Elastic Windows Event Explorer


Publisher - Microsoft-Windows-UAC-FileVirtualization

Event ID 4001

Message:

Virtual file "%{FileNameBuffer}" renamed to "%{TargetFileNameBuffer}"

Event Data:

# Name In Type
Out Type
1 Flags win:UInt32 win:HexInt32
2 SidLength win:UInt32 xs:unsignedInt
3 Sid win:SID xs:string
4 FileNameLength win:UInt16 xs:unsignedShort
5 FileNameBuffer win:UnicodeString xs:string
6 ProcessImageNameLength win:UInt16 xs:unsignedShort
7 ProcessImageNameBuffer win:UnicodeString xs:string
8 TargetFileNameLength win:UInt16 xs:unsignedShort
9 TargetFileNameBuffer win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: DEQIK5TAP74ZS