Dumping of Sensitive Hives Via Reg.EXE (fd877b94-9bb5-4191-bb25-d79cbd93c167)

Detects the usage of "reg.exe" in order to dump sensitive registry hives. This includes SAM, SYSTEM and SECURITY hives.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	Dumping of Sensitive Hives Via Reg.EXE (fd877b94-9bb5-4191-bb25-d79cbd93c167)	Sigma-Rules	1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Dumping of Sensitive Hives Via Reg.EXE (fd877b94-9bb5-4191-bb25-d79cbd93c167)	Sigma-Rules	1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Dumping of Sensitive Hives Via Reg.EXE (fd877b94-9bb5-4191-bb25-d79cbd93c167)	Sigma-Rules	1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2