dissect.target 3.21.dev6__py3-none-any.whl → 3.21.dev8__py3-none-any.whl

dissect/target/loaders/itunes.py

@@ -163,8 +163,10 @@ class ITunesBackup:
 
     def files(self) -> Iterator[FileInfo]:
         """Iterate all the files in this backup."""
-        for row in self.manifest_db.table("Files").rows():
-            yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
+
+        if table := self.manifest_db.table("Files"):
+            for row in table.rows():
+                yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
 
 
 class FileInfo:

dissect/target/plugins/apps/browser/iexplore.py

@@ -36,14 +36,18 @@ class WebCache:
             All ``ContainerId`` values for the requested container name.
         """
         try:
-            for container_record in self.db.table("Containers").records():
+            table = self.db.table("Containers")
+
+            for container_record in table.records():
                 if record_name := container_record.get("Name"):
                     record_name = record_name.rstrip("\00").lower()
                     if record_name == name.lower():
                         container_id = container_record.get("ContainerId")
                         yield self.db.table(f"Container_{container_id}")
-        except KeyError:
-            pass
+
+        except KeyError as e:
+            self.target.log.warning("Exception while parsing EseDB Containers table")
+            self.target.log.debug("", exc_info=e)
 
     def _iter_records(self, name: str) -> Iterator[record.Record]:
         """Yield records from a Webcache container.

dissect/target/plugins/os/unix/esxi/_os.py

@@ -472,37 +472,39 @@ def parse_config_store(fh: BinaryIO) -> dict[str, Any]:
     db = sqlite3.SQLite3(fh)
 
     store = {}
-    for row in db.table("Config").rows():
-        component_name = row.Component
-        config_group_name = row.ConfigGroup
-        value_group_name = row.Name
-        identifier_name = row.Identifier
-
-        if component_name not in store:
-            store[component_name] = {}
-        component = store[component_name]
-
-        if config_group_name not in component:
-            component[config_group_name] = {}
-        config_group = component[config_group_name]
-
-        if value_group_name not in config_group:
-            config_group[value_group_name] = {}
-        value_group = config_group[value_group_name]
-
-        if identifier_name not in value_group:
-            value_group[identifier_name] = {}
-        identifier = value_group[identifier_name]
-
-        identifier["modified_time"] = row.ModifiedTime
-        identifier["creation_time"] = row.CreationTime
-        identifier["version"] = row.Version
-        identifier["success"] = row.Success
-        identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
-        identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
-        identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
-        identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
-        identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
-        identifier["revision"] = row.Revision
+
+    if table := db.table("Config"):
+        for row in table.rows():
+            component_name = row.Component
+            config_group_name = row.ConfigGroup
+            value_group_name = row.Name
+            identifier_name = row.Identifier
+
+            if component_name not in store:
+                store[component_name] = {}
+            component = store[component_name]
+
+            if config_group_name not in component:
+                component[config_group_name] = {}
+            config_group = component[config_group_name]
+
+            if value_group_name not in config_group:
+                config_group[value_group_name] = {}
+            value_group = config_group[value_group_name]
+
+            if identifier_name not in value_group:
+                value_group[identifier_name] = {}
+            identifier = value_group[identifier_name]
+
+            identifier["modified_time"] = row.ModifiedTime
+            identifier["creation_time"] = row.CreationTime
+            identifier["version"] = row.Version
+            identifier["success"] = row.Success
+            identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
+            identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
+            identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
+            identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
+            identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
+            identifier["revision"] = row.Revision
 
     return store

dissect/target/plugins/os/unix/linux/network_managers.py

@@ -567,7 +567,7 @@ def parse_unix_dhcp_log_messages(target: Target, iter_all: bool = False) -> set[
             continue
 
         # Debian and CentOS dhclient
-        if hasattr(record, "daemon") and record.daemon == "dhclient" and "bound to" in line:
+        if hasattr(record, "service") and record.service == "dhclient" and "bound to" in line:
             ip = line.split("bound to")[1].split(" ")[1].strip()
             ips.add(ip)
             continue

dissect/target/plugins/os/unix/log/auth.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import itertools
 import logging
 import re
 from abc import ABC, abstractmethod
@@ -12,24 +11,18 @@ from typing import Any, Iterator
 
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
-from dissect.target.helpers.fsutil import open_decompress
 from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
 from dissect.target.helpers.utils import year_rollover_helper
 from dissect.target.plugin import Plugin, alias, export
+from dissect.target.plugins.os.unix.log.helpers import (
+    RE_LINE,
+    RE_TS,
+    is_iso_fmt,
+    iso_readlines,
+)
 
 log = logging.getLogger(__name__)
 
-RE_TS = re.compile(r"^[A-Za-z]{3}\s*\d{1,2}\s\d{1,2}:\d{2}:\d{2}")
-RE_TS_ISO = re.compile(r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{6}\+\d{2}:\d{2}")
-RE_LINE = re.compile(
-    r"""
-    \d{2}:\d{2}\s                           # First match on the similar ending of the different timestamps
-    (?P<hostname>\S+)\s                     # The hostname
-    (?P<service>\S+?)(\[(?P<pid>\d+)\])?:   # The service with optionally the PID between brackets
-    \s*(?P<message>.+?)\s*$                 # The log message stripped from spaces left and right
-    """,
-    re.VERBOSE,
-)
 
 # Generic regular expressions
 RE_IPV4_ADDRESS = re.compile(
@@ -347,27 +340,3 @@ class AuthPlugin(Plugin):
 
             for ts, line in iterable:
                 yield self._auth_log_builder.build_record(ts, auth_file, line)
-
-
-def iso_readlines(file: Path) -> Iterator[tuple[datetime, str]]:
-    """Iterator reading the provided auth log file in ISO format. Mimics ``year_rollover_helper`` behaviour."""
-    with open_decompress(file, "rt") as fh:
-        for line in fh:
-            if not (match := RE_TS_ISO.match(line)):
-                log.warning("No timestamp found in one of the lines in %s!", file)
-                log.debug("Skipping line: %s", line)
-                continue
-
-            try:
-                ts = datetime.strptime(match[0], "%Y-%m-%dT%H:%M:%S.%f%z")
-            except ValueError as e:
-                log.warning("Unable to parse ISO timestamp in line: %s", line)
-                log.debug("", exc_info=e)
-                continue
-
-            yield ts, line
-
-
-def is_iso_fmt(file: Path) -> bool:
-    """Determine if the provided auth log file uses new ISO format logging or not."""
-    return any(itertools.islice(iso_readlines(file), 0, 2))

dissect/target/plugins/os/unix/log/helpers.py

@@ -0,0 +1,46 @@
+import itertools
+import logging
+import re
+from datetime import datetime
+from pathlib import Path
+from typing import Iterator
+
+from dissect.target.helpers.fsutil import open_decompress
+
+log = logging.getLogger(__name__)
+
+RE_TS = re.compile(r"^[A-Za-z]{3}\s*\d{1,2}\s\d{1,2}:\d{2}:\d{2}")
+RE_TS_ISO = re.compile(r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{6}\+\d{2}:\d{2}")
+RE_LINE = re.compile(
+    r"""
+    \d{2}:\d{2}\s                           # First match on the similar ending of the different timestamps
+    (?:\S+)\s                               # The hostname, but do not capture it
+    (?P<service>\S+?)(\[(?P<pid>\d+)\])?:    # The service / daemon with optionally the PID between brackets
+    \s*(?P<message>.+?)\s*$                 # The log message stripped from spaces left and right
+    """,
+    re.VERBOSE,
+)
+
+
+def iso_readlines(file: Path) -> Iterator[tuple[datetime, str]]:
+    """Iterator reading the provided log file in ISO format. Mimics ``year_rollover_helper`` behaviour."""
+    with open_decompress(file, "rt") as fh:
+        for line in fh:
+            if not (match := RE_TS_ISO.match(line)):
+                log.warning("No timestamp found in one of the lines in %s!", file)
+                log.debug("Skipping line: %s", line)
+                continue
+
+            try:
+                ts = datetime.strptime(match[0], "%Y-%m-%dT%H:%M:%S.%f%z")
+            except ValueError as e:
+                log.warning("Unable to parse ISO timestamp in line: %s", line)
+                log.debug("", exc_info=e)
+                continue
+
+            yield ts, line
+
+
+def is_iso_fmt(file: Path) -> bool:
+    """Determine if the provided log file uses ISO 8601 timestamp format logging or not."""
+    return any(itertools.islice(iso_readlines(file), 0, 2))

dissect/target/plugins/os/unix/log/messages.py

@@ -11,12 +11,18 @@ from dissect.target.helpers.fsutil import open_decompress
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.helpers.utils import year_rollover_helper
 from dissect.target.plugin import Plugin, alias, export
+from dissect.target.plugins.os.unix.log.helpers import (
+    RE_LINE,
+    RE_TS,
+    is_iso_fmt,
+    iso_readlines,
+)
 
 MessagesRecord = TargetRecordDescriptor(
     "linux/log/messages",
     [
         ("datetime", "ts"),
-        ("string", "daemon"),
+        ("string", "service"),
         ("varint", "pid"),
         ("string", "message"),
         ("path", "source"),
@@ -24,12 +30,8 @@ MessagesRecord = TargetRecordDescriptor(
 )
 
 DEFAULT_TS_LOG_FORMAT = "%b %d %H:%M:%S"
-RE_TS = re.compile(r"(\w+\s{1,2}\d+\s\d{2}:\d{2}:\d{2})")
-RE_DAEMON = re.compile(r"^[^:]+:\d+:\d+[^\[\]:]+\s([^\[:]+)[\[|:]{1}")
-RE_PID = re.compile(r"\w\[(\d+)\]")
-RE_MSG = re.compile(r"[^:]+:\d+:\d+[^:]+:\s(.*)$")
 RE_CLOUD_INIT_LINE = re.compile(
-    r"^(?P<ts>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) - (?P<daemon>.*)\[(?P<log_level>\w+)\]\: (?P<message>.*)$"
+    r"^(?P<ts>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) - (?P<service>.*)\[(?P<log_level>\w+)\]\: (?P<message>.*)$"
 )
 
 
@@ -56,7 +58,7 @@ class MessagesPlugin(Plugin):
     def messages(self) -> Iterator[MessagesRecord]:
         """Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs.
 
-        Due to year rollover detection, the contents of the files are returned in reverse.
+        Due to year rollover detection, the log contents could be returned in reversed or mixed chronological order.
 
         The messages log file holds information about a variety of events such as the system error messages, system
         startups and shutdowns, change in the network configuration, etc. Aims to store valuable, non-debug and
@@ -75,16 +77,23 @@ class MessagesPlugin(Plugin):
                 yield from self._parse_cloud_init_log(log_file, tzinfo)
                 continue
 
-            for ts, line in year_rollover_helper(log_file, RE_TS, DEFAULT_TS_LOG_FORMAT, tzinfo):
-                daemon = dict(enumerate(RE_DAEMON.findall(line))).get(0)
-                pid = dict(enumerate(RE_PID.findall(line))).get(0)
-                message = dict(enumerate(RE_MSG.findall(line))).get(0, line)
+            if is_iso_fmt(log_file):
+                iterable = iso_readlines(log_file)
+
+            else:
+                iterable = year_rollover_helper(log_file, RE_TS, DEFAULT_TS_LOG_FORMAT, tzinfo)
+
+            for ts, line in iterable:
+                match = RE_LINE.search(line)
+
+                if not match:
+                    self.target.log.warning("Unable to parse message line in %s", log_file)
+                    self.target.log.debug("Line %s", line)
+                    continue
 
                 yield MessagesRecord(
                     ts=ts,
-                    daemon=daemon,
-                    pid=pid,
-                    message=message,
+                    **match.groupdict(),
                     source=log_file,
                     _target=self.target,
                 )
@@ -134,7 +143,7 @@ class MessagesPlugin(Plugin):
 
                 yield MessagesRecord(
                     ts=ts,
-                    daemon=values["daemon"],
+                    service=values["service"],
                     pid=None,
                     message=values["message"],
                     source=log_file,

dissect/target/plugins/os/windows/activitiescache.py

@@ -116,36 +116,38 @@ class ActivitiesCachePlugin(Plugin):
         for user, cache_file in self.cachefiles:
             fh = cache_file.open()
             db = sqlite3.SQLite3(fh)
-            for r in db.table("Activity").rows():
-                yield ActivitiesCacheRecord(
-                    start_time=mkts(r["[StartTime]"]),
-                    end_time=mkts(r["[EndTime]"]),
-                    last_modified_time=mkts(r["[LastModifiedTime]"]),
-                    last_modified_on_client=mkts(r["[LastModifiedOnClient]"]),
-                    original_last_modified_on_client=mkts(r["[OriginalLastModifiedOnClient]"]),
-                    expiration_time=mkts(r["[ExpirationTime]"]),
-                    app_id=r["[AppId]"],
-                    enterprise_id=r["[EnterpriseId]"],
-                    app_activity_id=r["[AppActivityId]"],
-                    group_app_activity_id=r["[GroupAppActivityId]"],
-                    group=r["[Group]"],
-                    activity_type=r["[ActivityType]"],
-                    activity_status=r["[ActivityStatus]"],
-                    priority=r["[Priority]"],
-                    match_id=r["[MatchId]"],
-                    etag=r["[ETag]"],
-                    tag=r["[Tag]"],
-                    is_local_only=r["[IsLocalOnly]"],
-                    created_in_cloud=r["[CreatedInCloud]"],
-                    platform_device_id=r["[PlatformDeviceId]"],
-                    package_id_hash=r["[PackageIdHash]"],
-                    id=r["[Id]"],
-                    payload=r["[Payload]"],
-                    original_payload=r["[OriginalPayload]"],
-                    clipboard_payload=r["[ClipboardPayload]"],
-                    _target=self.target,
-                    _user=user,
-                )
+
+            if table := db.table("Activity"):
+                for r in table.rows():
+                    yield ActivitiesCacheRecord(
+                        start_time=mkts(r["[StartTime]"]),
+                        end_time=mkts(r["[EndTime]"]),
+                        last_modified_time=mkts(r["[LastModifiedTime]"]),
+                        last_modified_on_client=mkts(r["[LastModifiedOnClient]"]),
+                        original_last_modified_on_client=mkts(r["[OriginalLastModifiedOnClient]"]),
+                        expiration_time=mkts(r["[ExpirationTime]"]),
+                        app_id=r["[AppId]"],
+                        enterprise_id=r["[EnterpriseId]"],
+                        app_activity_id=r["[AppActivityId]"],
+                        group_app_activity_id=r["[GroupAppActivityId]"],
+                        group=r["[Group]"],
+                        activity_type=r["[ActivityType]"],
+                        activity_status=r["[ActivityStatus]"],
+                        priority=r["[Priority]"],
+                        match_id=r["[MatchId]"],
+                        etag=r["[ETag]"],
+                        tag=r["[Tag]"],
+                        is_local_only=r["[IsLocalOnly]"],
+                        created_in_cloud=r["[CreatedInCloud]"],
+                        platform_device_id=r["[PlatformDeviceId]"],
+                        package_id_hash=r["[PackageIdHash]"],
+                        id=r["[Id]"],
+                        payload=r["[Payload]"],
+                        original_payload=r["[OriginalPayload]"],
+                        clipboard_payload=r["[ClipboardPayload]"],
+                        _target=self.target,
+                        _user=user,
+                    )
 
 
 def mkts(ts: int) -> datetime | None:

dissect/target/plugins/os/windows/catroot.py

@@ -217,12 +217,15 @@ class CatrootPlugin(Plugin):
             with ese_file.open("rb") as fh:
                 ese_db = EseDB(fh)
 
-                tables = [table.name for table in ese_db.tables()]
                 for hash_type, table_name in [("sha256", "HashCatNameTableSHA256"), ("sha1", "HashCatNameTableSHA1")]:
-                    if table_name not in tables:
+                    try:
+                        table = ese_db.table(table_name)
+                    except KeyError as e:
+                        self.target.log.warning("EseDB %s has no table %s", ese_file, table_name)
+                        self.target.log.debug("", exc_info=e)
                         continue
 
-                    for record in ese_db.table(table_name).records():
+                    for record in table.records():
                         file_digest = digest()
                         setattr(file_digest, hash_type, record.get("HashCatNameTable_HashCol").hex())
                         catroot_names = record.get("HashCatNameTable_CatNameCol").decode().rstrip("|").split("|")

dissect/target/plugins/os/windows/notifications.py

@@ -442,43 +442,45 @@ class NotificationsPlugin(Plugin):
         """
         for user, wpndatabase in self.wpndb_files:
             db = sqlite3.SQLite3(wpndatabase.open())
-
             handlers = {}
-            for row in db.table("NotificationHandler").rows():
-                handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
-                    created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
-                    modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
-                    id=row["[RecordId]"],
-                    primary_id=row["[PrimaryId]"],
-                    wns_id=row["[WNSId]"],
-                    handler_type=row["[HandlerType]"],
-                    wnf_event_name=row["[WNFEventName]"],
-                    system_data_property_set=row["[SystemDataPropertySet]"],
-                    _target=self.target,
-                    _user=user,
-                )
-
-            for row in db.table("Notification").rows():
-                record = WpnDatabaseNotificationRecord(
-                    arrival_time=wintimestamp(row["[ArrivalTime]"]),
-                    expiry_time=wintimestamp(row["[ExpiryTime]"]),
-                    order=row["[Order]"],
-                    id=row["[Id]"],
-                    handler_id=row["[HandlerId]"],
-                    activity_id=UUID(bytes=row["[ActivityId]"]),
-                    type=row["[Type]"],
-                    payload=row["[Payload]"],
-                    payload_type=row["[PayloadType]"],
-                    tag=row["[Tag]"],
-                    group=row["[Group]"],
-                    boot_id=row["[BootId]"],
-                    expires_on_reboot=row["[ExpiresOnReboot]"] != "FALSE",
-                    _target=self.target,
-                    _user=user,
-                )
-                handler = handlers.get(row["[HandlerId]"])
 
-                if handler:
-                    yield GroupedRecord("windows/notification/wpndatabase/grouped", [record, handler])
-                else:
-                    yield record
+            if table := db.table("NotificationHandler"):
+                for row in table.rows():
+                    handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
+                        created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
+                        modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
+                        id=row["[RecordId]"],
+                        primary_id=row["[PrimaryId]"],
+                        wns_id=row["[WNSId]"],
+                        handler_type=row["[HandlerType]"],
+                        wnf_event_name=row["[WNFEventName]"],
+                        system_data_property_set=row["[SystemDataPropertySet]"],
+                        _target=self.target,
+                        _user=user,
+                    )
+
+            if table := db.table("Notification"):
+                for row in table.rows():
+                    record = WpnDatabaseNotificationRecord(
+                        arrival_time=wintimestamp(row["[ArrivalTime]"]),
+                        expiry_time=wintimestamp(row["[ExpiryTime]"]),
+                        order=row["[Order]"],
+                        id=row["[Id]"],
+                        handler_id=row["[HandlerId]"],
+                        activity_id=UUID(bytes=row["[ActivityId]"]),
+                        type=row["[Type]"],
+                        payload=row["[Payload]"],
+                        payload_type=row["[PayloadType]"],
+                        tag=row["[Tag]"],
+                        group=row["[Group]"],
+                        boot_id=row["[BootId]"],
+                        expires_on_reboot=row["[ExpiresOnReboot]"] != "FALSE",
+                        _target=self.target,
+                        _user=user,
+                    )
+                    handler = handlers.get(row["[HandlerId]"])
+
+                    if handler:
+                        yield GroupedRecord("windows/notification/wpndatabase/grouped", [record, handler])
+                    else:
+                        yield record

{dissect.target-3.21.dev6.dist-info → dissect.target-3.21.dev8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.21.dev6
+Version: 3.21.dev8
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.21.dev6.dist-info → dissect.target-3.21.dev8.dist-info}/RECORD

@@ -81,7 +81,7 @@ dissect/target/loaders/cb.py,sha256=EGhdytBKBdofTd89juavDZZbmupEZmMBadeUXvVIK20,
 dissect/target/loaders/cyber.py,sha256=Ip2hI7L98ZP7gUZuHQr0GxBdmbTzD-PntXmLJ5KpBuQ,1533
 dissect/target/loaders/dir.py,sha256=F-PgvBw82XmL0rdKyBxznUkDc5Oct6-_Y9xM4fhvA6I,5791
 dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
-dissect/target/loaders/itunes.py,sha256=rKOhlDRypQBGkuSZudMDS1Mlb9XV6BD5FRvM7tGq9jU,13128
+dissect/target/loaders/itunes.py,sha256=MQZKWjs7ZKZnARAmzMVGyod0vgOvDZuximjKyMRiwKM,13164
 dissect/target/loaders/kape.py,sha256=t5TfrGLqPeIpUUpXzIl6aHsqXMEGDqJ5YwDCs07DiBA,1237
 dissect/target/loaders/libvirt.py,sha256=_3EFIytMGbiLMISHx4QXVrDebsRO6J6sMkE3TH68qsg,1374
 dissect/target/loaders/local.py,sha256=Ul-LCd_fY7SyWOVR6nH-NqbkuNpxoZVmffwrkvQElU8,16453
@@ -125,7 +125,7 @@ dissect/target/plugins/apps/browser/chrome.py,sha256=DMONTYE95sI_jcmyQOapHwWQWwr
 dissect/target/plugins/apps/browser/chromium.py,sha256=A4aJDJnngFBiIJ4pC10HMykEh1VLu2Xf_bvGG1o9LTM,28549
 dissect/target/plugins/apps/browser/edge.py,sha256=tuuIbm4s8nNstA6nIOEfU0LG0jt20a8gf3rve2SXtdM,2953
 dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g3CWrClBbmpaGMRKxg,32472
-dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
+dissect/target/plugins/apps/browser/iexplore.py,sha256=5WkExNl7VoY72Y3SZNZAqxpX_9HXsQIlxFf58ur63zA,8953
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=LTsZplaECSfO1Ysp_Y-9WsnNocsreu_iHO8fbSif3g0,16221
 dissect/target/plugins/apps/database/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -223,7 +223,7 @@ dissect/target/plugins/os/unix/bsd/osx/_os.py,sha256=hNFB1rwahLwgZD1kc3T4xalFusT
 dissect/target/plugins/os/unix/bsd/osx/network.py,sha256=3m71T-T-DnZFVidrokuHpr89lZOe_4drt-Xwam1ebfw,3767
 dissect/target/plugins/os/unix/bsd/osx/user.py,sha256=5rsGhsntBW9IXYIOrLpfYpSsJcBDL61QJkuZ456lXlE,2411
 dissect/target/plugins/os/unix/esxi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/esxi/_os.py,sha256=s6pAgUyfHh3QcY6sgvk5uVMmLvqK1tIHWR7MSbrFn8w,17789
+dissect/target/plugins/os/unix/esxi/_os.py,sha256=eTI6zVubEmdx02mMDyTpmf2J53IzhWFT0UEt990b9OM,17921
 dissect/target/plugins/os/unix/etc/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/etc/etc.py,sha256=YSCRZZfQvmzaR5VWhTJhB8pIGliL6Nw5ruhdfvYKYaM,2783
 dissect/target/plugins/os/unix/linux/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -234,7 +234,7 @@ dissect/target/plugins/os/unix/linux/iptables.py,sha256=qTzY5PHHXA33WnPYb5NESgoS
 dissect/target/plugins/os/unix/linux/modules.py,sha256=-LThb5mcKtngVfIICpdOGLtgJPc99WQ8Qufwddt8YgQ,2500
 dissect/target/plugins/os/unix/linux/netstat.py,sha256=EBpbK4BD3pZ0fKCR3ZMmVip4eQ0f6x_9yumA8vsUKPw,1691
 dissect/target/plugins/os/unix/linux/network.py,sha256=KfGfYhtrzpHHefaHjTpdbGSLu6IN4anweYt3V02D9zU,14392
-dissect/target/plugins/os/unix/linux/network_managers.py,sha256=nr0gA3hBqsvP9k6xAYmRYwGRB1kMtXB1k0pe78jWdFI,25768
+dissect/target/plugins/os/unix/linux/network_managers.py,sha256=atvcHPXFHVeCD5ipygqpR8pOgSexCGKIvVZz3Z8ITLA,25770
 dissect/target/plugins/os/unix/linux/proc.py,sha256=jm35fAasnNbObN2tpflwQuCfVYLDkTP2EDrzYG42ZSk,23354
 dissect/target/plugins/os/unix/linux/processes.py,sha256=xAJswf06HZsY8JhQ11xfJw1OLTZ1q9XZbu7_a7k2UpY,2019
 dissect/target/plugins/os/unix/linux/services.py,sha256=cZWmoVImbl7foKQfBpiKjeC2kjvfRUpM-ympFQorwHI,4128
@@ -270,17 +270,18 @@ dissect/target/plugins/os/unix/locate/plocate.py,sha256=0p7ibPPrDlQuJNjJbV4rU0fJ
 dissect/target/plugins/os/unix/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/log/atop.py,sha256=zjG5eKS-X0mpBXs-Sg2f7RfQvtjt0T8JcteNd9DB_ok,16361
 dissect/target/plugins/os/unix/log/audit.py,sha256=rZwxC90Q0FOB5BZxplTJwCTIp0hdVpaps1e3C1fRYaM,3754
-dissect/target/plugins/os/unix/log/auth.py,sha256=9NJvlo7Vbsp_ENJFpKd04PH_sUuOy6ueSBwQqY0MtKo,14546
+dissect/target/plugins/os/unix/log/auth.py,sha256=MNfPoGo_pGFMizbF5ZyW6bi-QWCxuaB7OVAeIJAAC6M,13068
+dissect/target/plugins/os/unix/log/helpers.py,sha256=3_UNw36isxlmIRs0EreU4Oe5UrKOPl-mApjvfRXmYtQ,1775
 dissect/target/plugins/os/unix/log/journal.py,sha256=hhsvKs78BPv0vJN360fKVHqyBCdLUWxdv6ZUa4tqpD8,17795
 dissect/target/plugins/os/unix/log/lastlog.py,sha256=Wr3-2n1-GwckN9mSx-yM55N6_L0PQyx6TGHoEvuc6c0,2515
-dissect/target/plugins/os/unix/log/messages.py,sha256=XtjZ0a2budgQm_K5JT3fMf7JcjuD0AelcD3zOFN2xpI,5732
+dissect/target/plugins/os/unix/log/messages.py,sha256=GjHqbbyoqXxIlD6cxK552Gv00LK399dU3u9NISGIVno,5787
 dissect/target/plugins/os/unix/log/utmp.py,sha256=k2A69s2qUT2JunJrH8GO6nQ0zMDotXMTaj8OzQ7ljj8,7336
 dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/_os.py,sha256=SUTfCPEVi2ADfjsQQJad6dEsnKUzRtsKJXOlEuiT9Xk,12462
-dissect/target/plugins/os/windows/activitiescache.py,sha256=BbGD-vETHm1IRMoazVer_vqSJIoQxxhWcJ_xlBeOMds,6899
+dissect/target/plugins/os/windows/activitiescache.py,sha256=_I-rc7hAKRgqfFexsJq5nkIAV3E31byG4KeBQeDBehg,7051
 dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
 dissect/target/plugins/os/windows/amcache.py,sha256=1jq-S80_FIzGegrqQ6HqrjmaAPTyxyn69HxnbRBlaUc,27608
-dissect/target/plugins/os/windows/catroot.py,sha256=QVwMF5nuMzCkWnoOMs5BkwYoKN61HKmlxo8mKMoD3w8,10937
+dissect/target/plugins/os/windows/catroot.py,sha256=bB-UE5QGuo-aHm1YU4qKHwt6ypW9FvxV9X0_0VplKts,11086
 dissect/target/plugins/os/windows/cim.py,sha256=jsrpu6TZpBUh7VWI9AV2Ib5bebTwsvqOwRfa5gjJd7c,3056
 dissect/target/plugins/os/windows/clfs.py,sha256=begVsZ-CY97Ksh6S1g03LjyBgu8ERY2hfNDWYPj0GXI,4872
 dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1Ej-kfvEBmHbrdIGw,9467
@@ -291,7 +292,7 @@ dissect/target/plugins/os/windows/jumplist.py,sha256=3gZk6O1B3lKK2Jxe0B-HapOCEeh
 dissect/target/plugins/os/windows/lnk.py,sha256=KTqhw0JMW-KjAxe4xlRDNSRSx-th-_nPVgTGyBaKmW0,7891
 dissect/target/plugins/os/windows/locale.py,sha256=QiLWGgWrGBGHiXgep5iSOo6VNim4YC-xd4MdW0BUJPA,2486
 dissect/target/plugins/os/windows/network.py,sha256=epbRPt_Aa6xPV_fCd2tbHpbHAi_JG1jWrtHsDrqCrlM,11507
-dissect/target/plugins/os/windows/notifications.py,sha256=xxfMEY_noDxMVqvT3QS1a3j-X3qAYikOtT6v2owxuCY,17480
+dissect/target/plugins/os/windows/notifications.py,sha256=3sL4x9AvaRfP_IBYncu4TNesSSuZP1FemgF1EH9RtJw,17686
 dissect/target/plugins/os/windows/prefetch.py,sha256=wbbYoy05gWbJfRsM2ci4wPG7kM58OocVwXD3hkQlbRw,10647
 dissect/target/plugins/os/windows/recyclebin.py,sha256=zx58hDCvcrD_eJl9nJmr_i80krSN03ya8nQzWFr2Tw0,4917
 dissect/target/plugins/os/windows/registry.py,sha256=f6ka__6KXvdqRMRRJzlCAYaIpTZhVLANXQX_-wZQKPA,13235
@@ -381,10 +382,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.21.dev6.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.21.dev6.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.21.dev6.dist-info/METADATA,sha256=y20uM3xEziZVCXj48rhG1H4o0gITbJyiu6gQ4gBDTiE,13186
-dissect.target-3.21.dev6.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-dissect.target-3.21.dev6.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.21.dev6.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.21.dev6.dist-info/RECORD,,
+dissect.target-3.21.dev8.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.21.dev8.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.21.dev8.dist-info/METADATA,sha256=HUElMGCd6uXoyl2UOs5_wEXae0KhByPqu-CqetFqYCU,13186
+dissect.target-3.21.dev8.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+dissect.target-3.21.dev8.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.21.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.21.dev8.dist-info/RECORD,,