4 Replies Latest reply on Dec 11, 2018 10:06 AM by maria__

    FlashPlayerInstaller reading LSASS memory

    appendedAyy Level 1


      The recent flash update appeared with a weird process chain in our antivirus, it shows the initial signed installer calling an unsigned install which then scrapes LSASS memory.  Is this normally the process that Flash should be installing with?


      The antivirus shows the execution chain as:

      CMD: FlashPlayerInstaller.exe -install -iv 9 VirusTotal


      CMD: "C:\WINDOWS\system32\Macromed\Temp\{ED9F96DB-0F7C-4FE6-8D3E-DC481E02E23A}\InstallFlashPla yer.exe" -install -skipARPEntry -iv 9 -au 4294967295

      VirusTotal (unsigned)


      Reads LSASS memory VirusTotal