From 1264d425d4f5fbb32e8a287b373ec89ad2a63b72 Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Sat, 10 Feb 2024 22:52:45 +1000 Subject: [PATCH] Bugfix: Merge fixes to EWF and ESE libraries Also sync latest SQLiteHunter --- .../Generic/Forensic/SQLiteHunter.yaml | 114 +++++++++++++++++- docs/references/vql.yaml | 23 +++- go.mod | 4 +- go.sum | 8 +- vql/parsers/json.go | 2 +- 5 files changed, 136 insertions(+), 15 deletions(-) diff --git a/artifacts/definitions/Generic/Forensic/SQLiteHunter.yaml b/artifacts/definitions/Generic/Forensic/SQLiteHunter.yaml index 0da61c2f7a7..140240f1740 100644 --- a/artifacts/definitions/Generic/Forensic/SQLiteHunter.yaml +++ b/artifacts/definitions/Generic/Forensic/SQLiteHunter.yaml @@ -26,7 +26,7 @@ column_types: type: preview_upload export: | - LET SPEC <= "H4sIAAAAAAAA/+x9a3MaubboX1FR95TtDMGxk3ns3OIDBpxwxgYu4GQmw9y23C2Dxk2rtyTiMHtyfvspPVvqB+AYk9TeM1Xj0NJaWkvrpbf0r9osJjes9vo39av2unZ8xRBlx8+OL/ANhXR1fIkYgzPEjsM55I3oplavcTgTOLVLGA7GtXqtFce13+u1BC5Q7XXNwH2uZ4XOyQIdPztuhCS5xbPjGSGzGD0P51Slv0c3oAM5dMpuy7xavXZGyT1DtEDG4qyhowg8p2hBOHoeIXbHSWpSU0pucfzk5PFy8XmHNNqvp1Opoun02XTaSlMBMJ3+a0TgAiez+gUJYfz5+IzCj2hMbvk9pEh9PZOqlQXun583UuPHisTXZOQSh5QwcsuPu9Hsa3IynQ5SRCEwSrLfHN7EaDrdpV3mfbqVpjEOIcckAeNlmhLKyy1m30z4ZrJv6tY2gLSNJ4wM+QB4RsjdAtI79hBCGdLjQ+ATM6CD4O6o7CoM7p2j6kC4d1bWhMJ987JFMNyhhT4mHO6ZjUJA3DP9Ykh8ukiRD4ptQu4wehAdg/L4gPiExHUw3A2FXQXCvXJTHQT3ysaaALhPPrYIfjuyxscEvj2yUAh6e6RdDHhPEwnywa77iaOEYZKw42fPjhcwwbeI8cYfjCQPoewjPj4MfhW2dIB8atq7Cp3fCJ/VQfUbYXBNuP02ONwiED+5PzwmRH8TzBWC9zfBVTGs7zuy5QP+OfyIQ5I8qF2xOI8P7E9KXgfwXdHYVaDeMz/VAXnPjKwJvPvlZIsAuzO7fEwg3SsThYC5V+rFwPhUkSEfAN9ixgldPYSMQXl8+HtC4jr47YbCrkLfXrmpDnx7ZWNN2NsnH1sEvR1Z42NC3h5ZKAS8PdIuhruniQT5YHeJIgzBF9DyER8f+PbEiA6Cu6e2q4D41TirDo5fjaU1gfJr8bRF0HwCS35MAP1K7BSC6VfioxhYnz7S5INsH/F7Qu9AK5SsDSmKcMgJfQjxyjIeH3q/Kns6IO+Lh12F6W+M3+rg/Y0xuiakf1ucbhHo9+Y3jwn/3xSThUbhm+Ku2FR8rciYb0DGc0J5uOQPmvvIkB7fRDwxA7oR2B2VXYX5vXNUHcj3zsqaUL1vXrYIxju00MeE2z2zUQioe6ZfDJlPFykKQRExtUymfwTPHkRSIe0iNu6FDxMid01sZ5HyKzG2JmB+JY7Wxc2vw9I24XPnRvyoKPpVuCkG06/CRklMfeoIkw+tE5KCMeYP21yWIT0+pj4xAzqY7o7KrqLo3jmqDp97Z2VN3Nw3L1sEzB1a6GMi5Z7ZKITIPdMvxsb9m8Yl+RPHMZxOzzFFt+TTdDpUcUswn8YwRKzB/hljjhyWNOwannzMXfMVqp2/X8JYDnXXnEXkPokJjL6ItwLyrrm71RtIvoS5PO7OeSN0MVerEV/EXhHd49A6pGbvWDLlhOn3OInIPTt+j27aMJwj++Pdi5NGBLnDjfDWWr3WSziiCeLdT2lMqORpzWlFr6x1kUICigT5Y5uz4BbQLTal+CPk6PgjpMeJmrWLxI8lgzNUlHB5yXn4jQSim53SKMiGJBziRCSGZNGAaRqjRp9wxI6VUjWcSpJ/3z1rCKtAkX/AtJwXgTEW0JqZv1QRje+yItax94aSZQocJmcioZGxmli+XCo7ZqvS2NskSVDIUdRBH3GI2DCGXPjN8UXj2XEr5Pgj5hixErvTzlFgrAQpFxeGlMwoXKiIYL1tOh0jSMP5dKoynNaRTaeamv3RQFsx40J//r1eY2RJQ8Rqr/9Vw/p+hcAEHJHYV2jFvHrt3f+7EGON7kW3PQEcLxDjcJEeopSE82YEOQLH4OSF+Q98B/7x408vX/x4+uLFEWiNwcRg1MGzaXI+GlyCkahQ8v5td9TNssF0+eLFSyQ6hqh1yxEFrX4nnx3K7DN0SyiaJkCCHGqeJ+gTr4MRIQtRmSPQ/B9wjmOO6AjN0KdpUqvXxk5VBPqiQck9jurid0hgjFiIDheNUOgvoIQshDRZHcwbOFKVmVMEo57CWDQwC24pWQQLJDJ77JySxSWqTxOR3W6Nu+B+jhIfsAlOwORttw8WDRiGZJlwAdy9GHclGfnR74jyRGnDOUlQf7m4QXRTsS+qirU1m582cKRr49CZkCKVRYMhKhxDAIzVT11poXL9k6NPXAC4GpCybESYpTFcBUKAAsKoRVvAQiEAyMBCIMToloM/CE7AHCZRLDPmgIg6qoQAR6AJ5kpfPkY4h1zAhwo+pzzQBGFDfClWnj8HIu68llhOOmYiHSwT/M8lqgM+xwws4AqEcMkQIAl6zsnzBUxWkmaRgUCzKRMEM5L7UPEreJg3JFieeae6pxJj7lf41NRYeovABaIOnK4AJwDFeIET4YLRUgUNxEC0RCIvIclzVR2LpaWeF9GxLwsFLozFmIAQzjKOAaGOXUjm9MeRMJrBqNMdgbNftYmATnfc/r/S7XAU/HOJ6CoLI9JAD59Jn7puz1F4d60tQwX1YAEZR9QECb5KUfNADtEOJHvS7wWzzYO89A/AYARUlq5vADmH4XyBEq4gVA3FfxaUrZIwiFCMOIoCjccOjiz/H2G8RLXXL+s1ERaT/L0zamCClwugez2gteQigsZlUXYL4FzYfXPV60jPysdfIEQdLEiEbzFSMUpEyEudUI6zZCgQeBL8iqGO8ehzTBkXTNbBJY6iGKnfF9CkdhcQx60ooogxieFGDtAmixQmKwU65hQh7sK2MV+JdEENfMBpm0SoLui3hTXUwWA8hHxe0kZoFstbCC+ztH14WK3W1GKrNgUaXeo5L9aYLXEkJG2V6OlMphiN1MtKkF7JGreiGjagZpVag7KQ1bU4Tu3XIMXQIWOFVIqAhOBYQ/4jYljBPAoYqbAX1kikxQgCftNTJr5Q6cOy5OqnHINJpQVQMSJbsIIxltDBfCXLF2ZaVbCwNFlelbJY40+chiSSYMbIywGF0mUg1G7YVq22MP9SBJHY6/e7I/Dfg16/ShtgUJmlLLFZYaKbileqKyu+smCj7m2KV611GfNOIWU0lNUqEqYNWuuI7advlAxtpzEKKYowD0JII1bWApHbW0RFEIAOkmhfETWWjJiTdYdW90SUVWikvvcaKedyoDUNzyVkdygCbckkaAsmt2qwyvBybdczYAN6WRdcFhC40mmocKmDZRmAqFpAEvklQAWbg0RQr0Yxm3XGkku9d6cSXAbBW7KkJgiekyWthEaf0mBBEj4X0N1P6aX4vRZ6hSDVwL8iWF3yDUzubOQ7g8mdDXullcThnQ2Topb6uxJB/A0wY0sVjAVOT35VYuCEcbqUfSmtJpvQ65jefRHP7R5Wafxvv7T+ld1es8YJ3XtxlMc9fw5GKFxShj8icLtM1MY0TgBFKaEc8DkCEeKymSC3AIJbEkdCchfdCRhJmHOZcig4q4MzyJAeTAPfm8M5xMkhbP5LSOz5c9UdAZTcA7TAmhDkEMAbslSfMORLGFuKwBRoaIDvwLQG/hJ/vpOCaRhLtiav/8v6s/c4ERIVCU2c8EOc8KZElT0sGEWiS/wMnLywHeOWSPuSwmRAWLJCgSI2XDG/TIklzFCOrlcpKmQuaQz+EnWd1oBs/UcXsv8tjTokKTo8miaf69PkRklYiLh3q4alSoJgLkeZOI4oSgCVWkcAJ5wALIf+OYWJHjEM54eU3OsiMxBloAoOc7Rgh+KvqrwhIScMwOc6ANI7C2WYKJ83oqYqPLOl5nqFazqi+nJUKSzzEvJwjpPZuWjFM1NU44U6SCFlKPiDkeRQ2FyTIhgFQpWHxt2aCvTIaA16g4xpUi0qj3TdrXuZP8huhxFNjstndTCt3WiXDW4gndaMeSj4CvlJyVBCOGu42I5AhRVJsX2WdnazjgHC5+gLKEu0apLhOpJiaI2ih9NUeKVEtXXY7oTfbHhBN1nGsRd33YvBCjE1MPfoVIfdILudp2Jm1A0khyFFcio3WPJQR46//gIqfrR13tWknUWIinLQpxRTxMqK6aqsbUqRUQyGIWKlJYlg1pK5XmFvCeM/o1VdRWIgdWszzwiJD98JYTcxC5gIRGpiocfG8qMKdM55SpJ4pYHfcp4OknhVCj6HLNASkOBvIZO1luKrIpAiyjDjKOGaxNAmZChDiglVExNyinxI6LqpCE9C5RMSJSCl0xKZMLeaVzCLta5B1d0Mx0K89JzOvbw5YTy4Q3Lca7Ts5heaYJORQtXZtbZgMqwN5FONun36mV7z8KmvLEtY60sSN7pzAdRKRyD7O2KkbrWqtanhnA5pmWQf3x0Fxd6oN22piHqzlRwWO42nXvDKrvkqdgez62XWdRodKK/XyEj8EcmOmpmbZ5ziZAbgDIo+v8ySS2cIRDjkps8o8QQxswxT11CizzhDXHUlVJL1uluM4qgZk/sQMnSoCDVVM64+gnvM5wEVznAo/zantf8fBJfjN8Fh47ujIPg/01pdc9jUhI8as5MjSyJCt3AZ8yzTVOuvv8xyhWj5Zd1hpCquL9YBerZFdT1UmmiXHt3zMIXleh+y+5xEroQFuui3z1GcAiGLhmJHZfvMPKsDfHsYkiTCwnqbhkpDiyCIlfABihlqCt0dWjHxOUqa1bXIuq25+jQ6mCamD6cJMNmRq6AuAc28ury5aFo7UlJRddIyceVtun9vEO+FJDk0ecKyLBm1D+P65PSna6naXPoPr0qTX56WJp/8cO10B42WLRRc8jmherpTNLzihxRliR+4TCZqwllWtGncozUGdmy+AT9CLKQ4lY1dSTFutijN4hHB8WlDjigYgAyM5S8fKEV0gdU2VAEyzD59ONFMQAZkR8AzuLx+rAUeueMeY23LNCYwkg5SNKbqopSt9BYiwrhsidQg51iZl5hm+1BpwBHUmjb3Ib3J/GVcxYBrL6pZE5SdC3C8PmWvUwdCHoXFH7dTBw7lGDQVw9SorEens9R6DZyhq9FF3ZAUv+UChNKK6iYQ2pzWRCiY1owGpboCbMUPgGq1bgldQH6o/mlOa1JB//WxkSYzEaEhnbFmr5NXntK7sKZgbU/LVKqyn+UB+L2ski6U3bblTTDq1OAG8wVMmYwFZm4rk30BSlQmUHMcDDiSyQOqiQPNZ4lGJPACpilOZo1UFLqksepaKVV5nOu8THtacgZgmjhz7G7RXkaOR6kSH9xKoVklH9OPdYW6Btj2tnwlPNGcn9PRcmvl9LYMG8Ukw/um1V/nBqqiR+u7BIJ3mGG+1vdzkMUIIN2tYjz3USAF4nfe8WVxE2xmztaNB6sLEbYqC0JRVtTV6GKCuehQyEAi8/UKrhjeR+q3BPWaiTmOIpSIsHtwclBXjcG09qvoN+i+ybTWJ9OaGuBJYFWKpCBC4TklC/MhcxTn0VKNA7N9SFYAHZ3VS8ZIcKKatOrhnZVaIeQYq8pBlI7sPAltNbhb0jgXlWTVWMPRDWQg+6pbrLwKIQO5pAyWC670fKPi0GbpwGLbA5GmirBLlI6msxKFxjOQnAFIEK13yMA8U6qunqqyq1OdIbc1yd9mJ1QJUE79VkAmRStYcCF6kucTFf0Utoh4RuxNU+KSxk6oKupgHwFLMOVEJcWEk2B3RnvrEbMFSjwwpZkljQO5t0WMLuUixoZliewSlOpQ1TEcbBPXMmAT2kSfXi6gXxBytzQ7+5pyWHl4/eK6edBLgNwriRg7qIPrk+vmQZss0hhxJL5Pr5vTWhsmIYpjFInwcf1SJMlNyHSZcp34qpB4pEYUHZjMEBXGWkK8T7gGIEtDflqzKbLk0+vmgU0RTnOgeHAS2yThKOEHurskmDnQaeASrsAZApcwxiHWVL6/bh5cJSFZLEiSIYPrH7xSz5YcyPMz72CMZSfCEvjRA3xLmET/6bp5MCSiMAzjeAWuknuYSDRw/Y/r5sH7OeYoxkz0Tm5WYEhiHK4OtJys7EYIMpIUhQUO+iSD0sICB+di+NqllFCtrgM1IQY6KMGKthQWZnfgfBnHqg5SBLJjOCEEXJBkdlCX1ZfFyTRIZ9ICRF3fYar1I7Q2QYuUUEhXwnJuYrSQOcJyzmIS3hk5XZ8IbuTEJOYrIB0VnEMcK65OBFsjxJYLl39pFXr9OEsVZcvDQzL4iCYhAoOlVvj16anSd4LUItyF1sfpS0mffkQUCNeQsniRpdnyX4ryR0KfYIT+uRRDHZ0ny395muEMKbLNrFPAS2lRIsQATsAMqYkNmfUqQ75K1LAW/2ll9PL7LLuNKMe3cmuhK9mXP2QgWrfnhN7IAC/zf3QpyPUUGes0gZ8cZ7hAyYzPwSVmC8jDucQWltmmhDEwoHiGEzBCEaYolCJ8JcRl3V+mSD3rwDOeL3kkJauM6oWT16aQzVF0cOQM80XPQm7NAu0lpSjhatQ/EbamfysmYHzZu+zK9TwwQiHCH1F0tuKI1cGEcBir39UDtUPGIS3vaI1Fju1iVS0BJFEpcjeJNqGSFCXFweFApq7Dc+eOqzqISv0lHKjdhrIIb4OiQPI2KNppQqdVqOtJQsbpIeO0KbdeHdXtvN60dpXcJeQ+0R3GbEeWLS2L8vnCIpkTiCZyTZEOvlduLirmC8cmO6Ayfw2FfElqKugWUYqo7FyPMVfD9Qm8Mf96AKZ1lR9brFqU9m1zyxYbereWJ492FYNV3G7VLc4OgXl94yy5uLXSZoXKmQOzUuE6tw/JpadbQMfxfTiio0CwwAsUmPX9QmzwkagOFMGNiA5yK7wXOnKsiDiSgebCinMmzkaSXIaJEXnWM0/PEvPOXZbt7VL16PM8vONUuZy8RxREpExECSczlxxJ0YnWoxRjgnk93hgAbY3FfEPLAcyTdIzUjIqcJO1dtlRvXsWmyn633BPAcvhi2OGZddMj6E2V5Mz/76HHKvhZ767aZuRhYXNzKjpdtPhXo4sNMyxfMkOiCahjXRNEF3XgzpisDdNOYdVxugBUGqg1zRJuto2/ei9bwCRuwBFdsIZJVJE3E2YlgjAEBZyJu2zqoroE8dch5lSlOLVROa+hBV5GwHNigSa8dF1dmmbqwPHWzcL6T3ZgecVqYCDWeK8PWLIgIn3ovRgqCPv35vVyO0Y+4ggRs1/knfgoBYPLCFuwlvhYFxHc+XxptgGrXm7RvQPB9pMtdCgDEE3LFh6dxnB1A8M7v0NlU3OzgDb9Xojb1LY1Lhe/hbayLyZDK16bXCJQH0D1u3QIMQLVgjRAjh/6VXx6n1PsOd5jGChJ0jf2bFpayN9HXOUlQ10sMDcBbfSrAkb5esMjTd8akJmJDRZMz87L7lDprHxKGC7CDnWqD6ubthblmPE6aMU3y4XZwaXzvlXP04Ivd0CTucknDFyFv5psR/yl+Y7IS/NLGtU8CJQqEDBaGaVAQj8SRiqqDERv27IUXV2WwW8TFDRsSWzIlPDvGR70bGWQ3Um7JjIUgatP8DhHMukEfeLbWD7QZ28CKKdCg9TQ8X2gGmzJxLhSnzU3lDfh+J5RDaiOIgbkNphjLhs3dRpxcPsWc7Y18gIzhjz0S5miraaqhDqgyOxYFGNT0czazEBuz6R66tMx4/UCffomb2ueswM11tareHfcYV3x1X1R30fWXM5c9IDsltI1buLef7p9mwm+ZA5V2LdcSq0L54p7CSfdCHPd99UT58o2O+7WMDXXqUdJdXV5xhjF8p6Ts5XwnH1NEloeXQa3GnOSRYKDG/IpYEbe5RNVJXAmRGTiqwCURxdxwkkgjy3K49SOmCuwciGlBCLUtVbHlB0tlcA6e9Fknyi3h6+sevkTRSUwerzpDJarIItxr8xcKpBN4NZmVIRwgtUWCt1L0JL7q51zfQW2Nm2+du8yzsKDucIzMD/KYkgR6O/TI3+fHvn79Mjfp0f2eXokuy+42LvJLs5c0wVyr+TcNEI4LBkYC3blkC6fflRqtJykARPk5LQrhcmdbn9HMFFH9z0It3HOMvwxrJa1zXYUWUpt782S5WKTMt2bTs2dkGAorxp1VJjLcLdgmYOQojvBclt75Janq9GF2ew0ralDmtleqzFKIYWcULmpypmeHUIq7wJQQdIumvvk8mvmG1biszPUZffPtdQ57+IJ77KtCJdrdyLY6SZ/xeacUIRniWzF1gZ3U1h1bPch1q3bbLtIYw+0+sPpLDmVGlHx1tFNBmCXbLOkyJNklh7nJeaQ0aJzZ+3yhIrzSQvyZ6AvyM25cIZ2K/0+U4K5ZoL8GZgj0bIDazHc3Z4ZATDo+4U2XereWk5Opnu4mUJwou9sLazaeBUtu6Miq0YOCyfpkutiiwHllRdQ8tcU52JH6a7PSpBc+yDz5RYrNSrajzM/uauaLWzbXDVJ/gxgkhDWkHLWE5dGLj6EHkY6o0g1me4JxK2/4xCyBFNP8RFAzim+WXJJs9cHhyf10yP3PhZL1xL42+SVPReXKysA3HZVnRAo7i0+uW4eTEat/rg36Q36wUWv/7PZHeskT34ddjtmg6yTfjYY/HzZGv2sdzW+8nO7l2cK6/vrJnAzRt1Ob9RtT4Jhd3TZ6nf7E7OnuAxo0r0cDkat0a+ayo8+XGfwvn8xaHXMvmIn63zUuux2bKX+kScg0dxdl9WHOgrXFTrbBOythXYXhL270DuIoraiqXY0P7Pi9EmsqvL9Eb0pYX2vJMMurCrLfbCFgywOhFxht30bHa/OKQpREq7qYEjRR4zu5Ym5LfeMVN+QWAKyod/x8Fm7gi+XHO0owqw/5eE0zjkTyGevP6hS3cVwctZ3TTZM1hVrlhlQvijnEIxL3lqBk3ir7UEJR9tGDiZVlqIOINqjg775OM2DwvL2uxSYF/0kh0K20tYsVXOuKSnX2H98i1K8WCafU7LV5S1h3MybybhRESHN3MMEL5A3N1h2ANCJqmqiyek/mYQ1eHLCZZVNHTqTaE58A1jP35VM5vlgZubOTORNJkM5kbfNLFrFPjkT0coBS2OfFHLJbIVkc7vZCmEqdgbKu8HQyZgTtVguNZvPLMyXuZnqji4R3awhuNlhXuNupqvrQqZSaCEZuzrzM4zKnLhSnBcriGMPUykZyaKfnvhXN+efPrHuuG6YUzm+Ec6qbxi2R0TU3KE5SFLhTcwc/Cg5BlLie+qkR+HUx4O8VG+E1ydXLuEn/avS3yxXlY6WgyjzsBL/Kt8sIJRYse8/l1e8H9DPX+AFmug1M293fg5Ozflm071lMOqMQHY8QMEwX1/IVYmPHy4pPTPb+j0NlDGudSIZ178dX3P2nnvetvft4h7RTR5X8qCP9auSOzIKWSUeV3WZRYU7oGDBSj2ixPIr4nvJ9RGy2wBniAX3OrvqEgengJAkQeEqhxyQ5dlRffGOB5sacKL4MN0351aGIlB2MUOuLK8qXlEZrqygLdivfKE/mKvM/jqC+esdihXJZXoV2bS/pPgEVGayhC5A9dSBl11i1ediJOr2+dTCfHbJaMG65c3wV6Yfd26+1nT8rtxOXwarjkGu3y/J1m6WZGtntrO6Pa6r5d/fIsrMrsU3whNZJX0mbmRpdzzY6t96gotdybjnzBx3dB7acqx+n1PGDgebAnDpq2C1XhcQKt/cA87DXEErjtXtxJn9boJ058DW3tgKvNvPBHj2StShvi8tw5nIhxn1xk55UxliKAghhzGZuddIHdknheSR5+b/gGnNFhxMa9PkzWhwNRQa0mUq4q04fot5CeXqm3N9gAL3GUOfvStjwdrNHrJVWmX9O/tptxuU45lJYIvpJmzAdUdHEtcbAIIrGstXm8x9rVb+rtzrQJpnUwrV3tv7+Ct1fb04MrWKXjsIlJ6y3ejvisa7uQ2s+LRdlde8xbN5jGdzb8vhZtjyZfcHSdfXsGcrrs0JoUzNldT/HqqQ78kB93k1IEEcDVSC+IK3DWug3ibznjlzupSNM8hk++OUaIYKnK6CXkeN5Dhd2SuNEGV6lvGd+qnS55DNA9uevYVsboYghIruWCov7lCDSJmibvJQQFRdIGH26th+chpjxpUvGxBy8wcKeR0UboKT4UHfRFGCzVKSMLQRXYFpfEh5tmJsPjYs3T3+vTj39dkNA1IQ3sqDvOq9LM18w9Wd+Z1tCdMKrDsaq+e0VHcV4u+6C/RTeVY2GawRbU7WZmNSCade594FuInJjbq7btDfUMdmOaIFqKShD77TL6LjITu0nvwxsRIe3bciykRRNpdcWZdNwwrn6UgdjPRG9isGZ8VI5WVueKoRfJj0LrvjSetyuOaRxmnZg2Efznuj8aQaXQ45NpRx0XvXDa7GrTfdoLqgC/wRycr4hX04u+p3Lrr91mVX7vNYJlFsls0/DEeDtskZUiLijh0AfHjfO+/1+iLrPb7FvSRLHVxNTPJgyXX6+1ZfQ8PEAr9v9Q0wTKIMuDfqdkzZFEVZ4aNux5ZOUYbxi4IOfjGgv2iw4BcLEwx/9gUh7NQOOionJ6QUuuNxI1Ny3U/3VagyhU6kShw0Sb1EV/ouUEcVvvhdeXtSdkXrSdQToy87K69MTgWOg+HPdS2WLNnd+WPqLoJPJgch4KZX0NvWWOc+fYDJ6DphxTC3actf8XVgEwaIv3HTTS1efiAtTu/VVe3sbye/m6NVIlEgin/tUug4wWmqJj1Fnmr6AvVTJGbOHpKQQDm0kEtQKJqMswWpbEhShnABGVc3EnXcVX6VtA6xg6nqxqpG3cM2eVnfqxXadeJA/xbJHXleiaiFEPuhqtey70eawJKljPGfuZQrfReNd/llMdvch6w18Pr0d/AdOHjo88m6Bky9aqy/juUBweMD8F2OLUnBT1bP+4guqk0SReWk1dfTK4Hz7WRrg7BfTpaZgA+cb5E9WyZ/4tTc/d6BHNrHWTK7rJiDykyieiYqD1M+H1W6GXkwAuqG9U1TUSBpmHhttr4njQ/9waQLILNeBMITEV4nF90TkZztLxDp435vOOxO5N3cmZPJrF6n25/0znvdkSlNG47IbI+6rUlv0O+0Jt2XQABYf7Mw54OLTnd0Oej0znttCy2lXPQYi3XRGk8Gw26/2zHQvmMqwNPGh1a7PbjqT14K4o4jyTxZ3VOR4/mVzPPrlXM1EL4STZVu60XJBd8D4UsFMu59yIEYZ5Sl+HRKHDD8vvHBkvHtWublCnCNW+ZrAUx+HbpF2FWmpPGh05q0ZCWzJ4c+9NrCQEyOfErYabJ67fbF4Koz/rXf7vXfDM7+W5gZZCA8kV3oE2VeErupzW/bEk5lCaemBcwsZNsCXsoCXioWmsbUt8V+JbFfNT60JpNW++1ltz85acriHlCH72Uh37t10Fo4dSZg5RbhJ2/JM0W6TXkZ65va9a2etDdPuoPsnXk1NxHohNUQhndwhnqR0xN4AFKuo5C/2f2/XvzyPPe/veH9NxlRdYm96LcXr1/9XncTXr3+wU/44fVPv9dzWD+9PnnhQ528eP07+F1PTJpUiWae668DXQH9kq9d2VOTWGtX9uRJR7fg7UrVpRm8wErw6W3O0HQMrshGSaa9pnTT8DMzE3cgWmlE7RinNwTSrSwuAy5OpuW6h4XRo7sd285V5xM3Yg6SdozNgb6yDFmCvwnD3WYxhKuYQGWApR1ncAMZ+uFVhEIS5d61+YORJICUwpV6ZMVKQxd69NuL383Gb9VjzgE4VL2jc5c8s8md79rIM7FxwszM3ecN79/eN9SdZGCsHsQPxivG0aKXROhT8IbPaYmDbMJ4xHrauQzaQrVnh5Mj0KxY/VGWeYMTSFfqrR/7zM+kZApXPri0DEVjsMQJ/+HVzbR2dFSk+ZQkixRFn09R3EHZX7pyZRQi39fpdeqgQ0L9Jm4djDvO/LCnGi86VRxiEThYvdq+5UIcmNbyxiSrlq3W7Or8i2FsR0s2yjEa6EGeNeTzhzuXQHrMWpqnb3PmUW0B/HIlDfk8p6evKdshJSmifCU7pg+TsI/qxrFfQDN731a+fDaZy3vFM3gQkni5SBiICbkDMb5DEk7ZIIVJRBbKYp8rNCkjRsC9erEuBXyuMBSsXEkB5PYWcAIizNIYrgDmIJXI8Uo/rKYk3MEhPxR/ZAAjgTy4I4+KuCuoLI0xP2Qo1Y/VNae1585zdMEdWh2JjsFffwGz4iYXevQ7u3ZV1X1qV9B0n7wVdZPiKNmWoOKCG2+bvzSU/AOlleAN5HNEs32lFZluSSqOOiXhP31kM7auoCyigxfKStI34Xv70UvSN+HrbmQeXSebp5IK+zmyh/RyZqAfL5blZcoraM+8hexHkrXu73u/5wDuI7d17Q3NaU3Tf3wb5eznyFtZ2cp+iRrKm4xKwIp3ufYYvsq3WzymlF00Hu8JvXN6Buud1AGwjpilFZ3Mz9MeYLOs1wjuBveJunw7n1YE73G0EBbS0YE0Q8rllKOayeBcUjlbLXNuleV4yzKKiFp6rSUn4+ViAemqGP+czH9bV5A3duBkZkY5m82+gLELE/+lUWIx1aZiB2z62PMVxe7cj5NchtTxD+mVpW+jbwCA2dNUIPuId8e309sVQ9TQvSCzGU5mm1VXhrQb7X2x2+cbacOeuZt97J17qczdurxuElWW5p2U8W3GgLTStBeV4cqML7KaXAnuVrmKylZO1GzA2HVQ+fz5fwMAAP//xUc556bVAAA=" + LET SPEC <= "H4sIAAAAAAAA/+x9aXMbt7LoX0Gx3i1JDk1ZsrMcv+IHWqRinmh7ImU7DvNG0AxE4mg44AFAy8qJ72+/hcYywCwkZVGUKzepiswButGN3rAD/2mMU3YlGq9/078arxu7F4Jwsfts94hecczvdo+JEHhMxG48wbKVXDWaDYnHCqdxjOPTQaPZ6KRp4/dmI8NT0njdsHBfmnmhEzYlu892WzHLrul4d8zYOCXP4wnX6e/JFepiib2yDyCv0Wy84exWEF4i43AW0NEEnnMyZZI8T4i4kWxmU2ecXdP00cnT+fTLGmkcvB6NQEWj0bPRqDObKYDR6D/nDE9pNm4esRinX3bfcPyJDNi1vMWc6K9noFoocPP8/Awa39UknpKRYxpzJti13O0l46fkZDQ6nRGOkVWS+5b4KiWj0TrtsujTndkspTGWlGVoMJ/NGJfVFrNpJkIz2TR1ZxsIbOMRI0MxAL5h7GaK+Y24D6Ec6eEh8JEZMEFwfVTWFQY3zlF9INw4KwtC4aZ5WSEYrtFCHxION8xGKSBumH45JD5epCgGxQPGbii5Fx2L8vCA+IjETTBcD4V1BcKNclMfBDfKxoIAuEk+Vgh+a7LGhwS+DbJQCnobpF0OeI8TCYrBrvdZkkxQlondZ892pzij10TI1r8Ey+5DOUR8eBh8ErZMgHxs2usKnd8In/VB9RthcEG4/TY4XCEQP7o/PCREfxPMlYL3N8FVOaxvOrIVA/4h/kRjlt2rXXE4Dw/sj0reBPB10VhXoN4wP/UBecOMLAi8m+VkhQC7Nrt8SCDdKBOlgLlR6uXA+FiRoRgA31IhGb+7DxmL8vDw94jETfBbD4V1hb6NclMf+DbKxoKwt0k+Vgh6a7LGh4S8DbJQCngbpF0Od48TCYrB7pgkFKOvoBUiPjzwbYgREwTXT21dAfHJOKsPjk/G0oJA+VQ8rRA0H8GSHxJAn4idUjB9Ij7KgfXxI00xyJ4Qecv4DerEwNoZJwmNJeP3IV5bxsND75OyZwLypnhYV5j+xvitD97fGKMLQvq3xekKgX5jfvOQ8P9NMVlqFL4p7spNxVNFxmIDcsbJNeEki6uX+xS7CzjwsR/eWmyOF9M0PArBdbUDT8lcfdB/Sq4WRPgnZGuFcP44hv2Q2P10HJUC9dOxUo7KG4lAxRA8mDAu47m81/RzjvTwuPvIDJhguz4q64qwG+eoPqxunJUFsXTTvKwQQNdooQ+JmhtmoxQqN0y/HB8fL1KUgiIReqeC+RE9uxdJjbSO2LgRPmyIXDextUXKJ2JsQcB8Io4Wxc2nYWmV8Ll2I35QFH0SbsrB9EnYqIipjx1hiqF1yGZoQOX99vfmSA+PqY/MgAmm66Oyrii6cY7qw+fGWVkQNzfNywoBc40W+pBIuWE2SiFyw/TLsfHb8+H35KojBBVSfV9hQTzOlkwPlFHXfKj8KRlbfMj8CTlb7dD5ozD40EPoT8dU1aH0p+Om8pD6k5rUMfuDpikejQ4pJ9fs82h0pns3qiqzFMdEtMS/Uyp9xgzsAt5CzHXzFesjWl/DWAF13Zwl7DZLGU6+ircS8rq5uzY7fb+GuSLu2nljfDrR20a+ir0yesChc0/D3i4w5QX79zRL2K1QDnmA4wlxP9692GslWJb9sp9JwjMie59nKePA0wJXDcpaFDcAUCXAj1Uu7XGAfrEzTj9hSXY/Yb6b6eXVRP2YCzwmZQlXl1yEX0oguVorjZJsWCYxzVRizKYtPJulpHXCJBG7WqkGTifB33fPWsoqSBLeBFLNi8IYKGjDzJ+6iNZ3eRGL2PuZs/kMeUyOVUIrZzVzfPlU1s2Wr5kZZ5LEkiS7n83P3Q9nK9gUAK3iQQcsy4BAl3yiMRFnKZbKGXePWs92O7Gkn6ikRFQYs/G4EukKpEKwOeNszPFUhxnnwqPRgGAeT0YjneE1wGI0MtTcjxZZiRkf+svvzYZgcx4T0Xj9nwY1t2tFNoqpxBONVs5rNt79v6PG68agd9Q7GCJJp0RIPJ1tkxmLJ+0ES4J20d4L+x/6Dv3jx59evvhx/8WLHdQZoKHFaKJno+zw/PQYnasKZe/f9s57eTYazV+8eElUn5V0riXhqHPSLWbHkP2GXDNORhkCkG3D85B8lk10zthUVWYHtf8bHdJUEn5OxuTzKGs0GwOvKgp92uLsliZN9TtmOCUiJtvTVqz0F3HGpkqaookmLZroykw4wUlfY0xbVETXnE2jKVGZfXHI2fSYNEeZyj7oDHrodkKyELCN9tDwbe8ETVs4jtk8kwq4dzToARn4OOmq8lRpZxOWkZP59IrwZcW+qCvW1Wyy36KJqY1HZ8jKVKYtQbhyDAUw0D9NpZXKzU9JPksF4GsAZNlKqJil+C5SAlQQVi3GAqYaAWGBpgohJdcS/YvRDE1wlqSQMUFM1VEnRDRBbTTR+gox4gmWCj7W8AXloTaKW+pLs/L8OVLB7DVgeelUqHQ0z+i/56SJ5IQKNMV3KMZzQRDLyHPJnk9xdgc0ywxEhk1IUMwA97HmV/EwaQFYkXmvuvuAMQkrvG9rDN6icJGqg+R3SDJEUjqlmXLBZK6DBhEomROVl7Hsua6OwzJSL4poN5SFBlfGYk1ACWeepohxzy6AOfOxo4zm9LzbO0dvfjUmgrq9wcH/BbejSfTvOeF3eRgBA91+Bj51eTAh8c2lsQzdUkRTLCThNkjIuxlpb8F4cQvYA79XzLa3itLfQqfnSGeZ+kZYShxPpiSTGkLXUP3nQMVdFkcJSYkkSWTwxNaO4/8TTuek8fpls6HCou2Uu1sH9ZwInU+R6UqhzlyqCJpWRdkVgAth9+eLfhc8qxh/kRJ1NGUJvaZExygVIY9NQjXOXJBI4QH4hSBd69GHlAupmGyiY5okKdG/j7BN7U0xTTtJwokQgOFHDnTApjOc3WnQgeSESB/2gMo7la6ooY90dsAS0lT0D5Q1NNHp4AzLSUUbYVisbiGCzMr24X61WlCLldoUbHVppttFazyniZK0U2KgM0ixGmlWlQBeKVrXqhouoOaVWoAyheo6HK/2C5BS7JFxQqpEIEpwogX/qBhWMo8SxkzZi2hlYDGKQNj0VIkv1vpwLPn6qcYQoLQIa0agBSsZYwUdKu+gfGWmdQUrS4Py6pQlWn/QWcwSALNGXg2olA6B0LjhgW61lflXIqjE/slJ7xz987R/UqcNdFqbpS2xXWOiy4rXqqsqvrZgq+5VitetdRXzXiFVNLTVahK2DVroiAeP3yhZ2l5jFHOSUBnFmCeiqgVi19eEqyCAPSTVvhJuLZkIL+uG3N0yVVapkfo+aKS8qyEXNDzHWNyQBB0Ak+hAMblSg1WFV2i7niEX0Ku64FBA5EunpcOlCZZVAKpqEcvgS4EqNk8zRb0exW7VHgCXZud2LTgEwWs25zYIHrI5r4Umn2fRlGVyoqB7n2fH6vdC6DuCuQH+leD6kq9wduMi3xuc3biwV1lJGt+4MKlqab5rEdTfiAox18FY4fThqxaDZkLyOfSljJpcQr9re/dlPL97WKfxv/3S+Vd+d+ECJ/RvRdQe9/w5OifxnAv6iaDreaaPJUiGOJkxLpGcEJQQCc0Eu0YYXbM0UZI76g3ROcAcQsq24qyJ3mBBzGAahd4cTzDNtnH7P0piz5/r7gji7BaRKTWEsMQIX7G5/sSxnOPUUUS2QEsDfYdGDfSn+vMdCKZlLdmZvPkv78/e0kxJVCW0aSa3aSbbgAo9LJwkqkv8DO29cB3jjkr7msIgIMxFqUAVGy5EWCZgKTOE0fXdjJQy5zxFf6q6jhoIWv/zI+h/g1HHbEa2d0bZl+You9ISViLuX+thqZYgmsAok6YJJxnioHWCaCYZojD0LyhM9YhxPNnm7NYUmYNoA9VwVJKp2FZ/deUtCZgwQF+aCIF3lsqwUb5oRG1deG5L7cUKN3RU9WFUqSzzGMt4QrPxoWrFc1PU44UmmmEuSPQvwbJtZXNtTnASKVVuW3dra9AdqzUcDDJGWb2oAtJNv+5V/gDdDiuaApfPmmjUuDIuG11hPmpY89DwNfIDyXDGpGj52J5AlRWB2L6AnV0tYoDJCfkKyoBWTzJeRFINrUlyf5oar5KosQ7XnQibjSDoZvM0DeKufy1sKaZG9hbF+rAb5Xcz1syM+oFkO+YEpnKjuYxN5PjzT6Tjx4HJuxge5BGiphzyeUY5EVXF9HTWKqVAFMNxTERlSSqYdSA3KOwtE/IXctfUkRiBbl3mG8bS7XdK2G0qIqECkZ5Y6IsBfNSBTqScsSy9M8BvpZydZuldJfgEi8hIAMDfYgG1BvHVEZgRLqiQJJOGxJlLyFHOOGVcT0zAFPkZ44umIgIJVU9IVIBUTkvkwlxpXsGuAPsG1fQzPAsJ0gs6D/ImTMjohsC412rZzy81wTZjhnVn19mCzXA2UEy16g7p53otws9CZTnCRl9A3OrOB9ArHRH0d9RI3WnVaNPAeR3SKsk+vDuKyr3RYNpSEw1mKyUudxr3g+CVX/Ja7g7mlwsu6jR6UEGvUbD0E4GOmp2bF5LTbIzwGKs+P2TB0hlBCY2l7TMCniJml2GaBkr1GcdE6q6ETnJed01JmrRTdhtjQbY1obZuxvVHdEvlJOLKGbbhb3vU+P9RdDz4OdpufbcTRf9n1GgaDtuG8E5rvLfjSCTkGs9TmWfaav35p12uUC0/1B0nuuLmWkVkZlt010OnqXbpwT0PW1ih9wHd5yzxJazQVb99QtIZUrJoaXZ0dsjMsyai19sxyxKqrLdtqbSMCKJUCx+RVJC20t22E5OckKxdX4u821qoT6tLeWb7cIaAgI5cDXUAtPPqcG/lqLGjpaLrZGTiy9t2/34msh+zbNvmKctyZPTmjsu9/Z8uQbWF9B9eVSa/3K9M3vvh0usOWi07KDyXE8bNdKdqeNUPEGWFH/hMZnrCGSratu7RGSA3Nl+CnxARczqDxq6iGD9blebwmOJ4vwUjCoGwQAP4FQLNCJ9SvQNegZzlnyGcaiawQNARCAyuqB9ngTv+uMda23yWMpyAg5SNqb4obSv9qYowPlsqNSo4Vu4lttne1hrwBLWgzb1Pb7J4FWs54LprChcEZe/6w6BP2e82kZJHafHH79ShbRiDztQwNanq0ZksvV6Dx+Ti/KhpSarfsAChtaK7CYy3Rw0VCkYNq0FQV0Sd+BHSrdY141Mst/U/7VEDFPRfn1qzbKwiNOZj0e53i8rTelfWFC3sadlK1fazAoCwl1XRhXJ7wYIJRpMaXVE5xTMBscDObeWyL0GpykR6jkMgTzJFQD1xYPis0AgAT/FsRrNxa6YKnfNUd620qgLOTV6uPSM5CzDKvDl2v+ggo8AjqCQEd1Jo18nH9mN9oS4Adr2tUAmPNOfndbT8Wnm9LctGOcnyvmz117t/tOzR5iap6B0VVC70/QJkOQKAu9WM5z4ppEj9Ljo+FDekduZs0XiwvhBlq1AQSfKiLs6PhlSqDgUEEsg3K7hqeJ/o3wAaNBMTmiQkU2F3a2+rqRuDUeNX1W8wfZNR44SNGnqAB8C6FKCgQuEhZ1P7ATma82Sux4H5PiQngK7J6mcDojjRTVr98M5JrRRyrFUVICpHdoGEVhrczXlaiEpQNdHydIMFyr+aDquoQixQISmHlYorM9+oOXRZJrC49kCl6SLcEqWn6bxEpfEcpGAAAGL0jgWa5Eo11dNV9nVqMmBbE/y2O6EqgArqdwKyKUbBigvVkzwc6uinsVXEs2Jv2xLnPPVCVVkHmwhYiikvKmkmvAS33TpYjxhPSSYrYtarIGblF9zVB6KuLX+VqJUD28CleuywPH7E2M3c7ttrw6Bx+/LFZXurnyHYCUmE2Gqiy73L9tYBm85SIon63r9sjxoHOItJmpJEBYfLlyoJ9i3z+UyaxFelxB09XujibEy4MsUK4idMGgA2t+RHDZcCJe9ftrdcinKJLc2Dl3jAMkkyuWU6Q4qZLZOGjvEdekPQMU5pTA2V7y/bWxdZzKZTluXI6PKHoNQ3c4ng4M47nFLoIjgCPwaAb5kA9J8u21tnTBVGcZreoYvsFmeAhi7/cdneej+hkqRUqL7H1R06YymN77aMnJzszgkWLCsLC22dsBzKCAttHarBaY9zxo26tvR0F+qSjGraICwqbtDhPE11HUAE0O0bMoaOWDbeakL1oThIw3wMFqDq+o5yox+ltSGZzhjH/E5ZzlVKppCjLOdNyuIbK6fLPcUNTDtSeYfADdEhpqnmak+xdU7EfOrzD1ZhVofzVFU2nFOC0KICfoJO50bhl/v7Wt8Z0UtsR0Yf+y+BPv9EOFKuAbJ4kae58l+q8s+VPtE5+fdcDWRMHpT/cj/HOePENaJeAS/BolQAQZKhMdHTFpD1Kke+yPSglf7hZPTy+zz7gHBJr2HjoC/Zlz/kIEa3h4xfQfiG/B99CrBaApHMEPjJc4Yjko3lBB1TMcUyngC2sswDzoRAp5yOaYbOSUI5iUGEr5S4nPtDCujZBJ7BZC4TkKw2qhde3gHHYkKSrR1vEK/6DbDxCh3MOSeZ1GP6obI181szgdPj/nEPVuvQOYkJ/USSN3eSiCYaMolT/bt+GLYtJObV3aiBynEdqLoJ/iypRO5lyTJUNiNZeeh3CqmL8PyZ4brun1Z/BQd6LyEUEWw/VEjB9kM3Cei1Ck0zBSgk3xaSt2Fj1U7TzdqNGhfZTcZuM9MdzPdbudLyKF8sLIGcSDWxC4r08INyC1GxWDi12RGH/AUUiiXpiZ5rwjnh0HUeUKkH40N8Zf8NAGzrCh8rrElU9lwLixJL+q6Op4B2HYN13K7U6c3PjQU93zy5vHHSZcXamSO7DuE7dwgpwdMdoOf4IRwzUSCa0imJ7Op9KTaESNwEiuhKRQfY6B6EjgIrKo7koIWw4h2jc5GkkGFjRJH13NPzxKJzV2UHe1AD+rII7zlVIafoESURaRPRwsnNpUBSdZHNGMSaYFGPVxbAWGM539LyAIskPSO1Yx4vyXiXKzWYNXGpqvgIVvxFAV8NKgKzbgcEg4mQgvn/9QcWv5idUauMKxxsYT7EpKv2/OL8aMnsyNfMbhgC+kjWkPBpE/mzHQuDsFdYfRQuAVWGYUOzgptVo6vZhxYJwI0k4VPRsok6rubCrEVQlq6Bc3FXTTvUl6D+esS8qpSnJWrnJIzAqwgELqrQlA8uqkvbDvs9X1wurL+ue8LV95GFWOCbIWDFUgV4yHvVzVfWHcy4FfZyfKIJYXYnxzv1UQmG5wl1YB31scjf/Zl2MMpI1C+EmJZdsf1oSxBavapZWMFfZym+u8LxTdgZcqmF+TmXfqvEbWvbGVSL30E72ZeTsROvS64QaAig+0wmQFiBGkFaIM/Lwio+vkdp9jx3sQxUJJlrvJZN+hffiajzkjNTLLLXgy31qxJG9UrAA03fGZCdI42mwsybQ1emcr58xgQtw56Z1BDWNFwdLqmQTdRJr+ZTu7fK5H2rnmcEX+2ANnOZT1i4Gn+12Z74K/M9kVfmVzSZRRAMKlAwRhmVQEo/AAOKqgIxG6ocRV+XVfCrBAUDWxEbciX8NcODmWmM8rcCFkSGMnD92RrvsCQfks9yFctH5lRMhGEaM5pZOqEP1IPNhRoTmlPglvIynNAz6gH1IcGIXUcTKqFx0+cET6/fUilWRp5SIUiAfgwpxmrqSmgiTuxeQjWuVM2sy4xg4yQ305aeGS8W6OM3eSvznB91cbZex7vnDouKnxKJ4ZjMEh9Z8GhGhQcwMz9NWSaiAZUE9bIxHhPo9i70ncWY/nLVPwenJ/l+uq84TmBbMrTiqQL/AIHdZQY7381RxVasZ88jQaSk2Vi0yOeYwL4lMGTvC8pWFRhlhcMZ9nCH2d6rJOC2/S089KLV1ipM7arBc9inCGZ5Vy3V1AhKz/WhOqxVJEIIS8h2G1DpyEouGD2jRBz+Q44MhM8KLDO1zmyG3uAsI/we9ukj/W2aazdNd1ppEenV6cdsniaDCbvVKut9UiGlyMdBFdD9aWXks4xoJiROU2hqI5zRKZiNloOYsNusSgiKduboFV0l9McdA/cFhKLT7uVueDaLrqCim/M0/wv5qCu7XW0Jvg+apUwjFeHWyTHn+A4WykeNrl4DGjWaekNBJ03ZrfqC3QywSK2+YCNDR8Bv2L9g+pXoNEvvVOL3ujBJYon60xnjEmfScgA7HPTa/f+2uPAoYaGg2N9Cl/i97AoreULmW9gTOQMsPep+3Nd6Q1DEozdJsGsItfPDr9+aLbrhyuOYokGz12bpDXVYoK5O8PZUWtA4pfFNDnigPn2welsdBCYaUU/Rikd9QuQxDTd/j2SBafovnaw+EYa+ZlODGrTCzsWmGjGn/UyyXkKlmdA2UUI33V3/JIbefGAWNpr6rroBSeFawTd3aji8qVV7x6PP4ErLRGya0eiKfVbdCC3v6pXjCjg77s/FVwMIN4XQTLIIbgmB24s8MddgFeYJKiCMmwvd2/K0VAHrHf2AOFQ4MlNVveIB/goYs0TkrW/VQZYnM6rMpQbZzsYYMypDeDMQKyh0IzMRcJzRu0ajxNays47+q0V5eLCPdUT2R1UMKQP9fVj778Pafx/W/vuw9iYPa+cvA5V7N/kTGQu6QP7jG8um/bcrVrsUu7BOU0zfqTRayWaRUORgpwTH2Y1pf89xpm/KCiD8xjnPCBemjKxdtqfISmobb5YcF8uU6b9pAjep52Mo/ImO9ZjJ7l4qJ3lq/grkpYfC9GbcSxXNkNlgBP2LSy2xcrouoO4cV21ErSip9qRULeyiDU+r7m7KnJAie31+sGRVkZ/vWDIrtwp8q8TkVh1+xZJrBVTBMSogsrk52STCQ1X5zY9lpPBmwxUr91i37yp9mRWjEiNbRS/aK156Vnr7w76SgM7g8Q3PUwoZ/iSEvcVHdc5F4eQKTMBdnB/Zszyjhr5hKD9KNCAzzLFkHGbUvB1MZ5jDRXbaPdye8JBccUv4ko3m+QVgVZend/QlZeXryap22h8v3GjvdmSEWxYPGSd0nEGfcGFXyRZW31MKIdbhx+42ptB98+QZaET3Xjzd5ABuR3KelASSzNPTosQ8MkZ0/saWIqGy/0/ZH5F5Mqbg9znaNbSiuRLsHYnsj8je5wWBwGH4RxVzAuj0JCy07VMPNjMWZLqBaxUVJyYAlLYtBhWtumAxr0YBi2azubRxZckGx+LDPYXYUXmosRak0NxCPpwg0nMMm3HmR3dVe0JrlXcS2B8RzjImWiBns7fHyiWEMJMy3pyM3m8WCMSvv+cQUIKtp/qIsJScXs0l0OyfoO295v6Of5moo+sI/G3y2p7LPc8aAL9d1cfby0dn9y7bW8PzzsmgP+yfnkRH/ZNf7OFPL3n461mva89/eulvTk9/Oe6c/2IO7b0Kc3vHbzTW95dt5Gec97r9897BMDrrnR93TnonQ3tktgpo2Ds+Oz3vnP9qqPwYwnVP358cnXa69tisl3V43jnudV2l/lEkAGj+mkT9jQSlu/a9ffLuyn13DMBdvB/0vvVJK92OFucpvT6JU1WxP2J25S/uleTYo+LGazjmWbqFwYOAQ/+ub2Pi1SEnMcniuyY64+QTJbdw3cuKhybqr/evAFnS77j/HHjJlyvuJSjDLL6iwGucCyZQzF58y0J9F8PLWdw1WTL1Xa5ZbkDForwbHHzyzgq8xGtjD1o4xjYKMDNtKfr2HHfvTWg+XvOgsYIDHyXmVT/Jo5BvRm1XqrnQlFRr7H99i1K+FbWYU3Ea5C0T0s5CQ9yoiZB2Jk/vAfNm2qtur/Giqp629fpPNmEBHkxf3uUT8d6UtBffEDWz4RVT4yGYnQe30+LD4RlMi68yJ11zUMxGtGrAytgHQq6Y+wM2V5v7U6bi5nOD6/e9jAnT+8lBs8XM0uyzn6kvmFbRzRmCnx0XNe5n+rouZWqFlpKpr7Mww6rMiyvlWeaSODYwMZmTLPtpOItSegzUueOiYU7t+EY5q3kex92AoGfi7T0JNd4k7L0GFbccVPievsigdKnBvbzUnPM2FzMc48/mV62/Oa5qHa0AUeVhFf5VvZ9eKbHmWHshr3y5fZg/pVMyNCvQweHzApxeQckXT6pg9BF45E6/axgR6ov4Kgnx4znnb+yp9UADVYwbnQDj5rfna97R6sDbNn4aOiC6zOMqnrh1flVxwWMpq8Lj6m5irHEHEk1FpUdUWH5NfK+4+xC6DXhMRHRrsutuIPQKiFkWle4hLAA5nj3Vly8odKmRZJoP233zrhQsA+W3ChbKCqoSFJXjQgVdwWHlS/3BQmU21xEs3k1YrkghM6jIsiMY5UeRc5NlfFqxaFWZXWHVh2ok6vf59DaX/IWMknXDs2YXth93aL8WdPwu/E5fDqtv+Vl8pFAsPE8oFs5s53V7WFcrvHxUlZm/6WaFp7Iq+kzSytLtH3LVvw4El/qS8a9R8dzRe3ras/pNThl7HCwLwJXvZDf6PcQ4vEmPvKeqo06a6qd1cvtdBunPgS18biTcL223h+t3k7fNTtccZ6jqbs8+wk5ZIkgUY4lTNvbvQN5x7+HCjV7t/0ajhis4GjVG2c/npxdnSkOmTE28k6ZvqaygXP/sSwhQ4j5n6Evw3glauHUKWqW7vH/nPt3mnWo8OwnsMP2EJbj+6AhwgwEguuApPDlszz44+ftybyIwzzYI1T068/D3YEK9eDJ1il44CARPWW30d8HT9VxlXX7svc5r3tLxJKXjSbCBdzls9SaWe0k31HBgK77NKaGM7M7nv4Yq4Llz5L8NjgDE00AtSCh417BG+mHt4I1ur0vZeoMFtD9eiXaoIPld1O/qkZzkd+4+XsKFmWV8p3/q9AkWk8i1Z2+xmNghCOOqOzaDeyn1IBJS9EWVGojr+xFLG/FnKRVS+7IFYVf/IrFsotI15hAezEWLFdhixjJBlqJrMIOPucxXjO3HkqW7hz927uli2YAUxddwT5V+7Nkw3/J1Z3/nGyyNApuexpoFLTV9hYR7WCPzzruTTQ5rRVuQtd3mV8Fp0Ln3Aa5SdqUvXj89WVLHdjWiA6ilYe51419FJ0D2aD36S9gVPPoPHVaJomouubYuy4YVEG3Mg9g6GJmz3hcCj8uRKsis3aBtOv4fh/3j3mDYOT5D36F//PjTyxc/7r/QG6HD6FXGPOyfD4b16DDkWFLGUf9dL7oYdH7uRfUFHdFPBCoTFvbxzcVJ96h30jnuwT6PeZakdtn849n56YHNOeNMxR03APj4vn/Y75+orPf0mvazPPX0YmiTT+fSpL/vnBhonDng950TC4yzJAfun/e6tmxOkrzw817Xlc5JjvFBQ0cfLOgHAxZ9cDDR2S+hIJSdukFH7eQESKE3GLRyJTfD9FCFOlPpBFTioQH1Cl2Zhyw8VYTi9+UdSNkXbSDRQIyh7Jy8cjmVOI7OfmkaseTJ/s4fW3cVfHI5KAG3g4LedgYm9/EDTE7XCyuWuWUbaDMi58omvOGbCQMs3Abtp5Zv/wOLMzvfdTv72x6c1LTnZxSi+tcthQ4yOpvpSU+Vp5u+SP9UibmzxyxmGIYWsARFkuEgX5DKhyRVCEdYSH3hbtdf5ddJixC7lOturG7UA2ybl/e9OrFbJ47Mb5XchSs9mF4IcR+6eh0pcTyZksy9456nDOgfhZQLc9Vq8HJDOds+5mM08Hr/d/Qd2to9olcc87vdnzmbz7yh5e5YJbRiNm3h2SwlrUxpd9fUQOzCgz3maxfu0NndQt8V2AIKYbJ+m1Z1UV2SKqogrRMzvRJ53162MQj35WXZCfjI+1bZ43n2B53Zh8u6WOL8cKuzy5o5qNwk6meiijDV81GVW/tPz5F+HmzZVBTKWjZe24MkWevjyemwh7BwXoTiPRVeh0e9PZWc7y9Q6YOT/tlZbwgPS+VOBln9bu9k2D/s985tacZwVObBea8z7J+edDvD3ksEp1etvzmYw9Ojbu/8+LTbP+wfOGiQctljHNZRZzA8Peud9LoWOnRMDbjf+tg5ODi9OBm+VMQ9R4I8qO6+Pn3r+RXkhfUquBqKX6mmyrT1quSS76H4pQYZ9D8WQKwzQikhnQoHjL9vfXRkQruGvEIBvnFDvhHA8Nczvwi3ypS1PnY7ww5UMn8v92P/QBmIzYHLJbwmq39wcHR60R38enLQP/n59M0/lZlhgeI96ELvafMC7LYxv1VL2IcS9m0LmFvIqgW8hAJeahba1tRXxX4F2K9aHzvDYefg7XHvZLjXhuLuUYfvoZDv/ToYLex7E7CwRfjRW/JckX5TXsX6snZd+bYatduG/U9oud+1vlPDRpKYF851o/7hjDO42kLfcFE4vlkPU5w5qgitiaxd4LVZlVH0E2Up3OXH5/BG4mcSw13hbqhKr1JSkSLoOKPZOKL2BD9gxokaOJtixATvf/9DiGYBgqIADi3dqmZnzAjcJPPYZzs0lSXnOT6c6dHee5ol7FbAnV6fqKTETD1FJuHuDMc3eEz6iafveyAVDKD46tx/vfjwvPC/e33uN6iWKbGf/Pbi9avfm37Cq9c/hAk/vP7p92YB66fXey9CqL0Xr39Hv5t5Z5sKaGcploq1JjIV0Oth+cKtnqNcuHALx8L9glcr1ZRm8SInwccPKZamF0/KbFRkukdWls0u5GbizzPUGtFBSmdXDPOVLC4HLs+VFnr/pckBf7e9W4ooJi7FPM0OUmpPP1dlQAnhHht/F80ZvksZ1gZYOS5CV1iQH14lJGZJ4c3dfwmWRfo2I7jDxUnDFLrz24vf7b5+PSAqAHhUkX/O+FjmNrn2TTlFJlYNnyXD+8v7hr5zHQ0I/0RjEg3uhCTTfpaQz9HPcsIrHGQZxgOWSw8haCvVvtke7qB2zeKetswrmmF+p98hdvcJDStm6OEx6HmsGoM5zeQPr65GjZ2dMs3HJFmmqLr0muIayv7ahUmrEHj7t99toi6L51N9lA4Nut70f6CaIDrVXqynPA5aohXXWdGoUTQmqFq+GLeu402WsTWtyGnHaJF7edaZnNzfuRTSQ5ZKA33bI616h+fXK+lMTgp6ekrZnnE2I1zewbjjfhIOUf049iG8fuz5czScwKtoOTyKWTqfZgKljN2glN4QgNM2yHGWsKm22OcaDWQkGLrVr+nPkJxoDA0LC2WIXV8jyZC5+gtRiWaAnN6ZR9+1hLs0ltvqDwQwFsG5LDgJ5C+Qi1lK5bYgM/OQfnvUeO49lR/dkLsd1TH48093sxms45lbxUYV14UBTbszQvGj6gbiqNh1ouOCH2/bH1pa/pHWSvQzlhPC823DNZl+STqOeiXRP0JkO3VSQ1lFhyCUVaQvww+OG1SkL8M33cgiukm2zziXtuvkj/wXzMDcNAfl5corac/efBpGkoXuH3p/4AAQAxD6oncHaW9ojxqG/sPbKG+7TtHKqjZuVKihusmoBax5M3yD4at6N81DSllH4/Ge8RuvZ7DYST0A54h5WtnJwjzjAS7LeY3i7vQ200+HFdPK4H1JpspCzJWJHlIhpxrVzvUXkqrZ6thjyaLAW55RRjTS68wlG8ynU8zvyvHPy/zLugLcfUOzsR3lLDf7EsY6TPxDq8Ji6k3FDdjMqfYLTv25Hy+5CqkbnsGsSl9F3wghu2WtRPYBF3auprcLQbile8TGY5qNl6uuCmk92vtqty820pY9ewHTIDjWVJu7cnm9LKktLTgIFdqMBenMZv2kChcyvspqCiX4OyFrKls7UbMEY91B5cuX/wkAAP//Bpovk0DwAAA=" LET Specs <= parse_json(data=gunzip(string=base64decode(string=SPEC))) LET CheckHeader(OSPath) = read_file(filename=OSPath, length=12) = "SQLite forma" LET Bool(Value) = if(condition=Value, then="Yes", else="No") @@ -72,7 +72,7 @@ export: | then=OSPath =~ get(item=Specs.sources, field=SourceName).filename) -- Build a regex for all enabled categories. - LET all_categories = SELECT _value FROM foreach(row=["All","MacOS","Chrome","Browser","Firefox","Edge","InternetExplorer","Windows"]) WHERE get(field=_value) + LET all_categories = SELECT _value FROM foreach(row=["All","MacOS","Chrome","Browser","Edge","Firefox","InternetExplorer","Windows"]) WHERE get(field=_value) LET category_regex <= join(sep="|", array=all_categories._value) LET AllGlobs <= filter(list=Specs.globs, condition="x=> x.tags =~ category_regex") LET _ <= log(message="Globs for category %v is %v", args=[category_regex, CustomGlob || AllGlobs.glob]) @@ -130,14 +130,14 @@ parameters: default: N -- name: Firefox - description: Select targets with category Firefox +- name: Edge + description: Select targets with category Edge type: bool default: N -- name: Edge - description: Select targets with category Edge +- name: Firefox + description: Select targets with category Firefox type: bool default: N @@ -406,6 +406,83 @@ sources: +- name: Chromium Browser Notifications_Site Engagements + query: | + LET Rows = SELECT * FROM FilterFile(SourceName="Chromium Browser Notifications_Site Engagements") + LET JSON = SELECT parse_json(data=read_file(filename=OSPath)) AS Data, OSPath FROM Rows + + SELECT * FROM foreach(row={ + SELECT OSPath, Data.profile.content_settings.exceptions AS exceptions FROM JSON + }, query={ + SELECT _key AS Site, + timestamp(winfiletime=int(int=_value.last_modified) * 10 || 0) AS LastModified, + timestamp(winfiletime=int(int=_value.setting.lastEngagementTime) * 10 || 0) AS LastEngagementTime, + OSPath + FROM items(item=exceptions.site_engagement) + }) + + + +- name: Chromium Browser Notifications_App Banners + query: | + LET Rows = SELECT * FROM FilterFile(SourceName="Chromium Browser Notifications_App Banners") + LET JSON = SELECT parse_json(data=read_file(filename=OSPath)) AS Data, OSPath FROM Rows + + SELECT * FROM foreach(row={ + SELECT OSPath, Data.profile.content_settings.exceptions AS exceptions FROM JSON + }, query={ + SELECT _key AS Site, + timestamp(winfiletime=int(int=_value.last_modified) * 10 || 0) AS LastModified, + { + SELECT _key AS Site, + timestamp(winfiletime=int(int=_value.couldShowBannerEvents) * 10 || 0) AS CouldShowBannerEvents, + timestamp(winfiletime=int(int=_value.next_install_text_animation.last_shown) * 10 || 0) AS LastShown + FROM items(item=_value.setting) + } AS Setting, + OSPath + FROM items(item=exceptions.app_banner) + }) + + + +- name: Chromium Browser Notifications_Notification Preferences + query: | + LET Rows = SELECT * FROM FilterFile(SourceName="Chromium Browser Notifications_Notification Preferences") + LET ContentSettings <= array(`0`="Default",`1`="Allow",`2`="Block",`3`="Ask",`4`="Session Only",`5`="Detect Important Content") + + LET JSON = SELECT parse_json(data=read_file(filename=OSPath)) AS Data, OSPath FROM Rows + + SELECT * FROM foreach(row={ + SELECT OSPath, Data.profile.content_settings.exceptions AS exceptions FROM JSON + }, query={ + SELECT _key AS Site, + timestamp(winfiletime=int(int=_value.last_modified) * 10 || 0) AS LastModified, + ContentSettings[_value.setting] AS Setting, + OSPath + FROM items(item=exceptions.notifications) + }) + + + +- name: Chromium Browser Notifications_Notification Interactions + query: | + LET Rows = SELECT * FROM FilterFile(SourceName="Chromium Browser Notifications_Notification Interactions") + LET JSON = SELECT parse_json(data=read_file(filename=OSPath)) AS Data, OSPath FROM Rows + LET S = scope() + + SELECT * FROM foreach(row={ + SELECT OSPath, Data.profile.content_settings.exceptions AS exceptions FROM JSON + }, query={ + SELECT _key AS URL, + timestamp(winfiletime=int(int=_value.last_modified) * 10 || 0) AS LastModified, + _value.display_count as DisplayCount, + _value.click_count as ClickCount, + OSPath + FROM items(item=S.notification_interactions || dict()) + }) + + + - name: Chromium Browser Shortcuts query: | LET Rows = SELECT * FROM ApplyFile(SourceName="Chromium Browser Shortcuts") @@ -445,6 +522,19 @@ sources: +- name: Edge Browser Navigation History_Navigation History + query: | + LET Rows = SELECT * FROM ApplyFile(SourceName="Edge Browser Navigation History_Navigation History") + SELECT ID, + timestamp(epoch=`Last Visited Time`) AS `Last Visited Time`, + Title, URL, VisitCount, OSPath + FROM Rows + WHERE `Last Visited Time` > DateAfter + AND `Last Visited Time` < DateBefore + AND (Title, URL) =~ FilterRegex + + + - name: Firefox Places query: | LET Rows = SELECT * FROM ApplyFile(SourceName="Firefox Places") @@ -659,6 +749,18 @@ sources: +- name: MacOS XProtect Detections + query: | + LET Rows = SELECT * FROM ApplyFile(SourceName="MacOS XProtect Detections") + SELECT * + FROM Rows + WHERE dt > DateAfter + AND dt < DateBefore + AND (violated_rule, exec_path, responsible_path, responsible_signing_id, + exec_cdhash, exec_sha256, responsible_cdhash, responsible_sha256 ) =~ FilterRegex + + + - name: Windows Activities Cache_ActivityPackageId query: | LET Rows = SELECT * FROM ApplyFile(SourceName="Windows Activities Cache_ActivityPackageId") diff --git a/docs/references/vql.yaml b/docs/references/vql.yaml index 9cf7f8831c1..d231ca49afc 100644 --- a/docs/references/vql.yaml +++ b/docs/references/vql.yaml @@ -157,7 +157,27 @@ metadata: permissions: ARTIFACT_WRITER,SERVER_ARTIFACT_WRITER - name: artifact_set_metadata - description: Sets metadata about the artifact. + description: | + Sets metadata about the artifact. + + This VQL function is used to clean up the artifact search screen + and guide users to assist with investigations. + + Velociraptor comes with a lot of built in artifacts which may be + confusing to some users and in specialized deployments it may be + preferable to guide users into a small subset of artifacts and + hide the rest. + + For example, say you have a set of custom artifacts that you only + want to show. Then I would add a special keyword to their + description (for example a company name - say "Written by ACME + inc"). Then a query like this will hide the others: + + ```vql + SELECT name, artifact_set_metadata(name=name, hidden=TRUE) + FROM artifact_definitions() WHERE NOT description =~ "ACME" + ``` + type: Function args: - name: name @@ -6992,4 +7012,3 @@ category: plugin metadata: permissions: FILESYSTEM_READ - diff --git a/go.mod b/go.mod index 7f077e1b754..70951e8eb85 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect howett.net/plist v1.0.0 www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e - www.velocidex.com/golang/go-ese v0.1.1-0.20230821114411-ecb5494187ed + www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180 www.velocidex.com/golang/go-pe v0.1.1-0.20230228112150-ef2eadf34bc3 www.velocidex.com/golang/go-prefetch v0.0.0-20220801101854-338dbe61982a @@ -110,7 +110,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.2 github.com/Velocidex/file-rotatelogs v0.0.0-20211221020724-d12e4dae4e11 - github.com/Velocidex/go-ewf v0.0.0-20240116235705-14389cfdaa75 + github.com/Velocidex/go-ewf v0.0.0-20240210123447-97dc81b7d8c3 github.com/Velocidex/go-fat v0.0.0-20230923165230-3e6c4265297a github.com/Velocidex/grok v0.0.1 github.com/Velocidex/ordereddict v0.0.0-20230909174157-2aa49cc5d11d diff --git a/go.sum b/go.sum index 854f49c881d..85568ae26e5 100644 --- a/go.sum +++ b/go.sum @@ -118,8 +118,8 @@ github.com/Velocidex/file-rotatelogs v0.0.0-20211221020724-d12e4dae4e11 h1:pQY9p github.com/Velocidex/file-rotatelogs v0.0.0-20211221020724-d12e4dae4e11/go.mod h1:Ya1f4Kowt2GC7gbnu1MbNncvI1Lp3i1plN2xLiETJfg= github.com/Velocidex/go-elasticsearch/v7 v7.3.1-0.20191001125819-fee0ef9cac6b h1:XaAmLVXrqPv60nbiQtzj5Sch7lwz3XH8x5IocQwRPJg= github.com/Velocidex/go-elasticsearch/v7 v7.3.1-0.20191001125819-fee0ef9cac6b/go.mod h1:draN67DBVJDAVmLWDIJ85CrV0UxmIGfWZ4njukhINQs= -github.com/Velocidex/go-ewf v0.0.0-20240116235705-14389cfdaa75 h1:m/xf4OgH18zn+II7z+HzMsVf4D0V330TL27BJcl/KBo= -github.com/Velocidex/go-ewf v0.0.0-20240116235705-14389cfdaa75/go.mod h1:JrGP9QRoPe63ijMmU1UTfoGySg+zpgx68XcsGV/dItI= +github.com/Velocidex/go-ewf v0.0.0-20240210123447-97dc81b7d8c3 h1:0/ra1WgtmIrYZY4oU3pgp5l9A+5/DgJpz3mAyt0eVik= +github.com/Velocidex/go-ewf v0.0.0-20240210123447-97dc81b7d8c3/go.mod h1:JrGP9QRoPe63ijMmU1UTfoGySg+zpgx68XcsGV/dItI= github.com/Velocidex/go-fat v0.0.0-20230923165230-3e6c4265297a h1:dWHPlB3C86vh+M5P14dZxF6Hh8o2/u8FTRF/bs2EM+Q= github.com/Velocidex/go-fat v0.0.0-20230923165230-3e6c4265297a/go.mod h1:g74FCv59tsVP48V2o1eyIK8aKbNKPLJIJ+HuiUPVc6E= github.com/Velocidex/go-magic v0.0.0-20211018155418-c5dc48282f28 h1:3FMhXfGzZR4oNHmV8NizrviyaTv+2SmLuj+43cMJCUQ= @@ -1284,8 +1284,8 @@ www.velocidex.com/golang/binparsergen v0.1.1-0.20220107080050-ae6122c5ed14 h1:ja www.velocidex.com/golang/binparsergen v0.1.1-0.20220107080050-ae6122c5ed14/go.mod h1:Q/J/huOyH6IlY2aShigY1CnZnw5EO0+FZJgnGEBrT5Q= www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e h1:AhcXPgNKhJFAWnPjX5Y7rngvhg3Bgt03yF41sA1S4uY= www.velocidex.com/golang/evtx v0.2.1-0.20220404133451-1fdf8be7325e/go.mod h1:ykEQ7AUF9AL+mfCefDmLwmZOnU2So6wM3qKM8xdsHhU= -www.velocidex.com/golang/go-ese v0.1.1-0.20230821114411-ecb5494187ed h1:TY4zGUexVodrlOE7bmp2Vk+T09B8mGwBPhswUN0uNkk= -www.velocidex.com/golang/go-ese v0.1.1-0.20230821114411-ecb5494187ed/go.mod h1:6fC9T6UGLbM7icuA0ugomU5HbFC5XA5I30zlWtZT8YE= +www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b h1:3pFfQuY3k0qViJDlLqmUfGP4YkQIl25Vc/Uq8Pl0qLA= +www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b/go.mod h1:6fC9T6UGLbM7icuA0ugomU5HbFC5XA5I30zlWtZT8YE= www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180 h1:W2GJtqW0ardE+6phBbPK1023MT7onFwh/GSjwtbLc5E= www.velocidex.com/golang/go-ntfs v0.1.2-0.20231201083609-cc79ced94180/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc= www.velocidex.com/golang/go-pe v0.1.1-0.20220107093716-e91743c801de/go.mod h1:j9Xy8Z9wxzY2SCB8CqDkkoSzy+eUwevnOrRm/XM2q/A= diff --git a/vql/parsers/json.go b/vql/parsers/json.go index 0e1becc257f..1d914d5efa1 100644 --- a/vql/parsers/json.go +++ b/vql/parsers/json.go @@ -562,7 +562,7 @@ func (self WriteJSONPlugin) Call( underlying_file, err := accessors.GetUnderlyingAPIFilename( arg.Accessor, scope, arg.Filename) if err != nil { - scope.Log("write_csv: %s", err) + scope.Log("write_jsonl: %s", err) return }