Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im nod32krn.exe /f
- '%WINDIR%\syswow64\taskkill.exe' /im nod32kui.exe /f
- '%WINDIR%\syswow64\taskkill.exe' /im ekrn.exe /f
- '%WINDIR%\syswow64\taskkill.exe' /im egui.exe /f
- %WINDIR%\syswow64\lengfen.log
- <Full path to file>
- ClassName: '' WindowName: ''
- ClassName: 'CicLoaderWndClass' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- '%WINDIR%\syswow64\sc.exe' delete nod32krn' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /im nod32krn.exe /f' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /im nod32kui.exe /f' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete ekrn' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /im ekrn.exe /f' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /im egui.exe /f' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' ' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete nod32krn
- '%WINDIR%\syswow64\sc.exe' delete ekrn
- '%WINDIR%\syswow64\explorer.exe'