chrmstp.exe

  • File Path: C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe
  • Description: Google Chrome Installer

Hashes

Type Hash
MD5 AEA2671A54A5A19A449CA1F268F1D7BD
SHA1 14F565D448948BD23C563C27368BD08ACFD17B66
SHA256 62ECBB932E0211217F62BD0D3D5744A54104E2431E27FF7A7822A25D04A8581B
SHA384 58904E6397FB0EE788E1631CDBDA807B429ACC8955B22D17CB87D25DDA1003FAFE8A789C37B9B89C60E89826792D4A19
SHA512 73D8BF7C0BDF08502B8557176BDF192E9F1554CCF07C0540973F52071BE2E3C47F6C2B95444088EEBF7DFB29BFD8DE2E54A5BE2DB0BA74698EAA2287EED9E7E6
SSDEEP 49152:rk1nc3R1lRf+yAHLvThf0we+9fPF0RkBOETd4re:BbbAHPFDp4C
IMP 81EE900A026224A1AA3F301BA1D6C063
PESHA1 B414823271439836526B15CAF9AB0A6E932D421A
PE256 4A8173B295F589C18D4594257AA8082626F4F977F3718A43CFD0A9917A291662

Runtime Data

Usage (stderr):

[0924/171427.404:ERROR:setup_main.cc(519)] Already installed version 85.0.4183.121 at system-level conflicts with this one at user-level.
[0924/171427.404:ERROR:persistent_histogram_storage.cc(121)] Could not write "SetupMetrics" persistent histograms to file as the storage directory does not exist.

Child Processes:

chrome.exe

Loaded Modules:

Path
C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\SYSTEM32\CRYPTBASE.DLL
C:\Windows\SYSTEM32\dbghelp.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\NETAPI32.dll
C:\Windows\SYSTEM32\NETUTILS.DLL
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\SYSTEM32\PROPSYS.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\SYSTEM32\windows.storage.dll
C:\Windows\SYSTEM32\WINHTTP.dll
C:\Windows\SYSTEM32\WINMM.dll
C:\Windows\SYSTEM32\WKSCLI.DLL
C:\Windows\SYSTEM32\Wldp.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\SYSTEM32\WTSAPI32.dll

Signature

  • Status: Signature verified.
  • Serial: 0C15BE4A15BB0903C901B1D6C265302F
  • Thumbprint: CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US

File Metadata

  • Original Filename:
  • Product Name: Google Chrome Installer
  • Company Name: Google LLC
  • File Version: 85.0.4183.121
  • Product Version: 85.0.4183.121
  • Language: English (United States)
  • Legal Copyright: Copyright 2020 Google LLC. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/62ecbb932e0211217f62bd0d3d5744a54104e2431e27ff7a7822a25d04a8581b/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\setup.exe 100
C:\program files\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe 88
C:\program files\Google\Chrome\Application\85.0.4183.83\Installer\setup.exe 88

Possible Misuse

The following table contains possible examples of chrmstp.exe being misused. While chrmstp.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_runonce_persistence.yml Details\|endswith: '\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.