This analytic rule detects the execution of the `chcp.exe` command, which is commonly used to change the active code page of the command prompt in Windows environments. The detection focuses on events captured by Endpoint Detection and Response (EDR) solutions, particularly monitoring for process creation events in which `chcp.exe` is executed by the `cmd.exe` parent process. By analyzing the command line arguments passed to `chcp.exe`, this rule identifies potential malicious activity associated with malware strains like IcedID, which can leverage this command to ascertain system locale settings. This behavior may indicate an attempt to scope the system environment for further attacks and data exfiltration, making early detection critical.