Application Behavior Analysis: Google Chrome
As it’s catching up the browser market, Chrome is one of the easiest installable browser. It doesn’t require any administrator rights for the end user as it get’s installed to a user profile folder instead of %programFiles% path. Below is the command line where from Google Updater launches the Google Installer. "C:Users<username>AppDataLocalGoogleUpdateGoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={FDC46DEC-52EC-57D4-E24D-40D463E18969}&lang=en-IN&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=false" /installsource oneclick Thus, the main window/process of the Chrome browser runs from below location: "C:Users<username>AppDataLocalGoogleChromeApplicationchrome.exe" Tabs get executed with below command line parameters by default: "C:Users<username>AppDataLocalGoogleChromeApplicationchrome.exe" –type=renderer –lang=en-US –force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_500ms_queue_prefetch/DnsParallelism/parallel_14/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/ –channel=5736.057E4300.822057191 /prefetch:3 When run in incognito mode, it invokes a child process with below […]
Read more