chrmstp.exe

  • File Path: C:\program files\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe
  • Description: Google Chrome Installer

Hashes

Type Hash
MD5 4F98D67579082660BFD6AB138652DB49
SHA1 078BE948BDD22DB72A018589B4F3864E631058F3
SHA256 1CD2942C9C95D062359F7C2634D664B58569C8238DBB49276ED7A8FFCDAEB28F
SHA384 9432D9B4CF22C7B7DE04105C8991C39CFFA07A4EC9A06D03F907945BF6D7F987F962E866B467BCC27539F996946738F4
SHA512 C7EBB67C8D5613E06A3A4960E56037CF63FBCC83AD71B5981B66143A025595F52C30CF7BBA867541DDA0276C92C39F3C7783A5D1A28E9AC4ED2CB904C7178E95
SSDEEP 49152:mk1nc3F1lRf+yAHLvThf0we+9fPF0RkBOCTdcr5:YbbAHPFDfcN

Runtime Data

Usage (stderr):

[0830/154047.146:ERROR:setup_main.cc(519)] Already installed version 85.0.4183.83 at system-level conflicts with this one at user-level.
[0830/154047.146:ERROR:persistent_histogram_storage.cc(121)] Could not write "SetupMetrics" persistent histograms to file as the storage directory does not exist.

Child Processes:

chrome.exe

Loaded Modules:

Path
C:\program files\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\SYSTEM32\CRYPTBASE.DLL
C:\Windows\SYSTEM32\dbghelp.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\NETUTILS.DLL
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\SYSTEM32\WINHTTP.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WKSCLI.DLL
C:\Windows\System32\WS2_32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll

Signature

  • Status: Signature verified.
  • Serial: 0C15BE4A15BB0903C901B1D6C265302F
  • Thumbprint: CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US

File Metadata

  • Original Filename:
  • Product Name: Google Chrome Installer
  • Company Name: Google LLC
  • File Version: 85.0.4183.83
  • Product Version: 85.0.4183.83
  • Language: English (United States)
  • Legal Copyright: Copyright 2020 Google LLC. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe 88
C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\setup.exe 88
C:\program files\Google\Chrome\Application\85.0.4183.83\Installer\setup.exe 100

Possible Misuse

The following table contains possible examples of chrmstp.exe being misused. While chrmstp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_runonce_persistence.yml Details\|endswith: '\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.