dissect.target 3.20.dev38__py3-none-any.whl → 3.20.dev40__py3-none-any.whl

dissect/target/helpers/record.py

@@ -185,3 +185,24 @@ MacInterfaceRecord = TargetRecordDescriptor(
         ("boolean", "dhcp"),
     ],
 )
+
+
+COMMON_APPLICATION_FIELDS = [
+    ("datetime", "ts_modified"),
+    ("datetime", "ts_installed"),
+    ("string", "name"),
+    ("string", "version"),
+    ("string", "author"),
+    ("string", "type"),
+    ("path", "path"),
+]
+
+UnixApplicationRecord = TargetRecordDescriptor(
+    "unix/application",
+    COMMON_APPLICATION_FIELDS,
+)
+
+WindowsApplicationRecord = TargetRecordDescriptor(
+    "windows/application",
+    COMMON_APPLICATION_FIELDS,
+)

dissect/target/helpers/regutil.py

@@ -310,6 +310,7 @@ class VirtualKey(RegistryKey):
         self._class_name = class_name
         self._values: dict[str, RegistryValue] = {}
         self._subkeys: dict[str, RegistryKey] = {}
+        self._timestamp: datetime = None
         self.top: RegistryKey = None
         super().__init__(hive=hive)
 
@@ -339,11 +340,19 @@ class VirtualKey(RegistryKey):
         return self._path
 
     @property
-    def timestamp(self) -> datetime:
+    def timestamp(self) -> datetime | None:
         if self.top:
             return self.top.timestamp
+
+        if self._timestamp:
+            return self._timestamp
+
         return None
 
+    @timestamp.setter
+    def timestamp(self, ts: datetime) -> None:
+        self._timestamp = ts
+
     def subkey(self, subkey: str) -> RegistryKey:
         try:
             return self._subkeys[subkey.lower()]

dissect/target/plugins/apps/editor/editor.py

@@ -0,0 +1,23 @@
+from dissect.target.plugin import NamespacePlugin, export
+
+COMMON_EDITOR_FIELDS = [
+    ("datetime", "ts"),
+    ("string", "editor"),
+    ("path", "source"),
+]
+
+
+class EditorPlugin(NamespacePlugin):
+    """Editor plugin."""
+
+    __namespace__ = "editor"
+
+    @export
+    def extensions(self) -> None:
+        """Yields installed extensions."""
+        raise NotImplementedError
+
+    @export
+    def history(self) -> None:
+        """Yields history of files."""
+        raise NotImplementedError

dissect/target/plugins/apps/{texteditor → editor}/windowsnotepad.py

@@ -16,11 +16,8 @@ from dissect.target.helpers.record import (
     WindowsUserRecord,
     create_extended_descriptor,
 )
-from dissect.target.plugin import export
-from dissect.target.plugins.apps.texteditor.texteditor import (
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS,
-    TexteditorPlugin,
-)
+from dissect.target.plugin import alias, export
+from dissect.target.plugins.apps.editor.editor import COMMON_EDITOR_FIELDS, EditorPlugin
 from dissect.target.target import Target
 
 # Thanks to @Nordgaren, @daddycocoaman, @JustArion and @ogmini for their suggestions and feedback in the PR
@@ -94,16 +91,25 @@ struct options_v2 {
 };
 """
 
-WINDOWS_SAVED_TABS_EXTRA_FIELDS = [("datetime", "modification_time"), ("digest", "hashes"), ("path", "saved_path")]
+GENERIC_TAB_CONTENTS_RECORD_FIELDS = [
+    ("string", "content"),
+    ("path", "path"),
+    ("string", "deleted_content"),
+]
 
 WindowsNotepadUnsavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/windowsnotepad/tab/unsaved",
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS,
+    "application/editor/windowsnotepad/tab/unsaved",
+    COMMON_EDITOR_FIELDS + GENERIC_TAB_CONTENTS_RECORD_FIELDS,
 )
 
 WindowsNotepadSavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/windowsnotepad/tab/saved",
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS + WINDOWS_SAVED_TABS_EXTRA_FIELDS,
+    "application/editor/windowsnotepad/tab/saved",
+    COMMON_EDITOR_FIELDS
+    + GENERIC_TAB_CONTENTS_RECORD_FIELDS
+    + [
+        ("digest", "digest"),
+        ("path", "saved_path"),
+    ],
 )
 
 c_windowstab = cstruct().load(windowstab_def)
@@ -264,7 +270,7 @@ class WindowsNotepadTab:
         self.deleted_content = deleted_content if deleted_content else None
 
 
-class WindowsNotepadPlugin(TexteditorPlugin):
+class WindowsNotepadPlugin(EditorPlugin):
     """Windows notepad tab content plugin."""
 
     __namespace__ = "windowsnotepad"
@@ -273,28 +279,27 @@ class WindowsNotepadPlugin(TexteditorPlugin):
 
     def __init__(self, target: Target):
         super().__init__(target)
-        self.users_tabs: list[TargetPath, UnixUserRecord | WindowsUserRecord] = []
+        self.users_tabs: set[TargetPath, UnixUserRecord | WindowsUserRecord] = set()
         for user_details in self.target.user_details.all_with_home():
             for tab_file in user_details.home_path.glob(self.GLOB):
-                # These files seem to contain information on different settings / configurations,
-                # and are skipped for now
+                # These files contain information on different settings / configurations, and are skipped for now.
                 if tab_file.name.endswith(".1.bin") or tab_file.name.endswith(".0.bin"):
                     continue
 
-                self.users_tabs.append((tab_file, user_details.user))
+                self.users_tabs.add((tab_file, user_details.user))
 
     def check_compatible(self) -> None:
         if not self.users_tabs:
             raise UnsupportedPluginError("No Windows Notepad tab files found")
 
+    @alias("tabs")
     @export(record=[WindowsNotepadSavedTabRecord, WindowsNotepadUnsavedTabRecord])
-    def tabs(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
+    def history(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
         """Return contents from Windows 11 Notepad tabs - and its deleted content if available.
 
         Windows Notepad application for Windows 11 is now able to restore both saved and unsaved tabs when you re-open
         the application.
 
-
         Resources:
             - https://github.com/fox-it/dissect.target/pull/540
             - https://github.com/JustArion/Notepad-Tabs
@@ -304,37 +309,41 @@ class WindowsNotepadPlugin(TexteditorPlugin):
             - https://github.com/Nordgaren/tabstate-util/issues/1
             - https://medium.com/@mahmoudsoheem/new-digital-forensics-artifact-from-windows-notepad-527645906b7b
 
-        Yields a WindowsNotepadSavedTabRecord or WindowsNotepadUnsavedTabRecord. with fields:
+        Yields ``WindowsNotepadSavedTabRecord`` or ``WindowsNotepadUnsavedTabRecord`` records:
 
         .. code-block:: text
 
-            content (string): The content of the tab.
-            path (path): The path to the tab file.
-            deleted_content (string): The deleted content of the tab, if available.
-            hashes (digest): A digest of the tab content.
-            saved_path (path): The path where the tab was saved.
-            modification_time (datetime): The modification time of the tab.
+            ts              (datetime): The modification time of the tab.
+            content         (string):   The content of the tab.
+            path            (path):     The path to the tab file.
+            deleted_content (string):   The deleted content of the tab, if available.
+            digest          (digest):   A digest of the tab content.
+            saved_path      (path):     The path where the tab was saved.
         """
         for file, user in self.users_tabs:
-            # Parse the file
-            tab: WindowsNotepadTab = WindowsNotepadTab(file)
+            tab = WindowsNotepadTab(file)
 
             if tab.is_saved:
                 yield WindowsNotepadSavedTabRecord(
+                    ts=wintimestamp(tab.tab_header.timestamp),
+                    editor="windowsnotepad",
                     content=tab.content,
                     path=tab.file,
                     deleted_content=tab.deleted_content,
-                    hashes=digest((None, None, tab.tab_header.sha256.hex())),
+                    digest=digest((None, None, tab.tab_header.sha256.hex())),
                     saved_path=tab.tab_header.filePath,
-                    modification_time=wintimestamp(tab.tab_header.timestamp),
-                    _target=self.target,
+                    source=file,
                     _user=user,
+                    _target=self.target,
                 )
+
             else:
                 yield WindowsNotepadUnsavedTabRecord(
+                    editor="windowsnotepad",
                     content=tab.content,
+                    deleted_content=tab.deleted_content,
                     path=tab.file,
-                    _target=self.target,
+                    source=file,
                     _user=user,
-                    deleted_content=tab.deleted_content,
+                    _target=self.target,
                 )

dissect/target/plugins/os/unix/applications.py

@@ -0,0 +1,78 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers import configutil
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import UnixApplicationRecord
+from dissect.target.plugin import Plugin, export
+from dissect.target.target import Target
+
+
+class UnixApplicationsPlugin(Plugin):
+    """Unix Applications plugin."""
+
+    SYSTEM_PATHS = [
+        "/usr/share/applications/",
+        "/usr/local/share/applications/",
+        "/var/lib/snapd/desktop/applications/",
+        "/var/lib/flatpak/exports/share/applications/",
+    ]
+
+    USER_PATHS = [
+        ".local/share/applications/",
+    ]
+
+    SYSTEM_APPS = ("org.gnome.",)
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.desktop_files = list(self._find_desktop_files())
+
+    def _find_desktop_files(self) -> Iterator[TargetPath]:
+        for dir in self.SYSTEM_PATHS:
+            for file in self.target.fs.path(dir).glob("*.desktop"):
+                yield file
+
+        for user_details in self.target.user_details.all_with_home():
+            for dir in self.USER_PATHS:
+                for file in user_details.home_path.joinpath(dir).glob("*.desktop"):
+                    yield file
+
+    def check_compatible(self) -> None:
+        if not self.desktop_files:
+            raise UnsupportedPluginError("No application .desktop files found")
+
+    @export(record=UnixApplicationRecord)
+    def applications(self) -> Iterator[UnixApplicationRecord]:
+        """Yield installed Unix GUI applications from GNOME and XFCE.
+
+        Resources:
+            - https://wiki.archlinux.org/title/Desktop_entries
+            - https://specifications.freedesktop.org/desktop-entry-spec/latest/
+            - https://unix.stackexchange.com/questions/582928/where-gnome-apps-are-installed
+
+        Yields ``UnixApplicationRecord`` records with the following fields:
+
+        .. code-block:: text
+
+            ts_modified  (datetime): timestamp when the installation was modified
+            ts_installed (datetime): timestamp when the application was installed on the system
+            name         (string):   name of the application
+            version      (string):   version of the application
+            author       (string):   author of the application
+            type         (string):   type of the application, either user or system
+            path         (string):   path to the desktop file entry of the application
+        """
+        for file in self.desktop_files:
+            config = configutil.parse(file, hint="ini").get("Desktop Entry") or {}
+            stat = file.lstat()
+
+            yield UnixApplicationRecord(
+                ts_modified=stat.st_mtime,
+                ts_installed=stat.st_btime if hasattr(stat, "st_btime") else None,
+                name=config.get("Name"),
+                version=config.get("Version"),
+                path=config.get("Exec"),
+                type="system" if config.get("Icon", "").startswith(self.SYSTEM_APPS) else "user",
+                _target=self.target,
+            )

dissect/target/plugins/os/unix/linux/debian/snap.py

@@ -0,0 +1,79 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.filesystems.squashfs import SquashFSFilesystem
+from dissect.target.helpers import configutil
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import UnixApplicationRecord
+from dissect.target.plugin import Plugin, alias, export
+from dissect.target.target import Target
+
+
+class SnapPlugin(Plugin):
+    """Canonical Linux Snapcraft plugin."""
+
+    PATHS = [
+        "/var/lib/snapd/snaps",
+    ]
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.installs = list(self._find_installs())
+
+    def check_compatible(self) -> None:
+        if not configutil.HAS_YAML:
+            raise UnsupportedPluginError("Missing required dependency ruamel.yaml")
+
+        if not self.installs:
+            raise UnsupportedPluginError("No snapd install folder(s) found")
+
+    def _find_installs(self) -> Iterator[TargetPath]:
+        for str_path in self.PATHS:
+            if (path := self.target.fs.path(str_path)).exists():
+                yield path
+
+    @export(record=UnixApplicationRecord)
+    @alias("snaps")
+    def snap(self) -> Iterator[UnixApplicationRecord]:
+        """Yields installed Canonical Linux Snapcraft (snaps) applications on the target system.
+
+        Reads information from installed SquashFS ``*.snap`` files found in ``/var/lib/snapd/snaps``.
+        Logs of the ``snapd`` daemon can be parsed using the ``journal`` or ``syslog`` plugins.
+
+        Resources:
+            - https://github.com/canonical/snapcraft
+            - https://en.wikipedia.org/wiki/Snap_(software)
+
+        Yields ``UnixApplicationRecord`` records with the following fields:
+
+        .. code-block:: text
+
+            ts_modified  (datetime): timestamp when the installation was modified
+            name         (string):   name of the application
+            version      (string):   version of the application
+            path         (string):   path to the application snap file
+        """
+
+        for install_path in self.installs:
+            for snap in install_path.glob("*.snap"):
+                try:
+                    squashfs = SquashFSFilesystem(snap.open())
+
+                except (ValueError, NotImplementedError) as e:
+                    self.target.log.warning("Unable to open snap file %s", snap)
+                    self.target.log.debug("", exc_info=e)
+                    continue
+
+                if not (meta := squashfs.path("meta/snap.yaml")).exists():
+                    self.target.log.warning("Snap %s has no meta/snap.yaml file")
+                    continue
+
+                meta_data = configutil.parse(meta, hint="yaml")
+
+                yield UnixApplicationRecord(
+                    ts_modified=meta.lstat().st_mtime,
+                    name=meta_data.get("name"),
+                    version=meta_data.get("version"),
+                    path=snap,
+                    _target=self.target,
+                )

dissect/target/plugins/os/unix/packagemanager.py

@@ -6,7 +6,7 @@ from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import NamespacePlugin
 
 PackageManagerLogRecord = TargetRecordDescriptor(
-    "unix/log/packagemanager",
+    "unix/packagemanager/log",
     [
         ("datetime", "ts"),
         ("string", "package_manager"),

dissect/target/plugins/os/windows/regf/applications.py

@@ -0,0 +1,62 @@
+from datetime import datetime
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import WindowsApplicationRecord
+from dissect.target.plugin import Plugin, export
+from dissect.target.target import Target
+
+
+class WindowsApplicationsPlugin(Plugin):
+    """Windows Applications plugin."""
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.keys = list(self.target.registry.keys("HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"))
+
+    def check_compatible(self) -> None:
+        if not self.target.has_function("registry"):
+            raise UnsupportedPluginError("No Windows registry found")
+
+        if not self.keys:
+            raise UnsupportedPluginError("No 'Uninstall' registry keys found")
+
+    @export(record=WindowsApplicationRecord)
+    def applications(self) -> Iterator[WindowsApplicationRecord]:
+        """Yields currently installed applications from the Windows registry.
+
+        Use the Windows eventlog plugin (``evtx``, ``evt``) to parse install and uninstall events
+        of applications and services (e.g. ``4697``, ``110707``, ``1034`` and ``11724``).
+
+        Resources:
+            - https://learn.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
+
+        Yields ``WindowsApplicationRecord`` records with the following fields:
+
+        .. code-block:: text
+
+            ts_modified  (datetime): timestamp when the installation was modified according to the registry
+            ts_installed (datetime): timestamp when the application was installed according to the application
+            name         (string):   name of the application
+            version      (string):   version of the application
+            author       (string):   author of the application
+            type         (string):   type of the application, either user or system
+            path         (string):   path to the installed location or installer of the application
+        """
+        for uninstall in self.keys:
+            for app in uninstall.subkeys():
+                values = {value.name: value.value for value in app.values()}
+
+                if install_date := values.get("InstallDate"):
+                    install_date = datetime.strptime(install_date, "%Y%m%d")
+
+                yield WindowsApplicationRecord(
+                    ts_modified=app.ts,
+                    ts_installed=install_date,
+                    name=values.get("DisplayName") or app.name,
+                    version=values.get("DisplayVersion"),
+                    author=values.get("Publisher"),
+                    type="system" if values.get("SystemComponent") or not values else "user",
+                    path=values.get("DisplayIcon") or values.get("InstallLocation") or values.get("InstallSource"),
+                    _target=self.target,
+                )

{dissect.target-3.20.dev38.dist-info → dissect.target-3.20.dev40.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev38
+Version: 3.20.dev40
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev38.dist-info → dissect.target-3.20.dev40.dist-info}/RECORD

@@ -60,9 +60,9 @@ dissect/target/helpers/mount.py,sha256=7Y4B0uY2c00p23hmuMKSgwAwxkKcY4spyAMO1kdcV
 dissect/target/helpers/mui.py,sha256=i-7XoHbu4WO2fYapK9yGAMW04rFlgRispknc1KQIS5Q,22258
 dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
 dissect/target/helpers/protobuf.py,sha256=b4DsnqrRLrefcDjx7rQno-_LBcwtJXxuKf5RdOegzfE,1537
-dissect/target/helpers/record.py,sha256=7Se6ZV8cvwEaGSjRd9bKhVnUAn4W4KR2eqP6AbQhTH4,5892
+dissect/target/helpers/record.py,sha256=TxG1lwW5N0V-7kuq4s2vnQh-hAbT7rVwwZLf4sIDNjM,6334
 dissect/target/helpers/record_modifier.py,sha256=cRNDhUYMmx4iEKyEr5Pqy9xiFgxr_GBNJPp_omkQsEU,4094
-dissect/target/helpers/regutil.py,sha256=ti-ht2N9UxbMjhUBP2bybY76_dAvbCz0txPBszvSKVw,28171
+dissect/target/helpers/regutil.py,sha256=dnmpceitwTeS-9L8HU_HG5OXMzCcH58o8uhj5olDWyg,28383
 dissect/target/helpers/shell_application_ids.py,sha256=hYxrP-YtHK7ZM0ectJFHfoMB8QUXLbYNKmKXMWLZRlA,38132
 dissect/target/helpers/shell_folder_ids.py,sha256=Behhb8oh0kMxrEk6YYKYigCDZe8Hw5QS6iK_d2hTs2Y,24978
 dissect/target/helpers/utils.py,sha256=K3xVq9D0FwIhTBAuiWN8ph7Pq2GABgG3hOz-3AmKuEA,4244
@@ -127,6 +127,9 @@ dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g
 dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=LTsZplaECSfO1Ysp_Y-9WsnNocsreu_iHO8fbSif3g0,16221
+dissect/target/plugins/apps/editor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/apps/editor/editor.py,sha256=yJctXY0XTfwW3GKy6XLO2WaWFQLssdBck9ZOcZSyf80,495
+dissect/target/plugins/apps/editor/windowsnotepad.py,sha256=A9cfFrqbU2zjHRrzYsCnXr-uxKAIsVIKdXXJPYMt6MU,15068
 dissect/target/plugins/apps/other/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/other/env.py,sha256=_I12S_wjyT18WlUJ5cWOy5OTI140AheH6tq743iiyys,1874
 dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -141,9 +144,6 @@ dissect/target/plugins/apps/ssh/openssh.py,sha256=e3bj9fWxvU2K9Gk9JqA2_E-opkzLTv
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=VL78AuMaacn-pGNoPwvWm_9lbhj-ZNJDmRbL-UlQpIM,5545
 dissect/target/plugins/apps/ssh/putty.py,sha256=EmsXr2NbOB13-EWS5AkpEPMUhOkVl6FAy8JGUiaDhxk,10133
 dissect/target/plugins/apps/ssh/ssh.py,sha256=d3U8PJbtMvOV3K0wV_9KzGt2oRs-mfNQz1_Xd6SNx0Y,9320
-dissect/target/plugins/apps/texteditor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/texteditor/texteditor.py,sha256=h-tF1x2hLlgeNM3W-0Z9g0mjjkb9ietT1D5c-9GaMr8,543
-dissect/target/plugins/apps/texteditor/windowsnotepad.py,sha256=BXGhcwWIW6zlQyD_nHpc1r5Lxt6WMvhfqY2PWf0A6pw,14852
 dissect/target/plugins/apps/virtualization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/virtualization/vmware_workstation.py,sha256=7G-MRZCMN6aSYfs5NpaW2wkezqlx_EXq9-GzdbvtRrk,2088
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -195,12 +195,13 @@ dissect/target/plugins/general/users.py,sha256=yy9gvRXfN9BT71v4Xqo5hpwfgN9he9Otu
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/_os.py,sha256=I-waC7Hn9rMJRI2JUDreLnU_LS54Zj3hix7BfJLV-xg,14651
+dissect/target/plugins/os/unix/applications.py,sha256=AUgZRP35FzswGyFyChj2o4dfGO34Amc6nqHgiMEaqdI,3129
 dissect/target/plugins/os/unix/cronjobs.py,sha256=tgWQ3BUZpfyvRzodMwGtwFUdPjZ17k7ZRbZ9Q8wmXPk,3393
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
 dissect/target/plugins/os/unix/generic.py,sha256=qC4zQiqpm8ilc-d1ITsccOQbbUUM8HylWB4dsFKJjAw,2171
 dissect/target/plugins/os/unix/history.py,sha256=95EXJrD5ko7iFLsYhAwvR-2wDbVBSNsyXsfZKEWMJq8,6533
 dissect/target/plugins/os/unix/locale.py,sha256=l42abqG1nGk90SDRt1DmkvqPvO5L-1GtaEwg6dj89qI,4323
-dissect/target/plugins/os/unix/packagemanager.py,sha256=XKKJuJ1p9mEQ4TGW7SEwcj1rg8fPp2aWIhnt_0i8Rhc,1279
+dissect/target/plugins/os/unix/packagemanager.py,sha256=xmisH9vMY7uR2d6lFVNuWrZrbVnKa6mYk6C3sbcLtlc,1279
 dissect/target/plugins/os/unix/shadow.py,sha256=TVQQcGhPFYV685ouqOagk4P1AsqAHseFN5lWYHPf3tI,4172
 dissect/target/plugins/os/unix/trash.py,sha256=Z-1r5VQorLauj_85TgURRLQI7ns1Q1N_922Vq8q_v18,6106
 dissect/target/plugins/os/unix/bsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -240,6 +241,7 @@ dissect/target/plugins/os/unix/linux/debian/__init__.py,sha256=47DEQpj8HBSa-_TIm
 dissect/target/plugins/os/unix/linux/debian/_os.py,sha256=GI19ZqcyfZ1mUYg2NCx93HkZje9MWMU8FYNKQv-G6go,498
 dissect/target/plugins/os/unix/linux/debian/apt.py,sha256=uKfW77pbgxYSe9g6hpih19-xfgvCB954Ygx21j-ydzk,4388
 dissect/target/plugins/os/unix/linux/debian/dpkg.py,sha256=6A3mb77NREdDWDTFrmcfCF_XxHMmD4_5eHqHEl_7Vqg,5816
+dissect/target/plugins/os/unix/linux/debian/snap.py,sha256=YVz1N54eQsj2_22LUJIj6Gg-huwT4xDEcOAZn9Tvgw4,3023
 dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/debian/vyos/_os.py,sha256=TPjcfv1n68RCe3Er4aCVQwQDCZwJT-NLvje3kPjDfhk,1744
 dissect/target/plugins/os/unix/linux/fortios/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -324,6 +326,7 @@ dissect/target/plugins/os/windows/log/pfro.py,sha256=d53Mm7ovZa9crSwVRPwjMVxTd_j
 dissect/target/plugins/os/windows/log/schedlgu.py,sha256=JaP8H8eTEypWXhx2aFSR_IMam6rQiksbLKhMr_U4fz8,5570
 dissect/target/plugins/os/windows/regf/7zip.py,sha256=Ox8cLyQtbyYQS7m4eY3onNv1K8N2IkS5wexrC55Urd4,3444
 dissect/target/plugins/os/windows/regf/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/os/windows/regf/applications.py,sha256=AZwaLXsVmqMjoZYI3dhYLvJL_8s1k1aRjSgjvqC2AxI,2898
 dissect/target/plugins/os/windows/regf/appxdebugkeys.py,sha256=X8MYLcD76pIZoIWwS_DgUp6q6pi2WO7jhZeoc4uGLak,3966
 dissect/target/plugins/os/windows/regf/auditpol.py,sha256=vTqWw0_vu9p_emWC8FuYcYQpOXhEFQQDLV0K6-18i9c,5208
 dissect/target/plugins/os/windows/regf/bam.py,sha256=jJ0i-82uteBU0hPgs81f8NV8NCeRtIklK82Me2S_ro0,2131
@@ -370,10 +373,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev38.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev38.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev38.dist-info/METADATA,sha256=Ex7zBUuPOU3i3WWpjC0GWdIp7kFkai3r89cl9anlJ3A,12897
-dissect.target-3.20.dev38.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-dissect.target-3.20.dev38.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev38.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev38.dist-info/RECORD,,
+dissect.target-3.20.dev40.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev40.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev40.dist-info/METADATA,sha256=sfc-H38qJzXkx1449zv0Y7SgicuUfJeki3JFiC6EJ4c,12897
+dissect.target-3.20.dev40.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
+dissect.target-3.20.dev40.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev40.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev40.dist-info/RECORD,,

dissect/target/plugins/apps/texteditor/texteditor.py

@@ -1,13 +0,0 @@
-from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
-from dissect.target.helpers.record import create_extended_descriptor
-from dissect.target.plugin import NamespacePlugin
-
-GENERIC_TAB_CONTENTS_RECORD_FIELDS = [("string", "content"), ("path", "path"), ("string", "deleted_content")]
-
-TexteditorTabContentRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/tab", GENERIC_TAB_CONTENTS_RECORD_FIELDS
-)
-
-
-class TexteditorPlugin(NamespacePlugin):
-    __namespace__ = "texteditor"