Windows 11 Pro 26H1 новая система для SSD v28000.1643 by Revision
Windows 11 Pro 26H1 новая система для SSD v28000.1643 by Revision
NEW
 Windows 10 LTSC Game Edition 21H2 Build 19044.6332
Windows 10 LTSC Game Edition 21H2 Build 19044.6332
NEW
 Windows 11 Pro 26H1 Build 28020.1673 Canary
Windows 11 Pro 26H1 Build 28020.1673 Canary
NEW
 Adobe Acrobat Pro 2025.001.21265.0 (x86|x64) by 7997
Adobe Acrobat Pro 2025.001.21265.0 (x86|x64) by 7997
NEW
 Youtube Downloader HD 5.9.9.8 + Portable
Youtube Downloader HD 5.9.9.8 + Portable
NEW
 Тест для видеокарты OCCT 16.0.1 Portable
Тест для видеокарты OCCT 16.0.1 Portable
NEW
 Fast Video Cutter Joiner 7.0.2 by 7997
Fast Video Cutter Joiner 7.0.2 by 7997
NEW
 NVIDIA GeForce Desktop Game Ready 595.71 WHQL + DCH
NVIDIA GeForce Desktop Game Ready 595.71 WHQL + DCH
NEW
 MinerSearch 1.4.8.41 Portable
MinerSearch 1.4.8.41 Portable
NEW
 AIDA64 8.25.8200 by elchupacabra
AIDA64 8.25.8200 by elchupacabra
NEW
 Интернет мессенджер Telegram Desktop 6.6.1 + Portable
Интернет мессенджер Telegram Desktop 6.6.1 + Portable
NEW
 NIUBI Partition Editor 10.3.0 Technician Edition by elchupacabra
NIUBI Partition Editor 10.3.0 Technician Edition by elchupacabra
NEW
 MediaHuman YouTube Downloader 3.9.18 (2802) by elchupacabra
MediaHuman YouTube Downloader 3.9.18 (2802) by elchupacabra
NEW
 Исправление фото Perfectly Clear WorkBench 5.0.3.3117 by elchupacabra
Исправление фото Perfectly Clear WorkBench 5.0.3.3117 by elchupacabra
NEW
 R-Drive Image Technician 7.3 Build 7314 by KpoJIuK
R-Drive Image Technician 7.3 Build 7314 by KpoJIuK
NEW
 Установка второй Windows WinNTSetup 5.4.2 Portable
Установка второй Windows WinNTSetup 5.4.2 Portable
NEW
 Коррекция фото Luminar Neo 1.26.1.16487 by elchupacabra
Коррекция фото Luminar Neo 1.26.1.16487 by elchupacabra
NEW
 AIDA64 8.25.8200 by TryRooM
AIDA64 8.25.8200 by TryRooM
NEW
 Windows Manager 2.3.3 by elchupacabra
Windows Manager 2.3.3 by elchupacabra
NEW
 MAX Desktop 26.6.0
MAX Desktop 26.6.0
NEW
 D-Soft Flash Doctor 1.0.4 RC1 Portable
D-Soft Flash Doctor 1.0.4 RC1 Portable
NEW
 R-Wipe & Clean 20.0.2548 by elchupacabra
R-Wipe & Clean 20.0.2548 by elchupacabra
NEW
 Air Explorer Pro 5.9.0 by elchupacabra
Air Explorer Pro 5.9.0 by elchupacabra
NEW
 MediaHuman YouTube Downloader 3.9.18 (2802) by Dodakaedr
MediaHuman YouTube Downloader 3.9.18 (2802) by Dodakaedr
NEW
 DiskDigger 2.0.13.4177 by elchupacabra
DiskDigger 2.0.13.4177 by elchupacabra
NEW
 IObit Uninstaller Pro 15.3.0.1 by elchupacabra
IObit Uninstaller Pro 15.3.0.1 by elchupacabra
NEW
 Fast Video Cutter Joiner 7.0.2.0 by elchupacabra
Fast Video Cutter Joiner 7.0.2.0 by elchupacabra
NEW
 Topaz Photo 1.3.1 by elchupacabra
Topaz Photo 1.3.1 by elchupacabra
NEW
 Программа для разгона процессора Quick CPU 6.2.1.0
Программа для разгона процессора Quick CPU 6.2.1.0
NEW
 NIUBI Partition Editor 10.3.0
NIUBI Partition Editor 10.3.0
NEW
 Zoom Player MAX 22.2.0 Build 2220 by TryRooM
Zoom Player MAX 22.2.0 Build 2220 by TryRooM
NEW
 Adobe Photoshop Lightroom Classic 2026 15.2.0.6 by 7997
Adobe Photoshop Lightroom Classic 2026 15.2.0.6 by 7997
NEW
 InnoExtractor Ultra 11.5.1.172
InnoExtractor Ultra 11.5.1.172
NEW
 System software for Windows 3.6.9 by CUTA
System software for Windows 3.6.9 by CUTA
NEW
 Ashampoo Driver Updater 2.5.0.1 by TryRooM
Ashampoo Driver Updater 2.5.0.1 by TryRooM
NEW
 4K Video Downloader+ 26.0.5.0288 by TryRooM
4K Video Downloader+ 26.0.5.0288 by TryRooM
NEW
 MiniTool Partition Wizard Technician 13.6.0 by elchupacabra
MiniTool Partition Wizard Technician 13.6.0 by elchupacabra
NEW
 VueScan Pro 9.8.52.03 by elchupacabra
VueScan Pro 9.8.52.03 by elchupacabra
NEW
 Просмотр сайтов без интернета MetaProducts Offline Explorer Enterprise 8.8.0.5012 SR1 by elchupacabra
Просмотр сайтов без интернета MetaProducts Offline Explorer Enterprise 8.8.0.5012 SR1 by elchupacabra
NEW
 Планета из спутника Google Earth Pro 7.3.7.1094 by elchupacabra
Планета из спутника Google Earth Pro 7.3.7.1094 by elchupacabra
NEW
 Calibre 9.4.0 + Portable
Calibre 9.4.0 + Portable
NEW
 IceCream Ebook Reader Pro 6.53 by TryRooM
IceCream Ebook Reader Pro 6.53 by TryRooM
NEW
 AIDA64 8.25.8200 by Dodakaedr
AIDA64 8.25.8200 by Dodakaedr
NEW
 Adguard 7.22.4 (7.22.5257.0) by Dodakaedr
Adguard 7.22.4 (7.22.5257.0) by Dodakaedr
NEW
 Fan Control V261 + Portable
Fan Control V261 + Portable
NEW
 MITorrent Client 0.1.5
MITorrent Client 0.1.5
NEW
 Wise Disk Cleaner 11.3.3.853 + Portable
Wise Disk Cleaner 11.3.3.853 + Portable
NEW
 Imagine 2.5.2 + Portable
Imagine 2.5.2 + Portable
NEW
 DISMTools 0.7.3.26023 + Portable
DISMTools 0.7.3.26023 + Portable
NEW
 reaConverter Pro 8.0.201
reaConverter Pro 8.0.201
NEW

Winformsapp23.11.zip -

The app may copy itself to %AppData%\Roaming and create a Registry Run key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Common behavior includes scanning for Login Data in browser profiles (Chrome/Edge) or targeting Discord tokens. Summary of Findings Observation Persistence Scheduled Task or Registry Key Language Network C2 communication on non-standard ports Objective Likely an Infostealer or Downloader Indicators of Compromise (IoCs) Filename: WinFormsApp23.11.exe Dropped Files: %TEMP%\tmpXXXX.tmp

This write-up covers the analysis of , a suspicious archive containing a .NET-based executable . The analysis focuses on its behavior, underlying code, and indicators of compromise (IoCs). File Overview Archive Name: WinFormsApp23.11.zip Contained File: WinFormsApp23.11.exe Platform: Windows (.NET Framework / .NET Core) Type: Windows Forms Application 1. Initial Static Analysis WinFormsApp23.11.zip

Check the Resources section. Malware often hides an encrypted second-stage executable or a DLL inside the manifest resources, which is decrypted at runtime using AES or a simple XOR stub. 3. Dynamic Behavior

Standard .NET libraries ( mscoree.dll ) and Windows Forms namespaces. Architecture: Likely x86 or AnyCPU. 2. Decompilation & Code Review The app may copy itself to %AppData%\Roaming and

It attempts to reach out to a Command & Control (C2) server via HTTP/HTTPS to check in or download further instructions.

Software\Microsoft\Windows\CurrentVersion\Run\WinFormsApp File Overview Archive Name: WinFormsApp23

Since this is a .NET application, it can be reverted to near-source code using or ILSpy .

Программы для Windows
Adobe Acrobat Pro 2025.001.21265.0 (x86|x64) by 7997
Adobe Acrobat Pro 2025.001.21265.0 (x86|x64) by 7997
Youtube Downloader HD 5.9.9.8 + Portable
Youtube Downloader HD 5.9.9.8 + Portable
Тест для видеокарты OCCT 16.0.1 Portable
Тест для видеокарты OCCT 16.0.1 Portable
Fast Video Cutter Joiner 7.0.2 by 7997
Fast Video Cutter Joiner 7.0.2 by 7997
NVIDIA GeForce Desktop Game Ready 595.71 WHQL + DCH
NVIDIA GeForce Desktop Game Ready 595.71 WHQL + DCH
MinerSearch 1.4.8.41 Portable
MinerSearch 1.4.8.41 Portable
AIDA64 8.25.8200 by elchupacabra
AIDA64 8.25.8200 by elchupacabra
Интернет мессенджер Telegram Desktop 6.6.1 + Portable
Интернет мессенджер Telegram Desktop 6.6.1 + Portable
NIUBI Partition Editor 10.3.0 Technician Edition by elchupacabra
NIUBI Partition Editor 10.3.0 Technician Edition by elchupacabra
MediaHuman YouTube Downloader 3.9.18 (2802) by elchupacabra
MediaHuman YouTube Downloader 3.9.18 (2802) by elchupacabra
Исправление фото Perfectly Clear WorkBench 5.0.3.3117 by elchupacabra
Исправление фото Perfectly Clear WorkBench 5.0.3.3117 by elchupacabra
R-Drive Image Technician 7.3 Build 7314 by KpoJIuK
R-Drive Image Technician 7.3 Build 7314 by KpoJIuK
Установка второй Windows WinNTSetup 5.4.2 Portable
Установка второй Windows WinNTSetup 5.4.2 Portable
Коррекция фото Luminar Neo 1.26.1.16487 by elchupacabra
Коррекция фото Luminar Neo 1.26.1.16487 by elchupacabra
AIDA64 8.25.8200 by TryRooM
AIDA64 8.25.8200 by TryRooM
Windows Manager 2.3.3 by elchupacabra
Windows Manager 2.3.3 by elchupacabra
MAX Desktop 26.6.0
MAX Desktop 26.6.0
D-Soft Flash Doctor 1.0.4 RC1 Portable
D-Soft Flash Doctor 1.0.4 RC1 Portable
R-Wipe & Clean 20.0.2548 by elchupacabra
R-Wipe & Clean 20.0.2548 by elchupacabra
Air Explorer Pro 5.9.0 by elchupacabra
Air Explorer Pro 5.9.0 by elchupacabra