Update execution_downloaded_url_file.toml (#4794)

rules/windows/execution_downloaded_url_file.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/09/02"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/01/15"
+updated_date = "2025/06/11"
 
 [rule]
 author = ["Elastic"]
@@ -31,7 +31,7 @@ type = "eql"
 
 query = '''
 file where host.os.type == "windows" and event.type == "creation" and file.extension == "url"
-   and file.Ext.windows.zone_identifier > 1 and not process.name : "explorer.exe"
+   and file.Ext.windows.zone_identifier == 3 
 '''
 note = """## Triage and analysis