Event 4625 help - svchost.exe and encrypted user name


  • I am getting tons of these errors everyday for the past weeks, all having the same account name. I tried decoding the name using base64 but it seems that it uses another encryption.  I really do not know what is going on because the process name is ssytem32/svchost.exe which contains manyy other processes and the logon type is using a batch file. i would really appreciate any help on what to look for next.

    - EventData
    SubjectUserSid S-1-5-18
    SubjectUserName ET01$
    SubjectDomainName WORKGROUP
    SubjectLogonId 0x3e7
    TargetUserSid S-1-0-0
    Status 0xc000006d
    FailureReason %%2313
    SubStatus 0xc0000064
    LogonType 4
    LogonProcessName Advapi
    AuthenticationPackageName Negotiate
    WorkstationName ET01
    TransmittedServices -
    LmPackageName -
    KeyLength 0
    ProcessId 0x120
    ProcessName C:\Windows\System32\svchost.exe
    IpAddress -
    IpPort -

    יום רביעי 11 יולי 2018 15:52

כל התגובות