Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Storage-Tiering-IoHeat

Event ID 4

Message:

DELETE - Volume: %{VolumeIdHash} File: %{FileIDLower}%{FileIDUpper}

Event Data:

# Name In Type
Out Type
1 FileIDLower win:UInt64 xs:unsignedLong
2 FileIDUpper win:UInt64 xs:unsignedLong
3 Offset win:UInt64 xs:unsignedLong
4 Length win:UInt32 xs:unsignedInt
5 VolumeIdHash win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: 3CY3GLQJRLH5E