Event 4625 help - svchost.exe and encrypted user name

שאלה

• 

  

  0

  היכנס כדי להצביע

  I am getting tons of these errors everyday for the past weeks, all having the same account name. I tried decoding the name using base64 but it seems that it uses another encryption.  I really do not know what is going on because the process name is ssytem32/svchost.exe which contains manyy other processes and the logon type is using a batch file. i would really appreciate any help on what to look for next.

  -

  EventData

  SubjectUserSid

  S-1-5-18

  SubjectUserName

  ET01$

  SubjectDomainName

  WORKGROUP

  SubjectLogonId

  0x3e7

  TargetUserSid

  S-1-0-0

  TargetUserName

  @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAcDA5AgNAADAzAgMAQDABBQLAkDA4AAOAIEAtAANAMDA4AgMA0CACBAOAkDAFBQLAcDAFBgRAkDAFBARAcDAGBQRAQEA1AQRA0HA

  TargetDomainName

  Status

  0xc000006d

  FailureReason

  %%2313

  SubStatus

  0xc0000064

  LogonType

  4

  LogonProcessName

  Advapi

  AuthenticationPackageName

  Negotiate

  WorkstationName

  ET01

  TransmittedServices

  -

  LmPackageName

  -

  KeyLength

  0

  ProcessId

  0x120

  ProcessName

  C:\Windows\System32\svchost.exe

  IpAddress

  -

  IpPort

  -

  
  

  יום רביעי 11 יולי 2018 15:52

  תגובה

  |

  ציטוט