fix: FP with wrongly matching folders

rules/windows/image_load/image_load_susp_dll_load_system_process.yml

@@ -6,7 +6,7 @@ author: Nasreddine Bencherchali
 references:
     - https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC (Idea)
 date: 2022/07/17
-modified: 2022/08/02
+modified: 2022/08/10
 logsource:
     product: windows
     category: image_load
@@ -20,7 +20,9 @@ detection:
             - '\Downloads\'
             - '\AppData\Local\Temp\'
             - 'C:\PerfLogs\'
-    condition: selection
+    filter:
+        ImageLoaded|contains: '\Program Files'
+    condition: selection and not filter
 falsepositives:
     - Unknown
 level: high