Patch FileCreate include - Capture .xsl instead of .xls

[jsypower]

There is a typo on line 519, instead of monitoring for .xsl file creations, the configuration is monitoring for .xls. There is a duplicate entry on line 537 to capture .xls file creations.

Original line: <TargetFilename condition="end with">.xls</TargetFilename><!--Microsoft [ https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75 ] -->

Updated line: <TargetFilename condition="end with">.xsl</TargetFilename><!--Microsoft [ https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75 ] -->