24 lines
704 B
Markdown
24 lines
704 B
Markdown
# Security Scope
|
|
|
|
Ehwrj is a clean-room replacement for the benign War Thunder live map behavior observed in the analyzed sample.
|
|
|
|
Allowed behavior:
|
|
|
|
- Connect to `127.0.0.1:8111` only
|
|
- Read local War Thunder map endpoints
|
|
- Store user settings in `%LOCALAPPDATA%\Ehwrj`
|
|
- Create an optional visible overlay window controlled by the user
|
|
|
|
Disallowed behavior:
|
|
|
|
- Clipboard listeners
|
|
- Cryptocurrency wallet matching or replacement
|
|
- Startup persistence
|
|
- Windows Update impersonation
|
|
- ZIP, PE, or resource modification
|
|
- Hidden external network communication
|
|
- Credential, cookie, wallet, browser, or messenger file collection
|
|
|
|
Issues or pull requests that add disallowed behavior should be rejected.
|
|
|