Microsoft-Windows-Winsock-WS2HELP
5 events across 1 channel
Event ID 1 — LSP %1 was installed in the %2-bit catalog by %3 (GUID=%4, Category ID=%5).
Message
Fields
| Name | Description |
|---|---|
LSPName | — |
Catalog | — |
Installer | — |
GUID | — |
Category | — |
Example Event
system:
provider: Microsoft-Windows-Winsock-WS2HELP
guid: D5C25F9A-4D47-493E-9184-40DD397A004D
event_source_name: ''
event_id: 1
version: 0
level: 0
task: 0
opcode: 0
keywords: 9223372036854775808
time_created: '2019-08-23T12:37:38.521158+00:00'
event_record_id: 2
correlation: {}
execution:
process_id: 5284
thread_id: 8096
channel: Microsoft-Windows-Winsock-WS2HELP/Operational
computer: MSEDGEWIN10
security:
user_id: S-1-5-18
event_data:
LSPName: PROXYCAP LSP
Catalog: 32
Installer: C:\Windows\syswow64\MsiExec.exe
GUID: 7E35F09E-CF45-CF00-3594-397712626D0F
Category: 1021
message: ''
References
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx
Event ID 2 — LSP %1 was removed from the %2-bit catalog by %3 (GUID=%4, Category ID=%5).
Message
Fields
| Name | Description |
|---|---|
LSPName | — |
Catalog | — |
Installer | — |
GUID | — |
Category | — |
Event ID 3 — LSP %1 was disabled in the %2-bit catalog by %3 (GUID=%4, Category ID=%5).
Message
Fields
| Name | Description |
|---|---|
LSPName | — |
Catalog | — |
Installer | — |
GUID | — |
Category | — |
Event ID 4 — The %1-bit catalog was reset by the administrator.
Message
Fields
| Name | Description |
|---|---|
Catalog | — |
Event ID 5 — LSP %1 was bypassed as due to legacy technology bypass policy (GUID=%2).
Message
Fields
| Name | Description |
|---|---|
BinaryName | — |
GUID | — |