value of ProcessStart entry in malware database (Network Steve Forum)

value of ProcessStart entry in malware database

Hi everybody.

I have recentlyt had som malware on a computer. I have found the entry in the table dbo.EP_Malware. What i am trying to find out is when a specific process was startet. In the table i have a entry that says the following: ProcessStart:130755633889116176 . I am trying to convert it to some kind of date and time, but with no luck.

Do you have any suggestions?

Thanks!

May 13th, 2015 6:19am

I'm not sure how to answer this specific question (or if that number is indeed a timestamp), however, I wanted to mention Sysmon, a free tool from Sysinternals. With Sysmon in place, you would be able to find the information you're seeking in the computer's event log. Again, I know it doesn't answer your present question, but you may want to consider putting this in place for such future events. Check it out:

https://technet.microsoft.com/en-us/sysinternals/dn798348

Free Windows Admin Tool Kit Click here and download it now

May 13th, 2015 9:59am

Hi Kevin.

Thanks for your answer!I know about sysmon but i this case i am trying to get as much data out of the FEP malware database so that i can use it to trigger alarms with valuable info.

The entry looks like this: and is listed under filepath:

Please let me know if you get any good ideas:)

Thanks!

Edited by miagi2100 2 hours 3 minutes ago

May 14th, 2015 3:51am

Hi Kevin.

Thanks for your answer!I know about sysmon but i this case i am trying to get as much data out of the FEP malware database so that i can use it to trigger alarms with valuable info.

The entry looks like this: and is listed under filepath:

Please let me know if you get any good ideas:)

Thanks!

Edited by miagi2100 Friday, May 15, 2015 5:20 AM

Free Windows Admin Tool Kit Click here and download it now

May 14th, 2015 7:48am

Hi Kevin.

Thanks for your answer!I know about sysmon but i this case i am trying to get as much data out of the FEP malware database so that i can use it to trigger alarms with valuable info.

The entry looks like this: and is listed under filepath:

Please let me know if you get any good ideas:)

Thanks!

Edited by miagi2100 Friday, May 15, 2015 5:20 AM

May 14th, 2015 7:48am

Hi Kevin.

Thanks for your answer!I know about sysmon but i this case i am trying to get as much data out of the FEP malware database so that i can use it to trigger alarms with valuable info.

The entry looks like this: and is listed under filepath:

Please let me know if you get any good ideas:)

Thanks!

Edited by miagi2100 Friday, May 15, 2015 5:20 AM

Free Windows Admin Tool Kit Click here and download it now

May 14th, 2015 7:48am

Hi Kevin.

Thanks for your answer!I know about sysmon but i this case i am trying to get as much data out of the FEP malware database so that i can use it to trigger alarms with valuable info.

The entry looks like this: and is listed under filepath:

Please let me know if you get any good ideas:)

Thanks!

Edited by miagi2100 Friday, May 15, 2015 5:20 AM

May 14th, 2015 7:48am

I found the answer. The number is a ldap time stamp and can be easily convertet with som math:)

Thanks anyway for your reply.

Kind regards

Marked as answer by miagi2100 20 hours 18 minutes ago

Free Windows Admin Tool Kit Click here and download it now

May 22nd, 2015 7:08am

I found the answer. The number is a ldap time stamp and can be easily convertet with som math:)

Thanks anyway for your reply.

Kind regards

Marked as answer by miagi2100 Friday, May 22, 2015 11:07 AM

May 22nd, 2015 11:07am

I found the answer. The number is a ldap time stamp and can be easily convertet with som math:)

Thanks anyway for your reply.

Kind regards

Marked as answer by miagi2100 Friday, May 22, 2015 11:07 AM

Free Windows Admin Tool Kit Click here and download it now

May 22nd, 2015 11:07am

This topic is archived. No further replies will be accepted.