ShimcacheMem: Fix offset tracking

This fixes a bug in the plugin logic that causes valid entries to be
excluded in the following scenario:

- An entry is discovered but deemed invalid due to unreadable
  size/timestamps.
- The offset gets placed into the `seen` tracking set anyway
- Another entry (this time, with valid filesize/timestamps) with the
  same physical offset is encountered, but is skipped because this
  offset is already in the `seen` tracking set.

This updates the logic to only add the offset to the tracker if the
shimcache entry is valid.

Author: dgmcdona

volatility3/framework/plugins/windows/shimcachemem.py

@@ -174,6 +174,8 @@ def find_shimcache_win_xp(
                     vad.get_start() + SHIM_NUM_ENTRIES_OFFSET,
                 )
 
+                vollog.debug(f"Found {num_entries} shimcache entries")
+
                 if num_entries > SHIM_MAX_ENTRIES:
                     continue
 
@@ -204,7 +206,6 @@ def find_shimcache_win_xp(
 
                     if physical_addr in seen:
                         continue
-                    seen.add(physical_addr)
 
                     shim_entry = proc_layer.context.object(
                         shimcache_symbol_table + constants.BANG + "SHIM_CACHE_ENTRY",
@@ -216,6 +217,8 @@ def find_shimcache_win_xp(
                     if not shim_entry.is_valid():
                         continue
 
+                    seen.add(physical_addr)
+
                     yield shim_entry
 
     @classmethod