Skip to content

Hide Navigation Hide TOC

Suspicious Vsls-Agent Command With AgentExtensionPath Load (43103702-5886-11ed-9b6a-0242ac120002)

Detects Microsoft Visual Studio vsls-agent.exe lolbin execution with a suspicious library load using the --agentExtensionPath parameter

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Vsls-Agent Command With AgentExtensionPath Load (43103702-5886-11ed-9b6a-0242ac120002) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1