dissect.target 3.20.dev47__py3-none-any.whl → 3.20.dev49__py3-none-any.whl

dissect/target/plugins/os/unix/_os.py

@@ -4,7 +4,6 @@ import logging
 import re
 import uuid
 from pathlib import Path
-from struct import unpack
 from typing import Iterator
 
 from flow.record.fieldtypes import posix_path
@@ -19,6 +18,25 @@ from dissect.target.target import Target
 log = logging.getLogger(__name__)
 
 
+# https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+ARCH_MAP = {
+    0x00: "unknown",
+    0x02: "sparc",
+    0x03: "x86",
+    0x08: "mips",
+    0x14: "powerpc32",
+    0x15: "powerpc64",
+    0x16: "s390",  # and s390x
+    0x28: "aarch32",  # armv7
+    0x2A: "superh",
+    0x32: "ia-64",
+    0x3E: "x86_64",
+    0xB7: "aarch64",  # armv8
+    0xF3: "riscv64",
+    0xF7: "bpf",
+}
+
+
 class UnixPlugin(OSPlugin):
     def __init__(self, target: Target):
         super().__init__(target)
@@ -301,37 +319,30 @@ class UnixPlugin(OSPlugin):
                                 continue
         return os_release
 
-    def _get_architecture(self, os: str = "unix", path: str = "/bin/ls") -> str | None:
-        arch_strings = {
-            0x00: "Unknown",
-            0x02: "SPARC",
-            0x03: "x86",
-            0x08: "MIPS",
-            0x14: "PowerPC",
-            0x16: "S390",
-            0x28: "ARM",
-            0x2A: "SuperH",
-            0x32: "IA-64",
-            0x3E: "x86_64",
-            0xB7: "AArch64",
-            0xF3: "RISC-V",
-        }
-
-        for fs in self.target.filesystems:
-            if fs.exists(path):
-                fh = fs.open(path)
-                fh.seek(4)
-                # ELF - e_ident[EI_CLASS]
-                bits = unpack("B", fh.read(1))[0]
-                fh.seek(18)
-                # ELF - e_machine
-                arch = unpack("H", fh.read(2))[0]
-                arch = arch_strings.get(arch)
-
-                if bits == 1:  # 32 bit system
-                    return f"{arch}_32-{os}"
-                else:
-                    return f"{arch}-{os}"
+    def _get_architecture(self, os: str = "unix", path: Path | str = "/bin/ls") -> str | None:
+        """Determine architecture by reading an ELF header of a binary on the target.
+
+        Resources:
+            - https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+        """
+
+        if not isinstance(path, TargetPath):
+            for fs in [self.target.fs, *self.target.filesystems]:
+                if (path := fs.path(path)).exists():
+                    break
+
+        if not path.exists():
+            return
+
+        fh = path.open("rb")
+        fh.seek(4)  # ELF - e_ident[EI_CLASS]
+        bits = fh.read(1)[0]
+
+        fh.seek(18)  # ELF - e_machine
+        e_machine = int.from_bytes(fh.read(2), "little")
+        arch = ARCH_MAP.get(e_machine, "unknown")
+
+        return f"{arch}_32-{os}" if bits == 1 and not arch[-2:] == "32" else f"{arch}-{os}"
 
 
 def parse_fstab(

dissect/target/plugins/os/unix/linux/fortios/_os.py

@@ -6,7 +6,7 @@ from base64 import b64decode
 from datetime import datetime
 from io import BytesIO
 from tarfile import ReadError
-from typing import BinaryIO, Iterator, Optional, TextIO, Union
+from typing import BinaryIO, Iterator, TextIO
 
 from dissect.util import cpio
 from dissect.util.compression import xz
@@ -73,10 +73,11 @@ class FortiOSPlugin(LinuxPlugin):
         return config
 
     @classmethod
-    def detect(cls, target: Target) -> Optional[Filesystem]:
+    def detect(cls, target: Target) -> Filesystem | None:
         for fs in target.filesystems:
-            # Tested on FortiGate and FortiAnalyzer, other Fortinet devices may look different.
-            if fs.exists("/rootfs.gz") and (fs.exists("/.fgtsum") or fs.exists("/.fmg_sign") or fs.exists("/flatkc")):
+            # Tested on FortiGate, FortiAnalyzer and FortiManager.
+            # Other Fortinet devices may look different.
+            if fs.exists("/rootfs.gz") and (any(map(fs.exists, (".fgtsum", ".fmg_sign", "flatkc", "system.conf")))):
                 return fs
 
     @classmethod
@@ -212,7 +213,7 @@ class FortiOSPlugin(LinuxPlugin):
         return "FortiOS Unknown"
 
     @export(record=FortiOSUserRecord)
-    def users(self) -> Iterator[Union[FortiOSUserRecord, UnixUserRecord]]:
+    def users(self) -> Iterator[FortiOSUserRecord | UnixUserRecord]:
         """Return local users of the FortiOS system."""
 
         # Possible unix-like users
@@ -224,7 +225,7 @@ class FortiOSPlugin(LinuxPlugin):
                 yield FortiOSUserRecord(
                     name=username,
                     password=":".join(entry.get("password", [])),
-                    groups=[entry["accprofile"][0]],
+                    groups=list(entry.get("accprofile", [])),
                     home="/root",
                     _target=self.target,
                 )
@@ -233,69 +234,72 @@ class FortiOSPlugin(LinuxPlugin):
             self.target.log.debug("", exc_info=e)
 
         # FortiManager administrative users
-        try:
-            for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=":".join(entry.get("password", [])),
-                    groups=[entry["profileid"][0]],
-                    home="/root",
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiManager admin users")
-            self.target.log.debug("", exc_info=e)
-
-        # Local users
-        try:
-            local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
-            for username, entry in self._config["root-config"]["user"].get("local", {}).items():
-                try:
-                    password = decrypt_password(entry["passwd"][-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("passwd", []))
-
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=password,
-                    groups=local_groups.get(username, []),
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS local users")
-            self.target.log.debug("", exc_info=e)
-
-        # Temporary guest users
-        try:
-            for _, entry in self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items():
-                try:
-                    password = decrypt_password(entry.get("password")[-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("password"))
-
-                yield FortiOSUserRecord(
-                    name=entry["user-id"][0],
-                    password=password,
-                    groups=["guestgroup"],
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS temporary guest users")
-            self.target.log.debug("", exc_info=e)
+        if self._config.get("global-config", {}).get("system", {}).get("admin", {}).get("user"):
+            try:
+                for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=":".join(entry.get("password", [])),
+                        groups=list(entry.get("profileid", [])),
+                        home="/root",
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiManager admin users")
+                self.target.log.debug("", exc_info=e)
+
+        if self._config.get("root-config"):
+            # Local users
+            try:
+                local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
+                for username, entry in self._config["root-config"]["user"].get("local", {}).items():
+                    try:
+                        password = decrypt_password(entry["passwd"][-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("passwd", []))
+
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=password,
+                        groups=local_groups.get(username, []),
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS local users")
+                self.target.log.debug("", exc_info=e)
+
+            # Temporary guest users
+            try:
+                for _, entry in (
+                    self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items()
+                ):
+                    try:
+                        password = decrypt_password(entry.get("password")[-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("password"))
+
+                    yield FortiOSUserRecord(
+                        name=entry["user-id"][0],
+                        password=password,
+                        groups=["guestgroup"],
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS temporary guest users")
+                self.target.log.debug("", exc_info=e)
 
     @export(property=True)
     def os(self) -> str:
         return OperatingSystem.FORTIOS.value
 
     @export(property=True)
-    def architecture(self) -> Optional[str]:
+    def architecture(self) -> str | None:
         """Return architecture FortiOS runs on."""
-        paths = ["/lib/libav.so", "/bin/ctr"]
-        for path in paths:
-            if self.target.fs.path(path).exists():
-                return self._get_architecture(path=path)
+        for path in ["/lib/libav.so", "/bin/ctr", "/bin/grep"]:
+            if (bin := self.target.fs.path(path)).exists():
+                return self._get_architecture(path=bin)
 
 
 class ConfigNode(dict):
@@ -528,7 +532,7 @@ def decrypt_rootfs(fh: BinaryIO, key: bytes, iv: bytes) -> BinaryIO:
     return BytesIO(result)
 
 
-def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
+def _kdf_7_4_x(key_data: str | bytes) -> tuple[bytes, bytes]:
     """Derive 32 byte key and 16 byte IV from 32 byte seed.
 
     As the IV needs to be 16 bytes, we return the first 16 bytes of the sha256 hash.
@@ -542,7 +546,7 @@ def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
     return key, iv
 
 
-def get_kernel_hash(sysvol: Filesystem) -> Optional[str]:
+def get_kernel_hash(sysvol: Filesystem) -> str | None:
     """Return the SHA256 hash of the (compressed) kernel."""
     kernel_files = ["flatkc", "vmlinuz", "vmlinux"]
     for k in kernel_files:

dissect/target/plugins/os/unix/log/utmp.py

@@ -1,17 +1,17 @@
-import gzip
+from __future__ import annotations
+
 import ipaddress
 import struct
 from collections import namedtuple
 from typing import Iterator
 
 from dissect.cstruct import cstruct
-from dissect.util.stream import BufferedStream
 from dissect.util.ts import from_unix
 
 from dissect.target.exceptions import UnsupportedPluginError
-from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.fsutil import TargetPath, open_decompress
 from dissect.target.helpers.record import TargetRecordDescriptor
-from dissect.target.plugin import OperatingSystem, Plugin, export
+from dissect.target.plugin import Plugin, alias, export
 from dissect.target.target import Target
 
 UTMP_FIELDS = [
@@ -27,16 +27,12 @@ UTMP_FIELDS = [
 
 BtmpRecord = TargetRecordDescriptor(
     "linux/log/btmp",
-    [
-        *UTMP_FIELDS,
-    ],
+    UTMP_FIELDS,
 )
 
 WtmpRecord = TargetRecordDescriptor(
     "linux/log/wtmp",
-    [
-        *UTMP_FIELDS,
-    ],
+    UTMP_FIELDS,
 )
 
 utmp_def = """
@@ -104,24 +100,13 @@ UTMP_ENTRY = namedtuple(
 class UtmpFile:
     """utmp maintains a full accounting of the current status of the system"""
 
-    def __init__(self, target: Target, path: TargetPath):
-        self.fh = target.fs.path(path).open()
-
-        if "gz" in path:
-            self.compressed = True
-        else:
-            self.compressed = False
+    def __init__(self, path: TargetPath):
+        self.fh = open_decompress(path, "rb")
 
     def __iter__(self):
-        if self.compressed:
-            gzip_entry = BufferedStream(gzip.open(self.fh, mode="rb"))
-            byte_stream = gzip_entry
-        else:
-            byte_stream = self.fh
-
         while True:
             try:
-                entry = c_utmp.entry(byte_stream)
+                entry = c_utmp.entry(self.fh)
 
                 r_type = ""
                 if entry.ut_type in c_utmp.Type:
@@ -151,7 +136,7 @@ class UtmpFile:
                             # ut_addr_v6 is parsed as IPv4 address. This could not lead to incorrect results.
                             ut_addr = ipaddress.ip_address(struct.pack("<i", entry.ut_addr_v6[0]))
 
-                utmp_entry = UTMP_ENTRY(
+                yield UTMP_ENTRY(
                     ts=from_unix(entry.ut_tv.tv_sec),
                     ut_type=r_type,
                     ut_pid=entry.ut_pid,
@@ -162,7 +147,6 @@ class UtmpFile:
                     ut_addr=ut_addr,
                 )
 
-                yield utmp_entry
             except EOFError:
                 break
 
@@ -170,17 +154,28 @@ class UtmpFile:
 class UtmpPlugin(Plugin):
     """Unix utmp log plugin."""
 
-    WTMP_GLOB = "/var/log/wtmp*"
-    BTMP_GLOB = "/var/log/btmp*"
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.btmp_paths = list(self.target.fs.path("/").glob("var/log/btmp*"))
+        self.wtmp_paths = list(self.target.fs.path("/").glob("var/log/wtmp*"))
+        self.utmp_paths = list(self.target.fs.path("/").glob("var/run/utmp*"))
 
     def check_compatible(self) -> None:
-        if not self.target.os == OperatingSystem.LINUX and not any(
-            [
-                list(self.target.fs.glob(self.BTMP_GLOB)),
-                list(self.target.fs.glob(self.WTMP_GLOB)),
-            ]
-        ):
-            raise UnsupportedPluginError("No WTMP or BTMP log files found")
+        if not any(self.btmp_paths + self.wtmp_paths + self.utmp_paths):
+            raise UnsupportedPluginError("No wtmp and/or btmp log files found")
+
+    def _build_record(self, record: TargetRecordDescriptor, entry: UTMP_ENTRY) -> Iterator[BtmpRecord | WtmpRecord]:
+        return record(
+            ts=entry.ts,
+            ut_type=entry.ut_type,
+            ut_pid=entry.ut_pid,
+            ut_user=entry.ut_user,
+            ut_line=entry.ut_line,
+            ut_id=entry.ut_id,
+            ut_host=entry.ut_host,
+            ut_addr=entry.ut_addr,
+            _target=self.target,
+        )
 
     @export(record=BtmpRecord)
     def btmp(self) -> Iterator[BtmpRecord]:
@@ -192,26 +187,18 @@ class UtmpPlugin(Plugin):
             - https://en.wikipedia.org/wiki/Utmp
             - https://www.thegeekdiary.com/what-is-the-purpose-of-utmp-wtmp-and-btmp-files-in-linux/
         """
-        btmp_paths = self.target.fs.glob(self.BTMP_GLOB)
-        for btmp_path in btmp_paths:
-            btmp = UtmpFile(self.target, btmp_path)
-
-            for entry in btmp:
-                yield BtmpRecord(
-                    ts=entry.ts,
-                    ut_type=entry.ut_type,
-                    ut_pid=entry.ut_pid,
-                    ut_user=entry.ut_user,
-                    ut_line=entry.ut_line,
-                    ut_id=entry.ut_id,
-                    ut_host=entry.ut_host,
-                    ut_addr=entry.ut_addr,
-                    _target=self.target,
-                )
+        for path in self.btmp_paths:
+            if not path.is_file():
+                self.target.log.warning("Unable to parse btmp file: %s is not a file", path)
+                continue
 
+            for entry in UtmpFile(path):
+                yield self._build_record(BtmpRecord, entry)
+
+    @alias("utmp")
     @export(record=WtmpRecord)
     def wtmp(self) -> Iterator[WtmpRecord]:
-        """Return the content of the wtmp log files.
+        """Yield contents of wtmp log files.
 
         The wtmp file contains the historical data of the utmp file. The utmp file contains information about users
         logins at which terminals, logouts, system events and current status of the system, system boot time
@@ -220,19 +207,11 @@ class UtmpPlugin(Plugin):
         References:
             - https://www.thegeekdiary.com/what-is-the-purpose-of-utmp-wtmp-and-btmp-files-in-linux/
         """
-        wtmp_paths = self.target.fs.glob(self.WTMP_GLOB)
-        for wtmp_path in wtmp_paths:
-            wtmp = UtmpFile(self.target, wtmp_path)
-
-            for entry in wtmp:
-                yield WtmpRecord(
-                    ts=entry.ts,
-                    ut_type=entry.ut_type,
-                    ut_pid=entry.ut_pid,
-                    ut_user=entry.ut_user,
-                    ut_line=entry.ut_line,
-                    ut_id=entry.ut_id,
-                    ut_host=entry.ut_host,
-                    ut_addr=entry.ut_addr,
-                    _target=self.target,
-                )
+
+        for path in self.wtmp_paths + self.utmp_paths:
+            if not path.is_file():
+                self.target.log.warning("Unable to parse wtmp file: %s is not a file", path)
+                continue
+
+            for entry in UtmpFile(path):
+                yield self._build_record(WtmpRecord, entry)

dissect/target/plugins/os/windows/_os.py

@@ -12,6 +12,14 @@ from dissect.target.helpers.record import WindowsUserRecord
 from dissect.target.plugin import OperatingSystem, OSPlugin, export
 from dissect.target.target import Target
 
+ARCH_MAP = {
+    "x86": 32,
+    "IA64": 64,
+    "ARM64": 64,
+    "EM64T": 64,
+    "AMD64": 64,
+}
+
 
 class WindowsPlugin(OSPlugin):
     CURRENT_VERSION_KEY = "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion"
@@ -265,19 +273,11 @@ class WindowsPlugin(OSPlugin):
             Dict: arch: architecture, bitness: bits
         """
 
-        arch_strings = {
-            "x86": 32,
-            "IA64": 64,
-            "ARM64": 64,
-            "EM64T": 64,
-            "AMD64": 64,
-        }
-
         key = "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment"
 
         try:
             arch = self.target.registry.key(key).value("PROCESSOR_ARCHITECTURE").value
-            bits = arch_strings.get(arch)
+            bits = ARCH_MAP.get(arch)
 
             # return {"arch": arch, "bitness": bits}
             if bits == 64:

{dissect.target-3.20.dev47.dist-info → dissect.target-3.20.dev49.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev47
+Version: 3.20.dev49
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev47.dist-info → dissect.target-3.20.dev49.dist-info}/RECORD

@@ -196,7 +196,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=yy9gvRXfN9BT71v4Xqo5hpwfgN9he9Otu8TBPZ_Tegs,3009
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=prvcuIkJ1jmbb_g1CtgHmmJUcGjFaZn3yU6VPNMJ27k,15061
+dissect/target/plugins/os/unix/_os.py,sha256=mk2yxWGqdZMzdr8hyYT5nyjSIEN3F5JuoPaaiz0Rvf8,15311
 dissect/target/plugins/os/unix/applications.py,sha256=AUgZRP35FzswGyFyChj2o4dfGO34Amc6nqHgiMEaqdI,3129
 dissect/target/plugins/os/unix/cronjobs.py,sha256=tgWQ3BUZpfyvRzodMwGtwFUdPjZ17k7ZRbZ9Q8wmXPk,3393
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
@@ -251,7 +251,7 @@ dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py,sha256=47DEQpj8HBSa
 dissect/target/plugins/os/unix/linux/debian/vyos/_os.py,sha256=TPjcfv1n68RCe3Er4aCVQwQDCZwJT-NLvje3kPjDfhk,1744
 dissect/target/plugins/os/unix/linux/fortios/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/fortios/_keys.py,sha256=jDDHObfsUn9BGoIir9p4J_-rg9rI1rgoOfnL3R3lg4o,123358
-dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=Cyw6KyGNc-uZn2WDlD-7G9K7swe_ofxwykIZeQRGYKU,19416
+dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=381VI9TDMR2-XPwLsvCU8hcRgTz1H5yJ-q_sCNQzSiM,19790
 dissect/target/plugins/os/unix/linux/fortios/generic.py,sha256=dc6YTDLV-VZq9k8IWmY_PE0sTGkkp3yamR-cYNUCtes,1265
 dissect/target/plugins/os/unix/linux/fortios/locale.py,sha256=Pe7Bdj8UemCiktLeQnQ50TpY_skARAzRJA0ewAB4710,5243
 dissect/target/plugins/os/unix/linux/redhat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -272,9 +272,9 @@ dissect/target/plugins/os/unix/log/auth.py,sha256=9NJvlo7Vbsp_ENJFpKd04PH_sUuOy6
 dissect/target/plugins/os/unix/log/journal.py,sha256=xe8p8MM_95uYjFNzNSP5IsoIthJtxwFEDicYR42RYAI,17681
 dissect/target/plugins/os/unix/log/lastlog.py,sha256=Wr3-2n1-GwckN9mSx-yM55N6_L0PQyx6TGHoEvuc6c0,2515
 dissect/target/plugins/os/unix/log/messages.py,sha256=XtjZ0a2budgQm_K5JT3fMf7JcjuD0AelcD3zOFN2xpI,5732
-dissect/target/plugins/os/unix/log/utmp.py,sha256=n22dcjhclky3koF4MyRz1cBOmEeWwen6jstLsvfnMw8,7784
+dissect/target/plugins/os/unix/log/utmp.py,sha256=k2A69s2qUT2JunJrH8GO6nQ0zMDotXMTaj8OzQ7ljj8,7336
 dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/windows/_os.py,sha256=-Bsp9696JqU7luh_AbqojzG9BxVdYIFl5Ma-LiFBQBo,12505
+dissect/target/plugins/os/windows/_os.py,sha256=WoXSq-HVOKqI9p3CMXrOFAjsi9MlVmxE2JVHzN7RH0s,12441
 dissect/target/plugins/os/windows/activitiescache.py,sha256=BbGD-vETHm1IRMoazVer_vqSJIoQxxhWcJ_xlBeOMds,6899
 dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
 dissect/target/plugins/os/windows/amcache.py,sha256=1jq-S80_FIzGegrqQ6HqrjmaAPTyxyn69HxnbRBlaUc,27608
@@ -378,10 +378,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev47.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev47.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev47.dist-info/METADATA,sha256=28qUe6AIKvwvWI58yI9VPiy1U86ihuVGMhzR-avNrtc,12897
-dissect.target-3.20.dev47.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-dissect.target-3.20.dev47.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev47.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev47.dist-info/RECORD,,
+dissect.target-3.20.dev49.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev49.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev49.dist-info/METADATA,sha256=cyNr191yNPZoEE1uGY1DqaExAYn8H9NCuOL2OUWn1oM,12897
+dissect.target-3.20.dev49.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+dissect.target-3.20.dev49.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev49.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev49.dist-info/RECORD,,