This detection rule monitors for suspicious queries made to retrieve the MachineGUID from the Windows Registry using the 'reg.exe' command-line utility. The rule focuses on process creation events where the command line indicates an attempt to access 'SOFTWARE\Microsoft\Cryptography' specifically for the 'MachineGuid' value, which is a unique identifier for the machine. This action is considered suspicious as it may indicate reconnaissance activity by an attacker seeking to gather information about the target system. The rule classifies its detection method based on the process image name and specific command line arguments, providing a layered approach to identify potential misuse of system commands. The rule is categorized under the ATT&CK technique for Discovery (T1082), emphasizing its relevance in threat detection for Windows environments.