Microsoft-Windows-Crypto-RNG

10 events across 1 channel

Event ID	Title	Channel
1	An entropy source was registered.	Analytic
2	Entropy source %1 (%2) was unregistered.	Analytic
3	Entropy source %1 provided %2 bytes with %3 millibits of entropy Data %5.	Analytic
4	Callback to source %1 returned status %2, taking time %3.	Analytic
16	Boot entropy result: Source %1 Policy %2 Code %3 Status %4 Time %5 BytesProvided …	Analytic
32	Pool reseed: Count %1 Type %2 Data %4.	Analytic
33	Pool add: Pool %1 Data %3.	Analytic
48	Prng (re)seed: Addr %1 Data %3.	Analytic
49	Prng output: Addr %1 Bytes %2 Data %4.	Analytic
50	New process created.	Analytic

Event ID 1 — An entropy source was registered.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

An entropy source was registered.
	Source	%1
	Name	%2
	Type	%3

Fields

Name	Description
`SourceNumber`	—
`SourceName`	—
`SourceType`	—

Event ID 2 — Entropy source %1 (%2) was unregistered.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Entropy source %1 (%2) was unregistered.

Fields

Name	Description
`SourceNumber`	—
`SourceName`	—

Event ID 3 — Entropy source %1 provided %2 bytes with %3 millibits of entropy Data %5.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Entropy source %1 provided %2 bytes with %3 millibits of entropy
Data	%5

Fields

Name	Description
`SourceNumber`	—
`BytesProvided`	—
`EntropyEstimate`	—
`nData`	—
`Data`	—
`Counter`	—

Event ID 4 — Callback to source %1 returned status %2, taking time %3.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Callback to source %1 returned status %2, taking time %3

Fields

Name	Description
`SourceNumber`	—
`ResultStatus`	—
`TimeTaken`	—

Event ID 16 — Boot entropy result: Source %1 Policy %2 Code %3 Status %4 Time %5 BytesProvided %6 Bytes %8.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Boot entropy result:
	Source	%1
	Policy	%2
	Code	%3
	Status	%4
	Time	%5
	BytesProvided	%6
	Bytes	%8

Fields

Name	Description
`Source`	—
`Policy`	—
`ResultCode`	—
`ResultStatus`	—
`Time`	—
`BytesProvided`	—
`nData`	—
`Data`	—

Event ID 32 — Pool reseed: Count %1 Type %2 Data %4.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Pool reseed:
	Count	%1
	Type	%2
	Data	%4

Fields

Name	Description
`PoolReseedCount`	—
`ReseedType`	—
`nData`	—
`Data`	—
`Counter`	—

Event ID 33 — Pool add: Pool %1 Data %3.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Pool add:
	Pool	%1
	Data	%3

Fields

Name	Description
`PoolNo`	—
`nData`	—
`Data`	—
`Counter`	—

Event ID 48 — Prng (re)seed: Addr %1 Data %3.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Prng (re)seed:
Addr	%1
Data	%3

Fields

Name	Description
`PrngAddress`	—
`nData`	—
`Data`	—
`UserMode`	—
`Counter`	—

Event ID 49 — Prng output: Addr %1 Bytes %2 Data %4.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

Prng output:
	Addr	%1
	Bytes	%2
	Data	%4

Fields

Name	Description
`PrngAddress`	—
`BytesProduced`	—
`nData`	—
`Data`	—
`UserMode`	—
`Counter`	—

Event ID 50 — New process created.

Provider: Microsoft-Windows-Crypto-RNG
Channel: Analytic

Message

New process created. Old Prng states under this proces ID are no longer valid

Fields

Name	Description
`UserMode`	—