Note a network logon from benignadmin as well as forged RIDs:
It is better not to use user accounts for running services on them, but if you do, make sure to use really strong passwords! Computer accounts generate long and complex passwords and they change frequently, so they are better suited for running services on. Better yet, follow good practices such as using Group Managed Service Accounts for running more secure services.
Impersonating Service Accounts with Silver Tickets
How Attackers Use Kerberos Silver Tickets to Exploit Systems