update syntax to re-run the test once more...

rules/windows/process_creation/win_regedit_export_keys.yml

@@ -16,8 +16,7 @@ logsource:
 detection:
     selection:
         Image|endswith: '\regedit.exe'
-        CommandLine|contains:
-            - ' /E '
+        CommandLine|contains: ' /E '
         filter_1: # filters to avoid intersection with critical keys rule
             CommandLine|contains:
                 - 'hklm'