Update rules/windows/defense_evasion_process_termination_followed_by_deletion.toml

Author: Samirbous

rules/windows/defense_evasion_process_termination_followed_by_deletion.toml

@@ -114,7 +114,7 @@ sequence by host.id with maxspan=5s
               "C:\\Windows\\WinSxS\\*.exe",
               "?:\\Windows\\Postillion\\Office\\*.exe")
    ] by process.executable
-   [file where host.os.type == "windows" and event.type == "deletion" and file.extension in ("exe", "scr", "com") and
+   [file where host.os.type == "windows" and event.type == "deletion" and file.extension in~ ("exe", "scr", "com") and
     not process.executable like
              ("?:\\Program Files\\*.exe",
               "?:\\Program Files (x86)\\*.exe",