![]() # ParentCommandLine: C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv # This FP was seen during Windows Upgrade # TargetFilename: :\WUDownloadCache\803d1df4c931df4f3e50a022cda56e29\WindowsUpdateBox.exe ![]() # This example was seen during windows upgrade TargetFilename|startswith: 'C:\Windows\SoftwareDistribution\Download\' # TargetFilename: C:\Windows\SoftwareDistribution\Download\803d1df4c931df4f3e50a022cda56e88\WindowsUpdateBox.exe 'C:\WINDOWS\system32\dxgiadaptercache.exe' ![]() MATCHES THIS (GitHub) RULE: title: Creation of an Executable by an Executableĭescription: Detects the creation of an executable by another executable ![]() MATCHING EVENTS: EventID:11ProcessId:5348TargetFilename:C:\Users\george\AppData\Local\Temp\lbj5ryso.bt3\DS4Windows\DS4Updater.exeRuleName:EXECreationUtcTime:1671558902UtcTime:1671558902ProcessGuid:CreationUtcTime:1671558909UtcTime:1671558909RuleName:EXEImage:C:\Windows\SysWOW64\7za.exe SVA: MaxSecure FLAGGED AS: īEHAVIOUR: Crowdsourced Sigma Rules: 1 match for rule Creation of an Executable by an Executable by frack113 from Sigma Integrated Rule Set (GitHub): VirusTotal Returned: 1 security vendor and no sandboxes flagged this file as malicious VirusTotal Returned: 1 security vendor flagged this URL as malicious TL DR: FLAGGED AS POTENTIALLY MALICIOUS VIA Roychan7 hashes: Name: DS4Windows_3.0.18_圆4 (Roychan7 GitHub).zip The download link redirects to the file on the GitHub releases page.The hashes for both files are the same.However I would still recommend directly downloading from the GitHub releases page, as the links could easily be changed at any time: Yeah, I can confirm these results are (currently) accurate. Keep in mind that this website is open-source, has no ads and no direct links (actually there are 3 direct links which I'm planning on replace if possible because of this whole situation). This is not only my opinion, but from one of the previous DS4Windows' developer, mika-n, and from the ViGEmBus developer, Nefarius, which was the person that alerted me of this site existence to begin with.Īgain, as of now, my recomendation is to use only the DS4Windows Docs. There is basically no information regarding who created this site, or for what reason (besides ad moneys). My problem with this site is with how "suspicious" it looks. I want to make clear that I don't care if the documentation I've written is copied. Let's hope it does not come to that though. I really hope this site is not harmful and is just trying to gain money with copied contents and Ads, but the biggest problem is that this site may silently replace the DS4Windows download link with something that contains malware in the future. If it gets randomly back online it will probably be used by scams As of the date this post was created, it's currently offline.In the past this was the original DS4Windows website, then it stopped being updated and got obsolete. ![]() The site is now asking users to subscribe their emails to "get news and updates".The site seems to be non-harmful, with the owners probably trying to generate some cash from ads, but since no knows who the creators are and it's impossible to keep track regarding updates to the site, it's possible it becomes dangerous in the future.The download link on the site is currently () a direct link to the Ryochan7's 圆4 DS4Windows v3.0.18 Its contents are a copy of the ones in the website with a different side design/structure. There are some fake/suspicious DS4Windows websites lying around. HidHide guide leads the user to the official HidHide guide.DS4Windows download link leads to Ryochan7's DS4Windows github.It mostly boils down to the following: most download links on the do not lead to a direct download, they only redirect the user to the correct website. "How do I know this site can be trusted?" Though it's kind of fan-made, the current website users should be using and that is being regularly updated is: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |