Event Type: SuccessAudit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 10/26/2009 12:00:00 AM
Time: 07:41:23
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINDOWS\Tasks\At1.job
Handle ID: 2428
Operation ID: {0,6451050}
Process ID: 880
Image File Name: C:\WINDOWS\system32\svchost.exe
Primary User Name: DC1$
Primary Domain: RESEARCH
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: READ_CONTROL
SYNCHRONIZE
WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
WriteEA
ReadAttributes
WriteAttributes
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x120196
|