This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, can someone help me to get out what kind of event is above?
I can't understand who or what trying to connect into 192.168.10.50 server.
A logon was attempted using explicit credentials.
Subject:
Security ID: SYSTEM
Account Name: PC-1074-050917$
Account Domain: test
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: admbaltsupuser
Account Domain: HEADOFFICE.test.LV
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: fileserver
Additional Information: cifs/fileserver
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Network Address: 192.168.10.50
Port: 445
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
System
- Provider
[ Name] Microsoft-Windows-Security-Auditing
[ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}
EventID 4648
Version 0
Level 0
Task 12544
Opcode 0
Keywords 0x8020000000000000
- TimeCreated
[ SystemTime] 2018-12-20T06:27:07.319340400Z
EventRecordID 127514
- Correlation
[ ActivityID] {FD92A94E-91ED-0003-6BA9-92FDED91D401}
- Execution
[ ProcessID] 792
[ ThreadID] 932
Channel Security
Computer PC-1074-050917.headoffice.test.lv
Security
SubjectUserSid S-1-5-18
SubjectUserName PC-1074-050917$
SubjectDomainName HEADOFFICE
SubjectLogonId 0x3e7
LogonGuid {00000000-0000-0000-0000-000000000000}
TargetUserName admbaltsupuser
TargetDomainName HEADOFFICE.test.LV
TargetLogonGuid {00000000-0000-0000-0000-000000000000}
TargetServerName fileserver
TargetInfo cifs/fileserver
ProcessId 0x4
ProcessName
IpAddress 192.168.10.50
IpPort 445
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
It looks like you have some kind of batch file that is automatically running and trying to connect to a server with the IP 192.168.10.50 With the account admbaltsupuser
Or if this is the file server where you have got this error it could be the connection coming from the IP address
I would suggest disabling this account or resetting the password if you are not expecting this activity to occur
