Bitcoin Forum
March 28, 2024, 11:49:24 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Ad2Bitcoin.com #1 Crypto Banner Exchange > Post your Ad on +900 sites for Free  (Read 495 times)
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
January 31, 2019, 09:52:50 PM
Last edit: May 09, 2019, 09:46:32 AM by Bitcoin-Pro
 #1



Post your ads free
Earn from your site
Earn and advertise

What is Ad2Bitcoin ?
Ad2Bitcoin is Free Banner Exchange with profits, works for both Publishers and Advertisers.

Why to Join Ad2Bitcoin.com?

For Advertisers :
✅ Free 1000 banner credits daily!
✅ Banner advertising    (0.000002 btc CPM)
✅ Popunder advertising (0.000014 btc CPM)
✅ Live ad stats update
✅ Instant ad approval
✅ Easy panel for ads management
✅ 0.0005 btc minimum deposit, 0.00002 minimum order

For Publishers :
✅ Instant bitcoin reward based on CPM for both web owners and surfbar users.
✅ All websites are approved, No alexa rank required.
✅ Desktop surfbar for normal users, No website is required.
✅ No minimum withdraw paying instantly (faucethub supported)
✅ Free advertising credits while earning
✅ Free 1000 banner credits daily!

We are paying for unique CPM. You will get Bitcoin + Free Advertising Credits while using our network.

Extra Features :
✅ Daily faucet for free banner credits.
✅ Surfbar app for earning bitcoin + banner credits.
✅ HTML code for website owners, bitcoin + banner credits rewards.

Website CPM Reward (Unique) :
0.00001 btc + 12,000 Banner Credits


Surfbar Hourly Reward :
0.00000030 BTC + 300 Banner Credits


Minimum withdraw :
Direct : 0.0005 btc (instant)
Faucethub : 1 satoshi (instant)

Want to advertise?
You can purchase Banner advertising, without using exchange system, we are selling very cheap banner impressions.

500,000 Impressions for just 0.001 btc

List of publishers :
https://ad2bitcoin.com/index.php?view=publishers
You can advertise on all these sites + earn bitcoin, it's All Free!

Join us, we are #1 Crypto Paying Banner Exchange system :
https://ad2bitcoin.com

refBitcoin.com - Bitcoin Marketing
1711626564
Hero Member
*
Offline Offline

Posts: 1711626564

View Profile Personal Message (Offline)

Ignore
1711626564
Reply with quote  #2

1711626564
Report to moderator
1711626564
Hero Member
*
Offline Offline

Posts: 1711626564

View Profile Personal Message (Offline)

Ignore
1711626564
Reply with quote  #2

1711626564
Report to moderator
1711626564
Hero Member
*
Offline Offline

Posts: 1711626564

View Profile Personal Message (Offline)

Ignore
1711626564
Reply with quote  #2

1711626564
Report to moderator
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711626564
Hero Member
*
Offline Offline

Posts: 1711626564

View Profile Personal Message (Offline)

Ignore
1711626564
Reply with quote  #2

1711626564
Report to moderator
felicita
Legendary
*
Offline Offline

Activity: 1582
Merit: 1031



View Profile
February 01, 2019, 06:52:20 PM
 #2

what is the difference to traffic2bitcoin.com ?
You paying on both networks 1 satoshi.... ?
Looks really similar for me o0 why reason to use this inset of traffic2bitcoin ?


regards
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
February 02, 2019, 11:46:35 AM
 #3

We created list for joined publishers into Banner Exchange system.

You can advertise on all these sites for free + you will earn free bitcoins :
http://ad2bitcoin.com/index.php?view=publishers

Earn & Advertise, it's All Free!

refBitcoin.com - Bitcoin Marketing
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
February 18, 2019, 09:58:08 AM
 #4

New Update :
Auto assign option is added.

This will help to credit your banners automatically from your earned credits.

refBitcoin.com - Bitcoin Marketing
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
February 27, 2019, 09:29:27 PM
 #5

UPDATE :

Faucet added (no captcha).
now users can claim 1000 banner credits for free advertising everyday!

refBitcoin.com - Bitcoin Marketing
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
February 28, 2019, 03:16:37 PM
Last edit: February 28, 2019, 09:48:04 PM by Bitcoin-Pro
 #6

UPDATE :



Banner surfbar is added.
Now you can earn credits + bitcoin by using Ad2Bitcoin app.

refBitcoin.com - Bitcoin Marketing
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 04, 2019, 02:09:24 PM
 #7

Now advertiser's banners will be displayed into our +300 sites and surfbar users.

You can get free advertising credits by using Faucet or Surfbar
You can earn bitcoin from your site, or using surfbar.

refBitcoin.com - Bitcoin Marketing
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 13, 2019, 09:03:01 PM
 #8

Now there is +500 sites are using Ad2Bitcoin network plus many surfbar users.

List of publishers :
http://ad2bitcoin.com/index.php?view=publishers

You can start advertising your site or referral url, it's %100 free to join and advertise!

refBitcoin.com - Bitcoin Marketing
felicita
Legendary
*
Offline Offline

Activity: 1582
Merit: 1031



View Profile
March 14, 2019, 06:29:40 PM
 #9

any plans of publishing the surfbar for Linux or web ?

regards
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 14, 2019, 07:41:53 PM
 #10

any plans of publishing the surfbar for Linux or web ?

regards

sorry there is no plans for Linux.
for web you may use publisher banner codes.

refBitcoin.com - Bitcoin Marketing
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 06:10:21 AM
 #11

Caution scammer !!!

After downloading the surfbar and launching it, an executable file is added to the autoload. After that, this program begins to replace the Bitcoin addresses in your clipboard. You will send money to this scammer without knowing it.
It is good that I noticed it in time and did not manage to send anything to false addresses.
I checked everything several times - the file in autoload appears only after launching their surfbar! Bypass this site and do not download anything from it! Antiviruses do not see the file and do not react in any way.

If someone has already encountered this problem: the name of the file at startup is startup.exe
The process name in the task manager: startup.exe - live translator
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 19, 2019, 07:20:02 AM
 #12

how virus-ed app can do all this and not give any warning by anti-virus  Roll Eyes

i'm sure this is fake report, app is tested before and it's safe for using.
however, can you please send me copy of your surfbar and i will check it myself on my second laptop.

refBitcoin.com - Bitcoin Marketing
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 08:08:07 AM
 #13

how virus-ed app can do all this and not give any warning by anti-virus  Roll Eyes

i'm sure this is fake report, app is tested before and it's safe for using.
however, can you please send me copy of your surfbar and i will check it myself on my second laptop.
Because it is not a virus, it is little program that track your clipboard and when it get btc address, replace it.
The copy of surfbar your can download by yourself, it is latest.
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 19, 2019, 08:17:57 AM
 #14

i just downloaded app, it's clean at my side.
i guess you got malware from somewhere else, not from ad2bitcoin app.

i strongly suggest you clean up your pc, format it if possible, never login into your wallet until you be sure your pc is cleaned up.
to keep always safe, use two laptops, one for crypto funds and other for daily uses or web apps.

please remove new topic you opened and keep discussion here. (edit title to 'delete' and moderator will delete your topic.)

refBitcoin.com - Bitcoin Marketing
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 08:40:35 AM
 #15

i just downloaded app, it's clean at my side.
i guess you got malware from somewhere else, not from ad2bitcoin app.

i strongly suggest you clean up your pc, format it if possible, never login into your wallet until you be sure your pc is cleaned up.
to keep always safe, use two laptops, one for crypto funds and other for daily uses or web apps.

please remove new topic you opened and keep discussion here. (edit title to 'delete' and moderator will delete your topic.)
It is not clean, try to restart your pc after first surfbar launch
Then when you will try to copy/paste any btc address it will be replaced
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 09:10:03 AM
 #16

Just downloded your surfbar to another clean pc
At first nothing happened. After rebooting the computer, the same problem - the addresses began to be replaced.
Bitcoin-Pro (OP)
Member
**
Offline Offline

Activity: 320
Merit: 18


View Profile WWW
March 19, 2019, 09:11:58 AM
 #17

remove your second topic to keep replies here.

i will do restart and post updates here if i get any malware.

refBitcoin.com - Bitcoin Marketing
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 09:14:51 AM
 #18

remove your second topic to keep replies here.
I have already sent message to moderator for removing
Idalgo
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
March 19, 2019, 09:27:05 AM
 #19

A little more, the program replaces the characters in your address coming after the first three characters. For example, if your address is 1LthuSQDndCVMNWcfQ5gg4E4sYmiCg9SPf, it will be replaced with 1Ltxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Therefore, it is very difficult to determine the substitution.
arisatox
Member
**
Offline Offline

Activity: 309
Merit: 12


View Profile WWW
May 10, 2019, 10:39:01 PM
Last edit: May 11, 2019, 01:27:41 AM by arisatox
Merited by ranlo (1)
 #20

Caution scammer !!!

After downloading the surfbar and launching it, an executable file is added to the autoload. After that, this program begins to replace the Bitcoin addresses in your clipboard. You will send money to this scammer without knowing it.
It is good that I noticed it in time and did not manage to send anything to false addresses.
I checked everything several times - the file in autoload appears only after launching their surfbar! Bypass this site and do not download anything from it! Antiviruses do not see the file and do not react in any way.

If someone has already encountered this problem: the name of the file at startup is startup.exe
The process name in the task manager: startup.exe - live translator


i can also confirm that i had the same thing happen when sandboxed, and it also keeps running another program in the background that is added to the program's folder called config.bat. it used to be called synchronize.exe and still has the old name hidden within it. it will keep running when you close the surf bar and send data somewhere with a lot of cpu usage but it is not clear what is being sent or why. more info can also be found on https://www.virustotal.com/#/file/a2177cc734a4c7d15fe696bf57e07cc7b4ca2aef2f37539a4596aab0ca5d7625/details

to fully close the app you will have to close synchronize.exe too through the task manager

okay, so i found it opens and tries to send the following files

Code:
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\~DF6A7E.tmp
C:\conf.dat
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\key4.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\logins.json
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\key3.db
C:\Users\<USER>\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\key4.db
C:\WINDOWS\Registration\R000000000007.clb

i am not sure if the links in it are broken or that is just how it is reported in sandbox mode but logins.json holds encrypted usernames and passwords and key4.db is the decryption key for them so it is trying to access anything in firefox and send it to the hacker. it downloads the payload through terminal and also hooks into user32.dll with this

"Ad2Bitcoin.exe" wrote bytes "71115d007a3b5c00ab8b02007f950200fc8c0200729602006cc805001ecd59007d265900" to virtual address "0x76FF07E4" (part of module "USER32.DLL")

Check out JacksClub.io, a 1% house edge casino that offers great rewards, including free cash and cars!

LuckyBird

ff
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!