KeyError in get_variant_value
atcuno opened this issue · 0 comments
atcuno commented
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information:
Traceback (most recent call last):
File "/usr/local/bin/evtx_dump.py", line 4, in <module>
__import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 42, in <module>
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 37, in main
File "build/bdist.linux-x86_64/egg/Evtx/Evtx.py", line 498, in xml
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 204, in evtx_record_xml_view
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 191, in render_root_node
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 176, in render_root_node_with_subs
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 126, in rec
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 166, in rec
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 182, in render_root_node
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 1001, in substitutions
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 962, in tag_and_children_length
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 952, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 162, in _children
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 808, in find_end_of_stream
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 183, in find_end_of_stream
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 168, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 159, in _children
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 177, in length
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 334, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 159, in _children
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 177, in length
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 334, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 159, in _children
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 177, in length
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 506, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 468, in get_variant_value
KeyError: 108