After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?