I know searching through Event Viewer can be pointless, but I'm seeing a lot of these logons and don't have an IIS server.
They're exactly as posted here How to tell which service or task caused a certain 4624 logon event? by another user.
The answer indicated that the computer could be compromised but I don't think that's the case. However, being that I don't have an IIS server, I can't understand these logons and they're consistent.
Can someone with more knowledge kindly advise as to what these are if not related to a web-based logon/IIS server?
The rest of the event viewer general tab:An account was successfully logged on.
Subject: Security ID: SYSTEM Account Name: [HOSTNAME]$ Account Domain: WORKGROUP Logon ID: 0x3E7Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: No Elevated Token: YesImpersonation Level: ImpersonationNew Logon: Security ID: SYSTEM Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3E7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information: Process ID: 0x3b8 Process Name: C:\Windows\System32\services.exeNetwork Information: Workstation Name: - Source Network Address: - Source Port: -Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0