| 0 |
4 |
Size |
Size of the VBN Metadata section, 0x3b04 |
| 4 |
4096 |
Description |
FQP of Quarantine File |
| 4100 |
1112 |
Log Line |
Information on event. |
| 5212 |
4 |
Data Type |
Value which can describe the subsequent data. (0x1 = No dates, 0x2 = Dates) |
| 5216 |
4 |
Record ID |
VBin ID/VBN Name |
| 5220 |
40 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 5260 |
4 |
Quarantine Data Size |
Size of Quarantined Data (bytes) |
| 5264 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 5268 |
4 |
Date Modified |
Indicates a time of last modification of content. (Unix: 32 bit Hex) |
| 5272 |
4 |
Date Created |
Indicates a time of creation of object on the file system. (Unix: 32 bit Hex) |
| 5276 |
4 |
Date Accessed |
Indicates a time of last access of an object. (Unix: 32 bit Hex) |
| 5280 |
4 |
VBin Time |
Time file was quarantined. (Unix: 32 bit Hex) |
| 5284 |
4 |
Data Type |
Value which can describe the subsequent data. (0x0 = No storage info, 0x2 = Storage info |
| 5288 |
444 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 5732 |
48 |
Storage Name |
Appears to always be FileSystem |
| 5780 |
4 |
Storage Instance ID |
Will require further investigation as to the purpose of this entry. |
| 5784 |
4096 |
Storage Key |
Will require further investigation as to the purpose of this entry. |
| 9880 |
4 |
Data Type |
Value which can describe the subsequent data. |
| 9884 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 9888 |
44 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 9932 |
4 |
Data Type |
Value which can describe the subsequent data. |
| 9936 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 9940 |
4 |
Quarantine Data Size |
Size of Quarantined Data (bytes) |
| 9948 |
4 |
Date Modified |
Indicates a time of last modification of content. (Unix: 32 bit Hex) |
| 9952 |
4 |
Date Created |
Indicates a time of creation of object on the file system. (Unix: 32 bit Hex) |
| 9956 |
4 |
Date Accessed |
Indicates a time of last access of an object. (Unix: 32 bit Hex) |
| 9960 |
4 |
VBin Time |
Time data was quarantined. (Unix: 32 bit Hex) |
| 9964 |
8 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 9972 |
16 |
Unique ID |
Unique GUID |
| 9988 |
4096 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14084 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14088 |
4 |
Record Type |
0x0 = Hybrid, 0x1 = Meta, 0x2 = Quarantine |
| 14092 |
4 |
Quarantine Session ID |
Name of subfolder where VBN is stored |
| 14096 |
4 |
Remediation Type |
Type of remediation
0 None
2000 Registry
2001 File
2002 Process
2003 Batch File
2004 INI File
2005 Service
2006 Infected File
2007 COM Object
2008 Host File Entry
2009 Directory
2010 Layered Service Provider
2011 Internet Browser Cache |
| 14100 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14104 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14108 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14112 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14116 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14120 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14124 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
| 14128 |
768 |
Wide Description |
FQP of Quarantine File (Unicode) |
| 14896 |
212 |
Unknown |
Will require further investigation as to the purpose of this entry. |
