file extensions Archives

TrendTechie

August 8, 2025

Троян Efimer крадет криптовалюту через торренты и сайты на WordPress

A new Trojan named Efimer has been identified, which can alter cryptocurrency wallet addresses in the clipboard, redirecting funds to cybercriminals. Efimer spreads primarily through compromised WordPress sites and phishing emails. Once installed, it can disable Windows Defender, install a Tor client, and capture seed phrases and wallet addresses. It targets Windows users globally, particularly those in Brazil, Russia, India, Spain, Germany, and Italy. The Trojan primarily targets wallets holding Bitcoin, Ethereum, Monero, Tron, and Solana, but may expand to other cryptocurrencies. To protect against Efimer, users are advised to use reliable security solutions, create strong passwords, enable two-factor authentication, avoid downloading files from unverified sources, and not store seed phrases in plain text.

AppWizard

July 7, 2025

I stored files inside of Minecraft, and here’s how it works

Files are collections of data stored in a single container, often identified by their extensions. In Minecraft, data can be represented using wool blocks, where each block corresponds to a specific hex digit, allowing for the storage of bytes. A mapping was created to associate hex digits with wool colors, enabling data encoding and decoding within the game. An encoder script generates an "mcfunction" file for efficient block placement, while a decoder reads the wool matrix from the game world using the Amulet library. The process involves defining coordinates and dimensions for the wool matrix, and successful decoding reveals the original encoded message. This project demonstrates the versatility of data representation, though it is not intended for practical use.

Winsage

June 6, 2025

The Microsoft Store is now faster, more personalized… and injected with AI

Microsoft has updated the Microsoft Store app, introducing a personalized home page and improved performance, with start times reportedly twice as fast as six months ago. Users can now install individual game components, and there is a new feature for launching Windows search to quickly find and install apps or games from the Store. Additionally, app suggestions for opening file extensions are being tested for Windows Insiders in the US and China. Copilot AI features have been added, allowing users in the US to ask questions while browsing product pages. Other enhancements include better search capabilities and improved labeling and discovery options.

Winsage

June 5, 2025

Leveling up your Microsoft Store on Windows experience

The Microsoft Store on Windows serves over 250 million users monthly and is enhancing user experience through customer feedback. The homepage is being redesigned to offer personalized recommendations based on user interests and activities. Significant improvements to search functionality include a more intent-aware search feature, the introduction of Copilot for assistance, a "Discover More" section on product pages, and badges for apps with AI features. Integration with Windows is being improved by allowing users to launch searches for Store apps and suggesting apps for specific file extensions. The Store now launches twice as fast, with improved installation reliability. Additional enhancements include the ability to install individual game components, faster in-app rating dialogs, and updated information on product pages. New developer partnerships have been established, and users are encouraged to provide feedback through the Feedback Hub.

Winsage

May 20, 2025

Microsoft is giving Windows 11 power users and developers new Advanced Windows Settings

Microsoft has introduced Advanced Windows Settings, replacing the previous For Developers segment, aimed at enhancing user control for developers and power users. This feature consolidates various options into a single interface, making it easier to access settings that were previously hidden or difficult to find. Key features include easy toggles for displaying file extensions, options to show folder paths in Explorer’s top bar, and a method to run software as a different user. The Advanced Windows Settings will allow users to customize their experience with powerful settings, such as enabling File Explorer with GitHub version control, currently available in the Windows Insider Program. To access these features, users must install the latest Beta or Dev build of Windows 11 and activate the new settings page using the command: vivetool /enable /id:56005157.

Winsage

May 20, 2025

Microsoft confirms new “Advanced” Settings for Windows 11

Microsoft introduced the 'Advanced Settings' page in Windows 11 at the Build 2025 developer conference, replacing the 'For Developers' tab and enhancing user customization. It can be accessed via Settings > System > Advanced and offers features such as showing file extensions, hidden and system files, full paths in the title bar, options to run applications as different users, and visibility of empty drives. A new section for 'File Explorer + version control' allows users to link Git repository folders, improving workflow for developers. The 'Advanced Settings' page will be open-sourced on GitHub for ongoing maintenance and updates.

Winsage

April 27, 2025

5 features I wish were enabled by default on Windows 11

Microsoft Windows 11 includes several features that are not enabled by default, which can hinder user experience: 1. System Restore: Allows users to create restore points for system recovery but is not enabled by default due to disk space concerns. 2. End Task Feature: Enables users to right-click on unresponsive apps in the taskbar to force quit them, but requires activation through Settings. 3. File Extension View in File Explorer: Users must manually enable the display of file extensions for better file management. 4. Hibernate Mode: A power-saving option that saves the system state to the hard drive, not readily accessible in power settings and requires enabling through Control Panel or command line. 5. Start Menu on the Left: The Start menu is centered by default, but users can adjust it to the left through Settings, which some long-time users prefer.

Winsage

April 2, 2025

This third-party Windows tweaker finally lets you uninstall Edge and set a classic File Explorer style

The latest version of Wintoys, v2.0.81.0, allows Windows 11 users in the European Economic Area (EEA) to uninstall Microsoft Edge, a feature previously restricted to EU users due to regulatory requirements. Wintoys simulates the necessary conditions for this capability, enabling users to remove Edge through Microsoft-sanctioned processes. Additionally, Wintoys v2.0.81.0 includes enhancements such as a Classic File Explorer Theme, System Settings Restoration, Real-Time Updates for system properties, and improved File Explorer functionality. Wintoys is available for download from the Microsoft Store.

Tech Optimizer

February 8, 2025

New Attack Technique to Bypassing EDR as Low Privileged Standard User

A new cyberattack technique allows attackers to bypass Endpoint Detection and Response (EDR) systems while using low-privileged standard user accounts. This method utilizes masquerading and path obfuscation to disguise malicious payloads as legitimate processes, misleading detection systems and analysts. Process creation events are crucial for identifying threats, with tools like Sysmon logging detailed information about process execution. Attackers can manipulate file paths to evade restrictions on placing payloads in protected directories. They create folders that mimic legitimate antivirus software paths using Unicode characters to resemble spaces. For example, a folder may be named C:Program[U+2000]Files, allowing the attacker to introduce their payload (SuperJuicy.exe) without raising alarms. The execution of the payload results in logs that appear legitimate, complicating detection efforts. This technique poses challenges for EDR systems, including confusion in log analysis, deceptive attribution to legitimate software, and prolonged dwell time for malicious payloads. Defensive strategies include enhanced logging rules to flag Unicode characters, adjusting log viewers to display these characters, and restricting folder creation permissions for standard users.

Winsage

November 28, 2024

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a critical vulnerability, CVE-2024-9680, in Mozilla products exploited by the Russia-aligned group RomCom. This vulnerability, with a CVSS score of 9.8, affects various versions of Firefox, Thunderbird, and the Tor Browser, allowing code execution within the browser's restricted context. When combined with another Windows vulnerability, CVE-2024-49039, attackers can execute arbitrary code in the context of the logged-in user. The exploit can be triggered simply by visiting a malicious web page, enabling the installation of RomCom's backdoor without user interaction. RomCom has been linked to the exploitation of significant zero-day vulnerabilities, including the earlier use of CVE-2023-36884 via Microsoft Word in June 2023. The newly identified vulnerability was reported to Mozilla on October 8th, 2024, and patched the following day. The vulnerability is a use-after-free bug in Firefox's animation timeline. Further investigation revealed CVE-2024-49039, a privilege escalation bug in Windows, which Microsoft patched on November 12th, 2024. RomCom has targeted various sectors in 2024, including governmental entities in Ukraine, the pharmaceutical sector in the US, and the legal sector in Germany, among others. The compromise chain begins with a fake website that redirects victims to a server hosting the exploit. ESET identified multiple command-and-control servers used by RomCom, employing deceptive naming schemes to obscure their intentions. The exploit utilizes shellcode that executes arbitrary code by manipulating animation objects in Firefox. The vulnerability was patched by Mozilla within a day of its discovery. The RomCom backdoor is capable of executing commands and downloading additional modules onto the victim's machine. Indicators of compromise include specific JavaScript files and DLLs associated with the exploit.