Skip to content

Hide Navigation Hide TOC

Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b)

Opening a Registry Key, typically to read the associated value (ex: Windows EID 4656)

Cluster A Galaxy A Cluster B Galaxy B Level
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Windows Registry Key Access (ed0dd8aa-1677-4551-bb7d-8da767617e1b) mitre-data-component 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2