Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logondll] 'Startup' = 'EventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logondll] 'DllName' = 'fly1644.dll'
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\feiplug.dll
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\dllcache\fly1644.dll
- <SYSTEM32>\flymain1644.dll
- <SYSTEM32>\dllcache\flymain1644.dll
- <SYSTEM32>\feimain.dll
- <SYSTEM32>\feiplug.dll
- <SYSTEM32>\fly1644.dll