dissect.target 3.15.dev12__py3-none-any.whl → 3.15.dev14__py3-none-any.whl

dissect/target/plugins/apps/ssh/openssh.py

@@ -5,59 +5,15 @@ from typing import Iterator
 
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
-from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.fsutil import TargetPath
-from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.helpers.ssh import SSHPrivateKey
-from dissect.target.plugin import Plugin, export
-
-OpenSSHUserRecordDescriptor = create_extended_descriptor([UserRecordDescriptorExtension])
-
-COMMON_ELLEMENTS = [
-    ("string", "key_type"),
-    ("string", "comment"),
-    ("path", "path"),
-]
-
-AuthorizedKeysRecord = OpenSSHUserRecordDescriptor(
-    "application/openssh/authorized_keys",
-    [
-        *COMMON_ELLEMENTS,
-        ("string", "public_key"),
-        ("string", "options"),
-    ],
-)
-
-
-KnownHostRecord = OpenSSHUserRecordDescriptor(
-    "application/openssh/known_host",
-    [
-        *COMMON_ELLEMENTS,
-        ("string", "hostname_pattern"),
-        ("string", "public_key"),
-        ("string", "marker"),
-    ],
-)
-
-
-PrivateKeyRecord = OpenSSHUserRecordDescriptor(
-    "application/openssh/private_key",
-    [
-        *COMMON_ELLEMENTS,
-        ("datetime", "mtime_ts"),
-        ("string", "key_format"),
-        ("string", "public_key"),
-        ("boolean", "encrypted"),
-    ],
-)
-
-PublicKeyRecord = OpenSSHUserRecordDescriptor(
-    "application/openssh/public_key",
-    [
-        *COMMON_ELLEMENTS,
-        ("datetime", "mtime_ts"),
-        ("string", "public_key"),
-    ],
+from dissect.target.plugin import export
+from dissect.target.plugins.apps.ssh.ssh import (
+    AuthorizedKeysRecord,
+    KnownHostRecord,
+    PrivateKeyRecord,
+    PublicKeyRecord,
+    SSHPlugin,
 )
 
 
@@ -72,8 +28,8 @@ def find_sshd_directory(target: Target) -> TargetPath:
     return target.fs.path("/etc/ssh/")
 
 
-class OpenSSHPlugin(Plugin):
-    __namespace__ = "ssh"
+class OpenSSHPlugin(SSHPlugin):
+    __namespace__ = "openssh"
 
     SSHD_DIRECTORIES = ["/sysvol/ProgramData/ssh", "/etc/ssh"]
 
@@ -136,7 +92,8 @@ class OpenSSHPlugin(Plugin):
 
                 for hostname in hostnames:
                     yield KnownHostRecord(
-                        hostname_pattern=hostname,
+                        host=hostname,
+                        port=None,
                         key_type=keytype,
                         public_key=public_key,
                         comment=comment,

dissect/target/plugins/apps/ssh/opensshd.py

@@ -3,8 +3,9 @@ from typing import TYPE_CHECKING, Any, Callable, Iterator, Optional, Union
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
-from dissect.target.plugin import Plugin, export
+from dissect.target.plugin import export
 from dissect.target.plugins.apps.ssh.openssh import find_sshd_directory
+from dissect.target.plugins.apps.ssh.ssh import SSHPlugin
 
 if TYPE_CHECKING:
     from dissect.target.plugins.general.config import ConfigurationTreePlugin
@@ -72,8 +73,8 @@ SSHD_MULTIPLE_DEFINITIONS_ALLOWED_FIELDS = (
 )
 
 
-class SSHServerPlugin(Plugin):
-    __namespace__ = "sshd"
+class SSHServerPlugin(SSHPlugin):
+    __namespace__ = "opensshd"
 
     def __init__(self, target: Target):
         super().__init__(target)

dissect/target/plugins/apps/ssh/putty.py

@@ -0,0 +1,236 @@
+import logging
+from datetime import datetime
+from pathlib import Path
+from typing import Iterator, Optional, Union
+
+from Crypto.PublicKey import ECC, RSA
+from flow.record.fieldtypes import posix_path, windows_path
+
+from dissect.target.exceptions import RegistryKeyNotFoundError, UnsupportedPluginError
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.fsutil import TargetPath, open_decompress
+from dissect.target.helpers.record import create_extended_descriptor
+from dissect.target.helpers.regutil import RegistryKey
+from dissect.target.plugin import export
+from dissect.target.plugins.apps.ssh.ssh import KnownHostRecord, SSHPlugin
+from dissect.target.plugins.general.users import UserDetails
+
+log = logging.getLogger(__name__)
+
+PuTTYUserRecordDescriptor = create_extended_descriptor([UserRecordDescriptorExtension])
+PuTTYSessionRecord = PuTTYUserRecordDescriptor(
+    "application/putty/saved_session",
+    [
+        ("datetime", "ts"),
+        ("string", "session_name"),
+        ("string", "protocol"),
+        ("string", "host"),
+        ("string", "user"),
+        ("varint", "port"),
+        ("string", "remote_command"),
+        ("string", "port_forward"),
+        ("string", "manual_ssh_host_keys"),
+        ("path", "path"),
+    ],
+)
+
+
+class PuTTYPlugin(SSHPlugin):
+    """Extract artifacts from the PuTTY client.
+
+    NOTE:
+        - Does not parse ``$HOME/.putty/randomseed`` (GNU/Linux)
+          and ``HKCU\\Software\\SimonTatham\\PuTTY\\RandSeedFile`` (Windows)
+
+    Resources:
+        - http://www.chiark.greenend.org.uk/~sgtatham/putty/0.78/puttydoc.txt
+        - http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-settings
+    """
+
+    __namespace__ = "putty"
+
+    def __init__(self, target):
+        super().__init__(target)
+
+        self.regf_installs, self.path_installs = self._detect_putty()
+
+    def _detect_putty(
+        self,
+    ) -> tuple[list[set[RegistryKey, Optional[UserDetails]]], list[set[TargetPath, Optional[UserDetails]]]]:
+        regf_installs, path_installs = [], []
+
+        if self.target.has_function("registry"):
+            for key in self.target.registry.keys("HKCU\\Software\\SimonTatham\\PuTTY"):
+                user_details = self.target.registry.get_user_details(key)
+                regf_installs.append((key, user_details))
+
+        for user_details in self.target.user_details.all_with_home():
+            if (putty_path := user_details.home_path.joinpath(".putty")).exists():
+                path_installs.append((putty_path, user_details))
+
+        return regf_installs, path_installs
+
+    def check_compatible(self) -> None:
+        if not any(self.regf_installs + self.path_installs):
+            raise UnsupportedPluginError("No PuTTY installations found")
+
+    @export(record=KnownHostRecord)
+    def known_hosts(self) -> Iterator[KnownHostRecord]:
+        """Parse PuTTY saved SshHostKeys."""
+
+        for putty_key, user_details in self.regf_installs:
+            yield from self._regf_known_hosts(putty_key, user_details)
+
+        for putty_path, user_details in self.path_installs:
+            yield from self._path_known_hosts(putty_path, user_details)
+
+    def _regf_known_hosts(self, putty_key: RegistryKey, user_details: UserDetails) -> Iterator[KnownHostRecord]:
+        """Parse PuTTY traces in Windows registry."""
+
+        try:
+            ssh_host_keys = putty_key.subkey("SshHostKeys")
+        except RegistryKeyNotFoundError:
+            return
+
+        for entry in ssh_host_keys.values():
+            key_type, host = entry.name.split("@")
+            port, host = host.split(":")
+
+            yield KnownHostRecord(
+                mtime_ts=ssh_host_keys.ts,
+                host=host,
+                port=port,
+                key_type=key_type,
+                public_key=construct_public_key(key_type, entry.value),
+                comment="",
+                marker=None,
+                path=windows_path(ssh_host_keys.path),
+                _target=self.target,
+                _user=user_details.user if user_details else None,
+            )
+
+    def _path_known_hosts(self, putty_path: TargetPath, user_details: UserDetails) -> Iterator[KnownHostRecord]:
+        """Parse PuTTY traces in ``.putty`` folders"""
+        ssh_host_keys_path = putty_path.joinpath("sshhostkeys")
+
+        if ssh_host_keys_path.exists():
+            ts = ssh_host_keys_path.stat().st_mtime
+
+            for line in open_decompress(ssh_host_keys_path, "rt"):
+                parts = line.split()
+                key_type, host = parts[0].split("@")
+                port, host = host.split(":")
+
+                yield KnownHostRecord(
+                    mtime_ts=ts,
+                    host=host,
+                    port=port,
+                    key_type=key_type,
+                    public_key=construct_public_key(key_type, parts[1]),
+                    comment="",
+                    marker=None,
+                    path=posix_path(ssh_host_keys_path),
+                    _target=self.target,
+                    _user=user_details.user if user_details else None,
+                )
+
+    @export(record=PuTTYSessionRecord)
+    def sessions(self) -> Iterator[PuTTYSessionRecord]:
+        """Parse PuTTY saved session configuration files."""
+
+        for putty_key, user_details in self.regf_installs:
+            yield from self._regf_sessions(putty_key, user_details)
+
+        for putty_path, user_details in self.path_installs:
+            yield from self._path_sessions(putty_path, user_details)
+
+    def _regf_sessions(self, putty_key: RegistryKey, user_details: UserDetails) -> Iterator[PuTTYSessionRecord]:
+        try:
+            sessions = putty_key.subkey("Sessions")
+        except RegistryKeyNotFoundError:
+            return
+
+        for session in sessions.subkeys():
+            cfg = {s.name: s.value for s in session.values()}
+            yield from self._build_session_record(
+                session.ts, session.name, windows_path(session.path), cfg, user_details
+            )
+
+    def _path_sessions(self, putty_path: TargetPath, user_details: UserDetails) -> Iterator[PuTTYSessionRecord]:
+        sessions_dir = putty_path.joinpath("sessions")
+        if sessions_dir.exists():
+            for session in sessions_dir.glob("*"):
+                if session.is_file():
+                    cfg = dict(map(str.strip, line.split("=", maxsplit=1)) for line in session.open("rt").readlines())
+                    yield from self._build_session_record(
+                        session.stat().st_mtime, session.name, session, cfg, user_details
+                    )
+
+    def _build_session_record(
+        self, ts: float, name: Union[float, datetime], source: Path, cfg: dict, user_details: UserDetails
+    ) -> PuTTYSessionRecord:
+        host, user = parse_host_user(cfg.get("HostName"), cfg.get("UserName"))
+
+        yield PuTTYSessionRecord(
+            ts=ts,
+            session_name=name,
+            protocol=cfg.get("Protocol"),
+            host=host,
+            user=user,
+            port=cfg.get("PortNumber"),
+            remote_command=cfg.get("RemoteCommand"),
+            port_forward=cfg.get("PortForwardings"),
+            manual_ssh_host_keys=cfg.get("SSHManualHostKeys"),
+            path=source,
+            _target=self.target,
+            _user=user_details.user if user_details else None,
+        )
+
+
+def parse_host_user(host: str, user: str) -> tuple[str, str]:
+    """Parse host and user from PuTTY hostname component."""
+    if "@" in host:
+        parsed_user, parsed_host = host.split("@")
+        user = user or parsed_user
+        host = parsed_host
+
+    return host, user
+
+
+def construct_public_key(key_type: str, iv: str) -> str:
+    """Returns OpenSSH format public key calculated from PuTTY SshHostKeys format.
+
+    PuTTY stores raw public key components instead of OpenSSH-formatted public keys
+    or fingerprints. With RSA public keys the exponent and modulus are stored.
+    With ECC keys the x and y prime coordinates are stored together with the curve type.
+
+    Currently supports ``ssh-ed25519``, ``ecdsa-sha2-nistp256`` and ``rsa2`` key types.
+
+    NOTE:
+        - Sha256 fingerprints of the reconstructed public keys are currently not generated.
+        - More key types could be supported in the future.
+
+    Resources:
+        - https://github.com/github/putty/blob/master/contrib/kh2reg.py
+        - https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html
+        - https://pycryptodome.readthedocs.io/en/latest/src/public_key/ecc.html
+        - https://github.com/mkorthof/reg2kh
+    """
+
+    if key_type == "ssh-ed25519":
+        x, y = iv.split(",")
+        key = ECC.construct(curve="ed25519", point_x=int(x, 16), point_y=int(y, 16))
+        return key.public_key().export_key(format="OpenSSH").split()[-1]
+
+    if key_type == "ecdsa-sha2-nistp256":
+        _, x, y = iv.split(",")
+        key = ECC.construct(curve="NIST P-256", point_x=int(x, 16), point_y=int(y, 16))
+        return key.public_key().export_key(format="OpenSSH").split()[-1]
+
+    if key_type == "rsa2":
+        exponent, modulus = iv.split(",")
+        key = RSA.construct((int(modulus, 16), int(exponent, 16)))
+        return key.public_key().export_key(format="OpenSSH").decode("utf-8").split()[-1]
+
+    log.warning("Could not reconstruct public key: type %s not implemented.", key_type)
+    return iv

dissect/target/plugins/apps/ssh/ssh.py

@@ -0,0 +1,58 @@
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.record import create_extended_descriptor
+from dissect.target.plugin import NamespacePlugin
+
+OpenSSHUserRecordDescriptor = create_extended_descriptor([UserRecordDescriptorExtension])
+
+COMMON_ELLEMENTS = [
+    ("string", "key_type"),
+    ("string", "comment"),
+    ("path", "path"),
+]
+
+AuthorizedKeysRecord = OpenSSHUserRecordDescriptor(
+    "application/openssh/authorized_keys",
+    [
+        *COMMON_ELLEMENTS,
+        ("string", "public_key"),
+        ("string", "options"),
+    ],
+)
+
+
+KnownHostRecord = OpenSSHUserRecordDescriptor(
+    "application/openssh/known_host",
+    [
+        ("datetime", "mtime_ts"),
+        *COMMON_ELLEMENTS,
+        ("string", "host"),
+        ("varint", "port"),
+        ("string", "public_key"),
+        ("string", "marker"),
+    ],
+)
+
+
+PrivateKeyRecord = OpenSSHUserRecordDescriptor(
+    "application/openssh/private_key",
+    [
+        ("datetime", "mtime_ts"),
+        *COMMON_ELLEMENTS,
+        ("string", "key_format"),
+        ("string", "public_key"),
+        ("boolean", "encrypted"),
+    ],
+)
+
+PublicKeyRecord = OpenSSHUserRecordDescriptor(
+    "application/openssh/public_key",
+    [
+        ("datetime", "mtime_ts"),
+        *COMMON_ELLEMENTS,
+        ("string", "public_key"),
+    ],
+)
+
+
+class SSHPlugin(NamespacePlugin):
+    __namespace__ = "ssh"

dissect/target/plugins/os/windows/registry.py

@@ -329,7 +329,7 @@ class RegistryPlugin(Plugin):
     @internal
     def get_user_details(self, key: RegistryKey) -> UserDetails:
         """Return user details for the user who owns a registry hive that contains the provided key"""
-        if not key.hive or not key.hive.filepath:
+        if not key.hive or not getattr(key.hive, "filepath", None):
             return
 
         return self._hives_to_users.get(key.hive)

dissect/target/plugins/os/windows/sru.py

@@ -1,3 +1,5 @@
+from typing import Iterator, Optional, Union
+
 from dissect.esedb.exceptions import Error
 from dissect.esedb.tools import sru
 
@@ -223,6 +225,22 @@ SdpNetworkProviderRecord = TargetRecordDescriptor(
     ],
 )
 
+SRURecord = Union[
+    NetworkDataRecord,
+    NetworkConnectivityRecord,
+    EnergyEstimatorRecord,
+    EnergyUsageRecord,
+    EnergyUsageLTRecord,
+    ApplicationRecord,
+    PushNotificationRecord,
+    ApplicationTimelineRecord,
+    VfuRecord,
+    SdpVolumeProviderRecord,
+    SdpPhysicalDiskProviderRecord,
+    SdpCpuProviderRecord,
+    SdpNetworkProviderRecord,
+]
+
 FIELD_MAPPINGS = {
     "ActiveAcTime": "active_ac_time",
     "ActiveDcTime": "active_dc_time",
@@ -322,7 +340,7 @@ FIELD_MAPPINGS = {
 }
 
 
-def transform_app_id(value):
+def transform_app_id(value: Optional[Union[bytes, str]]) -> Optional[str]:
     if value is not None:
         if isinstance(value, bytes):
             value = value.decode()
@@ -364,10 +382,11 @@ class SRUPlugin(Plugin):
         if not self._sru:
             raise UnsupportedPluginError("No SRUDB found")
 
-    def read_records(self, table_name, record_type):
+    def read_records(self, table_name: str, record_type: SRURecord) -> Iterator[SRURecord]:
         table = self._sru.get_table(table_name=table_name)
         if not table:
-            raise ValueError(f"Table not found: {table_name}")
+            self.target.log.warning("Table not found: %s", table_name)
+            return iter(())
 
         columns = [c.name for c in table.columns]
         if columns[:4] != ["AutoIncId", "TimeStamp", "AppId", "UserId"]:
@@ -392,90 +411,84 @@ class SRUPlugin(Plugin):
             )
 
     @export(record=NetworkDataRecord)
-    def network_data(self):
-        """
-        Return the contents of Windows Network Data Usage Monitor table from the SRUDB.dat file.
+    def network_data(self) -> Iterator[NetworkDataRecord]:
+        """Return the contents of Windows Network Data Usage Monitor table from the SRUDB.dat file.
 
         Gives insight into the network usage of the system.
         """
         yield from self.read_records("network_data", NetworkDataRecord)
 
     @export(record=NetworkConnectivityRecord)
-    def network_connectivity(self):
-        """
-        Return the contents of Windows Network Connectivity Usage Monitor table from the SRUDB.dat file.
+    def network_connectivity(self) -> Iterator[NetworkConnectivityRecord]:
+        """Return the contents of Windows Network Connectivity Usage Monitor table from the SRUDB.dat file.
 
         Gives insight into the network connectivity usage of the system.
         """
         yield from self.read_records("network_connectivity", NetworkConnectivityRecord)
 
     @export(record=EnergyEstimatorRecord)
-    def energy_estimator(self):
+    def energy_estimator(self) -> Iterator[EnergyEstimatorRecord]:
         """Return the contents of Energy Estimator table from the SRUDB.dat file."""
         yield from self.read_records("energy_estimator", EnergyEstimatorRecord)
 
     @export(record=EnergyUsageRecord)
-    def energy_usage(self):
-        """
-        Return the contents of Energy Usage Provider table from the SRUDB.dat file.
+    def energy_usage(self) -> Iterator[EnergyUsageRecord]:
+        """Return the contents of Energy Usage Provider table from the SRUDB.dat file.
 
         Gives insight into the energy usage of the system.
         """
         yield from self.read_records("energy_usage", EnergyUsageRecord)
 
     @export(record=EnergyUsageLTRecord)
-    def energy_usage_lt(self):
-        """
-        Return the contents of Energy Usage Provider Long Term table from the SRUDB.dat file.
+    def energy_usage_lt(self) -> Iterator[EnergyUsageLTRecord]:
+        """Return the contents of Energy Usage Provider Long Term table from the SRUDB.dat file.
 
         Gives insight into the energy usage of the system looking over the long term.
         """
         yield from self.read_records("energy_usage_lt", EnergyUsageLTRecord)
 
     @export(record=ApplicationRecord)
-    def application(self):
-        """
-        Return the contents of Application Resource Usage table from the SRUDB.dat file.
+    def application(self) -> Iterator[ApplicationRecord]:
+        """Return the contents of Application Resource Usage table from the SRUDB.dat file.
 
         Gives insights into the resource usage of applications on the system.
         """
         yield from self.read_records("application", ApplicationRecord)
 
     @export(record=PushNotificationRecord)
-    def push_notification(self):
-        """
-        Return the contents of Windows Push Notification Data table from the SRUDB.dat file.
+    def push_notification(self) -> Iterator[PushNotificationRecord]:
+        """Return the contents of Windows Push Notification Data table from the SRUDB.dat file.
 
         Gives insight into the notification usage of the system.
         """
         yield from self.read_records("push_notifications", PushNotificationRecord)
 
     @export(record=ApplicationTimelineRecord)
-    def application_timeline(self):
+    def application_timeline(self) -> Iterator[ApplicationTimelineRecord]:
         """Return the contents of App Timeline Provider table from the SRUDB.dat file."""
         yield from self.read_records("application_timeline", ApplicationTimelineRecord)
 
     @export(record=VfuRecord)
-    def vfu(self):
+    def vfu(self) -> Iterator[VfuRecord]:
         """Return the contents of vfuprov table from the SRUDB.dat file."""
         yield from self.read_records("vfu", VfuRecord)
 
     @export(record=SdpVolumeProviderRecord)
-    def sdp_volume_provider(self):
+    def sdp_volume_provider(self) -> Iterator[SdpVolumeProviderRecord]:
         """Return the contents of SDP Volume Provider table from the SRUDB.dat file."""
         yield from self.read_records("sdp_volume_provider", SdpVolumeProviderRecord)
 
     @export(record=SdpPhysicalDiskProviderRecord)
-    def sdp_physical_disk_provider(self):
+    def sdp_physical_disk_provider(self) -> Iterator[SdpPhysicalDiskProviderRecord]:
         """Return the contents of SDP Physical Disk Provider table from the SRUDB.dat file."""
         yield from self.read_records("sdp_physical_disk_provider", SdpPhysicalDiskProviderRecord)
 
     @export(record=SdpCpuProviderRecord)
-    def sdp_cpu_provider(self):
+    def sdp_cpu_provider(self) -> Iterator[SdpCpuProviderRecord]:
         """Return the contents of SDP CPU Provider table from the SRUDB.dat file."""
         yield from self.read_records("sdp_cpu_provider", SdpCpuProviderRecord)
 
     @export(record=SdpNetworkProviderRecord)
-    def sdp_network_provider(self):
+    def sdp_network_provider(self) -> Iterator[SdpNetworkProviderRecord]:
         """Return the contents of SDP Network Provider table from the SRUDB.dat file."""
         yield from self.read_records("sdp_network_provider", SdpNetworkProviderRecord)

{dissect.target-3.15.dev12.dist-info → dissect.target-3.15.dev14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.15.dev12
+Version: 3.15.dev14
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.15.dev12.dist-info → dissect.target-3.15.dev14.dist-info}/RECORD

@@ -117,8 +117,10 @@ dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=SiEH36HM2NvdPuCjfL
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/ssh/openssh.py,sha256=ebHX6_uoOHZMgHYa_MiaYjvhitrceYNjl_R71JBY5Ow,8154
-dissect/target/plugins/apps/ssh/opensshd.py,sha256=FWhEkaKVMAADoOO7yI2H3uHK4jmQoC4v_eOaj_4jaeY,5453
+dissect/target/plugins/apps/ssh/openssh.py,sha256=jDNP8aq9JHivosexPlxWRUgeJo1MHclb336dzO1zRJc,7086
+dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
+dissect/target/plugins/apps/ssh/putty.py,sha256=N8ssjutUVN50JNA5fEIVISbP5sJ7bGTFidRbX3uNG5Y,9404
+dissect/target/plugins/apps/ssh/ssh.py,sha256=uCaoWlT2bgKLUHA1aL6XymJDWJ8JmLsN8PB1C66eidY,1409
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpn/openvpn.py,sha256=NZeFSFgGAifevGIQBusdbBRFOPxu0584Th8rKE-XSus,6875
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=45WvCqQQGrG3DVDH5ghcsGpM_BomF4RcTLzcIvnyuNs,6554
@@ -237,10 +239,10 @@ dissect/target/plugins/os/windows/locale.py,sha256=yXVdclpUqss9h8Nq7N4kg3OHwWGDf
 dissect/target/plugins/os/windows/notifications.py,sha256=64xHHueHwtJCc8RTAF70oa0RxvqfCu_DBPWRSZBnYZc,17386
 dissect/target/plugins/os/windows/prefetch.py,sha256=5hRxdIP9sIV5Q9TAScMjLbl_mImZ37abvdE_pAd6rh4,10398
 dissect/target/plugins/os/windows/recyclebin.py,sha256=4GSj0Q3YvONufnqANbnG0ffiMQyToCiL5s35Wmu4JOQ,4898
-dissect/target/plugins/os/windows/registry.py,sha256=HqO8Yw2TDKhhkR7fOochzinJN_nQ4qKKx7fJ34qh7tw,12770
+dissect/target/plugins/os/windows/registry.py,sha256=IBRqltJ_4fZpVuwMVCAH_nS8JUaNVjsC1jh9AZSNHL4,12788
 dissect/target/plugins/os/windows/sam.py,sha256=Es_8ROQ6R6-akuTtegCdsJHXzZJNhzgoFuS8y9xNN8E,15267
 dissect/target/plugins/os/windows/services.py,sha256=_6YkuoZD8LUxk72R3n1p1bOBab3A1wszdB1NuPavIGM,6037
-dissect/target/plugins/os/windows/sru.py,sha256=uE0DDguyTvbolfg1323tdYyOKlWgaqyPI2A0tr2pnqU,16836
+dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
 dissect/target/plugins/os/windows/startupinfo.py,sha256=kl8Y7M4nVfmJ71I33VCegtbHj-ZOeEsYAdlNbgwtUOA,3406
 dissect/target/plugins/os/windows/syscache.py,sha256=WBDx6rixaVnCRsJHLLN_9YWoTDbzkKGbTnk3XmHSSUM,3443
 dissect/target/plugins/os/windows/tasks.py,sha256=H0a5Q1DhobaBFtOwqAyJils16hxRRlhtecXSce88fFc,5638
@@ -306,10 +308,10 @@ dissect/target/volumes/luks.py,sha256=v_mHW05KM5iG8JDe47i2V4Q9O0r4rnAMA9m_qc9cYw
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.15.dev12.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.15.dev12.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.15.dev12.dist-info/METADATA,sha256=q-IXC2inXsRes55lwU9OCW_vYYLebTzzpsyuCw26q-Q,11107
-dissect.target-3.15.dev12.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dissect.target-3.15.dev12.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.15.dev12.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.15.dev12.dist-info/RECORD,,
+dissect.target-3.15.dev14.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.15.dev14.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.15.dev14.dist-info/METADATA,sha256=a7gsrN05qksoHcTNVGfHVUklhofWCTLyKBiNfwWLru0,11107
+dissect.target-3.15.dev14.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+dissect.target-3.15.dev14.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.15.dev14.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.15.dev14.dist-info/RECORD,,