Jump to content

playload.vsix detected in visual studio folder


Ut1234
 Share

Recommended Posts

malwarebytes found 14 various files in visual studio related folders named payload.vsix. no idea if they're actually malicious or not but just the name payload freaks me out a bit. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/9/22
Scan Time: 11:58 PM
Log File: 77347468-8a36-11ec-88c4-04d9f5828644.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50929
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1466)
CPU: x64
File System: NTFS
User: DESKTOP-8IRROSB\Chris

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 438849
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 10 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 14
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.DIAGNOSTICSHUB.COLLECTION.EXTERNALDEPENDENCIES.X64,VERSION=16.10.31312.362,CHIP=X64\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , D63340FE98D210C47919D466C53CDB45, 77FEE5D6D067654431B1D75546816AEE649EEED344133EEA5722099166C67F0B
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.CONNECTED,VERSION=16.10.31424.327\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 73C08634BE1453ACE63D525A43765E5E, 8AAD65FF42201AF01A0A5EED75D5FFDEDE6246B31AD214F7A03C3376ABF68E94
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS,VERSION=16.10.526.50910\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 474C065A1C90F3B92FC53B471F930136, 5A86129B250AEBB38AE9768BE208BBE29F2F4A95AF4ED3CE1FD025587386F199
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.TESTTOOLS.TEAMFOUNDATIONCLIENT,VERSION=16.10.31303.231\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 5E96A4A5B48062BA0B33A6AD6E6E9E90, FF7820FF835821D3F3DCE99028F6F30EFCE7083DA220901D92C156D1D2A8D76B
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.VC.EXTERNALBUILDFRAMEWORK,VERSION=16.10.31306.167\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 64D9A6210CA10B5798D6F8EDC7BAB931, 00AB6FCBD1DDA144DBDC0E00C5DD4A641A62380998A4F5F068D8BACEF4D280D4
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.CACHE.SERVICE,VERSION=16.10.57.29057\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 8D816196BBBDB675F745442D9DB61D8E, 1E30992409025B29B60ADD80E838FE9B06B39B61E531ACA374956758654B027B
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.INTELLICODE,VERSION=2.2.1462.13379\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 57A328DDEA180038CE1B9AD4974CF413, 6CB7B22029D99AFFF11B217365924C96E9A13C6DEF4682ACDE86EBEE2548BD8B
Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH,VERSION=16.10.240.48644\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 0B1A1F473AB9C1F58665D01FF64CE52C, 4641C97BA901FC13A4277EF221D6BA0D550C801F86794F8FE1562D13AAC86DFF
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.DIAGNOSTICSHUB.COLLECTION.EXTERNALDEPENDENCIES.X64.3736521529B9C9BCF12B\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , E76A22298AB126A2596E0829EB58F033, AD8D687F3BCF42E0F8375B915AF211142B74F5BF1878C08295AAA500CE913042
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.CONNECTED.8BD0EBBB361673987456\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , A3ABCD9FD7F36A58EE5B75CB4EA1268A, 5C9D6820A3C38CFB3155B9FF8739258F564BF3AB668245B57D803F087F76EBBA
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.217E538CA49AFA3D5778\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , B244F53C89160120FA9965D7751E0DFA, 562514C36B3AD9462D477A7B1FE0B0205FFFB5836FE02216A52CD04A2F2BBAB1
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH.55FAC1CDBBF64411DCE7\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , E406C1E395C7EA325501FBD1905CA4CA, 8FFFF4648491B24F4D745426007A308C965A0DCA6F80424ECABB3AA7B74243D5
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.TESTTOOLS.TEAMFOUNDATIONCLIENT.3ADD7B90173D38B29030\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 534493C786B133A28DB62237658E9676, 8671549B6D5C3AF581AB27981EC6B29D6104B91077EBFC39280FDD327A461027
Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.VC.EXTERNALBUILDFRAMEWORK.ACAE12CB63B996D71933\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , EDAA5F70246C69CEB4ADF4CD5E1F7570, A662360EAF8C08E6D8BDAB91E22FA5B654FB6EE3EF0AEA103C7EC5957C45F486

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.