diff --git a/malware4.pl b/malware4.pl
index b0d574e..a841634 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -340,6 +340,8 @@ my @regexen = (
     qr/<\?php.+?\$data\s+\=\s+file\_get\_contents\(\'php:\/\/input\'\)\;.+?\$data\s+\=\s+base64\_decode\(\$data\)\;.+?if\s+\(\$ok\)\s+\{\s+d\(\'ok\'\)\;\s+\}\s+else\s+\{\s+d\(\'bad\:\'\.\$fname\.\'\|\'\.\_\_DIR\_\_\)\;\s+\}/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'b\'\.\'a\'\.\'s\'\.\'e64\_deco\'\.\'de\'\;\s+\@eval\(\$([A-z0-9]{1,20})\(.+?\)\)\;/is,
     qr/<\?php\s+\$alphabet\s+\=\s+\"\..+?\$string\s+\=\s+\".+?\$array\_name\s+\=\s+\"\"\;\s+\$ar\s+\=\s+array\(.+?foreach\(\$ar\s+as\s+\$t\)\{\s+\$array\_name\s+\.\=\s+\$alphabet\[\$t\]\;\s+\}\s+\$a\s+\=\s+strrev\(\"noi\"\.\"tcnuf\"\.\"\_eta\"\.\"erc\"\)\;\s+\$f\s+\=\s+\$a\(\"\"\,\s+\$array\_name\(\$string\)\)\;\s+\$f\(\)\;/is,
+    qr/<\?php\s+if\(isset\(\$\_POST\[\"mailto\"\]\)\)\s+\$MailTo\s+\=\s+base64\_decode\(\$\_POST\[\"mailto\"\]\)\;\s+else.+?echo\s+\"sent\_ok\"\;\s+else\s+echo\s+\"sent\_error\"\;\s+\?>/is,
+    qr/<script\s+type\=\"text\/javascript\">eval\(function\(p\,a\,c\,k\,e\,r\).+?script\|\|\|\|document\|defer\|google\_analytics\|yandexMetrix.+?start\|http\|window\|11\'\.split\(\'\|\'\)\,0\,\{\}\)\)<\/script>/is,
     
     
 );