[Tuning] Component Object Model Hijacking (#5651)

* Update persistence_suspicious_com_hijack_registry.toml

* Update persistence_suspicious_com_hijack_registry.toml

rules/windows/persistence_suspicious_com_hijack_registry.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/11/18"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/05"
+updated_date = "2026/01/29"
 
 [rule]
 author = ["Elastic"]
@@ -98,7 +98,8 @@ registry where host.os.type == "windows" and event.type == "change" and
         "HKEY_USERS\\*\\LocalServer32\\",
         "HKEY_USERS\\*\\DelegateExecute",
         "HKEY_USERS\\*\\TreatAs\\",
-        "HKEY_USERS\\*\\ScriptletURL*"
+        "HKEY_USERS\\*\\ScriptletURL*", 
+        "HKEY_USERS\\*\\TypeLib*\\Win*"
       ) and
       not registry.data.strings : (
             /* COM related to Windows Spotlight feature */