Bitcoin Abuse Database
Report history for 1Pqkb4MZwKzgSNkaX32wMwg95D9NfW9vZX
Address found in database:
| Address | 1Pqkb4MZwKzgSNkaX32wMwg95D9NfW9vZX View address on blockchain.info |
|---|---|
| Report Count | 3 |
| Latest Report | Tue, 24 May 22 13:46:28 +0000 (1 year ago) |
If you have additional information about this address, please file a report.
Reports:
| Date | Abuse Type | Description |
|---|---|---|
| May 24, 2022 | ransomware | Get in touch with Summitrecoup com if you want to recover your scammed funds or get some legal counsel on how to go about it. They’re the Best and Most legit team out there. I saw their reviews and reached out, got back all my funds with roi and paid after the recovery. Superb I Must say! |
| May 24, 2022 | ransomware | I have downloaded a file from: https://getintopc.com/softwares/image-viewer/coolutils-total-image-converter-2022-free-download/ Total image converter with crack/activator. I have used the activator and nothing happened. The program worked just fine, I could convert images without a watermark or anything. But recently when I have copy-pasted my Binance BTC address to receive payment from a friend, I found the money was not reached to my Binance account. Then I talked with Binance support and they told me about this Copy-Paste ransomware/malware that changes the copied BTC address tho their's BTC address silently. If you do not check and reconfirm your BTC address then the sender will send the money to the creator of this ransomware. So always check and re-check and confirm your Crypto address when you send it to someone. I have lost 250$. |
| Apr 21, 2022 | other | I downloaded an alleged crack of software called Passper for PDF from The Pirate Bay, which was uploaded by user called MotasemBT. https://thepiratebay.party/torrent/57638901/Passper_for_PDF_3.6.2.3_Multilingual___crack Inside is crack.zip, which contains a malicious file called Activator.exe. I ran the program, clicked PATCH, which appeared to do nothing. I gave up and moved on to other tasks. The next day (today) I pasted a BTC address that I immediately recognized as NOT the one I copied. I opened my clipboard manager, and sure enough, a hidden Powershell process replaced the address I copied, hoping I wouldn't see the difference. This has happened before; I lost $500 in crypto from an attempted transfer because I didn't notice the address difference when I pasted. This time I caught it right away. You can find exactly what the malicious program does and how to undo the damage here: https://gist.github.com/infernoboy/cf114fda56ff3706478e0d1e6a1a1b27?permalink_comment_id=4140687#gistcomment-4140687 1. A task was created under Microsoft > Windows > NetService > Network that is spawning PowerShell. You can safely delete the entire NetService folder, as it was also created by the malware. 2. Delete a fake log file that it created where it hides the script: C:\Windows\logs\system-logs.txt 3. It also replaces the contents of C:\Windows\System32\SyncAppvPublishingServer.vbs with its own version. A copy from a clean install of Windows 11 (works for Windows 10 as well) can be found here: https://gist.github.com/infernoboy/7cc1fe26e647dd08e6e63a201cb38e27 |