Created
July 31, 2019 22:02
-
-
Save ag-michael/f90751782090f8a92ce6ccc3629bccfc to your computer and use it in GitHub Desktop.
Process Mitigation policy for Windows hardening
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <root> | |
| <SystemConfig> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| </SystemConfig> | |
| <AppConfig Executable="7z.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="7zFM.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="7zG.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="Acrobat.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="AcroRd32.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="AcroRd32Info.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="chrome.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| </AppConfig> | |
| <AppConfig Executable="communicator.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="excel.exe"> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
| <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="ExtExport.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="firefox.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false"></ASLR> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| </AppConfig> | |
| <AppConfig Executable="Foxit Reader.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="googletalk.exe"> | |
| <DEP Enable="false" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="ida64.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="ie4uinit.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="ieinstal.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="ielowutil.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="ieUnatt.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="iexplore.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="INFOPATH.EXE"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="iTunes.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="java.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="wscript.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="true" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="true" EnforceModuleDependencySigning="true" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="true" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="cscript.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="true" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="true" EnforceModuleDependencySigning="true" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="true" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="javaw.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="javaws.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="LYNC.EXE"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="mirc.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="msaccess.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="mscorsvw.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="msfeedssync.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="mshta.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="mspub.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="ngen.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="ngentask.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="OIS.EXE"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="oulook.exe"> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| </AppConfig> | |
| <AppConfig Executable="outlook.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="Photoshop.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="pidgin.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="plugin-container.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="powerpnt.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="PPTVIEW.EXE"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="PresentationHost.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| <Heap TerminateOnError="true" OverrideHeap="false"></Heap> | |
| </AppConfig> | |
| <AppConfig Executable="PrintDialog.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="PrintIsolationHost.exe"></AppConfig> | |
| <AppConfig Executable="QuickTimePlayer.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="rar.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="RdrCEF.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="RdrServicesUpdater.exe"> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
| </AppConfig> | |
| <AppConfig Executable="realconverter.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="realplay.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="runtimebroker.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="Safari.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="SkyDrive.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="Skype.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="splwow64.exe"></AppConfig> | |
| <AppConfig Executable="spoolsv.exe"></AppConfig> | |
| <AppConfig Executable="svchost.exe"></AppConfig> | |
| <AppConfig Executable="SystemSettings.exe"> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| </AppConfig> | |
| <AppConfig Executable="thunderbird.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="unrar.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="visio.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="vlc.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="vpreview.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="winamp.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="WindowsLiveWriter.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="winrar.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="Winword.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="winzip32.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="winzip64.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="wlmail.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="WLXPhotoGallery.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="wmplayer.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| <AppConfig Executable="wordpad.exe"> | |
| <DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
| <ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
| <StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
| <SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
| <ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
| <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
| <ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
| <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
| <Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
| <ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
| <Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
| <SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
| <Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
| <ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
| </AppConfig> | |
| </root> |
@TheWeak3stLink : System-wide ASLR is enabled, it would be redundant unless it diverges from the system-wide config.
So then why you explicitly try do disable it -> if the system wide ASLR policy will win?
@TheWeak3stLink Honestly forgot why exactly that was, You can run Get-ProcessMitigation -Name "chrome.exe" -RunningProces in powershell to see if that has any effect or not. I don't run chrome so I can't validate,but if you think this is an issue, do you mind testing a config with desired ASLR settings? I'd be happy to update this gist.
I was indeed using Get-ProcessMitigation during my research, but to be honest I don't remember what was the output for chorme.exe. I'll test again and let you know. Thanks for your answers! have a great new year's eve! :)
@TheWeak3stLink you too, happy new years!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Don't understand why ASLR is not enforced for chrome.exe Is there any incompatibility?