Microsoft-Windows-Winsock-NameResolution

16 events across 1 channel

Event ID	Title	Channel
1000	GetAddrInfoW is called for queryName NodeName, serviceName ServiceName, flags …	Operational
1001	GetAddrInfoW is completed for queryName NodeName with status Status and result …	Operational
1002	GetAddrInfoExW is called for queryName NodeName, serviceName ServiceName, …	Operational
1003	GetAddrInfoExW asynchronous query is pending for queryName: NodeName with cancel …	Operational
1004	GetAddrInfoExW is completed for queryName NodeName with status Status and result …	Operational
1005	GetAddrInfoExCancel is called for query CancelHandle and seq Location.	Operational
1006	NSPLookupServiceBegin is called for provider ProviderGUID, queryName QueryName, …	Operational
1007	NSPLookupServiceBegin is completed for provider ProviderGUID, queryName …	Operational
1008	NSPLookupServiceNext is called for provider ProviderGUID, control Flags …	Operational
1009	NSPLookupServiceNext is completed for provider ProviderGUID, control Flags …	Operational
1010	NSPLookupServiceEnd is called for provider ProviderGUID and lookup handle …	Operational
1011	NSPLookupServiceEnd completed for provider ProviderGUID and lookup handle …	Operational
1012	GetAddrInfoExW info.	Operational
1013	Wsa Startup.	Operational
1014	Wsa Cleanup.	Operational
1015	NSJOB info.	Operational

Event ID 1000 — GetAddrInfoW is called for queryName NodeName, serviceName ServiceName, flags Flags, family Family, socketType SocketType, protocol Protocol and seq Location.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

GetAddrInfoW is called for queryName NodeName, serviceName ServiceName, flags Flags, family Family, socketType SocketType, protocol Protocol and seq Location.

Message #

GetAddrInfoW is called for queryName %1, serviceName %2, flags %4, family %5, socketType %6, protocol %7 and seq %3

Fields #

Name	Description
`NodeName` UnicodeString	—
`ServiceName` UnicodeString	—
`Location` UInt32	—
`Flags` UInt32	—
`Family` UInt32	—
`SocketType` UInt32	—
`Protocol` UInt32	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1000,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:41.692985+00:00",
    "event_record_id": 17,
    "correlation": {
      "ActivityID": "4EC9235F-7114-46CF-A033-E58E6B97986C"
    },
    "execution": {
      "process_id": 832,
      "thread_id": 3636
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "ludus",
    "ServiceName": "NULL",
    "Location": 118,
    "Flags": 5,
    "Family": 0,
    "SocketType": 0,
    "Protocol": 0
  },
  "message": ""
}

Event ID 1001 — GetAddrInfoW is completed for queryName NodeName with status Status and result Result.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

GetAddrInfoW is completed for queryName NodeName with status Status and result Result.

Message #

GetAddrInfoW is completed for queryName %1 with status %2 and result %3

Fields #

Name	Description
`NodeName` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`Result` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1001,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:41.692988+00:00",
    "event_record_id": 18,
    "correlation": {
      "ActivityID": "4EC9235F-7114-46CF-A033-E58E6B97986C"
    },
    "execution": {
      "process_id": 832,
      "thread_id": 3636
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "ludus",
    "Status": 11001,
    "Result": ""
  },
  "message": ""
}

Event ID 1002 — GetAddrInfoExW is called for queryName NodeName, serviceName ServiceName, nameSpace NameSpace, nameSpace GUID NameSpaceGuid, flags Flags, family Family, socketType SocketType, protocol protocol, in...

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Message #

GetAddrInfoExW is called for queryName %1, serviceName %2, nameSpace %4, nameSpace GUID %5, flags %6, family %7, socketType %8, protocol %9, interface index %10, timeOut %11, asyncWithCallBack %12, asyncWithOverlapped %13 and seq %3

Fields #

Name	Description
`NodeName` UnicodeString	—
`ServiceName` UnicodeString	—
`Location` UInt32	—
`NameSpace` UInt32	—
`NameSpaceGuid` GUID	—
`Flags` UInt32	—
`Family` UInt32	—
`SocketType` UInt32	—
`protocol` UInt32	—
`InterfaceIndex` UInt32	—
`TimeOutInSec` UInt32	—
`AsyncWithCallback` UInt32	—
`AsyncWithOverlapped` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1002,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033434+00:00",
    "event_record_id": 188,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "us-v20.events.endpoint.security.microsoft.com",
    "ServiceName": "NULL",
    "Location": 226,
    "NameSpace": 12,
    "NameSpaceGuid": "00000000-0000-0000-0000-000000000000",
    "Flags": 131074,
    "Family": 0,
    "SocketType": 1,
    "protocol": 6,
    "InterfaceIndex": 0,
    "TimeOutInSec": 0,
    "AsyncWithCallback": 0,
    "AsyncWithOverlapped": 1
  },
  "message": ""
}

Event ID 1003 — GetAddrInfoExW asynchronous query is pending for queryName: NodeName with cancel Handle CancelHandle.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

GetAddrInfoExW asynchronous query is pending for queryName: NodeName with cancel Handle CancelHandle.

Message #

GetAddrInfoExW asynchronous query is pending for queryName: %1 with cancel Handle %2

Fields #

Name	Description
`NodeName` UnicodeString	—
`CancelHandle` UInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1003,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033473+00:00",
    "event_record_id": 195,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "us-v20.events.endpoint.security.microsoft.com",
    "CancelHandle": 0
  },
  "message": ""
}

Event ID 1004 — GetAddrInfoExW is completed for queryName NodeName with status Status and result Result.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

GetAddrInfoExW is completed for queryName NodeName with status Status and result Result.

Message #

GetAddrInfoExW is completed for queryName %1 with status %2 and result %3

Fields #

Name	Description
`NodeName` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`Result` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1004,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.072980+00:00",
    "event_record_id": 206,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "us-v20.events.endpoint.security.microsoft.com",
    "Status": 0,
    "Result": "20.42.65.85;"
  },
  "message": ""
}

Event ID 1005 — GetAddrInfoExCancel is called for query CancelHandle and seq Location.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Task: WinsockGai

Description

GetAddrInfoExCancel is called for query CancelHandle and seq Location.

Message #

GetAddrInfoExCancel is called for  query %1 and seq %2

Fields #

Name	Description
`CancelHandle` UInt64	—
`Location` UInt32	—

Event ID 1006 — NSPLookupServiceBegin is called for provider ProviderGUID, queryName QueryName, serviceGUID ServiceGUID, interface index InterfaceIndex and control flags ControlFlags.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceBegin is called for provider ProviderGUID, queryName QueryName, serviceGUID ServiceGUID, interface index InterfaceIndex and control flags ControlFlags.

Message #

NSPLookupServiceBegin is called for provider %1, queryName %2, serviceGUID %3, interface index %4 and control flags %5

Fields #

Name	Description
`ProviderGUID` GUID	—
`QueryName` UnicodeString	—
`ServiceGUID` GUID	—
`InterfaceIndex` UInt32	—
`ControlFlags` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1006,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033445+00:00",
    "event_record_id": 189,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "ServiceGUID": "0002A803-0000-0000-C000-000000000046",
    "InterfaceIndex": 0,
    "ControlFlags": 3146000
  },
  "message": ""
}

Event ID 1007 — NSPLookupServiceBegin is completed for provider ProviderGUID, queryName QueryName serviceGUID ServiceGUID, interface index InterfaceIndex, control flags ControlFlags and lookup handle LookupHandle ...

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceBegin is completed for provider ProviderGUID, queryName QueryName serviceGUID ServiceGUID, interface index InterfaceIndex, control flags ControlFlags and lookup handle LookupHandle with status Status.

Message #

NSPLookupServiceBegin is completed for provider %1, queryName %2 serviceGUID %3, interface index %4, control flags %5 and lookup handle %6 with status %7

Fields #

Name	Description
`ProviderGUID` GUID	—
`QueryName` UnicodeString	—
`ServiceGUID` GUID	—
`InterfaceIndex` UInt32	—
`ControlFlags` UInt32	—
`LookupHandle` UInt64	—
`Status` UInt32	— NTSTATUS reference

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1007,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033450+00:00",
    "event_record_id": 190,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "ServiceGUID": "0002A803-0000-0000-C000-000000000046",
    "InterfaceIndex": 0,
    "ControlFlags": 3146000,
    "LookupHandle": 1894238103792,
    "Status": 0
  },
  "message": ""
}

Event ID 1008 — NSPLookupServiceNext is called for provider ProviderGUID, control Flags ControlFlags and lookup handle LookupHandle.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceNext is called for provider ProviderGUID, control Flags ControlFlags and lookup handle LookupHandle.

Message #

NSPLookupServiceNext is called for provider %1, control Flags %2 and lookup handle %3

Fields #

Name	Description
`ProviderGUID` GUID	—
`ControlFlags` UInt32	—
`LookupHandle` UInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1008,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033491+00:00",
    "event_record_id": 196,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "ControlFlags": 0,
    "LookupHandle": 1894238104368
  },
  "message": ""
}

Event ID 1009 — NSPLookupServiceNext is completed for provider ProviderGUID, control Flags ControlFlags and lookup Handle LookupHandle with status Status and result Result.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceNext is completed for provider ProviderGUID, control Flags ControlFlags and lookup Handle LookupHandle with status Status and result Result.

Message #

NSPLookupServiceNext is completed for provider %1, control Flags %2 and lookup Handle %3 with status %4 and result %5

Fields #

Name	Description
`ProviderGUID` GUID	—
`ControlFlags` UInt32	—
`LookupHandle` UInt64	—
`Status` UInt32	— NTSTATUS reference
`Result` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1009,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033541+00:00",
    "event_record_id": 198,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 7344
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "ControlFlags": 0,
    "LookupHandle": 1894238103792,
    "Status": 11001,
    "Result": ""
  },
  "message": ""
}

Event ID 1010 — NSPLookupServiceEnd is called for provider ProviderGUID and lookup handle LookupHandle.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceEnd is called for provider ProviderGUID and lookup handle LookupHandle.

Message #

NSPLookupServiceEnd is called for provider %1 and lookup handle %2

Fields #

Name	Description
`ProviderGUID` GUID	—
`LookupHandle` UInt64	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1010,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033551+00:00",
    "event_record_id": 199,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 7344
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "LookupHandle": 1894238103792
  },
  "message": ""
}

Event ID 1011 — NSPLookupServiceEnd completed for provider ProviderGUID and lookup handle LookupHandle with status Status.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

NSPLookupServiceEnd completed for provider ProviderGUID and lookup handle LookupHandle with status Status.

Message #

NSPLookupServiceEnd completed for provider %1 and lookup handle %2 with status %3

Fields #

Name	Description
`ProviderGUID` GUID	—
`LookupHandle` UInt64	—
`Status` UInt32	— NTSTATUS reference

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1011,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033553+00:00",
    "event_record_id": 200,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 7344
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "ProviderGUID": "22059D40-7E9E-11CF-AE5A-00AA00A7112B",
    "LookupHandle": 1894238103792,
    "Status": 0
  },
  "message": ""
}

Event ID 1012 — GetAddrInfoExW info.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Message #

GetAddrInfoExW info.  queryName %1, serviceName %2, nameSpace %4, nameSpace GUID %5, flags %6, family %7, socketType %8, protocol %9, interface index %10, timeOut %11, asyncWithCallBack %12, asyncWithOverlapped %13, error %14 and seq %3

Fields #

Name	Description
`NodeName` UnicodeString	—
`ServiceName` UnicodeString	—
`Location` UInt32	—
`NameSpace` UInt32	—
`NameSpaceGuid` GUID	—
`Flags` UInt32	—
`Family` UInt32	—
`SocketType` UInt32	—
`protocol` UInt32	—
`InterfaceIndex` UInt32	—
`TimeOutInSec` UInt32	—
`AsyncWithCallback` UInt32	—
`AsyncWithOverlapped` UInt32	—
`Error` Int32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1012,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033417+00:00",
    "event_record_id": 187,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NodeName": "us-v20.events.endpoint.security.microsoft.com",
    "ServiceName": "NULL",
    "Location": 307,
    "NameSpace": 12,
    "NameSpaceGuid": "00000000-0000-0000-0000-000000000000",
    "Flags": 131074,
    "Family": 0,
    "SocketType": 1,
    "protocol": 6,
    "InterfaceIndex": 0,
    "TimeOutInSec": 0,
    "AsyncWithCallback": 0,
    "AsyncWithOverlapped": 1,
    "Error": 0
  },
  "message": ""
}

Event ID 1013 — Wsa Startup.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

Wsa Startup. seq: Location.

Message #

Wsa Startup. seq: %1.

Fields #

Name	Description
`Location` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1013,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:38.230772+00:00",
    "event_record_id": 1,
    "correlation": {
      "ActivityID": "DF92C490-B30B-0005-A2C8-92DF0BB3DC01"
    },
    "execution": {
      "process_id": 6952,
      "thread_id": 6108
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "Location": 101
  },
  "message": ""
}

Event ID 1014 — Wsa Cleanup.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Level: Informational
Task: WinsockGai

Description

Wsa Cleanup. seq: Location. Refcount: RefCount.

Message #

Wsa Cleanup. seq: %1.  Refcount: %2.

Fields #

Name	Description
`Location` UInt32	—
`RefCount` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Winsock-NameResolution",
    "guid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56",
    "event_source_name": "",
    "event_id": 1014,
    "version": 0,
    "level": 4,
    "task": 1000,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:38.230787+00:00",
    "event_record_id": 2,
    "correlation": {
      "ActivityID": "DF92C490-B30B-0005-A2C8-92DF0BB3DC01"
    },
    "execution": {
      "process_id": 6952,
      "thread_id": 6108
    },
    "channel": "Microsoft-Windows-Winsock-NameResolution/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "Location": 201,
    "RefCount": 2
  },
  "message": ""
}

Event ID 1015 — NSJOB info.

Provider: Microsoft-Windows-Winsock-NameResolution
Channel: Operational
Task: WinsockGai

Description

NSJOB info. seq Location. Refcount: RefCount.

Message #

NSJOB info.  seq %1.  Refcount: %2.

Fields #

Name	Description
`Location` UInt32	—
`RefCount` UInt32	—