dissect.target 3.18.dev9__tar.gz → 3.18.dev11__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (590) hide show
  1. {dissect_target-3.18.dev9/dissect.target.egg-info → dissect_target-3.18.dev11}/PKG-INFO +1 -1
  2. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/_os.py +6 -3
  3. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/defender.py +218 -1
  4. dissect_target-3.18.dev11/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py +282 -0
  5. dissect_target-3.18.dev11/dissect/target/plugins/os/windows/defender_helpers/defender_records.py +191 -0
  6. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11/dissect.target.egg-info}/PKG-INFO +1 -1
  7. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect.target.egg-info/SOURCES.txt +3 -0
  8. dissect_target-3.18.dev11/tests/plugins/os/windows/test_defender.py +375 -0
  9. dissect_target-3.18.dev11/tests/volumes/__init__.py +0 -0
  10. dissect_target-3.18.dev9/tests/plugins/os/windows/test_defender.py +0 -153
  11. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/COPYRIGHT +0 -0
  12. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/LICENSE +0 -0
  13. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/MANIFEST.in +0 -0
  14. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/README.md +0 -0
  15. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/__init__.py +0 -0
  16. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/container.py +0 -0
  17. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/__init__.py +0 -0
  18. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/asdf.py +0 -0
  19. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/ewf.py +0 -0
  20. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/fortifw.py +0 -0
  21. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/hdd.py +0 -0
  22. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/hds.py +0 -0
  23. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/qcow2.py +0 -0
  24. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/raw.py +0 -0
  25. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/split.py +0 -0
  26. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/vdi.py +0 -0
  27. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/vhd.py +0 -0
  28. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/vhdx.py +0 -0
  29. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/containers/vmdk.py +0 -0
  30. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/data/autocompletion/target_bash_completion.sh +0 -0
  31. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/exceptions.py +0 -0
  32. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystem.py +0 -0
  33. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/__init__.py +0 -0
  34. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/ad1.py +0 -0
  35. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/btrfs.py +0 -0
  36. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/cb.py +0 -0
  37. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/config.py +0 -0
  38. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/cpio.py +0 -0
  39. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/dir.py +0 -0
  40. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/exfat.py +0 -0
  41. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/extfs.py +0 -0
  42. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/fat.py +0 -0
  43. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/ffs.py +0 -0
  44. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/itunes.py +0 -0
  45. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/jffs.py +0 -0
  46. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/ntfs.py +0 -0
  47. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/overlay.py +0 -0
  48. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/smb.py +0 -0
  49. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/squashfs.py +0 -0
  50. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/tar.py +0 -0
  51. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/vmfs.py +0 -0
  52. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/vmtar.py +0 -0
  53. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/xfs.py +0 -0
  54. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/filesystems/zip.py +0 -0
  55. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/__init__.py +0 -0
  56. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/cache.py +0 -0
  57. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/__init__.py +0 -0
  58. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/path_310.py +0 -0
  59. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/path_311.py +0 -0
  60. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/path_312.py +0 -0
  61. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/path_39.py +0 -0
  62. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/compat/path_common.py +0 -0
  63. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/config.py +0 -0
  64. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/configutil.py +0 -0
  65. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/cyber.py +0 -0
  66. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/data/windowsZones.xml +0 -0
  67. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/descriptor_extensions.py +0 -0
  68. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/docs.py +0 -0
  69. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/fsutil.py +0 -0
  70. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/hashutil.py +0 -0
  71. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/keychain.py +0 -0
  72. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/lazy.py +0 -0
  73. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/loaderutil.py +0 -0
  74. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/localeutil.py +0 -0
  75. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/mount.py +0 -0
  76. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/mui.py +0 -0
  77. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/network_managers.py +0 -0
  78. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/polypath.py +0 -0
  79. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/protobuf.py +0 -0
  80. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/record.py +0 -0
  81. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/record_modifier.py +0 -0
  82. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/regutil.py +0 -0
  83. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/shell_folder_ids.py +0 -0
  84. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/ssh.py +0 -0
  85. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/targetd.py +0 -0
  86. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/helpers/utils.py +0 -0
  87. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loader.py +0 -0
  88. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/__init__.py +0 -0
  89. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/ad1.py +0 -0
  90. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/asdf.py +0 -0
  91. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/cb.py +0 -0
  92. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/cyber.py +0 -0
  93. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/dir.py +0 -0
  94. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/hyperv.py +0 -0
  95. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/itunes.py +0 -0
  96. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/kape.py +0 -0
  97. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/local.py +0 -0
  98. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/log.py +0 -0
  99. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/mqtt.py +0 -0
  100. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/multiraw.py +0 -0
  101. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/ova.py +0 -0
  102. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/overlay.py +0 -0
  103. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/ovf.py +0 -0
  104. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/phobos.py +0 -0
  105. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/profile.py +0 -0
  106. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/pvm.py +0 -0
  107. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/pvs.py +0 -0
  108. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/raw.py +0 -0
  109. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/remote.py +0 -0
  110. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/res.py +0 -0
  111. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/smb.py +0 -0
  112. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/tanium.py +0 -0
  113. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/tar.py +0 -0
  114. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/target.py +0 -0
  115. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/targetd.py +0 -0
  116. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/utm.py +0 -0
  117. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/vb.py +0 -0
  118. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/vbox.py +0 -0
  119. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/velociraptor.py +0 -0
  120. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/vma.py +0 -0
  121. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/vmwarevm.py +0 -0
  122. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/vmx.py +0 -0
  123. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/loaders/xva.py +0 -0
  124. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugin.py +0 -0
  125. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/__init__.py +0 -0
  126. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/__init__.py +0 -0
  127. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/av/__init__.py +0 -0
  128. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/av/mcafee.py +0 -0
  129. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/av/sophos.py +0 -0
  130. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/av/symantec.py +0 -0
  131. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/av/trendmicro.py +0 -0
  132. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/__init__.py +0 -0
  133. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/brave.py +0 -0
  134. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/browser.py +0 -0
  135. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/chrome.py +0 -0
  136. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/chromium.py +0 -0
  137. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/edge.py +0 -0
  138. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/firefox.py +0 -0
  139. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/browser/iexplore.py +0 -0
  140. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/container/__init__.py +0 -0
  141. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/container/docker.py +0 -0
  142. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/remoteaccess/__init__.py +0 -0
  143. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/remoteaccess/anydesk.py +0 -0
  144. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/remoteaccess/remoteaccess.py +0 -0
  145. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/remoteaccess/teamviewer.py +0 -0
  146. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/shell/__init__.py +0 -0
  147. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/shell/powershell.py +0 -0
  148. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/ssh/__init__.py +0 -0
  149. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/ssh/openssh.py +0 -0
  150. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/ssh/opensshd.py +0 -0
  151. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/ssh/putty.py +0 -0
  152. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/ssh/ssh.py +0 -0
  153. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/vpn/__init__.py +0 -0
  154. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/vpn/openvpn.py +0 -0
  155. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/vpn/wireguard.py +0 -0
  156. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webhosting/__init__.py +0 -0
  157. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webhosting/cpanel.py +0 -0
  158. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/__init__.py +0 -0
  159. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/apache.py +0 -0
  160. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/caddy.py +0 -0
  161. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/citrix.py +0 -0
  162. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/iis.py +0 -0
  163. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/nginx.py +0 -0
  164. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/apps/webserver/webserver.py +0 -0
  165. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/__init__.py +0 -0
  166. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/docker.py +0 -0
  167. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/esxi.py +0 -0
  168. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/hyperv.py +0 -0
  169. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/virtuozzo.py +0 -0
  170. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/vmware_workstation.py +0 -0
  171. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/child/wsl.py +0 -0
  172. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/__init__.py +0 -0
  173. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/acquire_handles.py +0 -0
  174. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/acquire_hash.py +0 -0
  175. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/icat.py +0 -0
  176. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/ntfs/__init__.py +0 -0
  177. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/ntfs/mft.py +0 -0
  178. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/ntfs/mft_timeline.py +0 -0
  179. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/ntfs/usnjrnl.py +0 -0
  180. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/ntfs/utils.py +0 -0
  181. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/resolver.py +0 -0
  182. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/unix/__init__.py +0 -0
  183. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/unix/capability.py +0 -0
  184. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/unix/suid.py +0 -0
  185. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/walkfs.py +0 -0
  186. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/filesystem/yara.py +0 -0
  187. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/__init__.py +0 -0
  188. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/config.py +0 -0
  189. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/default.py +0 -0
  190. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/example.py +0 -0
  191. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/loaders.py +0 -0
  192. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/osinfo.py +0 -0
  193. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/plugins.py +0 -0
  194. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/scrape.py +0 -0
  195. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/general/users.py +0 -0
  196. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/__init__.py +0 -0
  197. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/__init__.py +0 -0
  198. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/_os.py +0 -0
  199. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/__init__.py +0 -0
  200. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/_os.py +0 -0
  201. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/citrix/__init__.py +0 -0
  202. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/citrix/_os.py +0 -0
  203. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/citrix/history.py +0 -0
  204. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/freebsd/__init__.py +0 -0
  205. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/freebsd/_os.py +0 -0
  206. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/ios/__init__.py +0 -0
  207. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/ios/_os.py +0 -0
  208. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/openbsd/__init__.py +0 -0
  209. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/openbsd/_os.py +0 -0
  210. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/osx/__init__.py +0 -0
  211. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/osx/_os.py +0 -0
  212. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/bsd/osx/user.py +0 -0
  213. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/cronjobs.py +0 -0
  214. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/datetime.py +0 -0
  215. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/esxi/__init__.py +0 -0
  216. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/esxi/_os.py +0 -0
  217. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/etc.py +0 -0
  218. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/generic.py +0 -0
  219. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/history.py +0 -0
  220. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/__init__.py +0 -0
  221. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/_os.py +0 -0
  222. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/android/__init__.py +0 -0
  223. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/android/_os.py +0 -0
  224. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/cmdline.py +0 -0
  225. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/__init__.py +0 -0
  226. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/_os.py +0 -0
  227. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/apt.py +0 -0
  228. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/dpkg.py +0 -0
  229. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py +0 -0
  230. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/debian/vyos/_os.py +0 -0
  231. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/environ.py +0 -0
  232. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
  233. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/fortios/_keys.py +0 -0
  234. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/fortios/_os.py +0 -0
  235. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/fortios/generic.py +0 -0
  236. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/fortios/locale.py +0 -0
  237. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/iptables.py +0 -0
  238. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/modules.py +0 -0
  239. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/netstat.py +0 -0
  240. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/proc.py +0 -0
  241. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/processes.py +0 -0
  242. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/redhat/__init__.py +0 -0
  243. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/redhat/_os.py +0 -0
  244. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/redhat/yum.py +0 -0
  245. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/services.py +0 -0
  246. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/sockets.py +0 -0
  247. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/suse/__init__.py +0 -0
  248. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/suse/_os.py +0 -0
  249. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/linux/suse/zypper.py +0 -0
  250. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locale.py +0 -0
  251. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locate/__init__.py +0 -0
  252. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locate/gnulocate.py +0 -0
  253. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locate/locate.py +0 -0
  254. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locate/mlocate.py +0 -0
  255. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/locate/plocate.py +0 -0
  256. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/__init__.py +0 -0
  257. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/atop.py +0 -0
  258. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/audit.py +0 -0
  259. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/auth.py +0 -0
  260. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/journal.py +0 -0
  261. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/lastlog.py +0 -0
  262. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/messages.py +0 -0
  263. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/log/utmp.py +0 -0
  264. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/packagemanager.py +0 -0
  265. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/unix/shadow.py +0 -0
  266. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/__init__.py +0 -0
  267. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/activitiescache.py +0 -0
  268. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/adpolicy.py +0 -0
  269. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/amcache.py +0 -0
  270. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/catroot.py +0 -0
  271. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/cim.py +0 -0
  272. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/clfs.py +0 -0
  273. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/credhist.py +0 -0
  274. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/datetime.py +0 -0
  275. {dissect_target-3.18.dev9/dissect/target/plugins/os/windows/dpapi → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/defender_helpers}/__init__.py +0 -0
  276. {dissect_target-3.18.dev9/dissect/target/plugins/os/windows/exchange → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/dpapi}/__init__.py +0 -0
  277. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/dpapi/blob.py +0 -0
  278. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/dpapi/crypto.py +0 -0
  279. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/dpapi/dpapi.py +0 -0
  280. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/dpapi/master_key.py +0 -0
  281. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/env.py +0 -0
  282. {dissect_target-3.18.dev9/dissect/target/plugins/os/windows/log → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/exchange}/__init__.py +0 -0
  283. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/exchange/exchange.py +0 -0
  284. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/generic.py +0 -0
  285. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/lnk.py +0 -0
  286. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/locale.py +0 -0
  287. {dissect_target-3.18.dev9/dissect/target/plugins/os/windows/regf → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/log}/__init__.py +0 -0
  288. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/amcache.py +0 -0
  289. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/etl.py +0 -0
  290. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/evt.py +0 -0
  291. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/evtx.py +0 -0
  292. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/pfro.py +0 -0
  293. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/log/schedlgu.py +0 -0
  294. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/notifications.py +0 -0
  295. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/prefetch.py +0 -0
  296. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/recyclebin.py +0 -0
  297. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/7zip.py +0 -0
  298. {dissect_target-3.18.dev9/dissect/target/plugins/os/windows/task_helpers → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/regf}/__init__.py +0 -0
  299. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/appxdebugkeys.py +0 -0
  300. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/auditpol.py +0 -0
  301. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/bam.py +0 -0
  302. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/cit.py +0 -0
  303. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/clsid.py +0 -0
  304. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/firewall.py +0 -0
  305. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/mru.py +0 -0
  306. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/muicache.py +0 -0
  307. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/nethist.py +0 -0
  308. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/recentfilecache.py +0 -0
  309. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/regf.py +0 -0
  310. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/runkeys.py +0 -0
  311. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/shellbags.py +0 -0
  312. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/shimcache.py +0 -0
  313. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/trusteddocs.py +0 -0
  314. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/usb.py +0 -0
  315. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/regf/userassist.py +0 -0
  316. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/registry.py +0 -0
  317. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/sam.py +0 -0
  318. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/services.py +0 -0
  319. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/sru.py +0 -0
  320. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/startupinfo.py +0 -0
  321. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/syscache.py +0 -0
  322. {dissect_target-3.18.dev9/dissect/target/tools → dissect_target-3.18.dev11/dissect/target/plugins/os/windows/task_helpers}/__init__.py +0 -0
  323. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/task_helpers/tasks_job.py +0 -0
  324. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/task_helpers/tasks_records.py +0 -0
  325. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/task_helpers/tasks_xml.py +0 -0
  326. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/tasks.py +0 -0
  327. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/thumbcache.py +0 -0
  328. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/ual.py +0 -0
  329. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/wer.py +0 -0
  330. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/report.py +0 -0
  331. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/target.py +0 -0
  332. {dissect_target-3.18.dev9/dissect/target/tools/dump → dissect_target-3.18.dev11/dissect/target/tools}/__init__.py +0 -0
  333. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/build_pluginlist.py +0 -0
  334. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/dd.py +0 -0
  335. {dissect_target-3.18.dev9/dissect/target/volumes → dissect_target-3.18.dev11/dissect/target/tools/dump}/__init__.py +0 -0
  336. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/dump/run.py +0 -0
  337. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/dump/state.py +0 -0
  338. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/dump/utils.py +0 -0
  339. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/fs.py +0 -0
  340. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/info.py +0 -0
  341. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/logging.py +0 -0
  342. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/mount.py +0 -0
  343. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/query.py +0 -0
  344. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/reg.py +0 -0
  345. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/shell.py +0 -0
  346. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/tools/utils.py +0 -0
  347. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volume.py +0 -0
  348. {dissect_target-3.18.dev9/tests → dissect_target-3.18.dev11/dissect/target/volumes}/__init__.py +0 -0
  349. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/bde.py +0 -0
  350. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/ddf.py +0 -0
  351. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/disk.py +0 -0
  352. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/luks.py +0 -0
  353. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/lvm.py +0 -0
  354. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/md.py +0 -0
  355. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/volumes/vmfs.py +0 -0
  356. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect.target.egg-info/dependency_links.txt +0 -0
  357. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect.target.egg-info/entry_points.txt +0 -0
  358. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect.target.egg-info/requires.txt +0 -0
  359. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect.target.egg-info/top_level.txt +0 -0
  360. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/pyproject.toml +0 -0
  361. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/setup.cfg +0 -0
  362. {dissect_target-3.18.dev9/tests/containers → dissect_target-3.18.dev11/tests}/__init__.py +0 -0
  363. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/_docs/Makefile +0 -0
  364. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/_docs/conf.py +0 -0
  365. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/_docs/index.rst +0 -0
  366. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/_utils.py +0 -0
  367. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/conftest.py +0 -0
  368. {dissect_target-3.18.dev9/tests/filesystems → dissect_target-3.18.dev11/tests/containers}/__init__.py +0 -0
  369. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/containers/test_fortifw.py +0 -0
  370. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/containers/test_split.py +0 -0
  371. {dissect_target-3.18.dev9/tests/helpers → dissect_target-3.18.dev11/tests/filesystems}/__init__.py +0 -0
  372. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_cb.py +0 -0
  373. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_config.py +0 -0
  374. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_cpio.py +0 -0
  375. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_dir.py +0 -0
  376. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_exfat.py +0 -0
  377. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_fat.py +0 -0
  378. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_ntfs.py +0 -0
  379. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_overlay.py +0 -0
  380. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_smb.py +0 -0
  381. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_tar.py +0 -0
  382. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_vmtar.py +0 -0
  383. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/filesystems/test_zip.py +0 -0
  384. {dissect_target-3.18.dev9/tests/loaders → dissect_target-3.18.dev11/tests/helpers}/__init__.py +0 -0
  385. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_cache.py +0 -0
  386. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_config.py +0 -0
  387. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_configutil.py +0 -0
  388. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_docs.py +0 -0
  389. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_fsutil.py +0 -0
  390. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_hashutil.py +0 -0
  391. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_keychain.py +0 -0
  392. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_loaderutil.py +0 -0
  393. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_localeutil.py +0 -0
  394. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_modifier.py +0 -0
  395. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_protobuf.py +0 -0
  396. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_record.py +0 -0
  397. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_regutil.py +0 -0
  398. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/helpers/test_utils.py +0 -0
  399. {dissect_target-3.18.dev9/tests/plugins → dissect_target-3.18.dev11/tests/loaders}/__init__.py +0 -0
  400. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_asdf.py +0 -0
  401. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_cb.py +0 -0
  402. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_dir.py +0 -0
  403. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_hyperv.py +0 -0
  404. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_kape.py +0 -0
  405. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_local.py +0 -0
  406. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_log.py +0 -0
  407. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_mqtt.py +0 -0
  408. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_multiraw.py +0 -0
  409. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_ova.py +0 -0
  410. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_overlay.py +0 -0
  411. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_ovf.py +0 -0
  412. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_phobos.py +0 -0
  413. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_pvm.py +0 -0
  414. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_pvs.py +0 -0
  415. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_remote.py +0 -0
  416. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_smb.py +0 -0
  417. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_tanium.py +0 -0
  418. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_tar.py +0 -0
  419. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_utm.py +0 -0
  420. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_vbox.py +0 -0
  421. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_velociraptor.py +0 -0
  422. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/loaders/test_vmwarevm.py +0 -0
  423. {dissect_target-3.18.dev9/tests/plugins/apps → dissect_target-3.18.dev11/tests/plugins}/__init__.py +0 -0
  424. {dissect_target-3.18.dev9/tests/plugins/apps/av → dissect_target-3.18.dev11/tests/plugins/apps}/__init__.py +0 -0
  425. {dissect_target-3.18.dev9/tests/plugins/apps/browser → dissect_target-3.18.dev11/tests/plugins/apps/av}/__init__.py +0 -0
  426. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/av/test_mcafee.py +0 -0
  427. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/av/test_sophos.py +0 -0
  428. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/av/test_symantec.py +0 -0
  429. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/av/test_trendmicro.py +0 -0
  430. {dissect_target-3.18.dev9/tests/plugins/apps/container → dissect_target-3.18.dev11/tests/plugins/apps/browser}/__init__.py +0 -0
  431. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_brave.py +0 -0
  432. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_chrome.py +0 -0
  433. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_chromium.py +0 -0
  434. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_edge.py +0 -0
  435. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_firefox.py +0 -0
  436. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/browser/test_iexplore.py +0 -0
  437. {dissect_target-3.18.dev9/tests/plugins/apps/remoteaccess → dissect_target-3.18.dev11/tests/plugins/apps/container}/__init__.py +0 -0
  438. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/container/test_docker.py +0 -0
  439. {dissect_target-3.18.dev9/tests/plugins/apps/shell → dissect_target-3.18.dev11/tests/plugins/apps/remoteaccess}/__init__.py +0 -0
  440. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/remoteaccess/test_anydesk.py +0 -0
  441. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/remoteaccess/test_teamviewer.py +0 -0
  442. {dissect_target-3.18.dev9/tests/plugins/apps/ssh → dissect_target-3.18.dev11/tests/plugins/apps/shell}/__init__.py +0 -0
  443. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/shell/test_powershell.py +0 -0
  444. {dissect_target-3.18.dev9/tests/plugins/apps/vpn → dissect_target-3.18.dev11/tests/plugins/apps/ssh}/__init__.py +0 -0
  445. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/ssh/test_openssh.py +0 -0
  446. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/ssh/test_opensshd.py +0 -0
  447. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/ssh/test_putty.py +0 -0
  448. {dissect_target-3.18.dev9/tests/plugins/apps/webhosting → dissect_target-3.18.dev11/tests/plugins/apps/vpn}/__init__.py +0 -0
  449. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/vpn/test_openvpn.py +0 -0
  450. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/vpn/test_wireguard.py +0 -0
  451. {dissect_target-3.18.dev9/tests/plugins/apps/webserver → dissect_target-3.18.dev11/tests/plugins/apps/webhosting}/__init__.py +0 -0
  452. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webhosting/test_cpanel.py +0 -0
  453. {dissect_target-3.18.dev9/tests/plugins/child → dissect_target-3.18.dev11/tests/plugins/apps/webserver}/__init__.py +0 -0
  454. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_apache.py +0 -0
  455. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_caddy.py +0 -0
  456. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_citrix.py +0 -0
  457. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_iis.py +0 -0
  458. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_nginx.py +0 -0
  459. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/apps/webserver/test_webserver.py +0 -0
  460. {dissect_target-3.18.dev9/tests/plugins/filesystem → dissect_target-3.18.dev11/tests/plugins/child}/__init__.py +0 -0
  461. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/child/test_docker.py +0 -0
  462. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/child/test_hyperv.py +0 -0
  463. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/child/test_virtuozzo.py +0 -0
  464. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/child/test_wsl.py +0 -0
  465. {dissect_target-3.18.dev9/tests/plugins/filesystem/ntfs → dissect_target-3.18.dev11/tests/plugins/filesystem}/__init__.py +0 -0
  466. {dissect_target-3.18.dev9/tests/plugins/filesystem/unix → dissect_target-3.18.dev11/tests/plugins/filesystem/ntfs}/__init__.py +0 -0
  467. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/ntfs/test_mft.py +0 -0
  468. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/ntfs/test_usnjrnl.py +0 -0
  469. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_acquire_handles.py +0 -0
  470. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_acquire_hash.py +0 -0
  471. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_icat.py +0 -0
  472. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_resolver.py +0 -0
  473. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_walkfs.py +0 -0
  474. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/test_yara.py +0 -0
  475. {dissect_target-3.18.dev9/tests/plugins/general → dissect_target-3.18.dev11/tests/plugins/filesystem/unix}/__init__.py +0 -0
  476. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/unix/test_capability.py +0 -0
  477. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/filesystem/unix/test_suid.py +0 -0
  478. {dissect_target-3.18.dev9/tests/plugins/os → dissect_target-3.18.dev11/tests/plugins/general}/__init__.py +0 -0
  479. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/general/test_config.py +0 -0
  480. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/general/test_default.py +0 -0
  481. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/general/test_plugins.py +0 -0
  482. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/general/test_scrape.py +0 -0
  483. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/general/test_users.py +0 -0
  484. {dissect_target-3.18.dev9/tests/plugins/os/unix → dissect_target-3.18.dev11/tests/plugins/os}/__init__.py +0 -0
  485. {dissect_target-3.18.dev9/tests/plugins/os/unix/bsd → dissect_target-3.18.dev11/tests/plugins/os/unix}/__init__.py +0 -0
  486. {dissect_target-3.18.dev9/tests/plugins/os/unix/bsd/citrix → dissect_target-3.18.dev11/tests/plugins/os/unix/bsd}/__init__.py +0 -0
  487. {dissect_target-3.18.dev9/tests/plugins/os/unix/bsd/osx → dissect_target-3.18.dev11/tests/plugins/os/unix/bsd/citrix}/__init__.py +0 -0
  488. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/bsd/citrix/test__os.py +0 -0
  489. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/bsd/citrix/test_history.py +0 -0
  490. {dissect_target-3.18.dev9/tests/plugins/os/unix/esxi → dissect_target-3.18.dev11/tests/plugins/os/unix/bsd/osx}/__init__.py +0 -0
  491. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/bsd/osx/test__os.py +0 -0
  492. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/bsd/osx/test_user.py +0 -0
  493. {dissect_target-3.18.dev9/tests/plugins/os/unix/linux → dissect_target-3.18.dev11/tests/plugins/os/unix/esxi}/__init__.py +0 -0
  494. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/esxi/test__os.py +0 -0
  495. {dissect_target-3.18.dev9/tests/plugins/os/unix/linux/android → dissect_target-3.18.dev11/tests/plugins/os/unix/linux}/__init__.py +0 -0
  496. {dissect_target-3.18.dev9/tests/plugins/os/unix/linux/debian → dissect_target-3.18.dev11/tests/plugins/os/unix/linux/android}/__init__.py +0 -0
  497. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/android/test__os.py +0 -0
  498. {dissect_target-3.18.dev9/tests/plugins/os/unix/linux/redhat → dissect_target-3.18.dev11/tests/plugins/os/unix/linux/debian}/__init__.py +0 -0
  499. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/debian/test_apt.py +0 -0
  500. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/debian/test_dpkg.py +0 -0
  501. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/fortios/test_keys.py +0 -0
  502. {dissect_target-3.18.dev9/tests/plugins/os/unix/linux/suse → dissect_target-3.18.dev11/tests/plugins/os/unix/linux/redhat}/__init__.py +0 -0
  503. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/redhat/test_yum.py +0 -0
  504. {dissect_target-3.18.dev9/tests/plugins/os/unix/locate → dissect_target-3.18.dev11/tests/plugins/os/unix/linux/suse}/__init__.py +0 -0
  505. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/suse/test_zypper.py +0 -0
  506. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_cmdline.py +0 -0
  507. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_environ.py +0 -0
  508. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_iptables.py +0 -0
  509. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_modules.py +0 -0
  510. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_netstat.py +0 -0
  511. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_proc.py +0 -0
  512. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_processes.py +0 -0
  513. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_services.py +0 -0
  514. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/linux/test_sockets.py +0 -0
  515. {dissect_target-3.18.dev9/tests/plugins/os/unix/log → dissect_target-3.18.dev11/tests/plugins/os/unix/locate}/__init__.py +0 -0
  516. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/locate/test_gnulocate.py +0 -0
  517. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/locate/test_mlocate.py +0 -0
  518. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/locate/test_plocate.py +0 -0
  519. {dissect_target-3.18.dev9/tests/plugins/os/windows → dissect_target-3.18.dev11/tests/plugins/os/unix/log}/__init__.py +0 -0
  520. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_atop.py +0 -0
  521. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_audit.py +0 -0
  522. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_auth.py +0 -0
  523. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_lastlog.py +0 -0
  524. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_messages.py +0 -0
  525. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/log/test_utmp.py +0 -0
  526. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test__os.py +0 -0
  527. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_generic.py +0 -0
  528. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_history.py +0 -0
  529. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_ips.py +0 -0
  530. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_journal.py +0 -0
  531. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_locale.py +0 -0
  532. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_packagemanager.py +0 -0
  533. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_shadow.py +0 -0
  534. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_users.py +0 -0
  535. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/unix/test_version.py +0 -0
  536. {dissect_target-3.18.dev9/tests/plugins/os/windows/regf → dissect_target-3.18.dev11/tests/plugins/os/windows}/__init__.py +0 -0
  537. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/log/test_etl.py +0 -0
  538. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/log/test_evt.py +0 -0
  539. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/log/test_evtx.py +0 -0
  540. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/log/test_schedlgu.py +0 -0
  541. {dissect_target-3.18.dev9/tests/tools → dissect_target-3.18.dev11/tests/plugins/os/windows/regf}/__init__.py +0 -0
  542. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_appxdebugkeys.py +0 -0
  543. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_cit.py +0 -0
  544. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_clsid.py +0 -0
  545. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_muicache.py +0 -0
  546. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_trusteddocs.py +0 -0
  547. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/regf/test_userassist.py +0 -0
  548. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test__os.py +0 -0
  549. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_adpolicy.py +0 -0
  550. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_amcache.py +0 -0
  551. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_catroot.py +0 -0
  552. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_clfs.py +0 -0
  553. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_credhist.py +0 -0
  554. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_datetime.py +0 -0
  555. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_dpapi.py +0 -0
  556. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_env.py +0 -0
  557. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_generic.py +0 -0
  558. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_lnk.py +0 -0
  559. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_locale.py +0 -0
  560. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_mru.py +0 -0
  561. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_notifications.py +0 -0
  562. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_prefetch.py +0 -0
  563. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_recyclebin.py +0 -0
  564. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_registry.py +0 -0
  565. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_sam.py +0 -0
  566. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_shimcache.py +0 -0
  567. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_sru.py +0 -0
  568. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_syscache.py +0 -0
  569. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_tasks.py +0 -0
  570. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_thumbcache.py +0 -0
  571. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_ual.py +0 -0
  572. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/plugins/os/windows/test_wer.py +0 -0
  573. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_container.py +0 -0
  574. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_filesystem.py +0 -0
  575. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_plugin.py +0 -0
  576. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_registration.py +0 -0
  577. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_report.py +0 -0
  578. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_target.py +0 -0
  579. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/test_volume.py +0 -0
  580. {dissect_target-3.18.dev9/tests/volumes → dissect_target-3.18.dev11/tests/tools}/__init__.py +0 -0
  581. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_dump.py +0 -0
  582. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_fs.py +0 -0
  583. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_mount.py +0 -0
  584. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_query.py +0 -0
  585. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_reg.py +0 -0
  586. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_shell.py +0 -0
  587. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/tools/test_utils.py +0 -0
  588. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/volumes/test_bde.py +0 -0
  589. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tests/volumes/test_md.py +0 -0
  590. {dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/tox.ini +0 -0
{dissect_target-3.18.dev9/dissect.target.egg-info → dissect_target-3.18.dev11}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.18.dev9
3
+ Version: 3.18.dev11
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/_os.py RENAMED
@@ -21,7 +21,7 @@ class WindowsPlugin(OSPlugin):
21
21
  self.add_mounts()
22
22
 
23
23
  target.props["sysvol_drive"] = next(
24
- (mnt for mnt, fs in target.fs.mounts.items() if fs is target.fs.mounts["sysvol"] and mnt != "sysvol"),
24
+ (mnt for mnt, fs in target.fs.mounts.items() if fs is target.fs.mounts.get("sysvol") and mnt != "sysvol"),
25
25
  None,
26
26
  )
27
27
 
@@ -78,13 +78,16 @@ class WindowsPlugin(OSPlugin):
78
78
  self.target.log.warning("Failed to map drive letters")
79
79
  self.target.log.debug("", exc_info=e)
80
80
 
81
+ sysvol_drive = self.target.fs.mounts.get("sysvol")
81
82
  # Fallback mount the sysvol to C: if we didn't manage to mount it to any other drive letter
82
- if operator.countOf(self.target.fs.mounts.values(), self.target.fs.mounts["sysvol"]) == 1:
83
+ if sysvol_drive and operator.countOf(self.target.fs.mounts.values(), sysvol_drive) == 1:
83
84
  if "c:" not in self.target.fs.mounts:
84
85
  self.target.log.debug("Unable to determine drive letter of sysvol, falling back to C:")
85
- self.target.fs.mount("c:", self.target.fs.mounts["sysvol"])
86
+ self.target.fs.mount("c:", sysvol_drive)
86
87
  else:
87
88
  self.target.log.warning("Unknown drive letter for sysvol")
89
+ else:
90
+ self.target.log.warning("No sysvol drive found")
88
91
 
89
92
  @export(property=True)
90
93
  def hostname(self) -> Optional[str]:
{dissect_target-3.18.dev9 → dissect_target-3.18.dev11}/dissect/target/plugins/os/windows/defender.py RENAMED
@@ -1,7 +1,10 @@
1
+ from __future__ import annotations
2
+
3
+ import re
1
4
  from datetime import datetime, timezone
2
5
  from io import BytesIO
3
6
  from pathlib import Path
4
- from typing import Any, BinaryIO, Generator, Iterable, Iterator, Union
7
+ from typing import Any, BinaryIO, Generator, Iterable, Iterator, TextIO, Union
5
8
 
6
9
  import dissect.util.ts as ts
7
10
  from dissect.cstruct import Structure, cstruct
@@ -10,6 +13,27 @@ from flow.record import Record
10
13
  from dissect.target import plugin
11
14
  from dissect.target.exceptions import UnsupportedPluginError
12
15
  from dissect.target.helpers.record import TargetRecordDescriptor
16
+ from dissect.target.plugins.os.windows.defender_helpers.defender_patterns import (
17
+ DEFENDER_MPLOG_BLOCK_PATTERNS,
18
+ DEFENDER_MPLOG_LINE,
19
+ DEFENDER_MPLOG_PATTERNS,
20
+ )
21
+ from dissect.target.plugins.os.windows.defender_helpers.defender_records import (
22
+ DefenderMPLogBMTelemetryRecord,
23
+ DefenderMPLogDetectionAddRecord,
24
+ DefenderMPLogDetectionEventRecord,
25
+ DefenderMPLogEMSRecord,
26
+ DefenderMPLogExclusionRecord,
27
+ DefenderMPLogLowfiRecord,
28
+ DefenderMPLogMinFilBlockedFileRecord,
29
+ DefenderMPLogMinFilUSSRecord,
30
+ DefenderMPLogOriginalFileNameRecord,
31
+ DefenderMPLogProcessImageRecord,
32
+ DefenderMPLogResourceScanRecord,
33
+ DefenderMPLogRTPRecord,
34
+ DefenderMPLogThreatActionRecord,
35
+ DefenderMPLogThreatRecord,
36
+ )
13
37
 
14
38
  DEFENDER_EVTX_FIELDS = [
15
39
  ("datetime", "ts"),
@@ -73,6 +97,7 @@ DEFENDER_LOG_FILENAME_GLOB = "Microsoft-Windows-Windows Defender*"
73
97
  EVTX_PROVIDER_NAME = "Microsoft-Windows-Windows Defender"
74
98
 
75
99
  DEFENDER_QUARANTINE_DIR = "sysvol/programdata/microsoft/windows defender/quarantine"
100
+ DEFENDER_MPLOG_DIR = "sysvol/programdata/microsoft/windows defender/support"
76
101
  DEFENDER_KNOWN_DETECTION_TYPES = [b"internalbehavior", b"regkey", b"runkey"]
77
102
 
78
103
  DEFENDER_EXCLUSION_KEY = "HKLM\\SOFTWARE\\Microsoft\\Windows Defender\\Exclusions"
@@ -494,6 +519,198 @@ class MicrosoftDefenderPlugin(plugin.Plugin):
494
519
  value=exclusion_value,
495
520
  )
496
521
 
522
+ def _mplog_processimage(self, data: dict) -> Iterator[DefenderMPLogProcessImageRecord]:
523
+ yield DefenderMPLogProcessImageRecord(**data)
524
+
525
+ def _mplog_minfiluss(self, data: dict) -> Iterator[DefenderMPLogMinFilUSSRecord]:
526
+ yield DefenderMPLogMinFilUSSRecord(**data)
527
+
528
+ def _mplog_blockedfile(self, data: dict) -> Iterator[DefenderMPLogMinFilBlockedFileRecord]:
529
+ yield DefenderMPLogMinFilBlockedFileRecord(**data)
530
+
531
+ def _mplog_bmtelemetry(self, data: dict) -> Iterator[DefenderMPLogBMTelemetryRecord]:
532
+ data["ts"] = datetime.strptime(data["ts"], "%m-%d-%Y %H:%M:%S")
533
+ yield DefenderMPLogBMTelemetryRecord(**data)
534
+
535
+ def _mplog_ems(self, data: dict) -> Iterator[DefenderMPLogEMSRecord]:
536
+ yield DefenderMPLogEMSRecord(**data)
537
+
538
+ def _mplog_originalfilename(self, data: dict) -> Iterator[DefenderMPLogOriginalFileNameRecord]:
539
+ yield DefenderMPLogOriginalFileNameRecord(**data)
540
+
541
+ def _mplog_exclusion(self, data: dict) -> Iterator[DefenderMPLogExclusionRecord]:
542
+ yield DefenderMPLogExclusionRecord(**data)
543
+
544
+ def _mplog_lowfi(self, data: dict) -> Iterator[DefenderMPLogLowfiRecord]:
545
+ yield DefenderMPLogLowfiRecord(**data)
546
+
547
+ def _mplog_detectionadd(self, data: dict) -> Iterator[DefenderMPLogDetectionAddRecord]:
548
+ yield DefenderMPLogDetectionAddRecord(**data)
549
+
550
+ def _mplog_threat(self, data: dict) -> Iterator[DefenderMPLogThreatRecord]:
551
+ yield DefenderMPLogThreatRecord(**data)
552
+
553
+ def _mplog_resourcescan(self, data: dict) -> Iterator[DefenderMPLogResourceScanRecord]:
554
+ data["start_time"] = datetime.strptime(data["start_time"], "%m-%d-%Y %H:%M:%S")
555
+ data["end_time"] = datetime.strptime(data["end_time"], "%m-%d-%Y %H:%M:%S")
556
+ data["ts"] = data["start_time"]
557
+ rest = data.pop("rest")
558
+ yield DefenderMPLogResourceScanRecord(
559
+ threats=re.findall("Threat Name:([^\n]+)", rest),
560
+ resources=re.findall("Resource Path:([^\n]+)", rest),
561
+ **data,
562
+ )
563
+
564
+ def _mplog_threataction(self, data: dict) -> Iterator[DefenderMPLogThreatActionRecord]:
565
+ data["ts"] = datetime.strptime(data["ts"], "%m-%d-%Y %H:%M:%S")
566
+ rest = data.pop("rest")
567
+ yield DefenderMPLogThreatActionRecord(
568
+ threats=re.findall("Threat Name:([^\n]+)", rest),
569
+ resources=re.findall("(?:Path|File Name):([^\n]+)", rest),
570
+ actions=re.findall("Action:([^\n]+)", rest),
571
+ **data,
572
+ )
573
+
574
+ def _mplog_rtp_log(self, data: dict) -> Iterator[DefenderMPLogRTPRecord]:
575
+ times = {}
576
+ for dtkey in ["ts", "last_perf", "first_rtp_scan"]:
577
+ try:
578
+ times[dtkey] = datetime.strptime(data[dtkey], "%m-%d-%Y %H:%M:%S")
579
+ except ValueError:
580
+ pass
581
+
582
+ yield DefenderMPLogRTPRecord(
583
+ _target=self.target,
584
+ source_log=data["source_log"],
585
+ **times,
586
+ plugin_states=re.findall(r"^\s+(.*)$", data["plugin_states"])[0],
587
+ process_exclusions=re.findall(DEFENDER_MPLOG_LINE, data["process_exclusions"]),
588
+ path_exclusions=re.findall(DEFENDER_MPLOG_LINE, data["path_exclusions"]),
589
+ ext_exclusions=re.findall(DEFENDER_MPLOG_LINE, data["ext_exclusions"]),
590
+ )
591
+
592
+ def _mplog_detectionevent(self, data: dict) -> Iterator[DefenderMPLogDetectionEventRecord]:
593
+ yield DefenderMPLogDetectionEventRecord(**data)
594
+
595
+ def _mplog_line(
596
+ self, mplog_line: str, source: Path
597
+ ) -> Iterator[
598
+ DefenderMPLogProcessImageRecord
599
+ | DefenderMPLogMinFilUSSRecord
600
+ | DefenderMPLogMinFilBlockedFileRecord
601
+ | DefenderMPLogEMSRecord
602
+ | DefenderMPLogOriginalFileNameRecord
603
+ | DefenderMPLogExclusionRecord
604
+ | DefenderMPLogLowfiRecord
605
+ | DefenderMPLogDetectionAddRecord
606
+ | DefenderMPLogThreatRecord
607
+ | DefenderMPLogDetectionEventRecord
608
+ ]:
609
+ for pattern, record in DEFENDER_MPLOG_PATTERNS:
610
+ if match := pattern.match(mplog_line):
611
+ data = match.groupdict()
612
+ data["_target"] = self.target
613
+ data["source_log"] = source
614
+ yield from getattr(self, f"_mplog_{record.name.split('/')[-1:][0]}")(data)
615
+
616
+ def _mplog_block(
617
+ self, mplog_line: str, mplog: TextIO, source: Path
618
+ ) -> Iterator[DefenderMPLogResourceScanRecord | DefenderMPLogThreatActionRecord | DefenderMPLogRTPRecord]:
619
+ block = ""
620
+ for prefix, suffix, pattern, record in DEFENDER_MPLOG_BLOCK_PATTERNS:
621
+ if prefix.search(mplog_line):
622
+ block += mplog_line
623
+ break
624
+ if block:
625
+ while mplog_line := mplog.readline():
626
+ block += mplog_line
627
+ if suffix.search(mplog_line):
628
+ break
629
+ match = pattern.match(block)
630
+ data = match.groupdict()
631
+ data["_target"] = self.target
632
+ data["source_log"] = source
633
+ yield from getattr(self, f"_mplog_{record.name.split('/')[-1:][0]}")(data)
634
+
635
+ def _mplog(
636
+ self, mplog: TextIO, source: Path
637
+ ) -> Iterator[
638
+ DefenderMPLogProcessImageRecord
639
+ | DefenderMPLogMinFilUSSRecord
640
+ | DefenderMPLogMinFilBlockedFileRecord
641
+ | DefenderMPLogBMTelemetryRecord
642
+ | DefenderMPLogEMSRecord
643
+ | DefenderMPLogOriginalFileNameRecord
644
+ | DefenderMPLogExclusionRecord
645
+ | DefenderMPLogLowfiRecord
646
+ | DefenderMPLogDetectionAddRecord
647
+ | DefenderMPLogThreatRecord
648
+ | DefenderMPLogDetectionEventRecord
649
+ | DefenderMPLogResourceScanRecord
650
+ | DefenderMPLogThreatActionRecord
651
+ | DefenderMPLogRTPRecord
652
+ ]:
653
+ while mplog_line := mplog.readline():
654
+ yield from self._mplog_line(mplog_line, source)
655
+ yield from self._mplog_block(mplog_line, mplog, source)
656
+
657
+ @plugin.export(
658
+ record=[
659
+ DefenderMPLogProcessImageRecord,
660
+ DefenderMPLogMinFilUSSRecord,
661
+ DefenderMPLogMinFilBlockedFileRecord,
662
+ DefenderMPLogBMTelemetryRecord,
663
+ DefenderMPLogEMSRecord,
664
+ DefenderMPLogOriginalFileNameRecord,
665
+ DefenderMPLogExclusionRecord,
666
+ DefenderMPLogLowfiRecord,
667
+ DefenderMPLogDetectionAddRecord,
668
+ DefenderMPLogThreatRecord,
669
+ DefenderMPLogDetectionEventRecord,
670
+ DefenderMPLogResourceScanRecord,
671
+ DefenderMPLogThreatActionRecord,
672
+ DefenderMPLogRTPRecord,
673
+ ]
674
+ )
675
+ def mplog(
676
+ self,
677
+ ) -> Iterator[
678
+ DefenderMPLogProcessImageRecord
679
+ | DefenderMPLogMinFilUSSRecord
680
+ | DefenderMPLogMinFilBlockedFileRecord
681
+ | DefenderMPLogBMTelemetryRecord
682
+ | DefenderMPLogEMSRecord
683
+ | DefenderMPLogOriginalFileNameRecord
684
+ | DefenderMPLogExclusionRecord
685
+ | DefenderMPLogLowfiRecord
686
+ | DefenderMPLogDetectionAddRecord
687
+ | DefenderMPLogThreatRecord
688
+ | DefenderMPLogDetectionEventRecord
689
+ | DefenderMPLogResourceScanRecord
690
+ | DefenderMPLogThreatActionRecord
691
+ | DefenderMPLogRTPRecord
692
+ ]:
693
+ """Return the contents of the Defender MPLog file.
694
+
695
+ References:
696
+ - https://www.crowdstrike.com/blog/how-to-use-microsoft-protection-logging-for-forensic-investigations/
697
+ - https://www.intrinsec.com/hunt-mplogs/
698
+ - https://github.com/Intrinsec/mplog_parser
699
+ """
700
+ mplog_directory = self.target.fs.path(DEFENDER_MPLOG_DIR)
701
+
702
+ if not (mplog_directory.exists() and mplog_directory.is_dir()):
703
+ return
704
+
705
+ for mplog_file in mplog_directory.glob("MPLog-*"):
706
+ for encoding in ["UTF-16", "UTF-8"]:
707
+ try:
708
+ with mplog_file.open("rt", encoding=encoding) as mplog:
709
+ yield from self._mplog(mplog, self.target.fs.path(mplog_file))
710
+ break
711
+ except UnicodeError:
712
+ continue
713
+
497
714
  @plugin.arg(
498
715
  "--output",
499
716
  "-o",
dissect_target-3.18.dev11/dissect/target/plugins/os/windows/defender_helpers/defender_patterns.py ADDED
@@ -0,0 +1,282 @@
1
+ import re
2
+
3
+ from dissect.target.plugins.os.windows.defender_helpers.defender_records import (
4
+ DefenderMPLogBMTelemetryRecord,
5
+ DefenderMPLogDetectionAddRecord,
6
+ DefenderMPLogDetectionEventRecord,
7
+ DefenderMPLogEMSRecord,
8
+ DefenderMPLogExclusionRecord,
9
+ DefenderMPLogLowfiRecord,
10
+ DefenderMPLogMinFilBlockedFileRecord,
11
+ DefenderMPLogMinFilUSSRecord,
12
+ DefenderMPLogOriginalFileNameRecord,
13
+ DefenderMPLogProcessImageRecord,
14
+ DefenderMPLogResourceScanRecord,
15
+ DefenderMPLogRTPRecord,
16
+ DefenderMPLogThreatActionRecord,
17
+ DefenderMPLogThreatRecord,
18
+ )
19
+
20
+ DEFENDER_MPLOG_TS_PATTERN = r"(?P<ts>[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}Z) "
21
+
22
+ # Loosely based on https://github.com/Intrinsec/mplog_parser but feel free to add patterns
23
+
24
+ DEFENDER_MPLOG_PATTERNS = [
25
+ # Process Image
26
+ (
27
+ re.compile(
28
+ "".join(
29
+ [
30
+ DEFENDER_MPLOG_TS_PATTERN,
31
+ r"ProcessImageName: (?P<process_image_name>.*), ",
32
+ r"Pid: (?P<pid>\d*), ",
33
+ r"TotalTime: (?P<total_time>\d*), ",
34
+ r"Count: (?P<count>\d*), ",
35
+ r"MaxTime: (?P<max_time>\d*), ",
36
+ r"MaxTimeFile: (?P<max_time_file>.*), ",
37
+ r"EstimatedImpact: (?P<estimated_impact>\d*)",
38
+ ]
39
+ )
40
+ ),
41
+ DefenderMPLogProcessImageRecord,
42
+ ),
43
+ # Mini-filter Unsuccessful scan status
44
+ (
45
+ re.compile(
46
+ "".join(
47
+ [
48
+ DEFENDER_MPLOG_TS_PATTERN,
49
+ r"\[Mini-filter\] (Unsuccessful scan status)[^:]*: (?P<path>.+) ",
50
+ r"Process: (?P<process>.+), ",
51
+ r"Status: (?P<status>.+), ",
52
+ r"State: (?P<state>.+), ",
53
+ r"ScanRequest (?P<scan_request>.+), ",
54
+ r"FileId: (?P<file_id>.+), ",
55
+ r"Reason: (?P<reason>.+), ",
56
+ r"IoStatusBlockForNewFile: (?P<io_status_block_for_new_file>.+), ",
57
+ r"DesiredAccess:(?P<desired_access>.+), ",
58
+ r"FileAttributes:(?P<file_attributes>.+), ",
59
+ r"ScanAttributes:(?P<scan_attributes>.+), ",
60
+ r"AccessStateFlags:(?P<access_state_flags>.+), ",
61
+ r"BackingFileInfo: (?P<backing_file_info>.+)",
62
+ ]
63
+ )
64
+ ),
65
+ DefenderMPLogMinFilUSSRecord,
66
+ ),
67
+ # EMS Scan
68
+ (
69
+ re.compile(
70
+ "".join(
71
+ [
72
+ DEFENDER_MPLOG_TS_PATTERN,
73
+ r".*",
74
+ r"process: (?P<process>\w*) ",
75
+ r"pid: (?P<pid>\d*), ",
76
+ r"sigseq: (?P<sigseq>\w*), ",
77
+ r"sendMemoryScanReport: (?P<send_memory_scan_report>\d*), ",
78
+ r"source: (?P<source>\d*)",
79
+ ]
80
+ )
81
+ ),
82
+ DefenderMPLogEMSRecord,
83
+ ),
84
+ # Original filename
85
+ (
86
+ re.compile(
87
+ "".join(
88
+ [
89
+ DEFENDER_MPLOG_TS_PATTERN,
90
+ r".*",
91
+ r"original file name \"(?P<original_file_name>.*)\" ",
92
+ r"for \"(?P<full_path>.*)\", ",
93
+ r"hr=(?P<hr>\w*)",
94
+ ]
95
+ )
96
+ ),
97
+ DefenderMPLogOriginalFileNameRecord,
98
+ ),
99
+ # Mini-filter Blocked file
100
+ (
101
+ re.compile(
102
+ "".join(
103
+ [
104
+ DEFENDER_MPLOG_TS_PATTERN,
105
+ r".*",
106
+ r"\[Mini-filter\] Blocked file: (?P<blocked_file>.+) ",
107
+ r"Process: (?P<process>.+), ",
108
+ r"Status: (?P<status>.+), ",
109
+ r"State: (?P<state>.+), ",
110
+ r"ScanRequest (?P<scan_request>.+), ",
111
+ r"FileId: (?P<file_id>.+), ",
112
+ r"Reason: (?P<reason>.+), ",
113
+ r"IoStatusBlockForNewFile: (?P<io_status_block_for_new_file>.+), ",
114
+ r"DesiredAccess:(?P<desired_access>.+), ",
115
+ r"FileAttributes:(?P<file_attributes>.+), ",
116
+ r"ScanAttributes:(?P<scan_attributes>.+), ",
117
+ r"AccessStateFlags:(?P<access_state_flags>.+), ",
118
+ r"BackingFileInfo: (?P<backing_file_info>.+)",
119
+ ]
120
+ )
121
+ ),
122
+ DefenderMPLogMinFilBlockedFileRecord,
123
+ ),
124
+ # Exclusion
125
+ (
126
+ re.compile(
127
+ "".join(
128
+ [
129
+ DEFENDER_MPLOG_TS_PATTERN,
130
+ r"\[Exclusion\] (?P<full_path_with_drive_letter>.+) ",
131
+ r"-> (?P<full_path_with_device_path>.+)",
132
+ ]
133
+ )
134
+ ),
135
+ DefenderMPLogExclusionRecord,
136
+ ),
137
+ # Lowfi
138
+ (
139
+ re.compile(
140
+ "".join(
141
+ [
142
+ DEFENDER_MPLOG_TS_PATTERN,
143
+ r".*",
144
+ r"lowfi: (?P<lowfi>.+)",
145
+ ]
146
+ )
147
+ ),
148
+ DefenderMPLogLowfiRecord,
149
+ ),
150
+ # Detection add
151
+ (
152
+ re.compile(
153
+ "".join(
154
+ [
155
+ DEFENDER_MPLOG_TS_PATTERN,
156
+ r".*",
157
+ r"DETECTION_ADD\S* (?P<detection>.*)",
158
+ ]
159
+ )
160
+ ),
161
+ DefenderMPLogDetectionAddRecord,
162
+ ),
163
+ # Threat
164
+ (
165
+ re.compile(
166
+ "".join(
167
+ [
168
+ DEFENDER_MPLOG_TS_PATTERN,
169
+ r".*",
170
+ r"threat: (?P<threat>.*)",
171
+ ]
172
+ )
173
+ ),
174
+ DefenderMPLogThreatRecord,
175
+ ),
176
+ # Detection event
177
+ (
178
+ re.compile(
179
+ "".join(
180
+ [
181
+ DEFENDER_MPLOG_TS_PATTERN,
182
+ r".*",
183
+ r"DETECTIONEVENT MPSOURCE_\S+ HackTool:(?P<threat_type>.*) file:(?P<command>.*)",
184
+ ]
185
+ )
186
+ ),
187
+ DefenderMPLogDetectionEventRecord,
188
+ ),
189
+ ]
190
+
191
+
192
+ DEFENDER_MPLOG_BLOCK_PATTERNS = [
193
+ (
194
+ re.compile(r"Begin Resource Scan"),
195
+ re.compile(r"End Scan"),
196
+ re.compile(
197
+ "".join(
198
+ [
199
+ r"Begin Resource Scan.*\n",
200
+ r"Scan ID:(?P<scan_id>[^\n]+)\n",
201
+ r"Scan Source:(?P<scan_source>\d+)\n",
202
+ r"Start Time:(?P<start_time>[0-9\-\:\s]*)\n",
203
+ r"End Time:(?P<end_time>[0-9\-\:\s]*)\n",
204
+ r".*",
205
+ r"Resource Schema:(?P<resource_schema>[^\n]+)\n",
206
+ r"Resource Path:(?P<resource_path>[^\n]+)\n",
207
+ r"Result Count:(?P<result_count>\d+)\n",
208
+ r"(?P<rest>.*)\n",
209
+ r"End Scan",
210
+ ]
211
+ ),
212
+ re.MULTILINE | re.DOTALL,
213
+ ),
214
+ DefenderMPLogResourceScanRecord,
215
+ ),
216
+ # Threat actions
217
+ (
218
+ re.compile(r"Beginning threat actions"),
219
+ re.compile(r"Finished threat actions"),
220
+ re.compile(
221
+ "".join(
222
+ [
223
+ r"Beginning threat actions\n",
224
+ r"Start time:(?P<ts>[0-9\-\:\s]*)\n",
225
+ r"(?P<rest>.*)\n",
226
+ r"Finished threat actions",
227
+ ]
228
+ ),
229
+ re.MULTILINE | re.DOTALL,
230
+ ),
231
+ DefenderMPLogThreatActionRecord,
232
+ ),
233
+ # RTP
234
+ (
235
+ re.compile(r"\*\*RTP Perf Log\*\*"),
236
+ re.compile(r"\*\*END RTP Perf Log\*\*"),
237
+ re.compile(
238
+ "".join(
239
+ [
240
+ r"\*+RTP Perf Log\*+\n",
241
+ r"RTP Start:(?P<ts>.*)\n",
242
+ r"Last Perf:(?P<last_perf>.*)\n",
243
+ r"First RTP Scan:(?P<first_rtp_scan>.*)\n",
244
+ r"Plugin States:(?P<plugin_states>.*)\n",
245
+ r"Process Exclusions:\n(?P<process_exclusions>.*)",
246
+ r"Path Exclusions:\n(?P<path_exclusions>.*)",
247
+ r"Ext Exclusions:\n(?P<ext_exclusions>.*)",
248
+ r"Worker Threads",
249
+ ]
250
+ ),
251
+ re.MULTILINE | re.DOTALL,
252
+ ),
253
+ DefenderMPLogRTPRecord,
254
+ ),
255
+ # BM Telemetry (block)
256
+ (
257
+ re.compile(r"BEGIN BM telemetry"),
258
+ re.compile(r"END BM telemetry"),
259
+ re.compile(
260
+ "".join(
261
+ [
262
+ r"BEGIN BM telemetry\n",
263
+ r"(GUID):(?P<guid>.+)\n",
264
+ r"(SignatureID):(?P<signature_id>.+)\n",
265
+ r"(SigSha):(?P<sigsha>.+)\n",
266
+ r"(ThreatLevel):(?P<threat_level>.+)\n",
267
+ r"(ProcessID):(?P<process_id>.+)\n",
268
+ r"(ProcessCreationTime):(?P<process_creation_time>.+)\n",
269
+ r"(SessionID):(?P<session_id>.+)\n",
270
+ r"(CreationTime):(?P<ts>.+)\n",
271
+ r"(ImagePath):(?P<image_path>.+)\n",
272
+ r"(Taint Info):(?P<taint_info>.+)\n",
273
+ r"(Operations):(?P<operations>.+)\n",
274
+ r"END BM telemetry",
275
+ ]
276
+ )
277
+ ),
278
+ DefenderMPLogBMTelemetryRecord,
279
+ ),
280
+ ]
281
+
282
+ DEFENDER_MPLOG_LINE = re.compile(r"^\s+(.*)$", re.MULTILINE)