-
-
Save IISResetMe/d61a2263c617959eda2682e94f8df8b1 to your computer and use it in GitHub Desktop.
sunburst process heuristics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FNV1a ProcName | |
----- -------- | |
2597124982561782591 apimonitor-x64 | |
2600364143812063535 apimonitor-x86 | |
13464308873961738403 autopsy64 | |
4821863173800309721 autopsy | |
12969190449276002545 autoruns64 | |
3320026265773918739 autoruns | |
12094027092655598256 autorunsc64 | |
10657751674541025650 autorunsc | |
11913842725949116895 binaryninja | |
5449730069165757263 blacklight | |
292198192373389586 | |
12790084614253405985 cutter | |
5219431737322569038 de4dot | |
15535773470978271326 debugview | |
7810436520414958497 diskmon | |
13316211011159594063 dnsd | |
13825071784440082496 dnspy | |
14480775929210717493 dotpeek32 | |
14482658293117931546 dotpeek64 | |
8473756179280619170 dumpcap | |
3778500091710709090 | |
8799118153397725683 exeinfope | |
12027963942392743532 fakedns | |
576626207276463000 fakenet | |
7412338704062093516 ffdec | |
682250828679635420 fiddler | |
13014156621614176974 fileinsight | |
18150909006539876521 floss | |
10336842116636872171 gdb | |
12785322942775634499 | |
13260224381505715848 hiew32 | |
17956969551821596225 | |
8709004393777297355 idaq64 | |
14256853800858727521 idaq | |
8129411991672431889 idr | |
15997665423159927228 ildasm | |
10829648878147112121 ilspy | |
9149947745824492274 jd-gui | |
3656637464651387014 lordpe | |
3575761800716667678 officemalscanner | |
4501656691368064027 ollydbg | |
10296494671777307979 pdfstreamdumper | |
14630721578341374856 pe-bear | |
4088976323439621041 pebrowse64 | |
9531326785919727076 peid | |
6461429591783621719 pe-sieve32 | |
6508141243778577344 pe-sieve64 | |
10235971842993272939 pestudio | |
2478231962306073784 peview | |
9903758755917170407 pexplorer | |
14710585101020280896 ppee | |
14710585101020280896 ppee | |
13611814135072561278 procdump64 | |
2810460305047003196 procdump | |
2032008861530788751 processhacker | |
27407921587843457 procexp64 | |
6491986958834001955 procexp | |
2128122064571842954 procmon | |
10484659978517092504 prodiscoverbasic | |
8478833628889826985 py2exedecompiler | |
10463926208560207521 r2agent | |
7080175711202577138 rabin2 | |
8697424601205169055 radare2 | |
7775177810774851294 ramcapture64 | |
16130138450758310172 ramcapture | |
506634811745884560 reflector | |
18294908219222222902 regmon | |
3588624367609827560 resourcehacker | |
9555688264681862794 retdec-ar-extractor | |
5415426428750045503 retdec-bin2llvmir | |
3642525650883269872 retdec-bin2pat | |
13135068273077306806 retdec-config | |
3769837838875367802 retdec-fileinfo | |
191060519014405309 retdec-getsig | |
1682585410644922036 retdec-idr2pat | |
7878537243757499832 retdec-llvmir2hll | |
13799353263187722717 retdec-macho-extractor | |
1367627386496056834 retdec-pat2yara | |
12574535824074203265 retdec-stacofin | |
16990567851129491937 retdec-unpacker | |
8994091295115840290 retdec-yarac | |
13876356431472225791 rundotnetdll | |
14968320160131875803 sbiesvc | |
14868920869169964081 scdbg | |
106672141413120087 scylla_x64 | |
79089792725215063 scylla_x86 | |
5614586596107908838 shellcode_launcher | |
3869935012404164040 solarwindsdiagnostics | |
3538022140597504361 sysmon64 | |
14111374107076822891 sysmon | |
7982848972385914508 | |
8760312338504300643 | |
17351543633914244545 tcpdump | |
7516148236133302073 tcpvcon | |
15114163911481793350 tcpview | |
15457732070353984570 vboxservice | |
16292685861617888592 win32_remote | |
10374841591685794123 win64_remotex64 | |
3045986759481489935 windbg | |
17109238199226571972 windump | |
6827032273910657891 winhex64 | |
5945487981219695001 winhex | |
8052533790968282297 winobj | |
17574002783607647274 wireshark | |
3341747963119755850 x32dbg | |
14193859431895170587 x64dbg | |
17439059603042731363 xwforensics64 | |
17683972236092287897 xwforensics | |
700598796416086955 redcloak | |
3660705254426876796 avgsvc | |
12709986806548166638 avgui | |
3890794756780010537 avgsvca | |
2797129108883749491 avgidsagent | |
3890769468012566366 avgsvcx | |
14095938998438966337 avgwdsvcx | |
11109294216876344399 avgadminclientservice | |
1368907909245890092 afwserv | |
11818825521849580123 avastui | |
8146185202538899243 avastsvc | |
2934149816356927366 aswidsagent | |
13029357933491444455 aswidsagenta | |
6195833633417633900 aswengsrv | |
2760663353550280147 avastavwrapper | |
16423314183614230717 bccavsvc | |
2532538262737333146 psanhost | |
4454255944391929578 psuaservice | |
6088115528707848728 psuamain | |
13611051401579634621 avp | |
18147627057830191163 avpui | |
17633734304611248415 ksde | |
13581776705111912829 ksdeui | |
7175363135479931834 tanium | |
3178468437029279937 taniumclient | |
13599785766252827703 taniumdetectengine | |
6180361713414290679 taniumendpointindex | |
8612208440357175863 taniumtracecli | |
8408095252303317471 taniumtracewebsocketclient64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FNV1a Driver | |
----- ------ | |
17097380490166623672 cybkerneltracker.sys | |
15194901817027173566 atrsdfw.sys | |
12718416789200275332 eaw.sys | |
18392881921099771407 rvsavd.sys | |
3626142665768487764 dgdmk.sys | |
12343334044036541897 sentinelmonitor.sys | |
397780960855462669 hexisfsmonitor.sys | |
6943102301517884811 groundling32.sys | |
13544031715334011032 groundling64.sys | |
11801746708619571308 safe-agent.sys | |
18159703063075866524 crexecprev.sys | |
835151375515278827 psepfilter.sys | |
16570804352575357627 cve.sys | |
1614465773938842903 brfilter.sys | |
12679195163651834776 brcow_x_x_x_x.sys | |
2717025511528702475 lragentmf.sys | |
17984632978012874803 libwamf.sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FNV1a Service RawFlag ReportWatcherPostpone | |
----- ------- ------- --------------------- | |
5183687599225757871 msmpeng 1 255 | |
10063651499895178962 mssense 2 260 | |
17204844226884380288 cavp 8 290 | |
5984963105389676759 cb 8 290 | |
8698326794961817906 csfalconservice 16 330 | |
9061219083560670602 csfalconcontainer 16 330 | |
15695338751700748390 xagt 32 410 | |
640589622539783622 xagtnotif 32 410 | |
3200333496547938354 ekrn 64 570 | |
14513577387099045298 eguiproxy 64 570 | |
607197993339007484 egui 64 570 | |
521157249538507889 fsgk32st 128 890 | |
14971809093655817917 fswebuid 128 890 | |
10545868833523019926 fsgk32 128 890 | |
15039834196857999838 fsma32 128 890 | |
14055243717250701608 fssm32 128 890 | |
5587557070429522647 fnrb32 128 890 | |
12445177985737237804 fsaua 128 890 | |
17978774977754553159 fsorsp 128 890 | |
17017923349298346219 fsav32 128 890 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment