Adobe Reader X 11.0.0 Sandbox exceptions

1. Wellcome. Using Winappdbg version Version 1.5 (beta 4)
2. Adobe Reader X 11.0.0
3. AcroRd32 Main module found at 009f0000
4. Setting breakpoint at 00a10370
5. Rule: 0, 16, *.exe
6. Rule: 0, 16, *.bat
7. Rule: 0, 16, *.cmd
8. Rule: 0, 16, *.com
9. Rule: 0, 16, *.dll
10. Rule: 0, 16, *.cpl
11. Rule: 0, 16, *.ocx
12. Rule: 0, 16, *.pif
13. Rule: 0, 16, *.scr
14. Rule: 0, 16, *.scf
15. Rule: 0, 1, C:\Program Files\*
16. Rule: 0, 1, C:\Program Files
17. Rule: 0, 1, C:\Windows\*
18. Rule: 0, 1, C:\Windows
19. Rule: 0, 1, C:\Program Files\Adobe\Reader 11.0\*
20. Rule: 0, 1, C:\Program Files\Adobe\Reader 11.0\
21. Rule: 0, 1, C:\Program Files\Adobe\Reader 11.0\Reader\*
22. Rule: 0, 1, C:\Program Files\Adobe\Reader 11.0\Reader
23. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\*
24. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\Privileged\11.0
25. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Microsoft\Crypto\RSA\*
26. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Microsoft\Crypto\RSA
27. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Arcot\Ids\*
28. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Arcot\Ids
29. Rule: 0, 1, C:\Users\w7\AppData\Local\Microsoft\Outlook\*
30. Rule: 0, 1, C:\Users\w7\AppData\Local\Microsoft\Outlook
31. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Microsoft\Outlook\*
32. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Microsoft\Outlook
33. Rule: 0, 1, *.dll
34. Rule: 0, 1, *.p12
35. Rule: 0, 1, *.pfx
36. Rule: 0, 1, C:\Users\w7\AppData\Local\Microsoft\Windows\Temporary Internet Files\*
37. Rule: 0, 1, C:\Users\w7\AppData\Local\Microsoft\Windows\Temporary Internet Files
38. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\8.0\*
39. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\8.0
40. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\9.0\*
41. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\9.0
42. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\10.0\*
43. Rule: 0, 1, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\10.0
44. Rule: 0, 0, C:\Users\w7\AppData\Local\Temp\acrord32_sbx\*
45. Rule: 0, 15, *
46. Rule: 0, 2, *
47. Rule: 0, 0, C:\Users\w7\AppData\LocalLow\Adobe\Acrobat\11.0\*
48. Rule: 0, 0, C:\Users\w7\AppData\LocalLow\Adobe\Linguistics\*
49. Rule: 0, 0, C:\Users\w7\AppData\LocalLow\Microsoft\IMJP*\*
50. Rule: 0, 0, C:\Users\w7\AppData\LocalLow\Microsoft\IME*\*
51. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\11.0\*
52. Rule: 0, 0, C:\Users\w7\AppData\Local\Adobe\Acrobat\11.0\*
53. Rule: 0, 0, C:\Users\w7\AppData\Local\Adobe\Color\*
54. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\Linguistics\*
55. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Microsoft\Speech\*
56. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\LogTransport2\*
57. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\Headlights\*
58. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\Flash Player\AssetCache\*
59. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Microsoft\IME*\*
60. Rule: 0, 0, C:\Users\w7\AppData\Local\Microsoft\IME*\*
61. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Microsoft\IMJP*\*
62. Rule: 0, 0, C:\Users\w7\AppData\Local\Microsoft\IMJP*\*
63. Rule: 0, 0, C:\Users\w7\Documents\ArcotIDs\*
64. Rule: 0, 0, C:\Users\w7\AppData\Roaming\Adobe\Acrobat\FeatOut\*
65. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged*
66. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\Privileged*
67. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\
68. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\cTrustedFolders*
69. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\cTrustedSites*
70. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\TrustManager\
71. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\TrustManager\cTrustedFolders*
72. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\TrustManager\cTrustedSites*
73. Rule: 3, 12, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles*
74. Rule: 3, 12, HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddin*
75. Rule: 3, 11, HKEY_CLASSES_ROOT*
76. Rule: 3, 11, HKEY_CURRENT_USER*
77. Rule: 3, 11, HKEY_LOCAL_MACHINE*
78. Rule: 3, 11, HKEY_USERS*
79. Rule: 3, 11, HKEY_CURRENT_CONFIG*
80. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0
81. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\*
82. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0
83. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\*
84. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0
85. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0\*
86. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
87. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM\*
88. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11
89. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11\*
90. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech*
91. Rule: 3, 17, HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties*
92. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\*
93. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Adobe\CommonFiles*
94. Rule: 3, 17, HKEY_CURRENT_USER\Software\Microsoft\IMEJP*
95. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Distiller*
96. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache*
97. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache*
98. Rule: 3, 12, HKEY_CURRENT_USER\SOFTWARE\Lotus\Notes\Installer*
99. Rule: 3, 17, HKEY_CURRENT_USER\SOFTWARE\Lotus\Notes*
100. Rule: 3, 17, HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\cDefaultLaunchURLPerms*
101. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*IMSC*_S-1-5-21-3838672843-4002566486-4181322922-1001*
102. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Imejp.ConfigrationIO_*
103. Rule: 6, 14, \Sessions\1\BaseNamedObjects\FileView__Satori_PropMgrGlobal_IMJP_*
104. Rule: 6, 14, \Sessions\1\BaseNamedObjects\FileView__Satori_PropMgrGlobal_IME*
105. Rule: 6, 14, \Sessions\1\BaseNamedObjects\SatoriKnlDict_MemoryDictionary_*
106. Rule: 6, 14, \Sessions\1\BaseNamedObjects\_IME_*_CodeDictionarySharedMemory_*
107. Rule: 6, 14, \Sessions\1\BaseNamedObjects\FileView___IMJP*
108. Rule: 6, 14, \Sessions\1\BaseNamedObjects\UD_FileMapping_{*
109. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*_IMJP_??_UD_FileMapping_*
110. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*_IMJP_?_UD_FileMapping_*
111. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*_IMJP_??_UD_ManagementBlock_*
112. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*_IMJP_?_UD_ManagementBlock_*
113. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*microsoft_imjp*
114. Rule: 6, 14, \Sessions\1\BaseNamedObjects\?ihs*_S-1-5-21-3838672843-4002566486-4181322922-1001*
115. Rule: 6, 14, \Sessions\1\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_*
116. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Global\windows_shell_global_counters
117. Rule: 6, 14, \Sessions\1\BaseNamedObjects\windows_ie_global_counters
118. Rule: 6, 14, \Sessions\1\BaseNamedObjects\MSCTF.Shared.*
119. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Local\UrlZonesSM_*
120. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMem!Counter
121. Rule: 6, 14, \Sessions\1\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.*
122. Rule: 6, 14, \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault*
123. Rule: 6, 14, \Sessions\1\BaseNamedObjects\C43FCC54-5B86-4525-B9C3-5C382D06C790*
124. Rule: 6, 14, \Sessions\1\BaseNamedObjects\ASMWIN*
125. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Local\EWH*
126. Rule: 6, 14, \Sessions\1\BaseNamedObjects\A3D_*
127. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Imejp.PredictionPropertyCache_*
128. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*microsoft_ime12_imejp_dicts_*
129. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*microsoft_imjp12_imjp12*
130. Rule: 6, 14, \Sessions\1\BaseNamedObjects\*microsoft_imjp12_dicts_imjp*
131. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Global\AcroSharedMemory_*
132. Rule: 6, 14, \Sessions\1\BaseNamedObjects\SandboxProtectedViewSharedSection_*
133. Rule: 6, 14, \Sessions\1\BaseNamedObjects\Global\FntCache-*
134. Rule: 6, 14, \Sessions\1\BaseNamedObjects\dllmemfilemap*
135. Rule: 6, 14, \Sessions\1\BaseNamedObjects\JsMmfAtok*
136. Rule: 6, 14, \Sessions\1\BaseNamedObjects\_IMJP_*_CodeDictionarySharedMemory*
137. Rule: 6, 14, \Sessions\1\BaseNamedObjects\PGPhk*
138. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\UD_Mutex_{*
139. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\_IMJP*Mutex_*
140. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\PredictionPropertyMutex_*
141. Rule: 5, 13, \Sessions\1\BaseNamedObjects\MSCTF.Shared.MUTEX.*
142. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\_IME_*_MutexObject_*
143. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\_IME_*_IME*_KnlDict_DicWriteMutex_*
144. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex
145. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\!IETld!Mutex
146. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex
147. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
148. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
149. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex
150. Rule: 5, 13, \Sessions\1\BaseNamedObjects\DDrawWindowListMutex
151. Rule: 5, 13, \Sessions\1\BaseNamedObjects\DDrawDriverObjectListMutex
152. Rule: 5, 13, \Sessions\1\BaseNamedObjects\__DDrawExclMode__
153. Rule: 5, 13, \Sessions\1\BaseNamedObjects\__DDrawCheckExclMode__
154. Rule: 5, 13, \Sessions\1\BaseNamedObjects\_!SHMSFTHISTORY!_
155. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\MidiMapper_modLongMessage_RefCnt
156. Rule: 5, 13, \Sessions\1\BaseNamedObjects\MAPI-HP*
157. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\DDrawWindowListMutex
158. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\DDrawDriverObjectListMutex
159. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\__DDrawExclMode__
160. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\__DDrawCheckExclMode__
161. Rule: 5, 13, \Sessions\1\BaseNamedObjects\QuickTimeBroadcastMsgMutex
162. Rule: 5, 13, \Sessions\1\BaseNamedObjects\QuickTimeProcessInfoMutex
163. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\AcrobatDesignerSplash
164. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\AcrobatViewerIsRunning
165. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\AcroSrchMutexProtectThread
166. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\AcroCatalogMutexProtectThread
167. Rule: 5, 13, \Sessions\1\BaseNamedObjects\SWSPROF Mutex
168. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex
169. Rule: 5, 13, \Sessions\1\BaseNamedObjects\EDC_*_MUTEX
170. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech*
171. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech*
172. Rule: 5, 13, \Sessions\1\BaseNamedObjects\Global\GoogleJapaneseInput.mutex.*
173. Rule: 4, 9, CTF.ThreadMIConnectionEvent.*
174. Rule: 4, 9, CTF.ThreadMarshalInterfaceEvent.*
175. Rule: 4, 9, MSCTF.SendReceiveConection.Event.*
176. Rule: 4, 9, MSCTF.SendReceive.Event.*
177. Rule: 4, 9, MSCTF.CheckThreadInptIdle.Event.*
178. Rule: 4, 9, AtlTraceModuleManager_ProcessAddedStatic*
179. Rule: 4, 9, MSFT.VSA.COM.DISABLE
180. Rule: 4, 9, Global\TabletHardwarePresent
181. Rule: 4, 9, C63E89DC-9712-40e4-9CDB-B3BE855B6C79*
182. Rule: 4, 9, C7764963-1E50-4f24-91A4-A1BC5EBA2747*
183. Rule: 4, 9, Preferences_Dialog
184. Rule: 4, 9, __Acroform::WorkflowInfoMutext__
185. Rule: 4, 9, PPKLite:CPasswordLockbox
186. Rule: 4, 9, CDataSync_DigSigCPrefsCab
187. Rule: 4, 9, CDataSync_APIconFile
188. Rule: 4, 9, CDataSync_FEATDataSync
189. Rule: 4, 9, CDataSync_AddressBook
190. Rule: 4, 9, Local\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech*
191. Rule: 4, 9, Local\HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech*
192. Rule: 4, 9, Global\Microsoft Smart Card Resource Manager*
193. Rule: 4, 9, Global\GoogleJapaneseInput.event.*
194. Rule: 4, 9, JsMmfAtok*
195. Rule: 4, 9, Serotek*
196. Rule: 0, 0, \??\pipe\C:\Users\w7\AppData\LocalLow\Adobe\Acrobat\11.0\Synchronizer\*
197. Rule: 0, 0, \??\pipe\C:\Users\w7\AppData\Roaming\Adobe\Acrobat\11.0\Synchronizer\*
198. Rule: 0, 0, \??\pipe\AIPC_SRV\pdfshell_*
199. Rule: 0, 0, \??\pipe\Microsoft Smart Card Resource*
200. Rule: 0, 0, \??\pipe\googlejapaneseinput*
201. Rule: 0, 0, \??\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E00*
202. Rule: 0, 0, \??\pipe\Serotek*