Forum

Not sure where to report this, since he plays here I’ll post here:

lippy contacted me earlier wanting me to view some pictures which he sent as a .rar file containing 2 .scr files (which he claimed were a mac specific image format, which google backed up) however upon further inspection on windows the extension is also used for ‘screensavers’ (which are just executables) which they were.

Since he didn’t respond to my hijack test question, I assume he’s hijacked and I advise everyone not to click any links he gives you

Chat:
01:00 - lippy ✾◕ ‿ ◕✾: LINK - explain these photos please...
01:01 - DEXKLL: .scr?
01:01 - lippy ✾◕ ‿ ◕✾: yes
01:01 - lippy ✾◕ ‿ ◕✾: im on mac
01:01 - lippy ✾◕ ‿ ◕✾: ...:
01:02 - DEXKLL: can you upload them to imgur or something
01:02 - DEXKLL: ?
01:03 - DEXKLL: because I don't have any program that opens them
01:03 - DEXKLL: and apparently imgur doesn't accept it either
01:04 - DEXKLL: MZ   ÿÿ ¸ @ € º ´Í!¸
LÍ!This program cannot be run in DOS mode.
01:04 - DEXKLL: nice try
01:04 - DEXKLL: but I know too much of this
01:04 - DEXKLL: soooooo... testing to see if you're not hijacked: who are you?
01:06 - DEXKLL: unfortunately I don't know much about .NET so I don't know how to reverse engineer it very well
01:13 - lippy ✾◕ ‿ ◕✾ is now Online.
01:14 - DEXKLL: welcome back
01:14 - lippy ✾◕ ‿ ◕✾ has changed their name to stolen acc ✾◕ ‿ ◕✾.
01:15 - DEXKLL: https://www.virustotal.com/en-gb/file/2bc5c10386ca7c25356f821db13145322b6b9fcf134183fa1ee49a2a109c23d4/analysis/
01:15 - DEXKLL: looks like someone beat me to it

link is down but I can reupload if requested, someone beat me to uploading it to virustotal too.

edit: removed the link just to be safe

Quoted from konr

You don’t know much about .NET so you can’t reverse it? You can almost definitely just reflect it bro!

This would require installing extra software which is too much effort for this, it’s probably just an account stealer anyway.