0 |
4 |
Size |
Size of the VBN Metadata section, 0x3b04 |
4 |
4096 |
Description |
FQP of Quarantine File |
4100 |
1112 |
Log Line |
Information on event. |
5212 |
4 |
Data Type |
Value which can describe the subsequent data. (0x1 = No dates, 0x2 = Dates) |
5216 |
4 |
Record ID |
VBin ID/VBN Name |
5220 |
40 |
Unknown |
Will require further investigation as to the purpose of this entry. |
5260 |
4 |
Quarantine Data Size |
Size of Quarantined Data (bytes) |
5264 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
5268 |
4 |
Date Modified |
Indicates a time of last modification of content. (Unix: 32 bit Hex) |
5272 |
4 |
Date Created |
Indicates a time of creation of object on the file system. (Unix: 32 bit Hex) |
5276 |
4 |
Date Accessed |
Indicates a time of last access of an object. (Unix: 32 bit Hex) |
5280 |
4 |
VBin Time |
Time file was quarantined. (Unix: 32 bit Hex) |
5284 |
4 |
Data Type |
Value which can describe the subsequent data. (0x0 = No storage info, 0x2 = Storage info |
5288 |
444 |
Unknown |
Will require further investigation as to the purpose of this entry. |
5732 |
48 |
Storage Name |
Appears to always be FileSystem |
5780 |
4 |
Storage Instance ID |
Will require further investigation as to the purpose of this entry. |
5784 |
4096 |
Storage Key |
Will require further investigation as to the purpose of this entry. |
9880 |
4 |
Data Type |
Value which can describe the subsequent data. |
9884 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
9888 |
44 |
Unknown |
Will require further investigation as to the purpose of this entry. |
9932 |
4 |
Data Type |
Value which can describe the subsequent data. |
9836 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
9940 |
4 |
Quarantine Data Size |
Size of Quarantined Data (bytes) |
9844 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
9948 |
4 |
Date Modified |
Indicates a time of last modification of content. (Unix: 32 bit Hex) |
9952 |
4 |
Date Created |
Indicates a time of creation of object on the file system. (Unix: 32 bit Hex) |
9956 |
4 |
Date Accessed |
Indicates a time of last access of an object. (Unix: 32 bit Hex) |
9660 |
4 |
VBin Time |
Time data was quarantined. (Unix: 32 bit Hex) |
9964 |
8 |
Unknown |
Will require further investigation as to the purpose of this entry. |
9972 |
16 |
Unique ID |
Unique GUID |
9988 |
4096 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14084 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14088 |
4 |
Record Type |
0x0 = Hybrid, 0x1 = Meta, 0x2 = Quarantine |
14092 |
4 |
Quarantine Session ID |
Name of subfolder where VBN is stored |
14096 |
4 |
Remediation Type |
Type of remediation
0 None 2000 Registry 2001 File 2002 Process 2003 Batch File 2004 INI File 2005 Service 2006 Infected File 2007 COM Object 2008 Host File Entry 2009 Directory 2010 Layered Service Provider 2011 Internet Browser Cache |
14100 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14104 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14108 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14112 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14116 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14120 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14124 |
4 |
Unknown |
Will require further investigation as to the purpose of this entry. |
14128 |
768 |
Wide Description |
FQP of Quarantine File (Unicode) |
14896 |
212 |
Unknown |
Will require further investigation as to the purpose of this entry. |