What is SwampThing and how do you use it to bypass command line auditing?

SwampThing is an open-source C# tool from the Sharp-Suite project that demonstrates bypassing command line process auditing. It takes three parameters: the target executable (`-l`), the fake command line (`-f`), and the real command line (`-r`). For example, `SwampThing.exe -l C:\Windows\System32\notepad.exe -f C:\aaa.txt -r C:\bbb.txt` launches notepad with `bbb.txt` but logs `aaa.txt` in Event ID 4688. The tool only works for processes that don't auto-exit, such as notepad.exe.