This detection rule identifies potential system information discovery activities on Windows systems, specifically through queries made to the Windows Registry. The rule captures malicious actors attempting to retrieve system configuration, installed software, and other sensitive system data using tools such as 'reg.exe' and PowerShell commands. The detection logic is based on command-line parameters indicative of such behavior, including specific keys known to hold system information. The conditions are set to trigger alerts when commands associated with these activities are executed, monitoring for any unauthorized access to critical Windows Registry paths. The rule is designed to minimize false positives, making it suitable for environments where system auditing is crucial. Links to resources and further details about the technique are provided for additional context and understanding of detected behaviors.