Elastic Windows Event Explorer


Publisher - Microsoft-Windows-UserDataAccess-Poom

Event ID 6002

Message:

Snapshot generation started for: {%{P1_UInt32}.%{P2_UInt32}.%{P3_UInt32}}

Event Data:

# Name In Type
Out Type
1 P1_UInt32 win:UInt32 win:HexInt32
2 P2_UInt32 win:UInt32 win:HexInt32
3 P3_UInt32 win:UInt32 win:HexInt32

Observed Windows Versions:

Version: 0

Fingerprint: O2Y7NIBKIMYJQ