Created
July 31, 2019 22:02
-
-
Save ag-michael/f90751782090f8a92ce6ccc3629bccfc to your computer and use it in GitHub Desktop.
Process Mitigation policy for Windows hardening
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<root> | |
<SystemConfig> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
</SystemConfig> | |
<AppConfig Executable="7z.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="7zFM.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="7zG.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="Acrobat.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="AcroRd32.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="AcroRd32Info.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="chrome.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
</AppConfig> | |
<AppConfig Executable="communicator.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="excel.exe"> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
<SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="ExtExport.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="firefox.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false"></ASLR> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
</AppConfig> | |
<AppConfig Executable="Foxit Reader.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="googletalk.exe"> | |
<DEP Enable="false" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="ida64.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="ie4uinit.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="ieinstal.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="ielowutil.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="ieUnatt.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="iexplore.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="INFOPATH.EXE"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="iTunes.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="java.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="wscript.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="true" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="true" EnforceModuleDependencySigning="true" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="true" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="cscript.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="true" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="true" EnforceModuleDependencySigning="true" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="true" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="javaw.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="javaws.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="LYNC.EXE"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="mirc.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="msaccess.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="mscorsvw.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="msfeedssync.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="mshta.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="mspub.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="ngen.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="ngentask.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="OIS.EXE"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="oulook.exe"> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
</AppConfig> | |
<AppConfig Executable="outlook.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="Photoshop.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="pidgin.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="plugin-container.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="powerpnt.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="PPTVIEW.EXE"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="PresentationHost.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
<Heap TerminateOnError="true" OverrideHeap="false"></Heap> | |
</AppConfig> | |
<AppConfig Executable="PrintDialog.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="PrintIsolationHost.exe"></AppConfig> | |
<AppConfig Executable="QuickTimePlayer.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="rar.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="RdrCEF.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="RdrServicesUpdater.exe"> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false"></ASLR> | |
</AppConfig> | |
<AppConfig Executable="realconverter.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="realplay.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="runtimebroker.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="Safari.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="SkyDrive.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="Skype.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="splwow64.exe"></AppConfig> | |
<AppConfig Executable="spoolsv.exe"></AppConfig> | |
<AppConfig Executable="svchost.exe"></AppConfig> | |
<AppConfig Executable="SystemSettings.exe"> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
</AppConfig> | |
<AppConfig Executable="thunderbird.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="unrar.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="visio.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="vlc.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="vpreview.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="winamp.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="WindowsLiveWriter.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="winrar.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="Winword.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="true" ForceRelocateImages="true" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="true" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="true" AuditOnly="false" OverrideFontDisable="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="winzip32.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="winzip64.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="wlmail.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="WLXPhotoGallery.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="wmplayer.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="false" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
<AppConfig Executable="wordpad.exe"> | |
<DEP Enable="true" EmulateAtlThunks="false" OverrideDEP="false"></DEP> | |
<ASLR Enable="false" ForceRelocateImages="false" OverrideForceRelocateImages="false" BottomUp="true" HighEntropy="true" OverrideBottomUp="false"></ASLR> | |
<StrictHandle Enable="false" OverrideStrictHandle="false"></StrictHandle> | |
<SystemCall DisableWin32kSystemCalls="false" OverrideSystemCall="false" Audit="false"></SystemCall> | |
<ExtensionPoints DisableExtensionPoints="false" OverrideExtensionPoint="false"></ExtensionPoints> | |
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" OverrideDynamicCode="false" Audit="false"></DynamicCode> | |
<ControlFlowGuard Enable="true" SuppressExports="false" OverrideCFG="false" StrictControlFlowGuard="false" OverrideStrictCFG="false"></ControlFlowGuard> | |
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" OverrideMicrosoftSignedOnly="false" Audit="false" EnforceModuleDependencySigning="false" OverrideEnforceModuleDependencySigning="false"></SignedBinaries> | |
<Fonts DisableNonSystemFonts="false" AuditOnly="false" OverrideFontDisable="false" Audit="false"></Fonts> | |
<ImageLoad BlockRemoteImageLoads="true" OverrideBlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" OverrideBlockLowLabel="false" PreferSystem32="false" OverridePreferSystem32="false" AuditRemoteImageLoads="false" AuditLowLabelImageLoads="false" AuditPreferSystem32="false"></ImageLoad> | |
<Payload EnableExportAddressFilter="true" OverrideExportAddressFilter="false" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" OverrideExportAddressFilterPlus="false" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" OverrideImportAddressFilter="false" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" OverrideEnableRopStackPivot="false" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" OverrideEnableRopCallerCheck="false" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" OverrideEnableRopSimExec="false" AuditEnableRopSimExec="false"></Payload> | |
<SEHOP Enable="true" TelemetryOnly="false" OverrideSEHOP="false" Audit="false"></SEHOP> | |
<Heap TerminateOnError="false" OverrideHeap="false"></Heap> | |
<ChildProcess DisallowChildProcessCreation="false" OverrideChildProcess="false" Audit="false"></ChildProcess> | |
</AppConfig> | |
</root> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@TheWeak3stLink you too, happy new years!