refactor: removed OriginalFileName from rule to improve compatibilty

rules/windows/process_creation/win_susp_whoami.yml

@@ -17,9 +17,7 @@ logsource:
 detection:
     selection:
         Image|endswith: '\whoami.exe'
-    selection2:
-        OriginalFileName: 'whoami.exe'
-    condition: selection or selection2
+    condition: selection
 falsepositives:
     - Admin activity
     - Scripts and administrative tools used in the monitored environment