Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 4/8/2018 11:03:28 AM
- Event ID: 5038
- Task Category: System Integrity
- Level: Information
- Keywords: Audit Failure
- User: N/A
- Computer: ForensicVDI-22.champlain.edu
- Description:
- Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
- File Name: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
- <EventID>5038</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>12290</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8010000000000000</Keywords>
- <TimeCreated SystemTime="2018-04-08T18:03:28.816306100Z" />
- <EventRecordID>57092</EventRecordID>
- <Correlation />
- <Execution ProcessID="4" ThreadID="460" />
- <Channel>Security</Channel>
- <Computer>ForensicVDI-22.champlain.edu</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="param1">\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys</Data>
- </EventData>
- </Event>
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 4/8/2018 11:03:28 AM
- Event ID: 5038
- Task Category: System Integrity
- Level: Information
- Keywords: Audit Failure
- User: N/A
- Computer: ForensicVDI-22.champlain.edu
- Description:
- Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
- File Name: \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
- <EventID>5038</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>12290</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8010000000000000</Keywords>
- <TimeCreated SystemTime="2018-04-08T18:03:28.818058400Z" />
- <EventRecordID>57093</EventRecordID>
- <Correlation />
- <Execution ProcessID="4" ThreadID="460" />
- <Channel>Security</Channel>
- <Computer>ForensicVDI-22.champlain.edu</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="param1">\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys</Data>
- </EventData>
- </Event>
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 4/8/2018 4:20:47 PM
- Event ID: 5061
- Task Category: System Integrity
- Level: Information
- Keywords: Audit Failure
- User: N/A
- Computer: ForensicVDI-22.champlain.edu
- Description:
- Cryptographic operation.
- Subject:
- Security ID: LOCAL SERVICE
- Account Name: LOCAL SERVICE
- Account Domain: NT AUTHORITY
- Logon ID: 0x3E5
- Cryptographic Parameters:
- Provider Name: Microsoft Software Key Storage Provider
- Algorithm Name: UNKNOWN
- Key Name: neal.kim@champlain.edu
- Key Type: User key.
- Cryptographic Operation:
- Operation: Open Key.
- Return Code: 0x80090016
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
- <EventID>5061</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>12290</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8010000000000000</Keywords>
- <TimeCreated SystemTime="2018-04-08T23:20:47.663081000Z" />
- <EventRecordID>57370</EventRecordID>
- <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
- <Execution ProcessID="704" ThreadID="136" />
- <Channel>Security</Channel>
- <Computer>ForensicVDI-22.champlain.edu</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="SubjectUserSid">S-1-5-19</Data>
- <Data Name="SubjectUserName">LOCAL SERVICE</Data>
- <Data Name="SubjectDomainName">NT AUTHORITY</Data>
- <Data Name="SubjectLogonId">0x3e5</Data>
- <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
- <Data Name="AlgorithmName">UNKNOWN</Data>
- <Data Name="KeyName">neal.kim@champlain.edu</Data>
- <Data Name="KeyType">%%2500</Data>
- <Data Name="Operation">%%2480</Data>
- <Data Name="ReturnCode">0x80090016</Data>
- </EventData>
- </Event>
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 4/8/2018 4:20:47 PM
- Event ID: 5061
- Task Category: System Integrity
- Level: Information
- Keywords: Audit Failure
- User: N/A
- Computer: ForensicVDI-22.champlain.edu
- Description:
- Cryptographic operation.
- Subject:
- Security ID: LOCAL SERVICE
- Account Name: LOCAL SERVICE
- Account Domain: NT AUTHORITY
- Logon ID: 0x3E5
- Cryptographic Parameters:
- Provider Name: Microsoft Software Key Storage Provider
- Algorithm Name: UNKNOWN
- Key Name: neal.kim@champlain.edu
- Key Type: User key.
- Cryptographic Operation:
- Operation: Open Key.
- Return Code: 0x80090016
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
- <EventID>5061</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>12290</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8010000000000000</Keywords>
- <TimeCreated SystemTime="2018-04-08T23:20:47.664110500Z" />
- <EventRecordID>57371</EventRecordID>
- <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
- <Execution ProcessID="704" ThreadID="136" />
- <Channel>Security</Channel>
- <Computer>ForensicVDI-22.champlain.edu</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="SubjectUserSid">S-1-5-19</Data>
- <Data Name="SubjectUserName">LOCAL SERVICE</Data>
- <Data Name="SubjectDomainName">NT AUTHORITY</Data>
- <Data Name="SubjectLogonId">0x3e5</Data>
- <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
- <Data Name="AlgorithmName">UNKNOWN</Data>
- <Data Name="KeyName">neal.kim@champlain.edu</Data>
- <Data Name="KeyType">%%2500</Data>
- <Data Name="Operation">%%2480</Data>
- <Data Name="ReturnCode">0x80090016</Data>
- </EventData>
- </Event>
- Log Name: Security
- Source: Microsoft-Windows-Security-Auditing
- Date: 4/8/2018 4:20:47 PM
- Event ID: 5061
- Task Category: System Integrity
- Level: Information
- Keywords: Audit Failure
- User: N/A
- Computer: ForensicVDI-22.champlain.edu
- Description:
- Cryptographic operation.
- Subject:
- Security ID: LOCAL SERVICE
- Account Name: LOCAL SERVICE
- Account Domain: NT AUTHORITY
- Logon ID: 0x3E5
- Cryptographic Parameters:
- Provider Name: Microsoft Software Key Storage Provider
- Algorithm Name: UNKNOWN
- Key Name: neal.kim@champlain.edu
- Key Type: User key.
- Cryptographic Operation:
- Operation: Open Key.
- Return Code: 0x80090016
- Event Xml:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
- <EventID>5061</EventID>
- <Version>0</Version>
- <Level>0</Level>
- <Task>12290</Task>
- <Opcode>0</Opcode>
- <Keywords>0x8010000000000000</Keywords>
- <TimeCreated SystemTime="2018-04-08T23:20:47.662605800Z" />
- <EventRecordID>57369</EventRecordID>
- <Correlation ActivityID="{5EB2F85C-CF62-0005-5EF8-B25E62CFD301}" />
- <Execution ProcessID="704" ThreadID="136" />
- <Channel>Security</Channel>
- <Computer>ForensicVDI-22.champlain.edu</Computer>
- <Security />
- </System>
- <EventData>
- <Data Name="SubjectUserSid">S-1-5-19</Data>
- <Data Name="SubjectUserName">LOCAL SERVICE</Data>
- <Data Name="SubjectDomainName">NT AUTHORITY</Data>
- <Data Name="SubjectLogonId">0x3e5</Data>
- <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
- <Data Name="AlgorithmName">UNKNOWN</Data>
- <Data Name="KeyName">neal.kim@champlain.edu</Data>
- <Data Name="KeyType">%%2500</Data>
- <Data Name="Operation">%%2480</Data>
- <Data Name="ReturnCode">0x80090016</Data>
- </EventData>
- </Event>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement