PolicyAnalyzer_GetLocalPolicy.exe

  • File Path: C:\PolicyAnalyzer_40\PolicyAnalyzer_GetLocalPolicy.exe
  • Description: Utility program used by Policy Analyzer
  • Comments: Created by Aaron Margosis

Hashes

Type Hash
MD5 F5BDD8CF299AE6D01FB1899E77F27414
SHA1 F0093D1E4DF0038AE494F9944360B744CF99D78D
SHA256 E9F7635477B24AD5BBD0555687C8277AE200750F19804190326E59F6A3D51630
SHA384 D1A43F6B6269EA1ED3EEFC811E82424E96F1AC4F986C4A82E0F4A8CC8D2007798EEDBECFEAA6763F55484D1F39B42032
SHA512 1F45BC3FE8C3D611AC847DC0A0A8BD633D38398B2E8BD889C0312DD5D5FD6B356C4EE5A1A80F9C7B6BDA24ED53371061CE1D5903642492368CCE1ADFB2DC89A7
SSDEEP 384:6B0BrCzHj2bROoOqi400moUWV/ogD6B03K5cyHRN7WEtlMw:6KCzH6bBOsRD6B6K57
IMP F34D5F2D4577ED6D9CEEC516C1F5A744
PESHA1 2683475CEC11344B797A3166234CFC46AA1E7085
PE256 4C8E30EDA370584671907EE83DEB63CE2BE7FFCC012DA5548DAFE47F1AE6267B

Runtime Data

Window Title:

C:\PolicyAnalyzer_40\PolicyAnalyzer_GetLocalPolicy.exe

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(RW-) C:\xCyclopedia File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_1212 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\PolicyAnalyzer_40\PolicyAnalyzer_GetLocalPolicy.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001529B409F5056997588000000000152
  • Thumbprint: 711AF71DC4C4952C8ED65BB4BA06826ED3922A32
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: PolicyAnalyzer_GetLocalPolicy.exe
  • Product Name: Policy Analyzer
  • Company Name: Microsoft Corporation
  • File Version: 4.0.2004.13001
  • Product Version: 4.0.200413001
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/e9f7635477b24ad5bbd0555687c8277ae200750f19804190326e59f6a3d51630/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe 33
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe 35
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\CoreClr\Wex.Logger.Interop.dll 33
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\CoreClr\Wex.Logger.Interop.dll 33
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\NetFx4.5\TE.ManagedTestMode.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\NetFx4.5\Wex.Common.Managed.dll 36
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\NetFx4.5\Wex.Logger.Interop.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\TE.AppDomainManager.dll 32
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\MinTe\TE.ProcessHost.UAP.exe 35
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\NetFx4.5\TE.ManagedTestMode.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\NetFx4.5\Wex.Common.Managed.dll 36
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\NetFx4.5\Wex.Logger.Interop.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\TE.AppDomainManager.dll 32
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\TE.ProcessHost.UAP.exe 35
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Logger.Interop.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\CoreClr\Wex.Logger.Interop.dll 33
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\CoreClr\Wex.Logger.Interop.dll 33
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\NetFx4.5\TE.ManagedTestMode.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\NetFx4.5\Wex.Common.Managed.dll 36
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\NetFx4.5\Wex.Logger.Interop.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\TE.AppDomainManager.dll 32
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\MinTe\TE.ProcessHost.UAP.exe 35
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\NetFx4.5\TE.ManagedTestMode.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\NetFx4.5\Wex.Common.Managed.dll 36
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\NetFx4.5\Wex.Logger.Interop.dll 30
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\TE.AppDomainManager.dll 32
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\TE.ProcessHost.UAP.exe 35
C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\x64\Wex.Logger.Interop.dll 30

MIT License. Copyright (c) 2020-2021 Strontic.