Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-StoreMgr

Event ID 3 v3

Message:



Event Data:

# Name In Type
Out Type
1 StoreKey win:Pointer win:HexInt64
2 StoreFileKey win:Pointer win:HexInt64
3 UserDataMgr win:Pointer win:HexInt64
4 MetadataMgr win:Pointer win:HexInt64
5 RegionSize win:UInt32 xs:unsignedInt
6 RegionCount win:UInt32 xs:unsignedInt
7 BlockSize win:UInt32 xs:unsignedInt
8 SectorSize win:UInt32 xs:unsignedInt
9 EncryptionStrength win:UInt32 xs:unsignedInt
10 StoreType win:UInt16 xs:unsignedShort
11 StoreId win:UInt16 xs:unsignedShort
12 BlocksStored win:UInt32 xs:unsignedInt
13 RegionsInUse win:UInt32 xs:unsignedInt
14 TotalSpaceUsed win:UInt32 xs:unsignedInt
15 Flags win:UInt32 win:HexInt32
16 MetaRegionCount win:UInt32 xs:unsignedInt
17 MetaRegionsInUse win:UInt32 xs:unsignedInt
18 MetaRegionsSpaceUsed win:UInt32 xs:unsignedInt
19 StoreTime win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 3

Fingerprint: 2S4V2IR22BZZQ