Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\syshost.lnk
- %TEMP%\RarSFX0\activator.bat
- %TEMP%\RarSFX0\Builder.exe
- C:\ProgramData\system.bat
- C:\ProgramData\BlueBotnetBotBuilder.exe
- C:\ProgramData\GoogleUpdate.exe
- C:\ProgramData\libuv.dll
- C:\ProgramData\rawbot.exx
- C:\ProgramData\syshost.vbs
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\Builder.exe' -p1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\activator.bat" "