chrome.exe

Google Chrome

Google Inc

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch’. This is installed with Google Chrome. The file has been seen being downloaded from mail.google.com and multiple other hosts.
Publisher:
Google Inc.  (signed by Google Inc)

Product:
Google Chrome

Version:
35.0.1916.153

MD5:
a5fcd42334ccc682da1882a54338686c

SHA-1:
f585b9920cbc65655c68bab42657d4798fae12dd

SHA-256:
74c8b614672d1a7f0889243056ea4b3e03b5f66dfdfeff5dd6cc17dbe088d18f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/30/2017 3:57:39 PM UTC  (today)

File size:
840.3 KB (860,488 bytes)

Product version:
35.0.1916.153

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\google\chrome\application\chrome.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/29/2014 1:00:00 AM

Valid to:
1/30/2016 12:59:59 AM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Java Object Signing, OU=Digital ID Class 3 - Java Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2912C70C9A2B8A3EF6F6074662D68B8D

File PE Metadata
Compilation timestamp:
6/5/2014 2:01:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:ST9WU9I6r98wLVlrmNERO43xuvgaPvm49XFjXGSuOHeZNSxSxIdzYbppj6BI94KC:STgul6FCR6yC6pe1Kl8Ym

Entry address:
0x4993B

Entry point:
E8, 24, AD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, 57, E8, 34, 76, 00, 00, 8B, F8, 89, 7E, 08, 8B, 57, 6C, 89, 16, 8B, 4F, 68, 89, 4E, 04...
 
[+]

Code size:
403.5 KB (413,184 bytes)

3 Scheduled Tasks
Task name:
Google Chrome

Path:
C:\WINDOWS\Tasks\Google Chrome.job

Trigger:
Boot (Runs on boot)

Task name:
Total Domination

Trigger:
Time

Action:
chrome.exe --app=httC:\totaldomination.com\en\landing\lp5_1?

Task name:
Total Domination t

Trigger:
Time

Action:
chrome.exe --app=httC:\totaldomination.com\en\landing\lp5_1?


4 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"

Open type:
mailto

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -- "%1"


5 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --no-startup-window

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run

Command:
"C:\users\{user}\appdata\local\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
F700B5D07FE047F68BCA1A147FA557AC0BA044D6._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
27163E39237FCEEF4F39784AE33E72ADD6BE812F._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
280268F194988B9D15788ADD913CE4CA3D68FC47._service_run

Command:
"C:\Program Files\google\chrome\application\chrome.exe" --type=service


4 Startup Files (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #3

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- "httC:\www.shouldiremoveit.com\program.ashx?s=1&programhash=5a1affbdaedee6fe

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #0

Command:
C:\users\{user}\appdata\local\google\chrome\application\chrome.exe --register-pepper-plugins="C:\Program Files\tnt2\2.0.0.1760\pptnt2.dll;application\x-tnt2pp" --flag-switches-begin --flag-switches-end

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Application Restart #1

Command:
C:\Program Files\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end -- httC:\www.filepuma.com\updates2\14

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
ArcadeParlor806.000000

Command:
"C:\Program Files\google\chrome\application\chrome.exe" -uninstall-extension=bifpegonkcooekdlmlfngpbifliiamoo


3 Windows Firewall Allowed Programs
Name:
C:\Program Files\Google\Chrome\Application\chrome.exe

Name:
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Name:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


The file chrome.exe has been discovered within the following programs.

Google Chrome  by Google Inc
Google Chrome is a free web browser developed by Google that uses the WebKit layout engine. It is designed to be secure, fast, simple and stable. Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI).
www.google.com/chrome
6% remove it
Google Chrome Frame  by Google Inc
Publisher's description - “Google Chrome Frame is a free plug-in for Internet Explorer. Some advanced web apps use Google Chrome Frame to provide you with additional features and better performance. Sites that utilize Google Chrome Frame become more responsive.”
www.google.com/chromeframe
12% remove it
 
Powered by Should I Remove It?

The file chrome.exe has been seen being distributed by the following 3 URLs.