https://pastebin.com/raw/5nWnkG3q
http://buildentconstructions.com/Stubs/test.txt @FewAtoms found @James_inthe_box says #revcode #rat https://twitter.com/FewAtoms/status/1058064385585889282 interesting memory capture strings Line 179: 0x243f18 (86): C:\ProgramData\Revcode-0D897561\svchost.exe Line 224: 0x40216c (130): *\AC:\Users\ADMIN\data\revcode\win\vb\v2\noinstaller\Project1.vbp Line 463: 0x40d018 (30): revcodestamp592 Line 2444: 0x65a47b (12): *.revcode.se Line 3923: 0x69ab3c (92): C:\Users\Win7\AppData\Roaming\RevCode-10C1.exe Line 2438: 0x65a1e4 (72): https://mostrugged.wm01.to/recv3.php Line 3834: 0x68d820 (232): POST /recv3.php HTTP/1.1 Line 531: 0x40e490 (44): send_audiostream_start Line 551: 0x40e9fc (46): send_keylog_stream_data Line 569: 0x40f088 (46): send_screenstream_start Line 572: 0x40f1dc (46): send_webcamstream_start Line 575: 0x40f2f8 (38): send_files_download Line 577: 0x40f3e8 (32): send_app_cmd_rem Line 578: 0x40f410 (32): send_app_cmd_ter Line 579: 0x40f438 (32): send_app_cmd_upd Line 581: 0x40f47c (32): send_app_sys_cmd Line 585: 0x40f560 (42): send_app_interval_set Line 587: 0x40f5b8 (44): send_app_max_file_size Line 589: 0x40f618 (48): send_app_max_packet_size Line 591: 0x40f66c (30): send_keylog_get Line 593: 0x40f6ac (30): send_keylog_del Line 595: 0x40f6fc (48): send_keylog_stream_start Line 597: 0x40f760 (46): send_keylog_stream_stop Line 599: 0x40f7b4 (36): send_audio_drivers Line 601: 0x40f804 (26): send_audiocap Line 605: 0x40f890 (42): send_audiostream_stop Line 607: 0x40f8e4 (40): send_screen_monitors Line 609: 0x40f938 (28): send_screencap Line 611: 0x40f97c (20): send_thumb Line 615: 0x40fa0c (44): send_screenstream_stop Line 617: 0x40fa64 (38): send_webcam_drivers Line 619: 0x40fab4 (28): send_webcamcap Line 622: 0x40fb30 (44): send_webcamstream_stop Line 624: 0x40fb84 (34): send_hardware_get Line 626: 0x40fbe0 (36): send_hardware_prop Line 628: 0x40fc28 (32): send_devices_get Line 630: 0x40fc70 (34): send_device_state Line 631: 0x40fcac (24): send_prc_get Line 633: 0x40fce8 (32): send_prc_suspend Line 635: 0x40fd2c (30): send_prc_resume Line 637: 0x40fd70 (36): send_prc_terminate Line 639: 0x40fdc8 (34): send_prc_priority Line 641: 0x40fe0c (30): send_drives_get Line 642: 0x40fe48 (28): send_files_get Line 643: 0x40fe84 (30): send_files_move Line 644: 0x40fec0 (30): send_files_copy Line 646: 0x40ff00 (34): send_files_delete Line 649: 0x40ff88 (34): send_files_upload Line 650: 0x40ffc8 (28): send_file_exec Line 652: 0x41000c (26): send_reg_keys Line 654: 0x410050 (30): send_reg_values Line 656: 0x410090 (32): send_reg_key_add Line 658: 0x4100dc (38): send_reg_key_delete Line 660: 0x410134 (36): send_reg_value_add Line 662: 0x410188 (42): send_reg_value_delete Line 664: 0x4101e0 (42): send_reg_value_rename Line 666: 0x410234 (38): send_reg_value_edit Line 667: 0x410274 (24): send_wnd_get Line 668: 0x4102a8 (24): send_wnd_cmd Line 669: 0x4102fc (28): send_wnd_patch Line 671: 0x410340 (34): send_services_get Line 673: 0x41038c (38): send_services_pause Line 675: 0x4103dc (40): send_services_resume Line 677: 0x410430 (38): send_services_start Line 679: 0x41047c (36): send_services_stop Line 682: 0x4104f8 (46): send_services_uninstall Line 684: 0x410554 (42): send_applications_get Line 686: 0x4105c8 (54): send_applications_uninstall Line 690: 0x4106f0 (32): send_shell_start Line 692: 0x410734 (30): send_shell_stop Line 694: 0x410774 (30): send_shell_exec Line 695: 0x4107bc (26): send_pdg_exec Line 698: 0x410854 (56): send_pdg_screen_stream_start Line 700: 0x4108c8 (54): send_pdg_screen_stream_stop Line 702: 0x410930 (48): send_pdg_rev_proxy_start Line 704: 0x410994 (46): send_pdg_rev_proxy_stop Line 706: 0x4109f8 (48): send_drive_sectors_write Line 707: 0x410a30 (52): send_drive_operations_info Line 709: 0x410ab0 (46): send_drive_offsets_read Line 711: 0x410b10 (48): send_drive_offsets_write Line 713: 0x410b74 (46): send_drive_sectors_read Line 716: 0x410c04 (40): send_connections_get Line 718: 0x410c5c (44): send_connections_close Line 719: 0x410ca8 (26): send_sys_info Line 721: 0x410cec (24): send_net_int Line 723: 0x410d2c (36): send_clipboard_get Line 725: 0x410d78 (36): send_clipboard_set Line 727: 0x410dd0 (40): send_clipboard_clear
