Update rules/windows/process_creation/proc_creation_win_iis_service_account_password_dumped.yml

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>

rules/windows/process_creation/proc_creation_win_iis_service_account_password_dumped.yml

@@ -19,9 +19,7 @@ detection:
         - Image|endswith: '\appcmd.exe'
         - OriginalFilename: 'appcmd.exe'
     selection_list:
-        CommandLine|contains:
-            - ' /list '
-            - ' list '
+        CommandLine|contains: 'list '
     selection_cmd1:
         CommandLine|contains|all:
             - ' /text'