There most probably is a UAC redirection of file names happening. Both at write and read.
Root directories are typical candidates for redirection, the same as system directories, unless they are meant for writing to them (like public appdata or userprofile library directories).
I can write to C:\ within Windows Explorer as I am an administrative user on my workstation. Still URLDownloadToFile does not do that for me, too. I find the saveip.txt within C:\Users\myaccount\AppData\Local\VirtualStore, which is the root folder of redirected files. Why? Because I start VFP9.exe without elevation to my administrative privileges, it runs with normal access, because of not requiring adminstrative elevation in the VFP9.exe embedded manifest. So UAC works here. If it would have a manifest requiring admin level, a prompt would appear asking for my to confirm the start (as in a setup) and for normal users this prompt would even be a prompt for a login as an adminstrative user instead of just the confirm button.
Another proof: I started VFP9.exe via right click on the start menu tile and "Run as administrator". Now running the code, the file is generated at C:\, UAC is not redirecting this, as I gave the VFP9.exe process the privileges of my account and started it elevated.
The time your accounts privileges were "inherited" by every process you start are over since Vista. Running XP as adminstrative user (not only as THE Administrator account) you ran every single process you started with administrative rights, so you gave every single process the right to do anything on your system. That got restricted via UAC as safety against anything becoming active with high priviliges hidden, without your notice. Hackers might laugh at this safety by now and still have several unpublished and unfixed backdoors to any system, but don't underestimate the protection level of UAC, this surely saves you from harm.
I see it that way: Windows got more and more stable, and that's not only de to the fact anti virus protection got better and better. MS also avoids several things otherwise undermining the system stability. In Windows a root folder has not the same meaning as in a Unix system, where the file system itself only has one root / and everything is mounted not as drive letter but at some level of the whole directory tree. This is where rootkits as tools for administrative access in a system have their name from as getting the most privileged root level to a system.
UAC is about 10 years old now, and this is the first time you actually saw a file redirection? Then it's working quite silent, isn't it? You don't get an error about writing to a folder you're not permitted, your write and your reads are redirected. That's also enabling legacy software to have data within application folders in C:\Program Files\ though only setups should write there during installation.
Finally: You should in no way now think you should delete the whole VirtualStore folders because it only contains file generated in an attempt to get hands on your system or such. Even MS software has some things redirected there and it's not bad in itself. It also means the files are per user, as the VirtualStore is in the user profile. This means even software intended for multiple users on the same system can have a per user configuration or database, which also can be a pain.
As developer you should know where to store what and then won't even be affected by this.
Bye, Olaf.