1
# YAML:1.0
2
# Configuration file for enum_artifacts.rb module
3
# This file contains a YAML formated list of artifacts used by the
4
# enum_artifacts post module. Artifacts should be listed using the following
5
# format:
6
#
7
# ---
8
# malware_name:
9
#  files:
10
#   - name: path\to\file
11
#     csum: 00112233445566778899aabbccddeeff
12
#   - name: path\to\another\file
13
#     csum: 112233445566778899aabbccddeeff00
14
#
15
#  reg_entries:
16
#   - key: registry_key
17
#     val: registry_value
18
#     data: data
19
# 
20
# Happy hunting
21
---
22
test_evidence:
23
 files:
24
  - name: c:\ntdetect.comx
25
    csum: b2de3452de03674c6cec68b8c8ce7c78
26
  - name: c:\boot.ini
27
    csum: fa579938b0733b87066546afe951082c
28

29
 reg_entries:
30
  - key: HKEY_LOCAL_MACHINE\SYSTEM\Selectx
31
    val: Current
32
    data: 1
33
  - key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI
34
    val: DisplayName
35
    data: Microsoft ACPI Driver
36

37

38