tklengyel
commented
2 years ago It's the value from g_get_real_time when the event was received from Xen and the processing started.
Open mohitbhatt-du opened 2 years ago
tklengyel
commented
2 years ago It's the value from g_get_real_time when the event was received from Xen and the processing started.
mohitbhatt-du
commented
2 years ago TIME:1641454692.405028 This figure seems to represent the total time of execution of a particular event , processed at xen ( if so, what is the unit?)
We wonder if it is the current system time by looking at the figure . Kindly clarify this time feature?
[FILETRACER] TIME:1641454692.405028 VCPU:0 CR3:0x877F2000 "\Device\HarddiskVolume2\Users\John\Downloads\malware-samples-master\malware-samples-master\Ransomware\Wannacry\Wannacry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin\wannacry.exe":NtQueryAttributesFile SessionID:1 PID:3296 PPID:1860 FileName:"\??\C:\Users\John\Downloads\malware-samples-master\malware-samples-master\Ransomware\Wannacry\Wannacry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin\taskdl.exe" FileHandle:0x0 ObjectAttributes:"OBJ_CASE_INSENSITIVE" SecurityDescriptor:
Please provide the description and unit of the feature "TIME" in filetracer plugin ?