Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-File

Event ID 26 v1

Message:



Event Data:

# Name In Type
Out Type
1 Irp win:Pointer win:HexInt64
2 FileObject win:Pointer win:HexInt64
3 FileKey win:Pointer win:HexInt64
4 ExtraInformation win:Pointer win:HexInt64
5 IssuingThreadId win:UInt32 xs:unsignedInt
6 InfoClass win:UInt32 xs:unsignedInt
7 FilePath win:UnicodeString xs:string

Observed Windows Versions:

Version: 1

Fingerprint: T7Y2PCNUBYLES