drakvuf icon indicating copy to clipboard operation
drakvuf copied to clipboard

Published 20 hours ago verified publisher icon tklengyel

enquiry related filetracer log

Open mohitbhatt-du opened this issue 2 years ago • 2 comments

[FILETRACER] TIME:1641454692.405028 VCPU:0 CR3:0x877F2000 "\Device\HarddiskVolume2\Users\John\Downloads\malware-samples-master\malware-samples-master\Ransomware\Wannacry\Wannacry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin\wannacry.exe":NtQueryAttributesFile SessionID:1 PID:3296 PPID:1860 FileName:"??\C:\Users\John\Downloads\malware-samples-master\malware-samples-master\Ransomware\Wannacry\Wannacry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin\taskdl.exe" FileHandle:0x0 ObjectAttributes:"OBJ_CASE_INSENSITIVE" SecurityDescriptor:

Please provide the description and unit of the feature "TIME" in filetracer plugin ?

mohitbhatt-du avatar Apr 06 '22 12:04 mohitbhatt-du

It's the value from g_get_real_time when the event was received from Xen and the processing started.

tklengyel avatar Apr 06 '22 14:04 tklengyel

TIME:1641454692.405028 This figure seems to represent the total time of execution of a particular event , processed at xen ( if so, what is the unit?)

We wonder if it is the current system time by looking at the figure . Kindly clarify this time feature?

mohitbhatt-du avatar Apr 13 '22 10:04 mohitbhatt-du