Anton
March 29, 2023, 1:50pm
1
Hi Team.
I have being always using straightforward reading from reg.
"value “X” of key “XX” of native registry as string.
But at this time a got a REG_BINARY.
d5 0e 7e 74 32 e7 d5 01
It supposed to represent a date.
How correctly transform this date into readable format?
Best regards,
Anton
Can you share which key it is? Since it’s pure binary we may have to check how it’s encoded originally, there are several different ways an application may store binary data
1 Like
For example it could be similar to how Microsoft stores the SignaturesLastUpdated for Windows Defender definitions, which I decode in the tip at Tip: Registry Byte String to Date - Windows Defender SignaturesLastUpdated
…or this application may encode it differently
1 Like
Anton
March 29, 2023, 2:06pm
4
Hi Jason.
This is value “SignaturesLastUpdated” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates”