Remote Login and New admin account created on my machine - hacked?


  1. Posts : 48
    WIN10 PRO
       #1

    Remote Login and New admin account created on my machine - hacked?


    OK so a user named Lorenco was logged into my machine today when I went to login.
    This user account should not exist and was connected remotely I believe
    I captured all the event logs, what do I need to verify this was a hack or a legit login?
    Received user logon notification on session 4.
    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors
    event log cleared the user
    The audit log was cleared.
    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Domain Name: GROD
    Logon ID: 0x46D9E82

    A user's local group membership was enumerated.

    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD
    Logon ID: 0x46D9EA0

    User:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD

    Process Information:
    Process ID: 0x2618
    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe

    Much more in the logs..
      My Computer


  2. Posts : 48
    WIN10 PRO
    Thread Starter
       #2

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..

    Remote Login and New admin account created on my machine - hacked?-2016_11_25_03_01_091.png
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:15.
Find Us




Windows 10 Forums