Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e2fdff574a...18.exe

windows7-x64

10

e2fdff574a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2024, 19:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2fdff574a795d5663d615e921b81f7c_JaffaCakes118.exe

  • Size

    199KB

  • MD5

    e2fdff574a795d5663d615e921b81f7c

  • SHA1

    e6c35947635a77ffe3b5140c2a4c4eb72de6919d

  • SHA256

    562effd04841e97a20f227a90cbe032e31ebc5752395c6fc68539c92c0140622

  • SHA512

    98d6b5bc88dde3f849a9705e19f1045b4ac3912608dd2793f3e114dc7cc62e605e74c21865913d18cb53431ad3d81103e226be23339abaa8da55462b2a149c2f

  • SSDEEP

    6144:Ozii12HtAmr+ERwrA2AOymENlsiONXQi:O/+xSAnvNlsiON

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Checks computer location settings 2 TTPs 24 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 24 IoCs
  • Maps connected drives based on registry 3 TTPs 48 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2fdff574a795d5663d615e921b81f7c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2fdff574a795d5663d615e921b81f7c_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Maps connected drives based on registry
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Windows\SysWOW64\igfxmgv32.exe
      "C:\Windows\system32\igfxmgv32.exe" C:\Users\Admin\AppData\Local\Temp\E2FDFF~1.EXE
      2⤵
      • Checks computer location settings
      • Deletes itself
      • Executes dropped EXE
      • Maps connected drives based on registry
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Windows\SysWOW64\igfxmgv32.exe
        "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Maps connected drives based on registry
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2936
        • C:\Windows\SysWOW64\igfxmgv32.exe
          "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Maps connected drives based on registry
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4620
          • C:\Windows\SysWOW64\igfxmgv32.exe
            "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Maps connected drives based on registry
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1656
            • C:\Windows\SysWOW64\igfxmgv32.exe
              "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Maps connected drives based on registry
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3548
              • C:\Windows\SysWOW64\igfxmgv32.exe
                "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                7⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Maps connected drives based on registry
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4316
                • C:\Windows\SysWOW64\igfxmgv32.exe
                  "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                  8⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Maps connected drives based on registry
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:1284
                  • C:\Windows\SysWOW64\igfxmgv32.exe
                    "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                    9⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Maps connected drives based on registry
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:1760
                    • C:\Windows\SysWOW64\igfxmgv32.exe
                      "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                      10⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Maps connected drives based on registry
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:3096
                      • C:\Windows\SysWOW64\igfxmgv32.exe
                        "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                        11⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Maps connected drives based on registry
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of WriteProcessMemory
                        PID:4040
                        • C:\Windows\SysWOW64\igfxmgv32.exe
                          "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                          12⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Maps connected drives based on registry
                          • Drops file in System32 directory
                          • System Location Discovery: System Language Discovery
                          • Modifies registry class
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of WriteProcessMemory
                          PID:4832
                          • C:\Windows\SysWOW64\igfxmgv32.exe
                            "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                            13⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • Maps connected drives based on registry
                            • Drops file in System32 directory
                            • System Location Discovery: System Language Discovery
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of WriteProcessMemory
                            PID:4792
                            • C:\Windows\SysWOW64\igfxmgv32.exe
                              "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                              14⤵
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Maps connected drives based on registry
                              • Drops file in System32 directory
                              • System Location Discovery: System Language Discovery
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of WriteProcessMemory
                              PID:5092
                              • C:\Windows\SysWOW64\igfxmgv32.exe
                                "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                15⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Maps connected drives based on registry
                                • Drops file in System32 directory
                                • System Location Discovery: System Language Discovery
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of WriteProcessMemory
                                PID:1816
                                • C:\Windows\SysWOW64\igfxmgv32.exe
                                  "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                  16⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Maps connected drives based on registry
                                  • Drops file in System32 directory
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of WriteProcessMemory
                                  PID:752
                                  • C:\Windows\SysWOW64\igfxmgv32.exe
                                    "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                    17⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • Maps connected drives based on registry
                                    • Drops file in System32 directory
                                    • System Location Discovery: System Language Discovery
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of WriteProcessMemory
                                    PID:1968
                                    • C:\Windows\SysWOW64\igfxmgv32.exe
                                      "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                      18⤵
                                      • Checks computer location settings
                                      • Executes dropped EXE
                                      • Maps connected drives based on registry
                                      • Drops file in System32 directory
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of WriteProcessMemory
                                      PID:3944
                                      • C:\Windows\SysWOW64\igfxmgv32.exe
                                        "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                        19⤵
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • Maps connected drives based on registry
                                        • Drops file in System32 directory
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of WriteProcessMemory
                                        PID:3912
                                        • C:\Windows\SysWOW64\igfxmgv32.exe
                                          "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                          20⤵
                                          • Checks computer location settings
                                          • Executes dropped EXE
                                          • Maps connected drives based on registry
                                          • Drops file in System32 directory
                                          • System Location Discovery: System Language Discovery
                                          • Modifies registry class
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of WriteProcessMemory
                                          PID:1144
                                          • C:\Windows\SysWOW64\igfxmgv32.exe
                                            "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                            21⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            • Maps connected drives based on registry
                                            • Drops file in System32 directory
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious use of WriteProcessMemory
                                            PID:2116
                                            • C:\Windows\SysWOW64\igfxmgv32.exe
                                              "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                              22⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Maps connected drives based on registry
                                              • Drops file in System32 directory
                                              • System Location Discovery: System Language Discovery
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of WriteProcessMemory
                                              PID:2320
                                              • C:\Windows\SysWOW64\igfxmgv32.exe
                                                "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                                23⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Maps connected drives based on registry
                                                • Drops file in System32 directory
                                                • System Location Discovery: System Language Discovery
                                                • Modifies registry class
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:3744
                                                • C:\Windows\SysWOW64\igfxmgv32.exe
                                                  "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                                  24⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Maps connected drives based on registry
                                                  • Drops file in System32 directory
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4084
                                                  • C:\Windows\SysWOW64\igfxmgv32.exe
                                                    "C:\Windows\system32\igfxmgv32.exe" C:\Windows\SysWOW64\IGFXMG~1.EXE
                                                    25⤵
                                                    • Executes dropped EXE
                                                    PID:4808
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 572
                                                      26⤵
                                                      • Program crash
                                                      PID:4080
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4808 -ip 4808
    1⤵
      PID:1712

    Network

    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      92.12.20.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      92.12.20.2.in-addr.arpa
      IN PTR
      Response
      92.12.20.2.in-addr.arpa
      IN PTR
      a2-20-12-92deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      134.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      92.12.20.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      92.12.20.2.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\igfxmgv32.exe
      Filesize

      199KB

      MD5

      e2fdff574a795d5663d615e921b81f7c

      SHA1

      e6c35947635a77ffe3b5140c2a4c4eb72de6919d

      SHA256

      562effd04841e97a20f227a90cbe032e31ebc5752395c6fc68539c92c0140622

      SHA512

      98d6b5bc88dde3f849a9705e19f1045b4ac3912608dd2793f3e114dc7cc62e605e74c21865913d18cb53431ad3d81103e226be23339abaa8da55462b2a149c2f

      Download Submit

    • memory/752-103-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1100-39-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1100-41-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1100-43-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1144-120-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1284-69-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1656-58-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1760-73-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1816-99-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/1968-108-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/2116-124-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/2320-128-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/2936-49-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/2936-45-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3096-76-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3420-3-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3420-40-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3420-1-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3420-0-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3420-2-0x000000000046E000-0x000000000047D000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3548-61-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3744-132-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3912-116-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3944-106-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3944-112-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4040-82-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4084-136-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4316-64-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4620-53-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4620-50-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4792-90-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4808-137-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4832-86-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4832-80-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/5092-94-0x0000000000400000-0x000000000047E000-memory.dmp

      Filesize

      504KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.