Update proc_creation_win_lolbin_customshellhost.yml

rules/windows/process_creation/proc_creation_win_lolbin_customshellhost.yml

@@ -14,13 +14,9 @@ logsource:
     product: windows
 detection:
     selection:
-        - Image|endswith: '\CustomShellHost.exe'
-        - OriginalFileName: 'CustomShellHost.exe'
+        ParentImage|endswith: '\CustomShellHost.exe'
     filter:
-        - Image: 
-            - 'C:\Windows\explorer.exe'
-            - 'C:\Windows\System32\explorer.exe'
-        - CurrentDirectory|startswith: C:\Windows\System32\
+        Image: 'C:\Windows\explorer.exe'
     condition: selection and not filter
 falsepositives:
     - Unknown