Merge PR #4553 from @qasimqlf - Add missing contains modifier

update: Office Application Startup - Office Test - Add missing `contains` modifier

rules/windows/registry/registry_event/registry_event_office_test_regadd.yml

@@ -6,7 +6,7 @@ references:
     - https://unit42.paloaltonetworks.com/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/
 author: omkar72
 date: 2020/10/25
-modified: 2023/09/28
+modified: 2023/11/08
 tags:
     - attack.persistence
     - attack.t1137.002
@@ -15,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection:
-        TargetObject: '\Software\Microsoft\Office test\Special\Perf'
+        TargetObject|contains: '\Software\Microsoft\Office test\Special\Perf'
     condition: selection
 falsepositives:
     - Unlikely