Vulnerable signed kernel driver abused by TrueSightKiller tool to gain kernel access and terminate security product processes. Dropped to disk by attacker and loaded via a Windows service.