forked from mandiant/sunburst_countermeasures
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fnv1a_xor_hashes.txt
84 lines (83 loc) · 2.83 KB
/
fnv1a_xor_hashes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Copyright 2020 by FireEye, Inc.
# You may not use this file except in compliance with the license. The license should have been received with this file. You may obtain a copy of the license at:
# https://github.com/fireeye/sunburst_countermeasures/blob/main/LICENSE.txt
The following hashes are checked against processes, services, and drivers by SUNBURST. The hash is calculated by performing a FNV-1a 64bit hash of the lowercase string then XOR by 6605813339339102567.
-------------------------------------------
fekern 6274014997237900919
sense 16335643316870329598
windefend 917638920165491138
afwserv 1368907909245890092
atrsdfw.sys 15194901817027173566
autopsy 4821863173800309721
accept 2734787258623754862
avastsvc 8146185202538899243
avastui 11818825521849580123
avgsvc 3660705254426876796
avgsvca 3890794756780010537
avgsvcx 3890769468012566366
avgui 12709986806548166638
avp 13611051401579634621
avpui 18147627057830191163
brcow_x_x_x_x.sys 12679195163651834776
brfilter.sys 1614465773938842903
cavp 17204844226884380288
cb 5984963105389676759
crexecprev.sys 18159703063075866524
cutter 12790084614253405985
cve.sys 16570804352575357627
cybkerneltracker.sys 17097380490166623672
date 16066522799090129502
dgdmk.sys 3626142665768487764
dnsd 13316211011159594063
dnspy 13825071784440082496
eamonm 15587050164583443069
eaw.sys 12718416789200275332
eelam 9559632696372799208
egui 607197993339007484
ehdrv 4931721628717906635
ekrn 3200333496547938354
epfw 17939405613729073960
fakenet 576626207276463000
feelam 15092207615430402812
ffdec 7412338704062093516
floss 18150909006539876521
fsaua 12445177985737237804
fsaus 12445232961318634374
fsbts 9333057603143916814
fsdfw 10393903804869831898
fses 3413052607651207697
fsfw 3407972863931386250
fsma 3421213182954201407
fsms 3421197789791424393
fsni 3413886037471417852
fsorsp 17978774977754553159
gdb 10336842116636872171
groundling32.sys 6943102301517884811
groundling64.sys 13544031715334011032
hexisfsmonitor.sys 397780960855462669
idaq 14256853800858727521
idr 8129411991672431889
ildasm 15997665423159927228
ilspy 10829648878147112121
ksde 17633734304611248415
ksdeui 13581776705111912829
libwamf.sys 17984632978012874803
lordpe 3656637464651387014
lragentmf.sys 2717025511528702475
peid 9531326785919727076
peview 2478231962306073784
ppee 14710585101020280896
psepfilter.sys 835151375515278827
regmon 18294908219222222902
rvsavd.sys 18392881921099771407
safe-agent.sys 11801746708619571308
scdbg 14868920869169964081
sentinelmonitor.sys 12343334044036541897
sysmon 14111374107076822891
tanium 7175363135479931834
windbg 3045986759481489935
windump 17109238199226571972
winhex 5945487981219695001
winobj 8052533790968282297
xagt 15695338751700748390
fe_avk 9384605490088500348