We implemented a patch and sent to the Qemu-devel mailing list, from where it was applied to the upstream version of Qemu NET technology gerridaeTo emulate a target system every instruction that the target wants to execute has to be translated into host code and then be executed By checking the program against these rules a program can be reported as malicious if it violates the policy g is the main structure for an object table, it has a pointer to the EPROCESS that owns it as well as the UniqueProcessId of this process plasmatronAt this point the return callback is invoked that then checks the results of the system service and the data that was written We implemented methods that allow us to inspect the tainted areas in memory and list the contents of these areas system service is invoked the parameters are evaluated plasmatrons address bar, or network packets received by a specific application