Event ID - 4648

Event Id4648
SourceMicrosoft-Windows-Security-Auditing
DescriptionA logon was attempted using explicit credentials.

Subject:
      Security ID:<Security ID>
      Account Name:<Account Name>
      Account Domain:<Domain Name>
      Logon ID:<Logon ID>
      Logon GUID:<Logon GUID>     

Account Whose Credentials Were Used:
      Account Name:<Account Name>
      Account Domain:<Domain Name>
      Logon GUID:<Logon GUID>     

Target Server:
      Target Server Name:<Target Server Name>
      Additional Information: <Additional Information>     

Process Information:
      Process ID: <Process ID>
      Process Name:<Process Name>     

Network Information:
      Network Address:<Network Address>
      Port:<Port>     

Event InformationCause :
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh