Microsoft-Windows-KnownFolders

4 events across 1 channel

Event ID	Title	Channel
1000	Error %1 occurred while creating known folder %2 with path '%3'.	Microsoft-Windows-Known Folders API Service
1001	Error %1 occurred while initializing known folder %2 with ini file path '%3'.	Microsoft-Windows-Known Folders API Service
1002	Error %1 occurred while verifying known folder %2 with path '%3'.	Microsoft-Windows-Known Folders API Service
1003	Error %1 occurred while initializing known folder %2 with path '%3'.	Microsoft-Windows-Known Folders API Service

Event ID 1000 — Error %1 occurred while creating known folder %2 with path '%3'.

Provider: Microsoft-Windows-KnownFolders
Channel: Microsoft-Windows-Known Folders API Service
Level: 3
Samples: 1

Message

Error %1 occurred while creating known folder %2 with path '%3'.

Fields

Name	Description
`hrError`	—
`FolderId`	—
`Path`	—

Example Event

system:
  provider: Microsoft-Windows-KnownFolders
  guid: 8939299F-2315-4C5C-9B91-ABB86AA0627D
  event_source_name: ''
  event_id: 1000
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-06T02:00:56.161853+00:00'
  event_record_id: 75
  correlation: {}
  execution:
    process_id: 1140
    thread_id: 10696
  channel: Microsoft-Windows-Known Folders API Service
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  hrError: '0x80070005'
  FolderId: F1B32785-6FBA-4FCF-9D55-7B8E7F157091
  Path: C:\Windows\system32\config\systemprofile\AppData\Local
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1001 — Error %1 occurred while initializing known folder %2 with ini file path '%3'.

Provider: Microsoft-Windows-KnownFolders
Channel: Microsoft-Windows-Known Folders API Service

Message

Error %1 occurred while initializing known folder %2 with ini file path '%3'.

Fields

Name	Description
`hrError`	—
`FolderId`	—
`Path`	—

Event ID 1002 — Error %1 occurred while verifying known folder %2 with path '%3'.

Provider: Microsoft-Windows-KnownFolders
Channel: Microsoft-Windows-Known Folders API Service
Level: 3
Samples: 1

Message

Error %1 occurred while verifying known folder %2 with path '%3'.

Fields

Name	Description
`hrError`	—
`FolderId`	—
`Path`	—

Example Event

system:
  provider: Microsoft-Windows-KnownFolders
  guid: 8939299F-2315-4C5C-9B91-ABB86AA0627D
  event_source_name: ''
  event_id: 1002
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-06T00:57:42.446459+00:00'
  event_record_id: 67
  correlation: {}
  execution:
    process_id: 12400
    thread_id: 15400
  channel: Microsoft-Windows-Known Folders API Service
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  hrError: '0x80070002'
  FolderId: C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D
  Path: C:\ProgramData\OEM Links
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1003 — Error %1 occurred while initializing known folder %2 with path '%3'.

Provider: Microsoft-Windows-KnownFolders
Channel: Microsoft-Windows-Known Folders API Service
Level: 3
Samples: 1

Message

Error %1 occurred while initializing known folder %2 with path '%3'.

Fields

Name	Description
`hrError`	—
`FolderId`	—
`Path`	—

Example Event

system:
  provider: Microsoft-Windows-KnownFolders
  guid: 8939299F-2315-4C5C-9B91-ABB86AA0627D
  event_source_name: ''
  event_id: 1003
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-06T00:40:07.330914+00:00'
  event_record_id: 58
  correlation: {}
  execution:
    process_id: 1852
    thread_id: 12408
  channel: Microsoft-Windows-Known Folders API Service
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  hrError: '0x80070002'
  FolderId: B4BFCC3A-DB2C-424C-B029-7FE99A87C641
  Path: C:\Windows\system32\config\systemprofile\Desktop
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline