Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\] 'Userinit' = '<SYSTEM32>\userinit.exe,%ProgramFiles(x86)%\desktop.ini.exe'
- iexplore.exe
- %ProgramFiles(x86)%\desktop.ini.exe
- %ProgramFiles(x86)%\desktop.ini.exe
- DNS ASK xp.##btt.com
- DNS ASK ni##.utbtt.com