3rd paragraph:

Setting up the bot
Step by step installation:
1) From your existing package build, run the file 'local\cp.exe', a builder
configuration file and the bot
2) Open the 'Builder'. Click 'Browse' and specify where the configuration file
name MDM 'local\config.txt'.
3) Click 'Edit config', as a result should launch a text editor. Migrate file
like so:

First:
The original configuration file is a text file encoded in Windows, and only
needed to create the final configuration file (which is a binary file to
download bot) and the bot. In your bag build a sample configuration file must be
located in the 'local' and be named config.txt. Open the file you can use any
text editor like 'Notepad' (Notepad).

The file consists of entries, one entry in a row. Record also consists of
parameters, first parameter typically defines the name of the record (but it's
not always the case, for example, in cases when there is a listing of any data,
no name). Options are separated by spaces, if the parameter occurs in the space,
or tab, this option must be enclosed in double quotes ("), is also usually
applied to the name. The number of parameters is not restricted, as if the
record has a name, it is read-insensitive
Examples:
username Kot Matroskin
record name - username, option 1 - Kot, option 2 - Matroskin.

username "James" Bond "
record name - username, option 1 - James, option 2 - Bond.

username "Volodia Putin"
record name - username, option 1 - Volodia Putin.

"Url" "http://sex.com/" index.php
record name - url, option 1 - http://sex.com/, option 2 - index.php

There are also special names of records that can share a configuration file as
you like subsections, which may contain within itself any number of subkeys, and
entries. They are called sections and consist of a name entry, and the parameter
defining the section name (case is also ignored in this parameter), the end of
the same section shall be indicated end. Further documentation nesting records
concerning subsections will will mark a - ". Ie write the name username belongs
section userdata, will be designated as userdata-> username, etc.

Examples:
entry "userdata"
fname "petia"
lname "lolkin"
end

entry compdata
name "pcvasya"
entry devices - the contents of the section, example, when the records do not
have a name, here is just an enumeration of devices.
cdrom
"Hdd"
fdd
end
end

There is also the ability to insert comments, the comment must be on a separate
line and begin with ";". If it turns out that the first parameter in the record
also begins with ";", then this parameter must be enclosed in quotation marks.

Examples:
; Hello.I think that I'm hero!
; How are you /-it does not record
"; I love you" - but that's recording.

Second:
Configuration file entries
The file consists of two sections StaticConfig and DynamicConfig.

StaticConfig, the value of this section are written directly to file a bot, that
is, in the exe, and define the basic behavior of a bot on the victim's computer.
Depending on your build, some details may not have value for you, all of the
relevant parameters spelled out in the example, attached to the package
assembly.
botnet [string] - Specifies the name of a botnet, which belongs to the boat.
string - the name of a botnet, up to 4 characters, or 0 - to default values.

Recommended value: botnet 0

timer_config [number1] [number2] - determines the intervals over which should
get updatings configuration file.
number1 - Specifies time in minutes after which you should update the
configuration file, if successful boot last time.
number2 - Specifies time in minutes after which you should update the
configuration file, in case of an error when booting the previous time.

Recommended value: timer_config 60 5

timer_logs [number1] [number1] - determines the intervals through which to send
the accumulated logs on the server.
number1 - Specifies the time in minutes after which the logs should be sent in
cases successfully sent last time.
number2 - Specifies the time in minutes through which to ship logs, in case of
an error when sending the previous time.

Recommended value: timer_logs February 2

timer_stats [number1] [number2] - determines the intervals over which the
statistics should be sent to the server. (Which includes inastally, the finding
in the online, open ports, services, socks, screenshots, etc.)
number1 - Specifies the time in minutes after which the statistics should be
sent in cases successfully sent last time.
number2 - Specifies the time in minutes after which the statistics should be
sent in case of an error when sending previous file again.

Recommended value: timer_logs October 20

url_config [url] - URL of which is the main configuration file, this parametor
is the most important, if the infection kompyuetra victim of a URL will not be
available this configuration, the infection does not make sense.

url_compip [url] [number] - specifies the site where you can check your IP, is
used to determine NAT.
url - specifies the URL of the site
number - determines kolichetsvo bytes, which is enough to download from the site
to see in the downloaded its IP.

blacklist_languages ​​[number1] [number2 ]...[ chisloX] - defines a list of
language codes, Windows, for which the bot will always be in spyashem rehearse,
ie it will not send logs and statistics, but will refer to the configuration
file.
chisloX - language code, such as RU - 1049, EN - 1033.

DynamicConfig, the value of this section are written into the final
configuration file.
Depending on your build, some details may not have value for you, all of the
relevant parameters spelled out in the example, attached to the package
assembly.
url_loader [url] - specifies the URL, by which you can download the updated bot.
This option is relevant only if you run a botnet, a new version of the bot and
prescribed configuration of it under the same URL, as the old configuration, in
this case, older versions of the bot will start to upgrade by downloading a
file, specified in this record.

url_server [url] - specifies the URL, which will be sent to statistics, files,
logs, etc. with the victim's computer.

file_webinjects - specifies the local file, which is a list of Web izhektov.
Description of the format of this file can be found here

Subdivision AdvancedConfigs - lists the URL, which you can download a backup
configuration file in case of no availability of the master file. Encouraged to
complete this sub-section 1-3 URL, that will save the botnet from death in the
case of unavailability of the main configuration file, resulting in easy
transfer it to another server. Mandatory availability of files on that URL is
not required, then the main thing to be able to put the files on that URL. Files
should be there just to stir after the discovery of the main configuration file
is not available, but if you ever want to have the files on this URL, you should
upgrade them all in sync with the main configuration file. Backup files do not
do not differ from the ground, and created the same way.

Example:
entry "AdvancedConfigs"
"Http://url1/cdffd.ccc"
"Http://url2/cdf34.dc"
end

Subdivision WebFilters - has two purposes:
enumerates a list of masks URL, which must be written to or removed from the
log, regardless of the type of request (GET, POST). If the first character mask
is '', then the coincidence of the URL with this mask, an entry in the log will
be produced (eg mask! "*" To prohibit entry of URL, except those listed before
it).
Sets the mask URL, at the beginning of treatment to which will be created
screenshots of pressing the left mouse button (useful for bypassing the virtual
keyboard). This mask URL should begin with '@' character.
Note: the URL listed in this section ignores the value StaticConfig.ignore_http

Example:
entry "WebFilters"
, The log will be written all the URL matches this mask.
"Http://www.google.com/ *"
, The log will not write all the URL matches this mask.
"! Http:// * yahoo.com / *"
; After the opening of this page will be created in the screenshots click the
left mouse button.
"@ Http://www.rambler.ru/"
end

Subdivision WebFakes - lists the transparent URL-redirects (fake sites), a
detailed description of this section is here

Subdivision TanGrabber - define rules for the TAN-grabber, a detailed
description of this section is here

Subdivision DnsMap - a list of DNS changes to be made in the file %system32%\
drivers\etc\hosts.
Recording format: [IP] [domain].
IP - the new IP domain.
domain - the domain name for which changes IP. If the domain name starts with
character '', then this domain will have Dahlen from the file, of course if he
is found there. The parameter is ignored and the IP can be anything.

Example:
entry "dnsmap"
127.0.0.1 microsoft.com
192.168.0.1 google.com
0.0.0.0! Yahoo.com
end
Third:)
Then save the file.

Oprava: Zeus je parada