Skip to content

Instantly share code, notes, and snippets.

@adeii

adeii/gist:8c0e4d472fca5b2cbc540a5f968bf9e1

Created February 29, 2024 00:24
Show Gist options
  • Save adeii/8c0e4d472fca5b2cbc540a5f968bf9e1 to your computer and use it in GitHub Desktop.
Save adeii/8c0e4d472fca5b2cbc540a5f968bf9e1 to your computer and use it in GitHub Desktop.
Download ZIP
Chrome 122.0.6261.70 x64 on Win 7+
Raw
gistfile1.txt
chrome.exe
=========
120-Security Directory RVA / Size --> 00000000
1AD2A0:
00 84 DB 75 14 FF 15 AD 53 07 00 48 89 C1 BA 62 -> 00 84 DB EB 14 FF 15 AD 53 07 00 48 89 C1 BA 62 (75->EB)
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 70 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 (62->78)
USERENV.dll -> USERENX.dll (hidden)
KERNEL32.dll -> KERNEL64.dll (CFF explorer-Import directory)
-------------------------------------------------------------------------
chrome_proxy.exe
================
120-Security Directory RVA / Size --> 00000000
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 70 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 (62->78) 620063007200790070
KERNEL32.dll -> KERNEL64.dll
-------------------------------------------------------------------------
chrome_elf.dll
==============
120-Security Directory RVA / Size --> 00000000
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 70 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 (62->78) x2
KERNEL32.dll -> KERNEL64.dll
-------------------------------------------------------------------------
chrome.dll
==========
120-Security Directory RVA / Size --> 00000000
113C490:
BA 01 00 00 00 41 B8 0F 00 00 10 4D 89 F9 FF 15 -> BA 01 00 00 00 41 B8 0F 00 00 00 4D 89 F9 FF 15 (10->00)
1B205A0:
24 28 01 00 00 00 0F 84 04 01 00 00 4C 8B AC 24 -> 24 28 01 00 00 00 90 90 90 90 90 90 4C 8B AC 24 (0F 84 04 01 00 00 -> NOP)
30 01 ..
4124860:
21 09 48 31 E0 48 89 44 24 78 65 48 8B 04 25 30 -> 21 09 48 31 E0 48 89 44 24 78 90 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
00 00 00 48 8B 80 58 17 00 00 48 85 C0 0F 84 B7 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
03 00 00 48 89 CE B9 C0 01 00 00 23 48 14 81 F9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
40 01 00 00 0F 85 A0 03 00 00 48 83 BE 90 00 00 90 90 90 90 90 90 90 90 90 90 48 83 BE 90 00 00
00 00 0F 84 9D 03 00 00 48 B8 AA AA AA AA AA AA ..
4124C6F:
21 09 48 31 E0 48 89 44 24 78 65 48 8B 04 25 30 -> 21 09 48 31 E0 48 89 44 24 78 90 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
00 00 00 48 8B 80 58 17 00 00 48 85 C0 0F 84 49 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
02 00 00 48 89 D6 BA C0 01 00 00 23 50 14 81 FA 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
40 01 00 00 0F 85 32 02 00 00 48 8B 89 90 00 00 90 90 90 90 90 90 90 90 90 90 48 8B 89 90 00 00
00 48 85 C9 0F 84 25 02 00 00 0F 57 C0 0F 29 44 ..
4124F15:
21 09 48 31 E0 48 89 84 24 58 01 00 00 65 48 8B -> 21 09 48 31 E0 48 89 84 24 58 01 00 00 90 90 90 (65 48 8B 04 25 30 -> NOP)
04 25 30 00 00 00 48 8B 80 58 17 00 00 48 85 C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0F 84 21 06 00 00 48 89 CF B9 C0 01 00 00 23 48 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
14 81 F9 40 01 00 00 0F 85 0A 06 00 00 4C 89 C3 90 90 90 90 90 90 90 90 90 90 90 90 90 4C 89 C3
50CA2AD:
C1 30 C1 0F 84 AC 01 00 00 4C 8B 27 48 C7 07 00 -> C1 30 C1 75 04 FE C0 30 C9 4C 8B 27 48 C7 07 00 (0F 84 AC 01 00 00 -> 75 04 FE C0 30 C9)
8AC0CD0:
00 84 DB 75 14 FF 15 35 89 83 04 48 89 C1 BA 62 -> 00 84 DB EB 14 FF 15 35 89 83 04 48 89 C1 BA 62 (75->EB)
34 FF 84 C0 B8 02 08 00 00 B9 00 09 00 00 0F 45 -> 34 FF 84 C0 B8 02 08 00 00 B9 00 00 00 00 0F 45 (09->00)
13 02 48 31 E0 48 89 44 24 68 65 48 8B 04 25 30 -> 13 02 48 31 E0 48 89 44 24 68 90 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
00 00 00 48 8B 80 58 17 00 00 48 85 C0 0F 84 AC 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
01 00 00 48 89 CE B9 C0 01 00 00 23 48 14 81 F9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
40 01 00 00 0F 85 95 01 00 00 48 8D 54 24 64 C7 90 90 90 90 90 90 90 90 90 90 48 8D 54 24 64 C7
02 04 00 00 00 48 8B 8E 98 00 00 00 48 8B 01 48 ..
C4 70 5B 5F 5E C3 65 48 8B 04 25 30 00 00 00 48 -> C4 70 5B 5F 5E C3 90 90 90 90 90 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
8B 80 58 17 00 00 48 85 C0 0F 84 EF 00 00 00 B9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
C0 01 00 00 23 48 14 81 F9 40 01 00 00 0F 85 DB 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
00 00 00 48 89 F1 BA FF FF 00 80 EB AE 65 48 8B 90 90 90 48 89 F1 BA FF FF 00 80 EB AE 90 90 90 (65 48 8B 04 25 30 -> NOP)
04 25 30 00 00 00 48 8B 80 58 17 00 00 48 85 C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0F 84 BB 00 00 00 B9 C0 01 00 00 23 48 14 81 F9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
40 01 00 00 74 CD E9 A6 00 00 00 48 89 F1 E8 7D 90 90 90 90 EB CD E9 A6 00 00 00 48 89 F1 E8 7D
C3 CC
41 56 56 57 53 48 81 EC 88 01 00 00 48 8B 05 25 -> B8 01 00 00 00 C3 90 90 90 90 90 90 48 8B 05 25 ( ! -> ! )
48 13 02 48 31 E0 48 89 84 24 80 01 00 00 65 48 48 13 02 48 31 E0 48 89 84 24 80 01 00 00 90 90 (65 48 8B 04 25 30 -> NOP)
8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 48 85 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
C0 0F 84 7B 01 00 00 48 89 CE B9 C0 01 00 00 23 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 14 81 F9 40 01 00 00 0F 85 64 01 00 00 48 89 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89
46 13 02 48 31 E0 48 89 44 24 70 65 48 8B 04 25 -> 46 13 02 48 31 E0 48 89 44 24 70 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
30 00 00 00 48 8B 80 58 17 00 00 48 85 C0 0F 84 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
83 01 00 00 48 89 CF B9 C0 01 00 00 23 48 14 81 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
F9 40 01 00 00 0F 85 6C 01 00 00 48 89 D6 48 8B 90 90 90 90 90 90 90 90 90 90 90 48 89 D6 48 8B
24 70 01 00 00 65 48 8B 04 25 30 00 00 00 48 8B -> 24 70 01 00 00 90 90 90 90 90 90 90 90 90 90 90 (65 48 8B 04 25 30 -> NOP)
80 58 17 00 00 48 85 C0 0F 84 C5 03 00 00 48 89 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
CE B9 C0 01 00 00 23 48 14 81 F9 40 01 00 00 0F 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
85 AE 03 00 00 89 D7 48 B8 AA AA AA AA AA AA AA 90 90 90 90 90 89 D7 48 B8 AA AA AA AA AA AA AA
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 0F 84 0D 01 00 00 49 89 CE B9 C0 01 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
00 23 48 14 81 F9 40 01 00 00 0F 85 F6 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 74 2A 48 89 CE B9 C0 01 00 00 23 48 14 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
81 F9 40 01 00 00 75 17 48 89 F1 E8 4B 03 00 00 90 90 90 90 90 90 90 90 48 89 F1 E8 4B 03 00 00
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 74 55 48 89 CE B9 C0 01 00 00 23 48 14 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
81 F9 40 01 00 00 75 42 48 8D 54 24 2C C7 02 00 90 90 90 90 90 90 90 90 48 8D 54 24 2C C7 02 00
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 74 39 48 89 CE B9 C0 01 00 00 23 48 14 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
81 F9 40 01 00 00 75 26 48 89 F1 E8 4A 05 00 00 90 90 90 90 90 90 90 90 48 89 F1 E8 4A 05 00 00
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 0F 84 84 00 00 00 48 89 CE B9 C0 01 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
00 23 48 14 81 F9 40 01 00 00 75 71 48 8D 54 24 90 90 90 90 90 90 90 90 90 90 90 90 48 8D 54 24
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 0F 84 3B 01 00 00 48 89 CE B9 C0 01 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
00 23 48 14 81 F9 40 01 00 00 0F 85 24 01 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
65 48 8B 04 25 30 00 00 00 48 8B 80 58 17 00 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 85 C0 0F 84 DD 01 00 00 48 89 CF B9 C0 01 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
00 23 48 14 81 F9 40 01 00 00 0F 85 C6 01 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
48 8B ..
C3 41 1B 9A BB D3 6A 46 87 FC FE 67 55 6A 3B 65 -> 5A EE 59 B8 38 D8 5B 4B A2 E8 1A DC 7D 93 DB 48
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 (62->78)
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden)
user32 -> user64 (hidden)
mfplat -> xfplat (hidden)
netapi32 -> netapi64 (hidden)
kernel32 -> kernel64
userenv -> userenx
winhttp -> winxttp
-------------------------------------------------------------------------
notification_helper.exe
=======================
120-Security Directory RVA / Size --> 00000000
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 70 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 (62->78) x2
KERNEL32.dll -> KERNEL64.dll
-------------------------------------------------------------------------
chrome_wer.exe
=======================
120-Security Directory RVA / Size --> 00000000
-------------------------------------------------------------------------
chrome_pwa_launcher.exe
=======================
120-Security Directory RVA / Size --> 00000000
b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) 62 00 63 00 72 00 79 00 70 00 74 00 70 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 (62->78)
KERNEL32.dll -> KERNEL64.dll
USERENV.dll -> USERENX.dll
-------------------------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment