This is the Central Intelligence Agency (CIA) Applied Engineering Department (AED) WMI Process Watcher tradecraft, re-created from the Vault7 description. It observes events for newly created processes using WMI as an alternative stealthy way to enumerate running processes.

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.