An attempt was made to query the existence of a blank password for an account
On this page
There is a lot of confusion about this event and no good explanation. If you see this event for many different target account names I would investigate. Or if you see this event on many different systems where caller workstation name is the same. Otherwise ignore.
More: This event is worthless. I just set up a new Windows 10 VM, installed one very safe piece of software on it, and logged on as a non-admin user. After logon, that user, according to the security log, queried the existence of a blank password for every local account on the system. I'm certain the system is clean of malware. If this event at least included the process that made the request we'd have a chance of tracking down what is causing it but all you get is the target account and who did it.