System Language Discovery via Reg.Exe (c43a5405-e8e1-4221-9ac9-dbe3fa14e886)

Detects the usage of Reg.Exe to query system language settings. Attackers may discover the system language to determine the geographic location of victims, customize payloads for specific regions, or avoid targeting certain locales to evade detection.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Language Discovery via Reg.Exe (c43a5405-e8e1-4221-9ac9-dbe3fa14e886)	Sigma-Rules	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	1
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	2