Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ZcsKernelService] 'Start' = '00000002'
- NtOpenProcess, handler: zcsKernelService.sys
- NtQuerySystemInformation, handler: zcsKernelService.sys
- NtTerminateProcess, handler: zcsKernelService.sys
- NtCreateProcessEx, handler: zcsKernelService.sys
- NtCreateThread, handler: zcsKernelService.sys
- NtMapViewOfSection, handler: zcsKernelService.sys
- <DRIVERS>\zcsKernelService.sys