Update impact_high_freq_file_renames_by_kernel.toml (#3707)

rules/windows/impact_high_freq_file_renames_by_kernel.toml

@@ -2,7 +2,7 @@
 creation_date = "2024/05/03"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/05/23"
 
 [rule]
 author = ["Elastic"]
@@ -10,7 +10,7 @@ description = """
 This rule identifies a high number (20) of file creation event by the System virtual process from the same host and with
 same file name containing keywords similar to ransomware note files and all within a short time period.
 """
-from = "now-1m"
+from = "now-9m"
 index = ["logs-endpoint.events.file-*"]
 language = "kuery"
 license = "Elastic License v2"