Update apt sofacy.txt

Campaigns/apt sofacy.txt

@@ -1,7 +1,7 @@
 // Original Sigma Rule: https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_sofacy.yml
 // Questions via Twitter: @janvonkirchheim
-ProcessCreationEvents
-| where EventTime > ago(7d)
+DeviceProcessEvents
+| where Timestamp > ago(7d)
 | where ProcessCommandLine matches regex @'rundll32\.exe %APPDATA%.*\.dat",'
      or ProcessCommandLine matches regex @'rundll32\.exe %APPDATA%.*\.dll",#1'
-| top 100 by EventTime desc
+| top 100 by Timestamp desc