{
meta:
author = "@neonprimetime"
description = "Cloud Remote Control Url Accessed"
strings:
$string0 = "teamviewer" nocase
$string1 = "splashtop" nocase
$string2 = "ammyy" nocase
$string3 = "mikogo" nocase
$string4 = "uvnc" nocase
$string5 = "gbchcmhmhahfdphkhkmpfmihenigjmpp" nocase
$string6 = "logmein" nocase
$string7 = "join.me" nocase
$string8 = "realvnc" nocase
$string9 = "dameware" nocase
$string10 = "dwservice" nocase
$string11 = "anydesk" nocase
condition:
1 of them
}
rule WebMailUrlAccessed
{
meta:
author = "@neonprimetime"
description = "Web Mail Url Accessed"
strings:
$string0 = "mail.yahoo.com" nocase
$string1 = "@gmail.com" nocase
$string2 = "outlook.live.com" nocase
$string3 = "mail.protonmail.com" nocase
$string4 = "zoho.com" nocase
$string5 = "yandex.com" nocase
$string6 = "tutanota.com" nocase
$string7 = "kolbanow.com" nocase
$string8 = "fastmail.com" nocase
$string10 = "posteo.de" nocase
$string11 = "startmail.com" nocase
$string12 = "runbox.com" nocase
$string13 = "mailfence.com" nocase
$string14 = "countermail.com" nocase
condition:
1 of them
}
rule CloudFileStorageUrlAccessed
{
meta:
author = "@neonprimetime"
description = "Cloud File Storage Url Accessed"
strings:
$string0 = "dropbox.com" nocase
$string1 = "drive.google.com" nocase
$string2 = "wetransfer.com" nocase
$string3 = "pcloud.com" nocase
$string4 = "tresorit.com" nocase
$string5 = "sync.com" nocase
$string6 = "onedrive.live.com" nocase
$string7 = ".box.com" nocase
$string8 = "spideroak.com" nocase
$string9 = "mega.nz" nocase
$string10 = "jottacloud.com" nocase
$string11 = "teamdrive.com" nocase
$string12 = "mediafire.com" nocase
$string13 = "cloudup.com" nocase
$string14 = "cloudme.com" nocase
condition:
1 of them
}
rule LateralMovementAttempt
{
meta:
author = "@neonprimetime"
description = "Lateral Movement Attempt"
strings:
$string0 = "mstsc" nocase
$string1 = "psexec" nocase
$string2 = "\\nc.exe" nocase
$string3 = "/nc.exe" nocase
$string2 = "\\nc64.exe" nocase
$string3 = "/nc64.exe" nocase
$string2 = "\\netcat.exe" nocase
$string3 = "/netcat.exe" nocase
$string4 = "putty.exe" nocase
$string5 = "mobax" nocase
$string6 = "securecrt" nocase
$string7 = "ssh.exe" nocase
$string8 = "winrs" nocase
condition:
1 of them
}
rule ShortExecutableName
{
meta:
author = "@neonprimetime"
description = "Short Executable Name"
strings:
$string0 = "/0.exe" nocase
$string1 = "/1.exe" nocase
$string2 = "/2.exe" nocase
$string3 = "/3.exe" nocase
$string4 = "/4.exe" nocase
$string5 = "/5.exe" nocase
$string6 = "/6.exe" nocase
$string7 = "/7.exe" nocase
$string8 = "/8.exe" nocase
$string9 = "/9.exe" nocase
$string10 = "\\0.exe" nocase
$string11 = "\\1.exe" nocase
$string12 = "\\2.exe" nocase
$string13 = "\\3.exe" nocase
$string14 = "\\4.exe" nocase
$string15 = "\\5.exe" nocase
$string16 = "\\6.exe" nocase
$string17 = "\\7.exe" nocase
$string18 = "\\8.exe" nocase
$string19 = "\\9.exe" nocase
$string20 = "/a.exe" nocase
$string21 = "/b.exe" nocase
$string22 = "/c.exe" nocase
$string23 = "/d.exe" nocase
$string24 = "/e.exe" nocase
$string25 = "/f.exe" nocase
$string26 = "/g.exe" nocase
$string27 = "/h.exe" nocase
$string28 = "/i.exe" nocase
$string29 = "/j.exe" nocase
$string30 = "/k.exe" nocase
$string31 = "/l.exe" nocase
$string32 = "/m.exe" nocase
$string33 = "/n.exe" nocase
$string34 = "/o.exe" nocase
$string35 = "/p.exe" nocase
$string36 = "/q.exe" nocase
$string37 = "/r.exe" nocase
$string38 = "/s.exe" nocase
$string39 = "/t.exe" nocase
$string40 = "/u.exe" nocase
$string41 = "/v.exe" nocase
$string42 = "/w.exe" nocase
$string43 = "/x.exe" nocase
$string44 = "/y.exe" nocase
$string45 = "/z.exe" nocase
$string46 = "\\a.exe" nocase
$string47 = "\\b.exe" nocase
$string48 = "\\c.exe" nocase
$string49 = "\\d.exe" nocase
$string50 = "\\e.exe" nocase
$string51 = "\\f.exe" nocase
$string52 = "\\g.exe" nocase
$string53 = "\\h.exe" nocase
$string54 = "\\i.exe" nocase
$string55 = "\\j.exe" nocase
$string56 = "\\k.exe" nocase
$string57 = "\\l.exe" nocase
$string58 = "\\m.exe" nocase
$string59 = "\\n.exe" nocase
$string60 = "\\o.exe" nocase
$string61 = "\\p.exe" nocase
$string62 = "\\q.exe" nocase
$string63 = "\\r.exe" nocase
$string64 = "\\s.exe" nocase
$string65 = "\\t.exe" nocase
$string66 = "\\u.exe" nocase
$string67 = "\\v.exe" nocase
$string68 = "\\w.exe" nocase
$string69 = "\\x.exe" nocase
$string70 = "\\y.exe" nocase
$string71 = "\\z.exe" nocase
condition:
1 of them
}
rule PolicyViolation
{
meta:
author = "@neonprimetime"
description = "Policy Violation"
strings:
$string0 = "disableuac" nocase
condition:
1 of them
}
rule LivingOffLandCommand
{
meta:
author = "@neonprimetime"
description = "Living Off the Land Command"
strings:
$string0 = "mshta.exe" nocase
$string1 = "nbstat.exe" nocase
$string5 = "/query.exe" nocase
$string6 = "\\query.exe" nocase
$string8 = "bitsadmin.exe" nocase
$string9 = "curl.exe" nocase
$string10 = "wget.exe" nocase
$string11 = "systeminfo.exe" nocase
$string12 = "certutil.exe" nocase
condition:
1 of them
}
rule PhishingAttachmentThemePossible
{
meta:
author = "@neonprimetime"
description = "Phishing Attachment Theme Possible"
strings:
$string0a = "invoice." nocase
$string0b = "invoice " nocase
$string1 = "factura" nocase
$string2 = "wiretransfer" nocase
$string4a = "payment" nocase
$string4b = "payment." nocase
$string6a = "eFAX " nocase
$string6b = "eFAX." nocase
$string7 = "Fattura" nocase
$string8 = "Enquiry" nocase
$string9 = "QUOTATION" nocase
$string10 = "receipt " nocase
$string10 = "receipt." nocase
$string11a = "payroll." nocase
$string11b = "payroll " nocase
$string12 = "PO#" nocase
$string13 = "Proforma" nocase
$string14 = "Purchase." nocase
$string14 = "Purchase " nocase
$string14 = "PurchaseOrder" nocase
condition:
1 of them
}
rule ClearTextPasswordFile
{
meta:
author = "@neonprimetime"
description = "Clear Text Password File"
strings:
$string0 = "password.txt" nocase
$string1 = "pwd.txt" nocase
$string2 = "passwd.txt" nocase
$string3 = "password.doc" nocase
$string4 = "pwd.doc" nocase
$string5 = "passwd.doc" nocase
$string6 = "password.xls" nocase
$string7 = "pwd.xls" nocase
$string8 = "passwd.xls" nocase
$string9 = "passwords.txt" nocase
$string10 = "pwds.txt" nocase
$string11 = "passwds.txt" nocase
$string12 = "passwords.doc" nocase
$string13 = "pwds.doc" nocase
$string14 = "passwds.doc" nocase
$string15 = "passwords.xls" nocase
$string16 = "pwds.xls" nocase
$string17 = "passwds.xls" nocase
$string18 = "web.config" nocase
$string19 = "application.config" nocase
condition:
1 of them
}
rule AdminUrlAccessed
{
meta:
author = "@neonprimetime"
description = "Admin Web Pages"
strings:
$string0 = "/admin/" nocase
$string1 = "/wp-admin/" nocase
condition:
1 of them
}
rule HackingToolFound
{
meta:
author = "@neonprimetime"
description = "Hacking Tool Found"
strings:
$string0 = "kali.exe" nocase
$string2 = "wireshark" nocase
$string3 = "bloodhound" nocase
$string4 = "obfuscation" nocase
$string5 = "shellcode" nocase
$string6 = "keylogger" nocase
$string7 = "bypassuac" nocase
$string8 = "tokenmanipulation" nocase
$string10 = "passhash" nocase
$string11 = "kerberoast" nocase
$string12 = "ninja" nocase
$string13 = "memorynps" nocase
$string14 = "metasploit" nocase
$string15 = "smbexec" nocase
$string16 = "gpppassword" nocase
$string17 = "arpscan" nocase
$string18 = "dnscat" nocase
$string19 = "aircrack" nocase
$string20 = "bulletspassview" nocase
$string21 = "chromepass" nocase
$string22 = "credentialsfileview" nocase
$string23 = "echo.exe" nocase
$string24 = "hydra.exe" nocase
$string25 = "iepv.exe" nocase
$string26 = "inssidersetup" nocase
$string28 = "mailpv.exe" nocase
$string29 = "ministumblersetup" nocase
$string33 = "netpass.exe" nocase
$string34 = "netstumbler" nocase
$string35 = "nltest.exe" nocase
$string36 = "ophcrack" nocase
$string37 = "rdpv.exe" nocase
$string38 = "setspn" nocase
$string39 = "sniffpass" nocase
$string40 = "vaultpasswordview" nocase
$string41 = "\\ver.exe" nocase
$string42 = "vncpassview" nocase
$string43 = "webbrowserpassview" nocase
condition:
1 of them
}
rule HackingCodeFound
{
meta:
author = "@neonprimetime"
description = "Hacking Code Found"
strings:
$string0 = "WriteProcessMemory" nocase
$string1 = "VirtualAlloc" nocase
$string2 = "SetWindowsHook" nocase
$string3 = "SHCreateThread" nocase
$string4 = "FromBase64String" nocase
$string5 = "PromptForCredential" nocase
$string6 = "AdjustTokenPrivileges" nocase
$string7 = "KerberosRequestorSecurityToken" nocase
$string8 = "UnsafeNativeMethods" nocase
$string9 = "ReadProcessMemoryMiniDumpWriteDump" nocase
$string10 = "TOKEN_ADJUST_PRIVILEGES" nocase
$string11 = "TOKEN_IMPERSONATE" nocase
$string12 = "TOKEN_ELEVATION" nocase
$string13 = "TOKEN_ALL_ACCESS" nocase
condition:
1 of them
}
rule PasswordDumpAttempt
{
meta:
author = "@neonprimetime"
description = "Password Dump Temp"
strings:
$string0 = "mimikatz" nocase
$string1 = "procdump" nocase
$string3 = "hashdump" nocase
$string4 = "pwdump" nocase
$string5 = "lsadump" nocase
condition:
1 of them
}
rule ExternalDriveAccessed
{
meta:
author = "@neonprimetime"
description = "External Drive Accessed"
strings:
$string4 = "file:///f:/" nocase
$string6 = "file:///g:/" nocase
$string8 = "mfeprom" nocase
condition:
1 of them
}
rule HackerOutputFile
{
meta:
author = "@neonprimetime"
description = "Hacker Output Files"
strings:
$string0 = "acls.csv" nocase
$string1 = "bloodhound.csv" nocase
$string2 = "dump.csv" nocase
$string3 = "dump.xml" nocase
$string4 = "dump.zip" nocase
$string5 = "firewall.txt" nocase
$string6 = "group_memberships.csv" nocase
$string7 = "hashdump.txt" nocase
$string8 = "local_admins.csv" nocase
$string9 = "lsadump.txt" nocase
$string10 = "lsass.dmp" nocase
$string11 = "lsassdump.dmp" nocase
$string12 = "mimikatz.xls" nocase
$string13 = "mini.dmp" nocase
$string14 = "netscan.xml" nocase
$string15 = "nmap.csv" nocase
$string16 = "nmap.txt" nocase
$string17 = "nmap.xml" nocase
$string18 = "openvas.csv" nocase
$string19 = "pwdump.txt" nocase
$string20 = "secretsdump.txt" nocase
$string21 = "targets.txt" nocase
$string22 = "trusts.csv" nocase
$string23 = "user_sessions.csv" nocase
$string24 = "bloodhound.bin" nocase
$string25 = ".gnmap" nocase
$string26 = ".nessus" nocase
$string27 = ".nmap" nocase
$string28 = "p0wn" nocase
condition:
1 of them
}
rule HackerUrl
{
meta:
author = "@neonprimetime"
description = "Hacker Url"
strings:
$string1 = "kali." nocase
$string2 = "/kali/" nocase
$string3 = "kali-" nocase
$string4 = "backbox." nocase
$string5 = "/backbox/" nocase
$string6 = "backbox-" nocase
$string7 = "blackarch." nocase
$string8 = "/blackarch/" nocase
$string9 = "blackarch-" nocase
$string10 = "caine-live." nocase
$string11 = "/caine-live/" nocase
$string12 = "caine-live-" nocase
$string13 = "deftlinux." nocase
$string14 = "/deftlinux/" nocase
$string15 = "deftlinux-" nocase
$string16 = "parrotsec." nocase
$string17 = "/parrotsec/" nocase
$string18 = "parrotsec-" nocase
$string19 = "altlinux./altlinux/" nocase
$string20 = "altlinux-" nocase
$string21 = "digi77." nocase
$string22 = "/digi77/" nocase
$string23 = "digi77-" nocase
$string24 = ".paterva." nocase
$string25 = "portswigger." nocase
$string26 = "exploit-db." nocase
$string27 = "/exploit-db/" nocase
$string28 = "exploit-db-" nocase
$string29 = "parrot.sh" nocase
$string30 = "/parrot.sh/" nocase
$string31 = "basealt.ru" nocase
$string32 = "/basealt.ru/" nocase
$string33 = "basealt.ru-" nocase
$string34 = "0day.today" nocase
$string35 = "/0day.today/" nocase
$string36 = "0day.today-archstrike." nocase
$string37 = "/archstrike/" nocase
$string38 = "archstrike-" nocase
condition:
1 of them
}
rule PUPSoftware
{
meta:
author = "@neonprimetime"
description = "Potentially Unwanted Software"
strings:
$string0 = "adusetup" nocase
$string1 = "advanced driver" nocase
$string2 = "anytimeastrology" nocase
$string3 = "aplusgamer" nocase
$string4 = "apnsetup" nocase
$string5 = "apnstub" nocase
$string6 = "ascsetup" nocase
$string7 = "astromenda" nocase
$string8 = "atozmanuals" nocase
$string9 = "atwrun" nocase
$string10 = "audiotoaudio" nocase
$string11 = "bringmesports" nocase
$string12 = "bytefence" nocase
$string13 = "calendarspark" nocase
$string14 = "ccleaner" nocase
$string15 = "citysearch" nocase
$string16 = "convertpdfsnowtooltab" nocase
$string17 = "coupon companion" nocase
$string18 = "couponscom" nocase
$string19 = "cursormania" nocase
$string20 = "dailybibleguide" nocase
$string21 = "dailyrecipeguidetooltab" nocase
$string22 = "dailywellnessguide" nocase
$string23 = "dictionaryboss" nocase
$string24 = "directionsandmap" nocase
$string25 = "discoverancestry" nocase
$string26 = "discoverliveradio" nocase
$string27 = "disk-defrag-setup" nocase
$string28 = "downspeedtest" nocase
$string29 = "driver-updater-setup" nocase
$string30 = "driver.talent" nocase
$string31 = "driverassist-setup" nocase
$string32 = "driverdoc" nocase
$string33 = "drivereasy" nocase
$string34 = "driverrestore" nocase
$string35 = "driversupport" nocase
$string36 = "drivertalent" nocase
$string37 = "drivertoolkit" nocase
$string38 = "driverupdate-" nocase
$string39 = "driverupdate-downloader" nocase
$string40 = "driverupdate-setup" nocase
$string41 = "driverwhiz" nocase
$string42 = "easeware" nocase
$string43 = "easydriverpro" nocase
$string44 = "easyhomedecorating" nocase
$string45 = "easypdfcombine" nocase
$string46 = "easyphotoedit" nocase
$string47 = "eliteunzip" nocase
$string48 = "emailaccessonline" nocase
$string49 = "everyday lookup" nocase
$string50 = "everydaylookup" nocase
$string51 = "filefanatic" nocase
$string52 = "filesharefanatic" nocase
$string53 = "flashplayerpro" nocase
$string54 = "flightsearchapp" nocase
$string55 = "freemakevideoconvertersetup" nocase
$string56 = "freemanuals" nocase
$string57 = "freeradiocast" nocase
$string58 = "fromdoctopdftooltab" nocase
$string59 = "funcustomcreations" nocase
$string60 = "gamingassassin" nocase
$string61 = "gamingwonderland" nocase
$string62 = "garden enthusiast" nocase
$string63 = "gardeningenthusiast" nocase
$string64 = "getflightinfo" nocase
$string65 = "getformsonline" nocase
$string66 = "gettvstreamnow" nocase
$string67 = "gifables" nocase
$string68 = "happinessinfusion" nocase
$string69 = "headlinealley" nocase
$string70 = "howtosimplified" nocase
$string71 = "howtosuite" nocase
$string72 = "inboxace" nocase
$string73 = "internetspeedtracker" nocase
$string74 = "knowthebible" nocase
$string75 = "localcrimewatcher" nocase
$string76 = "mapsgalaxy" nocase
$string77 = "marineaquariumlite" nocase
$string78 = "mergedocsonline" nocase
$string79 = "mydailyrunway" nocase
$string80 = "myeasylotto" nocase
$string81 = "myformsfinder" nocase
$string82 = "myfuncards" nocase
$string83 = "mynewsguide" nocase
$string84 = "mypcbackup" nocase
$string85 = "myradioplayer" nocase
$string86 = "myscrapnook" nocase
$string87 = "mysocialshortcut" nocase
$string88 = "mytelevisionhq" nocase
$string89 = "mytransitguide" nocase
$string90 = "myweatherradar" nocase
$string91 = "mywebface" nocase
$string92 = "notehomepage" nocase
$string93 = "onlinemapfinder" nocase
$string94 = "openfreely" nocase
$string95 = "packagetracer" nocase
$string96 = "pckeeper" nocase
$string97 = "pdfconverterhq" nocase
$string98 = "photofriendzy" nocase
$string99 = "playpoptrivia" nocase
$string100 = "playthruplayer" nocase
$string101 = "popularscreensavers" nocase
$string102 = "ppc-software" nocase
$string103 = "premierdownloadmanager" nocase
$string104 = "procleaningsoftware" nocase
$string105 = "productivityboss" nocase
$string106 = "productmanualsfinder" nocase
$string107 = "propccleaner" nocase
$string108 = "puzzlegamesdaily" nocase
$string109 = "quotationcafe" nocase
$string110 = "qyuninst" nocase
$string111 = "radiorage" nocase
$string112 = "readingfanatic" nocase
$string113 = "registry-cleaner" nocase
$string114 = "regservo" nocase
$string115 = "removedt" nocase
$string116 = "safepcrepair" nocase
$string117 = "scenichomepage" nocase
$string118 = "searchbar" nocase
$string119 = "searchformsonline" nocase
$string120 = "searchpredict" nocase
$string121 = "slimcleanerplus" nocase
$string122 = "smsfrombrowser" nocase
$string123 = "snapmyscreen" nocase
$string124 = "soccerinferno" nocase
$string125 = "spyhunter" nocase
$string126 = "studyhq" nocase
$string127 = "sweepstakesalley" nocase
$string128 = "tbieaddin.dll" nocase
$string129 = "televisionfanatic" nocase
$string130 = "ticketxplorer" nocase
$string131 = "timewhackers" nocase
$string132 = "tooltabextension.dll" nocase
$string133 = "totalrecipesearch" nocase
$string134 = "trackapackage" nocase
$string135 = "translationbuddy" nocase
$string136 = "unifiedlogger.dll" nocase
$string137 = "utility chest" nocase
$string138 = "videodownloadconverter" nocase
$string139 = "votinstw" nocase
$string140 = "votprx" nocase
$string141 = "wb-setup" nocase
$string142 = "web_bar" nocase
$string143 = "webdiscover" nocase
$string144 = "webdiscoverbrowserdownloaderwebesc" nocase
$string145 = "webext_dl" nocase
$string146 = "winwb" nocase
$string147 = "yourtemplatefindertooltab" nocase
$string148 = "ysearchsettool" nocase
$string149 = "ysearchutilsvc" nocase
condition:
1 of them
}
rule ActiveDirectoryDomainFlag
{
meta:
author = "@neonprimetime"
description = "AD domain flag"
strings:
$string0 = " /domain " nocase
condition:
1 of them
}
rule ActiveDirectoryCreateFlag
{
meta:
author = "@neonprimetime"
description = "AD Create flag"
strings:
$string0 = " /add " nocase
$string1 = " /create " nocase
condition:
1 of them
}
rule MetasploitPort
{
meta:
author = "@neonprimetime"
description = "Metasploit Port"
strings:
$string0 = ":4444" nocase
condition:
1 of them
}
rule AdminFileShareAccess
{
meta:
author = "@neonprimetime"
description = "Admin File Share Access"
strings:
$string0 = "admin$" nocase
condition:
1 of them
}
rule TeamViewerPort
{
meta:
author = "@neonprimetime"
description = "TeamViewer Port"
strings:
$string0 = ":5938" nocase
condition:
1 of them
}
rule ActiveDirectoryCriticalGroup
{
meta:
author = "@neonprimetime"
description = "Critical AD groups"
strings:
$string0 = "domain admins" nocase
$string1 = "enterprise admins" nocase
$string2 = "schema admins" nocase
$string3 = "workstation admins" nocase
$string4 = "dns admins" nocase
$string5 = "server admins" nocase
condition:
1 of them
}
rule NewUser
{
meta:
author = "@neonprimetime"
description = "New User Commands"
strings:
$string0 = "new-localuser" nocase
$string1 = "new-aduser" nocase
condition:
1 of them
}
rule WebDownloader
{
meta:
author = "@neonprimetime"
description = "Web Downloader"
strings:
$string0 = "DownloadFile(" nocase
$string1 = "DownloadString" nocase
$string2 = "WebRequest" nocase
$string3 = "wget" nocase
$string4 = "bitstransfer" nocase
condition:
1 of them
}
rule McAfeeQuarantineFile
{
meta:
author = "@neonprimetime"
description = "McAfee Quarantine File"
strings:
$string0 = "\\quarantine\\" nocase
$string1 = ".bup" nocase
condition:
1 of them
}
rule VulnerabilityScanner
{
meta:
author = "@neonprimetime"
description = "Vulnerability Scanner"
strings:
$string0 = "AngryIP" nocase
$string1a = "\\Nmap " nocase
$string1b = "/Nmap." nocase
$string1c = " Nmap " nocase
$string1d = " Nmap." nocase
$string2 = "Nessus" nocase
$string3 = "sqlmap" nocase
$string4 = "nikto" nocase
$string5 = "wpscan" nocase
$string6 = "hyrda" nocase
$string7 = "dirbuster" nocase
$string8 = "masscan" nocase
$string9 = "morfeus" nocase
$string10 = "sqlninja" nocase
condition:
1 of them
}
rule SqlInjection
{
meta:
author = "@neonprimetime"
description = "Sql Injection"
strings:
$string0 = "UNION+ALL+SELECT" nocase
$string1 = ",NULL,NULL" nocase
$string2 = "AND+SLEEP" nocase
$string3 = "PG_SLEEP" nocase
$string4 = "WAITFOR+DELAY" nocase
$string5 = "CONCAT(0x" nocase
$string6 = "UNION+SELECT" nocase
$string7 = "--+" nocase
$string8 = "')UNION ALL SELECT" nocase
$string9 = ",NULL,NULL" nocase
$string10 = "AND SLEEP" nocase
$string11 = "WAITFOR DELAY" nocase
$string12 = "CONTACT(0x" nocase
$string13 = "UNION SELECT" nocase
$string14 = "UNION+ALL+SELECT" nocase
$string15 = "AND+SLEEP" nocase
$string16 = "WAITFOR+DELAY" nocase
$string17 = "UNION+SELECT)" nocase
condition:
1 of them
}
No comments:
Post a Comment