Technical Information
- '<SYSTEM32>\net.exe' stop WindowsFirewallCore
- %WINDIR%\Lsdir\lsnm.exe
- %TEMP%\nsa2.tmp\nsExec.dll
- %TEMP%\nsa2.tmp\ns3.tmp
- %TEMP%\nsa2.tmp\ns4.tmp
- %TEMP%\nsa2.tmp\ns3.tmp
- '%TEMP%\nsa2.tmp\ns3.tmp' <SYSTEM32>\cmd.exe /C net stop WindowsFirewallCore
- '%TEMP%\nsa2.tmp\ns4.tmp' <SYSTEM32>\cmd.exe /C Sc delete WindowsFirewallCore
- '<SYSTEM32>\cmd.exe' /C net stop WindowsFirewallCore
- '<SYSTEM32>\net1.exe' stop WindowsFirewallCore
- '<SYSTEM32>\cmd.exe' /C Sc delete WindowsFirewallCore
- '<SYSTEM32>\sc.exe' delete WindowsFirewallCore