Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Remotefs-Rdbss

Event ID 30004

Message:

FastIo completion: FileObject %{FileObject} FileName %{FileName} MajorFunction %{MajorFunction} Status %{Status}

Event Data:

# Name In Type
Out Type
1 FileObject win:Pointer win:HexInt64
2 FileNameLength win:UInt16 xs:unsignedShort
3 FileName win:UnicodeString xs:string
4 MajorFunction win:UInt16 xs:unsignedShort
5 Status win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: VFC3SDJYJALGE