![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Is this PC part of domain or company's network?
Try open start and search for cmd and open it and type:
ping 12.34.56.78
(the IP you shared)
And see if it response?
Do you recognize the second Account Domain name?
Windows event log ID 4648 fields- what does “network information” stand for?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
As per Microsoft docs, 4648 stands for
"This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command."
I am checking through event logs for identifying a security breach, and a 4648 event log is as follows.
A logon was attempted using explicit credentials.
Subject:
Security ID: SYSTEM
Account Name: <Removed>
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: Administrator
Account Domain: <Removed>
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x1e0f4
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Network Address: 12.34.56.78
Port: 12345
"
What does "Network Information" in the log stand for? Documentation was not clear for me and certainly 12.34.56.78 is another machine in the network.
Windows for home | Previous Windows versions | Internet and connectivity
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.