diff --git a/Forensics/Windows Event Logs.md b/Forensics/Windows Event Logs.md
index 95b67d1..6259777 100644
--- a/Forensics/Windows Event Logs.md	
+++ b/Forensics/Windows Event Logs.md	
@@ -32,7 +32,7 @@ Get-WinEvent -FilterHashTable @{LogName='<Category>';ID='<Event IDs>'} | fl
 
 ### Files
 
-* **11**: File opened (Applications & Services -> Microsoft -> Windows ->
+* **11**: File opened/created (Applications & Services -> Microsoft -> Windows ->
   Sysmon -> Operational)
 * **4656**: File changed (Windows Logs -> Security)
 * **13**: Registry value set (Applications & Services -> Microsoft -> Windows ->
@@ -85,7 +85,9 @@ The `Logon ID` is the session identifier.
 ### Active Directory Objects
 
 * **5136**: Attribute-level modification on AD object (e.g. Group Policy Objects)
+* **5137**: Directory service object was created
 * **5140**: Object Access
+* **5145**: Shared Access
 
 ### Logon Types