Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to file>' = '<Full path to file>:*:Enabled:ldrsoft'
- '17#.9.29.22':80
- '%WINDIR%\syswow64\cmd.exe' /c <Full path to file>00.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <Full path to file>00.bat