Office Application Startup - Office Test (3d27f6dd-1c74-4687-b4fa-ca849d128d1c)

Detects the addition of office test registry that allows a user to specify an arbitrary DLL that will be executed every time an Office application is started

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - Office Test (3d27f6dd-1c74-4687-b4fa-ca849d128d1c)	Sigma-Rules	1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2