API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 8th, 2018
323
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.69 KB | None | 0 0
raw download clone embed print report
  1. Log Name: Security
  2. Source: Microsoft-Windows-Security-Auditing
  3. Date: 4/8/2018 11:03:28 AM
  4. Event ID: 5038
  5. Task Category: System Integrity
  6. Level: Information
  7. Keywords: Audit Failure
  8. User: N/A
  9. Computer: ForensicVDI-22.champlain.edu
  10. Description:
  11. Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
  12.  
  13. File Name: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys
  14. Event Xml:
  15. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  16. <System>
  17. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  18. <EventID>5038</EventID>
  19. <Version>0</Version>
  20. <Level>0</Level>
  21. <Task>12290</Task>
  22. <Opcode>0</Opcode>
  23. <Keywords>0x8010000000000000</Keywords>
  24. <TimeCreated SystemTime="2018-04-08T18:03:28.816306100Z" />
  25. <EventRecordID>57092</EventRecordID>
  26. <Correlation />
  27. <Execution ProcessID="4" ThreadID="460" />
  28. <Channel>Security</Channel>
  29. <Computer>ForensicVDI-22.champlain.edu</Computer>
  30. <Security />
  31. </System>
  32. <EventData>
  33. <Data Name="param1">\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys</Data>
  34. </EventData>
  35. </Event>
  36.  
  37. Log Name: Security
  38. Source: Microsoft-Windows-Security-Auditing
  39. Date: 4/8/2018 11:03:28 AM
  40. Event ID: 5038
  41. Task Category: System Integrity
  42. Level: Information
  43. Keywords: Audit Failure
  44. User: N/A
  45. Computer: ForensicVDI-22.champlain.edu
  46. Description:
  47. Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
  48.  
  49. File Name: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys
  50. Event Xml:
  51. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  52. <System>
  53. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  54. <EventID>5038</EventID>
  55. <Version>0</Version>
  56. <Level>0</Level>
  57. <Task>12290</Task>
  58. <Opcode>0</Opcode>
  59. <Keywords>0x8010000000000000</Keywords>
  60. <TimeCreated SystemTime="2018-04-08T18:03:28.818058400Z" />
  61. <EventRecordID>57093</EventRecordID>
  62. <Correlation />
  63. <Execution ProcessID="4" ThreadID="460" />
  64. <Channel>Security</Channel>
  65. <Computer>ForensicVDI-22.champlain.edu</Computer>
  66. <Security />
  67. </System>
  68. <EventData>
  69. <Data Name="param1">\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys</Data>
  70. </EventData>
  71. </Event>
  72.  
  73. Log Name: Security
  74. Source: Microsoft-Windows-Security-Auditing
  75. Date: 4/8/2018 4:20:47 PM
  76. Event ID: 5061
  77. Task Category: System Integrity
  78. Level: Information
  79. Keywords: Audit Failure
  80. User: N/A
  81. Computer: ForensicVDI-22.champlain.edu
  82. Description:
  83. Cryptographic operation.
  84.  
  85. Subject:
  86. Security ID: LOCAL SERVICE
  87. Account Name: LOCAL SERVICE
  88. Account Domain: NT AUTHORITY
  89. Logon ID: 0x3E5
  90.  
  91. Cryptographic Parameters:
  92. Provider Name: Microsoft Software Key Storage Provider
  93. Algorithm Name: UNKNOWN
  94. Key Name: neal.kim@champlain.edu
  95. Key Type: User key.
  96.  
  97. Cryptographic Operation:
  98. Operation: Open Key.
  99. Return Code: 0x80090016
  100. Event Xml:
  101. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  102. <System>
  103. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  104. <EventID>5061</EventID>
  105. <Version>0</Version>
  106. <Level>0</Level>
  107. <Task>12290</Task>
  108. <Opcode>0</Opcode>
  109. <Keywords>0x8010000000000000</Keywords>
  110. <TimeCreated SystemTime="2018-04-08T23:20:47.663081000Z" />
  111. <EventRecordID>57370</EventRecordID>
  112. <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
  113. <Execution ProcessID="704" ThreadID="136" />
  114. <Channel>Security</Channel>
  115. <Computer>ForensicVDI-22.champlain.edu</Computer>
  116. <Security />
  117. </System>
  118. <EventData>
  119. <Data Name="SubjectUserSid">S-1-5-19</Data>
  120. <Data Name="SubjectUserName">LOCAL SERVICE</Data>
  121. <Data Name="SubjectDomainName">NT AUTHORITY</Data>
  122. <Data Name="SubjectLogonId">0x3e5</Data>
  123. <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
  124. <Data Name="AlgorithmName">UNKNOWN</Data>
  125. <Data Name="KeyName">neal.kim@champlain.edu</Data>
  126. <Data Name="KeyType">%%2500</Data>
  127. <Data Name="Operation">%%2480</Data>
  128. <Data Name="ReturnCode">0x80090016</Data>
  129. </EventData>
  130. </Event>
  131.  
  132. Log Name: Security
  133. Source: Microsoft-Windows-Security-Auditing
  134. Date: 4/8/2018 4:20:47 PM
  135. Event ID: 5061
  136. Task Category: System Integrity
  137. Level: Information
  138. Keywords: Audit Failure
  139. User: N/A
  140. Computer: ForensicVDI-22.champlain.edu
  141. Description:
  142. Cryptographic operation.
  143.  
  144. Subject:
  145. Security ID: LOCAL SERVICE
  146. Account Name: LOCAL SERVICE
  147. Account Domain: NT AUTHORITY
  148. Logon ID: 0x3E5
  149.  
  150. Cryptographic Parameters:
  151. Provider Name: Microsoft Software Key Storage Provider
  152. Algorithm Name: UNKNOWN
  153. Key Name: neal.kim@champlain.edu
  154. Key Type: User key.
  155.  
  156. Cryptographic Operation:
  157. Operation: Open Key.
  158. Return Code: 0x80090016
  159. Event Xml:
  160. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  161. <System>
  162. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  163. <EventID>5061</EventID>
  164. <Version>0</Version>
  165. <Level>0</Level>
  166. <Task>12290</Task>
  167. <Opcode>0</Opcode>
  168. <Keywords>0x8010000000000000</Keywords>
  169. <TimeCreated SystemTime="2018-04-08T23:20:47.664110500Z" />
  170. <EventRecordID>57371</EventRecordID>
  171. <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
  172. <Execution ProcessID="704" ThreadID="136" />
  173. <Channel>Security</Channel>
  174. <Computer>ForensicVDI-22.champlain.edu</Computer>
  175. <Security />
  176. </System>
  177. <EventData>
  178. <Data Name="SubjectUserSid">S-1-5-19</Data>
  179. <Data Name="SubjectUserName">LOCAL SERVICE</Data>
  180. <Data Name="SubjectDomainName">NT AUTHORITY</Data>
  181. <Data Name="SubjectLogonId">0x3e5</Data>
  182. <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
  183. <Data Name="AlgorithmName">UNKNOWN</Data>
  184. <Data Name="KeyName">neal.kim@champlain.edu</Data>
  185. <Data Name="KeyType">%%2500</Data>
  186. <Data Name="Operation">%%2480</Data>
  187. <Data Name="ReturnCode">0x80090016</Data>
  188. </EventData>
  189. </Event>
  190.  
  191. Log Name: Security
  192. Source: Microsoft-Windows-Security-Auditing
  193. Date: 4/8/2018 4:20:47 PM
  194. Event ID: 5061
  195. Task Category: System Integrity
  196. Level: Information
  197. Keywords: Audit Failure
  198. User: N/A
  199. Computer: ForensicVDI-22.champlain.edu
  200. Description:
  201. Cryptographic operation.
  202.  
  203. Subject:
  204. Security ID: LOCAL SERVICE
  205. Account Name: LOCAL SERVICE
  206. Account Domain: NT AUTHORITY
  207. Logon ID: 0x3E5
  208.  
  209. Cryptographic Parameters:
  210. Provider Name: Microsoft Software Key Storage Provider
  211. Algorithm Name: UNKNOWN
  212. Key Name: neal.kim@champlain.edu
  213. Key Type: User key.
  214.  
  215. Cryptographic Operation:
  216. Operation: Open Key.
  217. Return Code: 0x80090016
  218. Event Xml:
  219. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  220. <System>
  221. <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
  222. <EventID>5061</EventID>
  223. <Version>0</Version>
  224. <Level>0</Level>
  225. <Task>12290</Task>
  226. <Opcode>0</Opcode>
  227. <Keywords>0x8010000000000000</Keywords>
  228. <TimeCreated SystemTime="2018-04-08T23:20:47.662605800Z" />
  229. <EventRecordID>57369</EventRecordID>
  230. <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
  231. <Execution ProcessID="704" ThreadID="136" />
  232. <Channel>Security</Channel>
  233. <Computer>ForensicVDI-22.champlain.edu</Computer>
  234. <Security />
  235. </System>
  236. <EventData>
  237. <Data Name="SubjectUserSid">S-1-5-19</Data>
  238. <Data Name="SubjectUserName">LOCAL SERVICE</Data>
  239. <Data Name="SubjectDomainName">NT AUTHORITY</Data>
  240. <Data Name="SubjectLogonId">0x3e5</Data>
  241. <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
  242. <Data Name="AlgorithmName">UNKNOWN</Data>
  243. <Data Name="KeyName">neal.kim@champlain.edu</Data>
  244. <Data Name="KeyType">%%2500</Data>
  245. <Data Name="Operation">%%2480</Data>
  246. <Data Name="ReturnCode">0x80090016</Data>
  247. </EventData>
  248. </Event>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!