diff --git a/malware4.pl b/malware4.pl
index a076467..7bd2885 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -326,6 +326,9 @@ my @regexen = (
     qr/<\?php\s+echo\s+\'([A-z0-9]{1,20})\'\;\s+preg\_replace\(\"\\x.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
     qr/<\?php\s+if\s+\(\!defined\(\'ALREADY\_RUN\_.+?define\(\'ALREADY\_RUN\_.+?\$([A-z0-9]{1,20})\s+\=\s+Array\(.+?eval\/\*([A-z0-9]{1,20})\*\/\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\s+\}.+?\Z/is,
     qr/<\?php\s+\/\/\#\#\#\=\=\=\=\#\#\#\s+\@error\_reporting\(E\_ALL\)\;.+?\@assert\_options\(ASSERT\_QUIET\_EVAL.+?\/\/\#\#\#\=\=\=\=\#\#\#\s+\?>/is,
+    qr/<\?php.+?\/\/\#\#\#\=\=\=\=\#\#\#\s+\@error\_reporting\(E\_ALL\)\;.+?\@assert\_options\(ASSERT\_QUIET\_EVAL.+?\/\/\#\#\#\=\=\=\=\#\#\#/is,
+    qr/<\?php\s+extract\(\$\_COOKIE\)\;\@\$F\&\&\(\@\$F\(\$A\,\$B\)\|\|\@\$W\(\$X\(\$Y\,\$Z\)\)\)\;/is,
+
 
 
 );