This is a forensic data point that VSE does not keep track of, except to log for you when the detection occurred, where the file was located, which process touched the infected file (doesn't say if it was Writing it or Reading it but that can often be inferred), and the account the process was running as (be it the logged on user or System account, etc).
I've seen the request made before that we at least capture whether it was a Read or Write operation, since that'll potentially halve the effort for determining original timestamp on the file.
Tracking that type of contextual information in real-time, or logging it all, may be hard to do without killing performance and/or bloating memory usage; and trying to obtain the info "after the fact" when detection has occurred... seems plausible assuming we have a buffer or recent history in memory from which to draw from. I think it's a great PER to submit.
Some systems are so active though, it'll be a challenging request to satisfy without a noticeable cost.