Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-File

Event ID 12 v1

Message:



Event Data:

# Name In Type
Out Type
1 Irp win:Pointer win:HexInt64
2 FileObject win:Pointer win:HexInt64
3 IssuingThreadId win:UInt32 xs:unsignedInt
4 CreateOptions win:UInt32 win:HexInt32
5 CreateAttributes win:UInt32 win:HexInt32
6 ShareAccess win:UInt32 win:HexInt32
7 FileName win:UnicodeString xs:string

Observed Windows Versions:

Version: 1

Fingerprint: QGE2QTPNA27NI