Skip to content
Permalink
Browse files

Changed WindowsAvailableTimeZones and normalized indentation in YAML …

…files (#354)
  • Loading branch information...
joachimmetz committed Jun 23, 2019
1 parent 8be8fc9 commit d7d237a9e52161735fc662437f79aca8e2b35dfa
@@ -1,4 +1,4 @@
# -*- coding: utf-8 -*-
"""ForensicArtifacts.com Artifact Repository."""

__version__ = '20190320'
__version__ = '20190623'
@@ -1,5 +1,5 @@
artifacts (20190320-1) unstable; urgency=low
artifacts (20190623-1) unstable; urgency=low

* Auto-generated

-- Forensic artifacts <forensicartifacts@googlegroups.com> Wed, 20 Mar 2019 05:20:33 +0100
-- Forensic artifacts <forensicartifacts@googlegroups.com> Sun, 23 Jun 2019 15:24:41 +0200
@@ -14,8 +14,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Microsoft\Microsoft Antimalware\Quarantine\**'
- '%%environ_allusersappdata%%\Microsoft\Windows Defender\Quarantine\**'
- '%%environ_allusersappdata%%\Microsoft\Microsoft Antimalware\Quarantine\**'
- '%%environ_allusersappdata%%\Microsoft\Windows Defender\Quarantine\**'
separator: '\'
supported_os: [Windows]
labels: [Antivirus]
@@ -75,8 +75,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\*.log'
- '%%users.localappdata%%\Symantec\Symantec Endpoint Protection\Logs\*.log'
- '%%environ_allusersappdata%%\Symantec\Symantec Endpoint Protection\*\Data\Logs\*.log'
- '%%users.localappdata%%\Symantec\Symantec Endpoint Protection\Logs\*.log'
separator: '\'
supported_os: [Windows]
supported_os: [Windows]
@@ -21,15 +21,15 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/Library/Preferences/com.microsoft.office.plist'
- '%%users.homedir%%/Library/Containers/com.microsoft.*/Data/Library/Preferences/com.microsoft.*.securebookmarks.plist'
- '%%users.homedir%%/Library/Preferences/com.microsoft.office.plist'
- '%%users.homedir%%/Library/Containers/com.microsoft.*/Data/Library/Preferences/com.microsoft.*.securebookmarks.plist'
separator: '/'
supported_os: [Darwin]
- type: REGISTRY_VALUE
attributes:
key_value_pairs:
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\File MRU', value: 'Item *'}
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\Place MRU', value: 'Item *'}
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\File MRU', value: 'Item *'}
- {key: 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Office\*\*\Place MRU', value: 'Item *'}
supported_os: [Windows]
supported_os: [Darwin, Windows]
urls: ['https://github.com/mac4n6/macMRU-Parser']
@@ -40,8 +40,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.pab'
- '%%users.homedir%%/Documents/Outlook Files/*.pab'
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.pab'
- '%%users.homedir%%/Documents/Outlook Files/*.pab'
separator: '/'
labels: [Users, Mail]
supported_os: [Windows]
@@ -53,8 +53,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.pst'
- '%%users.homedir%%/Documents/Outlook Files/*.pst'
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.pst'
- '%%users.homedir%%/Documents/Outlook Files/*.pst'
separator: '/'
labels: [Users, Mail]
supported_os: [Windows]
@@ -66,8 +66,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.ost'
- '%%users.homedir%%/Documents/Outlook Files/*.ost'
- '%%users.homedir%%/AppData/Local/Microsoft/Outlook/*.ost'
- '%%users.homedir%%/Documents/Outlook Files/*.ost'
separator: '/'
labels: [Users, Mail]
supported_os: [Windows]
@@ -6,9 +6,9 @@ sources:
- type: ARTIFACT_GROUP
attributes:
names:
- 'DropboxClient'
- 'GoogleDriveClient'
- 'SkyDriveClient'
- 'DropboxClient'
- 'GoogleDriveClient'
- 'SkyDriveClient'
labels: [Cloud Storage]
supported_os: [Darwin,Linux,Windows]
---
@@ -18,14 +18,14 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.appdata%%\Dropbox\*.db*'
- '%%users.localappdata%%\Dropbox\*.db*'
- '%%users.appdata%%\Dropbox\*.db*'
- '%%users.localappdata%%\Dropbox\*.db*'
separator: '\'
supported_os: [Windows]
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.dropbox/*.db*'
- '%%users.homedir%%/.dropbox/*.db*'
supported_os: [Darwin,Linux]
supported_os: [Darwin,Linux,Windows]
labels: [Cloud Storage]
@@ -37,23 +37,23 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Google\Drive\snapshot.db'
- '%%users.localappdata%%\Google\Drive\sync_config.db'
- '%%users.localappdata%%\Google\Drive\sync_config.log*'
- '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
- '%%users.localappdata%%\Google\Drive\snapshot.db'
- '%%users.localappdata%%\Google\Drive\sync_config.db'
- '%%users.localappdata%%\Google\Drive\sync_config.log*'
- '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
separator: '\'
supported_os: [Windows]
- type: FILE
attributes:
paths:
- '%%users.homedir%%/Library/Application Support/Google/Drive/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.log*'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.log*'
- '%%users.homedir%%/Library/Application Support/Google/Drive/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.log*'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.log*'
supported_os: [Darwin]
supported_os: [Darwin, Windows]
labels: [Cloud Storage]
@@ -68,11 +68,11 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
- '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
separator: '\'
supported_os: [Windows]
supported_os: [Windows]
@@ -100,9 +100,9 @@ sources:
- type: ARTIFACT_GROUP
attributes:
names:
- PythonDistInfo
- PythonEggInfo
- PythonWheelInfo
- PythonDistInfo
- PythonEggInfo
- PythonWheelInfo
labels: [Software]
---
name: PythonWheelInfo
@@ -12,8 +12,8 @@ sources:
- type: FILE
attributes:
paths:
- '%%users.appdata%%\Sun\Java\Deployment\cache\**'
- '%%users.userprofile%%\AppData\LocalLow\Sun\Java\Deployment\cache\**'
- '%%users.appdata%%\Sun\Java\Deployment\cache\**'
- '%%users.userprofile%%\AppData\LocalLow\Sun\Java\Deployment\cache\**'
separator: '\'
supported_os: [Windows]
supported_os: [Windows, Linux, Darwin]
@@ -6,8 +6,8 @@ sources:
- type: FILE
attributes:
paths:
- /Applications/.DS_Store.app/**10
- /Library/LaunchAgents/com.apple.launchport.plist
- /Applications/.DS_Store.app/**10
- /Library/LaunchAgents/com.apple.launchport.plist
supported_os: [Darwin]
urls: ['http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf']
---
@@ -17,9 +17,9 @@ sources:
- type: ARTIFACT_GROUP
attributes:
names:
- KasperskyCaretoWindowsFiles
- KasperskyCaretoWindowsRegKeys
- KasperskyCaretoDarwinFiles
- KasperskyCaretoWindowsFiles
- KasperskyCaretoWindowsRegKeys
- KasperskyCaretoDarwinFiles
supported_os: [Windows, Darwin]
urls: ['http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf']
---
@@ -29,59 +29,59 @@ sources:
- type: FILE
attributes:
paths:
- '%%environ_systemroot%%\System32\objframe.dll'
- '%%environ_systemroot%%\System32\shlink32.dll'
- '%%environ_systemroot%%\System32\shlink64.dll'
- '%%environ_systemroot%%\System32\cdllait32.dll'
- '%%environ_systemroot%%\System32\cdllait64.dll'
- '%%environ_systemroot%%\System32\cdlluninstallws32.dll'
- '%%environ_systemroot%%\System32\cdlluninstallws64.dll'
- '%%environ_systemroot%%\System32\cdlluninstallsgh32.dll'
- '%%environ_systemroot%%\System32\cdlluninstallsgh64.dll'
- '%%environ_systemroot%%\System32\c_50225.nls'
- '%%environ_systemroot%%\System32\c_50227.nls'
- '%%environ_systemroot%%\System32\c_50229.nls'
- '%%environ_systemroot%%\System32\c_51932.nls'
- '%%environ_systemroot%%\System32\c_51936.nls'
- '%%environ_systemroot%%\System32\c_51949.nls'
- '%%environ_systemroot%%\System32\c_51950.nls'
- '%%environ_systemroot%%\System32\c_57002.nls'
- '%%environ_systemroot%%\System32\c_57006.nls'
- '%%environ_systemroot%%\System32\c_57008.nls'
- '%%environ_systemroot%%\System32\c_57010.nls'
- '%%environ_systemroot%%\System32\cdgext32.dll'
- '%%environ_systemroot%%\System32\cfgbkmgrs.dll'
- '%%environ_systemroot%%\System32\cfgmgr64.dll'
- '%%environ_systemroot%%\System32\comsvrpcs.dll'
- '%%environ_systemroot%%\System32\d3dx8_20.dll'
- '%%environ_systemroot%%\System32\dllcomm.dll'
- '%%environ_systemroot%%\System32\drivers\wmimgr.sys'
- '%%environ_systemroot%%\System32\drvinfo.bin'
- '%%environ_systemroot%%\System32\FCache.bin'
- '%%environ_systemroot%%\System32\FFExtendedCommand.dll'
- '%%environ_systemroot%%\System32\gpktcsp32.dll'
- '%%environ_systemroot%%\System32\HPQueue.bin'
- '%%environ_systemroot%%\System32\LPQueue.bin'
- '%%environ_systemroot%%\System32\mdwmnsp.dll'
- '%%environ_systemroot%%\System32\rpcdist.dll'
- '%%environ_systemroot%%\System32\scsvrft.dll'
- '%%environ_systemroot%%\System32\sdptbw.dll'
- '%%environ_systemroot%%\System32\slbkbw.dll'
- '%%environ_systemroot%%\System32\skypeie6plugin.dll'
- '%%environ_systemroot%%\System32\wmspdmgr.dll'
- '%%environ_systemroot%%\System32\mfcn30.dll'
- '%%environ_systemroot%%\System32\siiw9x.dll'
- '%%environ_systemroot%%\System32\nmwcdlog.dll'
- '%%environ_systemroot%%\System32\WifiScan.dll'
- '%%environ_systemroot%%\System32\awview32.dll'
- '%%environ_systemroot%%\System32\awcodc32.dll'
- '%%users.temp%%\~DF01AC74D8BE15EE01.tmp'
- '%%users.temp%%\~DF23BF45A473C42B56.tmp'
- '%%users.temp%%\~DFA0528CD81300F372.tmp'
- '%%users.temp%%\~DF8471938479DA49221.tmp'
- '%%users.appdata%%\microsoft\c_27803.nls'
- '%%users.appdata%%\microsoft\objframe.dll'
- '%%users.appdata%%\microsoft\shmgr.dll'
- '%%environ_systemroot%%\System32\objframe.dll'
- '%%environ_systemroot%%\System32\shlink32.dll'
- '%%environ_systemroot%%\System32\shlink64.dll'
- '%%environ_systemroot%%\System32\cdllait32.dll'
- '%%environ_systemroot%%\System32\cdllait64.dll'
- '%%environ_systemroot%%\System32\cdlluninstallws32.dll'
- '%%environ_systemroot%%\System32\cdlluninstallws64.dll'
- '%%environ_systemroot%%\System32\cdlluninstallsgh32.dll'
- '%%environ_systemroot%%\System32\cdlluninstallsgh64.dll'
- '%%environ_systemroot%%\System32\c_50225.nls'
- '%%environ_systemroot%%\System32\c_50227.nls'
- '%%environ_systemroot%%\System32\c_50229.nls'
- '%%environ_systemroot%%\System32\c_51932.nls'
- '%%environ_systemroot%%\System32\c_51936.nls'
- '%%environ_systemroot%%\System32\c_51949.nls'
- '%%environ_systemroot%%\System32\c_51950.nls'
- '%%environ_systemroot%%\System32\c_57002.nls'
- '%%environ_systemroot%%\System32\c_57006.nls'
- '%%environ_systemroot%%\System32\c_57008.nls'
- '%%environ_systemroot%%\System32\c_57010.nls'
- '%%environ_systemroot%%\System32\cdgext32.dll'
- '%%environ_systemroot%%\System32\cfgbkmgrs.dll'
- '%%environ_systemroot%%\System32\cfgmgr64.dll'
- '%%environ_systemroot%%\System32\comsvrpcs.dll'
- '%%environ_systemroot%%\System32\d3dx8_20.dll'
- '%%environ_systemroot%%\System32\dllcomm.dll'
- '%%environ_systemroot%%\System32\drivers\wmimgr.sys'
- '%%environ_systemroot%%\System32\drvinfo.bin'
- '%%environ_systemroot%%\System32\FCache.bin'
- '%%environ_systemroot%%\System32\FFExtendedCommand.dll'
- '%%environ_systemroot%%\System32\gpktcsp32.dll'
- '%%environ_systemroot%%\System32\HPQueue.bin'
- '%%environ_systemroot%%\System32\LPQueue.bin'
- '%%environ_systemroot%%\System32\mdwmnsp.dll'
- '%%environ_systemroot%%\System32\rpcdist.dll'
- '%%environ_systemroot%%\System32\scsvrft.dll'
- '%%environ_systemroot%%\System32\sdptbw.dll'
- '%%environ_systemroot%%\System32\slbkbw.dll'
- '%%environ_systemroot%%\System32\skypeie6plugin.dll'
- '%%environ_systemroot%%\System32\wmspdmgr.dll'
- '%%environ_systemroot%%\System32\mfcn30.dll'
- '%%environ_systemroot%%\System32\siiw9x.dll'
- '%%environ_systemroot%%\System32\nmwcdlog.dll'
- '%%environ_systemroot%%\System32\WifiScan.dll'
- '%%environ_systemroot%%\System32\awview32.dll'
- '%%environ_systemroot%%\System32\awcodc32.dll'
- '%%users.temp%%\~DF01AC74D8BE15EE01.tmp'
- '%%users.temp%%\~DF23BF45A473C42B56.tmp'
- '%%users.temp%%\~DFA0528CD81300F372.tmp'
- '%%users.temp%%\~DF8471938479DA49221.tmp'
- '%%users.appdata%%\microsoft\c_27803.nls'
- '%%users.appdata%%\microsoft\objframe.dll'
- '%%users.appdata%%\microsoft\shmgr.dll'
separator: '\'
supported_os: [Windows]
urls: ['http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf']

0 comments on commit d7d237a

Please sign in to comment.
You can’t perform that action at this time.