Technical Information
- '<SYSTEM32>\net.exe' stop MsMpSvc /y
- '<SYSTEM32>\taskkill.exe' /IM ekrn* /T /F
- '<SYSTEM32>\net.exe' stop ekrn /y
- ekrn.exe
- %TEMP%\1.tmp\2.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\sc.exe' config ekrn start= disabled
- '<SYSTEM32>\net1.exe' stop MsMpSvc /y
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Full path to file>"
- '<SYSTEM32>\net1.exe' stop ekrn /y