Microsoft-Windows-Kernel-File

25 events across 1 channel

Event ID	Title	Channel
10		Analytic
11		Analytic
12		Analytic
13		Analytic
14		Analytic
15		Analytic
16		Analytic
17		Analytic
18		Analytic
19		Analytic
20		Analytic
21		Analytic
22		Analytic
23		Analytic
24		Analytic
25		Analytic
26		Analytic
27		Analytic
28		Analytic
29		Analytic
30		Analytic
31		Analytic
32		Analytic
33		Analytic
34		Analytic

Event ID 10 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`FileKey`	—
`FileName`	—

Event ID 11 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`FileKey`	—
`FileName`	—

Event ID 12 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`IssuingThreadId`	—
`CreateOptions`	—
`CreateAttributes`	—
`ShareAccess`	—
`FileName`	—

Event ID 13 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—

Event ID 14 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—

Event ID 15 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`ByteOffset`	—
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—
`IOSize`	—
`IOFlags`	—
`ExtraFlags`	—

Event ID 16 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`ByteOffset`	—
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—
`IOSize`	—
`IOFlags`	—
`ExtraFlags`	—

Event ID 17 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 18 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 19 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 20 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—
`Length`	—
`InfoClass`	—
`FileIndex`	—
`FileName`	—

Event ID 21 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—

Event ID 22 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 23 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 24 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`ExtraInformation`	—
`Status`	—

Event ID 25 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`IssuingThreadId`	—
`Length`	—
`InfoClass`	—
`FileIndex`	—
`FileName`	—

Event ID 26 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—
`FilePath`	—

Event ID 27 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—
`FilePath`	—

Event ID 28 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—
`FilePath`	—

Event ID 29 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 30 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`IssuingThreadId`	—
`CreateOptions`	—
`CreateAttributes`	—
`ShareAccess`	—
`FileName`	—

Event ID 31 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 32 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 33 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—

Event ID 34 —

Provider: Microsoft-Windows-Kernel-File
Channel: Analytic

Fields

Name	Description
`Irp`	—
`FileObject`	—
`FileKey`	—
`ExtraInformation`	—
`IssuingThreadId`	—
`InfoClass`	—