Stanzilla/Windows event filter

## Windows event filter
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[(Level=0) and (EventID=4688)]] and (*[EventData[Data[@Name='NewProcessName'] and (Data='C:\WoW\WoW-64.exe')]])</Select>
  </Query>
</QueryList>
	<QueryList>
	<Query Id="0" Path="Security">
	<Select Path="Security">[System[(Level=0) and (EventID=4688)]] and ([EventData[Data[@Name='NewProcessName'] and (Data='C:\WoW\WoW-64.exe')]])</Select>
	</Query>
	</QueryList>