I am trying to get some data from the Windows Registery using Windows Powershell (5.0+), specifically data of Microsoft Security Essentials.
I managed to decode almost all of it and convert it to a human readable output. However, Microsoft stores timestamps as a reg_binary type.
Sample key:
Can anyone please help me to figure out how to get an understandable value out of this?
$data = Get-ItemProperty "HKLM:\Software\Microsoft\Microsoft Antimalware\Scan" | Select-Object -ExpandProperty LastScanRun
$time = [DateTime]::FromFileTime( (((((($data[7]*256 + $data[6])*256 + $data[5])*256 + $data[4])*256 + $data[3])*256 + $data[2])*256 + $data[1])*256 + $data[0])
Get-Date $time -Format "mm/dd/yyyy"
source: "To convert Reg_binary to Date"