forked from flaing/sunburst_countermeasures
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fnv1a_xor_hashes.txt
162 lines (160 loc) · 5.13 KB
/
fnv1a_xor_hashes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# Copyright 2020 by FireEye, Inc.
# You may not use this file except in compliance with the license. The license should have been received with this file. You may obtain a copy of the license at:
# https://github.com/fireeye/sunburst_countermeasures/blob/main/LICENSE.txt
The following hashes are checked against processes, services, and drivers by SUNBURST. The hash is calculated by performing a FNV-1a 64bit hash of the lowercase string then XOR by 6605813339339102567.
-------------------------------------------
accept 2734787258623754862
afwserv 1368907909245890092
apimonitor-x64 2597124982561782591
apimonitor-x86 2600364143812063535
aswengsrv 6195833633417633900
aswidsagent 2934149816356927366
atrsdfw.sys 15194901817027173566
autopsy 4821863173800309721
autoruns 3320026265773918739
autoruns64 12969190449276002545
autorunsc 10657751674541025650
autorunsc64 12094027092655598256
avastavwrapper 2760663353550280147
avastsvc 8146185202538899243
avastui 11818825521849580123
avgidsagent 2797129108883749491
avgsvc 3660705254426876796
avgsvca 3890794756780010537
avgsvcx 3890769468012566366
avgui 12709986806548166638
avgwdsvcx 14095938998438966337
avp 13611051401579634621
avpui 18147627057830191163
bccavsvc 16423314183614230717
binaryninja 11913842725949116895
brcow_x_x_x_x.sys 12679195163651834776
brfilter.sys 1614465773938842903
cavp 17204844226884380288
cb 5984963105389676759
cff explorer 292198192373389586
close 14226582801651130532
crexecprev.sys 18159703063075866524
csagent 11771945869106552231
csfalconcontainer 9061219083560670602
csfalconservice 8698326794961817906
cutter 12790084614253405985
cve.sys 16570804352575357627
cybkerneltracker.sys 17097380490166623672
date 16066522799090129502
de4dot 5219431737322569038
dgdmk.sys 3626142665768487764
diskmon 7810436520414958497
dnsd 13316211011159594063
dnspy 13825071784440082496
dotpeek32 14480775929210717493
dotpeek64 14482658293117931546
dumpcap 8473756179280619170
eamonm 15587050164583443069
eaw.sys 12718416789200275332
eelam 9559632696372799208
egui 607197993339007484
ehdrv 4931721628717906635
ekrn 3200333496547938354
epfw 17939405613729073960
exeinfope 8799118153397725683
expect 8873858923435176895
fakedns 12027963942392743532
fakenet 576626207276463000
fe_avk 9384605490088500348
feelam 15092207615430402812
fekern 6274014997237900919
ffdec 7412338704062093516
fiddler 682250828679635420
fileinsight 13014156621614176974
floss 18150909006539876521
fnrb32 5587557070429522647
fsaua 12445177985737237804
fsaus 12445232961318634374
fsav32 17017923349298346219
fsbts 9333057603143916814
fsdfw 10393903804869831898
fses 3413052607651207697
fsfw 3407972863931386250
fsgk32 10545868833523019926
fsgk32st 521157249538507889
fsma32 15039834196857999838
fsma 3421213182954201407
fsms 3421197789791424393
fsni 3413886037471417852
fsorsp 17978774977754553159
fssm32 14055243717250701608
fsvista 7315838824213522000
fswebuid 14971809093655817917
gdb 10336842116636872171
groundling32.sys 6943102301517884811
groundling64.sys 13544031715334011032
hexisfsmonitor.sys 397780960855462669
hiew32 13260224381505715848
idaq 14256853800858727521
idaq64 8709004393777297355
idr 8129411991672431889
ildasm 15997665423159927228
ilspy 10829648878147112121
jd-gui 9149947745824492274
ksde 17633734304611248415
ksdeui 13581776705111912829
lab.na 3796405623695665524
lab.rio 5942282052525294911
libwamf.sys 17984632978012874803
lordpe 3656637464651387014
lragentmf.sys 2717025511528702475
officemalscanner 3575761800716667678
ollydbg 4501656691368064027
pdfstreamdumper 10296494671777307979
pe-bear 14630721578341374856
peid 9531326785919727076
pestudio 10235971842993272939
peview 2478231962306073784
ppee 14710585101020280896
procdump 2810460305047003196
procdump64 13611814135072561278
processhacker 2032008861530788751
procexp64 27407921587843457
procexp 6491986958834001955
procmon 2128122064571842954
psanhost 2532538262737333146
psepfilter.sys 835151375515278827
psuamain 6088115528707848728
psuaservice 4454255944391929578
py2exedecompiler 8478833628889826985
r2agent 10463926208560207521
rabin2 7080175711202577138
radare2 8697424601205169055
regmon 18294908219222222902
resourcehacker 3588624367609827560
rundotnetdll 13876356431472225791
rvsavd.sys 18392881921099771407
safe-agent.sys 11801746708619571308
sbiesvc 14968320160131875803
scdbg 14868920869169964081
scylla_x64 106672141413120087
scylla_x86 79089792725215063
sense 16335643316870329598
sentinelmonitor.sys 12343334044036541897
shellcode_launcher 5614586596107908838
sysmon 14111374107076822891
sysmon64 3538022140597504361
tanium 7175363135479931834
taniumclient 3178468437029279937
task explorer 7982848972385914508
task explorer-x64 8760312338504300643
tcpdump 17351543633914244545
tcpvcon 7516148236133302073
tcpview 15114163911481793350
vboxservice 15457732070353984570
win32_remote 16292685861617888592
windbg 3045986759481489935
windefend 917638920165491138
windump 17109238199226571972
winhex 5945487981219695001
winobj 8052533790968282297
wireshark 17574002783607647274
x32dbg 3341747963119755850
x64dbg 14193859431895170587
xagt 15695338751700748390