Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Remotefs-Rdbss

Event ID 30001

Message:

Irp request: Irp %{Irp} RxContext %{RxContext} Fcb %{Fcb} Fobx %{Fobx} FileObject %{FileObject} FileName %{FileName} MajorFunction %{MajorFunction}

Event Data:

# Name In Type
Out Type
1 Irp win:Pointer win:HexInt64
2 RxContext win:Pointer win:HexInt64
3 Fcb win:Pointer win:HexInt64
4 Fobx win:Pointer win:HexInt64
5 FileObject win:Pointer win:HexInt64
6 FileNameLength win:UInt16 xs:unsignedShort
7 FileName win:UnicodeString xs:string
8 MajorFunction win:UInt16 xs:unsignedShort

Observed Windows Versions:

Version: 0

Fingerprint: E2SDY4W6RGQIC