Microsoft-Windows-Crypto-RSAEnh

15 events across 1 channel

Event ID	Title	Channel
1	Operation failed.	Analytic
2	ProcessName Process: Process Provider type: Provider_type MachineKeyset: …	Analytic
3	DesiredAccess Process: Process User Storage Area: Container_Name Container Name: …	Analytic
4	ProcessName Process: Process User Storage Area: User_Storage_Area New file name: …	Analytic
5	ProcessName Process: Process User Storage Area: User_Storage_Area File name: …	Analytic
6	ProcessName Process: Process File Path: File_Path Desired Access: Desired_Access …	Analytic
7	ProcessName Process: Process File Path: File_Path MachineKeyset: MachineKeyset …	Analytic
8	ProcessName Process: Process File Path: File_Path Provider Type: Provider_Type …	Analytic
9	ProcessName Process: Process File Path: File_Path Error code: Error_code.	Analytic
10	ProcessName Process: Process Provider Type: Provider_Type Container Name: …	Analytic
11	ProcessName Process: Process Provider Type: Provider_Type Container Name: …	Analytic
12	ProcessName Process: Process Provider Type: Provider_Type Container Name: …	Analytic
13	Attempting to read key container info.	Analytic
14	Attempting to write key container info.	Analytic
15	Attempting to delete key container info.	Analytic

Event ID 1 — Operation failed.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: OperationFailed

Description

Operation failed.

Message #

Operation failed.

 Operation Type: %1
 Process: %2
 Error code: %3

Fields #

Name	Description
`Operation_Type` UInt32	— Known values `%%1904` New registry value created `%%1905` Existing registry value modified `%%1906` Registry value deleted `%%14674` Value Added `%%14675` Value Deleted `%%14680` Value Added With Expiration Time `%%14681` Value Deleted With Expiration Time `%%14688` Value Auto Deleted With Expiration Time
`Process` UnicodeString	—
`Error_code` HexInt32	—
`OperationType` UInt32	— Known values `%%1904` New registry value created `%%1905` Existing registry value modified `%%1906` Registry value deleted `%%14674` Value Added `%%14675` Value Deleted `%%14680` Value Added With Expiration Time `%%14681` Value Deleted With Expiration Time `%%14688` Value Auto Deleted With Expiration Time
`ProcessName` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Event ID 2 — ProcessName Process: Process Provider type: Provider_type MachineKeyset: MachineKeyset AppContainer: AppContainer Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: GetUserStorageAreaFailed

Message #

%6

 Process: %1
 Provider type: %2
 MachineKeyset: %3
 AppContainer: %4
 Error code: %5

Fields #

Name	Description
`Process`	—
`Provider_type`	—
`MachineKeyset` UInt32	—
`AppContainer` Boolean	—
`Error_code`	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 3 — DesiredAccess Process: Process User Storage Area: Container_Name Container Name: MachineKeyset MachineKeyset: Error_code Error code: ProcessName.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: OpenFileInStorageArea

Message #

%7

 Process: %1
 User Storage Area: %3
 Container Name: %4
 MachineKeyset: %5
 Error code: %6

Fields #

Name	Description
`Process`	—
`User_Storage_Area`	—
`Container_Name`	—
`MachineKeyset` Boolean	—
`Error_code`	—
`ProcessName` UnicodeString	—
`DesiredAccess` UInt32	— Process access rights reference
`UserStorageArea` UnicodeString	—
`FileName` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 4 — ProcessName Process: Process User Storage Area: User_Storage_Area New file name: New_file_name Error code: Error_code%.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: DeleteFileInStorageArea

Message #

%5

 Process: %1
 User Storage Area: %2
 New file name: %3
 Error code: %4%

Fields #

Name	Description
`Process`	—
`User_Storage_Area`	—
`New_file_name`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`UserStoragePath` UnicodeString	—
`FileName` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 5 — ProcessName Process: Process User Storage Area: User_Storage_Area File name: File_name AppContainer: AppContainer Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: DeleteKeyContainer

Message #

%6

 Process: %1
 User Storage Area: %2
 File name: %3
 AppContainer: %4
 Error code: %5

Fields #

Name	Description
`Process`	—
`User_Storage_Area`	—
`File_name`	—
`AppContainer` Boolean	—
`Error_code`	—
`ProcessName` UnicodeString	—
`UserStoragePath` UnicodeString	—
`FileName` AnsiString	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 6 — ProcessName Process: Process File Path: File_Path Desired Access: Desired_Access Share Mode: Share_Mode Creation Disposition: Creation_Disposition Attributes: Attributes.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: MyCreateFile

Message #

%7

 Process: %1
 File Path: %2
 Desired Access: %3
 Share Mode: %4
 Creation Disposition: %5
 Attributes: %6

Fields #

Name	Description
`Process`	—
`File_Path`	—
`Desired_Access`	— Process access rights reference
`Share_Mode`	—
`Creation_Disposition`	—
`Attributes` UInt32	—
`ProcessName` UnicodeString	—
`MachineKeyset` Boolean	—
`FilePath` UnicodeString	—
`DesiredAccess` UInt32	— Process access rights reference
`ShareMode` UInt32	—
`CreationDisposition` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 7 — ProcessName Process: Process File Path: File_Path MachineKeyset: MachineKeyset SecurityInformation: SecurityInformation AppContainer: AppContainer Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: SetSecurityOnContainer

Message #

%7

 Process: %1
 File Path: %2
 MachineKeyset: %3
 SecurityInformation: %4
 AppContainer: %5
 Error code: %6

Fields #

Name	Description
`Process`	—
`File_Path`	—
`MachineKeyset` Boolean	—
`SecurityInformation` UInt32	—
`AppContainer` Boolean	—
`Error_code`	—
`ProcessName` UnicodeString	—
`FileName` UnicodeString	—
`ProviderType` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 8 — ProcessName Process: Process File Path: File_Path Provider Type: Provider_Type MachineKeyset: MachineKeyset Security Info: Security_Info AppContainer: AppContainer Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: CreateFileW

Message #

%8

 Process: %1
 File Path: %2
 Provider Type: %3
 MachineKeyset: %4
 Security Info: %5
 AppContainer: %6
 Error code: %7

Fields #

Name	Description
`Process`	—
`File_Path`	—
`Provider_Type`	—
`MachineKeyset`	—
`Security_Info`	—
`AppContainer`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`FilePath` UnicodeString	—
`DesiredAccess` UInt32	— Process access rights reference
`ShareMode` UInt32	—
`CreationDisposition` UInt32	—
`Attributes` UInt32	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 9 — ProcessName Process: Process File Path: File_Path Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: DeleteFileW

Message #

%4

 Process: %1
 File Path: %2
 Error code: %3

Fields #

Name	Description
`Process`	—
`File_Path`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`FilePath` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 10 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: ReadContainerInfo

Message #

%6

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4
 Error code: %5

Fields #

Name	Description
`Process`	—
`Provider_Type`	—
`Container_Name`	—
`Machine_Keyset`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` AnsiString	—
`MachineKeyset` Boolean	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 11 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: WriteContainerInfo

Message #

%6

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4
 Error code: %5

Fields #

Name	Description
`Process`	—
`Provider_Type`	—
`Container_Name`	—
`Machine_Keyset`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` UnicodeString	—
`MachineKeyset` Boolean	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 12 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: DeleteContainerInfo

Message #

%6

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4
 Error code: %5

Fields #

Name	Description
`Process`	—
`Provider_Type`	—
`Container_Name`	—
`Machine_Keyset`	—
`Error_code`	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` AnsiString	—
`MachineKeyset` Boolean	—
`AppContainer` Boolean	—
`Status` UInt32	— NTSTATUS reference
`ErrorDescription` UnicodeString	—

Event ID 13 — Attempting to read key container info.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: ReadContainerInfo

Description

Attempting to read key container info.

Message #

Attempting to read key container info.

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4

Fields #

Name	Description
`Process` UnicodeString	—
`Provider_Type` UInt32	—
`Container_Name` AnsiString	—
`Machine_Keyset` Boolean	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` AnsiString	—
`MachineKeyset` Boolean	—

Event ID 14 — Attempting to write key container info.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: WriteContainerInfo

Description

Attempting to write key container info.

Message #

Attempting to write key container info.

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4

Fields #

Name	Description
`Process` UnicodeString	—
`Provider_Type` UInt32	—
`Container_Name` UnicodeString	—
`Machine_Keyset` Boolean	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` UnicodeString	—
`MachineKeyset` Boolean	—

Event ID 15 — Attempting to delete key container info.

Provider: Microsoft-Windows-Crypto-RSAEnh
Channel: Analytic
Task: DeleteContainerInfo

Description

Attempting to delete key container info.

Message #

Attempting to delete key container info.

 Process: %1
 Provider Type: %2
 Container Name: %3
 Machine Keyset: %4

Fields #

Name	Description
`Process`	—
`Provider_Type`	—
`Container_Name`	—
`Machine_Keyset`	—
`ProcessName` UnicodeString	—
`ProviderType` UInt32	—
`ContainerName` AnsiString	—
`MachineKeyset` Boolean	—
`AppContainer` Boolean	—

Microsoft-Windows-Crypto-RSAEnh

Event ID 1 — Operation failed.

Description

Message #

Fields #

Related Events #

Event ID 2 — ProcessName Process: Process Provider type: Provider_type MachineKeyset: MachineKeyset AppContainer: AppContainer Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 3 — DesiredAccess Process: Process User Storage Area: Container_Name Container Name: MachineKeyset MachineKeyset: Error_code Error code: ProcessName.

Message #

Fields #

Related Events #

Event ID 4 — ProcessName Process: Process User Storage Area: User_Storage_Area New file name: New_file_name Error code: Error_code%.

Message #

Fields #

Related Events #

Event ID 5 — ProcessName Process: Process User Storage Area: User_Storage_Area File name: File_name AppContainer: AppContainer Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 6 — ProcessName Process: Process File Path: File_Path Desired Access: Desired_Access Share Mode: Share_Mode Creation Disposition: Creation_Disposition Attributes: Attributes.

Message #

Fields #

Related Events #

Event ID 7 — ProcessName Process: Process File Path: File_Path MachineKeyset: MachineKeyset SecurityInformation: SecurityInformation AppContainer: AppContainer Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 8 — ProcessName Process: Process File Path: File_Path Provider Type: Provider_Type MachineKeyset: MachineKeyset Security Info: Security_Info AppContainer: AppContainer Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 9 — ProcessName Process: Process File Path: File_Path Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 10 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 11 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 12 — ProcessName Process: Process Provider Type: Provider_Type Container Name: Container_Name Machine Keyset: Machine_Keyset Error code: Error_code.

Message #

Fields #

Related Events #

Event ID 13 — Attempting to read key container info.

Description

Message #

Fields #

Related Events #

Event ID 14 — Attempting to write key container info.

Description

Message #

Fields #

Related Events #

Event ID 15 — Attempting to delete key container info.

Description

Message #

Fields #

Related Events #