Technical Information
- [<HKLM>\Software\Classes\P3D coded file\shell\open\command] '' = '"<Full path to file>" "%1"'
- %TEMP%\romd32.tmp.exe
- %TEMP%\romd32.tmp.exe
- 'ti###a.nist.gov':37
- 'ti###b.nist.gov':37
- 'ti####.#imefreq.bldrdoc.gov':37
- 'ut#####.colorado.edu':37
- DNS ASK ti###a.nist.gov
- DNS ASK ti###b.nist.gov
- DNS ASK ti####.#imefreq.bldrdoc.gov
- DNS ASK ut#####.colorado.edu
- '%WINDIR%\syswow64\cmd.exe' /C %TEMP%\romD32.tmp.exe > %TEMP%\romD32.tmp' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C %TEMP%\romD32.tmp.exe > %TEMP%\romD32.tmp