Thursday, November 1, 2018

2018-11-01 Revcode Rat buildentconstructions.com





https://pastebin.com/raw/5nWnkG3q

http://buildentconstructions.com/Stubs/test.txt

@FewAtoms found
@James_inthe_box says #revcode #rat

https://twitter.com/FewAtoms/status/1058064385585889282

interesting memory capture strings

 Line 179: 0x243f18 (86): C:\ProgramData\Revcode-0D897561\svchost.exe
 Line 224: 0x40216c (130): *\AC:\Users\ADMIN\data\revcode\win\vb\v2\noinstaller\Project1.vbp
 Line 463: 0x40d018 (30): revcodestamp592
 Line 2444: 0x65a47b (12): *.revcode.se
 Line 3923: 0x69ab3c (92): C:\Users\Win7\AppData\Roaming\RevCode-10C1.exe

 Line 2438: 0x65a1e4 (72): https://mostrugged.wm01.to/recv3.php
 Line 3834: 0x68d820 (232): POST /recv3.php HTTP/1.1

 Line 531: 0x40e490 (44): send_audiostream_start
 Line 551: 0x40e9fc (46): send_keylog_stream_data
 Line 569: 0x40f088 (46): send_screenstream_start
 Line 572: 0x40f1dc (46): send_webcamstream_start
 Line 575: 0x40f2f8 (38): send_files_download
 Line 577: 0x40f3e8 (32): send_app_cmd_rem
 Line 578: 0x40f410 (32): send_app_cmd_ter
 Line 579: 0x40f438 (32): send_app_cmd_upd
 Line 581: 0x40f47c (32): send_app_sys_cmd
 Line 585: 0x40f560 (42): send_app_interval_set
 Line 587: 0x40f5b8 (44): send_app_max_file_size
 Line 589: 0x40f618 (48): send_app_max_packet_size
 Line 591: 0x40f66c (30): send_keylog_get
 Line 593: 0x40f6ac (30): send_keylog_del
 Line 595: 0x40f6fc (48): send_keylog_stream_start
 Line 597: 0x40f760 (46): send_keylog_stream_stop
 Line 599: 0x40f7b4 (36): send_audio_drivers
 Line 601: 0x40f804 (26): send_audiocap
 Line 605: 0x40f890 (42): send_audiostream_stop
 Line 607: 0x40f8e4 (40): send_screen_monitors
 Line 609: 0x40f938 (28): send_screencap
 Line 611: 0x40f97c (20): send_thumb
 Line 615: 0x40fa0c (44): send_screenstream_stop
 Line 617: 0x40fa64 (38): send_webcam_drivers
 Line 619: 0x40fab4 (28): send_webcamcap
 Line 622: 0x40fb30 (44): send_webcamstream_stop
 Line 624: 0x40fb84 (34): send_hardware_get
 Line 626: 0x40fbe0 (36): send_hardware_prop
 Line 628: 0x40fc28 (32): send_devices_get
 Line 630: 0x40fc70 (34): send_device_state
 Line 631: 0x40fcac (24): send_prc_get
 Line 633: 0x40fce8 (32): send_prc_suspend
 Line 635: 0x40fd2c (30): send_prc_resume
 Line 637: 0x40fd70 (36): send_prc_terminate
 Line 639: 0x40fdc8 (34): send_prc_priority
 Line 641: 0x40fe0c (30): send_drives_get
 Line 642: 0x40fe48 (28): send_files_get
 Line 643: 0x40fe84 (30): send_files_move
 Line 644: 0x40fec0 (30): send_files_copy
 Line 646: 0x40ff00 (34): send_files_delete
 Line 649: 0x40ff88 (34): send_files_upload
 Line 650: 0x40ffc8 (28): send_file_exec
 Line 652: 0x41000c (26): send_reg_keys
 Line 654: 0x410050 (30): send_reg_values
 Line 656: 0x410090 (32): send_reg_key_add
 Line 658: 0x4100dc (38): send_reg_key_delete
 Line 660: 0x410134 (36): send_reg_value_add
 Line 662: 0x410188 (42): send_reg_value_delete
 Line 664: 0x4101e0 (42): send_reg_value_rename
 Line 666: 0x410234 (38): send_reg_value_edit
 Line 667: 0x410274 (24): send_wnd_get
 Line 668: 0x4102a8 (24): send_wnd_cmd
 Line 669: 0x4102fc (28): send_wnd_patch
 Line 671: 0x410340 (34): send_services_get
 Line 673: 0x41038c (38): send_services_pause
 Line 675: 0x4103dc (40): send_services_resume
 Line 677: 0x410430 (38): send_services_start
 Line 679: 0x41047c (36): send_services_stop
 Line 682: 0x4104f8 (46): send_services_uninstall
 Line 684: 0x410554 (42): send_applications_get
 Line 686: 0x4105c8 (54): send_applications_uninstall
 Line 690: 0x4106f0 (32): send_shell_start
 Line 692: 0x410734 (30): send_shell_stop
 Line 694: 0x410774 (30): send_shell_exec
 Line 695: 0x4107bc (26): send_pdg_exec
 Line 698: 0x410854 (56): send_pdg_screen_stream_start
 Line 700: 0x4108c8 (54): send_pdg_screen_stream_stop
 Line 702: 0x410930 (48): send_pdg_rev_proxy_start
 Line 704: 0x410994 (46): send_pdg_rev_proxy_stop
 Line 706: 0x4109f8 (48): send_drive_sectors_write
 Line 707: 0x410a30 (52): send_drive_operations_info
 Line 709: 0x410ab0 (46): send_drive_offsets_read
 Line 711: 0x410b10 (48): send_drive_offsets_write
 Line 713: 0x410b74 (46): send_drive_sectors_read
 Line 716: 0x410c04 (40): send_connections_get
 Line 718: 0x410c5c (44): send_connections_close
 Line 719: 0x410ca8 (26): send_sys_info
 Line 721: 0x410cec (24): send_net_int
 Line 723: 0x410d2c (36): send_clipboard_get
 Line 725: 0x410d78 (36): send_clipboard_set
 Line 727: 0x410dd0 (40): send_clipboard_clear

5 comments:

  1. This is a testimony that I will tell everyone to hear. i have been married four 4 years and on the fifth year of my marriage, another woman had a spell to take my lover away from me and my husband left me and the kids and we have suffered for 2 years until i meant a post where this man Dr, kuta have helped someone and i decided to give him a try to help me bring my love Husband home and believe me i just send my picture to him and that of my husband and after 48 hours as he have told me, i saw a car drove into the house and behold it was my husband and he have come to me and the kids and that is why i am happy to make every one of you in similar to met with this man and have your lover back to your self His email: drkutaherbalcenter@gmail.com you can also contact him or whatspp him on this +2347054547814 thank so much

    ReplyDelete
  2. All thanks to the great Priest Dr bow for helping me restore back my marriage when i taught all hope was lost.,this Priest helped me, and my relationship is now perfect. Contact for any spiritual work  (@Drbowsolutionhome1) Your partner will definitely love you email him Drbowsolutionhome@gmail.com or whatapp him +2348121786772

    ReplyDelete
  3. How I Got My Ex Husband Back..Am so excited to share my testimony of a real spell caster who brought my husband back to me. My husband and I have been married for about 6 years now. We were happily married with two kids, a boy and a girl. 3 months ago, I started to notice some strange behavior from him and a few weeks later I found out that my husband is seeing someone else. He started coming home late from work, he hardly care about me or the kids anymore, Sometimes he goes out and doesn't even come back home for about 2-3 days. I did all I could to rectify this problem but all to no avail. I became very worried and needed help. As I was browsing through the internet one day, I came across a website that suggested that Dr Aluya can help solve marital problems, restore broken relationships and so on. So, I felt I should give him a try. I contacted him and and told him my problems and he told me what to do and i did it and he did a spell for me. 48 hours later, my husband came to me and apologized for the wrongs he did and promise never to do it again. Ever since then, everything has returned back to normal. I and my family are living together happily again.. All thanks to Dr Aluya Powerful Love Spell that really works. If you have any problem contact him and i guarantee you that he will help you. He will not disappoint you. Email him at: aluya.48hoursspelltemple@gmail.com. or whatsapp him on: +2348110493039 

    ReplyDelete
  4. SPELLS THAT WORKS I am sharing this testimony to partners suffering in their relationships LOVE because there is an enduring solution.
    My husband left me and our 2 kids for another woman for 3 years. I tried to be strong just for my kids but I could not control the pains that torment my heart. I was hurt and confused. I needed a help, so i did a research on the internet and came across a site where I saw that Dr. Aluya a spell caster, can help get lovers back. I contacted him and he did a special prayer and spells for me. To my surprises, after some days, my husband came back home. That was how we reunited again and there was a lot of love, joy and peace in the family.
    You can as well contact Dr.  Aluya  , a powerful spell-caster for solutions on his contact aluya.48hoursspelltemple@gmail.com or directly on Whats App: +2348110493039

    ReplyDelete
  5. RELIABLE BUSINESS/HOME/COMPANY/PROJECT/PERSONAL LOAN? AFFORDABLE LOAN IS HERE FOR YOU TODAY Email profdorothyinvestments@gmail.com

    We are financial consultants providing reliable loans to individuals and funding for business, home and projects start up. Are you tired of seeking loans or are you in any financial mess. Do you have a low credit score, and you will find it difficult to get loans from banks and other financial institutions? then worry no more for we are the solution to your financial misfortune. we offer all types of loan ranging from $5,000.00 to $2,000,000.00USD with a low interest rate of 2% and loan duration of 1 to 33 years to pay back the loan secure and unsecured. Are you losing sleep at nights worrying how to get a Legit Loan Lender? Contact us via Email: profdorothyinvestments@gmail.com

    Do you have a bad credit? Do you need money to pay bills? Do you need loan to buy, refinance or renovate your home? Is it necessary to start a new business? Do you have an unfinished project due to poor funding? Do you need money to invest in any specialty that will benefit you? MRS. DOROTHY LOAN INVESTMENTS aims is to provide excellent professional financial services which include the followings

    * Personal loans * Business loans
    * Home loans * Farm Loans
    * Education loans * Debt consolidation loans
    * Truck Loans * Car Loans
    * Hotels Loans * Refinancing Loans
    * Venture capital and many more.

    We are certified, reliable, financially powerful, fast and dynamic, with no credit check and offers a 100% guarantee loans and finances

    Best Regards
    Prof. Dorothy Pilkenton Jean
    profdorothyinvestments@gmail.com

    ReplyDelete