I have downloaded a file from: _x000D_ https://getintopc.com/softwares/image-viewer/coolutils-total-image-converter-2022-free-download/_x000D_ _x000D_ Total image converter with crack/activator. I have used the activator and nothing happened. The program worked just fine, I could convert images without a watermark or anything. But recently when I have copy-pasted my Binance BTC address to receive payment from a friend, I found the money was not reached to my Binance account. Then I talked with Binance support and they told me about this Copy-Paste ransomware/malware that changes the copied BTC address tho theirs BTC address silently. If you do not check and reconfirm your BTC address then the sender will send the money to the creator of this ransomware. So always check and re-check and confirm your Crypto address when you send it to someone. I have lost 250$.

I downloaded an alleged crack of software called Passper for PDF from The Pirate Bay, which was uploaded by user called MotasemBT. _x000D_ https://thepiratebay.party/torrent/57638901/Passper_for_PDF_3.6.2.3_Multilingual___crack_x000D_ _x000D_ Inside is crack.zip, which contains a malicious file called Activator.exe. I ran the program, clicked PATCH, which appeared to do nothing. I gave up and moved on to other tasks._x000D_ _x000D_ The next day (today) I pasted a BTC address that I immediately recognized as NOT the one I copied. I opened my clipboard manager, and sure enough, a hidden Powershell process replaced the address I copied, hoping I wouldnt see the difference. This has happened before; I lost $500 in crypto from an attempted transfer because I didnt notice the address difference when I pasted. This time I caught it right away._x000D_ _x000D_ You can find exactly what the malicious program does and how to undo the damage here: _x000D_ _x000D_ https://gist.github.com/infernoboy/cf114fda56ff3706478e0d1e6a1a1b27?permalink_comment_id=4140687#gistcomment-4140687_x000D_ _x000D_ 1. A task was created under Microsoft > Windows > NetService > Network that is spawning PowerShell. You can safely delete the entire NetService folder, as it was also created by the malware._x000D_ 2. Delete a fake log file that it created where it hides the script: C:\Windows\logs\system-logs.txt_x000D_ 3. It also replaces the contents of C:\Windows\System32\SyncAppvPublishingServer.vbs with its own version. A copy from a clean install of Windows 11 (works for Windows 10 as well) can be found here: https://gist.github.com/infernoboy/7cc1fe26e647dd08e6e63a201cb38e27