | application/x-msi |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 07:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {C6C2D440-EA93-4E35-B8C6-83DD50C1613C}, Title: Install, Author: Install, Comments: Bringing the benefits of AI to everyone, Number of Words: 2, Last Saved Time/Date: Mon Jan 22 11:59:18 2024, Last Printed: Mon Jan 22 11:59:18 2024 |
MD5: | BF17D7F8DAC7DF58B37582CEC39E609D |
SHA1: | 0C55B3C75E5759EFC6DB20B6DB4FAD790CBCD4E7 |
SHA256: | BB7C3B78F2784A7AC3C090331326279476C748087188AEB69F431BBD70AC6407 |
SSDEEP: | 24576:C1ipiRvE4wbF60m3oOEZ/vTk1oQ53eYc:C1ipiRM4wbF60m3oOEZ/vTk1oQ53lc |
.msi | | | Microsoft Windows Installer (90.2) |
---|---|---|
.msp | | | Windows Installer Patch (8.4) |
.msi | | | Microsoft Installer (100) |
LastPrinted: | 2024:01:22 11:59:18 |
---|---|
ModifyDate: | 2024:01:22 11:59:18 |
Words: | 2 |
Comments: | Bringing the benefits of AI to everyone |
Keywords: | - |
Author: | Install |
Subject: | - |
Title: | Install |
RevisionNumber: | {C6C2D440-EA93-4E35-B8C6-83DD50C1613C} |
Pages: | 200 |
Template: | Intel;1033 |
CodePage: | Windows Latin 1 (Western European) |
Security: | Password protected |
Software: | Windows Installer |
CreateDate: | 1999:06:21 07:00:00 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2400 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\Google AI Gemini Ultra For PC V1.0.1.msi" | C:\Windows\System32\msiexec.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
2940 | C:\WINDOWS\system32\msiexec.exe /V | C:\Windows\System32\msiexec.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6336 | C:\Windows\syswow64\MsiExec.exe -Embedding 07EEBDA4F52A2DC71B828CF63D181045 C | C:\Windows\SysWOW64\msiexec.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
2584 | C:\WINDOWS\system32\vssvc.exe | C:\Windows\System32\VSSVC.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
2588 | C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:5 | C:\Windows\System32\SrTasks.exe | — | msiexec.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Windows System Protection background tasks. Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
1520 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | SrTasks.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6456 | C:\Windows\syswow64\MsiExec.exe -Embedding 5DD30614F9BF2BEA33B2E5CBA39E9838 | C:\Windows\SysWOW64\msiexec.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
2496 | C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files (x86)\Google\Install\install.cmd"" | C:\Windows\System32\cmd.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
4252 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6444 | powershell -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic/ru.ps1" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
|
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore |
Operation: | write | Name: | SrCreateRp (Enter) |
Value: 4800000000000000203AC4773A5DDA017C0B000024130000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppGetSnapshots (Enter) |
Value: 4800000000000000203AC4773A5DDA017C0B000024130000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppGetSnapshots (Leave) |
Value: 480000000000000095D2E0773A5DDA017C0B000024130000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppEnumGroups (Enter) |
Value: 480000000000000095D2E0773A5DDA017C0B000024130000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppEnumGroups (Leave) |
Value: 480000000000000095D2E0773A5DDA017C0B000024130000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppCreate (Enter) |
Value: 4800000000000000113AE3773A5DDA017C0B000024130000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP |
Operation: | write | Name: | LastIndex |
Value: 5 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
Operation: | write | Name: | SppGatherWriterMetadata (Enter) |
Value: 4800000000000000916FFD773A5DDA017C0B000024130000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
(PID) Process: | (2940) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 4800000000000000916FFD773A5DDA017C0B0000E00F0000E803000001000000000000000000000083515AD26E251E4894197777F90A20E000000000000000000000000000000000 | |||
(PID) Process: | (2584) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer |
Operation: | write | Name: | IDENTIFY (Enter) |
Value: 4800000000000000BA3802783A5DDA01180A0000A8170000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2940 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2940 | msiexec.exe | C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic\favicon.png | image | |
MD5:8BE1FACB79791A064862A61399B6DFEA | SHA256:89FF11A2237F9EC798ED4493738B14BE76F11F282C5AB755847779FE241EF857 | |||
2400 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI5B81.tmp | executable | |
MD5:B77A2A2768B9CC78A71BBFFB9812B978 | SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0 | |||
2400 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSI5BFF.tmp | executable | |
MD5:B77A2A2768B9CC78A71BBFFB9812B978 | SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0 | |||
2940 | msiexec.exe | C:\WINDOWS\Installer\MSIA7FB.tmp | executable | |
MD5:B77A2A2768B9CC78A71BBFFB9812B978 | SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0 | |||
2940 | msiexec.exe | C:\WINDOWS\TEMP\~DF9BB9E4E81E189EB7.TMP | gmc | |
MD5:BF619EAC0CDF3F68D496EA9344137E8B | SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 | |||
2940 | msiexec.exe | C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic\background.js | text | |
MD5:93184C1E02220665A5F9CA7AF9C7E38C | SHA256:7526DA006B81D1ED279828CA66069B83815C13551D8125872306C20B03F60C3F | |||
6456 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\CFGA83A.tmp | xml | |
MD5:68675E0D405C8C76102802FA624EB895 | SHA256:B839CDD1C3F55651CD4D0E54A679BCE5AC60ED7618A7B74BFC8EF8CA311E53ED | |||
6336 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\CFG5BEE.tmp | xml | |
MD5:68675E0D405C8C76102802FA624EB895 | SHA256:B839CDD1C3F55651CD4D0E54A679BCE5AC60ED7618A7B74BFC8EF8CA311E53ED | |||
2940 | msiexec.exe | C:\Program Files (x86)\Google\Install\Microsoft.VisualC.Dll | executable | |
MD5:8DF8C5146490DC4E469DDD31CED8A705 | SHA256:14F2E8D64BDB5B4FAD83B9D550FE1A39539CAEC3C66B8A6AB5A7995BBDA1A296 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
5356 | SIHClient.exe | GET | 304 | 13.85.23.86:443 | https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL | unknown | — | — | — |
5356 | SIHClient.exe | GET | 200 | 13.85.23.86:443 | https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL | unknown | — | 23.9 Kb | — |
5356 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | binary | 418 b | — |
5356 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl | unknown | binary | 813 b | — |
5356 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl | unknown | binary | 401 b | — |
5356 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl | unknown | binary | 400 b | — |
5356 | SIHClient.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl | unknown | binary | 555 b | — |
5356 | SIHClient.exe | GET | 200 | 20.242.39.171:443 | https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping | unknown | — | — | — |
5356 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl | unknown | binary | 813 b | — |
5356 | SIHClient.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl | unknown | binary | 824 b | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3848 | svchost.exe | 239.255.255.250:1900 | — | — | — | unknown |
— | — | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4 | System | 192.168.100.255:138 | — | — | — | unknown |
1440 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4 | System | 192.168.100.255:137 | — | — | — | unknown |
5356 | SIHClient.exe | 13.85.23.86:443 | slscr.update.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
5356 | SIHClient.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | unknown |
5356 | SIHClient.exe | 23.216.77.28:80 | crl.microsoft.com | Akamai International B.V. | DE | unknown |
5356 | SIHClient.exe | 20.242.39.171:443 | fe3cr.delivery.mp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
1728 | chrome.exe | 239.255.255.250:1900 | — | — | — | unknown |
Domain | IP | Reputation |
---|---|---|
arc.msn.com |
| unknown |
slscr.update.microsoft.com |
| unknown |
www.microsoft.com |
| unknown |
crl.microsoft.com |
| unknown |
fe3cr.delivery.mp.microsoft.com |
| unknown |
www.bing.com |
| unknown |
clientservices.googleapis.com |
| unknown |
config.edge.skype.com |
| unknown |
www.googleapis.com |
| unknown |
clients2.google.com |
| unknown |