Enhanced to improve specificity

Enhanced to improve specificity per feedback received;

rules/windows/process_creation/win_bad_opsec_sacrificial_processes.yml

@@ -16,9 +16,9 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine:
-            - '*\WerFault.exe'
-            - '*\rundll32.exe'
+        CommandLine|endswith:
+            - '\WerFault.exe'
+            - '\rundll32.exe'
     condition: selection
 falsepositives:
     - Unlikely