updates to add standard interesting files sets to install directory

thirdparty/InterestingFileSetRules/Cloud Storage.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<INTERESTING_FILE_SETS>
+ <INTERESTING_FILE_SET description="Identifies installed cloud storage applications" ignoreKnown="false" name="Cloud Storage" standardSet="true" versionNumber="1">
+  <NAME name="CloudMe" regex="false" typeFilter="file">CloudMe.exe</NAME>
+  <NAME name="Resilio" regex="false" typeFilter="file">Resilio Sync.exe</NAME>
+  <NAME name="pCloud" regex="false" typeFilter="file">pcloud.exe</NAME>
+  <NAME name="Slack" regex="false" typeFilter="file">slack.exe</NAME>
+  <NAME name="iCloud Drive" regex="false" typeFilter="file">iCloudDrive.exe</NAME>
+  <NAME name="Google Stream" regex="false" typeFilter="file">GoogleDriveFS.exe</NAME>
+  <NAME name="GoodSync" regex="false" typeFilter="file">goodsync.exe</NAME>
+  <NAME name="Synqion" regex="false" typeFilter="file">synqion.exe</NAME>
+  <NAME name="NextCloud" regex="false" typeFilter="file">nextcloud.exe</NAME>
+  <NAME name="OneDrive Windows App" regex="false" typeFilter="file">microsoft.microsoftskydrive.exe</NAME>
+  <NAME name="Carbonite Safe Server" regex="false" typeFilter="file">CloudScheduler.exe</NAME>
+  <NAME name="Google Drive" regex="false" typeFilter="file">googledrivesync.exe</NAME>
+  <NAME name="DropBox Installer" regex="false" typeFilter="file">dropbox.exe</NAME>
+  <NAME name="SugarSync" regex="false" typeFilter="file">sugarsync.exe</NAME>
+  <NAME name="Carbonite" regex="false" typeFilter="file">carboniteUI.exe</NAME>
+  <NAME name="OwnCloud" regex="false" typeFilter="file">owncloud.exe</NAME>
+  <NAME name="Adobe Creative Cloud" regex="false" typeFilter="file">creative cloud.exe</NAME>
+  <NAME name="DropBox Windows App" regex="false" typeFilter="file">DropboxUniversal.exe </NAME>
+  <NAME name="MEGA Privacy Windows App" regex="false" typeFilter="file">MegaApp.exe</NAME>
+  <NAME name="Yandex Disk" regex="false" typeFilter="file">yandexdisk2.exe</NAME>
+  <NAME name="eFileCabinet" regex="false" typeFilter="file">efcClient.exe</NAME>
+  <NAME name="Amazon Photo Backup" regex="false" typeFilter="file">amazonphotos.exe</NAME>
+  <NAME name="Zoho Docs" regex="false" typeFilter="file">zohodocs.exe</NAME>
+  <NAME name="MEGAsync" regex="false" typeFilter="file">MEGAsync.exe</NAME>
+  <NAME name="SpiderOak One " regex="false" typeFilter="file">SpiderOakONE.exe</NAME>
+  <NAME name="Box" regex="false" typeFilter="file">box.exe</NAME>
+  <NAME name="OneDrive" regex="false" typeFilter="file">onedrive.exe</NAME>
+  <NAME name="Sync" regex="false" typeFilter="file">sync-taskbar.exe</NAME>
+ </INTERESTING_FILE_SET>
+</INTERESTING_FILE_SETS>

thirdparty/InterestingFileSetRules/Cryptocurrency Wallets.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<INTERESTING_FILE_SETS>
+ <INTERESTING_FILE_SET description="" ignoreKnown="false" name="Cryptocurrency Wallets" standardSet="true" versionNumber="1">
+  <NAME name="Electrum Portable" regex="true" typeFilter="file">^electrum(.*)portable.exe</NAME>
+  <NAME name="Jaxx" regex="false" typeFilter="file">jaxx liberty.exe</NAME>
+  <NAME name="Electron Cash Standalone" regex="true" typeFilter="file">^electron-cash(.*).exe$</NAME>
+  <NAME name="Exodus" regex="false" typeFilter="file">exodus.exe</NAME>
+  <NAME name="Bitcoin Wallet" regex="false" typeFilter="file">bitcoin-qt.exe</NAME>
+  <NAME name="Dogecoin" regex="false" typeFilter="file">dogecoin-qt.exe</NAME>
+  <NAME name="Zecwallet" regex="false" typeFilter="file">Zecwallet Fullnode.exe</NAME>
+  <NAME name="Litecoin" regex="false" typeFilter="file">litecoin-qt.exe</NAME>
+  <NAME name="Zel Core" regex="false" typeFilter="file">zelcore.exe</NAME>
+  <NAME name="BitPay" regex="false" typeFilter="file">bitpay.exe</NAME>
+  <NAME name="Verge Tor QT Wallet" regex="false" typeFilter="file">verge-qt.exe</NAME>
+  <NAME name="Atomic Wallet" regex="false" typeFilter="file">atomic wallet.exe</NAME>
+  <NAME name="Bitcoin Armory" regex="false" typeFilter="file">armoryqt.exe</NAME>
+  <NAME name="Eidoo Wallet" regex="false" typeFilter="file">eidoo.exe</NAME>
+  <NAME name="Electron Cash Portable" regex="true" typeFilter="file">^electron-cash(.*)portable.exe$</NAME>
+  <NAME name="Monero GUI Wallet" regex="false" typeFilter="file">monero-wallet-gui.exe</NAME>
+  <NAME name="Coinomi Wallet" regex="false" typeFilter="file">coinomi.exe</NAME>
+  <NAME name="Electron Cash" regex="false" typeFilter="file">electron-cash.exe</NAME>
+  <NAME name="Zel Core Portable" regex="false" typeFilter="file">zelcore-portable.exe</NAME>
+  <NAME name="Qtum Core" regex="false" typeFilter="file">qtum-qt.exe</NAME>
+  <NAME name="Dash Core Wallet" regex="false" typeFilter="file">dash-qt.exe</NAME>
+  <NAME name="Zecwallet Lite" regex="false" typeFilter="file">Zecwallet Lite.exe</NAME>
+  <NAME name="Copay" regex="false" typeFilter="file">copay.exe</NAME>
+  <NAME name="Multidoge Wallet" regex="false" typeFilter="file">multidoge.exe</NAME>
+  <NAME name="Neon Wallet" regex="false" typeFilter="file">neon.exe</NAME>
+  <NAME name="Dash Electrum Wallet" regex="true" typeFilter="file">^electrum-dash(.*).exe$</NAME>
+  <NAME name="Lisk Wallet" regex="false" typeFilter="file">lisk.exe</NAME>
+  <NAME name="Stargazer Wallet" regex="false" typeFilter="file">stargazer.exe</NAME>
+  <NAME name="GreenAddress Wallet" regex="false" typeFilter="file">GreenAddress Wallet.exe</NAME>
+  <NAME name="Electrum" regex="true" typeFilter="file">^electrum(.*).exe</NAME>
+  <NAME name="Qtum Electrum" regex="true" typeFilter="file">^Qtum-electrum-win-(.*).exe$</NAME>
+  <NAME name="Bither" regex="false" typeFilter="file">BitherWinLauncher.exe</NAME>
+  <NAME name="Toast Wallet" regex="false" typeFilter="file">toastwallet.exe</NAME>
+  <NAME name="Guarda Wallet" regex="false" typeFilter="file">guarda.exe</NAME>
+ </INTERESTING_FILE_SET>
+</INTERESTING_FILE_SETS>

thirdparty/InterestingFileSetRules/Encryption Programs.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<INTERESTING_FILE_SETS>
+ <INTERESTING_FILE_SET description="Finds Encryption Programs installed on the machine" ignoreKnown="false" name="Encryption Programs">
+  <NAME name="CryptoExpert 8" regex="false" typeFilter="file">cexpertcmd.exe</NAME>
+  <NAME name="aescrypt" regex="false" typeFilter="file">aescrypt.exe</NAME>
+  <NAME name="7z" regex="false" typeFilter="file">7z.exe</NAME>
+  <NAME name="Gpg4win" regex="false" typeFilter="file">gdbus.exe</NAME>
+  <NAME name="AxCrypt" regex="false" typeFilter="file">AxCrypt.exe</NAME>
+  <NAME name="Encrypto" regex="false" typeFilter="file">Encrypto.exe</NAME>
+  <NAME name="Cryptomator" regex="false" typeFilter="file">Cryptomator.exe</NAME>
+  <NAME name="KeePass" regex="false" typeFilter="file">KeePass.exe</NAME>
+  <NAME name="certainsafe" regex="false" typeFilter="file">certainsafe.exe</NAME>
+  <NAME name="Tutanota Desktop" regex="false" typeFilter="file">Tutanota Desktop.exe</NAME>
+  <NAME name="BitLocker" regex="false" typeFilter="all">BitLockerDeviceEncryption.exe</NAME>
+  <NAME name="EncFSMP" regex="false" typeFilter="file">EncFSMP.exe</NAME>
+  <NAME name="HTTPS Everywhere" regex="false" typeFilter="file">HTTPS Everywhere</NAME>
+  <NAME name="Tor Browser" regex="false" typeFilter="all">Tor Browser</NAME>
+  <NAME name="CryptoExpert 8" regex="false" typeFilter="file"> cexpert_gui.exe</NAME>
+  <NAME name="GnuPG" regex="false" typeFilter="file"> gpg.exe</NAME>
+  <NAME name="Folder Lock" regex="false" typeFilter="file">Folder Lock.exe</NAME>
+  <NAME name="Gihosoft File Encryption" regex="false" typeFilter="file">GFileEncryption.exe</NAME>
+  <NAME name="VeraCrypt" regex="false" typeFilter="file">VeraCrypt.exe</NAME>
+  <NAME name="Proton Bridge" regex="false" typeFilter="file">Desktop-Bridge.exe</NAME>
+ </INTERESTING_FILE_SET>
+</INTERESTING_FILE_SETS>