EventViewer: Audit Failure (from ME admin account) - old cache in ME config files?

Hello all,
This is going to be a long post unfortunately, but I will try to sum it up as best as I can.

Recently we started to get alerts on our SIEM mentioning our user account (lanswp) who is so to say our admin account for everything Endpoint Central (agent install, patching, os deployment, auto patch deploy etc...)

I noticed EventViewer log popping out every now and then mentioning Audit Failure (Security events) and it just says the following:

An account failed to log on.

Subject:

Security ID: NULL SID

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:

Security ID: NULL SID

Account Name: lanswp

Account Domain: sweeper

Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xC000006D

Sub Status: 0xC0000064

Process Information:

Caller Process ID: 0x0

Caller Process Name: -

Network Information:

Workstation Name: SWEEPER

Source Network Address: ::1

Source Port: 53484

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

So, this to me looks like account lanswp tried to do/go/scan something located on network (share probably) - but it wasn't domain\lanswp but it is comming in "local" form as sweeper\lanswp
It is important to mention that lanswp is a "domain only" account, it does not exist (as local user) on any other computer/server etc...

I have conducted a wide all inclusive hunt throughout the entire Endpoint Central, and foun no evidence or foul play regarding wrong credentials when it comes to lanswp account.
Wherever it was "involved" it's username was correctly put as domain\lanswp

Furthermore - I even reset it's password and updated it in ME - not a signle error happened, and all of our patching, installations continued normaly.
I even made a login to our ME server (Sweeper) with lanswp credentials and found no issues,
Also important to add, we are having no issues with the day-to-day working of MEEC, works like a swiss watch.

This issue drove me mad to the point that I run PowerShell to search for any and all mentions of lanswp in any and all .conf .json .bak .xml I mean every single file....

Powershell found the following:

1.) C:\Program Files\UEMS_CentralServer\conf\master.conf`

Line 9: userName=lanswp

2.) C:\Program Files\UEMS_CentralServer\webapps\DesktopCentral\conf\customer-config.json`

Line 18: "userName": "lanswp"

3.) C:\Program Files\UEMS_CentralServer\webapps\DesktopCentral\conf\customer-config.bak`

Line 18: "userName": "lanswp"

4.) C:\Program Files\UEMS_CentralServer\conf\server-status.json`

Line 40: "userName": "lanswp"

5.) C:\Program Files\UEMS_CentralServer\conf\user-config.json`

Line 9: "userName": "lanswp"

6.) C:\Program Files\UEMS_CentralServer\conf\custom_params.conf`

Line 4: username=lanswp

7.)C:\Program Files\UEMS_CentralServer\conf\client_config.json`

Line 21: "userName": "lanswp"

All other mentions are written as domain\lanswp except those above.

Finally ^^
My question to you fine ladies and gentleman is....
Did I just found my issue? Is this my culprit?
Is it supposed to be domain\lanswp in every single mention of this account?

What can I do now? Do I need (or dare) to manualy edit every single enty from above to domain\lanswp?
Is there any legit way this can be done right and "by the book" - Can it somehow be an old cache from PostgreSQL database?

.....help!