API tools faq
paste
Advertisement
Neonprimetime

2018-11-01 #Revcode #Rat buildentconstructions.com

Neonprimetime
Nov 1st, 2018
223
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
raw download clone embed print report
  1. http://buildentconstructions.com/Stubs/test.txt
  2.  
  3. @FewAtoms found
  4. @James_inthe_box says #revcode #rat
  5.  
  6. https://twitter.com/FewAtoms/status/1058064385585889282
  7.  
  8. interesting memory capture strings
  9.  
  10. Line 179: 0x243f18 (86): C:\ProgramData\Revcode-0D897561\svchost.exe
  11. Line 224: 0x40216c (130): *\AC:\Users\ADMIN\data\revcode\win\vb\v2\noinstaller\Project1.vbp
  12. Line 463: 0x40d018 (30): revcodestamp592
  13. Line 2444: 0x65a47b (12): *.revcode.se
  14. Line 3923: 0x69ab3c (92): C:\Users\Win7\AppData\Roaming\RevCode-10C1.exe
  15.  
  16. Line 2438: 0x65a1e4 (72): https://mostrugged.wm01.to/recv3.php
  17. Line 3834: 0x68d820 (232): POST /recv3.php HTTP/1.1
  18.  
  19. Line 531: 0x40e490 (44): send_audiostream_start
  20. Line 551: 0x40e9fc (46): send_keylog_stream_data
  21. Line 569: 0x40f088 (46): send_screenstream_start
  22. Line 572: 0x40f1dc (46): send_webcamstream_start
  23. Line 575: 0x40f2f8 (38): send_files_download
  24. Line 577: 0x40f3e8 (32): send_app_cmd_rem
  25. Line 578: 0x40f410 (32): send_app_cmd_ter
  26. Line 579: 0x40f438 (32): send_app_cmd_upd
  27. Line 581: 0x40f47c (32): send_app_sys_cmd
  28. Line 585: 0x40f560 (42): send_app_interval_set
  29. Line 587: 0x40f5b8 (44): send_app_max_file_size
  30. Line 589: 0x40f618 (48): send_app_max_packet_size
  31. Line 591: 0x40f66c (30): send_keylog_get
  32. Line 593: 0x40f6ac (30): send_keylog_del
  33. Line 595: 0x40f6fc (48): send_keylog_stream_start
  34. Line 597: 0x40f760 (46): send_keylog_stream_stop
  35. Line 599: 0x40f7b4 (36): send_audio_drivers
  36. Line 601: 0x40f804 (26): send_audiocap
  37. Line 605: 0x40f890 (42): send_audiostream_stop
  38. Line 607: 0x40f8e4 (40): send_screen_monitors
  39. Line 609: 0x40f938 (28): send_screencap
  40. Line 611: 0x40f97c (20): send_thumb
  41. Line 615: 0x40fa0c (44): send_screenstream_stop
  42. Line 617: 0x40fa64 (38): send_webcam_drivers
  43. Line 619: 0x40fab4 (28): send_webcamcap
  44. Line 622: 0x40fb30 (44): send_webcamstream_stop
  45. Line 624: 0x40fb84 (34): send_hardware_get
  46. Line 626: 0x40fbe0 (36): send_hardware_prop
  47. Line 628: 0x40fc28 (32): send_devices_get
  48. Line 630: 0x40fc70 (34): send_device_state
  49. Line 631: 0x40fcac (24): send_prc_get
  50. Line 633: 0x40fce8 (32): send_prc_suspend
  51. Line 635: 0x40fd2c (30): send_prc_resume
  52. Line 637: 0x40fd70 (36): send_prc_terminate
  53. Line 639: 0x40fdc8 (34): send_prc_priority
  54. Line 641: 0x40fe0c (30): send_drives_get
  55. Line 642: 0x40fe48 (28): send_files_get
  56. Line 643: 0x40fe84 (30): send_files_move
  57. Line 644: 0x40fec0 (30): send_files_copy
  58. Line 646: 0x40ff00 (34): send_files_delete
  59. Line 649: 0x40ff88 (34): send_files_upload
  60. Line 650: 0x40ffc8 (28): send_file_exec
  61. Line 652: 0x41000c (26): send_reg_keys
  62. Line 654: 0x410050 (30): send_reg_values
  63. Line 656: 0x410090 (32): send_reg_key_add
  64. Line 658: 0x4100dc (38): send_reg_key_delete
  65. Line 660: 0x410134 (36): send_reg_value_add
  66. Line 662: 0x410188 (42): send_reg_value_delete
  67. Line 664: 0x4101e0 (42): send_reg_value_rename
  68. Line 666: 0x410234 (38): send_reg_value_edit
  69. Line 667: 0x410274 (24): send_wnd_get
  70. Line 668: 0x4102a8 (24): send_wnd_cmd
  71. Line 669: 0x4102fc (28): send_wnd_patch
  72. Line 671: 0x410340 (34): send_services_get
  73. Line 673: 0x41038c (38): send_services_pause
  74. Line 675: 0x4103dc (40): send_services_resume
  75. Line 677: 0x410430 (38): send_services_start
  76. Line 679: 0x41047c (36): send_services_stop
  77. Line 682: 0x4104f8 (46): send_services_uninstall
  78. Line 684: 0x410554 (42): send_applications_get
  79. Line 686: 0x4105c8 (54): send_applications_uninstall
  80. Line 690: 0x4106f0 (32): send_shell_start
  81. Line 692: 0x410734 (30): send_shell_stop
  82. Line 694: 0x410774 (30): send_shell_exec
  83. Line 695: 0x4107bc (26): send_pdg_exec
  84. Line 698: 0x410854 (56): send_pdg_screen_stream_start
  85. Line 700: 0x4108c8 (54): send_pdg_screen_stream_stop
  86. Line 702: 0x410930 (48): send_pdg_rev_proxy_start
  87. Line 704: 0x410994 (46): send_pdg_rev_proxy_stop
  88. Line 706: 0x4109f8 (48): send_drive_sectors_write
  89. Line 707: 0x410a30 (52): send_drive_operations_info
  90. Line 709: 0x410ab0 (46): send_drive_offsets_read
  91. Line 711: 0x410b10 (48): send_drive_offsets_write
  92. Line 713: 0x410b74 (46): send_drive_sectors_read
  93. Line 716: 0x410c04 (40): send_connections_get
  94. Line 718: 0x410c5c (44): send_connections_close
  95. Line 719: 0x410ca8 (26): send_sys_info
  96. Line 721: 0x410cec (24): send_net_int
  97. Line 723: 0x410d2c (36): send_clipboard_get
  98. Line 725: 0x410d78 (36): send_clipboard_set
  99. Line 727: 0x410dd0 (40): send_clipboard_clear
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!