Tracing the source spurious of logon attempts emmanating from a desktop PC

  • Thread starter Thread starter Bernd Wechner
  • Start date Start date
B

Bernd Wechner

Guest
I'm stumped on this. It's been plaguing my desktop for a year or more and I'm getting Wazuh reports about it. The symptom is perhaps best summarised by an anonymised Security log entry:A logon was attempted using explicit credentials.Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x144C5 Logon GUID: {00000000-0000-0000-0000-000000000000}Account Whose Credentials Were Used: Account Name: an_admin_account_that_does_not_even_exist_but_did_some_years_ago Account Domain: US L

Continue reading...
 
Back
Top