dissect.target 3.19.dev12__py3-none-any.whl → 3.19.dev14__py3-none-any.whl

dissect/target/plugins/apps/remoteaccess/anydesk.py

@@ -1,91 +1,111 @@
-from datetime import datetime
+import re
+from datetime import datetime, timezone
+from typing import Iterator
 
 from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
 from dissect.target.plugins.apps.remoteaccess.remoteaccess import (
+    GENERIC_LOG_RECORD_FIELDS,
     RemoteAccessPlugin,
-    RemoteAccessRecord,
 )
+from dissect.target.plugins.general.users import UserDetails
 
 
 class AnydeskPlugin(RemoteAccessPlugin):
-    """
-    Anydesk plugin.
-    """
+    """Anydesk plugin."""
 
     __namespace__ = "anydesk"
 
     # Anydesk logs when installed as a service
     SERVICE_GLOBS = [
-        "/sysvol/ProgramData/AnyDesk/*.trace",  # Standard client >= Windows 7
-        "/sysvol/ProgramData/AnyDesk/ad_*/*.trace",  # Custom client >= Windows 7
-        "/var/log/anydesk*.trace",  # Standard/Custom client Linux/MacOS
+        # Standard client >= Windows 7
+        "sysvol/ProgramData/AnyDesk/*.trace",
+        # Custom client >= Windows 7
+        "sysvol/ProgramData/AnyDesk/ad_*/*.trace",
+        # Windows XP / 2003
+        "sysvol/Documents and Settings/Public/AnyDesk/*.trace",
+        "sysvol/Documents and Settings/Public/AnyDesk/ad_*/*.trace",
+        # Standard/Custom client Linux/MacOS
+        "var/log/anydesk*/*.trace",
     ]
 
     # User specific Anydesk logs
     USER_GLOBS = [
-        "appdata/roaming/AnyDesk/*.trace",  # Standard client Windows
-        "appdata/roaming/AnyDesk/ad_*/*.trace",  # Custom client Windows
-        ".anydesk/*.trace",  # Standard client Linux/MacOS
-        ".anydesk_ad_*/*.trace",  # Custom client Linux/MacOS
+        # Standard client Windows
+        "AppData/Roaming/AnyDesk/*.trace",
+        # Custom client Windows
+        "AppData/Roaming/AnyDesk/ad_*/*.trace",
+        # Windows XP / 2003
+        "AppData/AnyDesk/*.trace",
+        # Standard client Linux/MacOS
+        ".anydesk/*.trace",
+        # Custom client Linux/MacOS
+        ".anydesk_ad_*/*.trace",
     ]
 
+    RemoteAccessLogRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+        "remoteaccess/anydesk/log", GENERIC_LOG_RECORD_FIELDS
+    )
+
     def __init__(self, target):
         super().__init__(target)
 
-        self.logfiles = []
+        self.trace_files: set[tuple[TargetPath, UserDetails]] = set()
 
-        # Check service globs
+        # Service globs
         user = None
-        for log_glob in self.SERVICE_GLOBS:
-            for logfile in self.target.fs.glob(log_glob):
-                self.logfiles.append([logfile, user])
+        for trace_glob in self.SERVICE_GLOBS:
+            for trace_file in self.target.fs.path().glob(trace_glob):
+                self.trace_files.add((trace_file, user))
 
-        # Anydesk logs when as user
+        # User globs
         for user_details in self.target.user_details.all_with_home():
-            for log_glob in self.USER_GLOBS:
-                for logfile in user_details.home_path.glob(log_glob):
-                    self.logfiles.append([logfile, user_details.user])
+            for trace_glob in self.USER_GLOBS:
+                for trace_file in user_details.home_path.glob(trace_glob):
+                    self.trace_files.add((trace_file, user_details.user))
 
     def check_compatible(self) -> None:
-        if not (len(self.logfiles)):
-            raise UnsupportedPluginError("No Anydesk logs found")
+        if not self.trace_files:
+            raise UnsupportedPluginError("No Anydesk trace files found on target")
 
-    @export(record=RemoteAccessRecord)
-    def logs(self):
-        """Return the content of the AnyDesk logs.
+    @export(record=RemoteAccessLogRecord)
+    def logs(self) -> Iterator[RemoteAccessLogRecord]:
+        """Parse AnyDesk trace files.
 
         AnyDesk is a remote desktop application and can be used by adversaries to get (persistent) access to a machine.
-        Log files (.trace files) are retrieved from various location based on OS and client type.
+        Log files (.trace files) can be stored on various locations, based on target OS and client type.
+        Timestamps in trace files do not carry a time zone designator (TZD) but are in fact UTC.
 
         References:
             - https://www.inversecos.com/2021/02/forensic-analysis-of-anydesk-logs.html
             - https://support.anydesk.com/knowledge/trace-files#trace-file-locations
         """
-        for logfile, user in self.logfiles:
-            logfile = self.target.fs.path(logfile)
-
-            for line in logfile.open("rt"):
+        for trace_file, user in self.trace_files:
+            for line in trace_file.open("rt", errors="backslashreplace"):
                 line = line.strip()
 
-                # Skip empty lines
-                if not line:
-                    continue
-
-                if "* * * * * * * * * * * * * *" in line:
+                if not line or "* * * * * * * * * * * * * *" in line:
                     continue
 
-                level, ts_day, ts_time, description = line.split(" ", 3)
-                description = f"{level} {description}"
-                ts_time = ts_time.split(".")[0]
-
-                timestamp = datetime.strptime(f"{ts_day} {ts_time}", "%Y-%m-%d %H:%M:%S")
-
-                yield RemoteAccessRecord(
-                    ts=timestamp,
-                    tool="anydesk",
-                    logfile=str(logfile),
-                    description=description,
-                    _target=self.target,
-                    _user=user,
-                )
+                try:
+                    level, ts_date, ts_time, message = line.split(" ", 3)
+
+                    timestamp = datetime.strptime(f"{ts_date} {ts_time}", "%Y-%m-%d %H:%M:%S.%f").replace(
+                        tzinfo=timezone.utc
+                    )
+                    message = re.sub(r"\s\s+", " ", f"{level} {message}")
+
+                    yield self.RemoteAccessLogRecord(
+                        ts=timestamp,
+                        message=message,
+                        source=trace_file,
+                        _target=self.target,
+                        _user=user,
+                    )
+
+                except ValueError as e:
+                    self.target.log.warning("Could not parse log line in file %s: '%s'", trace_file, line)
+                    self.target.log.debug("", exc_info=e)

dissect/target/plugins/apps/remoteaccess/remoteaccess.py

@@ -2,14 +2,14 @@ from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExt
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import NamespacePlugin
 
-RemoteAccessRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "application/log/remoteaccess",
-    [
-        ("datetime", "ts"),
-        ("string", "tool"),
-        ("path", "logfile"),
-        ("string", "description"),
-    ],
+GENERIC_LOG_RECORD_FIELDS = [
+    ("datetime", "ts"),
+    ("string", "message"),
+    ("path", "source"),
+]
+
+RemoteAccessLogRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+    "remoteaccess/log", GENERIC_LOG_RECORD_FIELDS
 )
 
 

dissect/target/plugins/apps/remoteaccess/teamviewer.py

@@ -1,60 +1,72 @@
 import re
-from datetime import datetime
+from datetime import datetime, timezone
+from typing import Iterator
 
 from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
 from dissect.target.plugins.apps.remoteaccess.remoteaccess import (
+    GENERIC_LOG_RECORD_FIELDS,
     RemoteAccessPlugin,
-    RemoteAccessRecord,
 )
+from dissect.target.plugins.general.users import UserDetails
 
 START_PATTERN = re.compile(r"^(\d{2}|\d{4})/")
 
 
-class TeamviewerPlugin(RemoteAccessPlugin):
-    """
-    Teamviewer plugin.
+class TeamViewerPlugin(RemoteAccessPlugin):
+    """TeamViewer client plugin.
+
+    Resources:
+        - https://teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/contact-support/find-your-log-files
+        - https://www.systoolsgroup.com/forensics/teamviewer/
+        - https://benleeyr.wordpress.com/2020/05/19/teamviewer-forensics-tested-on-v15/
     """
 
     __namespace__ = "teamviewer"
 
-    # Teamviewer log when service (Windows)
-    GLOBS = [
+    SYSTEM_GLOBS = [
         "sysvol/Program Files/TeamViewer/*.log",
         "sysvol/Program Files (x86)/TeamViewer/*.log",
     ]
 
+    USER_GLOBS = [
+        "AppData/Roaming/TeamViewer/teamviewer*_logfile.log",
+    ]
+
+    RemoteAccessLogRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+        "remoteaccess/teamviewer/log", GENERIC_LOG_RECORD_FIELDS
+    )
+
     def __init__(self, target):
         super().__init__(target)
 
-        self.logfiles = []
+        self.logfiles: list[list[TargetPath, UserDetails]] = []
 
-        # Check service globs
-        user = None
-        for log_glob in self.GLOBS:
+        # Find system service log files.
+        for log_glob in self.SYSTEM_GLOBS:
             for logfile in self.target.fs.glob(log_glob):
-                self.logfiles.append([logfile, user])
+                self.logfiles.append([logfile, None])
 
-        # Teamviewer logs when as user (Windows)
+        # Find user log files.
         for user_details in self.target.user_details.all_with_home():
-            for logfile in user_details.home_path.glob("appdata/roaming/teamviewer/teamviewer*_logfile.log"):
-                self.logfiles.append([logfile, user_details.user])
+            for log_glob in self.USER_GLOBS:
+                for logfile in user_details.home_path.glob(log_glob):
+                    self.logfiles.append([logfile, user_details])
 
     def check_compatible(self) -> None:
         if not len(self.logfiles):
             raise UnsupportedPluginError("No Teamviewer logs found")
 
-    @export(record=RemoteAccessRecord)
-    def logs(self):
-        """Return the content of the TeamViewer logs.
-
-        TeamViewer is a commercial remote desktop application. An adversary may use it to gain persistence on a
-        system.
+    @export(record=RemoteAccessLogRecord)
+    def logs(self) -> Iterator[RemoteAccessLogRecord]:
+        """Yield TeamViewer client logs.
 
-        References:
-            - https://www.teamviewer.com/nl/
+        TeamViewer is a commercial remote desktop application. An adversary may use it to gain persistence on a system.
         """
-        for logfile, user in self.logfiles:
+        for logfile, user_details in self.logfiles:
             logfile = self.target.fs.path(logfile)
 
             start_date = None
@@ -83,7 +95,7 @@ class TeamviewerPlugin(RemoteAccessPlugin):
                     if not re.match(START_PATTERN, line):
                         continue
 
-                    ts_day, ts_time, description = line.split(" ", 2)
+                    ts_day, ts_time, message = line.split(" ", 2)
                     ts_time = ts_time.split(".")[0]
 
                     # Correct for use of : as millisecond separator
@@ -99,13 +111,14 @@ class TeamviewerPlugin(RemoteAccessPlugin):
                     if ts_day.count("/") == 2 and len(ts_day.split("/")[0]) == 2:
                         ts_day = "20" + ts_day
 
-                    timestamp = datetime.strptime(f"{ts_day} {ts_time}", "%Y/%m/%d %H:%M:%S")
+                    timestamp = datetime.strptime(f"{ts_day} {ts_time}", "%Y/%m/%d %H:%M:%S").replace(
+                        tzinfo=timezone.utc
+                    )
 
-                    yield RemoteAccessRecord(
-                        tool="teamviewer",
+                    yield self.RemoteAccessLogRecord(
                         ts=timestamp,
-                        logfile=str(logfile),
-                        description=description,
+                        message=message,
+                        source=logfile,
                         _target=self.target,
-                        _user=user,
+                        _user=user_details.user if user_details else None,
                     )

dissect/target/plugins/os/unix/_os.py

@@ -40,12 +40,18 @@ class UnixPlugin(OSPlugin):
     @export(record=UnixUserRecord)
     @arg("--sessions", action="store_true", help="Parse syslog for recent user sessions")
     def users(self, sessions: bool = False) -> Iterator[UnixUserRecord]:
-        """Recover users from /etc/passwd, /etc/master.passwd or /var/log/syslog session logins."""
+        """Yield unix user records from passwd files or syslog session logins.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html
+        """
+
+        PASSWD_FILES = ["/etc/passwd", "/etc/passwd-", "/etc/master.passwd"]
 
         seen_users = set()
 
         # Yield users found in passwd files.
-        for passwd_file in ["/etc/passwd", "/etc/master.passwd"]:
+        for passwd_file in PASSWD_FILES:
             if (path := self.target.fs.path(passwd_file)).exists():
                 for line in path.open("rt"):
                     line = line.strip()
@@ -53,7 +59,12 @@ class UnixPlugin(OSPlugin):
                         continue
 
                     pwent = dict(enumerate(line.split(":")))
-                    seen_users.add((pwent.get(0), pwent.get(5), pwent.get(6)))
+
+                    current_user = (pwent.get(0), pwent.get(5), pwent.get(6))
+                    if current_user in seen_users:
+                        continue
+
+                    seen_users.add(current_user)
                     yield UnixUserRecord(
                         name=pwent.get(0),
                         passwd=pwent.get(1),

dissect/target/plugins/os/unix/shadow.py

@@ -29,39 +29,55 @@ class ShadowPlugin(Plugin):
         if not self.target.fs.path("/etc/shadow").exists():
             raise UnsupportedPluginError("No shadow file found")
 
+    SHADOW_FILES = ["/etc/shadow", "/etc/shadow-"]
+
     @export(record=UnixShadowRecord)
     def passwords(self) -> Iterator[UnixShadowRecord]:
-        """Recover shadow records from /etc/shadow files."""
-
-        if (path := self.target.fs.path("/etc/shadow")).exists():
-            for line in path.open("rt"):
-                line = line.strip()
-                if line == "" or line.startswith("#"):
-                    continue
-
-                shent = dict(enumerate(line.split(":")))
-                crypt = extract_crypt_details(shent)
-
-                # do not return a shadow record if we have no hash
-                if crypt.get("hash") is None or crypt.get("hash") == "":
-                    continue
-
-                yield UnixShadowRecord(
-                    name=shent.get(0),
-                    crypt=shent.get(1),
-                    algorithm=crypt.get("algo"),
-                    crypt_param=crypt.get("param"),
-                    salt=crypt.get("salt"),
-                    hash=crypt.get("hash"),
-                    last_change=shent.get(2),
-                    min_age=shent.get(3),
-                    max_age=shent.get(4),
-                    warning_period=shent.get(5),
-                    inactivity_period=shent.get(6),
-                    expiration_date=shent.get(7),
-                    unused_field=shent.get(8),
-                    _target=self.target,
-                )
+        """Yield shadow records from /etc/shadow files.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html#file:/etc/shadow
+        """
+
+        seen_hashes = set()
+
+        for shadow_file in self.SHADOW_FILES:
+            if (path := self.target.fs.path(shadow_file)).exists():
+                for line in path.open("rt"):
+                    line = line.strip()
+                    if line == "" or line.startswith("#"):
+                        continue
+
+                    shent = dict(enumerate(line.split(":")))
+                    crypt = extract_crypt_details(shent)
+
+                    # do not return a shadow record if we have no hash
+                    if crypt.get("hash") is None or crypt.get("hash") == "":
+                        continue
+
+                    # prevent duplicate user hashes
+                    current_hash = (shent.get(0), crypt.get("hash"))
+                    if current_hash in seen_hashes:
+                        continue
+
+                    seen_hashes.add(current_hash)
+
+                    yield UnixShadowRecord(
+                        name=shent.get(0),
+                        crypt=shent.get(1),
+                        algorithm=crypt.get("algo"),
+                        crypt_param=crypt.get("param"),
+                        salt=crypt.get("salt"),
+                        hash=crypt.get("hash"),
+                        last_change=shent.get(2),
+                        min_age=shent.get(3),
+                        max_age=shent.get(4),
+                        warning_period=shent.get(5),
+                        inactivity_period=shent.get(6),
+                        expiration_date=shent.get(7),
+                        unused_field=shent.get(8),
+                        _target=self.target,
+                    )
 
 
 def extract_crypt_details(shent: dict) -> dict:

{dissect.target-3.19.dev12.dist-info → dissect.target-3.19.dev14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.19.dev12
+Version: 3.19.dev14
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.19.dev12.dist-info → dissect.target-3.19.dev14.dist-info}/RECORD

@@ -128,9 +128,9 @@ dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=KxQRbKGgxkf3YFBMa7fjeJ7qo8qjFys7zEmfQhDTnLw,15305
 dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/remoteaccess/anydesk.py,sha256=lHtgINWXfVpPuCTRyQmT2ZO-1vkoqiXZ7coj8cZ8p4c,3185
-dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=UQDmDC4Y-KxYl_8kaAh6SG_BLJZ6SeGnxG0gyD8tzaE,833
-dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=SiEH36HM2NvdPuCjfLjQcMDsluwkcHp_3io9SoY8qFk,4032
+dissect/target/plugins/apps/remoteaccess/anydesk.py,sha256=IdijK3F6ppaB_IgKL-xDljlEbb8l9S2U0xSWKqK9xRs,4294
+dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=DWXkRDVUpFr1icK2fYwSXdZD204Xz0yRuO7rcJOwIwc,825
+dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=0nGjgbzzrhESr1PeiXlGxYQ66-aOATO59CnVSwcGn4E,4889
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -183,7 +183,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=cQXPQ2XbkPjckCPHYTUW4JEhYN0_CT8JI8hJPZn3qSs,3030
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=VQHx8PDhJ0NHzNuo3RIN3DGXkLqpGXbQe8M5ZbtI5nM,14277
+dissect/target/plugins/os/unix/_os.py,sha256=GcbP8HbK1XtwYFGbl8x0BdfoLAC2ROv9xieeFGI5dWM,14557
 dissect/target/plugins/os/unix/cronjobs.py,sha256=2ssj97UVJueyATVl7NMJmqd9uHflQ2tXUqdOCFIEje8,3182
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
 dissect/target/plugins/os/unix/etc.py,sha256=HoPEC1hxqurSnAXQAK-jf_HxdBIDe-1z_qSw_n-ViI4,258
@@ -191,7 +191,7 @@ dissect/target/plugins/os/unix/generic.py,sha256=6_MJrV1LbIxNQJwAZR0HEQljoxwF5BP
 dissect/target/plugins/os/unix/history.py,sha256=ptNGHkHOLJ5bE4r1PqtkQFcQHqzS6-qe5ms1tTGOJp8,6620
 dissect/target/plugins/os/unix/locale.py,sha256=V3R7mEyrH3f-h7SGAucByaYYDA2SIil9Qb-s3dPmDEA,3961
 dissect/target/plugins/os/unix/packagemanager.py,sha256=Wm2AAJOD_B3FAcZNXgWtSm_YwbvrHBYOP8bPmOXNjG4,2427
-dissect/target/plugins/os/unix/shadow.py,sha256=TvN04uzFnUttNMZAa6_1XdXSP-8V6ztbZNoetDvfD0w,3535
+dissect/target/plugins/os/unix/shadow.py,sha256=W6W6rMru7IVnuBc6sl5wsRWTOrJdS1s7_2_q7QRf7Is,4148
 dissect/target/plugins/os/unix/bsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/bsd/_os.py,sha256=e5rttTOFOmd7e2HqP9ZZFMEiPLBr-8rfH0XH1IIeroQ,1372
 dissect/target/plugins/os/unix/bsd/citrix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -344,10 +344,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.19.dev12.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.19.dev12.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.19.dev12.dist-info/METADATA,sha256=UR_OR6Mke9csuzDPtguApwOU8mClzRRkkWmmiqNv364,12719
-dissect.target-3.19.dev12.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
-dissect.target-3.19.dev12.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.19.dev12.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.19.dev12.dist-info/RECORD,,
+dissect.target-3.19.dev14.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.19.dev14.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.19.dev14.dist-info/METADATA,sha256=QY-pX_0ABwGcA1nW1mG6NJZ_K2DoaG6-lOaFvH-ZORI,12719
+dissect.target-3.19.dev14.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
+dissect.target-3.19.dev14.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.19.dev14.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.19.dev14.dist-info/RECORD,,