**/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364575} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364567} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364558} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364551} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364542} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 936",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 936 Operation ID: {0,364499} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364482} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364480} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364477} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364476} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364473} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 940",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 940 Operation ID: {0,364472} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360521} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360513} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360504} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360497} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360488} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 664",,,,,,, " Object Type: File",,,,,,, " Process ID: 832",,,,,,, " Image File Name: C:\WINDOWS\system32\mmc.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 664 Operation ID: {0,360481} Process ID: 832 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276098} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276096} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276093} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276092} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276089} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,276086} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275993} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275985} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275958} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275957} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275954} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2192",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2192 Operation ID: {0,275953} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275839} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275837} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275834} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275833} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275830} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2112",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2112 Operation ID: {0,275829} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275760} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275758} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275755} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275754} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275751} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1832",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1832 Operation ID: {0,275750} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275701} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275693} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275684} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275665} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275662} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275660} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275626} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275618} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275609} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275602} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275593} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2160",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2160 Operation ID: {0,275586} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275315} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275313} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275310} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275309} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275306} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1740",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1740 Operation ID: {0,275305} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275227} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275225} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275222} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275221} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275218} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2216",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2216 Operation ID: {0,275217} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: Remote Desktop ,,,,,,, Port number: 3389 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: UPnP Framework over TCP ,,,,,,, Port number: 2869 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SSDP Component of UPnP Framework ,,,,,,, Port number: 1900 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SMB over TCP ,,,,,,, Port number: 445 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Session Service ,,,,,,, Port number: 139 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Datagram Service ,,,,,,, Port number: 138 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Name Service ,,,,,,, Port number: 137 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Remote Assistance ,,,,,,, Path: %windir%\system32\sessmgr.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Network Diagnostics for Windows XP ,,,,,,, Path: %windir%\Network Diagnostic\xpnetdiag.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: WinVNC ,,,,,,, Path: C:\Program Files\TightVNC\WinVNC.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Skype ,,,,,,, Path: C:\Program Files\Skype\Phone\Skype.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: iTunes ,,,,,,, Path: C:\Program Files\iTunes\iTunes.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: AOL Loader ,,,,,,, Path: C:\Program Files\Common Files\AOL\Loader\aolload.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,848,NT AUTHORITY\SYSTEM,HONEYPOT,The following policy was active when the Windows Firewall started. ,,,,,,, Group Policy applied: No ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Operational mode: On ,,,,,,, Services: File and Printer Sharing: Disabled Remote Desktop: Disabled UPnP Framework: Disabled Allow remote administration: Disabled Allow unicast responses to multicast/broadcast traffic: Disabled Security Logging: Log dropped packets: Disabled Log successful connections Disabled ICMP: Allow incoming echo request: Enabled Allow incoming timestamp request: Enabled Allow incoming mask request: Disabled Allow incoming router request: Disabled Allow outgoing destination unreachable: Disabled Allow outgoing source quench: Disabled Allow outgoing parameter problem: Disabled ,,,,,,, Allow outgoing time exceeded: Disabled ,,,,,,, Allow redirect: Disabled ,,,,,,, Allow outgoing packet too big: Disabled,,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93533} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93523} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 916 Operation ID: {0,93516} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93429} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93427} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93424} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93423} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93420} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 924 Operation ID: {0,93419} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 924 Operation ID: {0,93417} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93415} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93413} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93410} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93409} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93406} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 924 Operation ID: {0,93405} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92954} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92950} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92949} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92940} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92932} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92923} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92916} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92907} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 816 Operation ID: {0,92900} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 816 Operation ID: {0,92887} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92879} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92871} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92862} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92855} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92846} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 816",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 816 Operation ID: {0,92839} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85274} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85272} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85269} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85268} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85259} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1424",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,85252} Process ID: 1424 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBFB5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Logon/Logoff ,540,NT AUTHORITY\ANONYMOUS LOGON,HONEYPOT,"Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x13E72) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Secondary Logon Service",,,,,,, **/**/2007,Security,Success Audit,Policy Change ,615,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"IPSec Services: IPSec Services has started successfully." **/**/2007,Security,Failure Audit,Policy Change ,615,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem." **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: KSecDD",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: LAN Manager Workstation Service",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1248",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,NT AUTHORITY\SYSTEM,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1248",,,,,,, " Object Type: File",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, " Access Mask: WriteData (or AddFile) ",,,,,,, " AppendData (or AddSubdirectory or CreatePipeInstance) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1252",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,NT AUTHORITY\SYSTEM,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1252",,,,,,, " Object Type: File",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, " Access Mask: WRITE_DAC ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1252",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,NT AUTHORITY\SYSTEM,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\SA.DAT Handle ID: 1248 Operation ID: {0,59104} Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: HONEYPOT$ Primary Domain: MSHOME Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL WRITE_DAC SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: CHAP",,,,,,, **/**/2007,Security,Success Audit,Policy Change ,806,NT AUTHORITY\SYSTEM,HONEYPOT,"Per User Audit Policy was refreshed. Number of elements: 0 Policy ID: (0x0,0xC594) " **/**/2007,Security,Success Audit,Privilege Use ,576,HONEYPOT\shelly,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xBFB5) Privileges: SeChangeNotifyPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,HONEYPOT\shelly,HONEYPOT,"Successful Logon: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xBFB5) Logon Type: 2 Logon Process: User32 Authentication Package: Negotiate Workstation Name: HONEYPOT Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Account Logon ,680,NT AUTHORITY\SYSTEM,HONEYPOT,Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: shelly,,,,,,, Source Workstation: HONEYPOT,,,,,,, Error Code: 0x0,,,,,,, **/**/2007,Security,Success Audit,Logon/Logoff ,538,HONEYPOT\shelly,HONEYPOT,"User Logoff: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xBF7A) Logon Type: 2 " **/**/2007,Security,Success Audit,Privilege Use ,576,HONEYPOT\shelly,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xBF7A) Privileges: SeChangeNotifyPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,HONEYPOT\shelly,HONEYPOT,"Successful Logon: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xBF7A) Logon Type: 2 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: HONEYPOT Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Account Logon ,680,NT AUTHORITY\SYSTEM,HONEYPOT,Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: shelly,,,,,,, Source Workstation: HONEYPOT,,,,,,, Error Code: 0x0,,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Failure Audit,Object Access ,560,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Object Open: Object Server: SC Manager Object Type: SC_MANAGER OBJECT Object Name: ServicesActive Handle ID: - Operation ID: {0,44615} Process ID: 640 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: HONEYPOT$ Primary Domain: MSHOME Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: READ_CONTROL Connect to service controller Lock service database for exclusive access Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: DCOMSCM",,,,,,, **/**/2007,Security,Success Audit,System Event ,518,NT AUTHORITY\SYSTEM,HONEYPOT,An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes. " Notification Package Name: scecli",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Winlogon\MSGina",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Winlogon",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: KSecDD",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\wdigest.dll : WDigest",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Schannel",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Microsoft Unified Security Protocol Provider",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : NTLM",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\kerberos.dll : Kerberos",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\LSASRV.dll : Negotiate",,,,,,, **/**/2007,Security,Success Audit,System Event ,513,NT AUTHORITY\SYSTEM,HONEYPOT,Windows is shutting down. All logon sessions will be terminated by this shutdown. **/**/2007,Security,Success Audit,Logon/Logoff ,551,HONEYPOT\shelly,HONEYPOT,"User initiated logoff: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xb8fc) " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181574} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181566} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181532} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181525} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181516} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,181509} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180830} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180822} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180813} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180806} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180797} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180790} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180760} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180752} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180743} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180735} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180679} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180672} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180623} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180621} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180618} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180617} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180614} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1940",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1940 Operation ID: {0,180609} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180173} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180165} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180162} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180161} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180158} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1916 Operation ID: {0,180153} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180028} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180026} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180023} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180022} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180019} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1892",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1892 Operation ID: {0,180014} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179159} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179157} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179154} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179153} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179150} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1888",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1888 Operation ID: {0,179149} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: Remote Desktop ,,,,,,, Port number: 3389 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: UPnP Framework over TCP ,,,,,,, Port number: 2869 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SSDP Component of UPnP Framework ,,,,,,, Port number: 1900 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: SMB over TCP ,,,,,,, Port number: 445 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Session Service ,,,,,,, Port number: 139 ,,,,,,, Protocol: TCP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Datagram Service ,,,,,,, Port number: 138 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,850,NT AUTHORITY\SYSTEM,HONEYPOT,A port was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Name: NetBIOS Name Service ,,,,,,, Port number: 137 ,,,,,,, Protocol: UDP ,,,,,,, State: Disabled ,,,,,,, Scope: Local subnet only,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Remote Assistance ,,,,,,, Path: %windir%\system32\sessmgr.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Network Diagnostics for Windows XP ,,,,,,, Path: %windir%\Network Diagnostic\xpnetdiag.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: WinVNC ,,,,,,, Path: C:\Program Files\TightVNC\WinVNC.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: Skype ,,,,,,, Path: C:\Program Files\Skype\Phone\Skype.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: iTunes ,,,,,,, Path: C:\Program Files\iTunes\iTunes.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,849,NT AUTHORITY\SYSTEM,HONEYPOT,An application was listed as an exception when the Windows Firewall started. ,,,,,,, Policy origin: Local Policy ,,,,,,, Profile used: Standard ,,,,,,, Name: AOL Loader ,,,,,,, Path: C:\Program Files\Common Files\AOL\Loader\aolload.exe ,,,,,,, State: Enabled ,,,,,,, Scope: All subnets,,,,,,, **/**/2007,Security,Success Audit,Policy Change ,848,NT AUTHORITY\SYSTEM,HONEYPOT,The following policy was active when the Windows Firewall started. ,,,,,,, Group Policy applied: No ,,,,,,, Profile used: Standard ,,,,,,, Interface: All interfaces ,,,,,,, Operational mode: On ,,,,,,, Services: ,,,,,,, File and Printer Sharing: Disabled ,,,,,,, Remote Desktop: Disabled ,,,,,,, UPnP Framework: Disabled ,,,,,,, Allow remote administration: Disabled ,,,,,,, Allow unicast responses to multicast/broadcast traffic: Disabled ,,,,,,, Security Logging: ,,,,,,, Log dropped packets: Disabled ,,,,,,, Log successful connections Disabled ,,,,,,, ICMP: ,,,,,,, Allow incoming echo request: Enabled ,,,,,,, Allow incoming timestamp request: Enabled ,,,,,,, Allow incoming mask request: Disabled ,,,,,,, Allow incoming router request: Disabled ,,,,,,, Allow outgoing destination unreachable: Disabled ,,,,,,, Allow outgoing source quench: Disabled ,,,,,,, Allow outgoing parameter problem: Disabled ,,,,,,, Allow outgoing time exceeded: Disabled ,,,,,,, Allow redirect: Disabled ,,,,,,, Allow outgoing packet too big: Disabled,,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89532} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89522} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89515} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89504} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89496} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89487} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89480} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89471} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Music\Desktop.ini Handle ID: 988 Operation ID: {0,89464} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 988 Operation ID: {0,89456} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89448} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89440} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89431} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89424} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89415} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 988",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 988 Operation ID: {0,89407} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88967} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88963} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88958} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88947} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88939} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88930} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88923} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88914} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\My Pictures\Desktop.ini Handle ID: 872 Operation ID: {0,88907} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents Handle ID: 872 Operation ID: {0,88569} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88561} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88553} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88544} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88537} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88528} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 872",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 872 Operation ID: {0,88521} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78668} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78666} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78663} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78662} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78659} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1384",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 712 Operation ID: {0,78658} Process ID: 1384 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xB8FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Logon/Logoff ,540,NT AUTHORITY\ANONYMOUS LOGON,HONEYPOT,"Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x11D03) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Secondary Logon Service",,,,,,, **/**/2007,Security,Success Audit,Policy Change ,615,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"IPSec Services: IPSec Services has started successfully." **/**/2007,Security,Failure Audit,Policy Change ,615,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem." **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: KSecDD",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: LAN Manager Workstation Service",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1272",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,NT AUTHORITY\SYSTEM,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1272",,,,,,, " Object Type: File",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, " Access Mask: WriteData (or AddFile) ",,,,,,, " AppendData (or AddSubdirectory or CreatePipeInstance) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1288",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,NT AUTHORITY\SYSTEM,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1288",,,,,,, " Object Type: File",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, " Access Mask: WRITE_DAC ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1288",,,,,,, " Process ID: 936",,,,,,, " Image File Name: C:\WINDOWS\system32\svchost.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,NT AUTHORITY\SYSTEM,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\SA.DAT Handle ID: 1272 Operation ID: {0,56373} Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: HONEYPOT$ Primary Domain: MSHOME Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL WRITE_DAC SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Policy Change ,806,NT AUTHORITY\SYSTEM,HONEYPOT,"Per User Audit Policy was refreshed. Number of elements: 0 Policy ID: (0x0,0xD65B) " **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: CHAP",,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,HONEYPOT\shelly,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xB8FC) Privileges: SeChangeNotifyPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,HONEYPOT\shelly,HONEYPOT,"Successful Logon: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xB8FC) Logon Type: 2 Logon Process: User32 Authentication Package: Negotiate Workstation Name: HONEYPOT Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Account Logon ,680,NT AUTHORITY\SYSTEM,HONEYPOT,Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: shelly,,,,,,, Source Workstation: HONEYPOT,,,,,,, Error Code: 0x0,,,,,,, **/**/2007,Security,Success Audit,Logon/Logoff ,538,HONEYPOT\shelly,HONEYPOT,"User Logoff: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xB8C1) Logon Type: 2 " **/**/2007,Security,Success Audit,Privilege Use ,576,HONEYPOT\shelly,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xB8C1) Privileges: SeChangeNotifyPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,HONEYPOT\shelly,HONEYPOT,"Successful Logon: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xB8C1) Logon Type: 2 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: HONEYPOT Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Account Logon ,680,NT AUTHORITY\SYSTEM,HONEYPOT,Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: shelly,,,,,,, Source Workstation: HONEYPOT,,,,,,, Error Code: 0x0,,,,,,, **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\LOCAL SERVICE,HONEYPOT,"Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Failure Audit,Object Access ,560,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Object Open: Object Server: SC Manager Object Type: SC_MANAGER OBJECT Object Name: ServicesActive Handle ID: - Operation ID: {0,42546} Process ID: 644 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: HONEYPOT$ Primary Domain: MSHOME Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: READ_CONTROL Connect to service controller Lock service database for exclusive access Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: DCOMSCM",,,,,,, **/**/2007,Security,Success Audit,System Event ,518,NT AUTHORITY\SYSTEM,HONEYPOT,An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes. " Notification Package Name: scecli",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Winlogon\MSGina",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: Winlogon",,,,,,, **/**/2007,Security,Success Audit,System Event ,515,NT AUTHORITY\SYSTEM,HONEYPOT,A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. ,,,,,,, " Logon Process Name: KSecDD",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\wdigest.dll : WDigest",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Schannel",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Microsoft Unified Security Protocol Provider",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : NTLM",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\kerberos.dll : Kerberos",,,,,,, **/**/2007,Security,Success Audit,System Event ,514,NT AUTHORITY\SYSTEM,HONEYPOT,An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. " Authentication Package Name: C:\WINDOWS\system32\LSASRV.dll : Negotiate",,,,,,, **/**/2007,Security,Success Audit,System Event ,513,NT AUTHORITY\SYSTEM,HONEYPOT,Windows is shutting down. All logon sessions will be terminated by this shutdown. **/**/2007,Security,Success Audit,Logon/Logoff ,551,HONEYPOT\shelly,HONEYPOT,"User initiated logoff: User Name: shelly Domain: HONEYPOT Logon ID: (0x0,0xbe66) " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020139} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020137} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020134} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020133} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020130} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2020125} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018699} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018697} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018694} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018693} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018690} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1620",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1620 Operation ID: {0,2018689} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017922} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017920} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017917} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017916} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017913} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2168",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2168 Operation ID: {0,2017912} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017833} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017831} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017828} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017827} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017824} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2280",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2280 Operation ID: {0,2017823} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017702} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017700} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017697} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017696} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017693} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2292",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2292 Operation ID: {0,2017692} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017607} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017605} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017602} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017601} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017598} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2036",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2036 Operation ID: {0,2017595} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016774} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016772} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016769} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016768} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016765} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2200",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2200 Operation ID: {0,2016760} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015396} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015394} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015391} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015390} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015387} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2392",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2392 Operation ID: {0,2015384} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015099} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015091} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015082} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015075} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015066} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1356",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1356 Operation ID: {0,2015059} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014943} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014935} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014926} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014919} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014910} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1936",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 1936 Operation ID: {0,2014903} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014084} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014082} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014079} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014078} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014075} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2296",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\My Documents\desktop.ini Handle ID: 2296 Operation ID: {0,2014074} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Privilege Use ,576,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeChangeNotifyPrivilege" **/**/2007,Security,Success Audit,Logon/Logoff ,528,NT AUTHORITY\NETWORK SERVICE,HONEYPOT,"Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: {00000000-0000-0000-0000-000000000000}" **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1984",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1492",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1492",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\mp3s\01 Ballade No. 1 in g-Moll, op. 23.mp3 Handle ID: 1492 Operation ID: {0,1931465} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1984",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\mp3s Handle ID: 1984 Operation ID: {0,1930208} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1756",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1756",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\mp3s Handle ID: 1756 Operation ID: {0,1930087} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1924",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1708",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1708",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1708",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Video\Thumbs.db Handle ID: 1708 Operation ID: {0,1927000} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures Handle ID: 1840 Operation ID: {0,1925614} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures Handle ID: 1840 Operation ID: {0,1925604} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1924",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Video Handle ID: 1924 Operation ID: {0,1924927} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1916",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Video Handle ID: 1916 Operation ID: {0,1924638} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1528",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2020",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1528",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1528",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures Handle ID: 2020 Operation ID: {0,1923862} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2020",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2020",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures Handle ID: 2020 Operation ID: {0,1923667} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1840",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures Handle ID: 1840 Operation ID: {0,1922950} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1656",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1656",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures Handle ID: 1656 Operation ID: {0,1922927} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2020",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1352",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1352",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics Handle ID: 1352 Operation ID: {0,1920980} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1672",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1968",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1780",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics Handle ID: 1780 Operation ID: {0,1920227} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1780",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics Handle ID: 1780 Operation ID: {0,1920224} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1968",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics\beachbunny.jpg Handle ID: 1968 Operation ID: {0,1920218} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1672",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics\beachbunny.jpg Handle ID: 1672 Operation ID: {0,1920100} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1712",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1712",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics\Thumbs.db Handle ID: 1712 Operation ID: {0,1916152} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 2020",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics Handle ID: 2020 Operation ID: {0,1915713} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1804",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1804",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\vacation pics Handle ID: 1804 Operation ID: {0,1915547} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 2068",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1968",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1688",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1688",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Thumbs.db Handle ID: 1688 Operation ID: {0,1845398} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Thumbs.db Handle ID: 1964 Operation ID: {0,1845224} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1688",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1688",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1688",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Thumbs.db Handle ID: 1688 Operation ID: {0,1845204} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Thumbs.db Handle ID: 1532 Operation ID: {0,1845201} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11124.jpg Handle ID: 1532 Operation ID: {0,1845177} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11124.jpg Handle ID: 1964 Operation ID: {0,1845166} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11123.jpg Handle ID: 1964 Operation ID: {0,1845138} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11123.jpg Handle ID: 1532 Operation ID: {0,1845128} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11122.jpg Handle ID: 1532 Operation ID: {0,1845091} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11122.jpg Handle ID: 1964 Operation ID: {0,1845081} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11121.jpg Handle ID: 1964 Operation ID: {0,1844971} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11121.jpg Handle ID: 1532 Operation ID: {0,1844960} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11120.jpg Handle ID: 1532 Operation ID: {0,1844928} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11120.jpg Handle ID: 1964 Operation ID: {0,1844918} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11119.jpg Handle ID: 1964 Operation ID: {0,1844892} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11119.jpg Handle ID: 1532 Operation ID: {0,1844882} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11118.jpg Handle ID: 1532 Operation ID: {0,1844769} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11118.jpg Handle ID: 1964 Operation ID: {0,1844759} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11117.jpg Handle ID: 1964 Operation ID: {0,1844732} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11117.jpg Handle ID: 1532 Operation ID: {0,1844722} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11116.jpg Handle ID: 1532 Operation ID: {0,1844687} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11116.jpg Handle ID: 1964 Operation ID: {0,1844676} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11115.jpg Handle ID: 1964 Operation ID: {0,1844648} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11115.jpg Handle ID: 1532 Operation ID: {0,1844638} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11114.jpg Handle ID: 1532 Operation ID: {0,1844526} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11114.jpg Handle ID: 1964 Operation ID: {0,1844515} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11113.jpg Handle ID: 1964 Operation ID: {0,1844485} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11113.jpg Handle ID: 1532 Operation ID: {0,1844474} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11112.jpg Handle ID: 1532 Operation ID: {0,1844446} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11112.jpg Handle ID: 1964 Operation ID: {0,1844435} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11111.jpg Handle ID: 1964 Operation ID: {0,1844407} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11111.jpg Handle ID: 1532 Operation ID: {0,1844396} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11110.jpg Handle ID: 1532 Operation ID: {0,1844371} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11110.jpg Handle ID: 1964 Operation ID: {0,1844360} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11109.jpg Handle ID: 1964 Operation ID: {0,1844332} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11109.jpg Handle ID: 1532 Operation ID: {0,1844322} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11108.jpg Handle ID: 1532 Operation ID: {0,1844295} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11108.jpg Handle ID: 1964 Operation ID: {0,1844285} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11107.jpg Handle ID: 1964 Operation ID: {0,1844171} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11107.jpg Handle ID: 1532 Operation ID: {0,1844161} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11106.jpg Handle ID: 1532 Operation ID: {0,1844134} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11106.jpg Handle ID: 1964 Operation ID: {0,1844123} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11105.jpg Handle ID: 1964 Operation ID: {0,1844098} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11105.jpg Handle ID: 1532 Operation ID: {0,1844088} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11104.jpg Handle ID: 1532 Operation ID: {0,1844057} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11104.jpg Handle ID: 1964 Operation ID: {0,1844049} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11103.jpg Handle ID: 1964 Operation ID: {0,1844022} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11103.jpg Handle ID: 1532 Operation ID: {0,1844012} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11102.jpg Handle ID: 1532 Operation ID: {0,1843975} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11102.jpg Handle ID: 1964 Operation ID: {0,1843964} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11101.jpg Handle ID: 1964 Operation ID: {0,1843938} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11101.jpg Handle ID: 1532 Operation ID: {0,1843927} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11100.jpg Handle ID: 1532 Operation ID: {0,1843776} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11100.jpg Handle ID: 1964 Operation ID: {0,1843716} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11099.jpg Handle ID: 1964 Operation ID: {0,1843688} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11099.jpg Handle ID: 1532 Operation ID: {0,1843678} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11098.jpg Handle ID: 1532 Operation ID: {0,1843634} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11098.jpg Handle ID: 1964 Operation ID: {0,1843626} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11097.jpg Handle ID: 1964 Operation ID: {0,1843600} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11097.jpg Handle ID: 1532 Operation ID: {0,1843589} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11096.jpg Handle ID: 1532 Operation ID: {0,1843563} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11096.jpg Handle ID: 1964 Operation ID: {0,1843553} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11095.jpg Handle ID: 1964 Operation ID: {0,1843524} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11095.jpg Handle ID: 1532 Operation ID: {0,1843514} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11094.jpg Handle ID: 1532 Operation ID: {0,1843485} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11094.jpg Handle ID: 1964 Operation ID: {0,1843477} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11093.jpg Handle ID: 1964 Operation ID: {0,1843363} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11093.jpg Handle ID: 1532 Operation ID: {0,1843353} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11092.jpg Handle ID: 1532 Operation ID: {0,1843325} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11092.jpg Handle ID: 1964 Operation ID: {0,1843315} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11091.jpg Handle ID: 1964 Operation ID: {0,1843290} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11091.jpg Handle ID: 1532 Operation ID: {0,1843280} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11090.jpg Handle ID: 1532 Operation ID: {0,1843241} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11090.jpg Handle ID: 1964 Operation ID: {0,1843233} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11089.jpg Handle ID: 1964 Operation ID: {0,1843159} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11089.jpg Handle ID: 1532 Operation ID: {0,1843149} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11088.jpg Handle ID: 1532 Operation ID: {0,1843110} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11088.jpg Handle ID: 1964 Operation ID: {0,1843099} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11087.jpg Handle ID: 1964 Operation ID: {0,1842986} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11087.jpg Handle ID: 1532 Operation ID: {0,1842976} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11086.jpg Handle ID: 1532 Operation ID: {0,1842949} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11086.jpg Handle ID: 1964 Operation ID: {0,1842939} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11085.jpg Handle ID: 1964 Operation ID: {0,1842912} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11085.jpg Handle ID: 1532 Operation ID: {0,1842901} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11084.jpg Handle ID: 1532 Operation ID: {0,1842787} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11084.jpg Handle ID: 1964 Operation ID: {0,1842777} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11083.jpg Handle ID: 1964 Operation ID: {0,1842749} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11083.jpg Handle ID: 1532 Operation ID: {0,1842739} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11082.jpg Handle ID: 1532 Operation ID: {0,1842703} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11082.jpg Handle ID: 1964 Operation ID: {0,1842693} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11081.jpg Handle ID: 1964 Operation ID: {0,1842665} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11081.jpg Handle ID: 1532 Operation ID: {0,1842655} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11080.jpg Handle ID: 1532 Operation ID: {0,1842544} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11080.jpg Handle ID: 1964 Operation ID: {0,1842533} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11079.jpg Handle ID: 1964 Operation ID: {0,1842510} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11079.jpg Handle ID: 1532 Operation ID: {0,1842500} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11078.jpg Handle ID: 1532 Operation ID: {0,1842464} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11078.jpg Handle ID: 1964 Operation ID: {0,1842454} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11077.jpg Handle ID: 1964 Operation ID: {0,1842429} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11077.jpg Handle ID: 1532 Operation ID: {0,1842419} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11076.jpg Handle ID: 1532 Operation ID: {0,1842392} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11076.jpg Handle ID: 1964 Operation ID: {0,1842381} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11075.jpg Handle ID: 1964 Operation ID: {0,1842356} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11075.jpg Handle ID: 1532 Operation ID: {0,1842346} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11074.jpg Handle ID: 1532 Operation ID: {0,1842319} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11074.jpg Handle ID: 1964 Operation ID: {0,1842309} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11073.jpg Handle ID: 1964 Operation ID: {0,1842281} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11073.jpg Handle ID: 1532 Operation ID: {0,1842270} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11072.jpg Handle ID: 1532 Operation ID: {0,1842145} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11072.jpg Handle ID: 1964 Operation ID: {0,1842135} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11071.jpg Handle ID: 1964 Operation ID: {0,1842109} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11071.jpg Handle ID: 1532 Operation ID: {0,1842099} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadData (or ListDirectory) ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,567,HONEYPOT\shelly,HONEYPOT,Object Access Attempt: " Object Server: Security",,,,,,, " Handle ID: 1532",,,,,,, " Object Type: File",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, " Access Mask: ReadAttributes ",,,,,,, " ",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11070.jpg Handle ID: 1532 Operation ID: {0,1842070} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: HONEYPOT Primary Logon ID: (0x0,0xBE66) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 " **/**/2007,Security,Success Audit,Object Access ,562,HONEYPOT\shelly,HONEYPOT,Handle Closed: " Object Server: Security",,,,,,, " Handle ID: 1964",,,,,,, " Process ID: 1396",,,,,,, " Image File Name: C:\WINDOWS\explorer.exe",,,,,,, **/**/2007,Security,Success Audit,Object Access ,560,HONEYPOT\shelly,HONEYPOT,"Object Open: Object Server: Security Object Type: File Object Name: C:\Documents and Settings\shelly\Desktop\Other Pictures\Pictures\Paulinaxa11070.jpg Handle ID: 1964 Operation ID: {0,1842060} Process ID: 1396 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: shelly Primary Domain: