Update win_pc_susp_run_folder.yml

rules/windows/process_creation/win_pc_susp_run_folder.yml

@@ -1,7 +1,7 @@
-title: Start From a Suspicious Folder
+title: Process Start From Suspicious Folder
 id: dca91cfd-d7ab-4c66-8da7-ee57d487b35b
 status: experimental
-description: Start from Desktop or temp folder
+description: Detects process start from rare or uncommon folders like temporary folder or folders that usually don't contain executable files
 references:
     - Malware sandbox results
 author: frack113
@@ -14,6 +14,7 @@ detection:
         Image|contains:
             - '\Desktop\'
             - '\Temp\'
+            - '\Temporary Internet'
     condition: image
 falsepositives:
     - unknown