diff --git a/malware6.pl b/malware6.pl
index a18acb0..3d3fdb1 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -20,6 +20,7 @@ our $q = CGI->new;
 print "Content-type: text/html\n\n";
 
 my @regexen = (
+    qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+ \@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is,
     qr/;tixe.+?;\)0\(emitnur_setouq_cigam_tes\@.+?\" = ssap_htua\$/is,
     qr/<span style=\"font-size:5px; font-style:italic; font-family:Arial; width:\d\dpx; display:none; color:violet;\">\s+<a href=http:\/\/.+?(viagra|cialis|levitra).+?<\/a>\s+<\/span>/is,
     qr/<?php if \(isset\(\$_GET\[\"CONFIG\"\]\)\) if \(.+?md5\(\$_GET\[\"CONFIG\"\]\)\)\{.+?if\(is_uploaded_file\/\*;\*\/\(\$_FILES\[.+?\]\)\)\{move_uploaded_file\/\*;\*\/\(\$_FILES\[.+?\);return null;\} \?>/is,
@@ -379,7 +380,6 @@ my @regexen = (
     qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$a =base64_decode\(strtr\(\$_POST\[\'.+?\'\], \'-_,\', \'+\/=\'\)\);\s+\$a=\'<\?php \'\.\$a\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$a\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is,
     qr/<\?php\s+if \(isset \(\$_GET\[\'check\'\]\)\) \{\s+echo \"checked\";.+?<h1>File<\/h1>.+?echo\(\"FILE\"\);\s+\}\s+\?>\s+<\/body>\s+<\/html>/is,
     qr/<\?php function ([A-z0-9_]{1,20})\(\$i\)\{\$a=Array\(\"([A-z0-9_]{1,20})\",\"([A-z0-9_]{1,20})\",\"([A-z0-9_]{1,20})\",\"([A-z0-9_]{1,20})\",\"\w\*\"\);return \$a\[\$i\];\} \?>/is,
-    qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+ \@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is,