PyPI - dissect.target - Versions diffs - 3.18.dev1__py3-none-any.whl → 3.18.dev3__py3-none-any.whl - Mend

dissect.target 3.18.dev1py3-none-any.whl → 3.18.dev3py3-none-any.whl

Files changed (45) hide show

dissect/target/plugins/apps/av/mcafee.py CHANGED Viewed

@@ -71,6 +71,9 @@ class McAfeePlugin(Plugin):
         """Return msc log history records from McAfee.
         Yields McAfeeMscLogRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): timestamp.

dissect/target/plugins/apps/av/sophos.py CHANGED Viewed

@@ -56,6 +56,9 @@ class SophosPlugin(Plugin):
         """Return alert log records from Sophos Hitman Pro/Alert.
         Yields HitmanAlertRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Timestamp.
             alert (string): Type of Alert.
             description (string): Short description of the alert.
@@ -85,6 +88,9 @@ class SophosPlugin(Plugin):
         """Return log history records from Sophos Home.
         Yields SophosLogRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Timestamp.
             description (string): Short description of the alert.
             path (path): Path to the infected file (if available).

dissect/target/plugins/apps/av/symantec.py CHANGED Viewed

@@ -293,6 +293,9 @@ class SymantecPlugin(Plugin):
         """Return log records.
         Yields SEPLogRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Timestamp associated with the event.
             virus (string): Name of the virus.
             user (string): Name of the user associated with the event.
@@ -326,6 +329,9 @@ class SymantecPlugin(Plugin):
         """Return log firewall records.
         Yields SEPFirewallRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Timestamp associated with the event.
             protocol (string): Protocol name associated with the firewall record.
             local_ip ("net.ipaddress"): Local IP address associated with the event.

dissect/target/plugins/apps/av/trendmicro.py CHANGED Viewed

@@ -71,6 +71,9 @@ class TrendMicroPlugin(Plugin):
         """Return Trend Micro Worry-free log history records.
         Yields TrendMicroWFLogRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): timestamp.
@@ -94,6 +97,9 @@ class TrendMicroPlugin(Plugin):
         """Return Trend Micro Worry-free firewall log history records.
         Yields TrendMicroWFFirewallRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): timestamp.

dissect/target/plugins/apps/browser/chromium.py CHANGED Viewed

@@ -148,6 +148,9 @@ class ChromiumMixin:
             browser_name: The name of the browser as a string.
         Yields:
+        .. code-block:: text
             Records with the following fields:
                 ts (datetime): Visit timestamp.
                 browser (string): The browser from which the records are generated from.
@@ -209,6 +212,9 @@ class ChromiumMixin:
             browser_name: The name of the browser as a string.
         Yields:
+        .. code-block:: text
             Records with the following fields:
                 ts_created (datetime): Cookie created timestamp.
                 ts_last_accessed (datetime): Cookie last accessed timestamp.
@@ -284,6 +290,9 @@ class ChromiumMixin:
             browser_name: The name of the browser as a string.
         Yields:
+        .. code-block:: text
             Records with the following fields:
                 ts_start (datetime): Download start timestamp.
                 ts_end (datetime): Download end timestamp.
@@ -344,6 +353,9 @@ class ChromiumMixin:
             browser_name (str): Name of the browser to scan for extensions.
         Yields:
+        .. code-block:: text
             Records with the following fields:
                 ts_install (datetime): Extension install timestamp.
                 ts_update (datetime): Extension update timestamp.

dissect/target/plugins/apps/browser/firefox.py CHANGED Viewed

@@ -132,6 +132,9 @@ class FirefoxPlugin(BrowserPlugin):
         """Return browser history records from Firefox.
         Yields BrowserHistoryRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Visit timestamp.
             browser (string): The browser from which the records are generated from.
             id (string): Record ID.
@@ -193,6 +196,9 @@ class FirefoxPlugin(BrowserPlugin):
             browser_name: The name of the browser as a string.
         Yields:
+        .. code-block:: text
             Records with the following fields:
                 ts_created (datetime): Cookie created timestamp.
                 ts_last_accessed (datetime): Cookie last accessed timestamp.
@@ -232,6 +238,9 @@ class FirefoxPlugin(BrowserPlugin):
         """Return browser download records from Firefox.
         Yields BrowserDownloadRecord with the following fields:
+        .. code-block:: text
             ts_start (datetime): Download start timestamp.
             ts_end (datetime): Download end timestamp.
             browser (string): The browser from which the records are generated from.
@@ -315,7 +324,10 @@ class FirefoxPlugin(BrowserPlugin):
     def extensions(self) -> Iterator[BrowserExtensionRecord]:
         """Return browser extension records for Firefox.
-        Yields BrowserExtensionRecord with the following fields::
+        Yields BrowserExtensionRecord with the following fields:
+        .. code-block:: text
             ts_install (datetime): Extension install timestamp.
             ts_update (datetime): Extension update timestamp.
             browser (string): The browser from which the records are generated.

dissect/target/plugins/apps/browser/iexplore.py CHANGED Viewed

@@ -131,6 +131,9 @@ class InternetExplorerPlugin(BrowserPlugin):
         """Return browser history records from Internet Explorer.
         Yields BrowserHistoryRecord with the following fields:
+        .. code-block:: text
             ts (datetime): Visit timestamp.
             browser (string): The browser from which the records are generated from.
             id (string): Record ID.
@@ -183,6 +186,9 @@ class InternetExplorerPlugin(BrowserPlugin):
         """Return browser downloads records from Internet Explorer.
         Yields BrowserDownloadRecord with the following fields:
+        .. code-block:: text
             ts_start (datetime): Download start timestamp.
             ts_end (datetime): Download end timestamp.
             browser (string): The browser from which the records are generated from.

dissect/target/plugins/os/unix/linux/cmdline.py CHANGED Viewed

@@ -29,6 +29,9 @@ class CmdlinePlugin(Plugin):
         Think of this output as the command line that the process wants you to see.
         Yields CmdlineRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The starttime of the process.

dissect/target/plugins/os/unix/linux/environ.py CHANGED Viewed

@@ -27,6 +27,9 @@ class EnvironPlugin(Plugin):
         the environ(7) variable directly), this plugin will not reflect those changes.
         Yields EnvironmentVariableRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The modification timestamp of the processes' environ file.

dissect/target/plugins/os/unix/linux/processes.py CHANGED Viewed

@@ -29,6 +29,9 @@ class ProcProcesses(Plugin):
         Each ``/proc/[pid]`` subdirectory contains various pseudo-files.
         Yields ProcProcessRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The start time of the process.

dissect/target/plugins/os/unix/linux/sockets.py CHANGED Viewed

@@ -78,6 +78,9 @@ class NetSocketPlugin(Plugin):
         """This plugin yields the packet sockets and available stats associated with them.
         Yields PacketSocketRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             protocol (int): The captured protocol i.e. 0003 is ETH_P_ALL
@@ -101,6 +104,9 @@ class NetSocketPlugin(Plugin):
         """This plugin yields the unix sockets and available stats associated with them.
         Yields UnixSocketRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             protocol (string): The protocol used by the socket.
@@ -117,6 +123,9 @@ class NetSocketPlugin(Plugin):
         """This plugin yields the raw and raw6 sockets and available stats associated with them.
         Yields NetSocketRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             protocol (string): The protocol used by the socket.
@@ -140,6 +149,9 @@ class NetSocketPlugin(Plugin):
         """This plugin yields the udp and udp6 sockets and available stats associated with them.
         Yields NetSocketRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             protocol (string): The protocol used by the socket.
@@ -163,6 +175,9 @@ class NetSocketPlugin(Plugin):
         """This plugin yields the tcp and tcp6 sockets and available stats associated with them.
         Yields NetSocketRecord with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             protocol (string): The protocol used by the socket.

dissect/target/plugins/os/unix/locate/plocate.py CHANGED Viewed

@@ -1,8 +1,7 @@
 from __future__ import annotations
 import platform
-from io import BytesIO
-from typing import BinaryIO, Iterable
+from typing import BinaryIO, Iterator
 from dissect.cstruct import cstruct
 from dissect.util.stream import RangeStream
@@ -13,7 +12,11 @@ from dissect.target.plugin import export
 from dissect.target.plugins.os.unix.locate.locate import BaseLocatePlugin
 try:
-    import zstandard  # noqa
+    from zstandard import (
+        DECOMPRESSION_RECOMMENDED_OUTPUT_SIZE,
+        ZstdCompressionDict,
+        ZstdDecompressor,
+    )
     HAS_ZSTD = True
 except ImportError:
@@ -32,7 +35,7 @@ struct header {
     uint64_t filename_index_offset_bytes;
     /* Version 1 and up only. */
-    uint32_t max_version;
+    uint32_t max_version;   // Nominally 1 or 2, but can be increased if more features are added in a backward-compatible way.
     uint32_t zstd_dictionary_length_bytes;
     uint64_t zstd_dictionary_offset_bytes;
@@ -44,6 +47,7 @@ struct header {
     uint64_t conf_block_length_bytes;
     uint64_t conf_block_offset_bytes;
+    // Only if max_version >= 2.
     uint8_t check_visibility;
     char padding[7];                         /* padding for alignment */
 };
@@ -51,7 +55,7 @@ struct header {
 struct file {
     char path[];
 };
-"""
+"""  # noqa : E501
 PLocateRecord = TargetRecordDescriptor(
     "linux/locate/plocate",
@@ -104,40 +108,46 @@ class PLocateFile:
         self.dict_data = None
         if self.header.zstd_dictionary_offset_bytes:
-            self.dict_data = zstandard.ZstdCompressionDict(self.fh.read(self.header.zstd_dictionary_length_bytes))
+            self.dict_data = ZstdCompressionDict(self.fh.read(self.header.zstd_dictionary_length_bytes))
         self.compressed_length_bytes = (
             self.header.filename_index_offset_bytes - self.HEADER_SIZE - self.header.zstd_dictionary_length_bytes
         )
-        self.ctx = zstandard.ZstdDecompressor(dict_data=self.dict_data)
+        self.ctx = ZstdDecompressor(dict_data=self.dict_data)
         self.buf = RangeStream(self.fh, self.fh.tell(), self.compressed_length_bytes)
-    def __iter__(self) -> Iterable[PLocateFile]:
+    def __iter__(self) -> Iterator[PLocateFile]:
         # NOTE: This is a workaround for a PyPy bug
         # We don't know what breaks, but PyPy + zstandard = unhappy times
         # You just get random garbage data back instead of the decompressed data
         # This weird dance of using a decompressobj and unused data is the only way that seems to work
         # It's more expensive on memory, but at least it doesn't break
         if platform.python_implementation() == "PyPy":
-            obj = self.ctx.decompressobj()
             buf = self.buf.read()
-            tmp = obj.decompress(buf)
-            while unused_data := obj.unused_data:
-                obj = self.ctx.decompressobj()
-                tmp += obj.decompress(unused_data)
+            def reader(ctx: ZstdDecompressor) -> Iterator[bytes]:
+                obj = ctx.decompressobj()
-            reader = BytesIO(tmp)
+                yield obj.decompress(buf)
+                while unused_data := obj.unused_data:
+                    obj = self.ctx.decompressobj()
+                    yield obj.decompress(unused_data)
+            it = reader(self.ctx)
         else:
-            reader = self.ctx.stream_reader(self.buf)
-        with reader:
-            try:
-                while True:
-                    file = c_plocate.file(reader)
-                    yield file.path.decode(errors="surrogateescape")
-            except EOFError:
-                return
+            # NOTE: The end of a zstandard frame does not include a final `0x00`.
+            # This causes the c_plocate `file` struct to parse the last path and the first path on the next frame as one
+            # since cstruct will read it across frame boundaries waiting for a `0x00`.
+            def reader() -> Iterator[bytes]:
+                with self.ctx.stream_reader(self.buf) as reader:
+                    while chunk := reader.read(DECOMPRESSION_RECOMMENDED_OUTPUT_SIZE):
+                        yield chunk
+            it = reader()
+        for chunk in it:
+            for path in chunk.split(b"\x00"):
+                yield path.decode(errors="surrogateescape")
     def filename_index(self) -> bytes:
         """Return the filename index of the plocate.db file."""

dissect/target/plugins/os/unix/log/atop.py CHANGED Viewed

@@ -270,6 +270,9 @@ class AtopPlugin(Plugin):
             - https://diablohorn.com/2022/11/17/parsing-atop-files-with-python-dissect-cstruct/
         Yields AtopRecord with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             process (string): The process name.
             cmdline (string): The command-line of the process.

dissect/target/plugins/os/windows/activitiescache.py CHANGED Viewed

@@ -77,6 +77,9 @@ class ActivitiesCachePlugin(Plugin):
             - https://salt4n6.com/2018/05/03/windows-10-timeline-forensic-artefacts/
         Yields ActivitiesCacheRecords with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             start_time (datetime): StartTime field.

dissect/target/plugins/os/windows/catroot.py CHANGED Viewed

@@ -105,6 +105,9 @@ class CatrootPlugin(Plugin):
             - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/catalog-files
         Yields CatrootRecords with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             digest (digest): The parsed digest.
@@ -210,6 +213,9 @@ class CatrootPlugin(Plugin):
             - https://docs.microsoft.com/en-us/windows-hardware/drivers/install/catalog-files
         Yields CatrootRecords with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             digest (digest): The parsed digest.

dissect/target/plugins/os/windows/lnk.py CHANGED Viewed

@@ -51,6 +51,9 @@ class LnkPlugin(Plugin):
         """Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format.
         Yields a LnkRecord record with the following fields:
+        .. code-block:: text
             lnk_path (path): Path of the link (.lnk) file.
             lnk_name (string): Name of the link (.lnk) file.
             lnk_mtime (datetime): Modification time of the link (.lnk) file.

dissect/target/plugins/os/windows/log/etl.py CHANGED Viewed

@@ -122,6 +122,9 @@ class EtlPlugin(Plugin):
         Yields dynamically created records based on the fields inside an ETL event.
         At least contains the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The TimeCreated_SystemTime field of the event.
@@ -140,6 +143,9 @@ class EtlPlugin(Plugin):
         Yields dynamically created records based on the fields inside an ETL event.
         At least contains the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The TimeCreated_SystemTime field of the event.
@@ -157,6 +163,9 @@ class EtlPlugin(Plugin):
         Yields dynamically created records based on the fields inside an ETL event.
         At least contains the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The TimeCreated_SystemTime field of the event.

dissect/target/plugins/os/windows/log/evt.py CHANGED Viewed

@@ -125,6 +125,9 @@ class EvtPlugin(WindowsEventlogsMixin, plugin.Plugin):
         Yields dynamically created records based on the fields in the event.
         At least contains the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The TimeCreated_SystemTime field of the event.

dissect/target/plugins/os/windows/log/evtx.py CHANGED Viewed

@@ -47,6 +47,9 @@ class EvtxPlugin(WindowsEventlogsMixin, plugin.Plugin):
         Yields dynamically created records based on the fields in the event.
         At least contains the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The TimeCreated_SystemTime field of the event.

dissect/target/plugins/os/windows/log/pfro.py CHANGED Viewed

@@ -41,6 +41,9 @@ class PfroPlugin(Plugin):
             - https://community.ccleaner.com/topic/49106-pending-file-rename-operations-log/
         Yields PfroRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The parsed timestamp.

dissect/target/plugins/os/windows/log/schedlgu.py CHANGED Viewed

@@ -129,9 +129,12 @@ class SchedLgUPlugin(Plugin):
         Adversaries may use malicious ``.job`` files to gain persistence on a system.
-        Yield:
+        Yields SchedLgURecord with fields:
+        .. code-block:: text
             ts (datetime): The timestamp of the event.
-            job (str): The name of the ``.job`` file.
+            job (str): The name of the .job file.
             command (str): The command executed.
             status (str): The status of the event (finished, completed, exited, stopped).
             exit_code (int): The exit code of the event.

dissect/target/plugins/os/windows/prefetch.py CHANGED Viewed

@@ -258,6 +258,9 @@ class PrefetchPlugin(Plugin):
             - https://www.geeksforgeeks.org/prefetch-files-in-windows/
         Yields PrefetchRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): Run timestamp.
@@ -269,6 +272,9 @@ class PrefetchPlugin(Plugin):
         with --grouped:
         Yields PrefetchRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): Run timestamp.

dissect/target/plugins/os/windows/recyclebin.py CHANGED Viewed

@@ -66,6 +66,9 @@ class RecyclebinPlugin(Plugin):
         Return files located in the recycle bin ($Recycle.Bin).
         Yields RecycleBinRecords with fields:
+        .. code-block:: text
           hostname (string): The target hostname
           domain (string): The target domain
           ts (datetime): The time of deletion

dissect/target/plugins/os/windows/regf/appxdebugkeys.py CHANGED Viewed

@@ -86,6 +86,9 @@ class AppxDebugKeysPlugin(Plugin):
             - https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/
         Yields AppXDebugKeyRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The registry key last modified timestamp.

dissect/target/plugins/os/windows/regf/bam.py CHANGED Viewed

@@ -41,6 +41,9 @@ class BamDamPlugin(Plugin):
         """Parse bam and dam registry keys.
         Yields BamDamRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The parsed timestamp.

dissect/target/plugins/os/windows/regf/clsid.py CHANGED Viewed

@@ -55,6 +55,9 @@ class CLSIDPlugin(Plugin):
         HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID.
         Yields CLSIDRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): Last modified timestamp of the registry key.

dissect/target/plugins/os/windows/regf/firewall.py CHANGED Viewed

@@ -26,6 +26,9 @@ class FirewallPlugin(Plugin):
         HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules registry key.
         Yields dynamic records with usually the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             key (string): The rule key name.

dissect/target/plugins/os/windows/regf/muicache.py CHANGED Viewed

@@ -48,6 +48,9 @@ class MuiCachePlugin(Plugin):
             - https://forensafe.com/blogs/muicache.html
         Yields MuiCacheRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             index (varint): The index of the entry.

dissect/target/plugins/os/windows/regf/recentfilecache.py CHANGED Viewed

@@ -45,6 +45,9 @@ class RecentFileCachePlugin(Plugin):
         """Parse RecentFileCache.bcf.
         Yields RecentFileCacheRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             path (uri): The parsed path.

dissect/target/plugins/os/windows/regf/regf.py CHANGED Viewed

@@ -49,6 +49,9 @@ class RegfPlugin(Plugin):
         Yields RegistryKeyRecords and RegistryValueRecords
         RegistryKeyRecord fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The registry key last modified time.
@@ -57,6 +60,9 @@ class RegfPlugin(Plugin):
             source (string): The hive file path.
         RegistryValueRecord fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The registry key last modified time.

dissect/target/plugins/os/windows/regf/runkeys.py CHANGED Viewed

@@ -61,6 +61,9 @@ class RunKeysPlugin(Plugin):
             - https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
         Yields RunKeyRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The registry key last modified timestamp.

dissect/target/plugins/os/windows/regf/shimcache.py CHANGED Viewed

@@ -318,6 +318,9 @@ class ShimcachePlugin(Plugin):
             - https://www.andreafortuna.org/2017/10/16/amcache-and-shimcache-in-forensic-analysis/
         Yields ShimcacheRecords with the following fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             last_modified (datetime): The last modified date.

dissect/target/plugins/os/windows/regf/trusteddocs.py CHANGED Viewed

@@ -61,6 +61,9 @@ class TrustedDocumentsPlugin(Plugin):
         Yields records based on the values within the TrustRecords registry keys.
         At least contains the following fields:
+        .. code-block:: text
             application (string): Application name of the Office product that produced the TrustRecords registry key.
             document_path (path): Path to the document for which a TrustRecords entry is created.
             ts (datetime): The created time of the TrustRecord registry key.

dissect/target/plugins/os/windows/regf/usb.py CHANGED Viewed

@@ -93,6 +93,9 @@ class UsbPlugin(Plugin):
         HKLM\\SYSTEM\\CurrentControlSet\\Enum\\USBSTOR registry key.
         Yields UsbRegistryRecord with fields:
+        .. code-block:: text
             hostname (string): The target hostname
             domain (string): The target domain
             type (string): Type of USB device

dissect/target/plugins/os/windows/regf/userassist.py CHANGED Viewed

@@ -72,6 +72,9 @@ class UserAssistPlugin(Plugin):
             - https://www.aldeid.com/wiki/Windows-userassist-keys
         Yields UserAssistRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datetime): The entry timestamp.

dissect/target/plugins/os/windows/sam.py CHANGED Viewed

@@ -356,6 +356,9 @@ class SamPlugin(Plugin):
             - https://en.wikipedia.org/wiki/Security_Account_Manager
         Yields SamRecords with fields:
+        .. code-block:: text
             rid (uint32): The RID.
             fullname (string): Parsed fullname.
             username (string): Parsed username.

dissect/target/plugins/os/windows/services.py CHANGED Viewed

@@ -72,6 +72,9 @@ class ServicesPlugin(Plugin):
             - https://artifacts-kb.readthedocs.io/en/latest/sources/windows/ServicesAndDrivers.html
         Yields ServiceRecords with fields:
+        .. code-block:: text
             hostname (string): The target hostname.
             domain (string): The target domain.
             ts (datatime): The last modified timestamp of the registry key.

dissect/target/plugins/os/windows/wer.py CHANGED Viewed

@@ -155,6 +155,9 @@ class WindowsErrorReportingPlugin(Plugin):
         Yields dynamically created records based on the fields in the files. A record at least contains the following
         fields:
+        .. code-block:: text
             ts (datetime): The moment in time when the error event took place.
             version (string): WER file version.
             event_type (string): WER file event type.

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.18.dev1
+Version: 3.18.dev3
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/RECORD RENAMED Viewed

@@ -114,18 +114,18 @@ dissect/target/loaders/xva.py,sha256=WmqdM9qGrZcChx0PiiTLyMTSatJIy_ItGO9cPMALQSE
 dissect/target/plugins/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/av/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/av/mcafee.py,sha256=4lro9iwcL2Vl9Lyy69Sk1D9JWSRTXv5yjpV6NJbbZXE,5409
-dissect/target/plugins/apps/av/sophos.py,sha256=gSfTvjBZMuT0hsL-p4oYxuYmakbqApoOYvL0lKYkSV4,4102
-dissect/target/plugins/apps/av/symantec.py,sha256=RFLyNW6FyuoGcirJ4xHbQM8oGjua9W4zXmC7YDF-H20,14109
-dissect/target/plugins/apps/av/trendmicro.py,sha256=jloy_N4hHAqF1sVIEeD5Q7LRYal3_os14Umk-hGaAR4,4613
+dissect/target/plugins/apps/av/mcafee.py,sha256=YWrsB5kQFtXfhqi6mdMPMVk2qh_KCiOBiaTnbj8mVrM,5440
+dissect/target/plugins/apps/av/sophos.py,sha256=TuO-ggdD5De0UTouzNF7-1iLULIOvr6FDktocnM0aF0,4164
+dissect/target/plugins/apps/av/symantec.py,sha256=I1_zZ2ihKptB2JJ7sYZ7df0AgtK3KhWPsbDkc2m_hPA,14171
+dissect/target/plugins/apps/av/trendmicro.py,sha256=ZhxL4IkzyHfR2xaNIzk-M-v-ITMuLG_yqq_0djqGMjU,4675
 dissect/target/plugins/apps/browser/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/browser/brave.py,sha256=EW1ubL10swHeV9CscfpE-SrNZozul_Ewj48LNRaG5Kg,2865
 dissect/target/plugins/apps/browser/browser.py,sha256=rBIwcgdl73gm-8APwx2jEUAYXRniXkqcdMr2UYj_tS8,4118
 dissect/target/plugins/apps/browser/chrome.py,sha256=hxS8gqpBwoCrPaxNpllIa6K9DtsSGzn6XXcUaHyes6w,3048
-dissect/target/plugins/apps/browser/chromium.py,sha256=1oaQhMN5mJysw0VIVpTEmRCAifgv-mUQxZwrGmGHqAQ,27875
+dissect/target/plugins/apps/browser/chromium.py,sha256=N9hS-a45iEv_GyKhLZQR_FSkEjWlMA0f22eURBuxF5Y,27999
 dissect/target/plugins/apps/browser/edge.py,sha256=woXzZtHPWmfcV8vbxGKHELKru5JRb32MAXs43_b4K4E,2883
-dissect/target/plugins/apps/browser/firefox.py,sha256=Msicw-13AJWbXRRF6m_p4L84rXAjsIYGFRve29cPY2M,30806
-dissect/target/plugins/apps/browser/iexplore.py,sha256=MqMonoaM5lj0ZFqGwS4F-P1eLmnLvX7VQGE9S3hxXag,8739
+dissect/target/plugins/apps/browser/firefox.py,sha256=ROrzhI2SV81E63hi5PRtyJveRrBacWNJ9FWZS_ondlk,30929
+dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=67Eih9AfUbqsP-HlnlwoHi4rSAnVCZWM76sEyO_1m18,15316
 dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -211,15 +211,15 @@ dissect/target/plugins/os/unix/esxi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQ
 dissect/target/plugins/os/unix/esxi/_os.py,sha256=8kFFK9986zN8hXmDUWwdQHtbV33nWKerRuisg_xbsoQ,17504
 dissect/target/plugins/os/unix/linux/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/_os.py,sha256=YJYwuq_iAinOrPqTE49Q4DLYMWBeRCly1uTbDvPhp6Q,2796
-dissect/target/plugins/os/unix/linux/cmdline.py,sha256=XIvaTL42DzeQGhqHN_RTMI5g8hbI2_wjzb7KZ0kPOM0,1591
-dissect/target/plugins/os/unix/linux/environ.py,sha256=FDf3_bNbaL5Qltnp0Ch-t8tp_6Lv3v9HY54qE4RWO7M,1850
+dissect/target/plugins/os/unix/linux/cmdline.py,sha256=AyMfndt3UsmJtoOyZYC8nWq2GZg9oPvn8SiI3M4NxnE,1622
+dissect/target/plugins/os/unix/linux/environ.py,sha256=UOQD7Xmu754u2oAh3L5g5snuz-gv4jbWbVy46qszYjo,1881
 dissect/target/plugins/os/unix/linux/iptables.py,sha256=qTzY5PHHXA33WnPYb5NESgoSwI7ECZ8YPoEe_Fmln-8,6045
 dissect/target/plugins/os/unix/linux/modules.py,sha256=H1S5CkpXttCVwzE2Ylz3jkvrCptN2f-fXcQ_hCB0FG0,2443
 dissect/target/plugins/os/unix/linux/netstat.py,sha256=MAC4ZdeNqcKpxT2ZMh1-7rjt4Pt_WQIRy7RChr7nlPk,1649
 dissect/target/plugins/os/unix/linux/proc.py,sha256=jm35fAasnNbObN2tpflwQuCfVYLDkTP2EDrzYG42ZSk,23354
-dissect/target/plugins/os/unix/linux/processes.py,sha256=sTQqZYPW-_gs7Z3f0wwsV6clUX4NK44GGyMiZToBIrg,1936
+dissect/target/plugins/os/unix/linux/processes.py,sha256=rvDJWAp16WAJZ91A8_GJJIj5y0U7BNnU8CW_47AueKY,1967
 dissect/target/plugins/os/unix/linux/services.py,sha256=-d2y073mOXUM3XCzRgDVCRFR9eTLoVuN8FsZVewHzRg,4075
-dissect/target/plugins/os/unix/linux/sockets.py,sha256=11de73KiF2D2s1eyPBA4EWDpNsEzOunbj3YqSlMYZ2Y,9765
+dissect/target/plugins/os/unix/linux/sockets.py,sha256=CXstlQt0tLcVSpvi0xOXJu580O6BGUBW3lJQt20aMUw,9920
 dissect/target/plugins/os/unix/linux/android/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/android/_os.py,sha256=trmESlpHdwVu7wV18RevEhh_TsVyfKPFCd5Usb5-fSU,2056
 dissect/target/plugins/os/unix/linux/debian/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -243,9 +243,9 @@ dissect/target/plugins/os/unix/locate/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCe
 dissect/target/plugins/os/unix/locate/gnulocate.py,sha256=P-YbMFw901p2EBgTaZH6axShfIRRDrCx3APBy6Ii3lE,2934
 dissect/target/plugins/os/unix/locate/locate.py,sha256=uXFcWAqoz_3eNWHhsGoEtkkhmT5J3F1GYvr4uQxi308,122
 dissect/target/plugins/os/unix/locate/mlocate.py,sha256=DhrFgxDQF-fMZaA0WK8Z-5o9i9iDsuTHW7MHJtWwz6o,4485
-dissect/target/plugins/os/unix/locate/plocate.py,sha256=Skb24ba_MVzM4nuDaZHw-ZmomIEZ3TJ7g5kHCvQViko,6545
+dissect/target/plugins/os/unix/locate/plocate.py,sha256=ShU-F9_31rGfMYXqaR_KrHXVxgDDRZMJ_zEMuekw57w,7229
 dissect/target/plugins/os/unix/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/log/atop.py,sha256=UmaqdnSmE8AO8bEj4drGSc1HH2n4Pdlxpwfa7RgraIY,16314
+dissect/target/plugins/os/unix/log/atop.py,sha256=DdiTf-gVJJvvPbR36khU4388lxQzABaWI-95jLCGgSw,16345
 dissect/target/plugins/os/unix/log/audit.py,sha256=OjorWTmCFvCI5RJq6m6WNW0Lhb-poB2VAggKOGZUHK4,3722
 dissect/target/plugins/os/unix/log/auth.py,sha256=l7gCuRdvv9gL0U1N0yrR9hVsMnr4t_k4t-n-f6PrOxg,2388
 dissect/target/plugins/os/unix/log/journal.py,sha256=eiNNVLmKWFj4dTQX8PNRNgKpVwzQWEHEsKyYfGUAPXQ,17376
@@ -254,10 +254,10 @@ dissect/target/plugins/os/unix/log/messages.py,sha256=CXA-SkMPLaCgnTQg9nzII-7tO8
 dissect/target/plugins/os/unix/log/utmp.py,sha256=21tvzG977LqzRShV6uAoU-83WDcLUrI_Tv__2ZVi9rw,7756
 dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/_os.py,sha256=g5XGtruvyWx4YAhMpGZnAaIFWQqLNQpee_Ot7ROmD8w,12606
-dissect/target/plugins/os/windows/activitiescache.py,sha256=yY41YdCZk9e97Q8_rjZHknMUeOVDxgBG9VtXQHANUsQ,6710
+dissect/target/plugins/os/windows/activitiescache.py,sha256=Q2aILnhJ2rp2AwEbWwyBuSLjMbGqaYJTsavSbfkcFKE,6741
 dissect/target/plugins/os/windows/adpolicy.py,sha256=rvsvywChfms7d2kMwXRVHZaf8zJ46WmMwYplGAYEax8,6984
 dissect/target/plugins/os/windows/amcache.py,sha256=ZZNOs3bILTf0AGkDkhoatndl0j39DXkstN7oOyxJECU,27188
-dissect/target/plugins/os/windows/catroot.py,sha256=eSfVqXvWWZpXoxKB1FT_evjXXNmlD7wHhA3lYpfQDeQ,11043
+dissect/target/plugins/os/windows/catroot.py,sha256=wHW_p4M0aFonZJ2xZFIbgLbJopdCIXO9jVrGPHLsMLc,11105
 dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
 dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
 dissect/target/plugins/os/windows/credhist.py,sha256=FX_pW-tU9esdvDTSx913kf_CpGE_1jbD6bkjDb-cxHk,7069
@@ -265,21 +265,21 @@ dissect/target/plugins/os/windows/datetime.py,sha256=tuBOkewmbCW8sFXcYp5p82oM5RC
 dissect/target/plugins/os/windows/defender.py,sha256=Vp_IP6YKm4igR765WvXJrHQ3RMu7FJKM3VOoR8AybV8,23737
 dissect/target/plugins/os/windows/env.py,sha256=-u9F9xWy6PUbQmu5Tv_MDoVmy6YB-7CbHokIK_T3S44,13891
 dissect/target/plugins/os/windows/generic.py,sha256=BSvDPfB9faU0uquMj0guw5tnR_97Nn0XAEE4k05BFSQ,22273
-dissect/target/plugins/os/windows/lnk.py,sha256=6_ciURYTa-LpgpHJsixoFUqkfSATHkEbk0xKiIZDGPU,8148
+dissect/target/plugins/os/windows/lnk.py,sha256=On1k0PODYggQM1j514qFepBACCV2Z2u61Q4Ba6e3Y2c,8179
 dissect/target/plugins/os/windows/locale.py,sha256=yXVdclpUqss9h8Nq7N4kg3OHwWGDfjdfiLiUZR3wqv8,2324
 dissect/target/plugins/os/windows/notifications.py,sha256=64xHHueHwtJCc8RTAF70oa0RxvqfCu_DBPWRSZBnYZc,17386
-dissect/target/plugins/os/windows/prefetch.py,sha256=5hRxdIP9sIV5Q9TAScMjLbl_mImZ37abvdE_pAd6rh4,10398
-dissect/target/plugins/os/windows/recyclebin.py,sha256=4GSj0Q3YvONufnqANbnG0ffiMQyToCiL5s35Wmu4JOQ,4898
+dissect/target/plugins/os/windows/prefetch.py,sha256=bDoJOWRp6vIHe1lf9HXNuNg5iyh5YqVw9s0P562VfKo,10460
+dissect/target/plugins/os/windows/recyclebin.py,sha256=7UFjZg1NHWJyfjthhMBpQd3kGG8ZXe7H4Cu9U3QzjOs,4929
 dissect/target/plugins/os/windows/registry.py,sha256=EfqUkgbzaqTuq1kIPYNG1TfvJxhJE5X-TEjV3K_xsPU,12814
-dissect/target/plugins/os/windows/sam.py,sha256=ESQjaCIC17mKSU2y4GlLzkzJbsMJECPYlnVES36InQA,15447
-dissect/target/plugins/os/windows/services.py,sha256=_6YkuoZD8LUxk72R3n1p1bOBab3A1wszdB1NuPavIGM,6037
+dissect/target/plugins/os/windows/sam.py,sha256=NTL6dez30i_E3R0mNmnYXMYc62DHqICWvpXy9g_2RY0,15478
+dissect/target/plugins/os/windows/services.py,sha256=MoVPJ1GKpPaJrGd2DYtuHEmKqC2uOKRc5SZKB12goSs,6068
 dissect/target/plugins/os/windows/sru.py,sha256=sOM7CyMkW8XIXzI75GL69WoqUrSK2X99TFIfdQR2D64,17767
 dissect/target/plugins/os/windows/startupinfo.py,sha256=kl8Y7M4nVfmJ71I33VCegtbHj-ZOeEsYAdlNbgwtUOA,3406
 dissect/target/plugins/os/windows/syscache.py,sha256=WBDx6rixaVnCRsJHLLN_9YWoTDbzkKGbTnk3XmHSSUM,3443
 dissect/target/plugins/os/windows/tasks.py,sha256=8DRsIAuIJPaH_G18l8RYfnK_WkEqVx2xDJ1FnIc_i0g,5716
 dissect/target/plugins/os/windows/thumbcache.py,sha256=23YjOjTNoE7BYITmg8s9Zs8Wih2e73BkJJEaKlfotcI,4133
 dissect/target/plugins/os/windows/ual.py,sha256=TYF-R46klEa_HHb86UJd6mPrXwHlAMOUTzC0pZ8uiq0,9787
-dissect/target/plugins/os/windows/wer.py,sha256=1kwkBvgmEU1QRCLWVmUFNIWAqXEEGtAj2c8uj0iusOE,8625
+dissect/target/plugins/os/windows/wer.py,sha256=ogecvKYxAvDXLptQj4cn0JLn1FxaXjeSuJWs4JgkoZs,8656
 dissect/target/plugins/os/windows/dpapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/dpapi/blob.py,sha256=oFhksgx2BAaeAbpPwOM-o0Dw5MKaMLGMF6ETdxIS708,5051
 dissect/target/plugins/os/windows/dpapi/crypto.py,sha256=_F1F2j1chQw-KLqfWvgL2mCkF3HSvdVnM78OZ0ph9hc,9337
@@ -289,30 +289,30 @@ dissect/target/plugins/os/windows/exchange/__init__.py,sha256=47DEQpj8HBSa-_TImW
 dissect/target/plugins/os/windows/exchange/exchange.py,sha256=ofoapuDQXefIX4sTzwNboyk5RztN2JEyw1OWl5cx-wo,1564
 dissect/target/plugins/os/windows/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/log/amcache.py,sha256=TabtjNx9Ve-u-Fn0K95A0v_SLGzn2YeNPHrcQvjVKJc,5877
-dissect/target/plugins/os/windows/log/etl.py,sha256=Rau1zqPJ5LL91j59nC4Jg81KF2t1uuMx-oQp9JK0a00,7049
-dissect/target/plugins/os/windows/log/evt.py,sha256=vK9XHc-hOxf6BbLKMNzGNlbCRWN2nlksQoCLdHqPgnw,7049
-dissect/target/plugins/os/windows/log/evtx.py,sha256=C1JM64GW7z82qT9K9hIiyCv0EFxszFD9GVvtUZUHdL4,6096
-dissect/target/plugins/os/windows/log/pfro.py,sha256=BCjg3OZzkIP4-HzRa1b1dPkDv_B4sbd78fl40obUVkM,2706
-dissect/target/plugins/os/windows/log/schedlgu.py,sha256=vzMOcCSrGRTMNQUZzvyQorZzbTNgs1UJiPe0zeOOupQ,5515
+dissect/target/plugins/os/windows/log/etl.py,sha256=PWMTpgKWAtYNtmQfyoos4TtgH8gnbQN19Jw1GCEeHy0,7142
+dissect/target/plugins/os/windows/log/evt.py,sha256=LsM9IgidOtAeGrtztO3ng2DAPmCMVydX3bqYz12dQ_4,7080
+dissect/target/plugins/os/windows/log/evtx.py,sha256=P_hQT3ZFelqhXTH_8pbnSnCwEeSxJr8hiX0F3tK-4W4,6127
+dissect/target/plugins/os/windows/log/pfro.py,sha256=qqXXQ7hY8CHVdYEibmAnJrIy9Szesvr7Re19Nj_GYPg,2737
+dissect/target/plugins/os/windows/log/schedlgu.py,sha256=JaP8H8eTEypWXhx2aFSR_IMam6rQiksbLKhMr_U4fz8,5570
 dissect/target/plugins/os/windows/regf/7zip.py,sha256=Vc336zhS6R8W98GGlLtPJ_OR0vEP014QnBtYwbx_HUo,3217
 dissect/target/plugins/os/windows/regf/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/windows/regf/appxdebugkeys.py,sha256=2GlbBZITBDhu3JKHgsGCd_6umHFgDw6OQA4g4rHg63E,3935
+dissect/target/plugins/os/windows/regf/appxdebugkeys.py,sha256=X8MYLcD76pIZoIWwS_DgUp6q6pi2WO7jhZeoc4uGLak,3966
 dissect/target/plugins/os/windows/regf/auditpol.py,sha256=62WMlZwSzBb-99ujaeGkkOBui5qHOkvMHfACsqCmC0A,5140
-dissect/target/plugins/os/windows/regf/bam.py,sha256=W46KjD2bQC52qSajc2lNX36lkjzylKzH7xulnhEKrL8,2053
+dissect/target/plugins/os/windows/regf/bam.py,sha256=iELyDeA-tdT6eXMZ5HHIVSAjH6vDvmS47D2xr4iX7Y8,2084
 dissect/target/plugins/os/windows/regf/cit.py,sha256=vErcoGfslyuZsaZiGbSGm6KxnJmUjobMwoy03jb6774,38244
-dissect/target/plugins/os/windows/regf/clsid.py,sha256=OvvA7Rwm29c1wXarXWXOMkqspA44oOQrQ_0rAJGYAU0,3601
-dissect/target/plugins/os/windows/regf/firewall.py,sha256=cDUj-dY6myWtPenI4Vrzp1u_1ndq0EtGDs78RoqSA0Y,3141
+dissect/target/plugins/os/windows/regf/clsid.py,sha256=M121yHQgRDSGtXeShiB-RUuk_toHOFHLYwbHAP9SS8U,3632
+dissect/target/plugins/os/windows/regf/firewall.py,sha256=-RUFjY4D-ua72vyvOTJyg-MpUbk9Syfo4TfgA7bV7Us,3172
 dissect/target/plugins/os/windows/regf/mru.py,sha256=HYg4UnbsjvzZKS9qcqxkocUeIGQieMLXPjkjgZ1qbTY,13560
-dissect/target/plugins/os/windows/regf/muicache.py,sha256=qoA7S8SiZakIreQqxc_QH1av6Lnlprf5SGr4s55b-8E,3707
+dissect/target/plugins/os/windows/regf/muicache.py,sha256=-1IYfNpFjjk4WYyFUBJGLl7ahEGeUKqlaI1QwPNnfjA,3738
 dissect/target/plugins/os/windows/regf/nethist.py,sha256=QHbG9fmZNmjSVhrgqMvMo12YBaQedzeToS7ZD9eIJ28,3111
-dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=Wr6u7SajA9BtUiypztak9ASJZuimOtWfQUAlfvskjMg,1838
-dissect/target/plugins/os/windows/regf/regf.py,sha256=IbLnOurtlprXAo12iYRdw6fv5J45SuMAqt-mXVYaZi4,3357
-dissect/target/plugins/os/windows/regf/runkeys.py,sha256=f10jOPTJlUVDEhSiH9JSltKQ-V7zfa8iPX0nKl1gBXo,4247
+dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=5JheHDmYc7udH-ZF7PwVTm0HfRY43diW0pmyyfHWZK0,1869
+dissect/target/plugins/os/windows/regf/regf.py,sha256=D1GrljF-sV8cWIjWJ3zH7k52i1OWD8poEC_PIeZMEis,3419
+dissect/target/plugins/os/windows/regf/runkeys.py,sha256=-2HcdnVytzCt1xwgAI8rHDnwk8kwLPWURumvhrGnIHU,4278
 dissect/target/plugins/os/windows/regf/shellbags.py,sha256=EKBWBjxvSfxc7WFKmICZs8QUJnjhsCKesjl_NHEnSUo,25621
-dissect/target/plugins/os/windows/regf/shimcache.py,sha256=4SHtwh-ajhgcyR2-vsBbjnsyBtEVPwlgk5j8e1TQkWM,9972
-dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=4g4m1FYljOpYqGG-7NGyj738Tfnz0uEaN2is2YzkMgg,3669
-dissect/target/plugins/os/windows/regf/usb.py,sha256=mfMQPKUct7fqpxJgquySrorPf5KWBzwWCLVKa9qSatc,7182
-dissect/target/plugins/os/windows/regf/userassist.py,sha256=kEthM9oDDBA6UbGxunbyTfXX320Z_2YlTMYoUQyxZyY,5469
+dissect/target/plugins/os/windows/regf/shimcache.py,sha256=0THEJQtMHACAI70jrThMCrxAVgQv5XxqkRD1MY03VpE,10003
+dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=3yvpBDM-Asg0rvGN2TwALGRm9DYogG6TxRau9D6FBbw,3700
+dissect/target/plugins/os/windows/regf/usb.py,sha256=hR5fnqy_sint1YyWgm1-AMhGQ4MxJOH_Wz0vbYzr9p4,7213
+dissect/target/plugins/os/windows/regf/userassist.py,sha256=36uI_tSGUx-lOUZ1Io_2ofHTLHzriFA3F6XMR61H0wc,5500
 dissect/target/plugins/os/windows/task_helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/task_helpers/tasks_job.py,sha256=-dCkJnyEiWG9nCK378-GswM5EXelrA_g3zDHLhSQMu0,21199
 dissect/target/plugins/os/windows/task_helpers/tasks_records.py,sha256=vpCyKqLQSzI5ymD1h5P6RncLEE47YtmjDFwKA16dVZ4,4046
@@ -340,10 +340,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.18.dev1.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.18.dev1.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.18.dev1.dist-info/METADATA,sha256=tJDE-kFB1FiUX5R-PfAhVrhV6HLoQ5v12zzo9n3jumk,11299
-dissect.target-3.18.dev1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.18.dev1.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.18.dev1.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.18.dev1.dist-info/RECORD,,
+dissect.target-3.18.dev3.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.18.dev3.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.18.dev3.dist-info/METADATA,sha256=t5yUGDDtnDgTACRs1bUW1xJF2rlVMzxbFW0iWG5WRUw,11299
+dissect.target-3.18.dev3.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.18.dev3.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.18.dev3.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.18.dev3.dist-info/RECORD,,

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/COPYRIGHT RENAMED Viewed

File without changes

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/LICENSE RENAMED Viewed

File without changes

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/WHEEL RENAMED Viewed

File without changes

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{dissect.target-3.18.dev1.dist-info → dissect.target-3.18.dev3.dist-info}/top_level.txt RENAMED Viewed

File without changes

dissect.target 3.18.dev1__py3-none-any.whl → 3.18.dev3__py3-none-any.whl

dissect.target 3.18.dev1py3-none-any.whl → 3.18.dev3py3-none-any.whl