home

chrome.exe

Google Chrome

Google Inc

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘chromium’. This is installed with multiple programs including Google Chrome Frame and Google Chrome. The file has been seen being downloaded from start.qone8.com and multiple other hosts.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Chrome

Version:
31.0.1650.63

MD5:
376a9b411bf8b77d5bf84b24d0c7dacd

SHA-1:
b0749e2d4906d195f5469f2f235ad808c9ca481d

SHA-256:
d8aa789bf45adbd7a61aa385a06c7f4081234aa2c3d8fb6b7c4c50dbd752a597

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 10:43:24 AM UTC  (today)

File size:
843 KB (863,184 bytes)

Product version:
31.0.1650.63

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\google\chrome\application\chrome.exe

Digital Signature
Signed by:
Google Inc

Authority:
VeriSign, Inc.

Valid from:
11/13/2011 10:00:00 PM

Valid to:
11/13/2014 9:59:59 PM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09E28B26DB593EC4E73286B66499C370

File PE Metadata
Compilation timestamp:
12/3/2013 11:54:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:1pWllPEJL6gU6GRqwkhGPCW/c0FllCCOwvCygXRfCgiKvrrboHrER7o+DLYhuQ0/:1pJ9Jw/cCOwvCygX5iECEpoqmuxKPdi

Entry address:
0x49F46

Entry point:
E8, 69, B2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 50, 62, 46, 00, 57, FF, 35, 14, 65, 49, 00, FF, D6, FF, 35, 10, 65, 49, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, BF, B2, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 55, 4C, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Code size:
404 KB (413,696 bytes)

4 Scheduled Tasks
Task name:
{8BDA33F1-8BA8-435C-90CC-63FC655F1C3A}

Trigger:
Registration (Runs on registration)

Task name:
Total Domination

Trigger:
Time

Task name:
Total Domination t

Trigger:
Time

Task name:
0

Trigger:
Registration (Runs on registration)


4 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
mailto

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"


135 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
chromium

Command:
C:\users\{user}\appdata\local\google\chrome\application\chrome.exe --no-startup-window

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --no-startup-window

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
B090D338ACE01BB9A65E542622DBCBC596CDA1CB._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
chrome.exe

Command:
C:\Program Files\google\chrome\application\chrome.exe

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
910BE36A305FD8F56BD97461E6D8216E630411DF._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
163C201B470E57430790619C49F9FB6BFC8D0411._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service


8 Startup Files (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #0

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- "httC:\toolbar.avg.com\p-uninstall?cid={1dd5aaab-3aa8-4785-87b5-b9336af2ad98

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #1

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --enable-accelerated-filters --no-pings --disable-threaded-animation --enable-google-now-integration --js-flags=--harmony -

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #2

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --disable-instant-extended-api --flag-switches-end --restore-last-session -- "httC:\toolbar.avg.com\p-uninstall?cid={41330

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #4

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end httC:\www.delta-homes.com\?utm_source

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #8

Command:
C:\Program Files\google\chrome\application\chrome.exe --automation-channel=chrometestinginterfacC:33568.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-pr

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #3

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --enable-sync-favicons --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --restore-last-session --


2 Startup Files (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --no-startup-window

Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
chrome

Command:
C:\Program Files\google\chrome\application\chrome.exe


Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
AVG_uninstallation_survey

Command:
C:\Program Files\google\chrome\application\chrome.exe


User Start Menu Item
Name:
chrome.exe


10 Windows Firewall Allowed Programs
Name:
C:\Documents and Settings\EVL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Name:
C:\Documents and Settings\menedzser001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Name:
C:\Program Files\Google\Chrome\Application\chrome.exe

Name:
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

Name:
C:\Archivos de programa\Google\Chrome\Application\chrome.exe

Name:
C:\Documents and Settings\Owner PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


The file chrome.exe has been discovered within the following programs.

Frame do Google Chrome  by Google Inc
Publisher's description - “Google Chrome Frame is an open source plug-in that seamlessly brings Google Chrome's open web technologies and speedy JavaScript engine to Internet Explorer. Google Chrome Frame is a free plug-in for Internet Explorer.”
developers.google.com/chrome/chrome-frame
7% remove it
Google Chrome  by Google Inc
Google Chrome is a free web browser developed by Google that uses the WebKit layout engine. It is designed to be secure, fast, simple and stable. Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI).
www.google.com/chrome
6% remove it
Google Chrome Frame  by Google Inc
Publisher's description - “Google Chrome Frame is a free plug-in for Internet Explorer. Some advanced web apps use Google Chrome Frame to provide you with additional features and better performance. Sites that utilize Google Chrome Frame become more responsive.”
www.google.com/chromeframe
12% remove it
Google Chrome Frame  by Google Inc
www.google.com/chromeframe?
6% remove it
 
Powered by Should I Remove It?

The file chrome.exe has been seen being distributed by the following 4 URLs.

http://start.qone8.com/?type=sc&ts=1381881639&from=tugs&uid=395049983_1052451_60F7058A

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=bc814808ee&view=att&th=142f52a648782d1c&attid=0.1&disp=safe&realattid=f_hp7z58l40&zw&saduie=AG9B_P-W3eZO-JdcRo1ug3XfS5hc&sadet=1387092690666&sads=waN9zAX1Xo7FBdffh0dMkTrU59c&sadssc=1

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=bc814808ee&view=att&th=142f52a648782d1c&attid=0.1&disp=safe&realattid=f_hp7z58l40&zw&saduie=AG9B_P-W3eZO-JdcRo1ug3XfS5hc&sadet=1387092690666&sads=waN9zAX1Xo7FBdffh0dMkTrU59c

https://mail.google.com/mail/u/.../?ui=2&ik=bc814808ee&view=att&th=142f52a648782d1c&attid=0.1&disp=safe&realattid=f_hp7z58l40&zw

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.