From 3f9edf19a93d9f789157eddb40f700d7c7236dc6 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Fri, 27 Nov 2020 12:15:12 -0300
Subject: [PATCH] Update win_control_panel_item.yml

---
 rules/windows/process_creation/win_control_panel_item.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_control_panel_item.yml b/rules/windows/process_creation/win_control_panel_item.yml
index 8045adc4..86f4b748 100644
--- a/rules/windows/process_creation/win_control_panel_item.yml
+++ b/rules/windows/process_creation/win_control_panel_item.yml
@@ -27,8 +27,9 @@ detection:
             - '\System32\'
             - '%System%'
     selection2:
-        CommandLine|contains:
-            - 'reg add'
+        CommandLine|contains|all:
+            - 'reg'
+            - 'add'
     selection3:
         CommandLine|contains:
             - 'CurrentVersion\\Control Panel\\CPLs'