A custom loader initiated the vulnerable driver, located targeted endpoint detection services then issued kernel-level commands to kill them. After this, a PowerShell script escalated privileges, shut ...