consider the example data available in tests/repos/win7/overwritten-instance. it simulates an actor that creates a malicious WMI class and uses it to store data. the ...

analysis now lets imagine that we have haven't seen the script, and are unaware as to what it does. all we have is the possibly-infected wmi repository, and a suspicion that something bad happened in ...