Thursday, April 12, 2012

Malware Analysis Tutorial 26: Rootkit Configuration

Learning Goals:
  1. Practice the use of user mode WinDbg for inspecting process in non-invasive mode
  2. Practice the use of IMM and WinDbg for data analysis
  3. Understand registry operations
  4. Understand file operations at multiple levels
  5. Understand the high level network operations
  6. Practice the general unpacking technique and searching for the decoding key
Applicable to:
  1. Operating Systems
  2. Assembly Language
  3. Operating System Security
1. Introduction
In this section, we go back to the analysis of lz32.dll and finish the rest of it. We will see a wide variety of malicious operations performed by the malicious lz32.dll injected by Max++, including disk formatting of the hidden drive, generation of network payload and configuration, unpacking of code segment, and infection of other system library files.

Our analysis will be mostly performed in the address range 0x3Cxxxx, and for some part we will have to dig into the raspppoe.sys again. We start the analysis from the address 0x3C1B3E. Follow the instructions below.

2. Lab Configuration
We could simply reuse the lab configuration of Tutorial 20. In general, you need two windows XP instances, one for taking notes and the other for running the malware. Also you need a WinDbg instance sitting on the host to debug the win_debug instance. Specifically, in the win_debug instance, you need to set a breakpoint at 0x3C1B3E. This is the place right before the call of loadDriver("raspppoe.sys"), as shown in Figure 1 below.


Figure 1. Code of Lz32.dll after zwLoadDriver

3. Clean Up Operations
Recall that at 0x3C1B3F, max++ (at lz32.dll) calls zwLoadDriver to load rasppoe.sys. The behavior of rasppoe.sys is explained in the Tutorials 20 to 25. Now lz32.dll has to perform some clean up operations to further hide the trail of the malware. At 0x003C1B48 (see the first highlighted area of Figure 1), it closes the file handle of raspppoe.sys, and then from 0x3C1B55 to 0x3C1B3B, there is a loop which resumes a collection of threads one by one. This is actually to re-enable the windows file protection service.

Challenge 1. Use data tracing/breakpoint technique to prove that the loop from 0x3C1B55 to 0x3C1B3B is to re-enable the windows file protection service.


Note that major responsibility of the infected rasspppoe.sys is to set up the I/O handler for disk operations and also the infection of TDI (TCP/IP) service stack. Many services in raspppoe.sys are delayed for 15 seconds using deferred procedure call or delayed timer on system thread, because they need the further configuration done in lz32.dll. We now present the details.

4. Creation of Virtual Drive
The first interesting part of the code is the creation of a virtual drive. The code is shown in Figure 2. It consists of four steps: it first loads the "fmifs" library, and then it gets the procedure address of "FormatEx", and then it calls the function to format the drive. If you look at the stack content, you will notice the name of the drive is "C2CAD...". Once everything is done, it unloads the library.
Figure 2. Create Virtual Drive \??\C2CAD...

5. Storing Malicious File in Hidden Drive
The next action performed by Max++ is to save the infected driver file raspppoe.sys into the newly created hidden drive. The details is shown in Figure 3.
Figure 3. Store Malicious raspppoe.sys file into Hidden Drive. file name: snifer67
As shown in Figure 3, the first action at 0x3C2000 is a call of MapViewOfSection. Essentially, it maps a section object to the address space of the current object. The section object, before this call, is set up by Max++ to be the mapping of the raspppoe.sys driver file (which is infected). After the call is completed, the entire section object will be mapped to somewhere in the current process, in our case, the starting address is 0x00380000. If you look at the memory dump in Figure 3, you can notice the "4D 5A", which is the magic code of a PE file. Then Max++ creates a file named "osseqw" (which is the result of encoding "snifer67" using the current time stamp). It then saves the contents of the rassppoe.sys into the newly created file.

Challenge 1. Prove that the section object used in the MapviewOfSection call at 0x3C2000 is the one for raspppoe.sys (infected driver).

Challenge 2. Find out when the snifer67 file in the hidden drive is used.

6.Configuration File
The next function to analyze is 0x3C2162. Figure 4 shows its function body. Its main job is to create the configuration file used by the TDI_SEND activities introduced in section 5 of Tutorial 25.

Figure 4. Writing IP/domain names of malicious servers

As shown in Figure 4, Max++ loads and encodes several strings such as<ip>85.17.239.212</ip> and <host>intensivedive.com</host>. It's your job to find out all the malicious servers saved to the configuration file.

Challenge 3. Analyze the function at 0x003C20E0. What are its input parameters?

Challenge 4. Identify all the IP addresses and domain names saved into the configuration file in hidden drive.

Challenge 5. Find the name of the configuration file.

7. Saving Decoding Key in Registry
The next action Max++ performs is to save the "decoding key" which is used for self-packing into registry. Figure 5 shows the code.
Figure 5. Saving Decoding Key

As shown in Figure 5, the decoding key is "1100100", which is retrieved from the PE header of Max+++downloader2010.exe and it is used in decoding/unpacking the code. Max++ creates a registry key in IE explorer and saves the value there.

Challenge 6. Prove that the key 11001800 is from the PE header of Max++.

Challenge 7. Find out where the key is used.

8. Creating HTTP Request
Max++ proceeds to function 3C220A, which creates the HTTP request header for downloading more malicious files. Figure 6 shows its contents. The highlighted area in Figure 6 shows the HTTP request header. It is basically to invoke /install/setup.ppc.php on intensivedive.com.
Figure 6. Creating HTTP Request Header

9.Creation of Malicious File max++.00.x86
Next we analyze the function located at 0x3C16b8. Figure 7 shows its contents. It first opens the ntdll file and reads its basic file information. Then it creates a file called max++.00.x86 in the hidden drive. The file uses the same configuration (basic file information) of ntdll.

Challenge 8. Observe the function call at 0x3C16CD (in Figure 7). It creates a decoding table. Where does the decoding table start and end?

Figure 7. First Part of 0x3c16b8


Figure 8 shows the rest of the function. It establishes the contents of max++.00.x86. The first action is to allocate a virtual memory of 0x8000 bytes (see the highlighted area in Figure 7). Then it first establishes a decoding table in the stack (in range of 0x12D3XX). Then using this decoding table, Max++ first copies the encrypted code from 0x3C2550 to 0x380000 and deciphers the information via multiple passes of decryption. Finally it writes all the contents into max++.00.x86. The file will be later loaded by another system driver.
Figure 8. Establish file max++.00.x86

10. Contact Malicious Server
Next Max++ contacts the malicious server, as shown in Figure 9. It constructs a winsock and connects to 85.17.239.212 and send a HTTP request to it. Notice that the interesting part is the encoding key "11001800" is embedded in the HTTP request (see the memory dump part of Figure 9). The function does not have a receive operation though. It seems to just inform the malicious server that the infection of Max++ is successful.
Figure 9. Send Traffic to intensivedive

101 comments:

  1. Being able to share the sample?

    ReplyDelete
    Replies
    1. Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download Now

      >>>>> Download Full

      Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download LINK

      >>>>> Download Now

      Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download Full

      >>>>> Download LINK m7

      Delete
  2. informative post. Thanks for sharing.

    ReplyDelete
  3. BlueHost is definitely the best hosting provider with plans for any hosting requirements.

    ReplyDelete
  4. Great Blog... The information you shared is very effective for learners I have got some important suggestions from it, Keep Sharing such a nice blog.Shop Drawings Preparation in UK
    Shop Drawings Preparation in India

    ReplyDelete
  5. Thanks for sharing, very informative blog.
    ReverseEngineering

    ReplyDelete
  6. For those seeking Custom Nursing Essay Writing Service that are 100% original we have plagiarism software that the company utilizes to confirm the level of originality even when offering nursing case study writing services.

    ReplyDelete
  7. It is very important to note that sleep performs a biological function that is fundamental to the human body, especially in teenagers more than in children and adults. So should school start later essay can debunk all misconseptions in this issues.

    ReplyDelete
  8. Wanna know how to write a movie critique? In this movie critique example you can see how to do it right and what to mentions in this type of writing.

    ReplyDelete
  9. http://www.igetsolutions.in/packers-and-movers-indore
    http://www.igetsolutions.in/packers-and-movers-surat
    http://www.igetsolutions.in/packers-and-movers-alwar
    http://www.igetsolutions.in/packers-and-movers-ajmer
    http://www.igetsolutions.in/packers-and-movers-mangalore

    ReplyDelete
  10. https://latestcracked.com/abbyy-finereader-full-download-here/
    ABBYY FineReader Serial Keygen maintains all original languages, also admits graphs and tables with much larger precision. Shows amazing comprehension precision and variability of maintaining the partitioning of all origin records.

    ReplyDelete
  11. https://fixedcrack.com/4k-video-downloader-free-download/
    4K Video Downloader Patch model can be a wonderful tool for video and audio documents instantly. It stops an individual from files that are corrupted. The downloaded data files comprise high-resolution. While adequate audio excellent. Moreover, the online video Downloader has distinct languages to satisfy the wants.

    ReplyDelete
  12. https://activatorscrack.com/usbfix-full-cracked/
    UsbFix Registration Code is super easy to use. It had been created based on a fascinating menu, where the minimalism of patterns and numerous, clear colors and design are somewhat bitten.

    ReplyDelete
  13. https://greencracks.com/lucky-patcher-latest/
    Lucky Patcher APK is the best android app and patches any apps or games. it is the most popular rooted apps. it can block ads and remove unwanted system app. You Can Control easily installed apps on your Android Phone using by Patcher rooted app.

    ReplyDelete
  14. https://crackedhere.com/magix-music-maker-torrrents/
    Magix Music Maker Crack is a very powerful and amazing software for music makers, in order to create and control projects without inconvenience, in a user-friendly environment. Great recordings are now able to be achieved even more quickly helping you to capture your opinions before the motivation slips away.

    ReplyDelete
  15. https://activatorskey.com/flixgrab-premium-crack-plus-license-key/
    FlixGrab Crack is an effective program for totally installing net FLIX series. It helps to download TV shows, films, and music. The users can install all documents with quick speed. The users can install any film from net FLIX, and enjoy it offline. You can load your download list from a file, and then start to install it.

    ReplyDelete
  16. https://approvedcrack.com/clip-studio-paint-ex-crack-torrent/
    Clip Studio Paint EX Crack s a part of software application. It a manga studio marketed in North America. It is known as Kurisu in japan. It’s a software application for windows and macOS. It’s developed by celsius. It’s a graphics company of Japanese. Clip Studio is a software company.

    ReplyDelete
  17. https://thinkcrack.com/clip-studio-paint-torrent-crack/
    Clip Studio Paint Crack software is known in Japan in Kurita. macOS, Microsoft Windows, and software for iOS applications are included in it, and Celsus’s creat from the graphic software company of Japan. It is used to create a digital comic.

    ReplyDelete
  18. https://crackeypc.com/device-doctor-license-key/
    Device Doctor Crack is a useful place where you can easily find Activators, Patch, Full version software Free Download, License key, serial key, keygen, Activation Key and Torrents. Get all of these by easily just on a single click.

    ReplyDelete
  19. All matters related to medical laboratory and simple procedures People are performing a huge amount of tests daily basis on several labs world wide. but you can have all the test procedure, reporting etc here.
    Blood Grouping Principle and Procedure

    ReplyDelete
  20. Hey guys! I want to thanks to all of you! Firstly to thr arthour of that wonderful blog and of course to the guys-readers of that blog! Really informative article which will be a great addition to my paper pre written to me by the group of professional writers from cheap-papers service the link to which is that one https://cheap-papers.com/buy-presentation-completed-by-experts.php so you can use their help in order to receive only the highest grades

    ReplyDelete
  21. excellent publish, very informative. I wonder why the other specialists of this sector do not notice this.
    You must continue your writing. I’m confident, you’ve a
    great readers’ base already!
    Here is the Link of Free & Latest Multimedia crack:
    https://softserialskey.com/cyberlink-powerdirector-ultimate-crack/
    It offers a great combination of advanced functionality and great features for video editing.
    It’s very simple and easy to use, so creators of every skill level can easily access its great features.

    ReplyDelete
  22. Find Latest Job Vacancies In Noida, Delhi For Freshers And Experienced. Filter Job Opportunities By Salary, Experience, Industry, Company Etc ...

    ReplyDelete
  23. HOW TO SETUP HP ENVY 7155 TO WIFI, introduce and design simple strides to interface printers, wireless setup , driver introduce, streaming gadgets, information recuperation, email arrangement and pc rules.

    ReplyDelete
  24. Great Article
    Cyber Security Projects


    Networking Security Projects

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete
  25. Lahore Smart City is going to be the best choice for commercial, investment and residential point of view. The scheme will have everything to attract national and international investors. In return, investors will get high revenue. On the other hand, the housing society is equipped with state of the art facilities. The facilities are just dream of come true for the people of Lahore. Peace, safety and eco-friendly behaviors. Future Development Holding hires and corporate’s with world-class developers, architectures and planners. This Smart City Lahore will have golf clubs and fields designed by experienced and world-recognized designers.

    ReplyDelete
  26. Iobit keygen protected folder Keep your data and files private in the program. The only way to get this information is your password. You no longer have to worry about losing privacy.

    ReplyDelete
  27. Download the latest Cracks with CracCOol website
    patch, Serial Key, License Key and Keygen Full Free

    ReplyDelete
  28. Then again, the housing society is prepared with state of the art facilities. the facilities are simply dream of come actual for the humans of lahore. peace, protection and green behaviors. future development conserving hires and company’s with world-magnificence developers, architectures and planners. knitted ponte de roma fabrics manufacturers | knitted jacquard fabrics manufacturers

    ReplyDelete
  29. Great web site. A lot of useful information here. I’m sending it to several friends ans also sharing in delicious. And obviously, thanks in your effort! 야설

    Also visit my web site;
    야설

    ReplyDelete
  30. Very good information. Lucky me I recently found your website by accident I have book marked it for later!
    일본야동
    Also visit my web site 일본야동

    ReplyDelete
  31. This blog is very informative the stuff you provide I really enjoyed reading 국산야동
    Also visit my web site 국산야동

    ReplyDelete
  32. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. 일본야동
    Also visit my web site 일본야동

    ReplyDelete
  33. I have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates.
    야설
    Also visit my web site 야설

    ReplyDelete
  34. Security is the main aspect of computer. Different viruses and hackers attack on your computer. You discus rootkit configuration in detail. All the key points are informative. Due to some condition garage door could be broken. For this solution garage door repair Springfield provide best services.

    ReplyDelete
  35. Thank you for sharing informative information. You deliver theoretical and practical work and out rootkit configuration. This post is very helpful for me. Moreover, Roofing Services Quincy MA provide the quality work at affordable price. Our expert team fulfill your desire requirements.

    ReplyDelete
  36. Amazing article mate, an everything contemplated befuddling article. I've end up being your fan happening to investigating your befuddling article. You may tragically checkout my work. Arrangement Given under. Free Download software
    Direct Download Link

    ReplyDelete
  37. My brother is amazed by this Rootkit configuration that I found for him. But really I was looking for history essay questions that I have to prepare for the next week. But it's so nice too because my brother is happy now.

    ReplyDelete
  38. Technologistan is the popoular and most trustworthy resource for technology, telecom, business and auto news in Pakistan

    ReplyDelete
  39. Thank you for another informative blog. Where else could I get that kind of info written in such a perfect way? 홀덤

    ReplyDelete
  40. Thank you so much admin for uploading such amazing content with us your blog is really helpful for me. wish you all the best for upcoming comments. I am also wanted to write blog kindly guide me if my topic is Utility Vehicle Suppliers then what should I do first and how will I create new and unique content on this topic

    ReplyDelete
  41. You deliver information related to malware analysis and discuss related to rootkit configuration in detail. Thanks for sharing this post with us. Moreover, This time to take advantages of https://wilderperez.com/real-estate-agent-in-home-springs-ca/ for quality work.

    ReplyDelete
  42. You deliver information related to malware analysis and discuss related to rootkit configuration in detail. Thanks for sharing this post with us. Moreover, This time to take advantages of real estate agent in home springs ca for quality work.

    ReplyDelete
  43. Enjoyed reading the article above, Really explains everything in detail, the article is very interesting and effective. Thank you and good luck for the upcoming articles...For more please visit: SEO Service USA...

    ReplyDelete
  44. You deliver the informative information related to security and algorithms in detail. This post is very helpful for IT students. Further, This time to take advantages of car locksmiths in san Antonio tx for quality work.

    ReplyDelete
  45. Very Informative & watchful content, You guys also try it
    Real Estate Agents Meridian ID


    for best Relocation services

    ReplyDelete
  46. Why couldn't I have the same or similar opinions as you? T^T I hope you also visit my blog and give us a good opinion.casino online

    ReplyDelete
  47. Very nice article and straight to the point. I don’t know if this is truly the best place to ask but do you folks have any idea where to get some professional writers? Thank you. 호텔카지노

    ReplyDelete
  48. 메이저사이트순위January 3, 2022 at 7:25 PM

    Hi there, I simply hopped over in your website by way of StumbleUpon. Now not one thing I’d typically learn, but I favored your emotions none the less. Thank you for making something worth reading. 메이저사이트순위

    ReplyDelete
  49. I finally found what I was looking for! I'm so happy. 우리카지노


    ReplyDelete
  50. Your information was very useful to me. That's exactly what I've been looking for 샌즈카지노!

    ReplyDelete
  51. Hard to ignore such an amazing article like this. You really amazed me with your writing talent. Thank you for sharing again.
    바카라사이트

    ReplyDelete
  52. Thank you for providing a good quality article.
    카지노사이트

    ReplyDelete
  53. This article is very helpful and interesting too. Keep doing this in future. I will support you.
    토토

    ReplyDelete
  54. I finally found great post here. Thanks for the information. Please keep sharing more articles.
    온라인카지노

    ReplyDelete
  55. Good morning!! I am also blogging with you. In my blog, articles related to are mainly written, and they are usually called 우리카지노. If you are curious about , please visit!!

    ReplyDelete
  56. It seems like I've never seen an article of a kind like . It literally means the best thorn. It seems to be a fantastic article. It is the best among articles related to 바카라사이트 . seems very easy, but it's a difficult kind of article, and it's perfect.

    ReplyDelete
  57. I really happy found this website eventually. Really informative and inoperative, Thanks for the post and effort! Please keep sharing more such blog. 한국야동

    Please visit once. I leave my blog address below
    야설
    일본야동

    ReplyDelete
  58. Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. 한국야동

    Please visit once. I leave my blog address below
    야설
    한국야동

    ReplyDelete
  59. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. 야동

    Please visit once. I leave my blog address below
    국산야동
    일본야동

    ReplyDelete
  60. Excellent read, I just passed this onto a friend who was doing some research on that. I will learn a lot of new stuff right here! 국산야동

    Please visit once. I leave my blog address below
    한국야동
    국산야동

    ReplyDelete
  61. Great article with excellent idea!Thank you for such a valuable article. I really appreciate for this great information. 한국야동

    Please visit once. I leave my blog address below
    야동
    일본야동

    ReplyDelete
  62. I'm looking for a lot of data on this topic. The article I've been looking for in the meantime is the perfect article. Please visit my site for more complete articles with him! 메이저검증

    ReplyDelete
  63. There are also articles on these topics on my blog and I hope you visit once and have a deep discussion! 메이저놀이터

    ReplyDelete
  64. Your writing is perfect and complete. However, I think it will be more wonderful if your post includes additional topics that I am thinking of. I have a lot of posts on my site similar to your topic. Would you like to visit once? keonha cai

    ReplyDelete
  65. This is the post I was looking for 메이저사이트 I am very happy to finally read about the Thank you very much. Your post was of great help to me. If you are interested in the column I wrote, please visit my site .

    ReplyDelete
  66. This is really helpful post and very informative there is no doubt about it. It’s awesome dude I found this one pretty fascinating and it should go into my collection. 슬롯머신사이트

    ReplyDelete
  67. Attractive component of content. I just stumbled upon your site and in accession capital to claim that I acquire actually enjoyed account your blog posts. Anyway I will be subscribing for your feeds or even I success you access consistently quickly.
    섯다

    ReplyDelete
  68. I am sure this post has touched all the internet users, its really really pleasant piece of writing on building up new webpage.
    토토

    ReplyDelete
  69. I am really glad to glance at this website posts which includes plenty of
    useful data, thanks for providing such information.
    일본야동

    ReplyDelete
  70. Thank you for posting this awesome article. I’m a long time reader but I’ve never been compelled to leave a comment.
    I subscribed to your blog and shared this on my Facebook.
    Thanks again for a great article!
    토토사이트

    ReplyDelete
  71. great & nice articles with a lot of information to read...great people keep posting and keep updating people..thank you , Hello, this is very useful material.

    스포츠토토존

    ReplyDelete
  72. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. I am writing on this topic, so I think it will help a lot. I leave my blog address below. Please visit once.!

    바카라사이트비즈

    ReplyDelete
  73. The setup process for every Canon model is almost similar, however the download through https //ij.start.cannon or http //ij.start.cannon and installation process may differ.Depending on your requirement, it offers a type printer including PIXMA, SELPHY, MAXIFY, etc. canon.com/ijsetup Some factors need to be in mind while choosing an inkjet printer for you. Later, you can easily set up your Canon printer through drivers from ij.start.cannon wireless connection, USB, and a few components. Https //ij.start.cannon

    ReplyDelete
  74. Great Post. Keep Writing and Inspiring. Looking Forward to More.

    ReplyDelete
  75. Thank you for sharing such a Wonderful Blog.

    ReplyDelete
  76. I really enjoy your Post. Very creative and Wonderful.

    ReplyDelete
  77. Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download Now

    >>>>> Download Full

    Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download LINK

    >>>>> Download Now

    Dr. Fu'S Security Blog: Malware Analysis Tutorial 26: Rootkit Configuration >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete
  78. Great post, beautiful weblog with great informational content. This is a really interesting and informative content. 토토사이트

    ReplyDelete
  79. This is very nice article. Everyone should read. 경마

    ReplyDelete
  80. Here are several of the sites we advise for our visitors 토토

    ReplyDelete
  81. Great Post. Looking Forward to more.

    ReplyDelete
  82. Great blog. Looking forward to More.

    ReplyDelete
  83. What a post I've been looking for! I'm very happy to finally read this post. 토토사이트 Thank you very much. Can I refer to your post on my website? Your post touched me a lot and helped me a lot. If you have any questions, please visit my site and read what kind of posts I am posting. I am sure it will be interesting.

    ReplyDelete
  84. betflix The game has a style that is easy to play, สล็อตpg

    ReplyDelete
  85. Hi! This is my first visit to your blog! We are a team of volunteers and new initiatives in the same niche. Blog gave us useful information to work. You have done an amazing job! 메이저토토사이트 Thank you very much. Can I refer to your post on my website? Your post touched me a lot and helped me a lot. If you have any questions, please visit my site and read what kind of posts I am posting. I am sure it will be interesting.

    ReplyDelete
  86. For quite some time Gorilla INC. has been a tenable piece of the Trenton NJ people group to assist clients with their different requirements.
    water filtration trenton nj

    ReplyDelete
  87. Yes i am completely concurred with this article and i simply need say this article is extremely decent and exceptionally useful article.I will make a point to be perusing your blog more. You made a decent point yet I can"t resist the urge to ponder, shouldn"t something be said about the other side? 먹튀검증업체 .

    ReplyDelete
  88. All-State Roofing and Siding's Roofing Contractors Bayonne NJ is an excellent choice on which you could rely. We provide superior, unmatched, and genuine services.
    roofing contractors bayonne nj

    ReplyDelete
  89. Wish you all the best for your new upcoming articles and kindly write on topic Ecommerce website and also on Cheap web design thanks.

    ReplyDelete
  90. Thanks This blog is really informative. It helps me a lot really interested.
    cracked Software
    Software Website

    crack-softwares.com

    ReplyDelete