Last active
May 25, 2024 22:33
-
-
Save adeii/c87ed3838e9767367ef8a70cf924a25f to your computer and use it in GitHub Desktop.
Chrome 125.0.6422.77 x64 on Win 7+
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add Blaukovitch's DLL and hexedit | |
| chrome.exe | |
| ========== | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| 89 F9 E8 D9 71 01 00 48 8D 4C 24 30 84 C0 74 0A -> 89 F9 E8 D9 71 01 00 48 8D 4C 24 30 90 90 90 90 (84 C0 74 0A->NOP) | |
| b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) try: 62006300720079 -> 78006300720079 (62->78) | |
| USERENV.dll -> USERENX.dll (hidden) | |
| KERNEL32.dll -> KERNEL64.dll (CFF explorer-Import directory) | |
| ------------------------------------------------------------------------- | |
| chrome_proxy.exe | |
| ================ | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) try: 62006300720079 -> 78006300720079 (62->78) | |
| KERNEL32.dll -> KERNEL64.dll | |
| ------------------------------------------------------------------------- | |
| chrome_elf.dll | |
| ============== | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) try: 62006300720079 -> 78006300720079 (62->78) x2 | |
| KERNEL32.dll -> KERNEL64.dll | |
| ------------------------------------------------------------------------- | |
| chrome.dll | |
| ========== | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| 58 DF 0C 45 85 F6 0F 94 C0 85 ED 0F 95 C1 30 C1 -> 58 DF 0C 90 90 90 90 90 90 90 90 90 90 90 90 90 | |
| 0F 84 2F 02 00 00 4C 8B 27 48 C7 07 00 00 00 00 -- 90 90 90 90 90 90 4C 8B 27 48 C7 07 00 00 00 00 | |
| 00 00 00 4C 89 F9 BA 01 00 00 00 41 B8 0F 00 00 | |
| 10 4D 89 E1 FF 15 66 65 D3 0B 85 C0 0F 85 35 01 -> 00 4D 89 E1 FF 15 66 65 D3 0B 85 C0 0F 85 35 01 | |
| F7 84 24 48 01 00 00 80 00 20 00 0F 95 C0 48 85 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 | |
| ED 0F 94 C1 20 C1 80 F9 01 0F 84 4B 01 00 00 4C -- 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 4C | |
| 89 F9 E8 79 B3 AF 00 48 8D 4C 24 30 84 C0 74 0A -> 89 F9 E8 79 B3 AF 00 48 8D 4C 24 30 90 90 90 90 | |
| 8A 59 (NO) | |
| 08 00 00 B9 00 09 00 00 0F 45 C8 89 8C 24 64 02 -> 08 00 00 B9 00 00 00 00 0F 45 C8 89 8C 24 64 02 | |
| C3 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC | |
| 56 57 53 48 83 EC 70 48 89 CE 48 8B 05 CF 7E 46 -> 48 31 C0 C3 90 90 90 48 89 CE 48 8B 05 CF 7E 46 | |
| 02 48 31 E0 48 89 44 24 68 E8 22 53 5F 00 83 F8 -> 02 48 31 E0 48 89 44 24 68 E8 52 3D 5F 00 90 90 | |
| 02 0F 85 50 01 00 00 48 8D 54 24 64 C7 02 04 00 -- 90 90 90 90 90 90 90 48 8D 54 24 64 C7 02 04 00 | |
| 5B 5F 5E C3 E8 87 52 5F 00 83 F8 02 0F 85 BB 00 -> 5B 5F 5E C3 E8 87 52 5F 00 90 90 90 90 90 90 90 | |
| 00 00 48 89 F1 BA FF FF 00 80 EB CD E8 6F 52 5F -- 90 90 48 89 F1 BA FF FF 00 80 EB CD E8 6F 52 5F | |
| 00 83 F8 02 74 EC E9 A5 00 00 00 48 89 F1 E8 8D -- 00 83 F8 02 EB EC E9 A5 00 00 00 48 89 F1 E8 8D | |
| ..........................................C3 CC | |
| 41 56 56 57 53 48 81 EC 88 01 00 00 48 89 D7 48 -> 31 C0 C3 57 53 48 81 EC 88 01 00 00 48 89 D7 48 | |
| .. | |
| 80 01 00 00 E8 97 50 5F 00 83 F8 02 0F 85 61 01 -- 80 01 00 00 E8 97 50 5F 00 90 90 90 90 90 90 90 | |
| 00 00 48 8D 5C 24 48 48 89 D9 E8 C1 42 BA F8 48 -- 90 90 48 8D 5C 24 48 48 89 D9 E8 C1 42 BA F8 48 | |
| 70 E8 FA 4E 5F 00 83 F8 02 0F 85 69 01 00 00 48 -> 70 E8 FA 4E 5F 00 90 90 90 90 90 90 90 90 90 48 | |
| 31 E0 48 89 84 24 80 01 00 00 E8 51 4D 5F 00 83 -> 31 E0 48 89 84 24 80 01 00 00 E8 51 4D 5F 00 90 | |
| F8 02 0F 85 B4 03 00 00 48 B8 AA AA AA AA AA AA -- 90 90 90 90 90 90 90 90 48 B8 AA AA AA AA AA AA | |
| 30 E8 5A 49 5F 00 83 F8 02 0F 85 F1 00 00 00 4C -> 30 E8 5A 49 5F 00 90 90 90 90 90 90 90 90 90 4C | |
| 56 48 83 EC 20 48 89 CE E8 73 32 5F 00 83 F8 02 -> 56 48 83 EC 20 48 89 CE E8 73 32 5F 00 90 90 90 | |
| 75 17 48 89 F1 E8 86 05 00 00 48 89 F1 89 C2 48 -- 90 90 48 89 F1 E8 86 05 00 00 48 89 F1 89 C2 48 | |
| 48 31 E0 48 89 44 24 30 E8 33 32 5F 00 83 F8 02 -> 48 31 E0 48 89 44 24 30 E8 33 32 5F 00 90 90 90 | |
| 75 42 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E -- 90 90 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E | |
| 56 53 48 83 EC 28 48 89 CE E8 D2 31 5F 00 83 F8 -> 56 53 48 83 EC 28 48 89 CE E8 D2 31 5F 00 90 90 | |
| 02 75 26 48 89 F1 E8 B5 07 00 00 89 C3 84 C0 75 -- 90 90 90 48 89 F1 E8 B5 07 00 00 89 C3 84 C0 75 | |
| 48 31 E0 48 89 44 24 30 E8 83 31 5F 00 83 F8 02 -> 48 31 E0 48 89 44 24 30 E8 83 31 5F 00 90 90 90 | |
| 75 71 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E -- 90 90 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E | |
| 00 83 F8 02 0F 85 24 01 00 00 48 8D 7C 24 20 48 -> 00 90 90 90 90 90 90 90 90 90 48 8D 7C 24 20 48 | |
| 00 E8 8A 42 5F 00 83 F8 02 0F 85 E2 01 00 00 48 -> 00 E8 8A 42 5F 00 90 90 90 90 90 90 90 90 90 48 | |
| 02 48 31 E0 48 89 44 24 28 E8 C2 3F 5F 00 83 F8 -> 02 48 31 E0 48 89 44 24 28 E8 C2 3F 5F 00 90 90 | |
| 02 75 44 48 8D 7C 24 20 48 89 F9 E8 F0 31 BA F8 -- 90 90 90 48 8D 7C 24 20 48 89 F9 E8 F0 31 BA F8 | |
| E8 3B 3F 5F 00 83 F8 02 0F 85 93 03 00 00 48 83 -> E8 3B 3F 5F 00 90 90 90 90 90 90 90 90 90 90 90 | |
| BE 90 00 00 00 00 0F 84 88 03 00 00 48 BD AA AA -- 90 90 90 90 90 90 90 90 90 90 90 90 48 BD AA AA | |
| 5C 3B 5F 00 83 F8 02 0F 85 57 02 00 00 48 8B 8F -> 5C 3B 5F 00 90 90 90 90 90 90 90 90 90 48 8B 8F | |
| 41 57 41 56 56 57 55 53 48 81 EC D8 00 00 00 0F -> 48 31 C0 48 F7 D8 C3 53 48 81 EC D8 00 00 00 0F | |
| 5C 32 5F 00 83 F8 02 0F 85 FB 02 00 00 49 BF AA -> 5C 32 5F 00 90 90 90 90 90 90 90 90 90 49 BF AA | |
| C3 41 1B 9A BB D3 6A 46 87 FC FE 67 55 6A 3B 65 -> 5A EE 59 B8 38 D8 5B 4B A2 E8 1A DC 7D 93 DB 48 | |
| b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) try: 62006300720079 -> 78006300720079 (62->78) x2 | |
| user32 -> user64 (hidden) | |
| mfplat -> xfplat (hidden) | |
| netapi32 -> netapi64 (hidden) | |
| kernel32 -> kernel64 | |
| userenv -> userenx | |
| winhttp -> winxttp | |
| ------------------------------------------------------------------------- | |
| notification_helper.exe | |
| ======================= | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| b.c.r.y.p.t... -> x.c.r.y.p.t... (hidden) try: 62006300720079 -> 78006300720079 (62->78) x2 | |
| KERNEL32.dll -> KERNEL64.dll | |
| ------------------------------------------------------------------------- | |
| chrome_wer.exe | |
| ======================= | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| ------------------------------------------------------------------------- | |
| chrome_pwa_launcher.exe | |
| ======================= | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| ------------------------------------------------------------------------- | |
| mojo_core.exe | |
| ======================= | |
| b8: 06 | |
| C0: 06 | |
| 120-Security Directory RVA / Size --> 00000000 | |
| KERNEL32.dll -> KERNEL64.dll |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment