Overview

overview

10

Static

static

10

d41eebef8d...18.exe

windows7-x64

10

d41eebef8d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2024, 23:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118.exe

  • Size

    3.2MB

  • MD5

    d41eebef8dcc0c21529bedf93c6b1287

  • SHA1

    dd314781d2656e47643d28861428ac3af2a0bf03

  • SHA256

    6a5828ebe60437b32192ea3a81ea04e90f24dc9b352b1680781cc22c742ff946

  • SHA512

    a0c022800cc24407c5700f0e5660491a1d6a7f0524e7db78bcadb3a1d8b8eeebd5074a75dc2fbc20df2068c4ccd7565dc18379bf6383c8204e6240c5bc112466

  • SSDEEP

    49152:anrhr/vAcWKv6X3o0GQN0s/g/ybPUt81yyxYHm9m9h2nrhr/vAcWKv6X3o0GQN0G:an/WG6H/THYHmucn/WG6H/x

Score
10/10
mercurialgrabberdiscoveryevasionexecutionpersistencespywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/886481040066084886/GavBAVIAnFkUCCzUAQgvH3xsZO-NLNK2GcXhcJBrSYy-k1gyyyCyjZ6VzxoNFb_9RIZb

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Mercurialgrabber family
    mercurialgrabber
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1984
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Windows\SysWOW64\rundll32.exe
          "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:948
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2884
            • C:\Windows\SysWOW64\rundll32.exe
              "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:2372
              • C:\Windows\SysWOW64\rundll32.exe
                "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                7⤵
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:2060
                • C:\Windows\SysWOW64\rundll32.exe
                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  PID:2604
                  • C:\Windows\SysWOW64\rundll32.exe
                    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                    9⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    PID:2008
                    • C:\Windows\SysWOW64\rundll32.exe
                      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                      10⤵
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      PID:556
                      • C:\Windows\SysWOW64\rundll32.exe
                        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                        11⤵
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        PID:1020
                        • C:\Windows\SysWOW64\rundll32.exe
                          "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                          12⤵
                          • System Location Discovery: System Language Discovery
                          • Modifies registry class
                          PID:2680
                          • C:\Windows\SysWOW64\rundll32.exe
                            "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                            13⤵
                            • System Location Discovery: System Language Discovery
                            • Modifies registry class
                            PID:2608
                            • C:\Windows\SysWOW64\rundll32.exe
                              "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                              14⤵
                              • System Location Discovery: System Language Discovery
                              • Modifies registry class
                              PID:2252
                              • C:\Windows\SysWOW64\rundll32.exe
                                "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                15⤵
                                • System Location Discovery: System Language Discovery
                                • Modifies registry class
                                PID:1576
                                • C:\Windows\SysWOW64\rundll32.exe
                                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                  16⤵
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  PID:2860
                                  • C:\Windows\SysWOW64\rundll32.exe
                                    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                    17⤵
                                    • System Location Discovery: System Language Discovery
                                    • Modifies registry class
                                    PID:3016
                                    • C:\Windows\SysWOW64\rundll32.exe
                                      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                      18⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:2968
                                      • C:\Windows\SysWOW64\rundll32.exe
                                        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                        19⤵
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        PID:1996
                                        • C:\Windows\SysWOW64\rundll32.exe
                                          "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                          20⤵
                                          • System Location Discovery: System Language Discovery
                                          • Modifies registry class
                                          PID:1980
                                          • C:\Windows\SysWOW64\rundll32.exe
                                            "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                            21⤵
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            PID:1352
                                            • C:\Windows\SysWOW64\rundll32.exe
                                              "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                              22⤵
                                              • System Location Discovery: System Language Discovery
                                              • Modifies registry class
                                              PID:2876
                                              • C:\Windows\SysWOW64\rundll32.exe
                                                "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                                23⤵
                                                • System Location Discovery: System Language Discovery
                                                • Modifies registry class
                                                PID:1176
                                                • C:\Windows\SysWOW64\rundll32.exe
                                                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                                  24⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies registry class
                                                  PID:2900
                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                                    25⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies registry class
                                                    PID:920
                                                    • C:\Windows\SysWOW64\rundll32.exe
                                                      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\V3sd6rat3V.rar
                                                      26⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:656
    • C:\Users\Admin\AppData\Local\Temp\48j6jMTInx.exe
      "C:\Users\Admin\AppData\Local\Temp\48j6jMTInx.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\48j6jMTInx.exe"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2092
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 1228
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2120
    • C:\Users\Admin\AppData\Local\Temp\geZIiSNgdY.exe
      "C:\Users\Admin\AppData\Local\Temp\geZIiSNgdY.exe"
      2⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Maps connected drives based on registry
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3008 -s 1332
        3⤵
          PID:2412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 1328
        2⤵
        • Program crash
        PID:2288

    Network

    • flag-us
      DNS
      ipv4bot.whatismyipaddress.com
      48j6jMTInx.exe
      Remote address:
      8.8.8.8:53
      Request
      ipv4bot.whatismyipaddress.com
      IN A
      Response
    • flag-us
      DNS
      ip4.seeip.org
      geZIiSNgdY.exe
      Remote address:
      8.8.8.8:53
      Request
      ip4.seeip.org
      IN A
      Response
      ip4.seeip.org
      IN A
      23.128.64.141
    • flag-us
      DNS
      ip-api.com
      geZIiSNgdY.exe
      Remote address:
      8.8.8.8:53
      Request
      ip-api.com
      IN A
      Response
      ip-api.com
      IN A
      208.95.112.1
    • flag-us
      GET
      http://ip-api.com//json/
      geZIiSNgdY.exe
      Remote address:
      208.95.112.1:80
      Request
      GET //json/ HTTP/1.1
      Host: ip-api.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 07 Dec 2024 23:21:26 GMT
      Content-Type: application/json; charset=utf-8
      Content-Length: 291
      Access-Control-Allow-Origin: *
      X-Ttl: 60
      X-Rl: 44
    • flag-us
      DNS
      discord.com
      geZIiSNgdY.exe
      Remote address:
      8.8.8.8:53
      Request
      discord.com
      IN A
      Response
      discord.com
      IN A
      162.159.128.233
      discord.com
      IN A
      162.159.135.232
      discord.com
      IN A
      162.159.136.232
      discord.com
      IN A
      162.159.137.232
      discord.com
      IN A
      162.159.138.232
    • 23.128.64.141:443
      ip4.seeip.org
      geZIiSNgdY.exe
      152 B
       3
    • 208.95.112.1:80
      http://ip-api.com//json/
      http
      geZIiSNgdY.exe
      296 B
       600 B
       5
      3

      HTTP Request

      GET http://ip-api.com//json/

      HTTP Response

      200
    • 162.159.128.233:443
      discord.com
      tls
      geZIiSNgdY.exe
      345 B
       219 B
       5
      5
    • 162.159.128.233:443
      discord.com
      tls
      geZIiSNgdY.exe
      345 B
       219 B
       5
      5
    • 8.8.8.8:53
      ipv4bot.whatismyipaddress.com
      dns
      48j6jMTInx.exe
      75 B
       134 B
       1
      1

      DNS Request

      ipv4bot.whatismyipaddress.com

    • 8.8.8.8:53
      ip4.seeip.org
      dns
      geZIiSNgdY.exe
      59 B
       75 B
       1
      1

      DNS Request

      ip4.seeip.org

      DNS Response

      23.128.64.141

    • 8.8.8.8:53
      ip-api.com
      dns
      geZIiSNgdY.exe
      56 B
       72 B
       1
      1

      DNS Request

      ip-api.com

      DNS Response

      208.95.112.1

    • 8.8.8.8:53
      discord.com
      dns
      geZIiSNgdY.exe
      57 B
       137 B
       1
      1

      DNS Request

      discord.com

      DNS Response

      162.159.128.233
      162.159.135.232
      162.159.136.232
      162.159.137.232
      162.159.138.232

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Command and Scripting Interpreter

    1
    T1059

    PowerShell

    1
    T1059.001

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Virtualization/Sandbox Evasion

    2
    T1497

    Credential Access

    Credentials from Password Stores

    1
    T1555

    Credentials from Web Browsers

    1
    T1555.003

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Peripheral Device Discovery

    2
    T1120

    Query Registry

    7
    T1012

    System Information Discovery

    6
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Virtualization/Sandbox Evasion

    2
    T1497

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Command and Control

    Web Service

    1
    T1102

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
      Filesize

      7KB

      MD5

      87d6c14c2ba5c490f9e1c652fa39f08d

      SHA1

      4e2def4922f8b1ecdbd7a9999ecf05cd1fb06129

      SHA256

      044ff02518b8cf02326286723b20e128f1f39a8d1f74cc42769d4fb51817cf7a

      SHA512

      3b6341b6478d4dea7796265bcd28f2d5ab1713d26893ab45c85e890950d9df9147f7223e39a056d6141e4f5b37c2238d850cdb5247c814dadb86d566a854fdce

      Download Submit

    • \Users\Admin\AppData\Local\Temp\48j6jMTInx.exe
      Filesize

      1.4MB

      MD5

      0998ebd47787a9e139a4eb9378f7801f

      SHA1

      4896fbb126c9cf03b9454030188f644416e7068e

      SHA256

      934d176a2b4df76195cffd2c4993208cc1a222e599b9c9172c01bfb97a668397

      SHA512

      7c824bd53611b76caaf458bbed1c419da0bd61f56290f7622e60469e5976aa6342beaa3b8ef95b4a1df0477c1a2d0a85a1fc8166fa6419daee8af107f3372352

      Download Submit

    • \Users\Admin\AppData\Local\Temp\geZIiSNgdY.exe
      Filesize

      41KB

      MD5

      3eef3b30e3f25541c7ccfcf1dcee03b3

      SHA1

      aa01479ba8072c0f63f7f8f27a81f01281276ab9

      SHA256

      7616a7fa35d002ac2938172487f567953895a72e2a4b1e9bf6b8cc8ae91ea69b

      SHA512

      c21045b5c0c14f0841c5d4390820f5c27a223e4ca483782e8d9ddb5a277997b5a2c27ac261d5bfcc5471636c432900e54b54eaa6455891426505691286f23465

      Download Submit

    • memory/1096-6-0x0000000000BB0000-0x0000000000C2C000-memory.dmp

      Filesize

      496KB

      Download

    • memory/1096-5-0x0000000073DB0000-0x000000007449E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1096-0-0x0000000073DBE000-0x0000000073DBF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1096-4-0x0000000073DB0000-0x000000007449E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1096-3-0x0000000073DB0000-0x000000007449E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1096-2-0x0000000073DB0000-0x000000007449E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1096-35-0x0000000073DBE000-0x0000000073DBF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1096-36-0x0000000073DB0000-0x000000007449E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1096-1-0x0000000001070000-0x0000000001312000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2712-22-0x0000000000C70000-0x0000000000F12000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/3008-24-0x0000000000310000-0x0000000000320000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.