**/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364575} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364567} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364558} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364551} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364542} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364499} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364482} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364480} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364477} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364476} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364473} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364472} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360521} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360513} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360504} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360497} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360488} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360481} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276098} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276096} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276093} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276092} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276089} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276086} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275993} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275985} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275958} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275957} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275954} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275953} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275839} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275837} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275834} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275833} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275830} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275829} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275760} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275758} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275755} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275754} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275751} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275750} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275701} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275693} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275684} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275665} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275662} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275660} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275626} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275618} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275609} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275602} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275593} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275586} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275315} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275313} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275310} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275309} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275306} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275305} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275227} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275225} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275222} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275221} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275218} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275217} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: Remote Desktop ,,,,,,, Port number: 3389 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: UPnP Framework over TCP ,,,,,,, Port number: 2869 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SSDP Component of UPnP Framework ,,,,,,, Port number: 1900 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SMB over TCP ,,,,,,, Port number: 445 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Session Service ,,,,,,, Port number: 139 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Datagram Service ,,,,,,, Port number: 138 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Name Service ,,,,,,, Port number: 137 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Remote Assistance ,,,,,,, Path: %windir%\system32\sessmgr.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Network Diagnostics for Windows XP ,,,,,,, Path: %windir%\Network Diagnostic\xpnetdiag.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: WinVNC ,,,,,,, Path: C:\Program Files\TightVNC\WinVNC.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Skype ,,,,,,, Path: C:\Program Files\Skype\Phone\Skype.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: iTunes ,,,,,,, Path: C:\Program Files\iTunes\iTunes.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: AOL Loader ,,,,,,, Path: C:\Program Files\Common Files\AOL\Loader\aolload.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,848,NT AUTHORITY\SYSTEM,HONEYPOT,The following policy was active when the Windows Firewall started. ,,,,,,, Group Policy applied: No ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Operational mode: On ,,,,,,, Services: File and Printer Sharing: Disabled Remote Desktop: Disabled UPnP Framework: Disabled Allow remote administration: Disabled Allow unicast responses to multicast/broadcast traffic: Disabled Security Logging: Log dropped packets: Disabled Log successful connections Disabled ICMP: Allow incoming echo request: Enabled Allow incoming timestamp request: Enabled Allow incoming mask request: Disabled Allow incoming router request: Disabled Allow outgoing destination unreachable: Disabled Allow outgoing source quench: Disabled Allow outgoing parameter problem: Disabled ,,,,,,, Allow outgoing time exceeded: Disabled ,,,,,,, Allow redirect: Disabled ,,,,,,, Allow outgoing packet too big: Disabled,,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93533} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93523} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93516} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93429} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93427} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93424} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93423} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93420} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93419} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 924 Operation ID: {0,93417} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93415} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93413} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93410} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93409} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93406} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93405} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92954} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92950} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92949} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92940} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92932} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92923} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92916} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92907} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92900} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 816 Operation ID: {0,92887} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92879} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92871} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92862} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92855} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92846} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92839} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85274} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListD