Git Product home page Git Product logo

panda-malrec's Introduction

panda-malrec

A system to record malware using PANDA.

This is the system currently used by http://panda.gtisc.gatech.edu/malrec/

Usage

This system processes executables and runs them in PANDA. The basic workflow takes samples from queue/pending, passes them off to the runmal.py, which eventually deposits them in queue/finished. It also writes a stamp in logs/stamps. At this point, The logs are compressed using rrpack.py from PANDA.

I use a fairly low-tech approach to managing this parallel queue that relies on inotifywait and GNU parallel. To detect new samples and run them, I use:

while true; do ls queue/pending/ | parallel -j 4 python scripts/runmal.py conf/malrec.config {/} {%} ; sleep 600 ; done

And to detect when PANDA has finished recording and pack the logs:

inotifywait -q -m -r -e MOVED_TO -e CLOSE_WRITE --format %w%f logs/stamps/ | parallel -u -j 4 scripts/pack.sh logs/rr/{/}

Most of the configuration lives in malrec.config, but I haven't been great about making sure everything references that, so there are quite a few absolute paths hanging around in various scripts. Beware!

Once per day, I also generate movies from the replays, and check the sample IDs with VirusTotal. These periodic tasks are managed by cron. My crontab looks like:

30 22 * * * /home/brendan/malrec/scripts/fillqueue.sh
00,10,20,30,40,50 * * * * /home/brendan/malrec/scripts/genindex.sh
00 4 * * * /home/brendan/malrec/scripts/vtlookup.py /home/brendan/malrec/conf/malrec.config
00 4 * * * /home/brendan/malrec/scripts/movies.sh

Samples become available once per day. The genindex.sh just builds the (very ugly) web page every 10 minutes.

GUI Analysis

In order for the GUI analysis and actuation to work, you will need to use this branch of PANDA:

https://github.com/moyix/panda/tree/wip/unsafememaccess

And then symlink the pmemaddressspace.py script into Volatility's volatility/plugins/addrspaces subdirectory.

Note that you will get poor results unless you disable mouse acceleration in the guest VMs.

Disclaimer

This is not intended to work for anyone else out of the box, just to provide a starting point. You will undoubtedly have to make heavy local modifications. That said, if you want to make it more general and contribute improvements back, please feel free!

panda-malrec's People

Contributors

moyix avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

he0x jimmythegreat chubbymaggie carriegardner428 jizhongqing redteamcaliber pombredanne chonghw littlecho koncybernet hacker-steroids iantbutler01 jeffli678 ctfpwner ryandmaggio

panda-malrec's Issues

Broken links in malware recording pages

I am not sure if this the appropriate place to report it, but there are some broken links in giantpanda.gtisc.gatech.edu/malrec and panda.gtisc.gatech.edu/malrec.

You can find in the ZIP attached a list of 15,163 broken VT links and 14,897 broken PCAP links.
broken.zip

How do I solve this problem? Help please

I would like to use malrec but I cannot go through one problem . I have used the panda version you mentioned at malrec and copied pmemaddressspace.py to volatility/plugins/addrspaces. It seemed like I have problem getting Volatility part started. I followed the instructions and got the dependencies, yet i have the following problem

/malrec$ while true; do ls queue/pending/ | parallel -j 1 python scripts/runmal.py conf/malrec.config {/} 34 ; sleep 600 ; done
Traceback (most recent call last):
  File "scripts/runmal.py", line 201, in <module>
    click_buttons.setup("Win7SP1x64" if is_64bit else "Win7SP1x86", "qemu://" + qemu_socket)
  File "/home/force/malrec/scripts/click_buttons.py", line 21, in setup
    listwins.setup(os, sock)
  File "/home/force/malrec/scripts/listwins.py", line 51, in setup
    get_windows()
** File "/home/force/malrec/scripts/listwins.py", line 38, in get_windows
    main_desktop = desktops[-1][1]**
IndexError: list index out of range

Please note that I checked the desktops list during the running and found that it has no element.
The log file is as follows


2016-05-11 19:02:57,677 INFO Config file: conf/malrec.config
2016-05-11 19:02:57,678 INFO UUID: 52768137-883c-4697-bb4a-7c4724c76d84
2016-05-11 19:02:57,678 INFO Sample: CR00ACRush.exe
2016-05-11 19:02:57,678 INFO Moving sample into 'running' queue.
2016-05-11 19:02:57,678 INFO MD5: c9093f1b3413c3f82f3ff1fc8bb0400c
2016-05-11 19:02:57,678 INFO Creating CD image /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.iso
2016-05-11 19:02:57,678 INFO ['/usr/bin/genisoimage', '-iso-level', '4', '-l', '-R', '-J', '-o', '/home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.iso', '/home/force/malrec/queue/running/CR00ACRush.exe']
2016-05-11 19:02:57,713 INFO 
2016-05-11 19:02:57,713 INFO Warning: Creating ISO-9660:1999 (version 2) filesystem.
Warning: ISO-9660 filenames longer than 31 may cause buffer overflows in the OS.
Total translation table size: 0
Total rockridge attributes bytes: 255
Total directory bytes: 0
Path table size(bytes): 10
Max brk space used 0
235 extents written (0 MB)

2016-05-11 19:02:57,717 INFO Sample detected as 32-bit
2016-05-11 19:03:36,109 INFO Connecting to monitor, try 0/10
2016-05-11 19:03:37,111 INFO Connecting to monitor, try 1/10
2016-05-11 19:03:37,112 INFO Successfully connected to monitor on port 1268
2016-05-11 19:03:37,112 INFO Mounting CD image
2016-05-11 19:03:37,167 INFO  c�[K�[Dch�[K�[D�[Dcha�[K�[D�[D�[Dchan�[K�[D�[D�[D�[Dchang�[K�[D�[D�[D�[D�[Dchange�[K�[D�[D�[D�[D�[D�[Dchange �[K�[D�[D�[D�[D�[D�[D�[Dchange i�[K�[D�[D�[D�[D�[D�[D�[D�[Dchange id�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-c�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 �[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /h�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /ho�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /hom�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/f�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/fo�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/for�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/forc�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/m�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/ma�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/mal�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malr�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malre�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/i�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/is�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/5�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/527�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/5276�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/527681�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/5276813�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-8�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-88�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-46�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-469�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-b�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c47�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c472�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c7�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d8�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.i�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.is�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dchange ide1-cd0 /home/force/malrec/iso/52768137-883c-4697-bb4a-7c4724c76d84.iso�[K
(qemu)
2016-05-11 19:03:37,167 INFO Getting rid of CD autoplay dialog
2016-05-11 19:03:38,169 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey es�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey esc�[K
(qemu)
2016-05-11 19:03:38,169 INFO Renewing DHCP lease
2016-05-11 19:03:38,207 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey i�[K
(qemu)
2016-05-11 19:03:38,307 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey p�[K
(qemu)
2016-05-11 19:03:38,408 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey c�[K
(qemu)
2016-05-11 19:03:38,509 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey o�[K
(qemu)
2016-05-11 19:03:38,610 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey n�[K
(qemu)
2016-05-11 19:03:38,710 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey f�[K
(qemu)
2016-05-11 19:03:38,811 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey i�[K
(qemu)
2016-05-11 19:03:38,912 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey g�[K
(qemu)
2016-05-11 19:03:39,013 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sp�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey spc�[K
(qemu)
2016-05-11 19:03:39,114 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sla�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey slas�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey slash�[K
(qemu)
2016-05-11 19:03:39,215 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey r�[K
(qemu)
2016-05-11 19:03:39,316 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:39,417 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey n�[K
(qemu)
2016-05-11 19:03:39,518 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:39,618 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey w�[K
(qemu)
2016-05-11 19:03:39,719 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey r�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey re�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ret�[K
(qemu)
2016-05-11 19:03:40,821 INFO Copying file to desktop.
2016-05-11 19:03:40,821 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey c�[K
(qemu)
2016-05-11 19:03:40,922 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey o�[K
(qemu)
2016-05-11 19:03:41,023 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey p�[K
(qemu)
2016-05-11 19:03:41,124 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey y�[K
(qemu)
2016-05-11 19:03:41,225 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sp�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey spc�[K
(qemu)
2016-05-11 19:03:41,326 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-d�[K
(qemu)
2016-05-11 19:03:41,428 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-se�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-sem�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semic�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semico�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicol�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicolo�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicolon�[K
(qemu)
2016-05-11 19:03:41,529 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey b�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ba�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey bac�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey back�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backs�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsla�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslas�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslash�[K
(qemu)
2016-05-11 19:03:41,631 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-c�[K
(qemu)
2016-05-11 19:03:41,732 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-r�[K
(qemu)
2016-05-11 19:03:41,833 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey 0�[K
(qemu)
2016-05-11 19:03:41,934 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey 0�[K
(qemu)
2016-05-11 19:03:42,035 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-a�[K
(qemu)
2016-05-11 19:03:42,137 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-c�[K
(qemu)
2016-05-11 19:03:42,238 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-r�[K
(qemu)
2016-05-11 19:03:42,339 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey u�[K
(qemu)
2016-05-11 19:03:42,440 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K
(qemu)
2016-05-11 19:03:42,540 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey h�[K
(qemu)
2016-05-11 19:03:42,641 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey d�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey do�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey dot�[K
(qemu)
2016-05-11 19:03:42,742 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:42,843 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey x�[K
(qemu)
2016-05-11 19:03:42,944 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:43,045 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sp�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey spc�[K
(qemu)
2016-05-11 19:03:43,146 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-c�[K
(qemu)
2016-05-11 19:03:43,249 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-se�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-sem�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semic�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semico�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicol�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicolo�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-semicolon�[K
(qemu)
2016-05-11 19:03:43,350 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey b�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ba�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey bac�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey back�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backs�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsla�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslas�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslash�[K
(qemu)
2016-05-11 19:03:43,452 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-u�[K
(qemu)
2016-05-11 19:03:43,553 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K
(qemu)
2016-05-11 19:03:43,654 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:43,755 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey r�[K
(qemu)
2016-05-11 19:03:43,855 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K
(qemu)
2016-05-11 19:03:43,957 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey b�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ba�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey bac�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey back�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backs�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsla�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslas�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslash�[K
(qemu)
2016-05-11 19:03:44,058 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey q�[K
(qemu)
2016-05-11 19:03:44,159 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:44,259 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey m�[K
(qemu)
2016-05-11 19:03:44,360 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey u�[K
(qemu)
2016-05-11 19:03:44,462 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey b�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ba�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey bac�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey back�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backs�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backsla�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslas�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey backslash�[K
(qemu)
2016-05-11 19:03:44,563 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey sh�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shi�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shif�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey shift-d�[K
(qemu)
2016-05-11 19:03:44,664 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey e�[K
(qemu)
2016-05-11 19:03:44,765 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey s�[K
(qemu)
2016-05-11 19:03:44,865 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey k�[K
(qemu)
2016-05-11 19:03:44,966 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey t�[K
(qemu)
2016-05-11 19:03:45,067 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey o�[K
(qemu)
2016-05-11 19:03:45,168 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey p�[K
(qemu)
2016-05-11 19:03:45,269 INFO  s�[K�[Dse�[K�[D�[Dsen�[K�[D�[D�[Dsend�[K�[D�[D�[D�[Dsendk�[K�[D�[D�[D�[D�[Dsendke�[K�[D�[D�[D�[D�[D�[Dsendkey�[K�[D�[D�[D�[D�[D�[D�[Dsendkey �[K�[D�[D�[D�[D�[D�[D�[D�[Dsendkey r�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey re�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dsendkey ret�[K
(qemu)
2016-05-11 19:03:45,370 INFO Creating memory access socket: /tmp/tmpjxtIlw
2016-05-11 19:03:45,372 INFO  p�[K�[Dpm�[K�[D�[Dpme�[K�[D�[D�[Dpmem�[K�[D�[D�[D�[Dpmema�[K�[D�[D�[D�[D�[Dpmemac�[K�[D�[D�[D�[D�[D�[Dpmemacc�[K�[D�[D�[D�[D�[D�[D�[Dpmemacce�[K�[D�[D�[D�[D�[D�[D�[D�[Dpmemacces�[K�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess �[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /t�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tm�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/t�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tm�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmp�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpj�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpjx�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpjxt�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpjxtI�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpjxtIl�[K�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[D�[Dpmemaccess /tmp/tmpjxtIlw�[K
(qemu)
2016-05-11 19:03:45,374 DEBUG Voting round
2016-05-11 19:03:45,375 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:45,375 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:45,375 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:45,381 DEBUG Applying modification from BasicObjectClasses
2016-05-11 19:03:45,381 DEBUG Applying modification from BigPageTableMagic
2016-05-11 19:03:45,381 DEBUG Applying modification from ControlAreaModification
2016-05-11 19:03:45,382 DEBUG Applying modification from ELF32Modification
2016-05-11 19:03:45,382 DEBUG Applying modification from ELF64Modification
2016-05-11 19:03:45,382 DEBUG Applying modification from ELFModification
2016-05-11 19:03:45,382 DEBUG Applying modification from EditBoxObjectClasses
2016-05-11 19:03:45,382 DEBUG Applying modification from EditBoxVTypes
2016-05-11 19:03:45,382 DEBUG Applying modification from HPAKVTypes
2016-05-11 19:03:45,383 DEBUG Applying modification from HandleTableEntryPreWin8
2016-05-11 19:03:45,383 DEBUG Applying modification from IEHistoryVTypes
2016-05-11 19:03:45,383 DEBUG Applying modification from LimeTypes
2016-05-11 19:03:45,384 DEBUG Applying modification from MachoModification
2016-05-11 19:03:45,384 DEBUG Applying modification from MachoTypes
2016-05-11 19:03:45,384 DEBUG Applying modification from MbrObjectTypes
2016-05-11 19:03:45,384 DEBUG Applying modification from PoolTagModification
2016-05-11 19:03:45,384 DEBUG Applying modification from PoolTrackTagOverlay
2016-05-11 19:03:45,385 DEBUG Applying modification from SSLKeyModification
2016-05-11 19:03:45,385 DEBUG Applying modification from UnloadedDriverVTypes
2016-05-11 19:03:45,385 DEBUG Applying modification from VMwareVTypesModification
2016-05-11 19:03:45,385 DEBUG Applying modification from VirtualBoxModification
2016-05-11 19:03:45,386 DEBUG Applying modification from Vista2008Tcpip
2016-05-11 19:03:45,386 DEBUG Applying modification from Win32KGahtiVType
2016-05-11 19:03:45,387 DEBUG Applying modification from Win32Kx86VTypes
2016-05-11 19:03:45,387 DEBUG Applying modification from Win7SP01Syscalls
2016-05-11 19:03:45,388 DEBUG Applying modification from Win7SP1x86GuiVTypes
2016-05-11 19:03:45,389 DEBUG Applying modification from Win7Vista2008x86Timers
2016-05-11 19:03:45,390 DEBUG Applying modification from WinSyscallsAttribute
2016-05-11 19:03:45,391 DEBUG Applying modification from Win7GuiOverlay
2016-05-11 19:03:45,393 DEBUG Applying modification from Win7Tcpip
2016-05-11 19:03:45,393 DEBUG Applying modification from WindowsVTypes
2016-05-11 19:03:45,394 DEBUG Applying modification from AtomTablex86Overlay
2016-05-11 19:03:45,395 DEBUG Applying modification from HiberWin7SP01x86
2016-05-11 19:03:45,395 DEBUG Applying modification from ObjectTypeKeyModification
2016-05-11 19:03:45,396 DEBUG Applying modification from PoolTrackTypeOverlay
2016-05-11 19:03:45,396 DEBUG Applying modification from ProcessAuditVTypes
2016-05-11 19:03:45,397 DEBUG Applying modification from WindowsOverlay
2016-05-11 19:03:45,404 DEBUG Applying modification from CallbackMods
2016-05-11 19:03:45,404 DEBUG Applying modification from EThreadCreateTime
2016-05-11 19:03:45,406 DEBUG Applying modification from MalwarePspCid
2016-05-11 19:03:45,407 DEBUG Applying modification from MalwareWSPVTypes
2016-05-11 19:03:45,408 DEBUG Applying modification from TimerVTypes
2016-05-11 19:03:45,408 DEBUG Applying modification from UserAssistVTypes
2016-05-11 19:03:45,408 DEBUG Applying modification from VadFlagsModification
2016-05-11 19:03:45,408 DEBUG Applying modification from VadTagModification
2016-05-11 19:03:45,409 DEBUG Applying modification from VistaPolicyKey
2016-05-11 19:03:45,411 DEBUG Applying modification from VistaVad
2016-05-11 19:03:45,411 DEBUG Applying modification from VistaWin7KPCR
2016-05-11 19:03:45,412 DEBUG Applying modification from Win7LdrDataTableEntry
2016-05-11 19:03:45,412 DEBUG Applying modification from Win7Pointer64
2016-05-11 19:03:45,413 DEBUG Applying modification from Win7SP1CMHIVE
2016-05-11 19:03:45,414 DEBUG Applying modification from Win7x86DTB
2016-05-11 19:03:45,414 DEBUG Applying modification from Win7x86Hiber
2016-05-11 19:03:45,415 DEBUG Applying modification from WinAllTime
2016-05-11 19:03:45,417 DEBUG Applying modification from WinPEObjectClasses
2016-05-11 19:03:45,417 DEBUG Applying modification from WinPEVTypes
2016-05-11 19:03:45,417 DEBUG Applying modification from WindowsObjectClasses
2016-05-11 19:03:45,417 DEBUG Applying modification from AudipolWin7
2016-05-11 19:03:45,418 DEBUG Applying modification from CmdHistoryObjectClasses
2016-05-11 19:03:45,418 DEBUG Applying modification from CmdHistoryVTypesWin7x86
2016-05-11 19:03:45,418 DEBUG Applying modification from CrashInfoModification
2016-05-11 19:03:45,419 DEBUG Applying modification from DumpFilesVTypesx86
2016-05-11 19:03:45,420 DEBUG Applying modification from HeapModification
2016-05-11 19:03:45,421 DEBUG Applying modification from KDBGObjectClass
2016-05-11 19:03:45,422 DEBUG Applying modification from KPCRProfileModification
2016-05-11 19:03:45,425 DEBUG Applying modification from MFTTYPES
2016-05-11 19:03:45,425 DEBUG Applying modification from MalwareDrivers
2016-05-11 19:03:45,425 DEBUG Applying modification from MalwareIDTGDTx86
2016-05-11 19:03:45,426 DEBUG Applying modification from MalwareKthread
2016-05-11 19:03:45,429 DEBUG Applying modification from NetscanObjectClasses
2016-05-11 19:03:45,429 DEBUG Applying modification from ServiceBase
2016-05-11 19:03:45,430 DEBUG Applying modification from ShellBagsTypesWin7
2016-05-11 19:03:45,431 DEBUG Applying modification from ShimCacheTypesWin7x86
2016-05-11 19:03:45,431 DEBUG Applying modification from UserAssistWin7VTypes
2016-05-11 19:03:45,431 DEBUG Applying modification from VistaObjectClasses
2016-05-11 19:03:45,432 DEBUG Applying modification from Win32KCoreClasses
2016-05-11 19:03:45,432 DEBUG Applying modification from Win7KDBG
2016-05-11 19:03:45,432 DEBUG Applying modification from Win7ObjectClasses
2016-05-11 19:03:45,433 DEBUG Applying modification from ServiceVista
2016-05-11 19:03:45,434 DEBUG Applying modification from ServiceVistax86
2016-05-11 19:03:45,435 DEBUG Applying modification from Win7Win32KCoreClasses
2016-05-11 19:03:45,480 DEBUG Succeeded instantiating <volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace object at 0x7f170fbcead0>
2016-05-11 19:03:45,480 DEBUG Voting round
2016-05-11 19:03:45,480 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:45,480 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:45,480 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:45,480 DEBUG Trying <class 'volatility.plugins.addrspaces.hibernate.WindowsHiberFileSpace32'> 
2016-05-11 19:03:46,044 DEBUG Trying <class 'volatility.plugins.addrspaces.crashbmp.WindowsCrashDumpSpace64BitMap'> 
2016-05-11 19:03:46,044 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace64'> 
2016-05-11 19:03:46,044 DEBUG Trying <class 'volatility.plugins.addrspaces.hpak.HPAKAddressSpace'> 
2016-05-11 19:03:46,044 DEBUG Trying <class 'volatility.plugins.addrspaces.vmem.VMWareMetaAddressSpace'> 
2016-05-11 19:03:46,045 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.VirtualBoxCoreDumpElf64'> 
2016-05-11 19:03:46,045 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.QemuCoreDumpElf'> 
2016-05-11 19:03:46,045 DEBUG Trying <class 'volatility.plugins.addrspaces.vmware.VMWareAddressSpace'> 
2016-05-11 19:03:46,046 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace32'> 
2016-05-11 19:03:46,046 DEBUG Trying <class 'volatility.plugins.addrspaces.amd64.AMD64PagedMemory'> 
2016-05-11 19:03:46,046 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemoryPae'> 
2016-05-11 19:03:46,048 DEBUG Succeeded instantiating <volatility.plugins.addrspaces.intel.IA32PagedMemoryPae object at 0x7f170edffc90>
2016-05-11 19:03:46,048 DEBUG Voting round
2016-05-11 19:03:46,049 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:46,049 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:46,049 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:46,050 DEBUG Trying <class 'volatility.plugins.addrspaces.hibernate.WindowsHiberFileSpace32'> 
2016-05-11 19:03:46,051 DEBUG Trying <class 'volatility.plugins.addrspaces.crashbmp.WindowsCrashDumpSpace64BitMap'> 
2016-05-11 19:03:46,052 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace64'> 
2016-05-11 19:03:46,052 DEBUG Trying <class 'volatility.plugins.addrspaces.hpak.HPAKAddressSpace'> 
2016-05-11 19:03:46,052 DEBUG Trying <class 'volatility.plugins.addrspaces.vmem.VMWareMetaAddressSpace'> 
2016-05-11 19:03:46,052 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.VirtualBoxCoreDumpElf64'> 
2016-05-11 19:03:46,053 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.QemuCoreDumpElf'> 
2016-05-11 19:03:46,053 DEBUG Trying <class 'volatility.plugins.addrspaces.vmware.VMWareAddressSpace'> 
2016-05-11 19:03:46,054 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace32'> 
2016-05-11 19:03:46,054 DEBUG Trying <class 'volatility.plugins.addrspaces.amd64.AMD64PagedMemory'> 
2016-05-11 19:03:46,055 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemoryPae'> 
2016-05-11 19:03:46,055 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemory'> 
2016-05-11 19:03:46,055 DEBUG Trying <class 'volatility.plugins.addrspaces.osxpmemelf.OSXPmemELF'> 
2016-05-11 19:03:46,056 DEBUG Trying <class 'volatility.plugins.addrspaces.standard.FileAddressSpace'> 
2016-05-11 19:03:46,056 DEBUG Trying <class 'volatility.plugins.addrspaces.arm.ArmAddressSpace'> 
2016-05-11 19:03:50,877 DEBUG Voting round
2016-05-11 19:03:50,878 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:50,878 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:50,878 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:50,879 DEBUG Succeeded instantiating <volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace object at 0x7f170fbcea50>
2016-05-11 19:03:50,879 DEBUG Voting round
2016-05-11 19:03:50,879 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:50,879 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:50,879 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:50,879 DEBUG Trying <class 'volatility.plugins.addrspaces.hibernate.WindowsHiberFileSpace32'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.crashbmp.WindowsCrashDumpSpace64BitMap'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace64'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.hpak.HPAKAddressSpace'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.vmem.VMWareMetaAddressSpace'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.VirtualBoxCoreDumpElf64'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.QemuCoreDumpElf'> 
2016-05-11 19:03:50,880 DEBUG Trying <class 'volatility.plugins.addrspaces.vmware.VMWareAddressSpace'> 
2016-05-11 19:03:50,881 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace32'> 
2016-05-11 19:03:50,881 DEBUG Trying <class 'volatility.plugins.addrspaces.amd64.AMD64PagedMemory'> 
2016-05-11 19:03:50,881 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemoryPae'> 
2016-05-11 19:03:50,881 DEBUG Succeeded instantiating <volatility.plugins.addrspaces.intel.IA32PagedMemoryPae object at 0x7f170fbce8d0>
2016-05-11 19:03:50,881 DEBUG Voting round
2016-05-11 19:03:50,882 DEBUG Trying <class 'volatility.plugins.addrspaces.macho.MachOAddressSpace'> 
2016-05-11 19:03:50,882 DEBUG Trying <class 'volatility.plugins.addrspaces.lime.LimeAddressSpace'> 
2016-05-11 19:03:50,882 DEBUG Trying <class 'volatility.plugins.addrspaces.pmemaddressspace.PMemAddressSpace'> 
2016-05-11 19:03:50,882 DEBUG Trying <class 'volatility.plugins.addrspaces.hibernate.WindowsHiberFileSpace32'> 
2016-05-11 19:03:50,883 DEBUG Trying <class 'volatility.plugins.addrspaces.crashbmp.WindowsCrashDumpSpace64BitMap'> 
2016-05-11 19:03:50,883 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace64'> 
2016-05-11 19:03:50,884 DEBUG Trying <class 'volatility.plugins.addrspaces.hpak.HPAKAddressSpace'> 
2016-05-11 19:03:50,884 DEBUG Trying <class 'volatility.plugins.addrspaces.vmem.VMWareMetaAddressSpace'> 
2016-05-11 19:03:50,884 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.VirtualBoxCoreDumpElf64'> 
2016-05-11 19:03:50,884 DEBUG Trying <class 'volatility.plugins.addrspaces.elfcoredump.QemuCoreDumpElf'> 
2016-05-11 19:03:50,884 DEBUG Trying <class 'volatility.plugins.addrspaces.vmware.VMWareAddressSpace'> 
2016-05-11 19:03:50,885 DEBUG Trying <class 'volatility.plugins.addrspaces.crash.WindowsCrashDumpSpace32'> 
2016-05-11 19:03:50,885 DEBUG Trying <class 'volatility.plugins.addrspaces.amd64.AMD64PagedMemory'> 
2016-05-11 19:03:50,885 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemoryPae'> 
2016-05-11 19:03:50,885 DEBUG Trying <class 'volatility.plugins.addrspaces.intel.IA32PagedMemory'> 
2016-05-11 19:03:50,885 DEBUG Trying <class 'volatility.plugins.addrspaces.osxpmemelf.OSXPmemELF'> 
2016-05-11 19:03:50,886 DEBUG Trying <class 'volatility.plugins.addrspaces.standard.FileAddressSpace'> 
2016-05-11 19:03:50,886 DEBUG Trying <class 'volatility.plugins.addrspaces.arm.ArmAddressSpace'> 
2016-05-11 19:03:56,878 INFO Moving sample into 'finished' queue.

Question about the argument: “-record-from bootsys:/home/brendan/malrec/logs/rr/${run_id}”

In the runmal.py:
panda_args = [panda_exe,
'-m', conf.get('VM', 'mem'),
'-monitor', 'telnet:localhost:{0},server,nowait'.format(monitor_port),
'-drive', 'file={0},cache=unsafe'.format(new_qcow),
'-record-from', 'bootsys:{0}'.format(rr_logname),
'-net', 'nic,model=e1000',
'-net', 'dump,file={0}'.format(pcap_name),
'-net', 'user',
'-vnc', '127.0.0.1:{0}'.format(instance),
]
I don't understand the argument "-record-from bootsys:/home/brendan/malrec/logs/rr/${run_id}" in the command /home/brendan/git/panda/qemu/x86_64-softmmu/qemu-system-x86_64 and I get the error in d766b5e0-fc7d-4e75-9048-dc76d26729a3.stdout like this:
loading snapshot: bootsys
Error loading snapshot! Failed to begin recording. Code: -2

Then I remove this argument and add these code in runmal.py:
logging.info('Beginrecord.') mon_cmd('begin_record {0}\n'.format(rr_logname),mon)

Also in the VM of win7.base.qcow2, I set the cmd.exe automaticly executes with system starting up.

Then I have another question: before the VM of win7.base.qcow2 starts up completely and cmd.exe executes, these commands such as "change ide1-cd0 {0}", "ipconfig /renew", "copy D:{0} C:\Users\qemu\Desktop" are invalid. I am confused about this. Should I add code like time.sleep() to wait the system starts up completely? Hope for your help!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.