Copy link to clipboard
Copied
Hello,
The recent flash update appeared with a weird process chain in our antivirus, it shows the initial signed installer calling an unsigned install which then scrapes LSASS memory. Is this normally the process that Flash should be installing with?
The antivirus shows the execution chain as:
CMD: FlashPlayerInstaller.exe -install -iv 9 VirusTotal
CMD: "C:\WINDOWS\system32\Macromed\Temp\{ED9F96DB-0F7C-4FE6-8D3E-DC481E02E23A}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 9 -au 4294967295
VirusTotal (unsigned)
Reads LSASS memory VirusTotal
Thanks!
Try the forum for Flash Player.
Copy link to clipboard
Copied
Try the forum for Flash Player.