2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 132 Process ID: 4290314272 2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: File Object Name: \??\F: New Handle ID: 132 Operation ID: {0,19640} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses SYNCHRONIZE ReadAttributes Privileges - 2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 128 Process ID: 4290314272 2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: File Object Name: \??\F: New Handle ID: 128 Operation ID: {0,19639} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges - 2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 136 Process ID: 4290314272 2/8/97,11:27:24 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: File Object Name: \??\F: New Handle ID: 136 Operation ID: {0,19638} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges - 2/8/97,11:27:21 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 132 Process ID: 4290314272 2/8/97,11:27:21 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: File Object Name: \??\A: New Handle ID: 132 Operation ID: {0,19580} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses SYNCHRONIZE ReadAttributes Privileges - 2/8/97,11:27:17 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 144 Process ID: 4290314272 2/8/97,11:27:17 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\ole32.dll New Handle ID: 144 Operation ID: {0,19479} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:27:17 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 120 Process ID: 4290314272 2/8/97,11:27:17 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \NLS\NlsSectionCType New Handle ID: 120 Operation ID: {0,19428} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses Map section for read Privileges - 2/8/97,11:27:04 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 116 Process ID: 4290314272 2/8/97,11:27:04 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Event Object Name: \BaseNamedObjects\SvcctrlStartEvent_A3752DX New Handle ID: 116 Operation ID: {0,19414} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses SYNCHRONIZE Privileges - 2/8/97,11:27:02 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 108 Process ID: 4290314272 2/8/97,11:27:02 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Event Object Name: \BaseNamedObjects\SvcctrlStartEvent_A3752DX New Handle ID: 108 Operation ID: {0,19260} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses SYNCHRONIZE Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,LUNA,Handle Closed: Object Server: Security Account Manager Handle ID: 1392264 Process ID: 4285542432 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: LUNA New Handle ID: 1392104 Operation ID: {0,19224} Process ID: 4285542432 Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses ReadPasswordParameters WritePasswordParameters CreateUser CreateLocalGroup GetLocalGroupMembership ListAccounts LookupIDs Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,LUNA,Handle Closed: Object Server: Security Account Manager Handle ID: 1392104 Process ID: 4285542432 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: LUNA New Handle ID: 1392264 Operation ID: {0,19223} Process ID: 4285542432 Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses ReadPasswordParameters CreateUser CreateLocalGroup GetLocalGroupMembership ListAccounts LookupIDs Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,NT AUTHORITY\SYSTEM,LUNA,Handle Closed: Object Server: Security Account Manager Handle ID: 1392264 Process ID: 4285542432 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: LUNA New Handle ID: 1392104 Operation ID: {0,19222} Process ID: 4285542432 Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses ReadPasswordParameters CreateUser GetLocalGroupMembership ListAccounts LookupIDs Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: LUNA New Handle ID: 1392264 Operation ID: {0,19221} Process ID: 4285542432 Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses CreateUser GetLocalGroupMembership ListAccounts LookupIDs Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Detailed Tracking ,594,hashii,LUNA,A handle to an object has been duplicated: Source Handle ID: 48 Source Process ID: 4290072064 Target Handle ID: 56 Target Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Desktop Object Name: \Default New Handle ID: 52 Operation ID: {0,19186} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Read Objects Create window Create menu Hook control Journal (record) Journal (playback) Include this desktop in enumerations Write objects Switch to this desktop Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: WindowStation Object Name: \Windows\WindowStations\WinSta0 New Handle ID: 48 Operation ID: {0,19185} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Enumerate desktops Read attributes Access Clipboard Create desktop Write attributes Access global atoms Exit windows Include this windowstation in enumerations Read screen Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 48 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \NLS\NlsSectionSortTbls New Handle ID: 48 Operation ID: {0,19178} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for read Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 44 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \NLS\NlsSectionSortkey New Handle ID: 44 Operation ID: {0,19177} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Query section state Map section for read Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 40 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \NLS\NlsSectionLocale New Handle ID: 40 Operation ID: {0,19176} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for read Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 36 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \NLS\NlsSectionUnicode New Handle ID: 36 Operation ID: {0,19175} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for read Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Detailed Tracking ,595,hashii,LUNA,Indirect access to an object has been obtained: Object Type: Port Object Name: \Windows\ApiPort Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Communicate using port 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\COMCTL32.dll New Handle ID: 16 Operation ID: {0,19173} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 24 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\shell32.dll New Handle ID: 24 Operation ID: {0,19172} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\comdlg32.dll New Handle ID: 16 Operation ID: {0,19171} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\rpcrt4.dll New Handle ID: 16 Operation ID: {0,19155} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 24 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\gdi32.dll New Handle ID: 24 Operation ID: {0,19154} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\user32.dll New Handle ID: 16 Operation ID: {0,19153} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 24 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\advapi32.dll New Handle ID: 24 Operation ID: {0,19152} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\kernel32.dll New Handle ID: 16 Operation ID: {0,19151} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 24 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Section Object Name: \KnownDlls\MSVCRT.dll New Handle ID: 24 Operation ID: {0,19150} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Map section for write Map section for read Map section for execute Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 16 Process ID: 4290072064 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: SymbolicLink Object Name: \KnownDlls\KnownDllPath New Handle ID: 16 Operation ID: {0,19145} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Use symbolic link Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Directory Object Name: \KnownDlls New Handle ID: 12 Operation ID: {0,19144} Process ID: 4290072064 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: - Client Domain: - Client Logon ID: - Accesses Query directory Traverse Privileges - 2/8/97,11:26:59 PM,Security,Success Audit,Detailed Tracking ,592,hashii,LUNA,A new process has been created: New Process ID: 4290072064 Image File Name: musrmgr.exe Creator Process ID: 4290176768 User Name: hashii Domain: LUNA Logon ID: (0x0,0x2751) 2/8/97,11:26:50 PM,Security,Success Audit,Object Access ,562,hashii,LUNA,Handle Closed: Object Server: Security Handle ID: 44 Process ID: 4290314272 2/8/97,11:26:50 PM,Security,Success Audit,Object Access ,560,hashii,LUNA,Object Open: Object Server: Security Object Type: Event Object Name: \BaseNamedObjects\SvcctrlStartEvent_A3752DX New Handle ID: 44 Operation ID: {0,19060} Process ID: 4290314272 Primary User Name: hashii Primary Domain: LUNA Primary Logon ID: (0x0,0x2751) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751) Accesses SYNCHRONIZE Privileges - 2/8/97,11:26:50 PM,Security,Success Audit,System Event ,517,NT AUTHORITY\SYSTEM,LUNA,The audit log was cleared Primary User Name: SYSTEM Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E7) Client User Name: hashii Client Domain: LUNA Client Logon ID: (0x0,0x2751)