System Language Discovery via Reg.Exe (c43a5405-e8e1-4221-9ac9-dbe3fa14e886)

Detects the usage of Reg.Exe to query system language settings. Attackers may discover the system language to determine the geographic location of victims, customize payloads for specific regions, or avoid targeting certain locales to evade detection.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	System Language Discovery via Reg.Exe (c43a5405-e8e1-4221-9ac9-dbe3fa14e886)	Sigma-Rules	1
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2