Scanning /home/shomalen/public_html:

'/home/shomalen/public_html/.tmb'
# World writeable directory

'/home/shomalen/public_html/wp-admin/mah.php'
# Universal decode regex match = [universal decoder]

'/home/shomalen/public_html/wp-admin/product.php'
# Universal decode regex match = [universal decoder]

'/home/shomalen/public_html/wp-content/item.php'
# Universal decode regex match = [universal decoder]

'/home/shomalen/public_html/wp-content/network.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-content/plugins/waspthemes-yellow-pencil/images/admin/options.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 3)]) Known exploit = [Fingerprint Match (fp)] [PHP Obfuscation Exploit [P0835]]

'/home/shomalen/public_html/wp-content/plugins/waspthemes-yellow-pencil/library/json/index.php'
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-content/plugins/waspthemes-yellow-pencil/library/php/plugin.php'
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/shomalen/public_html/wp-content/themes/Mellat_News/Mellat_News/img/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P0241]]

'/home/shomalen/public_html/wp-content/themes/astra/admin/includes/class-astra-menu.php'
# Universal decode regex match = [universal decoder]

'/home/shomalen/public_html/wp-content/themes/astra/inc/metabox/options.php'
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-content/themes/izo/assets/images/index.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-content/themes/izo/inc/customizer/body-jWkE7g.php'
# Universal decode regex match = [universal decoder]

'/home/shomalen/public_html/wp-content/themes/izo/sass/plugins/index.php'
# Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2071]]

'/home/shomalen/public_html/wp-content/themes/izo/sass/utilities/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Site Defacer [P0020]]

'/home/shomalen/public_html/wp-includes/click.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2187]]

'/home/shomalen/public_html/wp-includes/defaults.php'
# Known exploit = [Fingerprint Match (fp)] [PHP EVAL Exploit [P2185]]

'/home/shomalen/public_html/wp-includes/ilikim.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/network.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/themes.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/images/smilies/icon_winks.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/js/dist/preferences-persistence.mni.js'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/js/dist/vendor/wp/tYdohKaet.php'
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/js/jquery/ui/wp/wPqORDvUt.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/fullscreen/index.php'
# Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P1580]]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/media/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2163]]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/paste/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [{1954]]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/textcolor/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2193]]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/wordpress/index.php'
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/wpemoji/index.php'
# Regular expression match = [\b(system|exec|passthru|shell_exec)\s*\(\s*\$_(GET|POST|GLOBALS|SERVER|REQUEST|SESSION|ENV|COOKIE)\[]
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 0]) Regular expression match = [\b(system|exec|passthru|shell_exec)\s*\(\s*\$_(GET|POST|GLOBALS|SERVER|REQUEST|SESSION|ENV|COOKIE)\[]

'/home/shomalen/public_html/wp-includes/js/tinymce/plugins/wpview/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]

'/home/shomalen/public_html/wp-includes/sodium_compat/src/Core32/SecretStream/index.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]