PowerShell Archives

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

Winsage

April 14, 2026

Windows 11 cumulative updates KB5083769 & KB5082052 released

Microsoft has released cumulative updates KB5083769 and KB5082052 for Windows 11 versions 25H2, 24H2, and 23H2, incorporating the April 2026 Patch Tuesday security patches. Users can install these updates automatically or manually via the Microsoft Update Catalog. The build numbers will be updated to 26200.8246 for 25H2, 26100.8246 for 24H2, and 22631.6936 for 23H2. Key features include the ability to modify Smart App Control without reinstalling Windows 11, improved Narrator functionality, enhancements in Account Settings for Microsoft 365 Family subscribers, refined Pen settings, a redesigned About page in Settings, and various reliability improvements across File Explorer, Display, Printing, Safe mode, Voice Access, Start menu, Remote Desktop, and Audio. No new issues have been reported from this update, and Microsoft is planning a significant quality update for Windows 11 in 2026.

Winsage

April 13, 2026

Windows 11 is finally removing the 32GB FAT32 capacity limit

Microsoft has released new test builds for Windows Insiders, specifically Dev Build 26300.8170 and Beta Build 26220.8165, which remove the 32GB limit on FAT32 formatting for external drives. Users can now format external drives up to 2TB using FAT32 through the Command Prompt. This change, which has been anticipated by users, is a shift from the long-standing restriction that required third-party applications or specialized commands for larger drives. The enhancement applies only to the Command Prompt, as the graphical interface remains unchanged, and the 4GB file size limit for individual files on FAT32 drives still applies. This feature is currently available only in preview versions for Windows Insiders, with a broader rollout planned for future standard Windows 11 updates.

Winsage

April 10, 2026

“This is exactly the kind of thing driving me away from Windows”: even Edge users don’t want this new feature

Recent polling data shows that Microsoft Edge users dislike the browser's automatic launch upon logging into Windows 11. Microsoft is testing a feature that would have Edge open automatically at startup, which has sparked significant discussion and frustration among users. A banner notifying select users of this change has been observed, and the behavior has been confirmed in the latest Edge Beta build. User reactions on Reddit include strong negative sentiments, with some users threatening to abandon Windows 11 if this feature is enforced. Despite the backlash, Microsoft Edge is viewed as a competent browser, though its aggressive promotion tactics may alienate potential users.

Winsage

April 7, 2026

How to Reset Folder Permissions in Windows 11: 5 Proven Methods That Actually Work

Folder permissions in Windows 11 control access to files, determining who can read, modify, or delete them. Common issues arise from drive or file migration, Windows updates, malware, or user errors. Symptoms include "Access Denied" messages and ownership displayed as "unknown." Methods to resolve folder permission issues include: 1. Security Tab: Reset permissions through the Security tab by modifying access levels and ensuring proper inheritance. 2. Take Ownership: Claim ownership of a folder if the current owner is no longer valid, then reset permissions. 3. Command Prompt: Use commands like PLACEHOLDERfa5c045a85bc6cf0 and PLACEHOLDER14a87b7576573f58 to reset permissions quickly and efficiently. 4. PowerShell: Utilize PowerShell for advanced permission resets, allowing for conditional logic. 5. Windows Reset: As a last resort, reset Windows to restore default permissions while keeping personal files. To prevent future issues, back up permissions before changes, understand NTFS vs. share permissions, and avoid altering system folders. If problems persist, ensure commands are run as an administrator, check ownership settings, and verify that Group Policy or sync tools are not overriding changes.

Winsage

April 7, 2026

Windows 11 Version 25H2 is Now Being Pushed to All Eligible PCs

Windows 11 version 25H2 is now available for Home and Pro users, rolling out to all non-managed PCs currently on version 24H2. The upgrade will be automatic for eligible users unless there are compatibility issues. Version 24H2 will reach its end of support on October 13, 2026, while version 25H2 will be supported until October 2027. The upgrade process uses a simple enablement package, and most features are accessible to both versions. However, version 25H2 removes certain legacy features like PowerShell 2.0 and WMIC. Users can choose when to restart or postpone the installation, but it becomes mandatory after a pause time limit. Windows 11 version 26H1 is in development and will debut on new devices with Qualcomm’s Snapdragon X2 Series processors.

Winsage

April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.

Winsage

March 31, 2026

The March Windows 11 Insider Update adds 9 fresh features and improvements worth knowing

- Microsoft has introduced several enhancements for Windows 11 through its Windows Insider Program, including previews for versions 25H2, 26H1, 26H2, and anticipated version 27H2. - The Pointer Indicator feature, starting with build 26300.8085, helps users with low vision locate the mouse pointer by overlaying a crosshair effect and offers customizable color options. - A redesigned Feedback Hub app aligns with Windows 11 aesthetics and improves user experience for feedback submission, including Bluetooth LE Audio device connections and main volume controls in Quick Settings. - The File Explorer context menu now displays application icons alongside the "Open" option for certain file types, available in the Canary Channel with build 28020.1743. - The Administrator Protection feature, introduced in builds 26300.8142 and 26220.8138, prompts an authorization dialog for unsigned or untrusted applications seeking privilege elevation, enhancing security. - Windows 11 now allows customization of the right-click zone size on touchpads, available under Settings > Bluetooth & Devices > Touchpad, for touchpads with a pressable surface. - Task Manager updates include new columns for "NPU" and "NPU Engine" on various pages, as well as columns for "NPU Dedicated Memory" and "NPU Shared Memory" on the Details page. - A new icon in printer settings indicates which printers support Windows Protected Print mode, enhancing printing security. - The Windows Console is undergoing significant changes, merging improvements from Windows Terminal, including an optional Direct3D rendering path and enhanced Find dialog functionality.

Winsage

March 31, 2026

What Is Conhost.exe?

Conhost.exe, or Console Window Host, is a legitimate Windows system process responsible for managing the display and behavior of console windows such as Command Prompt and PowerShell. It facilitates text rendering and manages input/output interactions with the graphical user interface. Each time a console application is launched, a new instance of conhost.exe is created, and multiple instances can appear in Task Manager based on active console applications. To verify the authenticity of conhost.exe, it should run from C:WindowsSystem32 or C:WindowsSysWOW64, have a valid Microsoft Windows Publisher digital signature, and not make outbound network connections. High CPU usage or unusual behavior may indicate malware masquerading as conhost.exe. Troubleshooting steps for issues related to conhost.exe include running a malware scan, checking for Windows updates, updating device drivers, and using the System File Checker. Disabling conhost.exe is not advisable as it is essential for the functioning of console applications.

Winsage

March 26, 2026

Is It Time for a New Laptop Battery? This Secret Windows Report Will Let You Know

Windows laptops allow users to generate a battery report through Windows PowerShell. To create the report, users must open Windows Terminal as an administrator and enter the command powercfg /batteryreport /output "C:battery-report.html". This command generates an HTML file named battery-report.html saved in the C: drive. The report includes information about the laptop's battery health, recent usage, battery usage over the last three days, usage history, battery capacity history, and battery life estimates. The report shows the design capacity and full charge capacity of the battery, along with a comparison of expected and actual battery life. For example, a laptop designed for 6 hours and 2 minutes of battery life may currently last only 4 hours and 52 minutes.