Microsoft-Windows-WinINet-Capture
5 events across 2 channels
| Event ID | Title | Channel |
|---|---|---|
| 2001 | The WinINet request header buffer captured | Analytic |
| 2002 | The WinINet request payload buffer captured | Analytic |
| 2003 | The WinINet response header buffer captured | Analytic |
| 2004 | The WinINet response payload buffer captured | Analytic |
| 2005 | The WinINet TLS handshake failed with version mismatch error | Operational |
Event ID 2001 — The WinINet request header buffer captured
Description
The WinINet request header buffer captured.
Message #
Fields #
| Name | Description |
|---|---|
SessionId UInt32 | — |
SequenceNumber UInt32 | — |
Flags UInt32 | — |
PayloadByteLength UInt32 | — |
Payload Binary | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WinINet-Capture",
"guid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B",
"event_source_name": "",
"event_id": 2001,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223378638219509760,
"time_created": "2026-03-13T20:05:08.566286+00:00",
"event_record_id": 1,
"correlation": {
"ActivityID": "00CC0010-0008-0000-380F-581330A31411"
},
"execution": {
"process_id": 3896,
"thread_id": 4256
},
"channel": "Microsoft-Windows-WinINet-Capture/Analytic",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"SessionId": 1,
"SequenceNumber": 0,
"Flags": 3,
"PayloadByteLength": 442,
"Payload": "504F5354202F4F6E65436F6C6C6563746F722F312E3020485454502F312E310D0A4163636570743A202A2F2A0D0A4150494B65793A2034626234643666376361666334653932393266393732646361326463646534322D62643031396565382D653539632D346230662D613032632D3834653732313537613365662D373438350D0A436C69656E742D49643A204E4F5F415554480D0A436F6E74656E742D456E636F64696E673A206465666C6174650D0A436F6E74656E742D547970653A206170706C69636174696F6E2F626F6E642D636F6D706163742D62696E6172790D0A4578706563743A203130302D636F6E74696E75650D0A53444B2D56657273696F6E3A204556542D57696E646F77732D432B2B2D4E6F2D332E382E3234392E310D0A55706C6F61642D54696D653A20313737333433323330373631360D0A486F73743A2075732D7632302E6576656E74732E656E64706F696E742E73656375726974792E6D6963726F736F66742E636F6D0D0A436F6E74656E742D4C656E6774683A203436340D0A436F6E6E656374696F6E3A204B6565702D416C6976650D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D0A"
},
"message": ""
}
Event ID 2002 — The WinINet request payload buffer captured
Description
The WinINet request payload buffer captured.
Message #
Fields #
| Name | Description |
|---|---|
SessionId UInt32 | — |
SequenceNumber UInt32 | — |
Flags UInt32 | — |
PayloadByteLength UInt32 | — |
Payload Binary | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WinINet-Capture",
"guid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B",
"event_source_name": "",
"event_id": 2002,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223378638219509760,
"time_created": "2026-03-13T20:05:08.566306+00:00",
"event_record_id": 2,
"correlation": {
"ActivityID": "00CC0010-0008-0000-380F-581330A31411"
},
"execution": {
"process_id": 3896,
"thread_id": 4256
},
"channel": "Microsoft-Windows-WinINet-Capture/Analytic",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"SessionId": 1,
"SequenceNumber": 0,
"Flags": 1,
"PayloadByteLength": 464,
"Payload": "75914F8BD34018C6275AEB3628E261FD03825959C5D29D3033994C668A97A66D20879595B5BAB7324DDE40A84DDA24ECE227907E0F15FA2DBC96801FC10FE2C939AC78590FEFE5FD3DBC7F9EA77FDB7349DC83CB665E37BAA9375FBF7CFBFEFBE78F5F0F772FCA215F2C782AB220D159C24131C53215B034D1A652E0AC3DB4ADBCF36E7A3ADB1E9D37BA4875953A6763E775CE39892E9C817316C717270E554AF451FBC8B650FBD8B6E257C9506A1A08B210384D94C27CA1085609D798302594045F030B760F3EE6455A5ED5EE04EA6553AE51FBC4B6B67FBBCE75777742894B5CC604A32E75F52A153CABC02DF279059F40D76018F189C094F904B54F6D6B7778BA9E4006450AD5B8ACE01CAACB3C817DF71E77A974992066A4BF3FB85986DAE7E689DEAC58410315A4F9DD59B12CCAAB02B58E6DF59F4D3FBCC7D737E2F16080DF96D873CD54AE5C1A1F47D390853C18631A8423CCB994388C46147B5C0A26290FF9886F6E6D8F69144AA9A20916D154603EF57D2CA50C7044151BC9D0F70409507B6412E80E081912F3D94B63F0FECDBF34DBC8B670CFEE768C1D9BBC43A5117596E6B2FC8EE155830ECA2C9B379FD7807A35D4F5BCC95790DFA741E0718F794408E21B52E8F57F8859722341E80F"
},
"message": ""
}
Event ID 2003 — The WinINet response header buffer captured
Description
The WinINet response header buffer captured.
Message #
Fields #
| Name | Description |
|---|---|
SessionId UInt32 | — |
SequenceNumber UInt32 | — |
Flags UInt32 | — |
PayloadByteLength UInt32 | — |
Payload Binary | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WinINet-Capture",
"guid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B",
"event_source_name": "",
"event_id": 2003,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223378642514477056,
"time_created": "2026-03-13T20:05:08.652446+00:00",
"event_record_id": 3,
"correlation": {
"ActivityID": "00CC0010-0008-0000-380F-581330A31411"
},
"execution": {
"process_id": 3896,
"thread_id": 4256
},
"channel": "Microsoft-Windows-WinINet-Capture/Analytic",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"SessionId": 1,
"SequenceNumber": 0,
"Flags": 3,
"PayloadByteLength": 446,
"Payload": "485454502F312E312034303320416C6C204576656E7473205468726F74746C65642E0D0A436F6E74656E742D4C656E6774683A2035320D0A436F6E74656E742D547970653A206170706C69636174696F6E2F6A736F6E0D0A5365727665723A204D6963726F736F66742D485454504150492F322E300D0A5374726963742D5472616E73706F72742D53656375726974793A206D61782D6167653D33313533363030300D0A436F6C6C6563746F722D4572726F723A20416C6C204576656E7473205468726F74746C65642E0D0A4163636573732D436F6E74726F6C2D416C6C6F772D486561646572733A20436F6C6C6563746F722D4572726F720D0A4163636573732D436F6E74726F6C2D416C6C6F772D4D6574686F64733A20504F53540D0A4163636573732D436F6E74726F6C2D416C6C6F772D43726564656E7469616C733A20747275650D0A4163636573732D436F6E74726F6C2D416C6C6F772D4F726967696E3A202A0D0A4163636573732D436F6E74726F6C2D4578706F73652D486561646572733A20436F6C6C6563746F722D4572726F720D0A446174653A204672692C203133204D617220323032362032303A30353A303920474D540D0A0D0A"
},
"message": ""
}
Event ID 2004 — The WinINet response payload buffer captured
Description
The WinINet response payload buffer captured.
Message #
Fields #
| Name | Description |
|---|---|
SessionId UInt32 | — |
SequenceNumber UInt32 | — |
Flags UInt32 | — |
PayloadByteLength UInt32 | — |
Payload Binary | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WinINet-Capture",
"guid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B",
"event_source_name": "",
"event_id": 2004,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223378642514477056,
"time_created": "2026-03-13T20:05:08.652656+00:00",
"event_record_id": 4,
"correlation": {
"ActivityID": "00CC0010-0008-0000-380F-581330A31411"
},
"execution": {
"process_id": 3896,
"thread_id": 4256
},
"channel": "Microsoft-Windows-WinINet-Capture/Analytic",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"SessionId": 1,
"SequenceNumber": 0,
"Flags": 1,
"PayloadByteLength": 52,
"Payload": "7B22616363223A302C2272656A223A312C22656669223A7B224576656E744C6576656C5468726F74746C696E67223A5B305D7D7D"
},
"message": ""
}