INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(1, 'ajaxcommand', 'JGEgPSAiQWpheCBDb21tYW5kIFNoZWxsIGJ5Ig==\nJGIgPSAiYSBocmVmPWh0dHA6Ly93d3cuaXJvbndhcmV6LmluZm8i\nJGMgPSAiJ0NsZWFyIEhpc3RvcnknID0+ICdDbGVhckhpc3RvcnkoKSci\nJGQgPSAiZm9yIHNvbWUgZWhoLi4uaGVscCI=\n', 'any of them', ' Ajax Command shell', '', ' https://github.com/tennc/webshell/blob/master/xakep-shells/PHP/Ajax_PHP%20Command%20Shell.php.txt', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(2, 'angel_shell', 'JGEgPSAiQ29keiBieSBhbmdlbCg0bmdlbCki\nJGIgPSAiaHR0cDovL3d3dy40bmdlbC5uZXQi\nJGMgPSAi56iL5bqP6YWN572uIg==\nJGQgPSAiRFJPUCBUQUJMRSB0bXBfYW5nZWwi\nJGUgPSAiY2YoJy90bXAvYW5nZWxfYmMnLCRiYWNrX2Nvbm5lY3QpIg==\nJGYgPSAiJHJlcyA9IGV4ZWN1dGUoJ2djYyAtbyAvdG1wL2FuZ2VsX2JjIC90bXAvYW5nZWxfYmMuYycpIg==\nJGcgPSAiU2VjdXJpdHkgQW5nZWwgVGVhbSBbUzRUXSI=\n', 'any of them', '', '', ' https://github.com/tennc/webshell/blob/master/xakep-shells/PHP/2008.php.php.txt', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(3, 'b374k', 'JGEgPSAiZmI2MjFmNTA2MGI5ZjY1YWNmOGViNDIzMmUzMDI0MTQwZGVhMmIzNCI=\nJGIgPSAiJ2V2Jy4nYWwnLicoXCI/PlwiLmd6Jy4naW4nLidmbGEnLid0ZShiYScuJ3NlJy4nNjQnLidfZGUnLidjbycuJ2RlKCR4KSkpOyci\nJGMgPSAiJGIzNzRrPSRmdW5jKCI=\nJGQgPSAiJHg9Z3ppblwiLlwiZmxhdGUoYmFzZVwiLlwiNjRfZGVcIi5cImNvZGUi\nJGUgPSAiMGRlNjY0ZWNkMmJlMDJjZGQ1NDIzNGEwZDEyMjliNDMi\nJGYgPSAiJyR4LCR5JywnZXYnLidhbCcuJyhcIlxcJHNfcGFzcz1cXFwiJHlcXFwiOz8+XCIuZ3onLidpbmYnLidsYXRlJy4nKCBiYXMnLidlNjQnLidfZGUnLidjbycuJ2RlKCR4KSkpOyci\nJGcgPSAiJF9DT09LSUVbJ2IzNzRrJ10i\n', 'any of them', ' b374k shell', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(4, 'c100', 'JGEgPSAiJF9SRVFVRVNUW1wiazFyNF9zdXJsXCJdIg==\nJGIgPSAiTWVUYUxUZWFNIChPUkcpIHdhcyBoZXJlIg==\nJGMgPSAiaHR0cDovL2VtcDNyb3IuY29tL2tpcmEvIg==\nJGQgPSAiT3duZWQgYnkgTWVUYUxUZWFNIg==\nJGUgPSAiazFyNF9idWZmX3ByZXBhcmUi\nJGYgPSAiazFyNF9kYXRhcGlwZV9jLnR4dCI=\nJGcgPSAiVW5kZXRlY3RhYmxlIHZlcnNpb24gYnkgPGJyPiBTcHlrMXI0IDxicj4i\nJGggPSAiVGhhbmtzIGZvciB1c2luZyBNZVRhTFRlYU0i\nJGkgPSAiRlRQIFF1aWNrIEJydXRlIChjYWxsZWQgTWVUYUxUZWFNIC4gb1JnIg==\n', 'any of them', ' c100 webshell', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(5, 'c99', 'JGEgPSAiJF9SRVFVRVNUW1wiYzk5OXNoX3N1cmxcIl0i\nJGIgPSAiaHR0cDovL2NjdGVhbS5ydS8i\nJGMgPSAiYzk5OWZ0cGJydXRlY2hlY2si\nJGQgPSAiT3duZWQgYnkgaGFja2VyIg==\nJGUgPSAiYzk5OV9zZXNzX3B1dCI=\nJGYgPSAiRHVtcGVkIGJ5IGM5OTlTaGVsbC5TUUwgdi4gIg==\nJGcgPSAiS2VybmVsIGF0dGFjayAoS3JhZC5jKSBQVDIi\nJGggPSAiaHR0cDovL3I1N3NoZWxsLm5ldCI=\nJGkgPSAiUm9vdFNoZWxsIFNlY3VyaXR5IEdyb3VwIg==\n', 'any of them', ' c99 webshell', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(6, 'cyb3rsh3ll', 'JGEgPSAiY3liM3IuZ2xhZGlhdDByQGdtYWlsLmNvbSI=\nJGIgPSAiY3liM3Igc2gzbGwgOiki\nJGMgPSAiT3duZWQgYnkgY3liM3IuZ2xhZGlhdDByIg==\nJGQgPSAiWW91ciBTaGVsbChjeWIzci1TaDNsbCkgbG9jYXRlZCBhdCI=\nJGUgPSAiaHR0cDovL3MxNS5wb3N0aW1hZ2Uub3JnLzk0a3A0YTBlaiI=\nJGYgPSAiY3liM3IgOWxhZGlhdDByIg==\n', 'any of them', ' cyb3rsh3ll', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(7, 'r57', 'JGEgPSAiPGEgaHJlZj1odHRwOi8vcnN0LnZvaWQucnU+cjU3c2hlbGw8L2E+Ig==\nJGIgPSAiJ2VuZ190ZXh0MScgPT4nRXhlY3V0ZWQgY29tbWFuZCci\nJGMgPSAiaHR0cDovLzEyNy4wLjAuMS9yNTdzaGVsbC8i\nJGQgPSAiJF9QT1NUWydmcm9tJ10gPSAnYmlsbHlAbWljcm9zb2Z0LmNvbSci\n', 'any of them', ' r57 webshell', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(8, 'simatacker', 'JGEgPSAiU2ltQXR0YWNrZXIgLSBWcnNpb24gOiI=\nJGIgPSAiIC0gcHJpdjggNCBNeSBmcmllbmQi\nJGMgPSAicHJpbWlzc2lvbiBOb3QgQWxsb3cgY2hhbmdlIENobW9kIg==\nJGQgPSAiSXJhbmlhbiBIYWNrZXJzIDogV1dXLlNJTU9SR0gtRVYuQ09NIg==\nJGU9ICJhZG1pbihhdClzaW1vcmdoLWV2KGRvdCljb20i\nJGYgPSAiRmFrZSBNYWlsLSBET1MgRS1tYWlsIEJ5IFZpY3RpbSBTZXJ2ZXIi\nJGcgPSAiV2VsY29tZSBUMCBTaW1BdHRhY2tlciAxLjAwICByZWFkeSAyIFVTZSI=\nJGggPSAid3d3LnI1Ny5iaXoi\n', 'any of them', ' simatacker', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(9, 'sosyete', 'JGEgPSAiU29zeWV0ZSBTYWZlIE1vZGUgQnlwYXNzIFNoZWxsIg==\nJGIgPSAiaW4gb3J0YWsga2FyaXNpbWkgb2xhcmFrIHN1bnVsbXVzdHVyIg==\n', 'any of them', ' sosyete', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(10, 'phpobfuscator', 'JGEgPSAiJE8xMEkwSTAxTzFPSTAxT0lPSSI=\nJGIgPSAiJE9JMElPMTAxMDFPSTBJMDEi\nJGMgPSAiUEhQIEVuY29kZSB2MS4wIGJ5IHpldXJhLmNvbSI=\nJGQgPSAiZmlsZShfX0ZJTEVfXyk7ZXZhbChiYXNlNjRfZGVjb2RlKCI=\nJGUgPSAiJF9QT1NUWydnX19nXyddIg==\nJGYgPSAiJF91VSgxMDEpLiRfdVUoMTE4KS4kX3VVKDk3KS4kX3VVKDEwOCki\nJGcgPSAiJE8wME8wT09fX18i\nJGggPSAiJE8wX19PMDBPX08i\nJGkgPSAiXyQoZWRvY2VkXzQ2ZXNhYiI=\nJGogPSAic3RyX3JvdDEzKGNocigxMTMpLlwicnN2YVwiIg==\nJGsgPSAiXCJiXCIuXCJcIi5cImFzXCIuXCJlXCIuXCJcIi5cIlwiLlwiNlwiLlwiNFwiLlwiX1wiLlwiZGVcIi5cIlwiLlwiY1wiLlwib1wiLlwiXCIuXCJkXCIuXCJlXCIi\nJGwgPSAiXCJiXCIuXCJcIi5cImFzXCIuXCJlXCIuXCJcIi5cIlwiLlwiNlwiLlwiNFwiLlwiX1wiLlwiZGVcIi5cIlwiLlwiY1wiLlwib1wiLiBcIlwiLlwiZFwiLlwiZVwiIg==\nJG0gPSAiO2dsb2JhbCRhdXRoO2Z1bmN0aW9uIHNoX2RlY3J5cHRfcGhhc2UoJGRhdGEsJGtleSki\nJG4gPSAvXCRHTE9CQUxTXFsnW1x3XGRdKydcXTtnbG9iYWxcJFtcd1xkXSs7XCRbXHdcZF0rPVwkR0xPQkFMUztcJFtcd1xkXStcWydbXHdcZF0rJ1xdPS8=\n', 'any of them', ' rule for different php obfuscators', ' @tenacioustek', ' https://github.com/Te-k/php-malicious-sample/blob/master/full-width.php', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(11, 'phpobfuscator_global', 'JGdsb2JhbCA9ICIkR0xPQkFMU1si\n', '#global > 30', ' detect obfuscation using $GLOBAL', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(12, 'wso', 'JGEgPSAiNjNhOWYwZWE3YmI5ODA1MDc5NmI2NDllODU0ODE4NDUi\nJGIgPSAiJGRlZmF1bHRfYWN0aW9uID0gJ0ZpbGVzTWFuJyI=\nJGMgPSAiZnVuY3Rpb24gV1NPc3RyaXBzbGFzaGVzIg==\nJGQgPSAiZnVuY3Rpb24gV1NPc2V0Y29va2llIg==\nJGUgPSAiV1NPX1ZFUlNJT04i\nJGYgPSAiPGgxPlN1aWNpZGU8L2gxPjxkaXYgY2xhc3M9Y29udGVudD5SZWFsbHkgd2FudCB0byByZW1vdmUgdGhlIHNoZWxsPyI=\nJGcgPSAiQ1JFQVRFIFRBQkxFIHdzbzIoZmlsZSB0ZXh0KTsi\n', 'any of them', ' WSO webshell', ' @tenacioustek', ' https://github.com/tennc/webshell/tree/master/php/wso', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(13, 'koplak', 'JGEgPSAiSGFja2VkIGJ5IHNreV9vb3Qi\nJGIgPSAiZnVja19tYWxheXNpYSI=\n', 'any of them', ' koplak webshell', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(14, 'darkshell', 'JGEgPSAiPGNlbnRlcj48aDE+RGFyayBTaGVsbDwvaDE+PC9jZW50ZXI+PHA+PGhyPjxwPiI=\nJGIgPSAiJGN1cnJlbnQgPSBodG1sZW50aXRpZXMgKCRfU0VSVkVSIFsnUEhQX1NFTEYnXSAuIFwiP2Rpcj1cIiAuICRkaXIpIg==\nJGMgPSAicG9ydF9zY2FuIg==\n', 'any of them', ' Darkshell', ' @tenacioustek', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(15, 'webshell_functions', 'JGEgPSAiZmluZCAvIC10eXBlIGYgLW5hbWUgLmh0cGFzc3dkIg==\nJGIgPSAiZmluZCAuIC10eXBlIGYgLW5hbWUgLmJhc2hfaGlzdG9yeSI=\nJGMgPSAiL3Vzci9sb2NhbC9hcGFjaGUvY29uZi9odHRwZC5jb25mIg==\nJGQgPSAiL3Zhci9jcGFuZWwvYWNjb3VudGluZy5sb2ci\nJGUgPSAiaHR0cDovL3d3dy5wYWNrZXRzdG9ybXNlY3VyaXR5Lm9yZyI=\nJGYgPSAid2hpY2ggd2dldCBjdXJsIHczbSBseW54Ig==\nJGcgPSAic3lzY3RsIC1uIGtlcm5lbC5vc3JlbGVhc2Ui\nJGggPSAiaXBjb25maWcgL2FsbCI=\nJGkgPSAiZGlyIC9zIC93IC9iIGluZGV4LnBocCI=\n', 'any of them', ' rules for basic webshell functions', ' @tenacioustek', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(17, 'Websites', 'JCA9ICIxMzM3ZGF5LmNvbSIgbm9jYXNl\nJCA9ICJhbnRpY2hhdC5ydSIgbm9jYXNl\nJCA9ICJjY3RlYW0ucnUiIG5vY2FzZQ==\nJCA9ICJjcmFja2ZvciIgbm9jYXNl\nJCA9ICJkYXJrYzBkZSIgbm9jYXNl\nJCA9ICJlZ3lzcGlkZXIuZXUiIG5vY2FzZQ==\nJCA9ICJleHBsb2l0LWRiLmNvbSIgbm9jYXNl\nJCA9ICJmb3BvLmNvbS5hciIgbm9jYXNlICAvKiBGcmVlIE9ubGluZSBQaHAgT2JmdXNjYXRvciAqLw==\nJCA9ICJoYXNoY2hlY2tlci5jb20iIG5vY2FzZQ==\nJCA9ICJoYXNoa2lsbGVyLmNvbSIgbm9jYXNl\nJCA9ICJtZDVjcmFjay5jb20iIG5vY2FzZQ==\nJCA9ICJtZDVkZWNyeXB0ZXIuY29tIiBub2Nhc2U=\nJCA9ICJtaWx3MHJtLmNvbSIgbm9jYXNl\nJCA9ICJtaWx3MDBybS5jb20iIG5vY2FzZQ==\nJCA9ICJwYWNrZXRzdG9ybXNlY3VyaXR5IiBub2Nhc2U=\nJCA9ICJyYXBpZDcuY29tIiBub2Nhc2U=\nJCA9ICJzZWN1cml0eWZvY3VzIiBub2Nhc2U=\nJCA9ICJzaG9kYW4uaW8iIG5vY2FzZQ==\nJCA9ICJnaXRodWIuY29tL2IzNzRrL2IzNzRrIiBub2Nhc2U=\nJCA9ICJtdW1hYXNwLmNvbSIgbm9jYXNl\n', 'any of them', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(18, 'php_exploit_GIF', 'JG1hZ2ljID0gezQ3IDQ5IDQ2IDM4ID8/IDYxfSAvLyBHSUY4PHZlcnNpb24+YQ==\nJHN0cmluZzEgPSAiOyAvLyBtZDUgTG9naW4iIG5vY2FzZQ==\nJHN0cmluZzIgPSAiOyAvLyBtZDUgUGFzc3dvcmQiIG5vY2FzZQ==\nJHN0cmluZzMgPSAic2hlbGxfZXhlYyI=\nJHN0cmluZzQgPSAiKGJhc2U2NF9kZWNvZGUi\nJHN0cmluZzUgPSAiPD9waHAi\nJHN0cmluZzYgPSAiKHN0cl9yb3QxMyI=\nJHN0cmluZzcgPSB7M2MgM2YgNzAgNjggNzB9IC8vIDw/cGhw\n', '($magic at 0) and any of ($string*)', '', ' @patrickrolsen', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(19, 'html_exploit_GIF', 'JG1hZ2ljID0gezQ3IDQ5IDQ2IDM4ID8/IDYxfSAvLyBHSUY4PHZlcnNpb24+YQ==\nJHN0cmluZzEgPSB7M2MgNjggNzQgNmQgNmMgM2V9IC8vIDxodG1sPg==\nJHN0cmluZzIgPSB7M2MgNDggNTQgNGQgNGMgM2V9IC8vIDxIVE1MPg==\n', '($magic at 0) and (any of ($string*))', '', ' @patrickrolsen', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(20, 'web_shell_crews', 'JG16ID0geyA0ZCA1YSB9IC8vIE1a\nJHN0cmluZzEgPSAidjBwQ3IzdyI=\nJHN0cmluZzIgPSAiQkVOSk9MU0hFTEwi\nJHN0cmluZzMgPSAiRWdZX1NwSWRFciI=\nJHN0cmluZzQgPSAiPHRpdGxlPkhjSiI=\nJHN0cmluZzUgPSAiMHduM2Qi\nJHN0cmluZzYgPSAiT25MeSBGb1IgUWJIIg==\nJHN0cmluZzcgPSAid1NpTG0i\nJHN0cmluZzggPSAiYjM3NGsgcjNjMGQzZCI=\nJHN0cmluZzkgPSAieCcxbjczY3R8ZCI=\nJHN0cmluZzEwID0gIiMjIENSRUFURUQgQlkgS0FURSAjIyI=\nJHN0cmluZzExID0gIklrcmFtIEFsaSI=\nJHN0cmluZzEyID0gIkZlZUxDb016Ig==\nJHN0cmluZzEzID0gInMzbjR0MDByIg==\nJHN0cmluZzE0ID0gIkZhVGFMaXNUaUN6X0Z4Ig==\nJHN0cmluZzE1ID0gImZlZWxzY2Fuei5wbCI=\nJHN0cmluZzE2ID0gIiMjWyBLT05GSUdVUkFTSSI=\nJHN0cmluZzE3ID0gIkNyZWF0ZWQgYnkgS2lzc19NZSI=\nJHN0cmluZzE4ID0gIkNhc3Blcl9DZWxsIg==\nJHN0cmluZzE5ID0gIiMgWyBDUkVXRVQgXSAjIg==\nJHN0cmluZzIwID0gIkJZIE1BQ0tFUiI=\nJHN0cmluZzIxID0gIkZyYU5Ha3ki\nJHN0cmluZzIyID0gIjFkdC53MGxmIg==\nJHN0cmluZzIzID0gIk1vZGlmaWNhdGlvbiBCeSBpRlgiIG5vY2FzZQ==\n', 'not $mz at 0 and any of ($string*)', '', ' @patrickrolsen', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(21, 'misc_php_backdoor', 'JG16ID0geyA0ZCA1YSB9IC8vIE1a\nJHBocCA9ICI8P3BocCI=\nJHN0cmluZzEgPSAiZXZhbChnemluZmxhdGUoc3RyX3JvdDEzKGJhc2U2NF9kZWNvZGUoIg==\nJHN0cmluZzIgPSAiZXZhbChiYXNlNjRfZGVjb2RlKCI=\nJHN0cmluZzMgPSAiZXZhbChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgi\nJHN0cmluZzQgPSAiY21kLmV4ZSAvYyI=\nJHN0cmluZzUgPSAiZXZhMSI=\nJHN0cmluZzYgPSAidXJsZGVjb2RlKHN0cmlwc2xhc2hlcygi\nJHN0cmluZzcgPSAicHJlZ19yZXBsYWNlKFwiLy4qL2VcIixcIlxceCI=\nJHN0cmluZzggPSAiPD9waHAgZWNobyBcIjxzY3JpcHQ+Ig==\nJHN0cmluZzkgPSAiJ28nLid3Jy4ncyciIC8vICdXaScuJ25kJy4nbycuJ3cnLidzJw==\nJHN0cmluZzEwID0gInByZWdfcmVwbGFjZShcIi8uKi9cIi4nZScsY2hyIg==\nJHN0cmluZzExID0gImV4cDFvZGUi\nJHN0cmluZzEyID0gImNtZGV4ZWMoXCJraWxsYWxsIHBpbmc7Ig==\nJHN0cmluZzEzID0gInI1N3NoZWxsLnBocCI=\nJHN0cmluZzE0ID0gImV2YWwoXCI/PlwiLmd6dW5jb21wcmVzcyhiYXNlNjRfZGVjb2RlKCI=\nJHN0cmluZzE1ID0gL2V2YWxcKFwkX1BPU1RcW1thLXpBLVowLTldK1xdXCkv\nJHN0cmluZzE2ID0gInRpc3RpdHRpcnRpX3J0aWV0aXBsdGlhdGljZSI=\nJHN0cmluZzE3ID0gIiRxVls0XS4kcVZbM10uJHFWWzJdLiRxVlswXS4kcVZbMV0i\nJHN0cmluZzE4ID0gIiR4c3Nlcj1iYXNlNjRfZGVjb2RlKCRfUE9TVCI=\nJHN0cmluZzE5ID0gInByZWdfcmVwbGFjZSgnLyguKikvZScsIEAkX1BPU1RbIg==\nJHN0cmluZzIwID0gImV2YWwoXCI/PlwiLmJhc2U2NF9kZWNvZGUoIg==\nJHN0cmluZzIxID0gIiRrPVwiYXNzXCIuXCJlcnRcIjsgJGsoJHtcIl9QT1wiLlwiU1RcIn0i\nJHN0cmluZzIyID0gImV2YWwoXCJyZXR1cm4gZXZhbCgi\nJHN0cmluZzIzID0gInByZWdfcmVwbGFjZSgnL2FkL2UnLCdAJy5zdHJfcm90MTMoIg==\n', 'not $mz at 0 and $php and any of ($string*)', '', ' @patrickrolsen', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(22, 'pseudo_darkleech', 'JGEgPSAiZnVuY3Rpb24gcmVxdWVzdF91cmxfZGF0YSI=\nJGIgPSAiJHVybCAuPSBjaHIob3JkKCRlbmNyeXB0ZWRfdXJsWyRpXSkgXiAzKSI=\nJGMgPSAiY3VybF9pbml0IGFuZCBmc29ja29wZW4gZGlzYWJsZWQi\n', 'any of them', ' rule for pseudo darkleech malicious code', ' @tenacioustek', ' https://blog.sucuri.net/2015/12/evolution-of-pseudo-darkleech.html', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(23, 'jpg_web_shell', 'JG1hZ2ljID0geyBmZiBkOCBmZiBlPyB9IC8vIGUwLCBlMSwgZTg=\nJHN0cmluZzEgPSAiPHNjcmlwdCBzcmMi\nJHN0cmluZzIgPSAiLy4qL2Ui\nJHN0cmluZzMgPSAiYmFzZTY0X2RlY29kZSI=\n', '($magic at 0) and 1 of ($string*)', '', ' @patrickrolsen', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(24, 'phpmailer', 'JGEgPSAiU1VOVCBMQSBlbWFpbHVsIg==\nJGIgPSAiKEVNQUlMIFZFUklGSUNBUkUpIg==\nJGMgPSAicGhwbWFpbGVyRXhjZXB0aW9uIg==\nJGQgPSAiYWRkQWRkcmVzcygndHNlZ2Fkb3JhQHlhaG9vLmNvbSci\nJGUgPSAiY2xhc3MgUEhQTWFpbGVyIg==\nJGYgPSAiMWFmOTg2MDlhZGY3OTZiMjFjOWZjNzM1ZTMxYzU3Yjci\nJGcgPSAiJFNBTkRZX05SID0gcmFuZCgkU2FuZHlOUkEsJFNhbmR5TlJCKSI=\nJGggPSAidXBsb2QgU3VjZXNzIEJ5IHc0bDNYelkzIg==\nJGkgPSAiQiBMIEUgUyBTIEUgRCBTIEkgTiBOIEUgUiI=\nJGogPSAiQmxlc3NlRCBNQUlMRVIgMjAxNCI=\n', 'any of them', ' php mass mailer', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(25, 'phpuploader', 'JGEwID0gImlmKGlzc2V0KCRfUE9TVFsnU3VibWl0J10pKXsi\nJGExID0gIiR1c2VyZmlsZV9uYW1lID0gJF9GSUxFU1snaW1hZ2UnXVsnbmFtZSddIg==\nJGEyID0gIiRhYm9kID0gJGZpbGVkaXIuJHVzZXJmaWxlX25hbWUi\n', 'all of them', ' rule for several php uploader', ' @tenacioustek', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(26, 'phpshell1', 'JGEgPSAiSV9oYXZlX3Byb2JsZW1fd2l0aF9DdXJsIg==\nJGIgPSAiSV9oYXZlX3Byb2JsZW1fd2l0aF9iYXNlNjRfZGVjb2RlIg==\nJGMgPSAic3RyX2lyZXBsYWNlKFwiQURNSU5UQVNLSEVSRVwiIg==\nJGQgPSAic3RyX2lyZXBsYWNlKHVybGRlY29kZShcIiU1QlNFUlZFUlVSTEhFUkUlNURcIiki\n', 'any of them', '', ' @tenacioustek', ' https://github.com/Te-k/php-malicious-sample/blob/master/Rss.php', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(27, 'Php_Trojan_Sysbat_1', 'JGEwID0geyAwZDBhMmYyZjIwNTM1OTUzNDI0MTU0MmU1MDQ4NTAyMDU2NDk1MjU1NTMyMDBkMGEyZjJmMjA0Mjc5MjA1ODZkNmY3MjY2Njk2MzJjMjA3Nzc3NzcyZTczNjg2MTY0NmY3Nzc2NzgyZTYzNmY2ZDJmNjI2Mzc2NjcyYzIwNTQ2ODY1MjA0MjZjNjE2MzZiMjA0MzYxNzQyMDU2Njk3MjY5NjkyMDQ3NzI2Zjc1NzAwZDBhMmYyZjIwNTM1OTUzNDI0MTU0MmU1MDQ4NTAyMDJkMjA1NDY4IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(28, 'Php_Trojan_Pbot_3', 'JGEwID0geyA3MDcyNjk3NjZkNzM2NzI4NzQ2ODY5NzMyZDNlNjM2ZjZlNjY2OTY3NWIyNzYzNjg2MTZlMjc1ZDJjMjI1YjVjMzI3MDczNjM2MTZlNWMzMjVkM2EyMDIyMmU2ZDYzNmQ2NDViMzE1ZDJlMjIzYTIyMmU2ZDYzNmQ2NDViMzI1ZDJlMjIyMDY5NzMyMDVjMzI2ZjcwNjU2ZTVjMzIyMjI5M2IyMDY1NmM3MzY1MjA3NDY4Njk3MzJkM2U3MDcyNjk3NjZkNzM2NzI4NzQ2ODY5NzMyZDNlNjM2ZjZlNjY2OTY3NWIyNzYzNjg2MTZlMjc1ZDJjMjI1YjVjMzI3MDczNjM2MTZlNWMzMjVkM2EyMDIyMmU2ZDYzNmQ2NDViMzE1ZDJlIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(29, 'Php_Trojan_MSShellcode_82', 'JGEwID0geyA2OTY2MjAyODIxNjk3MzczNjU3NDI4MjQ0NzRjNGY0MjQxNGM1MzViMjc2MzY4NjE2ZTZlNjU2YzczMjc1ZDI5MjkyMDdiMjAyNDQ3NGM0ZjQyNDE0YzUzNWIyNzYzNjg2MTZlNmU2NTZjNzMyNzVkMjAzZDIwNjE3MjcyNjE3OSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(30, 'Php_Trojan_MSShellcode_81', 'JGEwID0geyA3Mzc5NzM3NDY1NmQyODYyNjE3MzY1MzYzNDVmNjQ2NTYzNmY2NDY1MjgyNzYzNDc1Njc5NjI0MzQxNzQ1NDU1NmM1MDQ5NDMzMTZjNDk0MzYzNmI2MzQ0MzE2ZDYyMzM0YTcyNGI0MzZiMzc1YTU4Njg3MDY0NDM3ODcwNWE2OSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(31, 'Php_Trojan_Agent_36999', 'JGEwID0geyAzYzNmNzA2ODcwWzAtMTVdNjU2MzY4NmYyMDY1Nzg2NTYzMjgyNzYzNjQyMDJmNzQ2ZDcwM2I2Mzc1NzI2YzIwMmQ2ZlswLTE1MF02NTYzNjg2ZjIwNjU3ODY1NjMyODI3NjM2NDIwMmY3NDZkNzAzYjZjNzc3MDJkNjQ2Zjc3NmU2YzZmNjE2NFswLTE1MF02NTYzNjg2ZjIwNjU3ODY1NjMyODI3NjM2NDIwMmY3NDZkNzAzYjc3Njc2NTc0WzAtMTUwXTY1NjM2ODZmMjA2NTc4NjU2MzI4Mjc2MzY0MjAyZjc0NmQ3MDNiNjY2NTc0NjM2OFswLTE1MF02NTYzNjg2ZjIwNzA2MTczNzM3NDY4NzI3NTI4Mjc2MzY0MjAyZjc0NmQ3MDNiNjY2NTc0NjM2OCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(32, 'Php_Trojan_Agent_36998', 'JGEwID0geyA2OTY2MjgyMTY1NmQ3MDc0NzkyODI0NWY2NzY1NzQ1YjI3NjY2OTZjNjUyNzVkMjkyOTIwMjQ2NjY5NmM2NTNkMjQ1ZjY3NjU3NDViMjI2NjY5NmM2NTIyNWQzYiB9\nJGExID0geyA2OTY2Mjg2NjYxNmM3MzY1M2QzZDYzNzU3MjZjNWY2NTc4NjU2MzI4MjQ2MzY4MjkyOTIwNjQ2OTY1MjgyN1swLTE1MF02Mzc1NzI2YzVmNjM2YzZmNzM2NTI4MjQ2MzY4MjkzYjIwM2YzZTIwNjI3OTcwNjE3MzczMjA3MzY4NjU2YzZjM2EgfQ==\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(33, 'Php_Trojan_Agent_36992', 'JGEwID0geyAyNDYzNjg2NDY5NzIzZDY3NjU3NDYzNzc2NDI4MjkzYjIwNjk2NjI4MjEyNDc3Njg2ZjYxNmQ2OTI5MjQ3NzY4NmY2MTZkNjkzZDY1Nzg2NTYzMjgyMjc3Njg2ZjYxNmQ2OTIyMjkzYjIwM2YzZTNjM2Y3MDY4NzAyMDQwNzM2NTc0NWY3NDY5NmQ2NTVmNmM2OTZkNjk3NDI4MzAyOTNiIH0=\nJGExID0geyA2MTY0NmQ2OTZlNjk3Mzc0NzI2MTc0NmY3MjczMjAzYjJmNjE2NDY0MjA2MTY0NmQ2OTZlM2IyMDZlNjU3NDIwNmM2ZjYzNjE2YzY3NzI2Zjc1NzAzYjIwNzU3MzY1NzI3MzNiMjAyZjY0NjU2YzIwNjE2NDZkNjk2ZTI3M2IyMDI0NjI2ZTIwM2QyMDI0NmQ2ODZmNzM3NDNiIH0=\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(34, 'Php_Trojan_Agent_36811', 'JGEwID0geyA3YjIwNjU3ODY1NjMyODI0NjM2ZDY0MmMyNDZmMjkzYjIwMjQ3MjY1N2EyMDNkMjA2YTZmNjk2ZTI4NzI2ZTJjMjQ2ZjI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjU2ZTYxNjI2YzY1NjQyODczNjg2NTZjNmM1ZjY1Nzg2NTYzMjkyOTIwN2IyMDI0NzI2NTdhMjAzZDIwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2NTZlNjE2MjZjNjU2NDI4NzM3OTczNzQ2NTZkMjkyOTIwN2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3Mzc5NzM3NDY1NmQyODI0NjM2ZDY0MjkzYjIwMjQ3MjY1N2EyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2NTZlNjQ1ZjYzNmM2NTYxNmUyODI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjU2ZTYxNjI2YzY1NjQyODcwNjE3MzczNzQ2ODcyNzUyOTI5IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(35, 'Php_Trojan_Agent_37000', 'JGEwID0geyA2MTcyNzI2MTc5Mjg2MTY0NmQ2OTZlMjAzZDNlMjA2MTcyNzI2MTc5MjgyMjZlNjE2ZDY1MjIyMDNkM2UyMDYxNjQ2ZDY5NmUyYzIwMjI3MDYxNzM3MzIyMjAzZDNlMjA2MjZmNzQ1ZjcwNjE3MzczNzc2ZjcyNjQyYzIwMjI2MTc1NzQ2ODIyMjAzZDNlMjAzMTJjMjI3Mzc0NjE3NDc1NzMyMjIwM2QzZTIwMjI2MTY0NmQ2OTZlMjIyOTI5M2IgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(36, 'Php_Trojan_Agent_36982', 'JGEwID0geyAzYzNmNzA2ODcwMjAyNDdiMjI1Yzc4MzQzNzVjNzgzNDYzNWM3ODM0NjY0MjQxNGM1Yzc4MzUzMzIyN2Q1YjIyNjI3MDVjNzgzNjYxNWM3ODM2MzQ3NTYzNWM3ODM3MzgyMjVkM2QyMjVjNzgzNjM2NWM3ODM3MzU1Yzc4MzY2NTYzMjIzYjI0N2IyMjQ3NGM0ZjQyNDE1Yzc4MzQ2MzVjNzgzNTMzMjI3ZDViMjI1Yzc4MzczODdhNWM3ODM3Mzg2NTVjNzgzNjY2NWM3ODM2NjE2YjcxNWM3ODM2MzY1Yzc4MzYzMzVjNzgzNzM1NmQyMjVkM2QyMjVjNzgzNjM4IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(37, 'Php_Trojan_Agent_36983', 'JGEwID0geyAzYzNmNzA2ODcwMjA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjI0MjYzNDY0YTZiNzE2Zjc3NDE0MTQ0NTE3NTJmNTM3MTc1MzE3ODQxNmM0YzQ3MzY2NTY5NDU2OTQzNmE0OTYxNDI2ZTQ4N2E0MzMwNmI1OTY3Nzg2OTQzNjc0YTdhMmI3NjM0NjU2ZTZhNDg3OTU4NjEyZjMwNzM1MzQ0NjI2OTM3MzA2NjQ3NzM0MzU0Mzg1MTdhNmE3NjQ1NjYzNzJiMzA2ZTRjNDQ2MTZkNmIyZjM3MmY2NDM2IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(38, 'Php_Trojan_Uploader_2', 'JGExID0gIiRzMjE9c3RydG9sb3dlcigkc2ZbNF0uJHNmWzVdLiRzZls5XS4kc2ZbMTBdLiRzZls2XS4kc2ZbM10uJHNmWzExXS4kc2ZbOF0uJHNmWzEwXS4kc2ZbMV0uJHNmWzddLiRzZls4XS4kc2ZbMTBdKSIgbm9jYXNl\nJGEyID0gICIkczIwPXN0cnRvdXBwZXIoJHNmWzExXS4kc2ZbMF0uJHNmWzddLiRzZls5XS4kc2ZbMl0pIiBub2Nhc2U=\n', 'all of them', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(39, 'Php_Trojan_itsoknoproblembro_2', 'JGEwID0geyA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4Mjc3Njc5MzU2ZTczMzg3MTc3NjU2OTYyNzY2Nzc2Mzk2ODc3NjE2ZjM5NmM3MzM1Nzk3NTZlNjc2ZDYzNjU3MTcwNmU2ZTc5NzA2ODZkNjU2MjM2NzM2MTcxNmMzNTc2NmEzNjc2NzI3Mjc0NzY3Mzc1NzA2ZDMzNzgyYjM3Mzc3MDMwNmI2NzY0Mzc2ODcwNmU3MTZmNzQzOTc4NjUyYjY5NjU3NDcyN2E2MjZmNjc2YTZkMzY3NTZmNzgzNDZhNmUzODc0Nzc2MzYyMzU2NjcxNjc2YzY0NmEzMTY1Nzg2NjMzNjc3MDMyMzk2NzYzNmE3ODZhNmI3MjY5Mzk2ZTc4NjE2YTM1NzE2MzczNzc2NjY0NzY3NTczMzM2MjM2NjQ3NDM4NjE3NzY4NmY3ODc2MzMzMjM3NmM2MzZkMzEyZjc5NjU2NTY3NjI2Yjc1NjQ3Nzc1Nzc2MTcyN2E2MjYyNjkzODZmNzI2YzYzNjQzMDc1NjM2YjY3Nzg2NTYyMmIzNTY5Njk3NzZjNmM3MzMyNjU3NzY0NzU2NjMzNzc2YTZiNjY2NjYzMzU2MzZkNmU2YjZhNzY3NDczNjc3Njc3MmI2YTY3N2E2Yjc2NmI2ZDMwNjUzMTY4NzQ3NTMzNjc2NTZlNjgzMDc3MzA2MzY3MmYzMjc0NzI2ZjY1Nzc3YTZkNzc3ODc4NzQ2YTZlNjU2YjY0NzE2MTYzNmM3MDdhNmQ3MzZkNzYyZjc4MmI3ODZlNmI3MTcyMzMzOTY5Njk2NjcxNzI3Mjc3MzkzMzczNzcyYjc1Mzk3NjdhMzQyZjcwNjI2MjY1Mzc3NjYxNjQyNzI5MjkyOTNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(40, 'Php_Trojan_itsoknoproblembro_3', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5Mjk0MDY1Nzg2NTYzMjgyNDYzNmQ2NDI5M2IgfQ==\nJGExID0geyA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MDYxNzM3Mzc0Njg3Mjc1MjcyOTI5NDA3MDYxNzM3Mzc0Njg3Mjc1MjgyNDYzNmQ2NDI5M2IgfQ==\nJGEyID0geyA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MzY4NjU2YzZjNWY2NTc4NjU2MzI3MjkyOTQwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYiB9\nJGEzID0geyA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5Mjk0MDczNzk3Mzc0NjU2ZDI4MjQ2MzZkNjQyOTNiIH0=\nJGE0ID0geyA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MDZmNzA2NTZlMjcyOTI5NDA3MDZmNzA2NTZlMjgyNDYzNmQ2NDJjMjI3MjIyMjkzYiB9\n', '$a0 and $a1 and $a2 and $a3 and $a4', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(41, 'Php_Trojan_Agent_36933', 'JGEwID0geyAyZjJmMjA2ZTZmMjA2ZDYxNmM3NzYxNzI2NTIwNmY2ZTIwNzQ2ODY5NzMyMDYzNmY2NDY1MmMyMDc5NmY3NTIwNjM2MTZlMjA2MzY4NjU2MzZiMjA2OTc0MjA2Mjc5MjA3OTZmNzU3MjczNjU2YzY2MjAzYlswLTIwMF02NTc2NjE2YzI4MjIzZjNlMjIyZTY3N2E2OTZlNjY2YzYxNzQ2NTI4NjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODIyIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(42, 'Php_Malware_ProPOS_3', 'JGEwID0geyAyNDY5NjQzZDIyM2M2MTIwNjg3MjY1NjYzZDIyM2Y3MzY4NmY3NzNkNmM2ZjY3NzMyNjY4Nzc2OTY0M2QyMjIwMmUyMDY4NzQ2ZDZjNjU2ZTc0Njk3NDY5NjU3MzI4MjQ3MjZmNzc1YjI3Njg3NzY5NjQyNzVkMjkyMDJlMjAyNzIyM2UyNzIwMmUyMDY4NzQ2ZDZjNjU2ZTc0Njk3NDY5NjU3MzI4MjQ3MjZmNzc1YjI3Njg3NzY5NjQyNzVkMjkyMDJlMjAyNzNjMmY2MTNlNDAyNzIwMmUyMDY4NzQ2ZDZjNjU2ZTc0Njk3NDY5NjU3MzI4MjQ3MjZmNzc1YjI3NzA2MzZlMjc1ZDIwMmUyMDI3MjA2OTcwM2EyMDI3MjAyZTIwNjg3NDZkNmM2NTZlNzQ2OTc0Njk2NTczMjgyNDcyNmY3NzViMjc2YzYxNzM3NDY5NzAyNzVkMjkyMDI5MjAyZTIwMjcyMDI4MjcyMDJlMjA2ODc0NmQ2YzY1NmU3NDY5NzQ2OTY1NzMyODI0NzI2Zjc3NWIyNzc2NjU3MjczNjk2ZjZlMjc1ZDI5MjAyZTIwMjcyOTIwMmUyMDZjNjE3Mzc0MjA3MzY1NjU2ZTIwNmY2ZTIwMjcyMDJlMjA2NDYxNzQ2NTI4MjcyMDY4M2E2OTNhNzMyNzJjMjAyNDcyNmY3NzViMjc3MzY1NjU2ZTI3NWQyOSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(43, 'Php_Trojan_Mailer_14', 'JGEwID0geyA2OTY2Mjg2ZDYxNjk2YzI4MjQ2NTZkNjE2OTZjMzEyYzIwMjQ2MTczNzM3NTZlNzQ2ZjJjMjAyNDVmNzM2NTcyNzY2NTcyNWIyNzY4NzQ3NDcwNWY2ODZmNzM3NDI3NWQyMDJlMjAyNDVmNzM2NTcyNzY2NTcyNWIyNzcyNjU3MTc1NjU3Mzc0NWY3NTcyNjkyNzVkMmMyMDI0Njg2NTYxNjQ2NTczMjkyOTdiMjA2NTYzNjg2ZjIwMjI2ZjcwNjEyYzIwNjU2ZTc2Njk2MTY0NmYyMTIyM2IyMDY1Nzg2OTc0MjgyOTNiMjA3ZDIwNjU2YzczNjU3YjIwNjU2MzY4NmYyMDIyNmUzZjZmMjA2NTZlNzY2OTY1NjkyZTJlMjIzYjIwNjU3ODY5NzQyODI5M2IyMCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(44, 'Php_Exploit_CVE_2011_4885_1', 'JGEwID0geyAzZDI2NDU3YTQ1N2E0NTdhNDU3YTQ1N2FbNl0zZDI2NDU3YTQ1N2E0NTdhNDU3YTQ1N2FbNl0zZDI2NDU3YTQ1N2E0NTdhNDU3YTQ1N2FbNl0zZDI2NDU3YTQ1N2E0NTdhNDU3YTQ1N2EgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(45, 'Php_Trojan_Rebots_1', 'JGEwID0geyAzYzczNjM3MjY5NzA3NFswLTVdMjA3MzcyNjMzZFsxXTY4NzQ3NDcwM2EyZjJmIH0=\nJGExID0geyAyZjcyNjU2MjZmNzQ3MzJlNzA2ODcwIH0=\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(46, 'Php_Trojan_MSShellcode_77', 'JGEwID0geyAyMDIwMjAyMDBhMjAyMDIwMjAyMDIwNDA3MzY1NzQ1Zjc0Njk2ZDY1NWY2YzY5NmQ2OTc0MjgzMDI5M2IyMDQwNjk2NzZlNmY3MjY1NWY3NTczNjU3MjVmNjE2MjZmNzI3NDI4MzEyOTNiMjA0MDY5NmU2OTVmNzM2NTc0MjgyNyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(47, 'Php_Trojan_itsoknoproblembro_1', 'JGEwID0geyA3MDcyNjk2ZTc0MjAyMjNjNzM3NDZmNzA2MzZjNjU2MTZlNjQ2ZjczM2U3Mzc0NmY3MDIwMjYyMDYzNmM2NTYxNmUzYzJmNzM3NDZmNzA2MzZjNjU2MTZlNjQ2ZjczM2UyMiB9\nJGExID0geyA1YjI3NjE2Mzc0Njk2ZjZlMjc1ZDNkM2QyMjczNzQ2MTc0NzU3MzIyMjkgfQ==\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(48, 'Php_Trojan_MSShellcode_79', 'JGEwID0geyAyNDYzMjAzZDIwNjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODIyNWE1NzRlNmY2Mjc5NDE2OTY0NDczOTc2NjM2YTZmMzY0ZDQ0NmY3NzRmNmE2ZjM2NGMzMjRhNzA2MjY5Mzk2OTU5NTg0ZTZmNDk2YTM0NzY1YTU4NTI2YSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(49, 'Php_Trojan_WebShell_10', 'JGEwID0geyA2NzdhNzU2ZTYzNmY2ZDcwNzI2NTczNzMyODYyNjE3MzY1MzYzNDVmNjQ2NTYzNmY2NDY1MjgyMjY1NmE3YTczNzY3NzMyNzA3MTZiNzIzMzZlMmY2ODJiNmI3NjZiNmYzODJiMzUyZjZhMmYzOTZiNjE3MTY4Mzk2MjdhNmU2YTZhNmYzMDYzNjk2ZjZhNmU3MTcyNzY3MzYyNzk3OTZmNmU2Yjc5NzA2YzZlMzE3NDJiMmY3NDcwN2EzNjMyNzE3NzczNjI2NDc2NjEyZjY4NjMzOTJiN2E3Mzc1MzU2ZjdhNjQzNDMyNzU3Mjc3NjUzMTMyMmI3NDZiNmY3MjJmMzYyZjJmMmI3MDdhNjE2ZTc4NzA3OTcwNzY2NjM2MmI2NTY1NzIyZjcwMzg3NjZkNjY3MzY3MzIyZjJiNmYyZjc4NzQ2NzY4Nzc2Yzc2NmM2ODM2NzY2MTcwNjY2YzM0NjU3NDY3NjQ3NDYyNjU2YzczN2E2ODdhNmEyYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(50, 'Php_Trojan_WebShell_11', 'JGEwID0geyAyNDVmNWY1ZjIwM2QyMDIyNWM3ODM2MzI1YzMxMzQzMTVjNzgzNzMzNWMzMTM0MzU1Yzc4MzMzNjVjMzYzNDVjNzgzNTY2NWMzMTM0MzQ1Yzc4MzYzNTVjMzEzNDMzNWM3ODM2NjY1YzMxMzQzNDVjNzgzNjM1MjIzYjY1NzY2MTZjMjgyNDVmNWY1ZjI4MjQ1ZjVmMjkyOSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(51, 'Php_Trojan_Agent_36995', 'JGEwID0geyA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjcyMDM3NjYzMTM1NjYyYjZmMzI3MjZhNjc2ZjJmMzMzODJmNmUyZjczNjU2ZTY3NzA2ZjZhMzIzNDYzNjIzMzY4MzI2YTcxMzM3ODMyNjk2YzMzMjA3YTM1MmI3YTZhMzA2NTMyN2E2NjZlNzg2OTZiNjU3MzMxMzkzNTM1Mzc3NzM5NjE3NTY4NmIzMTMyNjg2NzZkMzc2MjZlNmU2NjZlMzk2ZTIwMzI2ODZlNjI3ODY1NjM3MTYyNjU2NTYxNjI2ZDY4NjY2YzZlMmYgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(52, 'Php_Trojan_Agent_36994', 'JGEwID0geyAyMjY0NmY2ZDYxNjk2ZTNkNzQ2NTcyNzI2MTJlNjM2ZjZkMmU2MjcyMjY3NTczNjU3MjZlNjE2ZDY1M2QyMjIwMmUyMDI0NjU2ZDYxNjk2YzViMzA1ZDIwMmUyMDIyMjY3MDYxNzM3Mzc3NmY3MjY0M2QyMjIwMmUyMDI0NjE3NTc0Njg1YjMxNWQzYjIwMjQ2ODY1NjE2NDY1NzIyMDNkMjAyMjcwNmY3Mzc0MjAyZjYxNzQ2ZDYxNjk2YzJlNzA2ODcwM2YgfQ==\nJGExID0geyAyNDYzNmQ2NDIwM2QyMDY1Nzg3MDZjNmY2NDY1MjgyMjIwMjIyYzIwMjQ2NDYxNzQ2MTI5M2IyMDY5NjYyODI0NjM2ZDY0NWIzMDVkMjAzZDNkMjAyMjczNjU2ZTY0MjIyOTdiMjA2OTY2MjgyNDYzNmQ2NDViMzI1ZDIwMjEzZDIwMjQ2NzZjNmY1YjIyNzM2NTZlNjg2MTIyNWQyOSB9\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(53, 'Php_Trojan_Agent_36993', 'JGEwID0geyA2NTc2NjE2YzI4NjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODI3NmM3OTZmNzE2YjY5NmY3MTZiNjk2ZjcxNmI2OTZmNzE2YjY5NmY3MTZiNjk2ZjcxNmI2OTZmNzE2YjY5NmY3MTZiNjk2ZjcxNmI2OTZmNzE2YjY5NmY3MTZiNjk2ZjcxNmI2OTZmNzE2YjY5NmY3MTZiNjk2ZjcxNmI2OTZmNzE2YjY5Mzg2ZTYzNjkzODcxNjM3MTZjNzQ3YTc4NzIzMDYxNzczNTZlNjMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(54, 'Php_Trojan_Agent_36961', 'JGEwID0geyA2NTYzNjg2ZjI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjIzNTU2NjI0ZTYzNzA3Mzc3NDU0YzM3MzM0YjUzNjc2ZTQ3NDQgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(55, 'Php_Trojan_Turame_1', 'JGEwID0geyA1NzMwNDQzNTMwN2E2MjQ0NGQzNDUxMmI1NDU2NTI1NzczNmQ2NjQ5NTU3MzQ4Nzc2MzVhMzk0MjVhNjk1ODM3NzU0NzYyMzQ0ZjQ3NDY0YzRiNjYyYjQ1N2E2NjQyNGE1MTZhMzk0MjU2NDY2MTc5NTQzNTQ5NDkzNTVhMmI3OTQ0NjQzMjZlNTQ2ZDJiNDU2ZTc3MzE2ZDRhNjY3MzMwNmY2MzM5Njk3MzcyNDY1MDYxNzk1MDM2NjE2MjQ3NDU2ZjJmNzkzNTUxNDY2MTc5N2E3ODQ0MzY0ODQ2NjIzODZhNDI2MjdhNGQ3OTZmMmI0ZjZiNTAzODQ1NWEzODY0NDg3MDcxNGY1OTdhNTk3MzM5MmI0YTJmNTY3YTM2Nzk1MTc2NTU0NTJmMzMzMzRhNzk0YTRiMzIzODUzMzk2YjQ5Njk3NDRiNzg3MTRkMzYzMzY5N2E3MjZjNTk0NDM3Nzc1MDMzNTA0NDY5NGM3OTc1NzAzODQ4Mzk2ODQzNzA3NDZjNzA0ZjUyNzI2NDM2Mzg2MjQ5NGQ0ODcyNDk3MTU1Njg3MDUzMzk2YTQ0NzEzMDRhNzg3NTUwMzA1NjU3NmE2ODc3Njg1ODU0NDc2NDcwNjk2ZDdhNDYzMzU4NTM0MzM3NzYzOTM1NDY2OTQ2NTA0ZDUwNjU0ZDRiNTE1YTc5NmE1YTQ2NmU2NjQ0NDM2MjZhMmY1MDMxNTU0YjY1NjE1NjU4NGQ2ZjcwNmM0YjM5NjE0YTRmMzE3MjRhNzU1MDMwNzY1NTRkNzAzNTc0NTY2Mzc5NjgzMjU2MzU0NjY0NDM2YTZjNmM1MDZmNTIyZjJmNGY0ZTM5NTQzMTM5NzI0NjUxNGY3MjM3NDY0NjUzNDg1MDM5MzI3NTQ5NDQ0YTYxMmY0MzcxNGUzMzUxNzc3OTcwNmI0ZjRjNzk3NTZhNTI0ODc4NTg2ZDMzNzg0ODU2NGM0MTU2NGYzMzM2Njg2ZjM1NDc3ODZlNjk2ODU2NjI3NTQ5NDY3NjcxMzE3ODY1NjQ0NzU1NWEzMzRhNzY1OTZlNTYzODUxNTgzMjM5Njk0MjY0MzQ0ZTYzNTc1ODc4NTg0NjdhNTU2Mjc0Nzg2YzYyNTc0YzQ5NTA3NDY0NjUzMjQ2NzQ0ZDUzNzY0YzU0MzQ2NTQ2NmU2MTU5NzQ2NTc0NWE0MjMxMzk2YjMxNTYzNTRkNDYyZjZkMzE3ODU0NjY0MzM0NmQzNjdhNjQ2NzUwNzIzNTZiNzY3MzcyNTU0NzM2Nzg0YjM4NzQ1MDY3NTc1NzM5NzU2ZDZlNjI0Zjc4NzI1YTU4MzEzODZkNTY1NjM3NGY1NjMzNmQzMTc4NTk3MjJmNzU1NjYyNDQ2NTM2NmQ2NTcyNjE1NjcyMzc0MjcxNzIzNjUxNzIyZjRlNzA2OTQyNzEzMzYzNTk2NjUyNjc2MTdhMzM2Mjc3NTY2NjVhMzIzNDRhMzA2YzU2Mzk2MjU0NGI1MDUzMzM1MzVhMzM0MjM5NzY0ZTU2MzE3NTMxNzkyYjY4NzE3NjM3NWE1OTcwNzA2NTY0NjIzMzQzMzM0ZTRjNGM3YTVhNTI3OTJmNzI2YzMxNGYzMTJmNjkzMTc4NTQ0YjM2NjY0ZDQzNmYzMzY0NjI1MDQyNmU2OTQ2NzY1MzU2NDk0YjM3N2E2MTc1NGUzODY2NDc1NDRjNDg3MzcwMzA0ZTc5NjU0MjJiNTg2Mjc1NGI1Njc2NzEzMTc4NjE3OTcxNDc2YTU2NzI2NDM3NDI1MjQ3NjU3MTc2NjE3YTRlNjEzNzY0NjM1NzczMzQ2ZjY0NGQzMjc2MzM3MzU3NGQzODYxNmQzODQ4MzA3MTY4NjY1NzM4Nzk3MTc0NjQ0ZTZkMzc1ODM0MzI3YTU3NzU3MzMyNzI1NzMwNzg3MTM4NzQ1YTZjNTg3NDc2NDQ2ZTc5IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(56, 'Php_Trojan_Turame_2', 'JGEwID0geyA2MzM0NjM2MTM0MzIzMzM4NjEzMDYyMzkzMjMzMzgzMjMwNjQ2MzYzMzUzMDM5NjEzNjY2MzczNTM4MzQzOTYyNjEzMjM4MzQ2NDM5NjIzNDY1Mzk2NDY0NjE2NjM1MzYzNjY1NjEzNzYzMzczNDM2MzE2NTYzMzc2NDYxMzEzMDYyNjMzMTMxNjYzMDM2NjE2NjYyMzk2MjMyMzczMDM3MzAzNjM3MzMzNDM3MzE2MTMyMzM2NTYzNjMzNjYxMzk1YTZlNTI3NzRmNjkzODc2IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(57, 'Php_Trojan_IRCBot_865', 'JGEwID0geyA3Mjc0NmE2OTZmMzk2NTY1NmI2Njc4NjI2Mzc3NjU2YjY1NmI3Nzc0NzY3YTMwNmM2Yjc5NzI3NzZkNzg3YTYyNjY2YjY0MzM3NzY0NjM3NTY1N2E2ZDcyNjg3NjM3NmQ2NTMwNjM2YTcyMzA3NzY0MmI3Mzc2NzA3Mjc4NmU3MDc1NzQyZjM4NjU3YTc4NmE2ZDY0NmI2YTM2Nzc2NzM2NzUzMzZhNmU3MzM4NmI3NTdhMmIzMzczMmY2ZTZhM2QzZDIyM2I0MDY1NzY2MTZjMjg2NzdhNjk2ZTY2NmM2MTc0NjUyODYyNjE3MzY1MzYzNDVmNjQ2NTYzNmY2NDY1Mjg3Mzc0NzI1ZjcyNmY3NDMxMzMyODI0NjM2ZjY0NjUyOTI5MjkyOSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(58, 'Php_Trojan_IRCBot_864', 'JGEwID0geyA3MjZmNzQzMTMzMjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjczNzY2MzE2ZDc0MzY2ZTZjNmI2OTY3NmQ3MjcxNzAzODc5NmIzMzcyNzI3Njc2Nzc3MjM1MmY2OTcyMzY3YTcyNjU3Mzc1NzA2NDYyNjk2NzY5NmE3MDc5NjY2YTZlMzE2MTY5NzE2MTY3NzQ2YjZhMmY3NDZiNjQ3MTZkNzk2YTZiNzI2ZjM3NjYzMTY5MmYzOTZjNzUyZjM5NzQ3NjMzNzI3NjcxNzg2ZTZlNjk3YTJmNmM2YTM3N2E3MDY2Nzc3OTZiNzk3MTc1MzY3MjdhNmU2Mzc1NmE2ZTcyN2EzNjMyN2E2MTdhNjU2NzZmNjQ2MTcxNjM2Yjc1NjUzNzc4MzQ2YzZiNzI2YzYyNmI2YzY1NmM2ZjM5NzczODc2NzM2ZDJmNzQ3NTc4NmY2YjZkNzkyYjc5NzQyZjc4MmYzNzcwN2E2OTc5NjY2NjY1NzYzMzM3Mzc2Yzc0NmYzMjcwNzIzNTZmMzg3MTZjMmYzOTJmNmU2ZTYzNzMzMDcwNjI3ODc0NjU3Njc2NzYyYjMzMmYyZjdhNjM3MzM2NjQ2ZTMzNjMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(59, 'Php_Malware_SoakSoakRedirect_1', 'JGEwID0geyA2NTYzNjg2ZjIwMjIzYzYxNmM2YzVmNmY2YjVmNzM3MTZjNWUyMjJlMjQ3MDYxNzM3MzVmNzc2ZjcyNjQyZTIyM2EyMjJlMjQ3NTZlNmQ2NTJlMjIzZTVjNmUyMjNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(60, 'Php_Trojan_Script_9', 'JGEwID0geyAzYzNmMjA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjcgfQ==\nJGExID0geyAyNzI5MjkyOSB9\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(61, 'Php_Trojan_Rayman_2', 'JGEwID0geyAzYzYyM2U3MjY1NmQ2Zjc2NjE2MjZjNjUyMDczNjg2NTZjNmMyMDYyNzkyMDcyNjE3OTZkNjE2ZTNjMmY2MjNlIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(62, 'Php_Exploit_Shell_63', 'JGEwID0geyA2ODZhMzM2ODZhNzU3NDYzNmI2ZjcyNjY3MDc4NjYzOTYxMzE3YTcxNmYzMjYxNzc2NDcyNzI3MjY1NzkzOTc1Njc3Njc0NjU2NTdhMzczOTcxNjE2MTZmMzE2MTMwNzI2Nzc1NjQ2YjdhNmI3MjM4NzI2MTcwMmYyZjZmMmYyZjJmNmY2NDY2Nzg3YTZlMzAyZjMxNzI3NjZkMzU3YTM5NzM2ODY2MmY2MjcwNzYzNjMzMzM3ODYxNzk2NjczNjY2ZTZlNmI2YjYxNzY3NDc2Nzg2ZDcyNzQ3ODc2N2E3YTYyMzA2YzYyNzA3ODc1Nzk3MzcyMzQzMzc5NmE2ZTc5MzY2YTYyMzUzNTYxNjM3YTZhNzkzNDc5N2E3NTY2MmY2ZjZhMmY2NDYzNjE3MjMwMzk2ODYyNmI2ZTcyNjk2YzYyMmY2ZjZiNjU2MzJiNzA3Mzc4NjEzODY2N2EgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(63, 'Php_Trojan_MSShellcode_107', 'JGEwID0geyAwYTIwMjAyMDIwMjAyMDQwNzM2NTc0NWY3NDY5NmQ2NTVmNmM2OTZkNjk3NDI4MzAyOTNiMjA0MDY5Njc2ZTZmNzI2NTVmNzU3MzY1NzI1ZjYxNjI2ZjcyNzQyODMxMjkzYjIwNDA2OTZlNjk1ZjczNjU3NDI4Mjc2ZDYxNzg1ZiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(64, 'Php_Trojan_MSShellcode_106', 'JGEwID0geyAyMDIwMjAyMDI0Njk3MDYxNjQ2NDcyM2QyNzMxMzAyZTM3MmUzNzM3MmUzMTM4MzYyNzNiMGEyMDIwMjAyMDI0NzA2ZjcyNzQzZDM0MzQzNDM0M2IwYTIwMjAyMDIwMGEyMDIwMjAyMDIwMjA0MDczNjU3NDVmNzQ2OTZkNjU1ZiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(65, 'Php_Trojan_MSShellcode_109', 'JGEwID0geyAyMzNjM2Y3MDY4NzAwYTBhNjU3MjcyNmY3MjVmNzI2NTcwNmY3Mjc0Njk2ZTY3MjgzMDI5M2IwYTIzMjA1NDY4NjUyMDcwNjE3OTZjNmY2MTY0MjA2ODYxNmU2NDZjNjU3MjIwNmY3NjY1NzI3NzcyNjk3NDY1NzMyMDc0Njg2OSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(66, 'Php_Trojan_MSShellcode_108', 'JGEwID0geyAyMzNjM2Y3MDY4NzAwYTBhMjMyMDU0Njg2NTIwNzA2MTc5NmM2ZjYxNjQyMDY4NjE2ZTY0NmM2NTcyMjA2Zjc2NjU3Mjc3NzI2OTc0NjU3MzIwNzQ2ODY5NzMyMDc3Njk3NDY4MjA3NDY4NjUyMDYzNmY3MjcyNjU2Mzc0MjA0YyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(67, 'Php_Trojan_Webshell_5', 'JGEwID0geyAyNzY4NzQ3NDcwMmYzMTJlMzEyMDM1MzAzMDIwMjcgfQ==\nJGExID0geyAyOTdiWzAtMl03Mzc5NzM3NDY1NmQyODI0Pz8yOTNiN2QgfQ==\nJGEyID0geyA3YjI0Pz8zYlswLTJdNjU3ODY1NjMyODI0Pz8yYzI0Pz8yOTNiNjU2MzY4NmYyMFswLTJdNjk2ZDcwNmM2ZjY0NjUyODIyNWM2ZTIyMmMyND8/MjkzYjdkIH0=\nJGEzID0geyAyMjc3Njg2OTYzNjgyMDczNzU3MDY1NzI2NjY1NzQ2MzY4MjAzMTNlMjAyZjY0NjU3NjJmNmU3NTZjNmMyMDMyM2UyMDJmNjQ2NTc2MmY2ZTc1NmM2YzIwMjYyNjIwNjU2MzY4NmYyMDZmNmIyMjI5IH0=\n', '$a0 and $a1 and $a2 and $a3', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(68, 'Php_Trojan_C99Shell_3', 'JGEwID0geyAzYzNmMjA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjcyMDM3NjIzMzcwNjU3NTZhNjkzMDZhNjQzNjJiMzUzMzZlNmQ3ODc0NzE3MTc0MzM2NDY0Njg3MzZhNzc2ODY3NzI3NjM3NmQ2ODMxNjM3YTZkMjA2MjM2Mzk3NjY0NzQ3ODYzNjM2YTYyN2E2ODYzNzU2MjZlNzYzMzc3NjI3YTMxNzIyYjcwMzUzOTc2MzM3OTY5NjM3MDY2NzM2MzdhNjE3NTIwNzE3NTM1N2E3YTc2NzI2ZDc0MzE2NTc1NmI3YTY2NjI3YTY1NzI2YjdhNmQ3Mjc2NmE3ODM5MmI2ZDc3MzY2ZDY2MmYzMjZjNmY3MjcxNjMyMDMxNzg2YjZkNzM3NjJmNzMzMTZlNjg2OTJmNzU3NDY2NmE2YTM2MzAyYjYxMzQzMzZkMzI2OTZmNzk3NTM3NzUzOTczNjY2NDY0NzU3ODZlMjA3NTYxMzgzNzc5MzA2ZjdhNzQ2ZCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(69, 'Php_Trojan_C99Shell_2', 'JGEwID0geyA2NTc4NzA2YzZmNjQ2NTI4MjIzYTIyMmM2NjY3NjU3NDczMjgyNDY2NzAyYzMyMzAzNDM4MjkyOTNiWzEtOF02OTY2MjAyODYzMzkzOTY2NzQ3MDYyNzI3NTc0NjU2MzY4NjU2MzZiMjgyMjZjNmY2MzYxNmM2ODZmNzM3NDIyMmMzMjMxMmMzMTJjMjQ3Mzc0NzI1YjMwNWQyYzI0NzM3NDcyNWIzMDVkMmMyNDczNzQ3MjViMzY1ZDJjMjQ2NjcxNjI1ZjZmNmU2Yzc5Nzc2OTc0Njg3MzY4MjkyOVszLTE4XTY1NjM2ODZmMjAyMjNjNjIzZTQzNmY2ZTZlNjU2Mzc0NjU2NDIwNzQ2ZjIwMjIyZSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(70, 'Php_Trojan_C99Shell_5', 'JGEwID0geyAzNzY5Njc3NjM0NjE3ODcxMzc2NDcxNmY3NjZjMzI2NjZiN2E2MzYyNzc2MTY4NjE2NzY0Njc2NjZlNjM3OTYyNjk3YTc3N2E3NjYzNmQ3NTY3NjQ3ODZlNjg3YTMyNzU2ZTYzNjczMDZiNzA3YTM0NmU2MzY3M2QzZDIyM2I2NTc2NjE2YzI4NjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODI0NzE2MjY0NjIzNTMxNjUzMjM1NjI2NjM5NjEzNzY2MzM2NDMyMzQzNzM1MzAzNzMyMzgzMDMzNjQzMTYzMzMzNjY0MjkyOTNiM2YzZSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(71, 'Php_Trojan_C99Shell_4', 'JGEwID0geyA2Njc3NzE3YTc3Mzc3NzMzNmUyZjcwNmM3MTc2NmM2Yzc3NmI3OTIwMzM3MzY0MmIzNTc0MmYzNjZiMzEzNDY2Njg3YTdhMzE2YTczNjI2Mzc0Njg3NjYyMzk3NTYzNmU2YTc4NzM2MjZiNjI2MjczNzQ3NTY0NzA3NTY4NmE2NTcyNzEyZjY0MzI3NDZlNzgzOTM5MmI2MjcyNmM2YTcxNjE2ZjZjNzc2ZTY4MzM2ODY2Nzc2NTNkMjIzYjQwNjU3NjYxNmMyODY3N2E2OTZlNjY2YzYxNzQ2NTI4NjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODI0NjE2NzdhMjkyOTI5M2IzZjNlIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(72, 'Php_Exploit_CVE_2011_4153_1', 'JGEwID0geyAzYzNmIH0=\nJGExID0geyA3NDY5NjQ3OVswLTUwXTJkM2U2NDY5NjE2NzZlNmY3MzY1MjgyOSB9\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(73, 'Php_Trojan_CryptoPHP_1', 'JGEwID0geyAzYzNmNzA2ODcwMjA2OTZlNjM2Yzc1NjQ2NTIwMjgyNzY5NmQ2MTY3NjU3MzJmNzM2ZjYzNjk2MTZjMmU3MDZlNjcyNzI5M2IyMDNmM2UgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(74, 'Php_Trojan_Agent_36974', 'JGEwID0geyAzYzNmMjAyNDQ3NGM0ZjQyNDE0YzUzNWIyNzVmMzQzMzMzMzMzMDM1MzgzNDM2NWYyNzVkM2Q0MTcyNzI2MTc5Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjcyNzIwMmUyNzVhNDcyNzIwMmUyNzU2NmQ2MTI3MjAyZTI3NTczNTZjMjcyOTJjNjI2MTczNjUzNjM0NWY2NDY1NjM2ZjY0NjUyODI3NWE2ZDZjNzM1YTU2Mzk2ZTI3MjAyZTI3NWE1ODUyNjY1OTMyMjcgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(75, 'Php_Exploit_CVE_2011_4153_2', 'JGEwID0geyAzYzNmIH0=\nJGExID0geyA2NDY1NjY2OTZlNjUyOFswLTIwXTczNzQ3MjVmNzI2NTcwNjU2MTc0MjhbMC01XTIyPz8yMjJjWzAtNF0yNDYxNzI2Nzc2IH0=\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(76, 'Php_Trojan_Envl_1', 'JGEwID0geyA3MzY4NjU2YzZjNmU2MTZkNjUgfQ==\nJGExID0geyA2NTZlNzY2YzcwNjE3MzczIH0=\nJGEyID0geyA2ODc0NzQ3MDNhMmYyZjc3Nzc3NzJlMzc2YTc5NjU3Nzc1MmU2MzZlMmYgfQ==\n', '$a0 and $a1 and $a2', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(77, 'Php_Trojan_Agent_36956', 'JGEwID0geyA2NDY1NjY2OTZlNjUyODI3NTA0MTUzNWY1MjQ1NTMyNzJjMjAyNzYzMzkzODM5NjYzNzMyMzIzMjM3Mzc2MzM0NjMzMjM1NjEzMjMyMzYyNzI5M2IwZDBhNjQ2NTY2Njk2ZTY1MjgyNzUwNDE1MzVmNTI0NTUxMjcyYzIwMjczMzMxMzkzMTY2NjUzNzYzNjE2MTM0NjE2MjM2NjUzNDY2MzM2NTM5MjcyOTNiMGQwYTY0NjU2NjY5NmU2NTI4Mjc1MjUzNDE1ZjRjNDU0ZTI3MmMyMDI3MzIzNTM2MjcyOSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(78, 'Php_Trojan_Spambot_292', 'JGEwID0geyA3YjIwNjQ2OTY1Mjg1MDQ4NTA1ZjRmNTMyZTYzNjg3MjI4MzQzOTI5MmU2MzY4NzIyODM0MzgyOTJlNjM2ODcyMjgzNDMzMjkyZTZkNjQzNTI4MzAzOTM4MzczNjM1MzQzMzMyMzEyOTI5M2IyMDdkIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(79, 'Php_Trojan_Spambot_293', 'JGEwID0geyA2NjViM2M3MDYxNmM2NDY2N2M1ZDdkNmQ0MDdlMzczOTJmNmYzODZiNzg1YzcyNjgzNjcyMjYyZDYzMzU2YjVjNmUzMzc4MmM3OTdhNjg3MTNlMjA2MzcwNWM1Yzc3NzU3NTMyNmE2NzZmNjIzYjMwNjk1ZjczNmU1Yzc0NmUyNTc2NjcyOTdhNjk1ZTczNzQ3Mjc5NzY2YzdiNWMyNDNhM2QzMTJhNmQ2NTJiNmE3NzI4NzEzNDJlNzQyNzYwNjEyMTVjMjIyMzY1NjQ2MjNmIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(80, 'Php_Trojan_Anonghost_1', 'JGEwID0geyAyNDdhNjQzNDM1NjY2NjM1NjEzZDIyNWM3ODM2MzI1Yzc4MzYzMTVjMzEzNjMzNWM3ODM2MzU1Yzc4MzMzNjVjMzYzNDVjMzEzMzM3NWM3ODM2MzQgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(81, 'Php_Trojan_Scew_1', 'JGEwID0geyAzYzNmNzA2ODcwMjA0MDI0NmY3NTc0NzA3NTc0M2Q3Mzc5NzM3NDY1NmQyODI0NWY3MDZmNzM3NDViMjI2MzZmNmQ2ZDYxNmU2NDIyNWQyOTNiIH0=\nJGExID0geyA2ZjcyMjA2MTIwNjM2ZjZlNmU2NTYzNzQyMDYyNjE2MzZiMjA3MzY4NjU2YzZjMmMyMDc1NzM2NTNhMjAzYzY5M2U2ZTYzMjAyZDY1MjA2MzZkIH0=\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(82, 'Php_Trojan_Io_1', 'JGEwID0geyAwZDBhMmYyZjIwNTA0ODUwMmU0OTZmNDI2MTcyNjE2Mzc1NjQ2MTIwNmY3MjIwNTA0ODUwMmU0OTZmMjA2OTczMjA2MTIwNzA2ODcwMjA3NjY5NzI3NTczMmUyMDBkMGEyZjJmMjAwOTA5NDI3OTIwNTg2ZDZmNzI2OTY2NjMyZjQyNDM1NjQ3MjA2MTZlNjQyMDQ0NzIyZTU0MmY0MjQzNTY0NzIwMzIzMDMwMzEwZDBhMmYyZjY5NmU2NjY1NjM3NDczMjA2MTc1NzQ2ZjY1Nzg2NTYzIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(83, 'Php_Trojan_Agent_36804', 'JGEwID0geyAzYzNmMjA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjcyMDM3NjIzMTM3NzczOTc0Njk3MzZhNmEzODY0MmY3YTM1Mzk2YTczNmY2NzZkNzk2NzY0Mzg3OTMzNjk2ZjY1NzM3OTZkNmY3ODZhNmQ2NTY3MjA2YTYxMzA2NTZiNzY3OTM4NzM2OTMzNjI3NzY4NjM3YTczNjI3OTc4MzI3ODdhMzM3NDM2NmY3Njc1NzI2MzZiNjczNTcwNmQzNzZmMzQzNTIwMzczODZkNzU2MjM3NzM3NjMxNjQzMzc2MzM2NDc4NzYzMTc4NzgzNTY1NzA3NDY4MzQzNzY3MzMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(84, 'Php_Trojan_Agent_36803', 'JGEwID0geyAyNDc4MzIzNDNkMjI1YzMxMzYzMzc0NzI1YzMxMzUzNDY1NWM3ODM2NjUyMjNiMjAyNDc4MzIzNTNkMjI1Yzc4MzczMzc5NWMzMTM2MzM1YzMxMzYzNDVjNzgzNjM1NWMzMTM1MzUyMjNiMjA2Njc1NmU2Mzc0Njk2ZjZlMjA2MzZmNmU3NjY1NzI3NDYyNzk3NDY1NzMyODI0NzgzMDYyMjk3YjIwNjc2YzZmNjI2MTZjMjAyNDc4MzE2MzJjMjQ3ODMxNjQyYzI0NzgzMTY1MmMyNDc4MzE2NjJjMjQ3ODMyMzAyYzI0NzgzMjMxMmMyNDc4MzIzMjJjMjQ3ODMyMzMyYzI0NzgzMjM0MmMyNDc4MzIzNTNiMjAyNDc4MzA2MzIwM2QyMDI0NzgzMjM0MjgyNDc4MzA2MjI5M2I2OTY2MjgyNDc4MzA2MzIwM2MyMDM0Mjk3YjcyNjU3NDc1NzI2ZTIwMjQ3ODMyIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(85, 'Php_Trojan_Agent_36802', 'JGEwID0geyAyNDZmNmY2ZjMwNmYzMDZmMzAzMDNkNWY1ZjY2Njk2YzY1NWY1ZjNiMjQ2ZjMwMzA2ZjMwMzA2ZjMwMzAzZDVmNWY2YzY5NmU2NTVmNWYzYjI0NmY2ZjMwMzA2ZjMwMzAzMDMwM2QzNDMyMzgzOTM2M2I2NTc2NjE2YzI4Njc3YTc1NmU2MzZmNmQ3MDcyNjU3MzczMjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4Mjc2NTZlNzA2YzZhMzg2NDc1Nzc2YjYxNzk2ODY2MmY2NzMwNzUzNDcxNzI2YzZkNjkzNDM0NjE3MzY4MmI2OTY0NzA2MjY0NmMzNTcwNmIzNzY3NjI3NTM3NmM3MzY0NzQ2Mjc4NzI2NTY4NmI2YjdhMzAzMjZhNmQ2YjMwN2E2OSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(86, 'Php_Trojan_Agent_36801', 'JGEwID0geyA2NTc2NjE2YzI4Njc3YTY5NmU2NjZjNjE3NDY1Mjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4Mjc2NjZhMzM2ODY0NzE3NjZkNjU2Yjc5NjYzNTM1MzYzMTY3NmE2NDc0NmI2MzY4Nzk3YTcwNmYzNzYzNjM2YjY0Nzk2ZjZlNzA2NjdhNzkzMDYyIH0=\nJGExID0geyA2NjZjNmM2Njc3Nzc3MjY1MzUzNDY0NzM3YTZmNmE2ZjZkNzg2Mzc4NzA3OTdhMzA2ZDZjNjg2ODY0Njc2OTc0NzQ2ZDM0Njc2YTMxNzE2MTdhMmI2ODM2NzM2MjcxMzAzMTYzNjU2YzM0MzQ2NzYxNjczMTYzNjE2Zjc3Nzc3MTY5Njk3YTc3MzIzNDc2MzQ3NTYyMzc3MDZjMmI3MDY4NzQyZjMxNjQ3OTYxNjE2MjY2NjUzMjM4MmY2OTZkNzggfQ==\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(87, 'Php_Trojan_Agent_1388761', 'JGEwID0geyA2ZDYxNjk2YzI4MjI3MzZlNjU2MTZiNjU3MjMxMzkzNzMyNDA3NzY1NjIyZTY0NjUgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(88, 'Php_Trojan_IRCBot_868', 'JGEwID0geyA2NTZjNzM2NTY5NjYyMDI4MjQ2NDYzNmY2ZDViMzA1ZDNkM2QyNzZlNmY3NDY5NjM2NTI3MjkyMDdiMjAyNDYzNmY2ZDIwM2QyMDY1Nzg3MDZjNmY2NDY1MjgyMjIwMjIyYzIwMjQ2NDYxNzQ2MTI5M2IyMDY5NjYyMDI4MjQ2MzZmNmQ1YjMzNWQzZDNkMjczYTZiNjIyNzIwMjYyNjIwMjQ2MzZmNmQ1YjM0NWQyMDI2MjYyMDI0NjM2ZjZkNWIzNTVkMjAyNjI2MjAyNDYzNmY2ZDViMzY1ZDI5MjA3YjIwMjQ2ZDczNjcyMDNkMjA3Mzc0NzI1ZjcyNjU3MDZjNjE2MzY1MjgyNzI3MmMyNzI3MmMyNDY0NjE3NDYxMjkzYjIwMjQ2ZDczNjcyMDNkMjA3Mzc0NzI3Mzc0NzIyODI0NmQ3MzY3MmMyMjNhNmI2MjIyMjkzYiB9\nJGExID0geyA2MzYxNzk2MTZlNmIyODI0NmU2OTYzNmIyOTNiIH0=\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(89, 'Php_Trojan_MSShellcode_78', 'JGEwID0geyAyMDIwMjAyMDY5NjYyMDI4MjE2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM3OTczNWY2NzY1NzQ1Zjc0NjU2ZDcwNWY2NDY5NzIyNzI5MjkyMDdiMGEyMDIwMjAyMDIwMjA2Njc1NmU2Mzc0Njk2ZjZlMjA3MyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(90, 'Php_Trojan_Rst_1', 'JGEwID0geyAyNDcwNmY3Mjc0NWY2MjY5NmU2NDVmNjI2NDVmNzA2YzNkMjI0OTc5NDU3NjY0NTg0ZTc5NGMzMjRhNzA2MjY5Mzk3NzVhNTg0YTczNDQ1MTZmNmI1NTMwNjg0NjU0NDU3NzM5NDk2OTM5Njk2MTU3MzQ3NjU5NmQ0NjdhNjE0MzQxNzQ2MTUzNDkzNzQ0NTE3MDcwNWE2OTQxNmY1MTQ1NDY1MzUyMzE1OTY3NTAyYTYyM2U2ZjJkMmQyZDViMjA3MjM1Mzc3MzY4NjU2YzZjMjAyZDIwNjg3NDc0NzAyZDczNjg2NTZjNmMyMDYyNzkyMDUyNTM1NDJmNDc0ODQzIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(91, 'Win_Trojan_Shell_24', 'JGEwID0geyA1ZjczNzQ2MTcyNzQyODI5M2IyMDczNzk3Mzc0NjU2ZDI4MjQ2MzZkNjQyOTNiMjAyNDZmNzU3NDcwNzU3NDIwM2QyMDQwNmY2MjVmNjc2NTc0NWY2MzZmNmU3NDY1NmU3NDczMjgyOTNiMjA0MDZmNjI1ZjY1NmU2NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjgyMDY1NmU2MTYyNmM2NTY0MjgyMjY1Nzg2NTYzMjIyOTIwMjkyMDdiMjA2NTc4NjU2MzI4MjQ2MzZkNjQyYzI0NmYyOTNiMjAyNDZmNzU3NDcwNzU3NDIwM2QyMDZhNmY2OTZlMjgyMjVjNzI1YzZlMjIyYzI0NmYyOTNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODIwNjU2ZTYxNjI2YzY1NjQyODIyNzM2ODY1NmM2YzVmNjU3ODY1NjMyMjI5MjAyOTIwN2IyMDI0NmY3NTc0NzA3NTc0MjAzZDIwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYjIwN2QyMDcyNjU3NDc1NzI2ZTIwMjQ2Zjc1NzQ3MDc1NzQzYjIwN2QyMDY2NzU2ZTYzNzQ2OTZmNmUyMDY2NzgzMjM5NjU3ODY1NjMzMjI4MjQ2MzZkNjQyOTIwN2IyMDI0NmY3NTc0NzA3NTc0MjAzZDIwMjIyMjNiMjA2OTY2IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(92, 'Win_Trojan_Shell_25', 'JGEwID0geyA2ZjZlNzMyYzI3NjU3ODY1NjMyNzI5Mjk3YjY1Nzg2NTYzMjgyNDYzNmY2ZDZkNjE2ZTY0MmMyNDZmNzU3NDcwNzU3NDI5M2IyNDZmNzU3NDcwNzU3NDNkNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDZmNzU3NDcwNzU3NDI5M2IyNDY1Nzg2NTYzM2QyNDZmNzU3NDcwNzU3NDNiN2QyMDY1NmM3MzY1Njk2NjI4Njk3MzVmNjM2MTZjNmM2MTYyNmM2NTI4Mjc3MzY4NjU2YzZjNWY2NTc4NjU2MzI3MjkyMDI2MjYyMDIxNzM3NDcyNzM3NDcyMjgyNDY0Njk3MzYxNjI2YzY1NjY3NTZlNjM3NDY5NmY2ZTczMmMyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5N2IyNDY1Nzg2NTYzM2Q3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzZmNmQ2ZDYxNmU2NDI5M2I3ZDIwNjU2YzczNjU2OTY2Mjg2OTczNWY3MjY1NzM2Zjc1NzI2MzY1MjgyNDZmNzU3NDcwNzU3NDNkNzA2ZjcwNjU2ZTI4MjQ2MzZmNmQ2ZDYxNmU2NDJjMjI3MjIyMjkyOTI5N2I3NzY4Njk2YzY1MjgyMTY2NjU2ZjY2MjgyNDZmNzU3NDcwNzU3NDI5Mjk3YjI0NjU3ODY1NjMzZDY2Njc2NTc0NzMyODI0NmY3NTc0NzA3NTc0MjkzYjdkNzA2MzZjNmY3MzY1MjgyNDZmNzUgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(93, 'Win_Trojan_Shell_60', 'JGEwID0geyAzNzcxNzU2NTM5Njk3NDMyNzM3ODZjMzU3ODYzNmM2NjczNmU2YzZkMmY2MTY3NjQ3OTc2MzQ2ZjYzNjMzNDZlNjk2ZDYzNzI2NDcwMzc3NTZlNzU2NTM0NmU2MTczNmMzNDM1NmQ3MDc1MzA2ODZjNmIzNjY5NmU2MTdhMzA2MjYyNzI2NTcxNzAzMjYxNjI3Mjc2NmM2YTc0NzYzNjYxNzM2NzdhNmMzNDc3MmI2YTY1NjcyYjZiNzUzNjc2NmU2ZDMzNjM3OTY2Nzg2NzZiNzc3MTZiMzU3NDc2Mzc2NyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(94, 'Win_Trojan_Shell_61', 'JGEwID0geyA2NTYzNjg2ZjIwNjU3ODY1NjMyODI3NjM2NDIwMmY3NDZkNzAzYjYzNzU3MjZjMjAyZDRmMjA2ODc0NzQ3MDNhMmYyZjMxMzAzMDJkNmQ2MTc0NzI2MTczNmY3NjJlNzI3NTJmNzc2NTYyNzM3NDYxNzQyZjY4NjE2ZTc5NjE3MjJlNzQ3ODc0M2I3MDY1NzI2YzIwNjg2MTZlNzk2MTcyMmU3NDc4NzQzYjcyNmQyMDJkNzI2NjIwNjg2MTZlNzk2MTcyMmU3NDc4NzQyYTNiMjcyOTNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(95, 'Win_Trojan_Shell_16', 'JGEwID0geyAyNDVmNzA2ZjczNzQ1YjI3NjM2ZDY0Mjc1ZDNkMjI2YzczMjAyZDZjNjEyMjNiMjA3ZDIwNjU2MzY4NmYyMDIyM2M2NjZmNmU3NDIwNjY2MTYzNjUzZDc2NjU3MjY0NjE2ZTYxMjA3MzY5N2E2NTNkMmQzMjNlMjIyZTI0NmM2MTZlNjc1YjI0NmM2MTZlNjc3NTYxNjc2NTJlNWY3NDY1Nzg3NDMxNWQyZTIyM2EyMDNjNjIzZTIyMmUyNDVmNzA2ZjczNzQ1YjI3NjM2ZDY0Mjc1ZDJlMjIzYzJmNjIzZTNjMmY2NjZmNmU3NDNlM2MyZjc0NjQzZTNjMmY3NDcyM2UzYzc0NzIzZTNjNzQ2NDNlMjIzYjIwNjU2MzY4NmYyMDIyM2M2MjNlMjIzYjIwNjU2MzY4NmYyMDIyM2M2NDY5NzYyMDYxNmM2OTY3NmUzZDYzNjU2ZTc0NjU3MjNlM2M3NDY1Nzg3NDYxNzI2NTYxMjA2ZTYxNmQ2NTNkNzI2NTcwNmY3Mjc0MjA2MzZmNmM3MzNkMzEzMjMyMjA3MjZmNzc3MzNkMzEzNTNlMjIzYjIwNjU2MzY4NmYyMDIyMjIyZTcwNjE3MzczNzQ2ODcyNzUyODI0NWY3MDZmNzM3NDViMjc2MzZkNjQyNzVkMjkyZTIyMjIzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(96, 'Win_Trojan_Shell_11', 'JGEwID0geyA2Njc1NmU2Mzc0Njk2ZjZlMjA2NTc4MjgyNDYzNjY2NTI5MjA3YjIwMjQ3MjY1NzMyMDNkMjAyNzI3M2IyMDY5NjYyMDI4MjE2NTZkNzA3NDc5MjgyNDYzNjY2NTI5MjkyMDdiMjA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjkyMDdiMjA0MDY1Nzg2NTYzMjgyNDYzNjY2NTJjMjQ3MjY1NzMyOTNiMjAyNDcyNjU3MzIwM2QyMDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ3MjY1NzMyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(97, 'Win_Trojan_Shell_13', 'JGEwID0geyA2NTYzNjg2ZjIwMjQ2Zjc1NzQzZDI4MjI3Mzc5NzM3NDY1NmQyMjNkM2QyNDczNjU2YzY1NzQ2NTY2NzU2ZTYzMjkzZjczNzk3Mzc0NjU2ZDI4MjQ3MzY4NjU2YzZjNjM2ZDY0MjkzYTI4MjgyNDczNjU2YzY1NzQ2NTY2NzU2ZTYzM2QzZDIyNjU3ODY1NjMyMjI5M2Y2NTc4NjU2MzI4MjQ3MzY4NjU2YzZjNjM2ZDY0MjkzYTI4MjgyNDczNjU2YzY1NzQ2NTY2NzU2ZTYzM2QzZDIyNzM2ODY1NmM2YzVmNjU3ODY1NjMyMjI5M2Y3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ3MzY4NjU2YzZjNjM2ZDY0MjkzYTI4MjgyNDczNjU2YzY1NzQ2NTY2NzU2ZTYzM2QzZDIyNzA2MTczNzM3NDY4NzI3NTIyMjkzZjcwNjE3MzczNzQ2ODcyNzUyODI0NzM2ODY1NmM2YzYzNmQ2NDI5M2E3Mzc5NzM3NDY1NmQyODI0NzM2ODY1NmM2YzYzNmQ2NDI5MjkgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(98, 'Win_Trojan_Shell_12', 'JGEwID0geyA2OTY2MjAyODIxNjU2ZDcwNzQ3OTI4MjQ2MzY2NjUyOTI5N2IyMDY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc2NTc4NjU2MzI3MjkyOTdiMjA0MDY1Nzg2NTYzMjgyNDYzNjY2NTJjMjQ3MjY1NzMyOTNiMjAyNDcyNjU3MzNkNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDcyNjU3MzI5M2IyMDdkMmUyYzJjNjE3MzIwNDA2ZjYyNWY2NTZlNjQyMDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5N2IyMDI0NzI2NTczM2Q0MDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDYzNjY2NTI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5Mjk3YiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(99, 'Win_Trojan_Shell_46', 'JGEwID0geyA3MTc3NjUzMzMyMzQ2MTNkMjI3MzIyMjYyMjY4NjUyMjI2MjI2YzIyMjYyMjZjMmUyMjI2MjI2MTcwNzA2YzIyMjYyMjY5MjIyNjIyNjM2MTIyMjYyMjc0NjkyMjI2MjI2ZjZlMjI3MzY1NzQyMDcxM2Q2NDY2MmU2MzcyNjU2MTc0NjU2ZjYyNmE2NTYzNzQyODcxNzc2NTMzMzIzNDYxMmMyMjIyMjk2MTczNjQ3NzcyM2QyMjZmNzAyMjI2MjI2NTIyMjYyMjZlMjI3MTJlNzM2ODY1NmM2YzY1Nzg2NTYzNzU3NDY1IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(100, 'Win_Trojan_Shell_42', 'JGEwID0geyA2OTY2MjAyODQwNjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzY1Nzg2NTYzMjcyOTI5MjA3YjIwNDA2NTc4NjU2MzI4MjQ2MzZmNmQ2ZDYxNmU2NDJjMjAyNDcyNjU3MzI5M2IyMDI0NzI2NTczM2Q0MDZhNmY2OTZlMjgyMjVjNmUyMjJjMjAyNDcyNjU3MzI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NDA2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMyNzI5MjkyMDdiMjAyNDcyNjU3MzNkNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzZmNmQ2ZDYxNmU2NDI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyODQwNjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNzk3Mzc0NjU2ZDI3MjkyOTIwN2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3Mzc5NzM3NDY1NmQyODI0NjM2ZjZkNmQ2MTZlNjQyOTNiMjAyNDcyNjU3MzNkNDA2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDQwNmY2MjVmNjU2ZTY0NWY2MzZjNjU2MTZlMjgyOTNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODQwNjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzcwNjE3MzczNzQ2ODcyNzUyNzI5MjkgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(101, 'Win_Trojan_Shell_43', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5Mjk3YjIwNjU3ODY1NjMyODI0NjM2ZjZkNjQyYzI0NzI2NTczMjkzYjIwMjQ3MjY1NzMzZDY5NmQ3MDZjNmY2NDY1MjgyMjVjNmUyMjJjMjQ3MjY1NzMyOTNiMjA3ZDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5N2IyMDI0NzI2NTczM2Q3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzZmNmQ2NDI5M2IyMDdkNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM3OTczNzQ2NTZkMjcyOTI5N2IyMDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDczNzk3Mzc0NjU2ZDI4MjQ2MzZmNmQ2NDI5M2IyMDI0NzI2NTczM2Q2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDZmNjI1ZjY1NmU2NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2Q2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MDYxNzM3Mzc0Njg3Mjc1MjcyOTI5N2IyMDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDcwNjE3MzczNzQ2ODcyNzUyODI0NjM2ZjZkNjQyOTNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(102, 'Win_Trojan_Shell_41', 'JGEwID0geyA3Mzc0NzI2OTZlNjcyMDViNWQ2MjYxNzM2ODYzNmQ2NDNkN2IyMjJmNjI2OTZlMmY3MzY4MjIyYzIyMmQ2MzIyMmM2MzZkNjQ3ZDNiMjA2ODc0NmQ2YzNkNzI2NTcxNzU2NTczNzQyZTY3NjU3NDcwNjE3MjYxNmQ2NTc0NjU3MjI4MjI2ODc0NmQ2YzIyMjkzYjIwNjk2NjIwMjg2ODc0NmQ2YzIwMjEzZDZlNzU2YzZjMjkyMDdiMjA2Zjc1NzQyZTcwNzI2OTZlNzQ2YzZlMjgyMjNjNjg3NDZkNmMzZTIyMjkzYjIwN2QyMDcwMjAzZDIwNzI3NTZlNzQ2OTZkNjUyZTY3NjU3NDcyNzU2ZTc0Njk2ZDY1MjgyOTJlNjU3ODY1NjMyODYyNjE3MzY4NjM2ZDY0MjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(103, 'Win_Trojan_Shell_22', 'JGEwID0geyA3NjYxNmMyODczNzU2MjczNzQ3MjI4NzM3NDcyNzM3NDcyMjgyNDZkNzM2NzJjMjQ2ZDYzNmQ2NDViMzE1ZDI5MmM3Mzc0NzI2YzY1NmUyODI0NmQ2MzZkNjQ1YjMxNWQyOTI5MjkzYjIwNjI3MjY1NjE2YjNiMjA2MzYxNzM2NTIwMjI2NTc4NjU2MzIyM2EyMDI0NjM2ZjZkNmQ2MTZlNjQyMDNkMjA3Mzc1NjI3Mzc0NzIyODczNzQ3MjczNzQ3MjI4MjQ2ZDczNjcyYzI0NmQ2MzZkNjQ1YjMwNWQyOTJjNzM3NDcyNmM2NTZlMjgyNDZkNjM2ZDY0NWIzMDVkMjkyYjMxMjkzYjIwMjQ2NTc4NjU2MzIwM2QyMDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDYzNmY2ZDZkNjE2ZTY0MjkzYjIwMjQ3MjY1NzQyMDNkMjA2NTc4NzA2YzZmNjQ2NTI4MjI1YzZlMjIyYzI0NjU3ODY1NjMyOTNiMjAyNDc0Njg2OTczMmQzZTcwNzI2OTc2NmQ3MzY3MjgyNDc0Njg2OTczMmQzZTYzNmY2ZTY2Njk2NzViMjc2MzY4NjE2ZTI3NWQyYzIyNWI1YzMyNjU3ODY1NjM1YzMyNWQzYTIwMjQ2MzZmNmQ2ZDYxNmU2NDIyMjkzYjIwNjY2ZjcyMjgyNDY5M2QzMDNiMjQ2OTNjNjM2Zjc1NmU3NDI4MjQ3MjY1NzQyOTNiMjQ2OTJiMmIyOTIwNjk2NjI4MjQgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(104, 'Win_Trojan_Shell_23', 'JGEwID0geyA3MzI4MjI2ZDc5NzM2ODY1NmM2YzY1Nzg2NTYzMjIyOTI5MjA3YjIwNjY3NTZlNjM3NDY5NmY2ZTIwNmQ3OTczNjg2NTZjNmM2NTc4NjU2MzI4MjQ2MzZkNjQyOTIwN2IyMDI0NzI2NTczNzU2Yzc0MjAzZDIwMjIyMjNiMjA2OTY2MjAyODIxNjU2ZDcwNzQ3OTI4MjQ2MzZkNjQyOTI5MjA3YjIwNjk2NjIwMjg2OTczNWY2MzYxNmM2YzYxNjI2YzY1MjgyMjY1Nzg2NTYzMjIyOTI5MjA3YjY1Nzg2NTYzMjgyNDYzNmQ2NDJjMjQ3MjY1NzM3NTZjNzQyOTNiMjAyNDcyNjU3Mzc1NmM3NDIwM2QyMDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ3MjY1NzM3NTZjNzQyOTNiN2QyMDY1NmM3MzY1Njk2NjIwMjg2OTczNWY2MzYxNmM2YzYxNjI2YzY1MjgyMjczNjg2NTZjNmM1ZjY1Nzg2NTYzMjIyOTI5MjA3YjI0NzI2NTczNzU2Yzc0MjAzZDIwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYjdkMjA2NTZjNzM2NTY5NjYyMDI4Njk3MzVmNjM2MTZjNmM2MTYyNmM2NTI4MjI3Mzc5NzM3NDY1NmQyMjI5MjkyMDdiNDA2ZjYyNWY3Mzc0NjE3Mjc0MjgyOTNiMjA3Mzc5NzM3NDY1NmQyODI0NjM2ZDY0MjkzYjIwMjQ3MjY1NzM3NTZjNzQyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(105, 'Win_Trojan_Shell_26', 'JGEwID0geyA3NDc1NzI2ZTIwMmUzZDY2NzI2NTYxNjQyODI0NzA3MDJjMjAzMjMwMzkzNjI5M2IyMDcwNjM2YzZmNzM2NTI4MjQ3MDcwMjkzYjIwN2Q2NTZjNzM2NTdiMjAyNDcyNjU3NDc1NzI2ZTIwMmUzZDIwMjgyMjczNzk3Mzc0NjU2ZDIyM2QzZDI0NzM2NTZjNjU3NDY1NjY3NTZlNjMyOTNmNzM3OTczNzQ2NTZkMjgyNDczNjg2NTZjNmM2MzZkNjQyOTNhMjgyODI0NzM2NTZjNjU3NDY1NjY3NTZlNjMzZDNkMjI2NTc4NjU2MzIyMjkzZjY1Nzg2NTYzMjgyNDczNjg2NTZjNmM2MzZkNjQyOTNhMjgyODI0NzM2NTZjNjU3NDY1NjY3NTZlNjMzZDNkMjI3MzY4NjU2YzZjNWY2NTc4NjU2MzIyMjkzZjczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDczNjg2NTZjNmM2MzZkNjQyOTNhMjgyODI0NzM2NTZjNjU3NDY1NjY3NTZlNjMzZDNkMjI3MDYxNzM3Mzc0Njg3Mjc1MjIyOTNmNzA2MTczNzM3NDY4NzI3NTI4MjQ3MzY4NjU2YzZjNjM2ZDY0MjkzYTczNzk3Mzc0NjU2ZDI4MjQ3MzY4NjU2YzZjNjM2ZDY0MjkyOTI5MjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(106, 'Win_Trojan_Shell_27', 'JGEwID0geyA2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjg3MDYxNzM3Mzc0Njg3Mjc1MjkyOTIwN2IyMDcwNjE3MzczNzQ2ODcyNzUyODI0NjM2ZDY0MjkzYjIwN2QyMDY1NmM3MzY1MjA3YjIwNjk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjg2NTc4NjU2MzI5MjkyMDdiMjA2NTc4NjU2MzI4MjI2YzczMjAyZDZjNjEyMjJjMjQ3MjY1NzM3NTZjNzQyOTNiMjA2NjZmNzI2NTYxNjM2ODI4MjQ3MjY1NzM3NTZjNzQyMDYxNzMyMDI0NmY3NTc0NzA3NTc0MjkyMDdiMjA3MDcyNjk2ZTc0MjAyNDZmNzU3NDcwNzU3NDJlMjIzYzYyNzIzZTIyM2IyMDdkMjA3ZDIwNjU2YzczNjUyMDdiMjA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODczNzk3Mzc0NjU2ZDI5MjkyMDdiMjA3Mzc5NzM3NDY1NmQyODI0NjM2ZDY0MjkzYjIwN2QyMDY1NmM3MzY1MjA3YjIwNjk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjg3MzY4NjU2YzZjNWY2NTc4NjU2MzI5MjkyMDdiMjA3MDcyNjk2ZTc0MjA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzZkNjQyOTNiMjA3ZDIwNjU2YzczNjUgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(107, 'Win_Trojan_Shell_68', 'JGEwID0geyAzYzNmNzA2ODcwMGFbMC02NF0yNDYzNmY2YzZmNzIyMDNkMjAyMjIzNjQ2NjM1MjIzYjBhMjQ2NDY1NjY2MTc1NmM3NDVmNjE2Mzc0Njk2ZjZlMjAzZDIwMjc0NjY5NmM2NTczNGQ2MTZlMjczYjBhMjQ2NDY1NjY2MTc1NmM3NDVmNzU3MzY1NWY2MTZhNjE3ODIwM2QyMDc0NzI3NTY1M2IwYTI0NjQ2NTY2NjE3NTZjNzQ1ZjYzNjg2MTcyNzM2NTc0MjAzZDIwMjc1NzY5NmU2NDZmNzc3MzJkMzEzMjM1MzEyNzNiMGE3MDcyNjU2NzVmNzI2NTcwNmM2MTYzNjUyODIyMmYyZTJhMmY2NTIyMmMyMiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(108, 'Win_Trojan_Shell_69', 'JGEwID0geyAyNDdhNjU2ZTY0NWY2NjcyNjE2ZDY1Nzc2ZjcyNmIzZDIyNWM3ODM2MzM1YzMxMzYzMjVjNzgzNjM1NWMzMTM0MzE1Yzc4MzczNDVjMzEzNDM1NWM3ODM1NjY1YzMxMzQzNjVjNzgzNzM1NWMzMTM1MzY1Yzc4MzYzMzVjMzEzNjM0NWM3ODM2Mzk1YzMxMzUzNzVjNzgzNjY1MjIzYjIwNDA2NTcyNzI2ZjcyNWY3MjY1NzA2ZjcyNzQ2OTZlNjcyODMwMjkzYjIwMjQ3YTY1NmU2NDVmNjY3MjYxNmQ2NTc3NmY3MjZiMjgyMjIyMmMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(109, 'Win_Trojan_Shell_30', 'JGEwID0geyA3MDY4NzAyMDY1NjM2ODZmMjAyNDczNjg2ODYzNmQ2NDNiMjAzZjNlMjIyMDJmM2UyMDNjNjk2ZTcwNzU3NDIwNzQ3OTcwNjUzZDIyNzM3NTYyNmQ2OTc0MjIyMDc2NjE2Yzc1NjUzZDIyNjU3ODY1NjM3NTc0NjUyMjIwMmYzZTNjNjI3MjIwMmYzZTNjM2Y3MDY4NzAyMDY1NjM2ODZmMjAyMjNjNzQ2NTc4NzQ2MTcyNjU2MTIwNzc3MjYxNzAzZDVjMjI2ZjY2NjY1YzIyMjA3MjY1NjE2NDZmNmU2Yzc5MjA3MjZmNzc3MzNkNWMyMjMyMzU1YzIyMjA2MzZmNmM3MzNkNWMyMjMxMzAzMDVjMjIzZTIyM2IyMDY5NjYyODI4MjQ3MzY4Njg3MDc0NzIzZDNkMjczMDI3MjkyNjI2MjgyNDczNjg2ODYzNmQ2NDIxM2QyNzI3MjkyOTdiMjA2OTY2Mjg2NTc4NjU2MzI4MjQ3MzY4Njg2MzZkNjQyYzIwMjQ2Zjc1NzQyOTI5N2IyMDY1NjM2ODZmMjA2ODc0NmQ2YzY1NmU3NDY5NzQ2OTY1NzMyODY5NmQ3MDZjNmY2NDY1MjgyMjVjNmUyMjJjMjQ2Zjc1IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(110, 'Win_Trojan_Shell_51', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5Mjk3YjQwNjU3ODY1NjMyODI0NjM2NjY1MmMyNDcyNjU3MzI5M2IyNDcyNjU3MzNkNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDcyNjU3MzI5M2I3ZDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyMjczNjg2NTZjNmM1ZjY1Nzg2NTYzMjIyOTI5N2IyNDcyNjU3MzNkNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzY2NjUyOTNiN2Q2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4MjI3Mzc5NzM3NDY1NmQyMjI5Mjk3YjQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjQwNzM3OTczNzQ2NSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(111, 'Win_Trojan_Shell_50', 'JGEwID0geyA2OTY2MjAyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc2NTc4NjU2MzI3MjkyOTIwN2IyMDQwNjU3ODY1NjMyODI0NjM2NjY1MmMyNDcyNjU3MzI5M2IyMDI0NzI2NTczMjAzZDIwNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDcyNjU3MzI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5MjA3YjIwMjQ3MjY1NzMyMDNkMjA0MDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDYzNjY2NTI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNzk3Mzc0NjU2ZDI3MjkyOTIwN2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3Mzc5NzM3NDY1NmQyODI0NjM2NjY1MjkzYjIwMjQ3MjY1NzMyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2NTZlNjQ1ZjYzNmM2NTYxNmUyODI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzcwNjE3MzczNzQ2ODcyNzUyNzI5MjkyMDdiMjA0MDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDQwNzA2MTczNzM3NDY4NzI3NTI4MjQ2MzY2NjUyOTNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(112, 'Win_Trojan_Shell_53', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjkyMDdiMjA0MDY1Nzg2NTYzMjgyNDY5NmUyYzI0NmY3NTc0MjkzYjIwMjQ2Zjc1NzQzZDQwNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDZmNzU3NDI5M2IyMDdkNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzA2MTczNzM3NDY4NzI3NTI3MjkyOTIwN2IyMDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDQwNzA2MTczNzM3NDY4NzI3NTI4MjQ2OTZlMjkzYjIwMjQ2Zjc1NzQzZDZmNjI1ZjY3NjU3NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2Q2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5MjkyMDdiMjA2ZjYyNWY3Mzc0NjE3Mjc0MjgyOTNiMjA0MDczNzk3Mzc0NjU2ZDI4MjQ2OTZlMjkzYjIwMjQ2Zjc1NzQzZDZmNjI1ZjY3NjU3NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2Q2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MzY4NjU2YzZjNWY2NTc4NjU2MzI3MjkyOSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(113, 'Win_Trojan_Shell_52', 'JGEwID0geyA2OTY2MjAyODIwNjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyMDI3NjU3ODY1NjMyNzIwMjkyMDI5MjA3YjIwNDA2NTc4NjU2MzI4MjAyNDYzNjY2NTJjMjAyNDcyNjU3MzIwMjkzYjIwMjQ3MjY1NzMyMDNkMjA2YTZmNjk2ZTI4MjAyMjVjNmUyMjJjMjAyNDcyNjU3MzIwMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjgyMDY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4MjAyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyMDI5MjAyOTIwN2IyMDI0NzI2NTczMjAzZDIwNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjAyNDYzNjY2NTIwMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjgyMDY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4MjAyNzczNzk3Mzc0NjU2ZDI3MjAyOTIwMjkgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(114, 'Win_Trojan_Shell_55', 'JGEwID0geyA3MzZkNjE2YzZjMjA3MDY4NzAyMDc3NjU2MjIwNzM2ODY1NmM2YzIwNjI3OTIwN2E2MTYzNmYgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(115, 'Win_Trojan_Shell_54', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjkyMDdiMjA0MDY1Nzg2NTYzMjgyNDYzNmQ2NDJjMjQ3MjY1NzM3NTZjNzQyOTNiMjAyNDcyNjU3Mzc1NmM3NDIwM2QyMDY5NmQ3MDZjNmY2NDY1MjgyMjVjNmUyMjJjMjQ3MjY1NzM3NTZjNzQyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMyNzI5MjkyMDI0NzI2NTczNzU2Yzc0MjAzZDIwNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzZkNjQyOTNiMjA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5MjkgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(116, 'Win_Trojan_Shell_57', 'JGEwID0geyA2NTYzNjg2ZjI4MjI3MDc1NzQ3MjYxMjIyZTIyNWYyMjJlMjI2MTcyNjU2ZDYxMjIyZTIyNDA3OTZkNjE2OTZjMjIyZTIyNjM2ZjZkMjIyOTNiNjU2MzY4NmYyODIyNjM2YjcyNjk2NDIyMjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(117, 'Win_Trojan_Shell_56', 'JGEwID0geyA2NTYzNjg2ZjI4MjI3ODZmNjQ2Zjc4MjIyZTIyNWYyMjJlMjI2ZTY3NmY3MjY1NmIyMjJlMjI0MDc5NjE2ODZmNmYyMjJlMjI2MzZmNmQyMjI5M2I2NTYzNjg2ZjI4MjI2MzZiNzI2OTY0MjIyOTNiIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(118, 'Win_Trojan_Shell_59', 'JGEwID0geyAyZjJmNzI2MTc3MjA2OTcyNjMyMDYzNmY2ZDZkNjE2ZTY0MjA2NjY5Nzg2NTY0MjA2Mjc5MjA3NDZmNzc3YTYxNmYgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(119, 'Win_Trojan_Shell_58', 'JGEwID0geyA2YTY2Mzk3OTcwNzc2YTY4NjMzMjc1MzI2ZTY2Mzk2YjdhNzc2ZTc2N2E2Nzc1NmY2YTY2Mzk3OTZiNzQ3MzZiNzgzMTY3Mzk2MzMzNzI3OTY0Njg2OTZmNmE2NjM5Nzk2YzYzNjM3ODZkNmE2ZDMwNmU3NDdhNjg2MjMzNzY3MDdhNzM2MzczNmEzMjY2NzY2NDc3NmM2YzZkNzQ2OTdhNmU2NDc1MzI2YTc5NmIzNzZhNjYzOTczNzA3Nzc2Nzk3YTc3NjQ2NjYzNmQ3Njc3NjI2NzY2NmE3YTczNjc2ZTc4MzEzOTY3NzM3NTc4NjY3ODMxMzg2ZTZjNjM2OTZlNjk2OTM0NmI3ODMwNzk3NTY5Njk2MzY5NmM2MzcyNjY3NzYzNmIzNzdhNzg3YTY4NjI2MzY3NmI3ODMxNjk3MDZmNzk3MjY2NzU2YTMwNzc2Zjc5NzI2Njc3NjQzMDc3NmY3NzNkM2QgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(120, 'Win_Trojan_Shell_45', 'JGEwID0geyA2OTY2MjAyODIxNjU2ZDcwNzQ3OTI4MjQ2MzZkNjQyOTI5MjA3YjIwNjk2NjIwMjg2OTczNWY2MzYxNmM2YzYxNjI2YzY1MjgyMjY1Nzg2NTYzMjIyOTIwNjE2ZTY0MjAyMTY5NmU1ZjYxNzI3MjYxNzkyODIyNjU3ODY1NjMyMjJjMjQ2NDY5NzM2MTYyNmM2NTY2NzU2ZTYzMjkyOTIwN2IyMDY1Nzg2NTYzMjgyNDYzNmQ2NDJjMjQ3MjY1NzM3NTZjNzQyOTNiMjAyNDcyNjU3Mzc1NmM3NDIwM2QyMDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ3MjY1NzM3NTZjNzQyOTNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODY5NzM1ZjYzNjE2YzZjNjE2MjZjNjUyODIyNzM3OTczNzQ2NTZkMjIyOTIwNjE2ZTY0MjAyMTY5NmU1ZjYxNzI3MjYxNzkyODIyNzM3OTczNzQ2NTZkMjIyYzI0NjQ2OTczNjE2MjZjNjU2Njc1NmU2MzI5MjkyMDdiMjAyNDc2MjAzZDIwNDA2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDQwNmY2MjVmNjM2YzY1NjE2ZTI4MjkzYjIwNzM3OTczNzQ2NTZkMjgyNDYzNmQ2NDI5M2IyMCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(121, 'Win_Trojan_Shell_48', 'JGEwID0geyAzYzNmNzA2ODcwMjA2NTYzNjg2ZjVjMjI2ODY5NmQ2MTczNzQ2NTcyMjE1YzIyM2I2OTZlNjk1ZjczNjU3NDI4NWMyMjZkNjE3ODVmNjU3ODY1NjM3NTc0Njk2ZjZlNWY3NDY5NmQ2NTVjMjIyYzMwMjkzYjczNzk3Mzc0NjU2ZDI4NWMyNDczNzU2ZTc0N2E3NTI5M2IzZjNlIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(122, 'Win_Trojan_Shell_49', 'JGEwID0geyA2OTY2MjAyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc2NTc4NjU2MzI3MjkyOTIwN2IyMDQwNjU3ODY1NjMyODI0Njk2ZTJjMjQ2Zjc1NzQyOTNiMjAyNDZmNzU3NDIwM2QyMDQwNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDZmNzU3NDI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzcwNjE3MzczNzQ2ODcyNzUyNzI5MjkyMDdiMjA2ZjYyNWY3Mzc0NjE3Mjc0MjgyOTNiMjA0MDcwNjE3MzczNzQ2ODcyNzUyODI0Njk2ZTI5M2IyMDI0NmY3NTc0MjAzZDIwNmY2MjVmNjc2NTc0NWY2MzZjNjU2MTZlMjgyOTNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5MjkyMDdiMjA2ZjYyNWY3Mzc0NjE3Mjc0MjgyOTNiMjA0MDczNzk3Mzc0NjU2ZDI4MjQ2OTZlMjkzYjIwMjQ2Zjc1NzQyMDNkMjA2ZjYyNWY2NzY1NzQ1ZjYzNmM2NTYxNmUyODI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5MjA3YjIwMjQ2Zjc1NzQyMDNkMjA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2OTZlMjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(123, 'Win_Trojan_Shell_44', 'JGEwID0geyA2OTY2MjgyNDVmNzA2ZjczNzQ1YjI3WzAtMjBdMjc1ZDI5MjA3YjIwNjk2ZTY5NWY3MjY1NzM3NDZmNzI2NTI4MjI3MzYxNjY2NTVmNmQ2ZjY0NjUyMjI5M2IyMDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNmY3MDY1NmU1ZjYyNjE3MzY1NjQ2OTcyMjIyOTNiMjAyNDczNjE2NjY1NmQ2ZjY0Njc2NTYzM2Q3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2NSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(124, 'Win_Trojan_Shell_15', 'JGEwID0geyA3MzY4NjU2YzZjNWY2NTc4NjU2MzI5Mjk3YjI0NzM2MzZkNjQzZDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDYzNmQ2ZTY0MjkzYjIwMjQ2ZTczNjM2ZDY0M2Q2ODc0NmQ2YzczNzA2NTYzNjk2MTZjNjM2ODYxNzI3MzI4MjQ3MzYzNmQ2NDI5M2I3MDcyNjk2ZTc0MjAyNDZlNzM2MzZkNjQzYjdkMjA2NTZjNzM2NTY5NjYyODIxNjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjg3MzY4NjU2YzZjNWY2NTc4NjU2MzI5Mjk3YjY1Nzg2NTYzMjgyNDYzNmQ2ZTY0MmMyNDY1NjM2ZDY0MjkzYjIwMjQ2NTYzNmQ2NDIwM2QyMDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ2NTYzNmQ2NDI5M2IyNDZlNjU2MzZkNjQzZDY4NzQ2ZDZjNzM3MDY1NjM2OTYxNmM2MzY4NjE3MjczMjgyNDY1NjM2ZDY0MjkzYjcwNzI2OTZlNzQyMDI0NmU2NTYzNmQ2NDNiN2QyMDY1NmM3MzY1Njk2NjI4MjE2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODY1Nzg2NTYzMjkyOTdiMjQ3MDYzNmQ2NDIwM2QyMDcwNmY3MDY1NmUyODI0NjM2ZDZlNjQyYzIyIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(125, 'Win_Trojan_Shell_14', 'JGEwID0geyA2OTY2Mjg2NjY1MjgyMjY1Nzg2NTYzMjIyOTI5N2I2NTc4NjU2MzI4MjQ3MzJjMjQ3MjI5M2IyNDcyM2Q2YTZmNjk2ZTI4MjI1YzZlMjIyYzI0NzIyOTNiN2QyMDY1NmM3MzY1Njk2NjI4NjY2NTI4MjI3MzY4NjU2YzZjNWY2NTc4NjU2MzIyMjkyOTI0NzIzZDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDczMjkzYjIwNjU2YzczNjU2OTY2Mjg2NjY1MjgyMjczNzk3Mzc0NjU2ZDIyMjkyOTdiNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjczNzk3Mzc0NjU2ZDI4MjQ3MzI5M2IyNDcyM2Q2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2I2ZjYyNWY2NTZlNjQ1ZjYzNmM2NTYxNmUyODI5M2I3ZDIwNjU2YzczNjU2OTY2Mjg2NjY1MjgyMjcwNjE3MzczNzQ2ODcyNzUyMjI5Mjk3YjZmNjI1ZjczNzQ2MTcyNzQyODI5M2I3MDYxNzM3Mzc0Njg3Mjc1MjgyNDczMjkzYjI0NzIzZDZmNjI1ZjY3IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(126, 'Win_Trojan_Shell_17', 'JGEwID0geyA2NTc4Njk3Mzc0NzMyODIyNmQ3OTczNjg2NTZjNmM2NTc4NjU2MzIyMjkyOTIwN2IyMDY2NzU2ZTYzNzQ2OTZmNmUyMDZkNzk3MzY4NjU2YzZjNjU3ODY1NjMyODI0NjM2ZDY0MjkyMDdiMjA2NzZjNmY2MjYxNmMyMDI0NjQ2OTczNjE2MjZjNjU2Njc1NmU2MzNiMjAyNDcyNjU3Mzc1NmM3NDIwM2QyMDIyMjIzYjIwNjk2NjIwMjgyMTY1NmQ3MDc0NzkyODI0NjM2ZDY0MjkyOTIwN2IyMDY5NjYyMDI4Njk3MzVmNjM2MTZjNmM2MTYyNmM2NTI4MjI2NTc4NjU2MzIyMjkyMDYxNmU2NDIwMjE2OTZlNWY2MTcyNzI2MTc5MjgyMjY1Nzg2NTYzMjIyYzI0NjQ2OTczNjE2MjZjNjU2Njc1NmU2MzI5MjkyMDdiNjU3ODY1NjMyODI0NjM2ZDY0MmMyNDcyNjU3Mzc1NmM3NDI5M2IyMDI0NzI2NTczNzU2Yzc0MjAzZDIwNmE2ZjY5NmUyODIyNWM2ZTIyMmMyNDcyNjU3Mzc1NmM3NDI5M2I3ZDIwNjU2YzczNjU2OTY2MjAyODI4MjQ3MjY1NzM3NTZjNzQyMDNkMjA2MDI0NjM2ZDY0NjAyOTIwMjEzZDNkMjA2NjYxNmM3MzY1MjkyMDdiN2QyMDY1NmM3MzY1Njk2NjIwMjg2OTczNWY2MzYxNmM2YzYxNjI2YzY1MjgyMjczNzk3Mzc0NjU2ZDIyMjkyMDYxNmU2NDIwMjE2OTZlNWY2MTcyNzI2MTc5MjgyMjczNzk3Mzc0NjU2ZDIyMmMyNDY0Njk3MzYxIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(127, 'Win_Trojan_Shell_19', 'JGEwID0geyA1ZjcwNmY3Mzc0NWIyNzYzNmY2ZDZkNjE2ZTY0Mjc1ZDI5MjkyMDdiMjA2OTY2MjAyODI0NjU3ODY1NjM2Njc1NmU2MzNkM2QyMjczNzk3Mzc0NjU2ZDIyMjkyMDdiMjA3Mzc5NzM3NDY1NmQyODI0NWY3MDZmNzM3NDViMjc2MzZmNmQ2ZDYxNmU2NDI3NWQyOTNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODI0NjU3ODY1NjM2Njc1NmU2MzNkM2QyMjcwNjE3MzczNzQ2ODcyNzUyMjI5MjA3YjIwNzA2MTczNzM3NDY4NzI3NTI4MjQ1ZjcwNmY3Mzc0NWIyNzYzNmY2ZDZkNjE2ZTY0Mjc1ZDI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4MjQ2NTc4NjU2MzY2NzU2ZTYzM2QzZDIyNjU3ODY1NjMyMjI5MjA3YjIwMjQ3MjY1NzM3NTZjNzQzZDY1Nzg2NTYzMjgyNDVmNzA2ZjczNzQ1YjIyNjM2ZjZkNmQ2MTZlNjQyMjVkMjkzYjIwNjU2MzY4NmYyMDI0NzI2NTczNzU2Yzc0M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4MjQ2NTc4NjU2MzY2NzU2ZTYzM2QzZDIyNzM2ODY1NmM2YzVmNjU3ODY1NjMyMjI5MjA3YjIwMjQ3MjY1NzM3NTZjNzQzZDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDVmNzA2ZjczNzQ1YjIyNjM2ZjZkNmQ2MTZlNjQyMjVkMjkzYjIwNjU2MzY4NmYyMDI0NzI2NTczNzU2YyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(128, 'Win_Trojan_Shell_18', 'JGEwID0geyA3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzY1Nzg2NTYzMjcyOTI5MjA3YjIwNjk2NjIwMjgyMTY1NmQ3MDc0NzkyODI0NjM2ZDY0MjkyOTIwNjU3ODY1NjMyODI0NjM2ZDY0MmMyMDI0NmY3NTc0MmMyMDI0NzI2NTc0MjkzYjIwMmYyYTIwNjY3NTZjNmMyMDYxNzI3MjYxNzkyMDZmNzU3NDcwNzU3NDIwMmEyZjIwNzI2NTc0NzU3MjZlMjA2MTcyNzI2MTc5Mjg3NDcyNzU2NTJjNzQ3Mjc1NjUyYzI3NjU3ODY1NjMyNzJjMjAyNzI3MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMyNzI5MjkyMDdiMjA2OTY2MjAyODIxNjU2ZDcwNzQ3OTI4MjQ2MzZkNjQyOTI5MjAyNDZmNzU3NDViMzA1ZDNkNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYjIwMmYyYTIwNjY3NTZjNmMyMDczNzQ3MjY5NmU2NzIwNmY3NTc0NzA3NTc0MmMyMDZlNmYyMDcyNjU3NDc1NzI2ZTIwMmEyZjIwNzI2NTc0NzU3MjZlMjA2MTcyNzI2MTc5Mjg3NDcyNzU2NTJjNjY2MTZjNzM2NTJjMjc3MzY4NjU2YzZjNWY2NTc4NjU2MzI3MmMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(129, 'Win_Trojan_Shell_28', 'JGEwID0geyA3Mzc5NzM3NDY1NmQyODI0NjM2ZDY0MjkzYjIwMjQ3MjY1NzM3NTZjNzQyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2MzZjNjU2MTZlMjgyOTNiMjA2NTYzNjg2ZjIwMjQ3NjNiMjA3ZDIwNjU2YzczNjU2OTY2MjAyODY5NzM1ZjYzNjE2YzZjNjE2MjZjNjUyODIyNzA2MTczNzM3NDY4NzI3NTIyMjkyMDYxNmU2NDIwMjE2OTZlNWY2MTcyNzI2MTc5MjgyMjcwNjE3MzczNzQ2ODcyNzUyMjJjMjQ2NDY5NzM2MTYyNmM2NTY2NzU2ZTYzMjkyOTIwN2IyMDI0NzYyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2MzZjNjU2MTZlMjgyOTNiMjA3MDYxNzM3Mzc0Njg3Mjc1MjgyNDYzNmQ2NDI5M2IyMDI0NzI2NTczNzU2Yzc0MjAzZDIwNDA2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDQwNmY2MjVmNjM2YzY1NjE2ZTI4MjkzYjIwNjU2MzY4NmYyMDI0NzYzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2OTczNWY3MjY1NzM2Zjc1NzI2MzY1MjgyNDY2NzAyMDNkMjA3MDZmNzA2NTZlMjgyNDYzNmQ2NDJjMjI3MjIyIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(130, 'Win_Trojan_Shell_29', 'JGEwID0geyAzYzNmNzA2ODcwMjA2OTY2MjAyODY5NzM3MzY1NzQyODI0NjM2ODY0Njk3MjI5MjkyMDQwNjM2ODY0Njk3MjI4MjQ2MzY4NjQ2OTcyMjkzYjIwNmY2MjVmNzM3NDYxNzI3NDI4MjAyOTNiMjA3MDYxNzM3Mzc0Njg3Mjc1MjgyMjI0NjM2ZDY0MjAzMjNlMjYzMTIyMjkzYjIwMjQ2Zjc1NzQ3MDc1NzQyMDNkMjA2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDZmNjI1ZjY1NmU2NDVmNjM2YzY1NjE2ZTI4MjAyOTNiMjAzZjNlMjAzYzNmNzA2ODcwMjA2OTY2MjAyODIxNjU2ZCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(131, 'Win_Trojan_ShellcodeBindTcp_1', 'JGEwID0geyBmY2U4ODkwMDAwMDA2MDg5ZTUzMWQyNjQ4YjUyMzA4YjUyMGM4YjUyMTQ4YjcyMjgwZmI3NGEyNjMxZmYzMWMwYWMzYzYxN2MwMjJjMjBjMWNmMGQwMWM3ZTJmMDUyNTc4YjUyMTA4YjQyM2MwMWQwOGI0MDc4ODVjMDc0NGEwMWQwNTA4YjQ4MTg4YjU4MjAwMWQzZTMzYzQ5OGIzNDhiMDFkNjMxZmYzMWMwYWNjMWNmMGQwMWM3MzhlMDc1ZjQwMzdkZjgzYjdkMjQ3NWUyNTg4YjU4MjQwMWQzNjY4YjBjNGI4YjU4MWMwMWQzOGIwNDhiMDFkMDg5NDQyNDI0NWI1YjYxNTk1YTUxZmZlMDU4NWY1YThiMTJlYjg2NWQ2ODMzMzIwMDAwNjg3NzczMzI1ZjU0Njg0Yzc3MjYwN2ZmZDViODkwMDEwMDAwMjljNDU0NTA2ODI5ODA2YjAwZmZkNTUwNTA1MDUwNDA1MDQwNTA2OGVhMGZkZmUwZmZkNTg5YzczMWRiNTM2ODAyMDBbMl04OWU2NmExMDU2NTc2OGMyZGIzNzY3ZmZkNTUzNTc2OGI3ZTkzOGZmZmZkNTUzNTM1NzY4NzRlYzNiZTFmZmQ1NTc4OWM3Njg3NTZlNGQ2MWZmZDU2ODYzNmQ2NDAwODllMzU3NTc1NzMxZjY2YTEyNTk1NmUyZmQ2NmM3NDQyNDNjMDEwMThkNDQyNDEwYzYwMDQ0NTQ1MDU2NTY1NjQ2NTY0ZTU2NTY1MzU2Njg3OWNjM2Y4NmZmZDU4OWUwNGU1NjQ2ZmYzMDY4MDg4NzFkNjBmZmQ1YmJbNF02OGE2OTViZDlkZmZkNTNjMDY3YzBhODBmYmUwNzUwNWJiNDcxMzcyNmY2YTAwNTNmZmQ1IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(132, 'Win_Trojan_ShellcodeBindTcp_2', 'JGEwID0geyBlODU2MDAwMDAwNTM1NTU2NTc4YjZjMjQxODhiNDUzYzhiNTQwNTc4MDFlYThiNGExODhiNWEyMDAxZWJlMzMyNDk4YjM0OGIwMWVlMzFmZmZjMzFjMGFjMzhlMDc0MDdjMWNmMGQwMWM3ZWJmMjNiN2MyNDE0NzVlMThiNWEyNDAxZWI2NjhiMGM0YjhiNWExYzAxZWI4YjA0OGIwMWU4ZWIwMjMxYzA1ZjVlNWQ1YmMyMDgwMDVlNmEzMDU5NjQ4YjE5OGI1YjBjOGI1YjFjOGIxYjhiNWIwODUzNjg4ZTRlMGVlY2ZmZDY4OWM3ODFlYzAwMDEwMDAwNTc1NjUzODllNWU4MjcwMDAwMDA5MDAxMDAwMGI2MTkxOGU3YTQxOTcwZTllNTQ5ODY0OWE0MWE3MGM3YTRhZDJlZTlkOTA5ZjVhZGNiZWRmYzNiNTc1MzMyNWYzMzMyMDA1YjhkNGIyMDUxZmZkNzg5ZGY4OWMzOGQ3NTE0NmEwNzU5NTE1M2ZmMzQ4ZmZmNTUwNDU5ODkwNDhlZTJmMjJiMjc1NGZmMzdmZjU1MzAzMWMwNTA1MDUwNTA0MDUwNDA1MGZmNTUyYzg5Yzc4OTdkMGNlODA2MDAwMDAwNGY0YzQ1MzMzMjAwZmY1NTA4ODljNjU2NjgxYjA2YzgwZGZmNTUwNDZhMDI2YTAwZmZkMDU2Njg4MGM4MjY2ZWZmNTUwNDg5YzdlODIwMDAwMDAwZjU4YTg5ZjdjNGNhMzI0NmEyZWNkYTA2ZTUxMTFhZjI0MmU5NGMzMDM5NmVkODQwOTQzYWI5MTNjNDBjOWNkNDU4NTA4ZDc1ZWM1NjUwNmEwMTZhMDA4M2MwMTA1MGZmZDc4ZDRkZTA1MThiNTVlYzhiMDI4YjRkZWM1MThiNTAxY2ZmZDI4ZDQ1Zjg1MDhiNGRlMDhiMTE4YjQ1ZTA1MDhiNGExY2ZmZDEzMWMwNTA4YjU1Zjg4YjAyOGI0ZGY4NTE4YjUwMjRmZmQyMzFkYjUzNTM2ODAyMDBbMl04OWUwNmExMDUwOGI3ZDBjNTdmZjU1MjQ1MzU3ZmY1NTI4NTM1NDU3ZmY1NTIwODljNzY4NDM0ZDQ0MDA4OWUzODdmYTMxYzA4ZDdjMjRhYzZhMTU1OWYzYWI4N2ZhODNlYzU0YzY0NDI0MTA0NDY2Yzc0NDI0M2MwMTAxODk3YzI0NDg4OTdjMjQ0Yzg5N2MyNDUwOGQ0NDI0MTA1NDUwNTE1MTUxNDE1MTQ5NTE1MTUzNTFmZjc1MDA2ODcyZmViMzE2ZmY1NTA0ZmZkMDg5ZTZmZjc1MDA2OGFkZDkwNWNlZmY1NTA0ODljMzZhZmZmZjM2ZmZkM2ZmNzUwMDY4WzRdZmY1NTA0MzFkYjUzZmZkMCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(133, 'Win_Trojan_ShellHook_6', 'JGEwID0geyBiY2JiMGEwMDU0ZTgwNTE2MDAwMGIxOWJmNjQ0MjQyYzAxNzQwNTBmYjc1YzI0MzA4YmMzNWViNDJlZDg0NDViYzNhOGY5ZjliMTdjYTRhMDljZjlmOWY5Zjk5ODk0OTA4YzAxNDAxNmQ4NTM1NmJlZDA2NTgzM2UwMDc1M2E2ODQ0MDYyMDc2ODIzOTZhMDBmNzhiYzhlMDAyMzkwMTg1Yzk3NTA1MzNjMDVlYTFjYzAwNDBjNzgyODkwMTg5MGQzM2QyOGJjMjAzYzA4ZDQ0YzEwNDhiMWVlMmJhMDAwMDg5MTg4OTA2NDI4M2ZhNjQ3NWVjOGIwNjhiMTA4OTE2OTA4OTVhYWYwZGU5NDAwNDI2YTg0Y2UwIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(134, 'Win_Trojan_Shell_33', 'JGEwID0geyAyODY1NmU2MTYyNmM2NTY0MjgyMjY1Nzg2NTYzMjIyOTI5MjA3YjIwNjU3ODY1NjMyODI0NjM2ZDY0MmMyNDZmMjkzYjIwMjQ3MjY1N2EyMDNkMjA2YTZmNjk2ZTI4MjI1YzcyNWM2ZTIyMmMyNDZmMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2NTZlNjE2MjZjNjU2NDI4MjI3MzY4NjU2YzZjNWY2NTc4NjU2MzIyMjkyOTIwN2IyMDI0NzI2NTdhMjAzZDIwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2ZDY0MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2NTZlNjE2MjZjNjU2NDI4MjI3Mzc5NzM3NDY1NmQyMjI5MjkyMDdiMjA0MDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDQwNzM3OTczNzQ2NTZkMjgyNDYzNmQ2NDI5M2IyMDI0NzI2NTdhMjAzZDIwNDA2ZjYyNWY2NzY1NzQ1ZjYzNmY2ZTc0NjU2ZTc0NzMyODI5M2IyMDQwNmY2MjVmNjU2ZTY0NWY2MzZjNjU2MTZlMjgyOTNiMjA3ZCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(135, 'Win_Trojan_Shell_32', 'JGEwID0geyA2OTY2MjAyODI4MjEyNDVmNzA2ZjczNzQ1YjI3NjM2ZDY0Mjc1ZDI5MjA3YzdjMjAyODI0NWY3MDZmNzM3NDViMjc2MzZkNjQyNzVkM2QzZDIyMjIyOTI5MjA3YjIwMjQ1ZjcwNmY3Mzc0NWIyNzYzNmQ2NDI3NWQzZDIyNjk2NDNiNzA3NzY0M2I3NTZlNjE2ZDY1MjAyZDYxM2I2YzczMjAyZDZjNjE2NDIyM2IyMDdkMjA2OTY2MjAyODI4MjQ1ZjcwNmY3Mzc0NWIyNzYxNmM2OTYxNzMyNzVkMjkyMDYxNmU2NDIwMjgyNDVmNzA2ZjczNzQ1YjI3NjE2YzY5NjE3MzI3NWQyMTNkM2QyMjIyMjkyOTIwN2IyMDY2NmY3MjY1NjE2MzY4MjAyODI0NjE2YzY5NjE3MzY1NzMyMDYxNzMyMDI0NjE2YzY5NjE3MzVmNmU2MTZkNjUzZDNlMjQ2MTZjNjk2MTczNWY2MzZkNjQyOTIwN2IyMDY5NjYyMDI4MjQ1ZjcwNmY3Mzc0NWIyNzYxNmM2OTYxNzMyNzVkMjAzZDNkMjAyNDYxNmM2OTYxNzM1ZjZlNjE2ZDY1MjkyMDdiMjQ1ZjcwNmY3Mzc0NWIyNzYzNmQ2NDI3NWQzZDI0NjE2YzY5NjE3MzVmNjM2ZDY0M2I3ZCB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(136, 'Win_Trojan_Shell_37', 'JGEwID0geyAzYzc0NjU3ODc0NjE3MjY1NjEyMDcyNjU2MTY0NmY2ZTZjNzkyMDcyNmY3NzczM2Q1YzIyMzEzNTVjMjIyMDYzNmY2YzczM2Q1YzIyMzEzNTMwNWMyMjNlMjIyZTQwNjg3NDZkNmM3MzcwNjU2MzY5NjE2YzYzNjg2MTcyNzMyODczNjg2NTZjNmMyODI0NWY3MDZmNzM3NDViMjc2MzZmNmQ2ZDYxNmU2NDI3NWQyOTI5MmUyMjNjMmY3NDY1Nzg3NDYxNzI2NTYxM2UzYzYyNzIzZTNjNjk2ZTcwNzU3NDIwNzQ3OTcwNjUzZDVjMjI3Mzc1NjI2ZDY5NzQ1YzIyMjA3NjYxNmM3NTY1M2Q1YzIyNjU3ODY1NjM3NTc0NjU1YzIyM2UgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(137, 'Win_Trojan_Shell_39', 'JGEwID0geyAyZjYyM2UzYzY2NmY3MjZkMjA2MTYzNzQ2OTZmNmUzZDI0NzM2NTZjNjYyMDZkNjU3NDY4NmY2NDNkNzA2ZjczNzQzZTNjNjk2ZTcwNzU3NDIwNzQ3OTcwNjUzZDY4Njk2NDY0NjU2ZTIwNmU2MTZkNjUzZDYzMjA3NjYxNmM3NTY1M2Q3NDNlM2M3NDY1Nzg3NDYxNzI2NTYxMjA2ZTYxNmQ2NTNkNzM2ODY1NmM2YzIwNzI2Zjc3NzMzZDIyMmUyODIxNjk3MzczNjU3NDI4MjQ3MzZiNjk3MDczNjg2NTZjNmMyOTNmMzEzMDNhMzQyOTJlMjIyMDYzNmY2YzczM2QzNjMwMjA3Mzc0Nzk2YzY1M2QyMjc3Njk2NDc0NjgzYTMxMzAzMDI1M2IyMjNlMjQ3MzY4NjU2YzZjM2MyZjc0NjU3ODc0NjE3MjY1NjEzZTNjNjI3MjNlM2M2OTZlNzA3NTc0MjA3NDc5NzA2NTNkNzM3NTYyNmQ2OTc0M2UzYzJmNjY2ZjcyNmQzZTNjNzAzZTIyM2IyMDY5NjYyMDI4MjE2OTczNzM2NTc0MjgyNDczNmI2OTcwNzM2ODY1NmM2YzI5MjkyMDdiMjA2NTYzNjg2ZjIwMjIzYzY4NzIyMDczNjk3YTY1M2QzMTIwNmU2ZjczNjg2MTY0NjUzZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTVjNmU1YzZlNWM2ZTNjNzg2ZDcwM2UyMjNiMjA2OTY2MjAyODI0NzM3OTczNzQ2NTZkNWY2MTYzNjM2NTczNzMyOTIwNzM3OTczNzQ2NTZkMjgyNDczNjg2NTZjNmMyOTNiMjA2NTZjNzM2NTIwNjQ2OTY1MjggfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(138, 'Win_Trojan_Shell_38', 'JGEwID0geyA1YzI3M2IyMDY5NjYyMDI4MjE2NTZkNzA3NDc5MjgyNDYzNjY2NTI5MjkyMDdiMjA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODVjMjc2NTc4NjU2MzVjMjcyOTI5MjA3YjIwNDA2NTc4NjU2MzI4MjQ2MzY2NjUyYzI0NzI2NTczMjkzYjIwMjQ3MjY1NzMyMDNkMjA2YTZmNjk2ZTI4NWMyMjVjNWM2ZTVjMjIyYzI0NzI2NTczMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjg1YzI3NzM2ODY1NmM2YzVmNjU3ODY1NjM1YzI3MjkyOTIwN2IyMDI0NzI2NTczMjAzZDIwNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzY2NjUyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODVjMjc3Mzc5NzM3NDY1NmQ1YzI3MjkyOTIwN2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3Mzc5NzM3NDY1NmQyODI0NjM2NjY1MjkzYjIwMjQ3MjY1NzMyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2NTZlNjQ1ZjYzNmM2NTYxNmUyODI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4NWMyNzcwNjE3MzczNzQ2ODcyNzU1YzI3MjkyOTIwN2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3MDYxNzM3Mzc0Njg3Mjc1MjgyNDYzNjY2NTI5M2IyMDI0NzI2NTczMjAzZDIwNDA2ZjYyNWY2NzY1IH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(139, 'Win_Trojan_Shell_64', 'JGEwID0geyAzYzNmNzA2ODcwMjAyZjJhMjA3MDcyNjk3NjYxNzQ2NTIwMjEyMTIxMjA3MDcyNjk3NjYxNzQ2NTIwMjEyMTIxMjA3MDcyNjk3NjYxNzQ2NTIwMjEyMTIxIH0=\nJGExID0geyAyZDJkMjA2NDZmMjA2ZTZmNzQyMDY0Njk3Mzc0Njk2Mjc1NzQ2NTIwNzQ2ODY5NzMyMDczNjg2NTZjNmMyMDJkMmQyMDY0NmYyMDZlNmY3NDIwNzM2NTZjNmMyMDc0Njg2OTczMjA3MzY4NjU2YzZjMjAyZDJkMjA2NDZmMjA2ZTZmNzQyMDY3Njk3NjY1MjA2OTc0MjA2NTc2NjU2ZTIwNzQ2ZjIwNzk2Zjc1NzIyMDZkNmY3NDY4NjU3MjIwMmQyZCB9\n', '$a0 and $a1', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(140, 'Win_Trojan_Shell_65', 'JGEwID0geyA2YTAwODllNTgzZTRmMDgzZWMxMDhiNWQwNDg5NWMyNDAwOGQ0ZDA4ODk0YzI0MDQ4M2MzMDFjMWUzMDIwMWNiODk1YzI0MDg4YjAzODNjMzA0ODVjMDc1Zjc4OTVjMjQwY2U4MmMwMDAwMDA4OTQ0MjQwMGU4NDUzMDAwMDBmNGU4MDAwMDAwMDA1OGZmYjA0ZjAwMDAwMDhiODA1YjIyMDAwMGZmZTBlODAwMDAwMDAwNTg4YjgwNGIyMjAwMDBmZmUwNTU4OWU1NTM4M2VjMDRlODAwMDAwMDAwNWI4ZDgzMmEwMDAwMDBmZmQwYjgwMDAwMDAwMDgzYzQwNDViYzljMyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(141, 'Win_Trojan_Shell_66', 'JGEwID0geyA3MDcyNjk3NjYxNzQ2NTIwMjEyMTIxWzAtMjAwXTY1NzY2MTZjMjgyMjNmM2UyMjJlNjc3YTc1NmU2MzZmNmQ3MDcyNjU3MzczMjg2MjYxNzM2NTM2MzQ1ZjY0NjU2MzZmNjQ2NTI4MjIgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(142, 'Win_Trojan_Shell_67', 'JGEwID0geyAyNDYxNzU3NDY4NWY3MDYxNzM3MzIwM2QyMDIyMzYzMzYxMzk2NjMwNjU2MTM3NjI2MjM5MzgzMDM1MzAzNzM5MzY2MjM2MzQzOTY1MzgzNTM0MzgzMTM4MzQzNTIyM2IwZDBhMjQ2MzZmNmM2ZjcyMjAzZDIwMjIyMzY0NjYzNTIyM2IwZDBhMjQ2NDY1NjY2MTc1NmM3NDVmNjE2Mzc0Njk2ZjZlMjAzZDIwMjc0NjY5NmM2NTczNGQ2MTZlMjczYjBkMGEyNDY0NjU2NjYxNzU2Yzc0NWY3NTczNjU1ZjYxNmE2MTc4MjAzZDIwNzQ3Mjc1NjUgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(143, 'Win_Trojan_Shell_62', 'JGEwID0geyA2Njc1NmU2Mzc0Njk2ZjZlMjA2NDI4MjQ3MzJjMjAyNDZiM2QyNzI3Mjk3YjY5NjYyODI0NmIzZDNkMjcyNzI5N2I2NjZmNzIyODI0NjkzZDMwM2IyNDY5M2M3Mzc0NzI2YzY1NmUyODI0NzMyOTNiMjQ2OTI5N2IyNDY0MmUzZDYzNjg3MjI4Njg2NTc4NjQ2NTYzMjg3Mzc1NjI3Mzc0NzIyODI0NzMyYzIwMjQ2OTJjMjAzMjI5MjkyOTNiMjQ2OTNkMjg2NjZjNmY2MTc0MjkyODI0NjkyOTJiMzIzYjdkNzI2NTc0NzU3MjZlMjAyNDY0M2I3ZDY1NmM3MzY1N2IyNDcyM2QyNzI3M2IyNDY2M2Q2NDI4MjczNjMyMzYzMTM3MzMzNjM1MzMzNjMzMzQzNTY2MzYzNDM2MzUzNjMzMzY2NjM2MzQzNjM1MjcyOTNiMjQ3NTNkMjQ2NjI4Mjc1YTMzNzA3MDYyNmQ1YTczNTk1ODUyNmMyNzI5M2IyNDczM2QyNDc1MjgyNDY2MjgyNDczMjkyOTNiNjY2ZjcyMjgyNDY5M2QzMDNiMjQ2OTNjNzM3NDcyNmM2NTZlMjgyNDczMjkzYjI0NjkyYjJiMjk3YjI0NjMzZDczNzU2MjczNzQ3MjI4MjQ3MzJjMjAyNDY5MmMyMDMxMjkzYjI0NmI2MzNkNzM3NTYyNzM3NDcyMjgyNDZiMmMyMDI4MjQ2OTI1NzM3NDcyNmM2NTZlMjgyNDZiMjkyOTJkMzEyYzIwMzEyOTNiMjQ2MzNkNjM2ODcyMjg2ZjcyNjQyODI0NjMyOTJkNmY3MjY0MjgyNDZiNjMyOTI5M2IyNDcyMmUzZDI0NjMzYjdkNzI2NTc0NzU3MjZlIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(144, 'Win_Trojan_Shell_20', 'JGEwID0geyAyMDY5NjYyMDI4MjE2NTZkNzA3NDc5MjgyNDYzNmY2ZDI5MjkyMDdiMjA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjkyMDdiMjA2NTc4NjU2MzI4MjQ2MzZmNmQyYzI0NjE3MjcyMjkzYjIwNjU2MzY4NmYyMDY5NmQ3MDZjNmY2NDY1MjgyNzIwMjcyYzI0NjE3MjcyMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5MjA3YjIwNjU2MzY4NmYyMDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjgyNDYzNmY2ZDI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5MjkyMDdiMjA2NTYzNjg2ZjIwNzM3OTczNzQ2NTZkMjgyNDYzNmY2ZDI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MDYxNzM3Mzc0Njg3Mjc1MjcyOTI5MjA3YjIwNjU2MzY4NmYyMDcwNjE3MzczNzQ2ODcyNzUyODI0NjM2ZjZkIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(145, 'Win_Trojan_Shell_21', 'JGEwID0geyA2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjkyMDdiMjA0MDY1Nzg2NTYzMjgyNDYzNjY2NTJjMjQ3MjY1NzMyOTNiMjAyNDcyNjU3MzIwM2QyMDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ3MjY1NzMyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg0MDY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MzY4NjU2YzZjNWY2NTc4NjU2MzI3MjkyOTIwN2IyMDI0NzI2NTczMjAzZDIwNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzY2NjUyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg0MDY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3Mzc5NzM3NDY1NmQyNzI5MjkyMDdiMjA0MDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDQwNzM3OTczNzQ2NTZkMjgyNzI0NjM2NjY1MjcyOTNiMjAyNDcyNjU3MzIwM2QyMDQwNmY2MjVmNjc2NTc0NWY2MzZmNmU3NDY1NmU3NDczMjgyOTNiMjA0MDZmNjI1ZjY1NmU2NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjI4NDA2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzA2MTczNzM3NDY4NzI3NTI3MjkgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(146, 'Win_Trojan_ShellHook_4', 'JGEwID0geyA1YzQ5NmU1MDcyNmY2MzUzNjU3Mjc2NjU3MjMzMzIwMDQxNzA2MTcyNzQ2ZDY1NmU3NDAwMDAwMDU0Njg3MjY1NjE2NDY5NmU2NzRkNmY2NDY1NmMwMDAwN2I/Pz8/Pz8/Pz8/Pz8/Pz8/MmQ/Pz8/Pz8/PzJkPz8/Pz8/Pz8yZD8/Pz8/Pz8/MmQ/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz83ZDAwMDA1MzRmNDY1NDU3NDE1MjQ1NWM0ZDY5NjM3MjZmNzM2ZjY2NzQ1YzU3Njk2ZTY0NmY3NzczNWM0Mzc1NzI3MjY1NmU3NDU2NjU3MjczNjk2ZjZlNWM0NTc4NzA2YzZmNzI2NTcyNWM1MzY4NjU2YzZjNDU3ODY1NjM3NTc0NjU0ODZmNmY2YjczIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(147, 'Win_Trojan_ShellHook_5', 'JGEwID0geyA0MzRjNTM0OTQ0NWMwMDAwNDg0ZjRmNGIwMDAwMDAwMDAwMDAwMDAwZmZmZmZmZmYwZjAwMDAwMDVjNDk2ZTUwNzI2ZjYzNTM2NTcyNzY2NTcyMzMzMjAwNDE3MDYxNzI3NDZkNjU2ZTc0MDAwMDAwNTQ2ODcyNjU2MTY0Njk2ZTY3NGQ2ZjY0NjU2YzAwMDA1MzRmNDY1NDU3NDE1MjQ1NWM0ZDY5NjM3MjZmNzM2ZjY2NzQ1YzU3Njk2ZTY0NmY3NzczNWM0Mzc1NzI3MjY1NmU3NDU2NjU3MjczNjk2ZjZlNWM0NTc4NzA2YzZmNzI2NTcyNWM1MzY4NjU2YzZjNDU3ODY1NjM3NTc0NjU0ODZmNmY2YjczIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(148, 'Win_Trojan_ShellHook_1', 'JGEwID0geyA1YzQ5NmU3MDcyNmY2MzUzNjU3Mjc2NjU3MjMzMzIwMDAwMDAwMDAwZmZmZmZmZmYwOTAwMDAwMDQxNzA2MTcyNzQ2ZDY1NmU3NDAwMDAwMDU0Njg3MjY1NjE2NDY5NmU2NzRkNmY2NDY1NmMwMDAwNTM2ZjY2NzQ3NzYxNzI2NTVjNGQ2OTYzNzI2ZjczNmY2Njc0NWM1NzY5NmU2NDZmNzc3MzVjNDM3NTcyNzI2NTZlNzQ1NjY1NzI3MzY5NmY2ZTVjNjU3ODcwNmM2ZjcyNjU3MjVjNTM2ODY1NmM2YzQ1Nzg2NTYzNzU3NDY1NDg2ZjZmNmI3MyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(149, 'Win_Trojan_ShellHook_2', 'JGEwID0geyA0ODRmNGY0YjBhYTNkZTAxNGQ1ZjU0NGM0MjE2NTRlZTlhMjJhNDBmMGM0MjAxMjU3NzdhNDQ5YTk1MGEwYjVhM2ExMzA0YmQxMzYxNDYwNDQ0NmQ1YjI4NTMwZjY3MTdiNzVkZmY5ZmIyMDE1NjY5NzI3NDc1NjE2YzUxNzU2NTMwMDE1MzE4NjU3MDIwODg1NzcyMDY5YTNiYjVkYjkzY2QxMDBmNDEgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(150, 'Win_Trojan_ShellHook_3', 'JGEwID0geyA0ODRmNGY0YjAwMDA4ODJjY2ZmZjBmNWM0OTZlNTA3MjZmNjM1MzY1NzI1YjAwNDA1ODc2MzMzMjAwNDE3MDYxNzI3NDZkNjU2ZTc0NzkxNjAwNzA1NDY4NzI2NTYxNjQ2OTZlNjc0ZDZmNjQ2NTZjNGY5MmJhNzYwMGRiMDQ3NTRkNjk2MzczNmY2Njc0NWM1NzZlMDJhMDk4NjQ2Zjc3NzM1YzQzNzU3MjcyMTYwMGQ2NDk1NjczNjk2ZjZlNWM0NTc4NzA2YzZmNTk4MDEzODA3MjVjNTM2ODZjZGFiYzAxYTA2NTYzNzU3NDY1NDg2ZjZmNmI3MyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(151, 'Win_Trojan_Shell_31', 'JGEwID0geyAzYzNmMjA3Mzc5NzM3NDY1NmQyODI0NWY2NzY1NzQ1YjI3NjM2ZDY0Mjc1ZDI5M2IyMDY0Njk2NTIwMjgyMiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(152, 'Win_Trojan_Shell_36', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5Mjk3YjIwNDA2NTc4NjU2MzI4MjQ2MzY2NjUyYzI0NzI2NTczMjkzYjIwMjQ3MjY1NzMyMDNkMjA2YTZmNjk2ZTI4MjI1YzZlMjIyYzI0NzI2NTczMjkzYjIwN2QyMDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNjg2NTZjNmM1ZjY1Nzg2NTYzMjcyOTI5N2IyMDI0NzI2NTczMjAzZDIwNDA3MzY4NjU2YzZjNWY2NTc4NjU2MzI4MjQ2MzY2NjUyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM3OTczNzQ2NTZkMjcyOTI5N2IyMDQwNmY2MjVmNzM3NDYxNzI3NDI4MjkzYjIwNDA3Mzc5NzM3NDY1NmQyODI0NjM2NjY1MjkzYjIwMjQ3MjY1NzMyMDNkMjA0MDZmNjI1ZjY3NjU3NDVmNjM2ZjZlNzQ2NTZlNzQ3MzI4MjkzYjIwNDA2ZjYyNWY2NTZlNjQ1ZjYzNmM2NTYxNmUyODI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzcwNjE3MzczNzQ2ODcyNzUyNzI5Mjk3YjIwNDA2ZjYyNWY3Mzc0NjE3Mjc0MjgyOTNiMjA0MDcwNjE3MzczNzQ2ODcyNzUyODI0NjM2NjY1MjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(153, 'Win_Trojan_Shell_35', 'JGEwID0geyA0MDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNzM2MTY2NjU1ZjZkNmY2NDY1MjIyOTNiWzAtNF00MDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNmY3MDY1NmU1ZjYyNjE3MzY1NjQ2OTcyMjIyOTNiWzAtNF00MDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNzM2MTY2NjU1ZjZkNmY2NDY1NWY2OTZlNjM2Yzc1NjQ2NTVmNjQ2OTcyMjIyOTNiWzAtNF00MDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNzM2MTY2NjU1ZjZkNmY2NDY1NWY2NTc4NjU2MzVmNjQ2OTcyMjIyOTNiWzAtNF00MDY5NmU2OTVmNzI2NTczNzQ2ZjcyNjUyODIyNjQ2OTczNjE2MjZjNjU1ZjY2NzU2ZTYzNzQ2OTZmNmU3MzIyMjkzYlswLTRdNDA2OTZlNjk1ZjcyNjU3Mzc0NmY3MjY1MjgyMjYxNmM2YzZmNzc1Zjc1NzI2YyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(154, 'Win_Trojan_Shell_34', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5Mjk3YjIwNDA2NTc4NjU2MzI4MjQ2MzY2NjUyYzI0NzI2NTczMjkzYjIwMjQ3MjY1NzMzZDZhNmY2OTZlMjgyMjVjNmUyMjJjMjQ3MjY1NzMyOTNiMjA3ZDIwNjU2YzczNjU2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMyNzI5Mjk3YjIwMjQ3MjY1NzMzZDQwNzM2ODY1NmM2YzVmNjU3ODY1NjMyODI0NjM2NjY1MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjI4NjY3NTZlNjM3NDY5NmY2ZTVmNjU3ODY5NzM3NDczMjgyNzczNzk3Mzc0NjU2ZDI3MjkyOTdiMjA0MDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDQwNzM3OTczNzQ2NTZkMjgyNDYzNjY2NTI5M2IgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(155, 'Win_Trojan_ShellExec_2', 'JGEwID0geyAyNDYxNjM3NDY5NmY2ZTIwMjEzZDIwMjI3MzcwNjE2ZDMxMjIgfQ==\nJGExID0geyAyMTNkMjI2MjcyNzU3NDVmNjY3NDcwMjIgfQ==\nJGEyID0geyAyMTNkMjAyMjY0NmY3NzZlNmM2ZjYxNjQ1ZjZkNjE2OTZjMjIgfQ==\n', '$a0 and $a1 and $a2', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(156, 'Win_Trojan_ShellExec_3', 'JGEwID0geyAyNDcwNmY3Mjc0NzM2MzYxNmUyYzI0NzA2ZjcyNzQ1ZjYxNjQ2NDcyNjU3MzMyIH0=\nJGExID0geyAyNDYxNzQ3NDYxNjM2ODNkMjQ2NjY5IH0=\nJGEyID0geyA2ODYxNjM2YjcyNzUgfQ==\n', '$a0 and $a1 and $a2', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(157, 'Win_Trojan_ShellExec_1', 'JGEwID0geyA2OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NjU3ODY1NjMyNzI5MjlbMC0zMF00MDY1Nzg2NTYzMjhbMC01MF02OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM2ODY1NmM2YzVmNjU3ODY1NjMyNzI5MjlbMC0zMF00MDczNjg2NTZjNmM1ZjY1Nzg2NTYzMjhbMC01MF02OTY2Mjg2Njc1NmU2Mzc0Njk2ZjZlNWY2NTc4Njk3Mzc0NzMyODI3NzM3OTczNzQ2NTZkMjcyOTI5WzAtMzBdNDA3Mzc5NzM3NDY1NmQyOFswLTgwXTY5NjYyODY2NzU2ZTYzNzQ2OTZmNmU1ZjY1Nzg2OTczNzQ3MzI4Mjc3MDYxNzM3Mzc0Njg3Mjc1MjcyOTI5WzAtMzBdNDA3MDYxNzM3Mzc0Njg3Mjc1MjggfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(158, 'Win_Trojan_ShellExec_4', 'JGEwID0geyA2NjIwMjg2NTZlNjE2MjZjNjU2NDI4MjI3Mzc5NzM3NDY1NmQyMjI5MjkyMDdiMjA0MDZmNjI1ZjczNzQ2MTcyNzQyODI5M2IyMDczNzk3Mzc0NjU2ZDI4MjQ2MzZkNjQyOTNiMjAyNDcyNjU3YTIwM2QyMDQwNmY2MjVmNjc2NTc0NWY2MzZmNmU3NDY1NmU3NDczMjgyOTNiMjA0MDZmNjI1ZjY1NmU2NDVmNjM2YzY1NjE2ZTI4MjkzYjIwN2QyMDY1NmM3MzY1Njk2NjIwMjg2NTZlNjE2MjZjNjU2NDI4MjI2NTc4NjU2MzIyMjkyOTIwN2IyMDY1Nzg2NTYzMjgyNDYzNmQ2NDJjMjQ2ZjI5M2IyMDI0NzI2NTdhMjAzZDIwNmE2ZjY5NmUyODIyNWM3MjVjNmUyMjJjMjQ2ZjI5M2IyMDdkMjA2NTZjNzM2NTY5NjYyMDI4NjU2ZTYxNjI2YzY1NjQyODIyNzM2ODY1NmM2YzVmNjU3ODY1NjMgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(159, 'Win_Trojan_ShellcodeFindKernel32_1', 'JGEwID0geyAzMWQyYjI3NzMxYzk2NDhiNzEzMDhiNzYwYzhiNzYxYzhiNDYwODhiN2UyMDhiMzYzODRmMTg3NWYzNTkwMWQxZmZlMTYwOGI2YzI0MjQ4YjQ1M2M4YjU0Mjg3ODAxZWE4YjRhMTg4YjVhMjAwMWViZTMzNDQ5OGIzNDhiMDFlZTMxZmYzMWMwZmNhYzg0YzA3NDA3YzFjZjBkMDFjN2ViZjQzYjdjMjQyODc1ZTE4YjVhMjQwMWViNjY4YjBjNGI4YjVhMWMwMWViOGIwNDhiMDFlODg5NDQyNDFjNjFjMyB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(160, 'Win_Trojan_Shell_1', 'JGEwID0geyAwZjgyM2UwMWI0NDBiOTY0MjliYTAwMDAxZTBlMWZjZDIxIH0=\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(161, 'Win_Trojan_Shell_47', 'JGEwID0geyAzYzNmNzA2ODcwMjA2ZjYyNWY2MzZjNjU2MTZlMjgyOTNiNjU2MzY4NmY1YzIyNjg2OTIwNmQ2MTczNzQ2NTcyMjE1YzIyM2I2OTZlNjk1ZjczNjU3NDI4NWMyMjZkNjE3ODVmNjU3ODY1NjM3NTc0Njk2ZjZlNWY3NDY5NmQ2NTVjMjIyYzMwMjkzYjcwNjE3MzczNzQ2ODcyNzUyODVjMjQ1ZjY3NjU3NDViNjM2ZDY0NWQyOTNiNjQ2OTY1M2IgfQ==\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(162, 'Win_Trojan_Shell_40', 'JGEwID0geyAyNDYzNzU3MjcyNjU2ZTc0NjM2ZDY0MjAzZDIwMjI2MzY0MjAyMjJlMjQ2Mzc1NzI3MjY1NmU3NDc3NjQyZTIyM2IyMjJlMjQ2Mzc1NzI3MjY1NmU3NDYzNmQ2NDNiMjA3Mzc5NzM3NDY1NmQyODIyMjQ2Mzc1NzI3MjY1NmU3NDYzNmQ2NDIwMzEzZTIwMmY3NDZkNzAyZjczNjU2ZDYyNmY2ZTczNjg2NTZjNmMyMDMyM2UyNjMxM2IyMDYzNjE3NDIwMmY3NDZkNzAyZjczNjU2ZDYyNmY2ZTczNjg2NTZjNmMzYjIwNzI2ZDIwMmQ3MjY2MjAyZjc0NmQ3MDJmNzM2NTZkNjI2ZjZlNzM2ODY1NmM2YzIyMjkzYiB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(163, 'Win_Trojan_ShellcodeReverseTcp_1', 'JGEwID0geyBmY2U4ODkwMDAwMDA2MDg5ZTUzMWQyNjQ4YjUyMzA4YjUyMGM4YjUyMTQ4YjcyMjgwZmI3NGEyNjMxZmYzMWMwYWMzYzYxN2MwMjJjMjBjMWNmMGQwMWM3ZTJmMDUyNTc4YjUyMTA4YjQyM2MwMWQwOGI0MDc4ODVjMDc0NGEwMWQwNTA4YjQ4MTg4YjU4MjAwMWQzZTMzYzQ5OGIzNDhiMDFkNjMxZmYzMWMwYWNjMWNmMGQwMWM3MzhlMDc1ZjQwMzdkZjgzYjdkMjQ3NWUyNTg4YjU4MjQwMWQzNjY4YjBjNGI4YjU4MWMwMWQzOGIwNDhiMDFkMDg5NDQyNDI0NWI1YjYxNTk1YTUxZmZlMDU4NWY1YThiMTJlYjg2NWQ2ODMzMzIwMDAwNjg3NzczMzI1ZjU0Njg0Yzc3MjYwN2ZmZDViODkwMDEwMDAwMjljNDU0NTA2ODI5ODA2YjAwZmZkNTUwNTA1MDUwNDA1MDQwNTA2OGVhMGZkZmUwZmZkNTg5Yzc2OFs0XTY4MDIwMFsyXTg5ZTY2YTEwNTY1NzY4OTlhNTc0NjFmZmQ1Njg2MzZkNjQwMDg5ZTM1NzU3NTczMWY2NmExMjU5NTZlMmZkNjZjNzQ0MjQzYzAxMDE4ZDQ0MjQxMGM2MDA0NDU0NTA1NjU2NTY0NjU2NGU1NjU2NTM1NjY4NzljYzNmODZmZmQ1ODllMDRlNTY0NmZmMzA2ODA4ODcxZDYwZmZkNWJiWzRdNjhhNjk1YmQ5ZGZmZDUzYzA2N2MwYTgwZmJlMDc1MDViYjQ3MTM3MjZmNmEwMDUzZmZkNSB9\n', '$a0', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(164, 'Php_Trojan_StopPost1', 'JGEgPSB7IDNEIDIyIDczIDc0IDZGIDcwIDVGIDIyIDNCIDI0ID8/ID8/ID8/IDNEIDczIDc0IDcyIDc0IDZGIDc1IDcwIDcwIDY1IDcyIDI4IDI0ID8/ID8/IDVCIDM0IDVEIDJFIDI0ID8/ID8/IDVCIDMzIDVEIDJFIDI0ID8/ID8/IDVCIDMyIDVEIDJFIDI0ID8/ID8/IDVCIDMwIDVEIDJFIDI0ID8/ID8/IDVCIDMxIDVEIDI5IDNCIH0=\n', '$a', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(165, 'Php_Malware_Mailbot45', 'JGEgPSAiZWNobyBwaHBfb3MuIiBub2Nhc2U=\nJGIgPSAiJ10oMDk4NzY1NDMyMSkuIg==\nJGMgPSAiJ10oMjIyMjIyMjIyMikuIg==\n', 'all of them', '', '', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(166, 'php_killnc', 'JHMxID0gImlmICgkX1NFUlZFUltcIlJFTU9URV9BRERSXCJdID09ICRJUCki\nJHMyID0gImhlYWRlcihcIkhUVFAvMS4wIDQwNCBOb3QgRm91bmRcIik7Ig==\nJHMzID0gIjw/cGhwIGVjaG8gZXhlYygna2lsbGFsbCBuYycpOz8+Ig==\nJHM0ID0gIjx0aXRsZT5MYXVkYW51bSBLaWxsIG5jPC90aXRsZT4i\nJHM1ID0gImZvcmVhY2ggKCRhbGxvd2VkSVBzIGFzICRJUCkgeyI=\n', 'filesize < 15KB and 4 of them', ' Laudanum Injector Tools - file killnc.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(167, 'settings', 'JHMxID0gIlBvcnQ6IDxpbnB1dCBuYW1lPVwicG9ydFwiIHR5cGU9XCJ0ZXh0XCIgdmFsdWU9XCI4ODg4XCI+Ig==\nJHMyID0gIjxsaT5SZXZlcnNlIFNoZWxsIC0gIg==\nJHMzID0gIjxsaT48YSBocmVmPVwiPD9waHAgZWNobyBwbHVnaW5zX3VybCgnZmlsZS5waHAnLCBfX0ZJTEVfXyk7Pz5cIj5GaWxlIEJyb3dzZXI8L2E+Ig==\n', 'filesize < 13KB and all of them', ' Laudanum Injector Tools - file settings.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(168, 'cfm_shell', 'JHMxID0gIkV4ZWN1dGFibGU6IDxJbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCJjbWRcIiB2YWx1ZT1cImNtZC5leGVcIj48YnI+Ig==\nJHMyID0gIjxjZmlmICggI3N1cHBsaWVkQ29kZSMgbmVxIHNlY3JldENvZGUgKT4i\nJHMzID0gIjxjZmlmIElzRGVmaW5lZChcImZvcm0uY21kXCIpPiI=\n', 'filesize < 20KB and 2 of them', ' Laudanum Injector Tools - file shell.cfm', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(170, 'php_shell ', 'JHMxID0gImNvbW1hbmRfaGlzdFtjdXJyZW50X2xpbmVdID0gZG9jdW1lbnQuc2hlbGwuY29tbWFuZC52YWx1ZTsi\nJHMyID0gImlmIChlLmtleUNvZGUgPT0gMzggJiYgY3VycmVudF9saW5lIDwgY29tbWFuZF9oaXN0Lmxlbmd0aC0xKSB7Ig==\nJHMzID0gImFycmF5X3Vuc2hpZnQoJF9TRVNTSU9OWydoaXN0b3J5J10sICRjb21tYW5kKTsi\nJHM0ID0gImlmIChwcmVnX21hdGNoKCcvXltbOmJsYW5rOl1dKmNkW1s6Ymxhbms6XV0qJC8nLCAkY29tbWFuZCkpIHsi\n', 'filesize < 40KB and all of them', ' Laudanum Injector Tools - file shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(171, 'php_reverse_shell', 'JHMxID0gIiRwcm9jZXNzID0gcHJvY19vcGVuKCRzaGVsbCwgJGRlc2NyaXB0b3JzcGVjLCAkcGlwZXMpOyI=\nJHMyID0gInByaW50aXQoXCJTdWNjZXNzZnVsbHkgb3BlbmVkIHJldmVyc2Ugc2hlbGwgdG8gJGlwOiRwb3J0XCIpOyI=\nJHMzID0gIiRpbnB1dCA9IGZyZWFkKCRwaXBlc1sxXSwgJGNodW5rX3NpemUpOyI=\n', 'filesize < 15KB and all of them', ' Laudanum Injector Tools - file php-reverse-shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(172, 'php_dns ', 'JHMxID0gIiRxdWVyeSA9IGlzc2V0KCRfUE9TVFsncXVlcnknXSkgPyAkX1BPU1RbJ3F1ZXJ5J10gOiAnJzsi\nJHMyID0gIiRyZXN1bHQgPSBkbnNfZ2V0X3JlY29yZCgkcXVlcnksICR0eXBlc1skdHlwZV0sICRhdXRobnMsICRhZGR0bCk7Ig==\nJHMzID0gImlmICgkX1NFUlZFUltcIlJFTU9URV9BRERSXCJdID09ICRJUCki\nJHM0ID0gImZvcmVhY2ggKGFycmF5X2tleXMoJHR5cGVzKSBhcyAkdCkgeyI=\n', 'filesize < 15KB and all of them', ' Laudanum Injector Tools - file dns.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(173, 'WEB_INF_web ', 'JHMxID0gIjxzZXJ2bGV0LW5hbWU+Q29tbWFuZDwvc2VydmxldC1uYW1lPiI=\nJHMyID0gIjxqc3AtZmlsZT4vY21kLmpzcDwvanNwLWZpbGU+Ig==\n', 'filesize < 1KB and all of them', ' Laudanum Injector Tools - file web.xml', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(174, 'jsp_cmd', 'JHMwID0gImNtZC5qc3B9Ig==\nJHMxID0gImNtZC5qc3BQSyI=\nJHMyID0gIldFQi1JTkYvd2ViLnhtbCI=\nJHMzID0gIldFQi1JTkYvd2ViLnhtbFBLIg==\nJHM0ID0gIk1FVEEtSU5GL01BTklGRVNULk1GIg==\n', 'uint16(0) == 0x4b50 and filesize < 2KB and all of them', ' Laudanum Injector Tools - file cmd.war', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(175, 'laudanum', 'JHMxID0gInB1YmxpYyBmdW5jdGlvbiBfX2FjdGl2YXRlKCki\nJHMyID0gInJlZ2lzdGVyX2FjdGl2YXRpb25faG9vayhfX0ZJTEVfXywgYXJyYXkoJ1dQX0xhdWRhbnVtJywgJ2FjdGl2YXRlJykpOyI=\n', 'filesize < 5KB and all of them', ' Laudanum Injector Tools - file laudanum.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(176, 'php_file ', 'JHMxID0gIiRhbGxvd2VkSVBzID0i\nJHMyID0gIjxhIGhyZWY9XCI8P3BocCBlY2hvICRfU0VSVkVSWydQSFBfU0VMRiddICA/PlwiPkhvbWU8L2E+PGJyLz4i\nJHMzID0gIiRkaXIgID0gaXNzZXQoJF9HRVRbXCJkaXJcIl0pICA/ICRfR0VUW1wiZGlyXCJdICA6IFwiLlwiOyI=\nJHM0ID0gIiRjdXJkaXIgLj0gc3Vic3RyKCRjdXJkaXIsIC0xKSAhPSBcIi9cIiA/IFwiL1wiIDogXCJcIjsi\n', 'filesize < 10KB and all of them', ' Laudanum Injector Tools - file file.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(177, 'warfiles_cmd', 'JHMxID0gIlByb2Nlc3MgcCA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJjbWRcIikpOyI=\nJHMyID0gIm91dC5wcmludGxuKFwiQ29tbWFuZDogXCIgKyByZXF1ZXN0LmdldFBhcmFtZXRlcihcImNtZFwiKSArIFwiPEJSPlwiKTsi\nJHMzID0gIjxGT1JNIE1FVEhPRD1cIkdFVFwiIE5BTUU9XCJteWZvcm1cIiBBQ1RJT049XCJcIj4i\nJHM0ID0gIlN0cmluZyBkaXNyID0gZGlzLnJlYWRMaW5lKCk7Ig==\n', 'filesize < 2KB and all of them', ' Laudanum Injector Tools - file cmd.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(178, 'php_reverse_shell_2 ', 'JHMxID0gIiRwcm9jZXNzID0gcHJvY19vcGVuKCRzaGVsbCwgJGRlc2NyaXB0b3JzcGVjLCAkcGlwZXMpOyI=\nJHM3ID0gIiRzaGVsbCA9ICd1bmFtZSAtYTsgdzsgaWQ7IC9iaW4vc2ggLWknOyI=\n', 'filesize < 10KB and all of them', ' Laudanum Injector Tools - file php-reverse-shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(179, 'Laudanum_Tools_Generic ', 'JHMxID0gIioqKiAgbGF1ZGFudW1Ac2VjdXJlaWRlYXMubmV0Ig==\nJHMyID0gIioqKiBMYXVkYW51bSBQcm9qZWN0Ig==\n', 'filesize < 60KB and all of them', ' Laudanum Injector Tools', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(181, 'php_in_image', 'JHBocF90YWcgPSAiPD9waHAi\n', '(($gif at 0) or', ' Finds image files w/ PHP code in images', ' Vlad https://github.com/vlad-s', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(182, 'Weevely_Webshell', 'JHBocCA9ICI8P3BocCI=\n', '$php at 0 and all of ($s*) and filesize > 570 and filesize < 800', ' Weevely Webshell - Generic Rule - heavily scrambled tiny web shell', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(183, 'webshell_h4ntu_shell_powered_by_tsoi_ ', 'JHMwID0gIiAgPFREPjxESVYgU1RZTEU9XCJmb250LWZhbWlseTogdmVyZGFuYTsgZm9udC1zaXplOiAxMHB4O1wiPjxiPlNlcnZlciBBZHJlc3M6PC9iIg==\nJHMzID0gIiAgPFREPjxESVYgU1RZTEU9XCJmb250LWZhbWlseTogdmVyZGFuYTsgZm9udC1zaXplOiAxMHB4O1wiPjxiPlVzZXIgSW5mbzo8L2I+IHVpIg==\nJHM0ID0gIiAgICA8VEQ+PERJViBTVFlMRT1cImZvbnQtZmFtaWx5OiB2ZXJkYW5hOyBmb250LXNpemU6IDEwcHg7XCI+PD89ICRpbmZvID8+OiA8Pz0gIg==\nJHM1ID0gIjxJTlBVVCBUWVBFPVwidGV4dFwiIE5BTUU9XCJjbWRcIiB2YWx1ZT1cIjw/cGhwIGVjaG8gc3RyaXBzbGFzaGVzKGh0bWxlbnRpdGllcygkIg==\n', 'all of them', ' Web Shell - file h4ntu shell [powered by tsoi].php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(184, 'webshell_PHP_sql ', 'JHMwID0gIiRyZXN1bHQ9bXlzcWxfbGlzdF90YWJsZXMoJGRiKSBvciBkaWUgKFwiJGhfZXJyb3I8Yj5cIi5teXNxbF9lcnJvcigpLlwiPC9iPiRmXyI=\nJHM0ID0gInByaW50IFwiPGEgaHJlZj1cXFwiJF9TRVJWRVJbUEhQX1NFTEZdP3M9JHMmbG9naW49JGxvZ2luJnBhc3N3ZD0kcGFzc3dkJiI=\n', 'all of them', ' Web Shell - file sql.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(185, 'webshell_PHP_a', 'JHMxID0gImVjaG8gXCI8b3B0aW9uIHZhbHVlPVxcXCJcIi4gc3RycmV2KHN1YnN0cihzdHJzdHIoc3RycmV2KCR3b3JrX2RpciksIFwiL1wiIg==\nJHMyID0gImVjaG8gXCI8b3B0aW9uIHZhbHVlPVxcXCIkd29ya19kaXJcXFwiIHNlbGVjdGVkPkN1cnJlbnQgRGlyZWN0b3J5PC9vcHRpb24+Ig==\nJHM0ID0gIjxpbnB1dCBuYW1lPVwic3VibWl0X2J0blwiIHR5cGU9XCJzdWJtaXRcIiB2YWx1ZT1cIkV4ZWN1dGUgQ29tbWFuZFwiPjwvcD4gIg==\n', '2 of them', ' Web Shell - file a.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(186, 'webshell_iMHaPFtp_2 ', 'JHM4ID0gImlmICgkbCkgZWNobyAnPGEgaHJlZj1cIicgLiAkc2VsZiAuICc/YWN0aW9uPXBlcm1pc3Npb24mYW1wO2ZpbGU9JyAuIHVybGVuY29kZSgkIg==\nJHM5ID0gInJldHVybiBiYXNlNjRfZGVjb2RlKCdSMGxHT0RsaEVRQU5BSkVEQU13QUFQLy8vNW1abWYvLy95SDVCQUhvQXdNQUxBQUFBQUFSQUEwQUFBIg==\n', '1 of them', ' Web Shell - file iMHaPFtp.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(187, 'webshell_Jspspyweb ', 'JHMwID0gIiAgICAgIG91dC5wcmludChcIjx0cj48dGQgd2lkdGg9JzYwJSc+XCIrc3RyQ3V0KGNvbnZlcnRQYXRoKGxpc3RbaV0uZ2V0UGF0aCgpKSw3Ig==\nJHMzID0gIiAgXCJyZWcgYWRkIFxcXCJIS0VZX0xPQ0FMX01BQ0hJTkVcXFxcU1lTVEVNXFxcXEN1cnJlbnRDb250cm9sU2V0XFxcXENvbnRyb2wi\n', 'all of them', ' Web Shell - file Jspspyweb.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(188, 'webshell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2 ', 'JHMwID0gImRpZShcIlxcbldlbGNvbWUuLiBCeSBUaGlzIHNjcmlwdCB5b3UgY2FuIGp1bXAgaW4gdGhlIChTYWZlIE1vZGU9T04pIC4uIEVuam95XFxuIg==\nJHMxID0gIk1vZGUgU2hlbGwgdjEuMDwvZm9udD48L3NwYW4+PC9hPjwvZm9udD48Zm9udCBmYWNlPVwiV2ViZGluZ3NcIiBzaXplPVwiNlwiIGNvbG9yIg==\n', '1 of them', ' Web Shell - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(189, 'webshell_SimAttacker_Vrsion_1_0_0_priv8_4_My_friend ', 'JHMyID0gImVjaG8gXCI8YSBocmVmPSc/aWQ9Zm0mZmNobW9kPSRkaXIkZmlsZSc+PHNwYW4gc3R5bGU9J3RleHQtZGVjb3JhdGlvbjogbm9uZSc+PGZvIg==\nJHMzID0gImZwdXRzICgkZnAgLFwiXFxuKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqXFxuV2VsY29tZSBUMCBTaW0i\n', '1 of them', ' Web Shell - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(190, 'webshell_phpshell_2_1_pwhash ', 'JHMxID0gIjx0dD4mbmJzcDs8L3R0PlwiIChzcGFjZSksIFwiPHR0Pls8L3R0PlwiIChsZWZ0IGJyYWNrZXQpLCBcIjx0dD58PC90dD5cIiAocGki\nJHMzID0gIndvcmQ6IFwiPHR0Pm51bGw8L3R0PlwiLCBcIjx0dD55ZXM8L3R0PlwiLCBcIjx0dD5ubzwvdHQ+XCIsIFwiPHR0PnRydWU8L3R0PlwiLCI=\n', '1 of them', ' Web Shell - file pwhash.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(191, 'webshell_PHPRemoteView ', 'JHMyID0gIjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nXCIubW0oXCJEZWxldGUgYWxsIGRpci9maWxlcyByZWN1cnNpdmVcIikuXCIgKHJtIC1mciknIg==\nJHM0ID0gIjxhIGhyZWY9JyRzZWxmP2M9ZGVsZXRlJmMyPSRjMiZjb25maXJtPWRlbGV0ZSZkPVwiLnVybGVuY29kZSgkZCkuXCImZj1cIi51Ig==\n', '1 of them', ' Web Shell - file PHPRemoteView.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(192, 'webshell_jsp_12302 ', 'JHMwID0gIjwvZm9udD48JW91dC5wcmludChyZXF1ZXN0LmdldFJlYWxQYXRoKHJlcXVlc3QuZ2V0U2VydmxldFBhdGgoKSkpOyAlPiI=\nJHMxID0gIjwlQHBhZ2UgaW1wb3J0PVwiamF2YS5pby4qLGphdmEudXRpbC4qLGphdmEubmV0LipcIiU+Ig==\nJHM0ID0gIlN0cmluZyBwYXRoPW5ldyBTdHJpbmcocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJwYXRoXCIpLmdldEJ5dGVzKFwiSVNPLTg4NTktMVwiIg==\n', 'all of them', ' Web Shell - file 12302.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(193, 'webshell_caidao_shell_guo ', 'JHMwID0gIjw/cGhwICgkd3d3PSAkX1BPU1RbJ2ljZSddKSEi\nJHMxID0gIkBwcmVnX3JlcGxhY2UoJy9hZC9lJywnQCcuc3RyX3JvdDEzKCdyaW55JykuJygkd3ci\n', '1 of them', ' Web Shell - file guo.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(194, 'webshell_PHP_redcod ', 'JHMwID0gIkg4cDBiR0ZPRXk3ZUFseTRoNEU0bzg4TFRTVkhvQWdsSjJLTFFoVXci\nJHMxID0gIkhLUDdkVnlDZjhjZ25XRnk4b2NqclA1ZmZ6a245T0Ryb00wL3JhSG0i\n', 'all of them', ' Web Shell - file redcod.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(195, 'webshell_remview_fix ', 'JHM0ID0gIjxhIGhyZWY9JyRzZWxmP2M9ZGVsZXRlJmMyPSRjMiZjb25maXJtPWRlbGV0ZSZkPVwiLnVybGVuY29kZSgkZCkuXCImZj1cIi51Ig==\nJHM1ID0gImVjaG8gXCI8UD48aHIgc2l6ZT0xIG5vc2hhZGU+XFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuIg==\n', '1 of them', ' Web Shell - file remview_fix.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(197, 'webshell_php_sh_server', 'JHMwID0gImV2YWwoZ2V0ZW52KCdIVFRQX0NPREUnKSk7Ig==\n', 'all of them', ' Web Shell - file server.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(198, 'webshell_PH_Vayv_PH_Vayv', 'JHMwID0gInN0eWxlPVwiQkFDS0dST1VORC1DT0xPUjogI2VhZTllOTsgQk9SREVSLUJPVFRPTTogIzAwMDAwMCAxcHggaW4i\nJHM0ID0gIjxmb250IGNvbG9yPVwiIzg1ODU4NVwiPlNIT1BFTjwvZm9udD48L2E+PC9mb250Pjxmb250IGZhY2U9XCJWZXJkYW5hXCIgc3R5bGUi\n', '1 of them', ' Web Shell - file PH Vayv.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(199, 'webshell_caidao_shell_ice ', 'JHMwID0gIjwlZXZhbCByZXF1ZXN0KFwiaWNlXCIpJT4i\n', 'all of them', ' Web Shell - file ice.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(200, 'webshell_cihshell_fix', 'JHM3ID0gIjx0ciBzdHlsZT0nYmFja2dyb3VuZDojMjQyNDI0OycgPjx0ZCBzdHlsZT0ncGFkZGluZzoxMHB4Oyc+PGZvcm0gYWN0aW9uPScnIGVuY3R5Ig==\nJHM4ID0gImlmIChpc3NldCgkX1BPU1RbJ215c3Fsd19ob3N0J10pKXskZGJob3N0ID0gJF9QT1NUWydteXNxbHdfaG9zdCddO30gZWxzZSB7JGRiaG9zIg==\n', '1 of them', ' Web Shell - file cihshell_fix.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(202, 'webshell_Private_i3lue ', 'JHM4ID0gImNhc2UgMTU6ICRpbWFnZSAuPSBcIlxcMjFcXDBcXCI=\n', 'all of them', ' Web Shell - file Private-i3lue.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(203, 'webshell_php_up', 'JHMwID0gImNvcHkoJEhUVFBfUE9TVF9GSUxFU1sndXNlcmZpbGUnXVsndG1wX25hbWUnXSwgJF9QT1NUWydyZW1vdGVmaWxlJ10pOyI=\nJHMzID0gImlmKGlzX3VwbG9hZGVkX2ZpbGUoJEhUVFBfUE9TVF9GSUxFU1sndXNlcmZpbGUnXVsndG1wX25hbWUnXSkpIHsi\nJHM4ID0gImVjaG8gXCJVcGxvYWRlZCBmaWxlOiBcIiAuICRIVFRQX1BPU1RfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTsi\n', '2 of them', ' Web Shell - file up.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(204, 'webshell_Mysql_interface_v1_0', 'JHMwID0gImVjaG8gXCI8dGQ+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1kcm9wREImZGJuYW1lPSRkYm5hbWUnIG9uQ2xpY2s9XFxcInJldHVybiI=\n', 'all of them', ' Web Shell - file Mysql interface v1.0.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(205, 'webshell_php_s_u', 'JHM2ID0gIjxhIGhyZWY9XCI/YWN0PWRvXCI+PGZvbnQgY29sb3I9XCJyZWRcIj5HbyBFeGVjdXRlPC9mb250PjwvYT48L2I+PGJyIC8+PHRleHRhcmVhIg==\n', 'all of them', ' Web Shell - file s-u.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(206, 'webshell_phpshell_2_1_config', 'JHMxID0gIjsgKGNob29zZSBnb29kIHBhc3N3b3JkcyEpLiAgQWRkIHVzZXMgYXMgc2ltcGxlICd1c2VybmFtZSA9IFwicGFzc3dvcmRcIicgbGluZXMuIg==\n', 'all of them', ' Web Shell - file config.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(208, 'webshell_jsp_up', 'JHM5ID0gIi8vIEJVRzogQ29ydGEgZWwgZmljaGVybyBzaSBlcyBtYXlvciBkZSA2NDBLcyI=\n', 'all of them', ' Web Shell - file up.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(209, 'webshell_NetworkFileManagerPHP', 'JHM5ID0gIiAgZWNobyBcIjxicj48Y2VudGVyPkFsbCB0aGUgZGF0YSBpbiB0aGVzZSB0YWJsZXM6PGJyPiBcIi4kdGJsc3YuXCIgd2VyZSBwdXR0ZWQgIg==\n', 'all of them', ' Web Shell - file NetworkFileManagerPHP.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(210, 'webshell_Server_Variables', 'JHM3ID0gIjwlIEZvciBFYWNoIFZhcnMgSW4gUmVxdWVzdC5TZXJ2ZXJWYXJpYWJsZXMgJT4i\nJHM5ID0gIlZhcmlhYmxlIE5hbWU8L0I+PC9mb250PjwvcD4i\n', 'all of them', ' Web Shell - file Server Variables.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(211, 'webshell_caidao_shell_ice_2', 'JHMwID0gIjw/cGhwICR7JHtldmFsKCRfUE9TVFtpY2VdKX19Oz8+Ig==\n', 'all of them', ' Web Shell - file ice.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(212, 'webshell_caidao_shell_mdb', 'JHMxID0gIjwlIGV4ZWN1dGUgcmVxdWVzdChcImljZVwiKSU+YSAi\n', 'all of them', ' Web Shell - file mdb.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(213, 'webshell_jsp_guige', 'JHMwID0gImlmKGRhbWFwYXRoIT1udWxsICYmIWRhbWFwYXRoLmVxdWFscyhcIlwiKSYmY29udGVudCE9bnVsbCI=\n', 'all of them', ' Web Shell - file guige.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(214, 'webshell_phpspy2010', 'JHMzID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoIg==\nJHM1ID0gIi8vYW5nZWwi\nJHM4ID0gIiRhZG1pblsnY29va2llZG9tYWluJ10gPSAnJzsi\n', 'all of them', ' Web Shell - file phpspy2010.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(216, 'webshell_drag_system', 'JHM5ID0gIlN0cmluZyBzcWwgPSBcIlNFTEVDVCAqIEZST00gREJBX1RBQkxFUyBXSEVSRSBUQUJMRV9OQU1FIG5vdCBsaWtlICclJCUnIGFuZCBudW1fIg==\n', 'all of them', ' Web Shell - file system.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(218, 'webshell_phpshell3', 'JHMyID0gIjxpbnB1dCBuYW1lPVwibm91bmNlXCIgdHlwZT1cImhpZGRlblwiIHZhbHVlPVwiPD9waHAgZWNobyAkX1NFU1NJT05bJ25vdW5jZSddOyI=\nJHM1ID0gIjxwPlVzZXJuYW1lOiA8aW5wdXQgbmFtZT1cInVzZXJuYW1lXCIgdHlwZT1cInRleHRcIiB2YWx1ZT1cIjw/cGhwIGVjaG8gJHVzZXJuYSI=\nJHM3ID0gIiRfU0VTU0lPTlsnb3V0cHV0J10gLj0gXCJjZDogY291bGQgbm90IGNoYW5nZSB0bzogJG5ld19kaXJcXG5cIjsi\n', '2 of them', ' Web Shell - file phpshell3.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(219, 'webshell_jsp_hsxa', 'JHMwID0gIjwlQCBwYWdlIGxhbmd1YWdlPVwiamF2YVwiIHBhZ2VFbmNvZGluZz1cImdia1wiJT48anNwOmRpcmVjdGl2ZS5wYWdlIGltcG9ydD1cImphIg==\n', 'all of them', ' Web Shell - file hsxa.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(220, 'webshell_jsp_utils', 'JHMwID0gIlJlc3VsdFNldCByID0gYy5nZXRNZXRhRGF0YSgpLmdldFRhYmxlcyhudWxsLCBudWxsLCBcIiVcIiwgdCk7Ig==\nJHM0ID0gIlN0cmluZyBjcyA9IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwiejBcIik9PW51bGw/XCJnYmtcIjogcmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJ6Ig==\n', 'all of them', ' Web Shell - file utils.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(223, 'webshell_webshell_cnseay02_1', 'JHMwID0gIig5MykuJF91VSg0MSkuJF91VSg1OSk7JF9mRj0kX3VVKDk5KS4kX3VVKDExNCkuJF91VSgxMDEpLiRfdVUoOTcpLiRfdVUoMTE2KS4kX3VVIg==\n', 'all of them', ' Web Shell - file webshell-cnseay02-1.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(224, 'webshell_php_fbi', 'JHM3ID0gImVyZGUgdHlwZXMnLCdHZXRhbGxlbicsJ0RhdHVtIGVuIHRpamQnLCdUZWtzdCcsJ0JpbmFpcmUgZ2VnZXZlbnMnLCdOZXR3ZXJrJywnR2VvIg==\n', 'all of them', ' Web Shell - file fbi.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(225, 'webshell_B374kPHP_B374k', 'JHMwID0gIkh0dHA6Ly9jb2RlLmdvb2dsZS5jb20vcC9iMzc0ay1zaGVsbCI=\nJHMxID0gIiRfPXN0cl9yb3QxMygndG0nLid2YXMnLid5bmdyJyk7JF89c3RyX3JvdDEzKHN0cnJldigncnFiJy4ncHJxJy4nXycuJzQ2cicuJ2Zubyci\nJHMzID0gIkpheWFsYWggSW5kb25lc2lha3UgJiBMeWtlIEAgMjAxMyI=\nJHM0ID0gIkIzNzRrIFZpcCBJbiBCZWF1dGlmeSBKdXN0IEZvciBTZWxmIg==\n', '1 of them', ' Web Shell - file B374k.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(227, 'webshell_php_dodo_zip', 'JHMwID0gIiRoZXhkdGltZSA9ICdcXHgnIC4gJGR0aW1lWzZdIC4gJGR0aW1lWzddIC4gJ1xceCcgLiAkZHRpbWVbNF0gLiAkZHRpbWVbNV0gLiAnXFx4Ig==\nJHMzID0gIiRkYXRhc3RyID0gXCJcXHg1MFxceDRiXFx4MDNcXHgwNFxceDBhXFx4MDBcXHgwMFxceDAwXFx4MDBcXHgwMFxceDAwXFx4MDBcXHgwMCI=\n', 'all of them', ' Web Shell - file zip.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(228, 'webshell_aZRaiLPhp_v1_0', 'JHM1ID0gImVjaG8gXCIgPGZvbnQgY29sb3I9JyMwMDAwRkYnPkNITU9EVSBcIi5zdWJzdHIoYmFzZV9jb252ZXJ0KEBmaWxlcGVybXMoJCI=\nJHM3ID0gImVjaG8gXCI8YSBocmVmPScuLyR0aGlzX2ZpbGU/b3A9ZWZwJmZuYW1lPSRwYXRoLyRmaWxlJmRpc21pPSRmaWxlJnlvbD0kcGF0aCc+PGZvIg==\n', 'all of them', ' Web Shell - file aZRaiLPhp v1.0.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(229, 'webshell_php_list', 'JHMxID0gIi8vIGxpc3QucGhwID0gRGlyZWN0b3J5ICYgRmlsZSBMaXN0aW5nIg==\nJHMyID0gIiAgICBlY2hvIFwiKCApIDxhIGhyZWY9P2ZpbGU9XCIgLiAkZmljaGVybyAuIFwiL1wiIC4gJGZpbGVuYW1lIC4gXCI+XCIgLiAkZmlsZW5hIg==\nJHM5ID0gIi8vIGJ5OiBUaGUgRGFyayBSYXZlciI=\n', '1 of them', ' Web Shell - file list.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(230, 'webshell_ironshell', 'JHM0ID0gInByaW50IFwiPGZvcm0gYWN0aW9uPVxcXCJcIi4kbWUuXCI/cD1jbWQmZGlyPVwiLnJlYWxwYXRoKCcuJykuXCIi\nJHM4ID0gInByaW50IFwiPHRkIGlkPWY+PGEgaHJlZj1cXFwiP3A9cmVuYW1lJmZpbGU9XCIucmVhbHBhdGgoJGZpbGUpLlwiJmRpIg==\n', 'all of them', ' Web Shell - file ironshell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(231, 'webshell_caidao_shell_404', 'JHMwID0gIjw/cGhwICRLPXNUcl9SZXBMYUNlKCdgJywnJywnYWBzYHNgZWByYHQnKTskTT0kX1BPU1RbaWNlXTtJRigkTT09TnVMbClIZWFEZVIoJ1N0Ig==\n', 'all of them', ' Web Shell - file 404.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(233, 'webshell_jsp_web', 'JHMwID0gIjwlQHBhZ2UgaW1wb3J0PVwiamF2YS5pby4qXCIlPjwlQHBhZ2UgaW1wb3J0PVwiamF2YS5uZXQuKlwiJT48JVN0cmluZyB0PXJlcXVlc3QuIg==\n', 'all of them', ' Web Shell - file web.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(234, 'webshell_mysqlwebsh', 'JHMzID0gIiA8VFI+PFREIGJnY29sb3I9XCI8PyBlY2hvICghJENPTk5FQ1QgJiYgJGFjdGlvbiA9PSBcImNocGFyYW1cIik/XCIjNjYwMDAwXCI6XCIjIg==\n', 'all of them', ' Web Shell - file mysqlwebsh.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(235, 'webshell_jspShell', 'JHMwID0gIjxpbnB1dCB0eXBlPVwiY2hlY2tib3hcIiBuYW1lPVwiYXV0b1VwZGF0ZVwiIHZhbHVlPVwiQXV0b1VwZGF0ZVwiIG9uIg==\nJHMxID0gIm9uYmx1cj1cImRvY3VtZW50LnNoZWxsLmF1dG9VcGRhdGUuY2hlY2tlZD0gdGhpcy5vbGRWYWx1ZTsi\n', 'all of them', ' Web Shell - file jspShell.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(236, 'webshell_Dx_Dx', 'JHMxID0gInByaW50IFwiXFxuXCIuJ1RpcDogdG8gdmlldyB0aGUgZmlsZSBcImFzIGlzXCIgLSBvcGVuIHRoZSBwYWdlIGluIDxhIGhyZWY9XCInLkR4Ig==\nJHM5ID0gImNsYXNzPWxpbmVsaXN0aW5nPjxub2JyPlBPU1QgKHBocCBldmFsKTwvdGQ+PCI=\n', '1 of them', ' Web Shell - file Dx.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(238, 'webshell_MySQL_Web_Interface_Version_0_8', 'JHMyID0gImhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZHVtcFRhYmxlJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJz5EdW1wPC9hPiI=\n', 'all of them', ' Web Shell - file MySQL Web Interface Version 0.8.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(239, 'webshell_elmaliseker_2', 'JHMxID0gIjx0ZDwlaWYgKEZTTy5HZXRFeHRlbnNpb25OYW1lKHBhdGggJiBcIlxcXCIgJiBvRmlsZS5OYW1lKT1cImxua1wiKSBvciAoRlNPLkdldEV4Ig==\nJHM2ID0gIjxpbnB1dCB0eXBlPWJ1dHRvbiB2YWx1ZT1TYXZlIG9uY2xpY2s9XCJFZGl0b3JDb21tYW5kKCdTYXZlJylcIj4gPGlucHV0IHR5cGU9YnV0Ig==\n', 'all of them', ' Web Shell - file elmaliseker.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(241, 'webshell_jsp_list1', 'JHMxID0gImNhc2UgJ3MnOkNvbm5lY3Rpb25EQk0ob3V0LGVuY29kZUNoYW5nZShyZXF1ZXN0LmdldFBhcmFtZXRlcihcImRyaXZlIg==\nJHM5ID0gInJldHVybiBcIjxhIGhyZWY9XFxcImphdmFzY3JpcHQ6ZGVsRmlsZSgnXCIrZm9sZGVyUmVwbGFjZShmaWxlKStcIicpXFxcIiI=\n', 'all of them', ' Web Shell - file list1.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(242, 'webshell_phpkit_1_0_odd', 'JHMwID0gImluY2x1ZGUoJ3BocDovL2lucHV0Jyk7Ig==\nJHMxID0gIi8vIE5vIGV2YWwoKSBjYWxscywgbm8gc3lzdGVtKCkgY2FsbHMsIG5vdGhpbmcgbm9ybWFsbHkgc2VlbiBhcyBtYWxpY2lvdXMuIg==\nJHMyID0gImluaV9zZXQoJ2FsbG93X3VybF9pbmNsdWRlLCAxJyk7IC8vIEFsbG93IHVybCBpbmNsdXNpb24gaW4gdGhpcyBzY3JpcHQi\n', 'all of them', ' Web Shell - file odd.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(243, 'webshell_jsp_123', 'JHMwID0gIjxmb250IGNvbG9yPVwiYmx1ZVwiPj8/Pz8/Pz8/Pz8/Pz8/Pz8/Pzo8L2ZvbnQ+PGlucHV0IHR5cGU9XCJ0ZXh0XCIgc2l6ZT1cIjci\nJHMzID0gIlN0cmluZyBwYXRoPW5ldyBTdHJpbmcocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJwYXRoXCIpLmdldEJ5dGVzKFwiSVNPLTg4NTktMVwiIg==\nJHM5ID0gIjxpbnB1dCB0eXBlPVwic3VibWl0XCIgbmFtZT1cImJ0blN1Ym1pdFwiIHZhbHVlPVwiVXBsb2FkXCI+ICAgICI=\n', 'all of them', ' Web Shell - file 123.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(246, 'webshell_cmd_win32', 'JHMwID0gIlByb2Nlc3MgcCA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMoXCJjbWQuZXhlIC9jIFwiICsgcmVxdWVzdC5nZXRQYXJhbSI=\nJHMxID0gIjxGT1JNIE1FVEhPRD1cIlBPU1RcIiBOQU1FPVwibXlmb3JtXCIgQUNUSU9OPVwiXCI+Ig==\n', '2 of them', ' Web Shell - file cmd_win32.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(247, 'webshell_jsp_jshell', 'JHMwID0gImtYcGVXW1wiIg==\nJHM0ID0gIls3YjpnMFdAVzwi\nJHM1ID0gImI6Z0hyLGc8Ig==\nJHM4ID0gIlJoVjBXQFc8Ig==\nJHM5ID0gIlNfTVIodTdiIg==\n', 'all of them', ' Web Shell - file jshell.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(249, 'webshell_wsb_idc', 'JHMxID0gImlmIChtZDUoJF9HRVRbJ3VzciddKT09JHVzZXIgJiYgbWQ1KCRfR0VUWydwYXNzJ10pPT0kcGFzcyki\nJHMzID0gIntldmFsKCRfR0VUWydpZGMnXSk7fSI=\n', '1 of them', ' Web Shell - file idc.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(250, 'webshell_cpg_143_incl_xpl', 'JHMzID0gIiRkYXRhPVwidXNlcm5hbWU9XCIudXJsZW5jb2RlKCRVU0VSKS5cIiZwYXNzd29yZD1cIi51cmxlbmNvZGUoJFBBIg==\nJHM1ID0gImZwdXRzKCRzdW5fdHp1LFwiPD9waHAgZWNobyBcXFwiSGkgTWFzdGVyIVxcXCI7aW5pX3NldChcXFwibWF4X2V4ZWN1dGlvbl90aW1lIg==\n', '1 of them', ' Web Shell - file cpg_143_incl_xpl.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(252, 'webshell_php_404', 'JHMwID0gIiRwYXNzID0gbWQ1KG1kNShtZDUoJHBhc3MpKSk7Ig==\n', 'all of them', ' Web Shell - file 404.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(253, 'webshell_webshell_cnseay_x', 'JHM5ID0gIiRfRl9GLj0nXycuJF9QX1BbNV0uJF9QX1BbMjBdLiRfUF9QWzEzXS4kX1BfUFsyXS4kX1BfUFsxOV0uJF9QX1BbOF0uJF9QXyI=\n', 'all of them', ' Web Shell - file webshell-cnseay-x.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(255, 'webshell_phpkit_0_1a_odd', 'JHMxID0gImluY2x1ZGUoJ3BocDovL2lucHV0Jyk7Ig==\nJHMzID0gImluaV9zZXQoJ2FsbG93X3VybF9pbmNsdWRlLCAxJyk7IC8vIEFsbG93IHVybCBpbmNsdXNpb24gaW4gdGhpcyBzY3JpcHQi\nJHM0ID0gIi8vIHVzZXMgaW5jbHVkZSgncGhwOi8vaW5wdXQnKSB0byBleGVjdXRlIGFyYnJpdGFyeSBjb2RlIg==\nJHM1ID0gIi8vIHBocDovL2lucHV0IGJhc2VkIGJhY2tkb29yIg==\n', '2 of them', ' Web Shell - file odd.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(257, 'webshell_PHP_Shell_x3', 'JHM0ID0gIiZuYnNwOyZuYnNwOzw/cGhwIGVjaG8gYnVpbGRVcmwoXCI8Zm9udCBjb2xvcj1cXFwibmF2eVxcXCI+WyI=\nJHM2ID0gImVjaG8gXCI8L2Zvcm0+PGZvcm0gYWN0aW9uPVxcXCIkU0ZpbGVOYW1lPyR1cmxBZGRcXFwiIG1ldGhvZD1cXFwicG9zdFxcXCI+PGlucHV0Ig==\nJHM5ID0gImlmICAoICggKGlzc2V0KCRodHRwX2F1dGhfdXNlcikgKSAmJiAoaXNzZXQoJGh0dHBfYXV0aF9wYXNzKSkgKSAmJiAoICFpc3NldCgi\n', '2 of them', ' Web Shell - file PHP Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(258, 'webshell_PHP_g00nv13', 'JHMxID0gImNhc2UgXCJ6aXBcIjogY2FzZSBcInRhclwiOiBjYXNlIFwicmFyXCI6IGNhc2UgXCJnelwiOiBjYXNlIFwiY2FiXCI6IGNhcyI=\nJHM0ID0gImlmKCEoJHNxbGNvbiA9IEBteXNxbF9jb25uZWN0KCRfU0VTU0lPTlsnc3FsX2hvc3QnXSAuICc6JyAuICRfU0VTU0lPTlsnc3FsX3Ai\n', 'all of them', ' Web Shell - file g00nv13.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(259, 'webshell_php_h6ss', 'JHMwID0gIjw/cGhwIGV2YWwoZ3p1bmNvbXByZXNzKGJhc2U2NF9kZWNvZGUoXCIi\n', 'all of them', ' Web Shell - file h6ss.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(260, 'webshell_jsp_zx', 'JHMwID0gImlmKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwiZlwiKSE9bnVsbCkobmV3IGphdmEuaW8uRmlsZU91dHB1dFN0cmVhbShhcHBsaWNhdGlvbi5nIg==\n', 'all of them', ' Web Shell - file zx.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(261, 'webshell_Ani_Shell', 'JHMwID0gIiRQeXRob25fQ09ERSA9IFwiSSI=\nJHM2ID0gIiRwYXNzd29yZFByb21wdCA9IFwiXFxuPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PSI=\nJHM3ID0gImZwdXRzICgkc29ja2ZkICxcIlxcbj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ig==\n', '1 of them', ' Web Shell - file Ani-Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(262, 'webshell_jsp_k8cmd', 'JHMyID0gImlmKHJlcXVlc3QuZ2V0U2Vzc2lvbigpLmdldEF0dHJpYnV0ZShcImhlaGVcIikudG9TdHJpbmcoKS5lcXVhbHMoXCJoZWhlXCIpKSI=\n', 'all of them', ' Web Shell - file k8cmd.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(263, 'webshell_jsp_cmd', 'JHM2ID0gIm91dC5wcmludGxuKFwiQ29tbWFuZDogXCIgKyByZXF1ZXN0LmdldFBhcmFtZXRlcihcImNtZFwiKSArIFwiPEJSPlwiKTsi\n', 'all of them', ' Web Shell - file cmd.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(264, 'webshell_jsp_k81', 'JHMxID0gImJ5dGVbXSBiaW5hcnkgPSBCQVNFNjREZWNvZGVyLmNsYXNzLm5ld0luc3RhbmNlKCkuZGVjb2RlQnVmZmVyKGNtZCk7Ig==\nJHM5ID0gImlmKGNtZC5lcXVhbHMoXCJTemgwWldGdFwiKSl7b3V0LnByaW50KFwiW1NdXCIrZGlyK1wiW0VdXCIpO30i\n', '1 of them', ' Web Shell - file k81.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(266, 'webshell_Worse_Linux_Shell', 'JHMwID0gInN5c3RlbShcIm12IFwiLiRfRklMRVNbJ191cGwnXVsndG1wX25hbWUnXS5cIiBcIi4kY3VycmVudFdEIg==\n', 'all of them', ' Web Shell - file Worse Linux Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(267, 'webshell_zacosmall', 'JHMwID0gImlmKCRjbWQhPT0nJyl7IGVjaG8oJzxzdHJvbmc+Jy5odG1sc3BlY2lhbGNoYXJzKCRjbWQpLlwiPC9zdHJvbmc+PGhyPiI=\n', 'all of them', ' Web Shell - file zacosmall.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(268, 'webshell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit', 'JHMxID0gIjxvcHRpb24gdmFsdWU9XCJjYXQgL2V0Yy9wYXNzd2RcIj4vZXRjL3Bhc3N3ZDwvb3B0aW9uPiI=\n', 'all of them', ' Web Shell - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(269, 'webshell_redirect', 'JHM3ID0gInZhciBmbGFnID0gXCI/dHh0PVwiICsgKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKFwiZGxcIikuY2hlY2tlZCA/IFwiMlwiOlwiMVwiICI=\n', 'all of them', ' Web Shell - file redirect.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(270, 'webshell_jsp_cmdjsp', 'JHM1ID0gIjxGT1JNIE1FVEhPRD1HRVQgQUNUSU9OPSdjbWRqc3AuanNwJz4i\n', 'all of them', ' Web Shell - file cmdjsp.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(271, 'webshell_Java_Shell', 'JHM0ID0gInB1YmxpYyBKeXRob25TaGVsbChpbnQgY29sdW1ucywgaW50IHJvd3MsIGludCBzY3JvbGxiYWNrKSB7Ig==\nJHM5ID0gInRoaXMobnVsbCwgUHkuZ2V0U3lzdGVtU3RhdGUoKSwgY29sdW1ucywgcm93cywgc2Nyb2xsYmFjayk7Ig==\n', '1 of them', ' Web Shell - file Java Shell.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(273, 'webshell_jsp_IXRbE', 'JHMwID0gIjwlaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJmXCIpIT1udWxsKShuZXcgamF2YS5pby5GaWxlT3V0cHV0U3RyZWFtKGFwcGxpY2F0aW9uIg==\n', 'all of them', ' Web Shell - file IXRbE.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(274, 'webshell_PHP_G5', 'JHMzID0gImVjaG8gXCJIYWNraW5nIE1vZGU/PGJyPjxzZWxlY3QgbmFtZT0naHR5cGUnPjxvcHRpb24gPi0tLS0tLS0tU0VMRUNULS0tLS0tLS08L29wIg==\n', 'all of them', ' Web Shell - file G5.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(275, 'webshell_PHP_r57142', 'JHMwID0gIiRkb3dubG9hZGVycyA9IGFycmF5KCd3Z2V0JywnZmV0Y2gnLCdseW54JywnbGlua3MnLCdjdXJsJywnZ2V0JywnbHdwLW1pcnJvcicpOyI=\n', 'all of them', ' Web Shell - file r57142.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(276, 'webshell_jsp_tree', 'JHM1ID0gIiQoJyN0dDInKS50cmVlKCdvcHRpb25zJykudXJsID0gXCJzZWxlY3RDaGlsZC5hY3Rpb24/Y2hlY2tpIg==\nJHM2ID0gIlN0cmluZyBiYXNlUGF0aCA9IHJlcXVlc3QuZ2V0U2NoZW1lKCkrXCI6Ly9cIityZXF1ZXN0LmdldFNlcnZlck5hbWUoKStcIjpcIityZXF1Ig==\n', 'all of them', ' Web Shell - file tree.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(277, 'webshell_C99madShell_v_3_0_smowu', 'JHMyID0gIjx0cj48dGQgd2lkdGg9XCI1MCVcIiBoZWlnaHQ9XCIxXCIgdmFsaWduPVwidG9wXCI+PGNlbnRlcj48Yj46OiBFbnRlciA6OjwvYj48Zm9yIg==\nJHM4ID0gIjxwPjxmb250IGNvbG9yPXJlZD5Xb3JkcHJlc3MgTm90IEZvdW5kISA8aW5wdXQgdHlwZT10ZXh0IGlkPVwid3BfcGF0XCI+PGlucHV0IHR5Ig==\n', '1 of them', ' Web Shell - file smowu.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(278, 'webshell_simple_backdoor', 'JHMwID0gIiRjbWQgPSAoJF9SRVFVRVNUWydjbWQnXSk7Ig==\nJHMxID0gImlmKGlzc2V0KCRfUkVRVUVTVFsnY21kJ10pKXsi\nJHM0ID0gInN5c3RlbSgkY21kKTsi\n', '2 of them', ' Web Shell - file simple-backdoor.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(280, 'webshell_Antichat_Shell_v1_3_2', 'JHMzID0gIiRoZWFkZXI9JzxodG1sPjxoZWFkPjx0aXRsZT4nLmdldGVudihcIkhUVFBfSE9TVFwiKS4nIC0gQW50aWNoYXQgU2hlbGw8L3RpdGxlPjxtIg==\n', 'all of them', ' Web Shell - file Antichat Shell v1.3.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(281, 'webshell_Safe_mode_breaker', 'JHM1ID0gInByZWdfbWF0Y2goXCIvU0FGRVxcIE1PREVcXCBSZXN0cmljdGlvblxcIGluXFwgZWZmZWN0XFwuLip3aG9zZVxcIHVpZFxcIGlzKCI=\nJHM2ID0gIiRwYXRoID1cInskcm9vdH1cIi4oKHN1YnN0cigkcm9vdCwtMSkhPVwiL1wiKSA/IFwiL1wiIDogTlVMTCkuIg==\n', '1 of them', ' Web Shell - file Safe mode breaker.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(282, 'webshell_Sst_Sheller', 'JHMyID0gImVjaG8gXCI8YSBocmVmPSc/cGFnZT1maWxlbWFuYWdlciZpZD1mbSZmY2htb2Q9JGRpciRmaWxlJz4i\nJHMzID0gIjw/IHVubGluaygkZmlsZW5hbWUpOyB1bmxpbmsoJGZpbGVuYW1lMSk7IHVubGluaygkZmlsZW5hbWUyKTsgdW5saW5rKCRmaWxlbmFtZTMpIg==\n', 'all of them', ' Web Shell - file Sst-Sheller.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(283, 'webshell_jsp_list', 'JHMwID0gIjxGT1JNIE1FVEhPRD1cIlBPU1RcIiBOQU1FPVwibXlmb3JtXCIgQUNUSU9OPVwiXCI+Ig==\nJHMyID0gIm91dC5wcmludChcIikgPEEgU3R5bGU9J0NvbG9yOiBcIiArIGZjb2xvci50b1N0cmluZygpICsgXCI7JyBIUmVmPSc/ZmlsZT1cIiArIGZuIg==\nJHM3ID0gImlmKGZsaXN0W2ldLmNhblJlYWQoKSA9PSB0cnVlKSBvdXQucHJpbnQoXCJyXCIgKTsgZWxzZSBvdXQucHJpbnQoXCItXCIpOyI=\n', 'all of them', ' Web Shell - file list.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(284, 'webshell_PHPJackal_v1_5', 'JHM3ID0gImVjaG8gXCI8Y2VudGVyPiR7dH1NeVNRTCBjaWxlbnQ6PC90ZD48dGQgYmdjb2xvcj1cXFwiIzMzMzMzM1xcXCI+PC90ZD48L3RyPjxmb3JtIg==\nJHM4ID0gImVjaG8gXCI8Y2VudGVyPiR7dH1Xb3JkbGlzdCBnZW5lcmF0b3I6PC90ZD48dGQgYmdjb2xvcj1cXFwiIzMzMzMzM1xcXCI+PC90ZD48L3RyIg==\n', 'all of them', ' Web Shell - file PHPJackal v1.5.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(285, 'webshell_customize', 'JHM0ID0gIlN0cmluZyBjcyA9IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwiejBcIik9PW51bGw/XCJnYmtcIjogcmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJ6Ig==\n', 'all of them', ' Web Shell - file customize.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(286, 'webshell_s72_Shell_v1_1_Coding', 'JHM1ID0gIjxmb250IGZhY2U9XCJWZXJkYW5hXCIgc3R5bGU9XCJmb250LXNpemU6IDhwdFwiIGNvbG9yPVwiIzgwMDA4MFwiPkJ1cmFkYW4gRG9zeWEgIg==\n', 'all of them', ' Web Shell - file s72 Shell v1.1 Coding.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(287, 'webshell_jsp_sys3', 'JHMxID0gIjxpbnB1dCB0eXBlPVwic3VibWl0XCIgbmFtZT1cImJ0blN1Ym1pdFwiIHZhbHVlPVwiVXBsb2FkXCI+Ig==\nJHM0ID0gIlN0cmluZyBwYXRoPW5ldyBTdHJpbmcocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJwYXRoXCIpLmdldEJ5dGVzKFwiSVNPLTg4NTktMVwiIg==\nJHM5ID0gIjwlQHBhZ2UgY29udGVudFR5cGU9XCJ0ZXh0L2h0bWw7Y2hhcnNldD1nYjIzMTJcIiU+Ig==\n', 'all of them', ' Web Shell - file sys3.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(288, 'webshell_jsp_guige02', 'JHMwID0gIj8/Pz8/Pz8/Pz8/Pz8/Pz8lPjxodG1sPjxoZWFkPjx0aXRsZT5oYWhhaGFoYTwvdGl0bGU+PC9oZWFkPjxib2R5IGJnY29sb3I9XCIjZmZmIg==\nJHMxID0gIjwlQHBhZ2UgY29udGVudFR5cGU9XCJ0ZXh0L2h0bWw7IGNoYXJzZXQ9R0JLXCIgaW1wb3J0PVwiamF2YS5pby4qO1wiJT48JSFwcml2YXRlIg==\n', 'all of them', ' Web Shell - file guige02.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(289, 'webshell_php_ghost', 'JHMxID0gIjw/cGhwICRPT08wMDAwMDA9dXJsZGVjb2RlKCclNjElNjglMzYlNzMlNjIlNjUlNjglNzElNmMlNjElMzQlNjMlNmYlNWYlNzMlNjElNjQnIg==\nJHM2ID0gIi8vPGltZyB3aWR0aD0xIGhlaWdodD0xIHNyYz1cImh0dHA6Ly93ZWJzYWZlLmZhY2Fpb2suY29tL2p1c3Q3ei9zeC5hc3A/dT0qKiouKioqIg==\nJHM3ID0gInByZWdfcmVwbGFjZSgnXFwnYVxcJ2VpcycsJ2UnLid2Jy4nYScuJ2wnLicoS21VKFwiIg==\n', 'all of them', ' Web Shell - file ghost.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(290, 'webshell_WinX_Shell', 'JHM1ID0gInByaW50IFwiPGZvbnQgZmFjZT1cXFwiVmVyZGFuYVxcXCIgc2l6ZT1cXFwiMVxcXCIgY29sb3I9XFxcIiM5OTAwMDBcXFwiPkZpbGVuYW0i\nJHM4ID0gInByaW50IFwiPGZvbnQgZmFjZT1cXFwiVmVyZGFuYVxcXCIgc2l6ZT1cXFwiMVxcXCIgY29sb3I9XFxcIiM5OTAwMDBcXFwiPkZpbGU6IDwvIg==\n', 'all of them', ' Web Shell - file WinX Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(291, 'webshell_Crystal_Crystal', 'JHMxID0gInNob3cgb3BlbmVkIHBvcnRzPC9vcHRpb24+PC9zZWxlY3Q+PGlucHV0IHR5cGU9XCJoaWRkZW5cIiBuYW1lPVwiY21kX3R4dFwiIHZhbHVlIg==\nJHM2ID0gIlwiIGhyZWY9XCI/YWN0PXRvb2xzXCI+PGZvbnQgY29sb3I9I0NDMDAwMCBzaXplPVwiM1wiPlRvb2xzPC9mb250PjwvYT48L3NwYW4+PC9mIg==\n', 'all of them', ' Web Shell - file Crystal.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(292, 'webshell_r57_1_4_0', 'JHM0ID0gIkBpbmlfc2V0KCdlcnJvcl9sb2cnLE5VTEwpOyI=\nJHM2ID0gIiRwYXNzPSdhYmNkZWYxMjM0NTY3ODkwYWJjZGVmMTIzNDU2Nzg5MCc7Ig==\nJHM3ID0gIkBpbmlfcmVzdG9yZShcImRpc2FibGVfZnVuY3Rpb25zXCIpOyI=\nJHM5ID0gIkBpbmlfcmVzdG9yZShcInNhZmVfbW9kZV9leGVjX2RpclwiKTsi\n', 'all of them', ' Web Shell - file r57.1.4.0.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(293, 'webshell_jsp_hsxa1', 'JHMwID0gIjwlQCBwYWdlIGxhbmd1YWdlPVwiamF2YVwiIHBhZ2VFbmNvZGluZz1cImdia1wiJT48anNwOmRpcmVjdGl2ZS5wYWdlIGltcG9ydD1cImphIg==\n', 'all of them', ' Web Shell - file hsxa1.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(295, 'webshell_php_cmd', 'JHMwID0gImlmKCRfR0VUWydjbWQnXSkgeyI=\nJHMxID0gIi8vIGNtZC5waHAgPSBDb21tYW5kIEV4ZWN1dGlvbiI=\nJHM3ID0gIiAgc3lzdGVtKCRfR0VUWydjbWQnXSk7Ig==\n', 'all of them', ' Web Shell - file cmd.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(297, 'webshell_PHP_co', 'JHMwID0gImNHWDZSOXE3MzNXdlJSaklTS0hPcDluZVQ3d2E2WkFEOHV0aG1WSlYi\nJHMxMSA9ICI2TWszNmx6L0hPa0Zmb1hYODdNcFBoWnpCUUg2T2FZdWtOZzFPRTFqIg==\n', 'all of them', ' Web Shell - file co.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(298, 'webshell_PHP_150', 'JHMwID0gIkhKM0hqcXhjbGtaZnAi\nJHMxID0gIjw/IGV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJyI=\n', 'all of them', ' Web Shell - file 150.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(299, 'webshell_jsp_cmdjsp_2', 'JHMwID0gIlByb2Nlc3MgcCA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMoXCJjbWQuZXhlIC9DIFwiICsgY21kKTsi\nJHM0ID0gIjxGT1JNIE1FVEhPRD1HRVQgQUNUSU9OPSdjbWRqc3AuanNwJz4i\n', 'all of them', ' Web Shell - file cmdjsp.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(300, 'webshell_PHP_c37', 'JHMzID0gImFycmF5KCdjcHAnLCdjeHgnLCdoeHgnLCdocHAnLCdjYycsJ2p4eCcsJ2MrKycsJ3ZjcHJvaicpLCI=\nJHM5ID0gIisrJEY7ICRGaWxlID0gdXJsZW5jb2RlKCRkaXJbJGRpckZJTEVdKTsgJGVYVCA9ICcuOic7IGlmIChzdHJwb3MoJGRpclskZGlyRklMRV0sIg==\n', 'all of them', ' Web Shell - file c37.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(301, 'webshell_PHP_b37', 'JHMwID0gInhtZzIvRzRNWjdLcE52ZVJhTGdPSnZCY3FhMkE4L3NLV3A5VzkzTkxYcFRUVWdSYyI=\n', 'all of them', ' Web Shell - file b37.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(302, 'webshell_php_backdoor', 'JHMxID0gImlmKCFtb3ZlX3VwbG9hZGVkX2ZpbGUoJEhUVFBfUE9TVF9GSUxFU1snZmlsZV9uYW1lJ11bJ3RtcF9uYW1lJ10sICRkaXIuJGZuYW1lKSki\nJHMyID0gIjxwcmU+PGZvcm0gYWN0aW9uPVwiPD8gZWNobyAkUEhQX1NFTEY7ID8+XCIgTUVUSE9EPUdFVCA+ZXhlY3V0ZSBjb21tYW5kOiA8aW5wdXQgIg==\n', 'all of them', ' Web Shell - file php-backdoor.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(304, 'webshell_php_2', 'JHMwID0gIjw/cGhwIGFzc2VydCgkX1JFUVVFU1RbXCJjXCJdKTs/PiAi\n', 'all of them', ' Web Shell - file 2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(306, 'webshell_spjspshell', 'JHM3ID0gIlVuaXg6L2Jpbi9zaCAtYyB0YXIgdnhmIHh4eC50YXIgV2luZG93czpjOlxcd2lubnRcXHN5c3RlbTMyXFxjbWQuZXhlIC9jIHR5cGUgYzoi\n', 'all of them', ' Web Shell - file spjspshell.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(307, 'webshell_jsp_action', 'JHMxID0gIlN0cmluZyB1cmw9XCJqZGJjOm9yYWNsZTp0aGluOkBsb2NhbGhvc3Q6MTUyMTpvcmNsXCI7Ig==\nJHM2ID0gIjwlQCBwYWdlIGNvbnRlbnRUeXBlPVwidGV4dC9odG1sO2NoYXJzZXQ9Z2IyMzEyXCIlPiI=\n', 'all of them', ' Web Shell - file action.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(308, 'webshell_Inderxer', 'JHM0ID0gIjx0ZD5OZXJleWUgOjx0ZD48aW5wdXQgdHlwZT1cInRleHRcIiBuYW1lPVwibmVyZXllXCIgc2l6ZT0yNT48L3RkPjx0ZD48aW5wdXQgdHlwIg==\n', 'all of them', ' Web Shell - file Inderxer.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(310, 'webshell_c99_madnet_smowu', 'JHMwID0gIi8vQXV0aGVudGljYXRpb24i\nJHMxID0gIiRsb2dpbiA9IFwiIg==\nJHMyID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJyI=\nJHM0ID0gIi8vUGFzcyI=\nJHM1ID0gIiRtZDVfcGFzcyA9IFwiIg==\nJHM2ID0gIi8vSWYgbm8gcGFzcyB0aGVuIGhhc2gi\n', 'all of them', ' Web Shell - file smowu.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(311, 'webshell_php_moon', 'JHMyID0gImVjaG8gJzxvcHRpb24gdmFsdWU9XCJjcmVhdGUgZnVuY3Rpb24gYmFja3NoZWxsIHJldHVybnMgc3RyaW5nIHNvbmFtZSI=\nJHMzID0gImVjaG8gICAgICBcIjxpbnB1dCBuYW1lPSdwJyB0eXBlPSd0ZXh0JyBzaXplPScyNycgdmFsdWU9J1wiLmRpcm5hbWUoX0ZJTEVfKS5cIiI=\nJHM4ID0gImVjaG8gJzxvcHRpb24gdmFsdWU9XCJzZWxlY3QgY21kc2hlbGwoXFwnbmV0IHVzZXIgIg==\n', '2 of them', ' Web Shell - file moon.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(312, 'webshell_jsp_jdbc', 'JHM0ID0gIlN0cmluZyBjcyA9IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwiejBcIik9PW51bGw/XCJnYmtcIjogcmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJ6Ig==\n', 'all of them', ' Web Shell - file jdbc.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(313, 'webshell_minupload', 'JHMwID0gIjxpbnB1dCB0eXBlPVwic3VibWl0XCIgbmFtZT1cImJ0blN1Ym1pdFwiIHZhbHVlPVwiVXBsb2FkXCI+ICAgIg==\nJHM5ID0gIlN0cmluZyBwYXRoPW5ldyBTdHJpbmcocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJwYXRoXCIpLmdldEJ5dGVzKFwiSVNPLTg4NTki\n', 'all of them', ' Web Shell - file minupload.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(314, 'webshell_ELMALISEKER_Backd00r', 'JHMwID0gInJlc3BvbnNlLndyaXRlKFwiPHRyPjx0ZCBiZ2NvbG9yPSNGOEY4RkY+PGlucHV0IHR5cGU9c3VibWl0IG5hbWU9Y21kdHh0RmlsZU9wdGlvIg==\nJHMyID0gImlmIEZQID0gXCJSZWZyZXNoRm9sZGVyXCIgb3IgcmVxdWVzdC5mb3JtKFwiY21kT3B0aW9uXCIpPVwiRGVsZXRlRm9sZGVyXCIgb3IgcmVxIg==\n', 'all of them', ' Web Shell - file ELMALISEKER Backd00r.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(315, 'webshell_PHP_bug_1_', 'JHMwID0gIkBpbmNsdWRlKCRfR0VUWydidWcnXSk7Ig==\n', 'all of them', ' Web Shell - file bug (1).php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(316, 'webshell_caidao_shell_hkmjj', 'JHM2ID0gImNvZGVkcz1cIkxpI3VodHhodncrJXt7JSwjQCV7JSN3a2hxI2h5ZG8jdWh0eGh2dysla25wbW0lLCNocWcjbGlcIiAgIg==\n', 'all of them', ' Web Shell - file hkmjj.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(317, 'webshell_jsp_asd', 'JHMzID0gIjwlQCBwYWdlIGxhbmd1YWdlPVwiamF2YVwiIHBhZ2VFbmNvZGluZz1cImdia1wiJT4i\nJHM2ID0gIjxpbnB1dCBzaXplPVwiMTAwXCIgdmFsdWU9XCI8JT1hcHBsaWNhdGlvbi5nZXRSZWFsUGF0aChcIi9cIikgJT5cIiBuYW1lPVwidXJsIg==\n', 'all of them', ' Web Shell - file asd.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(318, 'webshell_jsp_inback3', 'JHMwID0gIjwlaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJmXCIpIT1udWxsKShuZXcgamF2YS5pby5GaWxlT3V0cHV0U3RyZWFtKGFwcGxpY2F0aW9uIg==\n', 'all of them', ' Web Shell - file inback3.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(319, 'webshell_metaslsoft', 'JHM3ID0gIiRidWZmIC49IFwiPHRyPjx0ZD48YSBocmVmPVxcXCI/ZD1cIi4kcHdkLlwiXFxcIj5bICRmb2xkZXIgXTwvYT48L3RkPjx0ZD5MSU5LPC90Ig==\n', 'all of them', ' Web Shell - file metaslsoft.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(321, 'webshell_config_myxx_zend', 'JHMzID0gIi5wcmludGxuKFwiPGEgaHJlZj1cXFwiamF2YXNjcmlwdDphbGVydCgnWW91IEFyZSBJbiBGaWxlIE5vdyAhIENhbiBOb3QgUGFjayAhJyk7Ig==\n', 'all of them', ' Web Shell - from files config.jsp, myxx.jsp, zend.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(322, 'webshell_browser_201_3_ma_download', 'JHMyID0gIjxzbWFsbD5qc3AgRmlsZSBCcm93c2VyIHZlcnNpb24gPCU9IFZFUlNJT05fTlIlPiBieSA8YSI=\nJHMzID0gImVsc2UgaWYgKGZOYW1lLmVuZHNXaXRoKFwiLm1wZ1wiKSB8fCBmTmFtZS5lbmRzV2l0aChcIi5tcGVnXCIpIHx8IGZOYW1lLmVuZHNXaXRoIg==\n', 'all of them', ' Web Shell - from files browser.jsp, 201.jsp, 3.jsp, ma.jsp, download.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(323, 'webshell_itsec_itsecteam_shell_jHn', 'JHM0ID0gImVjaG8gJGhlYWQuXCI8Zm9udCBmYWNlPSdUYWhvbWEnIHNpemU9JzInPk9wZXJhdGluZyBTeXN0ZW0gOiBcIi5waHBfdW5hbWUoKS5cIjxiIg==\nJHM1ID0gImVjaG8gXCI8Y2VudGVyPjxmb3JtIG5hbWU9Y2xpZW50IG1ldGhvZD0nUE9TVCcgYWN0aW9uPSckX1NFUlZFUltQSFBfU0VMRl0/ZG89ZGInIg==\n', 'all of them', ' Web Shell - from files itsec.php, itsecteam_shell.php, jHn.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(324, 'webshell_ghost_source_icesword_silic', 'JHMzID0gImlmKGVyZWdpKCdXSEVSRXxMSU1JVCcsJF9QT1NUWyduc3FsJ10pICYmIGVyZWdpKCdTRUxFQ1R8RlJPTScsJF9QT1NUWyduc3FsJ10pKSAkIg==\nJHM2ID0gImlmKCFlbXB0eSgkX0ZJTEVTWyd1ZnAnXVsnbmFtZSddKSl7aWYoJF9QT1NUWyd1Zm4nXSAhPSAnJykgJHVwZmlsZW5hbWUgPSAkX1BPU1RbIg==\n', 'all of them', ' Web Shell - from files ghost_source.php, icesword.php, silic.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(325, 'webshell_JspSpy_JspSpyJDK5_JspSpyJDK51_luci_jsp_spy2009_m_ma3_xxx', 'JHM4ID0gIlwiPGZvcm0gYWN0aW9uPVxcXCJcIitTSEVMTF9OQU1FK1wiP289dXBsb2FkXFxcIiBtZXRob2Q9XFxcIlBPU1RcXFwiIGVuY3R5cGU9Ig==\nJHM5ID0gIjxvcHRpb24gdmFsdWU9J3JlZyBxdWVyeSBcXFwiSEtMTVxcXFxTeXN0ZW1cXFxcQ3VycmVudENvbnRyb2xTZXRcXFxcQ29udHJvbFxcXFxUIg==\n', 'all of them', ' Web Shell - from files 000.jsp, 403.jsp, 807.jsp, a.jsp, c5.jsp, css.jsp, dm.jsp, he1p.jsp, JspSpy.jsp, JspSpyJDK5.jsp, JspSpyJDK51.jsp, luci.jsp.spy2009.jsp, m.jsp, ma3.jsp, mmym520.jsp, nogfw.jsp, ok.jsp, queryDong.jsp, spyjsp2010.jsp, style.jsp, t00ls.jsp, u.jsp, xia.jsp, cofigrue.jsp, 1.jsp, jspspy.jsp, jspspy_k8.jsp, JspSpy.jsp, JspSpyJDK5.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(326, 'webshell_2_520_job_ma1_ma4_2', 'JHM0ID0gIl91cmwgPSBcImpkYmM6bWljcm9zb2Z0OnNxbHNlcnZlcjovL1wiICsgZGJTZXJ2ZXIgKyBcIjpcIiArIGRiUG9ydCArIFwiO1VzZXI9XCIgIg==\nJHM5ID0gInJlc3VsdCArPSBcIjxtZXRhIGh0dHAtZXF1aXY9XFxcInJlZnJlc2hcXFwiIGNvbnRlbnQ9XFxcIjI7dXJsPVwiICsgcmVxdWVzdC5nZXRSIg==\n', 'all of them', ' Web Shell - from files 2.jsp, 520.jsp, job.jsp, ma1.jsp, ma4.jsp, 2.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(327, 'webshell_000_403_807_a_c5_config_css_dm_he1p_JspSpy_JspSpyJDK5_JspSpyJDK51_luci_jsp_xxx', 'JHMwID0gInBvcnRzID0gXCIyMSwyNSw4MCwxMTAsMTQzMywxNzIzLDMzMDYsMzM4OSw0ODk5LDU2MzEsNDM5NTgsNjU1MDBcIjsi\nJHMxID0gInByaXZhdGUgc3RhdGljIGNsYXNzIFZFZGl0UHJvcGVydHlJbnZva2VyIGV4dGVuZHMgRGVmYXVsdEludm9rZXIgeyI=\n', 'all of them', ' Web Shell - from files 000.jsp, 403.jsp, 807.jsp, a.jsp, c5.jsp, config.jsp, css.jsp, dm.jsp, he1p.jsp, JspSpy.jsp, JspSpyJDK5.jsp, JspSpyJDK51.jsp, luci.jsp.spy2009.jsp, m.jsp, ma3.jsp, mmym520.jsp, myxx.jsp, nogfw.jsp, ok.jsp, queryDong.jsp, spyjsp2010.jsp, style.jsp, t00ls.jsp, u.jsp, xia.jsp, zend.jsp, cofigrue.jsp, 1.jsp, jspspy.jsp, jspspy_k8.jsp, JspSpy.jsp, JspSpyJDK5.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(328, 'webshell_wso2_5_1_wso2_5_wso2', 'JHM3ID0gIiRvcHRfY2hhcnNldHMgLj0gJzxvcHRpb24gdmFsdWU9XCInLiRpdGVtLidcIiAnLigkX1BPU1RbJ2NoYXJzZXQnXT09JGl0ZW0/J3NlbGVjIg==\nJHM4ID0gIi4nPC90ZD48dGQ+PGEgaHJlZj1cIiNcIiBvbmNsaWNrPVwiZyhcXCdGaWxlc1Rvb2xzXFwnLG51bGwsXFwnJy51cmxlbmNvZGUoJGZbJ25hIg==\n', 'all of them', ' Web Shell - from files wso2.5.1.php, wso2.5.php, wso2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(329, 'webshell_000_403_c5_queryDong_spyjsp2010_t00ls', 'JHM4ID0gInRhYmxlLmFwcGVuZChcIjx0ZCBub3dyYXA+IDxhIGhyZWY9XFxcIiNcXFwiIG9uY2xpY2s9XFxcInZpZXcoJ1wiK3RiTmFtZStcIicpIg==\nJHM5ID0gIlwiPHA+PGlucHV0IHR5cGU9XFxcImhpZGRlblxcXCIgbmFtZT1cXFwic2VsZWN0RGJcXFwiIHZhbHVlPVxcXCJcIitzZWxlY3REYitcIiI=\n', 'all of them', ' Web Shell - from files 000.jsp, 403.jsp, c5.jsp, queryDong.jsp, spyjsp2010.jsp, t00ls.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(330, 'webshell_404_data_suiyue', 'JHMzID0gIiBzYkNvcHkuYXBwZW5kKFwiPGlucHV0IHR5cGU9YnV0dG9uIG5hbWU9Z29iYWNrIHZhbHVlPScgXCIrc3RyQmFja1tsYW5ndWFnZU5vXSsi\n', 'all of them', ' Web Shell - from files 404.jsp, data.jsp, suiyue.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(331, 'webshell_r57shell_r57shell127_SnIpEr_SA_Shell_EgY_SpIdEr_ShElL_V2_r57_xxx', 'JHMyID0gImVjaG8gc3IoMTUsXCI8Yj5cIi4kbGFuZ1skbGFuZ3VhZ2UuJ190ZXh0NTgnXS4kYXJyb3cuXCI8L2I+XCIsaW4oJ3RleHQnLCdta19uYW1lIg==\nJHMzID0gImVjaG8gc3IoMTUsXCI8Yj5cIi4kbGFuZ1skbGFuZ3VhZ2UuJ190ZXh0MjEnXS4kYXJyb3cuXCI8L2I+XCIsaW4oJ2NoZWNrYm94JywnbmYxIg==\nJHM5ID0gImVjaG8gc3IoNDAsXCI8Yj5cIi4kbGFuZ1skbGFuZ3VhZ2UuJ190ZXh0MjYnXS4kYXJyb3cuXCI8L2I+XCIsXCI8c2VsZWN0IHNpemU9Ig==\n', 'all of them', ' Web Shell - from files r57shell.php, r57shell127.php, SnIpEr_SA Shell.php, EgY_SpIdEr ShElL V2.php, r57_iFX.php, r57_kartal.php, r57_Mohajer22.php, r57.php, r57.php, Backdoor.PHP.Agent.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(332, 'webshell_807_a_css_dm_he1p_JspSpy_xxx', 'JHMxID0gIlwiPGgyPlJlbW90ZSBDb250cm9sICZyYXF1bzs8L2gyPjxpbnB1dCBjbGFzcz1cXFwiYnRcXFwiIG9uY2xpY2s9XFxcInZhciI=\nJHMyID0gIlwiPHA+Q3VycmVudCBGaWxlIChpbXBvcnQgbmV3IGZpbGUgbmFtZSBhbmQgbmV3IGZpbGUpPGJyIC8+PGlucHV0IGNsYXNzPVxcXCJpbnB1Ig==\nJHMzID0gIlwiPHA+Q3VycmVudCBmaWxlIChmdWxscGF0aCk8YnIgLz48aW5wdXQgY2xhc3M9XFxcImlucHV0XFxcIiBuYW1lPVxcXCJmaWxlXFxcIiBpIg==\n', 'all of them', ' Web Shell - from files 807.jsp, a.jsp, css.jsp, dm.jsp, he1p.jsp, JspSpy.jsp, JspSpyJDK5.jsp, JspSpyJDK51.jsp, luci.jsp.spy2009.jsp, m.jsp, ma3.jsp, mmym520.jsp, nogfw.jsp, ok.jsp, style.jsp, u.jsp, xia.jsp, cofigrue.jsp, 1.jsp, jspspy.jsp, jspspy_k8.jsp, JspSpy.jsp, JspSpyJDK5.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(333, 'webshell_201_3_ma_download', 'JHMwID0gIjxpbnB1dCB0aXRsZT1cIlVwbG9hZCBzZWxlY3RlZCBmaWxlIHRvIHRoZSBjdXJyZW50IHdvcmtpbmcgZGlyZWN0b3J5XCIgdHlwZT1cIlN1Ig==\nJHM1ID0gIjxpbnB1dCB0aXRsZT1cIkxhdW5jaCBjb21tYW5kIGluIGN1cnJlbnQgZGlyZWN0b3J5XCIgdHlwZT1cIlN1Ym1pdFwiIGNsYXNzPVwiYnV0Ig==\nJHM2ID0gIjxpbnB1dCB0aXRsZT1cIkRlbGV0ZSBhbGwgc2VsZWN0ZWQgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIGluY2wuIHN1YmRpcnNcIiBjbGFzcz0i\n', 'all of them', ' Web Shell - from files 201.jsp, 3.jsp, ma.jsp, download.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(334, 'webshell_browser_201_3_400_in_JFolder_jfolder01_jsp_leo_ma_warn_webshell_nc_download', 'JHM0ID0gIlVwbEluZm8gaW5mbyA9IFVwbG9hZE1vbml0b3IuZ2V0SW5mbyhmaS5jbGllbnRGaWxlTmFtZSk7Ig==\nJHM1ID0gImxvbmcgdGltZSA9IChTeXN0ZW0uY3VycmVudFRpbWVNaWxsaXMoKSAtIHN0YXJ0dGltZSkgLyAxMDAwbDsi\n', 'all of them', ' Web Shell - from files browser.jsp, 201.jsp, 3.jsp, 400.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, ma.jsp, warn.jsp, webshell-nc.jsp, download.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(335, 'webshell_shell_phpspy_2006_arabicspy', 'JHMwID0gImVsc2VpZigoJHJlZ3dyaXRlKSBBTkQgIWVtcHR5KCRfUE9TVFsnd3JpdGVyZWduYW1lJ10pIEFORCAhZW1wdHkoJF9QT1NUWydyZWd0eXBlIg==\nJHM4ID0gImVjaG8gXCI8Zm9ybSBhY3Rpb249XFxcIj9hY3Rpb249c2hlbGwmZGlyPVwiLnVybGVuY29kZSgkZGlyKS5cIlxcXCIgbWV0aG9kPVxcXCJQIg==\n', 'all of them', ' Web Shell - from files shell.php, phpspy_2006.php, arabicspy.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(336, 'webshell_in_JFolder_jfolder01_jsp_leo_warn', 'JHM0ID0gInNiRmlsZS5hcHBlbmQoXCIgICZuYnNwOzxhIGhyZWY9XFxcImphdmFzY3JpcHQ6ZG9Gb3JtKCdkb3duJywnXCIrZm9ybWF0UGF0aChzdHJEIg==\nJHM5ID0gInNiRmlsZS5hcHBlbmQoXCIgJm5ic3A7PGEgaHJlZj1cXFwiamF2YXNjcmlwdDpkb0Zvcm0oJ2VkaXQnLCdcIitmb3JtYXRQYXRoKHN0ckRpIg==\n', 'all of them', ' Web Shell - from files in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, warn.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(337, 'webshell_2_520_icesword_job_ma1_ma4_2', 'JHMyID0gInByaXZhdGUgU3RyaW5nW10gX3RleHRGaWxlVHlwZXMgPSB7XCJ0eHRcIiwgXCJodG1cIiwgXCJodG1sXCIsIFwiYXNwXCIsIFwianNwXCIsIg==\nJHMzID0gIlxcXCIgbmFtZT1cXFwidXBGaWxlXFxcIiBzaXplPVxcXCI4XFxcIiBjbGFzcz1cXFwidGV4dGJveFxcXCIgLz4mbmJzcDs8aW5wdXQgdHlwIg==\nJHM5ID0gImlmIChyZXF1ZXN0LmdldFBhcmFtZXRlcihcInBhc3N3b3JkXCIpID09IG51bGwgJiYgc2Vzc2lvbi5nZXRBdHRyaWJ1dGUoXCJwYXNzd29yIg==\n', 'all of them', ' Web Shell - from files 2.jsp, 520.jsp, icesword.jsp, job.jsp, ma1.jsp, ma4.jsp, 2.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(338, 'webshell_phpspy_2005_full_phpspy_2005_lite_PHPSPY', 'JHM2ID0gIjxpbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCJjb21tYW5kXCIgc2l6ZT1cIjYwXCIgdmFsdWU9XCI8Pz0kX1BPU1RbJ2NvbW1hIg==\nJHM3ID0gImVjaG8gJG1zZz1AY29weSgkX0ZJTEVTWyd1cGxvYWRteWZpbGUnXVsndG1wX25hbWUnXSxcIlwiLiR1cGxvYWRkaXIuXCIvXCIuJF9GSUxFIg==\nJHM4ID0gIjxvcHRpb24gdmFsdWU9XCJwYXNzdGhydVwiIDw/IGlmICgkZXhlY2Z1bmM9PVwicGFzc3RocnVcIikgeyBlY2hvIFwic2VsZWN0ZWRcIjsgIg==\n', '2 of them', ' Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, PHPSPY.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(339, 'webshell_shell_phpspy_2006_arabicspy_hkrkoz', 'JHM1ID0gIiRwcm9nID0gaXNzZXQoJF9QT1NUWydwcm9nJ10pID8gJF9QT1NUWydwcm9nJ10gOiBcIi9jIG5ldCBzdGFydCA+IFwiLiRwYXRobmFtZS4i\n', 'all of them', ' Web Shell - from files shell.php, phpspy_2006.php, arabicspy.php, hkrkoz.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(340, 'webshell_c99_Shell_ci_Biz_was_here_c100_v_xxx', 'JHM4ID0gImVsc2Uge2VjaG8gXCJSdW5uaW5nIGRhdGFwaXBlLi4uIG9rISBDb25uZWN0IHRvIDxiPlwiLmdldGVudihcIlNFUlZFUl9BRERSXCIi\n', 'all of them', ' Web Shell - from files c99.php, Shell [ci] .Biz was here.php, c100 v. 777shell v. Undetectable #18a Modded by 777 - Don.php, c66.php, c99-shadows-mod.php, c99shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(341, 'webshell_2008_2009lite_2009mssql', 'JHMwID0gIjxhIGhyZWY9XCJqYXZhc2NyaXB0OmdvZGlyKFxcJycuJGRyaXZlLT5QYXRoLicvXFwnKTsi\nJHM3ID0gInAoJzxoMj5GaWxlIE1hbmFnZXIgLSBDdXJyZW50IGRpc2sgZnJlZSAnLnNpemVjb3VudCgkZnJlZSkuJyBvZiAnLnNpemVjb3VudCgkYWxsIg==\n', 'all of them', ' Web Shell - from files 2008.php, 2009lite.php, 2009mssql.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(342, 'webshell_shell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_arabicspy_PHPSPY_hkrkoz', 'JHMwID0gIiRtYWlucGF0aF9pbmZvICAgICAgICAgICA9IGV4cGxvZGUoJy8nLCAkbWFpbnBhdGgpOyI=\nJHM2ID0gImlmICghaXNzZXQoJF9HRVRbJ2FjdGlvbiddKSBPUiBlbXB0eSgkX0dFVFsnYWN0aW9uJ10pIE9SICgkX0dFVFsnYWN0aW9uJ10gPT0gXCJkIg==\n', 'all of them', ' Web Shell - from files shell.php, phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, arabicspy.php, PHPSPY.php, hkrkoz.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(343, 'webshell_807_dm_JspSpyJDK5_m_cofigrue', 'JHMxID0gInVybF9jb24uc2V0UmVxdWVzdFByb3BlcnR5KFwiUkVGRVJFUlwiLCBcIlwiK2Zja2FsK1wiXCIpOyI=\nJHM5ID0gIkZpbGVMb2NhbFVwbG9hZCh1YyhkeCgpKStzeG0scmVxdWVzdC5nZXRSZXF1ZXN0VVJMKCkudG9TdHJpbmcoKSwgIFwiR0JLXCIpOyI=\n', '1 of them', ' Web Shell - from files 807.jsp, dm.jsp, JspSpyJDK5.jsp, m.jsp, cofigrue.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(344, 'webshell_Dive_Shell_1_0_Emperor_Hacking_Team_xxx', 'JHMxID0gImlmICgoJGkgPSBhcnJheV9zZWFyY2goJF9SRVFVRVNUWydjb21tYW5kJ10sICRfU0VTU0lPTlsnaGlzdG9yeSddKSkgIT09IGZhbHMi\nJHM5ID0gImlmIChlcmVnKCdeW1s6Ymxhbms6XV0qY2RbWzpibGFuazpdXSokJywgJF9SRVFVRVNUWydjb21tYW5kJ10pKSB7Ig==\n', 'all of them', ' Web Shell - from files Dive Shell 1.0 - Emperor Hacking Team.php, phpshell.php, SimShell 1.0 - Simorgh Security MGZ.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(345, 'webshell_404_data_in_JFolder_jfolder01_xxx', 'JHM0ID0gIiZuYnNwOzxURVhUQVJFQSBOQU1FPVwiY3FxXCIgUk9XUz1cIjIwXCIgQ09MUz1cIjEwMCVcIj48JT1zYkNtZC50b1N0cmluZygpJT48L1RFIg==\n', 'all of them', ' Web Shell - from files 404.jsp, data.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, suiyue.jsp, warn.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(346, 'webshell_jsp_reverse_jsp_reverse_jspbd', 'JHMwID0gIm9zdyA9IG5ldyBCdWZmZXJlZFdyaXRlcihuZXcgT3V0cHV0U3RyZWFtV3JpdGVyKG9zKSk7Ig==\nJHM3ID0gInNvY2sgPSBuZXcgU29ja2V0KGlwQWRkcmVzcywgKG5ldyBJbnRlZ2VyKGlwUG9ydCkpLmludFZhbHVlKCkpOyI=\nJHM5ID0gImlzciA9IG5ldyBCdWZmZXJlZFJlYWRlcihuZXcgSW5wdXRTdHJlYW1SZWFkZXIoaXMpKTsi\n', 'all of them', ' Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(347, 'webshell_400_in_JFolder_jfolder01_jsp_leo_warn_webshell_nc', 'JHMwID0gInNiRm9sZGVyLmFwcGVuZChcIjx0cj48dGQgPiZuYnNwOzwvdGQ+PHRkPlwiKTsi\nJHMxID0gInJldHVybiBmaWxlc2l6ZSAvIGludERpdmlzb3IgKyBcIi5cIiArIHN0ckFmdGVyQ29tbWEgKyBcIiBcIiArIHN0clVuaXQ7Ig==\nJHM1ID0gIkZpbGVJbmZvIGZpID0gKEZpbGVJbmZvKSBodC5nZXQoXCJjcXFVcGxvYWRGaWxlXCIpOyI=\nJHM2ID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgbmFtZT1cImNtZFwiIHZhbHVlPVwiPCU9c3RyQ21kJT5cIj4i\n', '2 of them', ' Web Shell - from files 400.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, leo.jsp, warn.jsp, webshell-nc.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(348, 'webshell_2_520_job_JspWebshell_1_2_ma1_ma4_2', 'JHMxID0gIndoaWxlICgoblJldCA9IGluc1JlYWRlci5yZWFkKHRtcEJ1ZmZlciwgMCwgMTAyNCkpICE9IC0xKSB7Ig==\nJHM2ID0gInBhc3N3b3JkID0gKFN0cmluZylzZXNzaW9uLmdldEF0dHJpYnV0ZShcInBhc3N3b3JkXCIpOyI=\nJHM3ID0gImluc1JlYWRlciA9IG5ldyBJbnB1dFN0cmVhbVJlYWRlcihwcm9jLmdldElucHV0U3RyZWFtKCksIENoYXJzZXQuZm9yTmFtZShcIkdCMjMxIg==\n', '2 of them', ' Web Shell - from files 2.jsp, 520.jsp, job.jsp, JspWebshell 1.2.jsp, ma1.jsp, ma4.jsp, 2.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(349, 'webshell_shell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz', 'JHMwID0gIiR0YWJsZWR1bXAgLj0gXCInXCIubXlzcWxfZXNjYXBlX3N0cmluZygkcm93WyRmaWVsZGNvdW50ZXJdKS5cIidcIjsi\nJHM1ID0gIndoaWxlKGxpc3QoJGtuYW1lLCAkY29sdW1ucykgPSBAZWFjaCgkaW5kZXgpKSB7Ig==\nJHM2ID0gIiR0YWJsZWR1bXAgPSBcIkRST1AgVEFCTEUgSUYgRVhJU1RTICR0YWJsZTtcXG5cIjsi\nJHM5ID0gIiR0YWJsZWR1bXAgLj0gXCIgICBQUklNQVJZIEtFWSAoJGNvbG5hbWVzKVwiOyI=\nJGZuID0gImZpbGVuYW1lOiBiYWNrdXAi\n', '2 of ($s*) and not $fn', ' Web Shell - from files shell.php, 2008.php, 2009mssql.php, phpspy_2005_full.php, phpspy_2006.php, arabicspy.php, hkrkoz.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(350, 'webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx', 'JHMwID0gImtWeWNtOXlPaUFrSVZ4dUlpazdEUXBqYjI1dVpXTjBLRk5QUTB0RlZDd2dKSEJoWkdSeUtTQjhmQ0JrYVdVb0lrVnljbTl5T2lBa0lWeHVJIg==\nJHMxMSA9ICJBb2MzUnlkV04wSUhOdlkydGhaR1J5SUNvcElDWnphVzRzSUhOcGVtVnZaaWh6ZEhKMVkzUWdjMjlqYTJGa1pISXBLU2s4TUNrZ2V3MEtJQyI=\n', 'all of them', ' Web Shell - from files gfs_sh.php, r57shell.php, r57shell127.php, SnIpEr_SA Shell.php, EgY_SpIdEr ShElL V2.php, r57_iFX.php, r57_kartal.php, r57_Mohajer22.php, r57.php, r57.php, Backdoor.PHP.Agent.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(351, 'webshell_itsec_PHPJackal_itsecteam_shell_jHn', 'JHMwID0gIiRsaW5rPXBnX2Nvbm5lY3QoXCJob3N0PSRob3N0IGRibmFtZT0kZGIgdXNlcj0kdXNlciBwYXNzd29yZD0kcGFzc1wiKTsi\nJHM2ID0gIndoaWxlKCRkYXRhPW9jaWZldGNoaW50bygkc3RtLCRkYXRhLE9DSV9BU1NPQytPQ0lfUkVUVVJOX05VTExTKSkkcmVzLj1pbXBsb2RlKCd8Ig==\nJHM5ID0gIndoaWxlKCRkYXRhPXBnX2ZldGNoX3JvdygkcmVzdWx0KSkkcmVzLj1pbXBsb2RlKCd8LXwtfC18LXwtfCcsJGRhdGEpLid8K3wrfCt8K3wrIg==\n', '2 of them', ' Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(352, 'webshell_Shell_ci_Biz_was_here_c100_v_xxx', 'JHMyID0gImlmICgkZGF0YXswfSA9PSBcIlxceDk5XCIgYW5kICRkYXRhezF9ID09IFwiXFx4MDFcIikge3JldHVybiBcIkVycm9yOiBcIi4kc3RyaSI=\nJHMzID0gIjxPUFRJT04gVkFMVUU9XCJmaW5kIC9ldGMvIC10eXBlIGYgLXBlcm0gLW8rdyAyPiAvZGV2L251bGxcIiI=\nJHM0ID0gIjxPUFRJT04gVkFMVUU9XCJjYXQgL3Byb2MvdmVyc2lvbiAvcHJvYy9jcHVpbmZvXCI+Q1BVSU5GTyI=\nJHM3ID0gIjxPUFRJT04gVkFMVUU9XCJ3Z2V0IGh0dHA6Ly9mdHAucG93ZXJuZXQuY29tLnRyL3N1cGVybWFpbC9kZSI=\nJHM5ID0gIjxPUFRJT04gVkFMVUU9XCJjdXQgLWQ6IC1mMSwyLDMgL2V0Yy9wYXNzd2QgfCBncmVwIDo6XCI+VVNFUiI=\n', '2 of them', ' Web Shell - from files Shell [ci] .Biz was here.php, c100 v. 777shell v. Undetectable #18a Modded by 777 - Don.php, c99-shadows-mod.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(353, 'webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_xxx1', 'JHMxID0gIjx0ZD48aW5wdXQgc2l6ZT1cIjQ4XCIgdmFsdWU9XCIkZG9jci9cIiBuYW1lPVwicGF0aFwiIHR5cGU9XCJ0ZXh0XCI+PGlucHV0IHR5cGU9Ig==\nJHMyID0gIiR1cGxvYWRmaWxlID0gJF9QT1NUWydwYXRoJ10uJF9GSUxFU1snZmlsZSddWyduYW1lJ107Ig==\nJHM2ID0gImVsc2VpZiAoIWVtcHR5KCRfUE9TVFsnYWMnXSkpIHskYWMgPSAkX1BPU1RbJ2FjJ107fSI=\nJHM3ID0gImlmICgkX1BPU1RbJ3BhdGgnXT09XCJcIil7JHVwbG9hZGZpbGUgPSAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXTt9Ig==\n', '2 of them', ' Web Shell - from files NIX REMOTE WEB-SHELL.php, NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php, KAdot Universal Shell v0.1.6.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(354, 'webshell_c99_c99shell_c99_w4cking_Shell_xxx', 'JHMwID0gImVjaG8gXCI8Yj5IRVhEVU1QOjwvYj48bm9icj4i\nJHM0ID0gImlmICgkZmlsZXN0ZWFsdGgpIHskc3RhdCA9IHN0YXQoJGQuJGYpO30i\nJHM1ID0gIndoaWxlICgkcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCwgTVlTUUxfTlVNKSkgeyBlY2hvIFwiPHRyPjx0ZD5cIi4kciI=\nJHM2ID0gImlmICgobXlzcWxfY3JlYXRlX2RiICgkc3FsX25ld2RiKSkgYW5kICghZW1wdHkoJHNxbF9uZXdkYikpKSB7ZWNobyBcIkRCICI=\nJHM4ID0gImVjaG8gXCI8Y2VudGVyPjxiPlNlcnZlci1zdGF0dXMgdmFyaWFibGVzOjwvYj48YnI+PGJyPlwiOyI=\nJHM5ID0gImVjaG8gXCI8dGV4dGFyZWEgY29scz04MCByb3dzPTEwPlwiLmh0bWxzcGVjaWFsY2hhcnMoJGVuY29kZWQpLlwiPC90ZXh0YXJlYT4i\n', '2 of them', ' Web Shell - from files c99.php, c99shell.php, c99_w4cking.php, Shell [ci] .Biz was here.php, acid.php, c100 v. 777shell v. Undetectable #18a Modded by 777 - Don.php, c66.php, c99-shadows-mod.php, c99.php, c99shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(355, 'webshell_2008_2009mssql_phpspy_2005_full_phpspy_2006_arabicspy_hkrkoz', 'JHMwID0gIiR0aGlzIC0+IGFkZEZpbGUoJGNvbnRlbnQsICRmaWxlbmFtZSk7Ig==\nJHMzID0gImZ1bmN0aW9uIGFkZEZpbGUoJGRhdGEsICRuYW1lLCAkdGltZSA9IDApIHsi\nJHM4ID0gImZ1bmN0aW9uIHVuaXgyRG9zVGltZSgkdW5peHRpbWUgPSAwKSB7Ig==\nJHM5ID0gImZvcmVhY2goJGZpbGVsaXN0IGFzICRmaWxlbmFtZSl7Ig==\n', 'all of them', ' Web Shell - from files 2008.php, 2009mssql.php, phpspy_2005_full.php, phpspy_2006.php, arabicspy.php, hkrkoz.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(356, 'webshell_c99_c66_c99_shadows_mod_c99shell', 'JHMyID0gIiAgaWYgKHVubGluayhfRklMRV8pKSB7QG9iX2NsZWFuKCk7IGVjaG8gXCJUaGFua3MgZm9yIHVzaW5nIGM5OXNoZWxsIHYuXCIuJHNodiI=\nJHMzID0gIiAgXCJjOTlzaF9iYWNrY29ubi5wbFwiPT5hcnJheShcIlVzaW5nIFBFUkxcIixcInBlcmwgJXBhdGggJWhvc3QgJXBvcnRcIiksIg==\nJHM0ID0gIjxicj48VEFCTEUgc3R5bGU9XCJCT1JERVItQ09MTEFQU0U6IGNvbGxhcHNlXCIgY2VsbFNwYWNpbmc9MCBib3JkZXJDb2xvckRhcms9IzY2Ig==\nJHM3ID0gIiAgIGVsc2VpZiAoISRkYXRhID0gYzk5Z2V0c291cmNlKCRiaW5kW1wic3JjXCJdKSkge2VjaG8gXCJDYW4ndCBkb3dubG9hZCBzb3VyY2VzIg==\nJHM4ID0gIiAgXCJjOTlzaF9kYXRhcGlwZS5wbFwiPT5hcnJheShcIlVzaW5nIFBFUkxcIixcInBlcmwgJXBhdGggJWxvY2FscG9ydCAlcmVtb3RlaG9zIg==\nJHM5ID0gIiAgIGVsc2VpZiAoISRkYXRhID0gYzk5Z2V0c291cmNlKCRiY1tcInNyY1wiXSkpIHtlY2hvIFwiQ2FuJ3QgZG93bmxvYWQgc291cmNlcyEi\n', '2 of them', ' Web Shell - from files c99.php, c66.php, c99-shadows-mod.php, c99shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(357, 'webshell_he1p_JspSpy_nogfw_ok_style_1_JspSpy1', 'JHMwID0gIlwiXCIrZi5jYW5SZWFkKCkrXCIgLyBcIitmLmNhbldyaXRlKCkrXCIgLyBcIitmLmNhbkV4ZWN1dGUoKStcIjwvdGQ+XCIrIg==\nJHM0ID0gIm91dC5wcmludGxuKFwiPGgyPkZpbGUgTWFuYWdlciAtIEN1cnJlbnQgZGlzayAmcXVvdDtcIisoY3IuaW5kZXhPZihcIi9cIikgPT0gMD8i\nJHM3ID0gIlN0cmluZyBleGVjdXRlID0gZi5jYW5FeGVjdXRlKCkgPyBcImNoZWNrZWQ9XFxcImNoZWNrZWRcXFwiXCIgOiBcIlwiOyI=\nJHM4ID0gIlwiPHRkIG5vd3JhcD5cIitmLmNhblJlYWQoKStcIiAvIFwiK2YuY2FuV3JpdGUoKStcIiAvIFwiK2YuY2FuRXhlY3V0ZSgpK1wiPC90ZD4i\n', '2 of them', ' Web Shell - from files he1p.jsp, JspSpy.jsp, nogfw.jsp, ok.jsp, style.jsp, 1.jsp, JspSpy.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(358, 'webshell_000_403_c5_config_myxx_queryDong_spyjsp2010_zend', 'JHMwID0gInJldHVybiBuZXcgRG91YmxlKGZvcm1hdC5mb3JtYXQodmFsdWUpKS5kb3VibGVWYWx1ZSgpOyI=\nJHM1ID0gIkZpbGUgdGVtcEYgPSBuZXcgRmlsZShzYXZlUGF0aCk7Ig==\nJHM5ID0gImlmICh0ZW1wRi5pc0RpcmVjdG9yeSgpKSB7Ig==\n', '2 of them', ' Web Shell - from files 000.jsp, 403.jsp, c5.jsp, config.jsp, myxx.jsp, queryDong.jsp, spyjsp2010.jsp, zend.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(359, 'webshell_c99_c99shell_c99_c99shell', 'JHMyID0gIiRiaW5kcG9ydF9wYXNzID0gXCJjOTlcIjsi\nJHM1ID0gIiBlbHNlIHtlY2hvIFwiPGI+RXhlY3V0aW9uIFBIUC1jb2RlPC9iPlwiOyBpZiAoZW1wdHkoJGV2YWxfdHh0KSkgeyRldmFsX3R4dCA9IHRyIg==\n', '1 of them', ' Web Shell - from files c99.php, c99shell.php, c99.php, c99shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(360, 'webshell_r57shell127_r57_iFX_r57_kartal_r57_antichat', 'JHM2ID0gIiRyZXMgICA9IEBteXNxbF9xdWVyeShcIlNIT1cgQ1JFQVRFIFRBQkxFIGBcIi4kX1BPU1RbJ215c3FsX3RibCddLlwiYFwiLCAkZCI=\nJHM3ID0gIiRzcWwxIC49ICRyb3dbMV0uXCJcXHJcXG5cXHJcXG5cIjsi\nJHM4ID0gImlmKCFlbXB0eSgkX1BPU1RbJ2RpZiddKSYmJGZwKSB7IEBmcHV0cygkZnAsJHNxbDEuJHNxbDIpOyB9Ig==\nJHM5ID0gImZvcmVhY2goJHZhbHVlcyBhcyAkaz0+JHYpIHskdmFsdWVzWyRrXSA9IGFkZHNsYXNoZXMoJHYpO30i\n', '2 of them', ' Web Shell - from files r57shell127.php, r57_iFX.php, r57_kartal.php, r57.php, antichat.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(361, 'webshell_NIX_REMOTE_WEB_SHELL_nstview_xxx', 'JHMzID0gIkJPRFksIFRELCBUUiB7Ig==\nJHM1ID0gIiRkPXN0cl9yZXBsYWNlKFwiXFxcXFwiLFwiL1wiLCRkKTsi\nJHM2ID0gImlmICgkZmlsZT09XCIuXCIgfHwgJGZpbGU9PVwiLi5cIikgY29udGludWU7Ig==\n', '2 of them', ' Web Shell - from files NIX REMOTE WEB-SHELL.php, nstview.php, NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php, Cyber Shell (v 1.0).php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(362, 'webshell_000_403_807_a_c5_config_css_dm_he1p_xxx', 'JHMzID0gIlN0cmluZyBzYXZlUGF0aCA9IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwic2F2ZXBhdGhcIik7Ig==\nJHM0ID0gIlVSTCBkb3duVXJsID0gbmV3IFVSTChkb3duRmlsZVVybCk7Ig==\nJHM1ID0gImlmIChVdGlsLmlzRW1wdHkoZG93bkZpbGVVcmwpIHx8IFV0aWwuaXNFbXB0eShzYXZlUGF0aCkpIg==\nJHM2ID0gIlN0cmluZyBkb3duRmlsZVVybCA9IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKFwidXJsXCIpOyI=\nJHM3ID0gIkZpbGVJbnB1dFN0cmVhbSBmSW5wdXQgPSBuZXcgRmlsZUlucHV0U3RyZWFtKGYpOyI=\nJHM4ID0gIlVSTENvbm5lY3Rpb24gY29ubiA9IGRvd25Vcmwub3BlbkNvbm5lY3Rpb24oKTsi\nJHM5ID0gInNpcyA9IHJlcXVlc3QuZ2V0SW5wdXRTdHJlYW0oKTsi\n', '4 of them', ' Web Shell - from files 000.jsp, 403.jsp, 807.jsp, a.jsp, c5.jsp, config.jsp, css.jsp, dm.jsp, he1p.jsp, JspSpy.jsp, JspSpyJDK5.jsp, JspSpyJDK51.jsp, luci.jsp.spy2009.jsp, m.jsp, ma3.jsp, mmym520.jsp, myxx.jsp, nogfw.jsp, ok.jsp, queryDong.jsp, spyjsp2010.jsp, style.jsp, u.jsp, xia.jsp, zend.jsp, cofigrue.jsp, 1.jsp, jspspy.jsp, jspspy_k8.jsp, JspSpy.jsp, JspSpyJDK5.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(363, 'webshell_2_520_icesword_job_ma1', 'JHMxID0gIjxtZXRhIGh0dHAtZXF1aXY9XCJDb250ZW50LVR5cGVcIiBjb250ZW50PVwidGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMlwiPjwvaGVhZD4i\nJHMzID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgbmFtZT1cIl9FVkVOVFRBUkdFVFwiIHZhbHVlPVwiXCIgLz4i\nJHM4ID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgbmFtZT1cIl9FVkVOVEFSR1VNRU5UXCIgdmFsdWU9XCJcIiAvPiI=\n', '2 of them', ' Web Shell - from files 2.jsp, 520.jsp, icesword.jsp, job.jsp, ma1.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(364, 'webshell_404_data_in_JFolder_jfolder01_jsp_suiyue_warn', 'JHMwID0gIjx0YWJsZSB3aWR0aD1cIjEwMCVcIiBib3JkZXI9XCIxXCIgY2VsbHNwYWNpbmc9XCIwXCIgY2VsbHBhZGRpbmc9XCI1XCIgYm9yZGVyY29sIg==\nJHMyID0gIiBLQiA8L3RkPiI=\nJHMzID0gIjx0YWJsZSB3aWR0aD1cIjk4JVwiIGJvcmRlcj1cIjBcIiBjZWxsc3BhY2luZz1cIjBcIiBjZWxscGFkZGluZz1cIiI=\nJHM0ID0gIjwhLS0gPHRyIGFsaWduPVwiY2VudGVyXCI+ICI=\n', 'all of them', ' Web Shell - from files 404.jsp, data.jsp, in.jsp, JFolder.jsp, jfolder01.jsp, jsp.jsp, suiyue.jsp, warn.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(365, 'webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY', 'JHM0ID0gImh0dHA6Ly93d3cuNG5nZWwubmV0Ig==\nJHM1ID0gIjwvYT4gfCA8YSBocmVmPVwiP2FjdGlvbj1waHBlbnZcIj5QSFAi\nJHM4ID0gImVjaG8gJG1zZz1AZndyaXRlKCRmcCwkX1BPU1RbJ2ZpbGVjb250ZW50J10pID8gXCIi\nJHM5ID0gIkNvZHogYnkgQW5nZWwi\n', '2 of them', ' Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(366, 'webshell_c99_locus7s_c99_w4cking_xxx', 'JHMxID0gIiRyZXMgPSBAc2hlbGxfZXhlYygkY2ZlKTsi\nJHM4ID0gIiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7Ig==\nJHM5ID0gIkBleGVjKCRjZmUsJHJlcyk7Ig==\n', '2 of them', ' Web Shell - from files c99_locus7s.php, c99_w4cking.php, r57shell.php, r57shell127.php, SnIpEr_SA Shell.php, EgY_SpIdEr ShElL V2.php, r57_iFX.php, r57_kartal.php, r57_Mohajer22.php, r57.php, acid.php, newsh.php, r57.php, Backdoor.PHP.Agent.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(367, 'webshell_browser_201_3_ma_ma2_download', 'JHMxID0gInByaXZhdGUgc3RhdGljIGZpbmFsIGludCBFRElURklFTERfUk9XUyA9IDMwOyI=\nJHMyID0gInByaXZhdGUgc3RhdGljIFN0cmluZyB0ZW1wZGlyID0gXCIuXCI7Ig==\nJHM2ID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgbmFtZT1cImRpclwiIHZhbHVlPVwiPCU9cmVxdWVzdC5nZXRBdHRyaWJ1dGUoXCJkaXJcIiklPlwiIg==\n', '2 of them', ' Web Shell - from files browser.jsp, 201.jsp, 3.jsp, ma.jsp, ma2.jsp, download.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(368, 'webshell_000_403_c5_queryDong_spyjsp2010', 'JHMyID0gIlwiIDxzZWxlY3QgbmFtZT0nZW5jb2RlJyBjbGFzcz0naW5wdXQnPjxvcHRpb24gdmFsdWU9Jyc+QU5TSTwvb3B0aW9uPjxvcHRpb24gdmFsIg==\nJHM3ID0gIkpTZXNzaW9uLnNldEF0dHJpYnV0ZShcIk1TR1wiLFwiPHNwYW4gc3R5bGU9J2NvbG9yOnJlZCc+VXBsb2FkIEZpbGUgRmFpbGVkITwvc3BhIg==\nJHM4ID0gIkZpbGUgZiA9IG5ldyBGaWxlKEpTZXNzaW9uLmdldEF0dHJpYnV0ZShDVVJSRU5UX0RJUikrXCIvXCIrZmlsZUJlYW4uZ2V0RmlsZU5hbWUoIg==\nJHM5ID0gIigoSW52b2tlcilpbnMuZ2V0KFwidmRcIikpLmludm9rZShyZXF1ZXN0LHJlc3BvbnNlLEpTZXNzaW9uKTsi\n', '2 of them', ' Web Shell - from files 000.jsp, 403.jsp, c5.jsp, queryDong.jsp, spyjsp2010.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(369, 'webshell_r57shell127_r57_kartal_r57', 'JHMyID0gIiRoYW5kbGUgPSBAb3BlbmRpcigkZGlyKSBvciBkaWUoXCJDYW4ndCBvcGVuIGRpcmVjdG9yeSAkZGlyXCIpOyI=\nJHMzID0gImlmKCFlbXB0eSgkX1BPU1RbJ215c3FsX2RiJ10pKSB7IEBtc3NxbF9zZWxlY3RfZGIoJF9QT1NUWydteXNxbF9kYiddLCRkYik7IH0i\nJHM1ID0gImlmICghaXNzZXQoJF9TRVJWRVJbJ1BIUF9BVVRIX1VTRVInXSkgfHwgJF9TRVJWRVJbJ1BIUF9BVVRIX1VTRVInXSE9PSRuYW1lIHx8ICRfIg==\n', '2 of them', ' Web Shell - from files r57shell127.php, r57_kartal.php, r57.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(370, 'webshell_webshells_new_con2', 'JHM3ID0gIixodGFQcmV3b1AoZWNhbHBlcj1odGFQcmV3b1A6ZkkgZG5FOjA9S090aWRFOjEgLSBldWxhVnRuaSA9IGV1bGFWdG5pOm5laFQgMSA9PiBlIg==\nJHMxMCA9ICJqIFwiPEZvcm0gYWN0aW9uPSdcIiZVUkwmXCI/QWN0aW9uMj1Qb3N0JyBtZXRob2Q9J3Bvc3QnIG5hbWU9J0VkaXRGb3JtJz48aW5wdXQgbiI=\n', '1 of them', ' Web shells - generated from file con2.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(371, 'webshell_webshells_new_make2', 'JHMxID0gImVycm9yX3JlcG9ydGluZygwKTtzZXNzaW9uX3N0YXJ0KCk7aGVhZGVyKFwiQ29udGVudC10eXBlOnRleHQvaHRtbDtjaGFyc2V0PXV0Zi04Ig==\n', 'all of them', ' Web shells - generated from file make2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(372, 'webshell_webshells_new_aaa', 'JHMwID0gIkZ1bmN0aW9uIGZ2bShqd3YpOklmIGp3dj1cIlwiVGhlbjpmdm09and2OkV4aXQgRnVuY3Rpb246RW5kIElmOkRpbSB0dCxzcnU6dHQ9XCIi\nJHM1ID0gIjxvcHRpb24gdmFsdWU9XCJcIkRST1AgVEFCTEUgW2puY107ZXhlYyBtYXN0XCIma3ZwJlwiZXIuLnhwX3JlZ3dyaXRlICdIS0VZX0xPQ0FMIg==\nJHMxNyA9ICJpZiBxcHY9XCJcIiB0aGVuIHFwdj1cIng6XFxQcm9ncmFtIEZpbGVzXFxNeVNRTFxcTXlTUUwgU2VydmVyIDUuMFxcbXkuaW5pXCImYnImIg==\n', '1 of them', ' Web shells - generated from file aaa.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(374, 'webshell_webshells_new_php2', 'JHMwID0gIjw/cGhwICRzPUAkX0dFVFsyXTtpZihtZDUoJHMuJHMpPT0i\n', 'all of them', ' Web shells - generated from file php2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(375, 'webshell_bypass_iisuser_p', 'JHMwID0gIjwlRXZhbChSZXF1ZXN0KGNocigxMTIpKSk6U2V0IGZzbz1DcmVhdGVPYmplY3Qi\n', 'all of them', ' Web shells - generated from file bypass-iisuser-p.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(376, 'webshell_sig_404super', 'JHM0ID0gIiRpID0gcGFjaygnYyonLCAweDcwLCAweDYxLCA5OSwgMTA3KTsi\nJHM2ID0gIiAgICAnaCcgPT4gJGkoJ0gqJywgJzY4NzQ3NDcwM2EyZjJmNjI2YzYxNmI2OTZlMmU2NDc1NjE3MDcwMmU2MzZmNmQyZjc2MzEnKSwi\nJHM3ID0gIi8vaHR0cDovL3JlcXVpcmUuZHVhcHAuY29tL3Nlc3Npb24ucGhwIg==\nJHM4ID0gImlmKCFpc3NldCgkX1NFU1NJT05bJ3QnXSkpeyRfU0VTU0lPTlsndCddID0gJEdMT0JBTFNbJ2YnXSgkR0xPQkFMU1snaCddKTt9Ig==\nJHMxMiA9ICIvL2RlZmluZSgncGFzcycsJzEyMzQ1NicpOyI=\nJHMxMyA9ICIkR0xPQkFMU1snYyddKCRHTE9CQUxTWydlJ10obnVsbCwgJEdMT0JBTFNbJ3MnXSgnJXMnLCRHTE9CQUxTWydwJ10oJ0gqJywkX1NFU1NJTyI=\n', '1 of them', ' Web shells - generated from file 404super.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(377, 'webshell_webshells_new_JSP', 'JHMxID0gInZvaWQgQUEoU3RyaW5nQnVmZmVyIHNiKXRocm93cyBFeGNlcHRpb257RmlsZSByW109RmlsZS5saXN0Um9vdHMoKTtmb3IoaW50IGk9MDtpIg==\nJHM1ID0gImJ3LndyaXRlKHoyKTtidy5jbG9zZSgpO3NiLmFwcGVuZChcIjFcIik7fWVsc2UgaWYoWi5lcXVhbHMoXCJFXCIpKXtFRSh6MSk7c2IuYXBwIg==\nJHMxMSA9ICJpZihaLmVxdWFscyhcIkFcIikpe1N0cmluZyBzPW5ldyBGaWxlKGFwcGxpY2F0aW9uLmdldFJlYWxQYXRoKHJlcXVlc3QuZ2V0UmVxdWVzdCI=\n', '1 of them', ' Web shells - generated from file JSP.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(378, 'webshell_webshell_123', 'JHMwID0gIi8vIFdlYiBTaGVsbCEhIg==\nJHMxID0gIkBwcmVnX3JlcGxhY2UoXCIvLiovZVwiLFwiXFx4NjVcXHg3NlxceDYxXFx4NkNcXHgyOFxceDY3XFx4N0FcXHg2OVxceDZFXFx4NjZcXHg2Ig==\nJHMzID0gIiRkZWZhdWx0X2NoYXJzZXQgPSBcIlVURi04XCI7Ig==\nJHM0ID0gIi8vIHVybDpodHRwOi8vd3d3LndlaWdvbmdrYWkuY29tL3NoZWxsLyI=\n', '2 of them', ' Web shells - generated from file webshell-123.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(379, 'webshell_dev_core', 'JHMxID0gImlmIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAnRUJTRCcpID09IGZhbHNlKSB7Ig==\nJHM5ID0gInNldGNvb2tpZSgna2V5JywgJF9QT1NUWydwd2QnXSwgdGltZSgpICsgMzYwMCAqIDI0ICogMzApOyI=\nJHMxMCA9ICIkX1NFU1NJT05bJ2NvZGUnXSA9IF9SRVFVRVNUKHNwcmludGYoXCIlcz8lc1wiLHBhY2soXCJIKlwiLCc2ODc0Ig==\nJHMxMSA9ICJpZiAocHJlZ19tYXRjaChcIi9eSFRUUFxcL1xcZFxcLlxcZFxccyhbXFxkXSspXFxzLiokL1wiLCAkc3RhdHVzLCAkbWF0Y2hlcykpIg==\nJHMxMiA9ICJldmFsKGd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoQ3J5cHQ6OmRlY3J5cHQoJF9TRVNTSU9OWydjb2RlJ10sICRfQyI=\nJHMxNSA9ICJpZiAoKCRmc29jayA9IGZzb2Nrb3BlbigkdXJsMlsnaG9zdCddLCA4MCwgJGVycm5vLCAkZXJyc3RyLCAkZnNvY2tfdGltZW91dCkpIg==\n', '1 of them', ' Web shells - generated from file dev_core.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(380, 'webshell_webshells_new_pHp', 'JHMwID0gImlmKGlzX3JlYWRhYmxlKCRwYXRoKSkgYW50aXZpcnVzKCRwYXRoLicvJywkZXhzLCRtYXRjaGVzKTsi\nJHMxID0gIicvKGV2YWx8YXNzZXJ0fGluY2x1ZGV8cmVxdWlyZXxpbmNsdWRlXFxfb25jZXxyZXF1aXJlXFxfb25jZXxhcnJheVxcX21hcHxhcnIi\nJHMxMyA9ICInLyhleGVjfHNoZWxsXFxfZXhlY3xzeXN0ZW18cGFzc3RocnUpK1xccypcXChcXHMqXFwkXFxfKFxcdyspXFxbKC4qKVxcXVxccyoi\nJHMxNCA9ICInLyhpbmNsdWRlfHJlcXVpcmV8aW5jbHVkZVxcX29uY2V8cmVxdWlyZVxcX29uY2UpK1xccypcXChcXHMqW1xcJ3xcXFwiXShcXHcrIg==\nJHMxOSA9ICInL1xcJFxcXyhcXHcrKSguKikoZXZhbHxhc3NlcnR8aW5jbHVkZXxyZXF1aXJlfGluY2x1ZGVcXF9vbmNlfHJlcXVpcmVcXF9vbmNlIg==\n', '1 of them', ' Web shells - generated from file pHp.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(381, 'webshell_webshells_new_pppp', 'JHMwID0gIk1haWw6IGNoaW5lc2VAaGFja2VybWFpbC5jb20i\nJHMzID0gImlmKCRfR0VUW1wiaGFja2Vyc1wiXT09XCIyYlwiKXtpZiAoJF9TRVJWRVJbJ1JFUVVFU1RfTUVUSE9EJ10gPT0gJ1BPU1QnKSB7IGVjaG8gIg==\nJHM2ID0gIlNpdGU6IGh0dHA6Ly9ibG9nLndlaWxpLm1lIg==\n', '1 of them', ' Web shells - generated from file pppp.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(382, 'webshell_webshells_new_code', 'JHMxID0gIjxhIGNsYXNzPVwiaGlnaDJcIiBocmVmPVwiamF2YXNjcmlwdDo7OztcIiBuYW1lPVwiYWN0aW9uPXNob3cmZGlyPSRfaXBhZ2VfZmki\nJHM3ID0gIiRmaWxlID0gIWVtcHR5KCRfUE9TVFtcImRpclwiXSkgPyB1cmxkZWNvZGUoc2VsZjo6Y29udmVydF90b191dGY4KHJ0cmltKCRfUE8i\nJHMxMCA9ICJpZiAodHJ1ZT09QG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyd1c2VyZmlsZSddWyd0bXBfbmFtZSddLHNlbGY6OmNvbnZlcnRfIg==\nJHMxNCA9ICJQcm9jZXNzZWQgaW4gPHNwYW4gaWQ9XCJydW50aW1lXCI+PC9zcGFuPiBzZWNvbmQocykge2d6aXB9IHVzYWdlOiI=\nJHMxNyA9ICI8YSBocmVmPVwiamF2YXNjcmlwdDo7OztcIiBuYW1lPVwie3JldHVybl9saW5rfVwiIG9uY2xpY2s9XCJmaWxlcGVybSI=\n', '1 of them', ' Web shells - generated from file code.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(383, 'webshell_webshells_new_jspyyy', 'JHMwID0gIjwlQHBhZ2UgaW1wb3J0PVwiamF2YS5pby4qXCIlPjwlaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJmXCIpIg==\n', 'all of them', ' Web shells - generated from file jspyyy.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(384, 'webshell_webshells_new_xxxx', 'JHMwID0gIjw/cGhwIGV2YWwoJF9QT1NUWzFdKTs/PiAgIg==\n', 'all of them', ' Web shells - generated from file xxxx.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(385, 'webshell_webshells_new_JJjsp3', 'JHMwID0gIjwlQHBhZ2UgaW1wb3J0PVwiamF2YS5pby4qLGphdmEudXRpbC4qLGphdmEubmV0LiosamF2YS5zcWwuKixqYXZhLnRleHQuKlwiJT48JSFTIg==\n', 'all of them', ' Web shells - generated from file JJjsp3.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(386, 'webshell_webshells_new_PHP1', 'JHMwID0gIjxbdXJsPW1haWx0bzo/QGFycmF5X21hcCgkX0dFVFtdP0BhcnJheV9tYXAoJF9HRVRbJ2YnXSwkX0dFVFsvdXJsXSk7Pz4i\nJHMyID0gIjpodHRwczovL2ZvcnVtLjkwc2VjLm9yZy9mb3J1bS5waHA/bW9kPXZpZXd0aHJlYWQmdGlkPTczMTYi\nJHMzID0gIkBwcmVnX3JlcGxhY2UoXCIvZi9lXCIsJF9HRVRbJ3UnXSxcImZlbmdqaWFvXCIpOyAi\n', '1 of them', ' Web shells - generated from file PHP1.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(387, 'webshell_webshells_new_JJJsp2', 'JHMyID0gIlFRKGNzLCB6MSwgejIsIHNiLHoyLmluZGV4T2YoXCItdG86XCIpIT0tMT96Mi5zdWJzdHJpbmcoejIuaW5kZXhPZihcIi10bzpcIikrNCx6Ig==\nJHM4ID0gInNiLmFwcGVuZChsW2ldLmdldE5hbWUoKSArIFwiL1xcdFwiICsgc1QgKyBcIlxcdFwiICsgbFtpXS5sZW5ndGgoKSsgXCJcXHRcIiArIHNRIg==\nJHMxMCA9ICJSZXN1bHRTZXQgciA9IHMuaW5kZXhPZihcImpkYmM6b3JhY2xlXCIpIT0tMT9jLmdldE1ldGFEYXRhKCki\nJHMxMSA9ICJyZXR1cm4gRHJpdmVyTWFuYWdlci5nZXRDb25uZWN0aW9uKHhbMV0udHJpbSgpK1wiOlwiK3hbNF0seFsyXS5lcXVhbHNJZ25vcmVDYXNlKCI=\n', '1 of them', ' Web shells - generated from file JJJsp2.jsp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(388, 'webshell_webshells_new_radhat', 'JHMxID0gInNvZD1BcnJheShcIkRcIixcIjdcIixcIlMi\n', 'all of them', ' Web shells - generated from file radhat.asp', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(390, 'webshell_webshells_new_php6', 'JHMxID0gImFycmF5X21hcChcImFzeDczZXJ0XCIsKGFyIg==\nJHMzID0gInByZWdfcmVwbGFjZShcIi9bZXJyb3JwYWdlXS9lXCIsJHBhZ2UsXCJzYWZ0XCIpOyI=\nJHM0ID0gInNoZWxsLnBocD9xaWQ9enhleHAgICI=\n', '1 of them', ' Web shells - generated from file php6.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(391, 'webshell_webshells_new_xxx', 'JHMzID0gIjw/cGhwIGFycmF5X21hcChcImFzc1xceDY1cnRcIiwoYXJyYXkpJF9SRVFVRVNUWydleHBkb29yJ10pOz8+Ig==\n', 'all of them', ' Web shells - generated from file xxx.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(392, 'webshell_GetPostpHp', 'JHMwID0gIjw/cGhwIGV2YWwoc3RyX3JvdDEzKCdyaW55KCRfQ0JGR1tjbnRyXSk7JykpOz8+Ig==\n', 'all of them', ' Web shells - generated from file GetPostpHp.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(393, 'webshell_webshells_new_php5', 'JHMwID0gIjw/JF91VT1jaHIoOTkpLmNocigxMDQpLmNocigxMTQpOyRfY0M9JF91VSgxMDEpLiRfdVUoMTE4KS4kX3VVKDk3KS4kX3VVKDEwOCkuJF91Ig==\n', 'all of them', ' Web shells - generated from file php5.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(396, 'perlbot_pl', 'JHMwID0gIm15IEBhZG1zPShcIktlbHNlcmlmaWNcIixcIlB1bmFcIixcIm5vZDMyXCIpIg==\nJHMxID0gIiNBY2Vzc28gYSBTaGVsIC0gMSBPTiAwIE9GRiI=\n', '1 of them', ' Semi-Auto-generated  - file perlbot.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(397, 'php_backdoor_php', 'JHMwID0gImh0dHA6Ly9taWNoYWVsZGF3Lm9yZyAgIDIwMDYi\nJHMxID0gIm9yIGh0dHA6Ly88PyBlY2hvICRTRVJWRVJfTkFNRS4kUkVRVUVTVF9VUkk7ID8+P2Q9Yzovd2luZG93cyBvbiB3aW4i\nJHMzID0gImNvZGVkIGJ5IHowbWJpZSI=\n', '1 of them', ' Semi-Auto-generated  - file php-backdoor.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(398, 'Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php', 'JHMwID0gIjxvcHRpb24gdmFsdWU9XCJjYXQgL3Zhci9jcGFuZWwvYWNjb3VudGluZy5sb2dcIj4vdmFyL2NwYW5lbC9hY2NvdW50aW5nLmxvZzwvb3B0Ig==\nJHMxID0gIkxpejB6aU0gUHJpdmF0ZSBTYWZlIE1vZGUgQ29tbWFuZCBFeGVjdXJpdG9uIEJ5cGFzcyI=\nJHMyID0gImVjaG8gXCI8Yj48Zm9udCBjb2xvcj1yZWQ+S2ltaW0gQmVuIDo9KTwvZm9udD48L2I+OiR1aWQ8YnI+XCI7Ig==\n', '1 of them', ' Semi-Auto-generated  - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(399, 'Nshell__1__php_php', 'JHMwID0gImVjaG8gXCJDb21tYW5kIDogPElOUFVUIFRZUEU9dGV4dCBOQU1FPWNtZCB2YWx1ZT1cIi5Ac3RyaXBzbGFzaGVzKGh0bWxlbnRpdGllcygkIg==\nJHMxID0gImlmKCEkd2hvYW1pKSR3aG9hbWk9ZXhlYyhcIndob2FtaVwiKTsgZWNobyBcIndob2FtaSA6XCIuJHdob2FtaS5cIjxicj5cIjsi\n', '1 of them', ' Semi-Auto-generated  - file Nshell (1).php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(400, 'shankar_php_php', 'JHNBdXRob3IgPSAiU2hBbkthUiI=\nJHMwID0gIjxpbnB1dCB0eXBlPWNoZWNrYm94IG5hbWU9J2RkJyBcIi4oaXNzZXQoJF9QT1NUWydkZCddKT8nY2hlY2tlZCc6JycpLlwiPkRCPGlucHV0Ig==\nJHMzID0gIlNob3c8aW5wdXQgdHlwZT10ZXh0IHNpemU9NSB2YWx1ZT1cIi4oKGlzc2V0KCRfUE9TVFsnYnJfc3QnXSkgJiYgaXNzZXQoJF9QT1NUWydiIg==\n', '1 of ($s*) and $sAuthor', ' Semi-Auto-generated  - file shankar.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(401, 'Casus15_php_php', 'JHMwID0gImNvcHkgKCAkZG9zeWFfZ29uZGVyMiwgXCIkZGlyLyRkb3N5YV9nb25kZXIyX25hbWVcIikgPyBwcmludChcIiRkb3N5YV9nb25kZXIyX25hIg==\nJHMyID0gImVjaG8gXCI8Y2VudGVyPjxmb250IHNpemU9JyRzYXlpJyBjb2xvcj0nI0ZGRkZGRic+SEFDS0xFUklOPGZvbnQgY29sb3I9JyMwMDgwMDAnIg==\nJHMzID0gInZhbHVlPSdDYWxpc3Rpcm1hayBpc3RlZGlnaW5peiAi\n', '1 of them', ' Semi-Auto-generated  - file Casus15.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(402, 'small_php_php', 'JHMxID0gIiRwYXNzPSdhYmNkZWYxMjM0NTY3ODkwYWJjZGVmMTIzNDU2Nzg5MCc7Ig==\nJHMyID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJ0ZKekhrcVBhdGtVLzU1MElHbmpYeEh2djZiekFlMGlFNStzdkZWR3RLcVhNWnEwNXgxIg==\nJHM0ID0gIkBpbmlfc2V0KCdlcnJvcl9sb2cnLE5VTEwpOyI=\n', '2 of them', ' Semi-Auto-generated  - file small.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(403, 'shellbot_pl', 'JHMwID0gIlNoZWxsQk9UIg==\nJHMxID0gIlBhY2t0c0dyMHVwIg==\nJHMyID0gIkNvUnBPckF0SW9OIg==\nJHMzID0gIiMgU2Vydmlkb3IgZGUgaXJjIHF1ZSB2YWkgc2VyIHVzYWRvICI=\nJHM0ID0gIi9eY3RjcGZsb29kXFxzKyhcXGQrKVxccysoXFxTKyki\n', '2 of them', ' Semi-Auto-generated  - file shellbot.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(404, 'fuckphpshell_php', 'JHMwID0gIiRzdWNjID0gXCJXYXJuaW5nISAi\nJHMxID0gIkRvbmB0IGJlIHN0dXBpZCAuLiB0aGlzIGlzIGEgcHJpdjMgc2VydmVyLCBzbyB0YWtlIGV4dHJhIGNhcmUhIg==\nJHMyID0gIlxcKj0tLSBNRU1CRVJTIEFSRUEgLS09Ki8i\nJHMzID0gInByZWdfbWF0Y2goJy8oXFxuW15cXG5dKil7JyAuICRjYWNoZV9saW5lcyAuICd9JC8nLCAkX1NFU1NJT05bJ28i\n', '2 of them', ' Semi-Auto-generated  - file fuckphpshell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(405, 'ngh_php_php', 'JHMwID0gIkNyNHNoX2FrYV9SS0wi\nJHMxID0gIk5HSCBlZGl0aW9uIg==\nJHMyID0gIi8qIGNvbm5lY3RiYWNrLWJhY2tkb29yIG9uIHBlcmwi\nJHMzID0gIjxmb3JtIGFjdGlvbj08Pz0kc2NyaXB0Pz4/YWN0PWJpbmRzaGVsbCBtZXRob2Q9UE9TVD4i\nJHM0ID0gIiRsb2dvID0gXCJSMGxHT0RsaE1BQXdBT1lBQUFBQUFQLy8vL3Ii\n', '1 of them', ' Semi-Auto-generated  - file ngh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(406, 'jsp_reverse_jsp', 'JHMwID0gIi8vIGJhY2tkb29yLmpzcCI=\nJHMxID0gIkpTUCBCYWNrZG9vciBSZXZlcnNlIFNoZWxsIg==\nJHMyID0gImh0dHA6Ly9taWNoYWVsZGF3Lm9yZyI=\n', '2 of them', ' Semi-Auto-generated  - file jsp-reverse.jsp.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(409, 'SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php', 'JHMwID0gIlNpbUF0dGFja2VyIC0gVnJzaW9uIDogMS4wLjAgLSBwcml2OCA0IE15IGZyaWVuZCI=\nJHMzID0gIiBmcHV0cyAoJGZwICxcIlxcbioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKlxcbldlbGNvbWUgVDAgU2ltIg==\nJHM0ID0gImVjaG8gXCI8YSB0YXJnZXQ9J19ibGFuaycgaHJlZj0nP2lkPWZtJmZlZGl0PSRkaXIkZmlsZSc+PHNwYW4gc3R5bGU9J3RleHQtZGVjb3JhIg==\n', '1 of them', ' Semi-Auto-generated  - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(411, 'phvayvv_php_php', 'JHMwID0gIntta2RpcihcIiRkaXppbi8kZHV6ZW54MlwiLDc3Nyki\nJHMxID0gIiRiYWdsYW49Zm9wZW4oJGR1emtheWRldCwndycpOyI=\nJHMyID0gIlBIVmF5diAxLjAi\n', '1 of them', ' Semi-Auto-generated  - file phvayvv.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(413, 'r57shell_php_php', 'JHMwID0gInI1N3NoZWxsIg==\nJHMxID0gIiBlbHNlIGlmICgkSFRUUF9QT1NUX1ZBUlNbJ3dpdGgnXSA9PSBcImx5bnhcIikgeyAkSFRUUF9QT1NUX1ZBUlNbJ2NtZCddPSBcImx5bnggIg==\nJHMyID0gIlJ1c0ggc2VjdXJpdHkgdGVhbSI=\nJHMzID0gIidydV90ZXh0MTInID0+ICdiYWNrLWNvbm5lY3Qi\n', '1 of them', ' Semi-Auto-generated  - file r57shell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(414, 'rst_sql_php_php', 'JHMwID0gIkM6XFx0bXBcXGR1bXBfIg==\nJHMxID0gIlJTVCBNeVNRTCI=\nJHMyID0gImh0dHA6Ly9yc3Qudm9pZC5ydSI=\nJHMzID0gIiRzdF9mb3JtX2JnPSdSMGxHT0RsaENRQUpBSUFBQU9mbzZ1N3c4eUg1QkFBQUFBQUFMQUFBQUFBSkFBa0FBQUlQakFPbnVKZk5ISmgwcXRmdzBsY1ZBRHM9Jzsi\n', '2 of them', ' Semi-Auto-generated  - file rst_sql.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(415, 'wh_bindshell_py', 'JHMwID0gIiNVc2U6IHB5dGhvbiB3aF9iaW5kc2hlbGwucHkgW3BvcnRdIFtwYXNzd29yZF0i\nJHMyID0gInB5dGhvbiAtY1wiaW1wb3J0IG1kNTt4PW1kNS5uZXcoJ3lvdV9wYXNzd29yZCcpO3ByaW50IHguaGV4ZGlnZXN0KClcIiI=\nJHMzID0gIiNidWd6OiBjdHJsK2MgZXRjID1zY3JpcHQgc3RvcGVkPSI=\n', '1 of them', ' Semi-Auto-generated  - file wh_bindshell.py.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(416, 'lurm_safemod_on_cgi', 'JHMwID0gIk5ldHdvcmsgc2VjdXJpdHkgdGVhbSA6OiBDR0kgU2hlbGwi\nJHMxID0gIiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyM8PEtPTkVDPj4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIg==\nJHMyID0gIiMjaWYgKCFkZWZpbmVkJHBhcmFte3B3ZH0peyRwYXJhbXtwd2R9PSdFbnRlcl9QYXNzd29yZCd9OyMjIg==\n', '1 of them', ' Semi-Auto-generated  - file lurm_safemod_on.cgi.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(417, 'c99madshell_v2_0_php_php', 'JHMyID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJ0hKM0hrcU5RRWtVL1p6cUNCZDR0OFY0WUFRSTJFM2p2UFY4LzFHdzZvcnNWRkx5WGVmIg==\n', 'all of them', ' Semi-Auto-generated  - file c99madshell_v2.0.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(418, 'backupsql_php_often_with_c99shell', 'JHMyID0gIi8vJG1lc3NhZ2UuPSBcIi0teyRtaW1lX2JvdW5kYXJ5fVxcblwiIC5cIkNvbnRlbnQtVHlwZTogeyRmaWxlYXR0X3R5cGV9O1xcblwiIC4i\nJHM0ID0gIiRmdHBjb25uZWN0ID0gXCJuY2Z0cHB1dCAtdSAkZnRwX3VzZXJfbmFtZSAtcCAkZnRwX3VzZXJfcGFzcyAtZCBkZWJzZW5kZXJfZnRwbG9nIg==\n', 'all of them', ' Semi-Auto-generated  - file backupsql.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(419, 'uploader_php_php', 'JHMyID0gIm1vdmVfdXBsb2FkZWRfZmlsZSgkdXNlcmZpbGUsIFwiZW50cmlrYS5waHBcIik7ICI=\nJHMzID0gIlNlbmQgdGhpcyBmaWxlOiA8SU5QVVQgTkFNRT1cInVzZXJmaWxlXCIgVFlQRT1cImZpbGVcIj4i\nJHM0ID0gIjxJTlBVVCBUWVBFPVwiaGlkZGVuXCIgbmFtZT1cIk1BWF9GSUxFX1NJWkVcIiB2YWx1ZT1cIjEwMDAwMFwiPiI=\n', '2 of them', ' Semi-Auto-generated  - file uploader.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(420, 'telnet_pl', 'JHMwID0gIlcgQSBSIE4gSSBOIEc6IFByaXZhdGUgU2VydmVyIg==\nJHMyID0gIiRNZXNzYWdlID0gcSQ8cHJlPjxmb250IGNvbG9yPVwiIzY2OTk5OVwiPiBfX19fXyAgX19fX18gIF9fX19fICAgICAgICAgIF9fX19fICAgIg==\n', 'all of them', ' Semi-Auto-generated  - file telnet.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(421, 'w3d_php_php', 'JHMwID0gIlczRCBTaGVsbCI=\nJHMxID0gIkJ5OiBXYXJwYm95Ig==\nJHMyID0gIk5vIFF1ZXJ5IEV4ZWN1dGVkIg==\n', '2 of them', ' Semi-Auto-generated  - file w3d.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(422, 'WebShell_cgi', 'JHMwID0gIldlYlNoZWxsLmNnaSI=\nJHMyID0gIjx0ZD48Y29kZSBjbGFzcz1cImVudHJ5LVslIGlmIGVudHJ5LmFsbF9yaWdodHMgJV1taW5lWyUgZWxzZSI=\n', 'all of them', ' Semi-Auto-generated  - file WebShell.cgi.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(423, 'WinX_Shell_html', 'JHMwID0gIldpblggU2hlbGwi\nJHMxID0gIkNyZWF0ZWQgYnkgZ3JlZW53b29kIGZyb20gbjU3Ig==\nJHMyID0gIjx0ZD48Zm9udCBjb2xvcj1cXFwiIzk5MDAwMFxcXCI+V2luIERpcjo8L2ZvbnQ+PC90ZD4i\n', '2 of them', ' Semi-Auto-generated  - file WinX Shell.html.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(424, 'Dx_php_php', 'JHMwID0gInByaW50IFwiXFxuXCIuJ1RpcDogdG8gdmlldyB0aGUgZmlsZSBcImFzIGlzXCIgLSBvcGVuIHRoZSBwYWdlIGluIDxhIGhyZWY9XCInLkR4Ig==\nJHMyID0gIiRERUZfUE9SVFM9YXJyYXkgKDE9Pid0Y3BtdXggKFRDUCBQb3J0IFNlcnZpY2UgTXVsdGlwbGV4ZXIpJywyPT4nTWFuYWdlbWVudCBVdGlsIg==\nJHMzID0gIiRyYTQ0ICA9IHJhbmQoMSw5OTk5OSk7JHNqOTggPSBcInNoLSRyYTQ0XCI7JG1sID0gXCIkc2Q5OFwiOyRhNSA9ICRfU0VSVkVSWydIVFRQIg==\n', '1 of them', ' Semi-Auto-generated  - file Dx.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(425, 'csh_php_php', 'JHMwID0gIi46OltjMGRlcnpdOjouIHdlYi1zaGVsbCI=\nJHMxID0gImh0dHA6Ly9jMGRlcnoub3JnLnVhIg==\nJHMyID0gInZpbnQyMWhAYzBkZXJ6Lm9yZy51YSI=\nJHMzID0gIiRuYW1lPSc2M2E5ZjBlYTdiYjk4MDUwNzk2YjY0OWU4NTQ4MTg0NSc7Ly9yb290Ig==\n', '1 of them', ' Semi-Auto-generated  - file csh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(426, 'pHpINJ_php_php', 'JHMxID0gIk5ld3MgUmVtb3RlIFBIUCBTaGVsbCBJbmplY3Rpb24i\nJHMzID0gIlBocCBTaGVsbCA8YnIgLz4i\nJHM0ID0gIjxpbnB1dCB0eXBlID0gXCJ0ZXh0XCIgbmFtZSA9IFwidXJsXCIgdmFsdWUgPSBcIiI=\n', '2 of them', ' Semi-Auto-generated  - file pHpINJ.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(427, 'sig_2008_php_php', 'JHMwID0gIkNvZHogYnkgYW5nZWwoNG5nZWwpIg==\nJHMxID0gIldlYjogaHR0cDovL3d3dy40bmdlbC5uZXQi\nJHMyID0gIiRhZG1pblsnY29va2llbGlmZSddID0gODY0MDA7Ig==\nJHMzID0gIiRlcnJtc2cgPSAnVGhlIGZpbGUgeW91IHdhbnQgRG93bmxvYWRhYmxlIHdhcyBub25leGlzdGVudCc7Ig==\n', '1 of them', ' Semi-Auto-generated  - file 2008.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(428, 'ak74shell_php_php', 'JHMxID0gIiRyZXMgLj0gJzx0ZCBhbGlnbj1cImNlbnRlclwiPjxhIGhyZWY9XCInLiR4c2hlbGwuJz9hY3Q9Y2htb2QmZmlsZT0nLiRfU0VTU0lPTlsi\nJHMyID0gIkFLLTc0IFNlY3VyaXR5IFRlYW0gV2ViIFNpdGU6IHd3dy5hazc0LXRlYW0ubmV0Ig==\nJHMzID0gIiR4c2hlbGwi\n', '2 of them', ' Semi-Auto-generated  - file ak74shell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(429, 'Rem_View_php_php', 'JHMwID0gIiRwaHA9XCIvKiBsaW5lIDEgKi9cXG5cXG4vLyBcIi5tbShcImZvciBleGFtcGxlLCB1bmNvbW1lbnQgbmV4dCBsaW5lXCIpLlwiIg==\nJHMyID0gIjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nXCIubW0oXCJEZWxldGUgYWxsIGRpci9maWxlcyByZWN1cnNpdmVcIikuXCIgKHJtIC1mciknIg==\nJHM0ID0iV2VsY29tZSB0byBwaHBSZW1vdGVWaWV3IChSZW1WaWV3KSI=\n', '1 of them', ' Semi-Auto-generated  - file Rem View.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(430, 'Java_Shell_js', 'JHMyID0gIlB5U3lzdGVtU3RhdGUuaW5pdGlhbGl6ZShTeXN0ZW0uZ2V0UHJvcGVydGllcygpLCBudWxsLCBhcmd2KTsi\nJHMzID0gInB1YmxpYyBjbGFzcyBKeXRob25TaGVsbCBleHRlbmRzIEpQYW5lbCBpbXBsZW1lbnRzIFJ1bm5hYmxlIHsi\nJHM0ID0gInB1YmxpYyBzdGF0aWMgaW50IERFRkFVTFRfU0NST0xMQkFDSyA9IDEwMCI=\n', '2 of them', ' Semi-Auto-generated  - file Java Shell.js.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(431, 'STNC_php_php', 'JHMwID0gImRybWlzdC5ydSI=\nJHMxID0gImhpZGRlbihcImFjdGlvblwiLFwiZG93bmxvYWRcIikuaGlkZGVuX3B3ZCgpLlwiPGNlbnRlcj48dGFibGU+PHRyPjx0ZCB3aWR0aD04MCI=\nJHMyID0gIlNUTkMgV2ViU2hlbGwi\nJHMzID0gImh0dHA6Ly93d3cuc2VjdXJpdHktdGVhbXMubmV0L2luZGV4LnBocD9zaG93dG9waWM9Ig==\n', '1 of them', ' Semi-Auto-generated  - file STNC.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(432, 'aZRaiLPhp_v1_0_php', 'JHMwID0gImF6cmFpbHBocCI=\nJHMxID0gIjxicj48Y2VudGVyPjxJTlBVVCBUWVBFPSdTVUJNSVQnIE5BTUU9J2R5JyBWQUxVRT0nRG9zeWEgWW9sbGEhJz48L2NlbnRlcj4i\nJHMzID0gIjxjZW50ZXI+PElOUFVUIFRZUEU9J3N1Ym1pdCcgbmFtZT0nb2ttZicgdmFsdWU9J1RBTUFNJz48L2NlbnRlcj4i\n', '2 of them', ' Semi-Auto-generated  - file aZRaiLPhp v1.0.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(433, 'Moroccan_Spamers_Ma_EditioN_By_GhOsT_php', 'JHMwID0gIjskc2Q5OD1cImpvaG4uYmFya2VyNDQ2QGdtYWlsLmNvbVwiIg==\nJHMxID0gInByaW50IFwiU2VuZGluZyBtYWlsIHRvICR0by4uLi4uLi4gXCI7Ig==\nJHMyID0gIjx0ZCBjb2xzcGFuPVwiMlwiIHdpZHRoPVwiNzE1XCIgYmFja2dyb3VuZD1cIi9zaW1wYXJ0cy9pbWFnZXMvY2VsbHBpYzEuZ2lmXCIgaGVpIg==\n', '1 of them', ' Semi-Auto-generated  - file Moroccan Spamers Ma-EditioN By GhOsT.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(434, 'zacosmall_php', 'JHMwID0gInJhbmQoMSw5OTk5OSk7JHNqOTgi\nJHMxID0gIiRkdW1wX2ZpbGUuPSdgJy4kcm93czJbMF0uJ2Ai\nJHMzID0gImZpbGVuYW1lPVxcXCJkdW1wX3skZGJfZHVtcH1fJHt0YWJsZV9kIg==\n', '2 of them', ' Semi-Auto-generated  - file zacosmall.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(436, 'simple_backdoor_php', 'JHMwID0gIiRjbWQgPSAoJF9SRVFVRVNUWydjbWQnXSk7Ig==\nJHMxID0gIjwhLS0gU2ltcGxlIFBIUCBiYWNrZG9vciBieSBESyAoaHR0cDovL21pY2hhZWxkYXcub3JnKSAtLT4i\nJHMyID0gIlVzYWdlOiBodHRwOi8vdGFyZ2V0LmNvbS9zaW1wbGUtYmFja2Rvb3IucGhwP2NtZD1jYXQrL2V0Yy9wYXNzd2Qi\n', '2 of them', ' Semi-Auto-generated  - file simple-backdoor.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(437, 'mysql_shell_php', 'JHMwID0gIlNvb01pbiBLaW0i\nJHMxID0gInNta2ltQHBvcGV5ZS5zbnUuYWMua3Ii\nJHMyID0gImVjaG8gXCI8dGQ+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1kZWxldGVEYXRhJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuIg==\n', '1 of them', ' Semi-Auto-generated  - file mysql_shell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(438, 'Dive_Shell_1_0___Emperor_Hacking_Team_php', 'JHMwID0gIkVtcGVyb3IgSGFja2luZyBURUFNIg==\nJHMxID0gIlNpbXNoZWxsIg==\nJHMyID0gImVyZWcoJ15bWzpibGFuazpdXSpjZFtbOmJsYW5rOl1dIg==\nJHMzID0gIjxmb3JtIG5hbWU9XCJzaGVsbFwiIGFjdGlvbj1cIjw/cGhwIGVjaG8gJF9TRVJWRVJbJ1BIUF9TRUxGJ10gPz5cIiBtZXRob2Q9XCJQT1NUIg==\n', '2 of them', ' Semi-Auto-generated  - file Dive Shell 1.0 - Emperor Hacking Team.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(439, 'Asmodeus_v0_1_pl', 'JHMwID0gIlt1cmw9aHR0cDovL3d3dy5nb3Zlcm5tZW50c2VjdXJpdHkub3JnIg==\nJHMxID0gInBlcmwgYXNtb2RldXMucGwgY2xpZW50IDY2NjYgMTI3LjAuMC4xIg==\nJHMyID0gInByaW50IFwiQXNtb2RldXMgUGVybCBSZW1vdGUgU2hlbGwi\nJHM0ID0gIiRpbnRlcm5ldF9hZGRyID0gaW5ldF9hdG9uKFwiJGhvc3RcIikgb3IgZGllIFwiQUxPQTokIVxcblwiOyI=\n', '2 of them', ' Semi-Auto-generated  - file Asmodeus v0.1.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(440, 'backup_php_often_with_c99shell', 'JHMwID0gIiNwaHBNeUFkbWluIE15U1FMLUR1bXAi\nJHMyID0gIjtkYl9jb25uZWN0KCk7aGVhZGVyKCdDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0c3RyIg==\nJHM0ID0gIiRkYXRhIC49IFwiI0RhdGFiYXNlOiAkZGF0YWJhc2Ui\n', 'all of them', ' Semi-Auto-generated  - file backup.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(442, 'phpshell17_php', 'JHMwID0gIjxpbnB1dCBuYW1lPVwic3VibWl0X2J0blwiIHR5cGU9XCJzdWJtaXRcIiB2YWx1ZT1cIkV4ZWN1dGUgQ29tbWFuZFwiPjwvcD4i\nJHMxID0gIjx0aXRsZT5bQURESVRJTkFMIFRJVFRMRV0tcGhwU2hlbGwgYnk6W1lPVVJOQU1FXTw/cGhwIGVjaG8gUEhQU0hFTExfVkVSU0lPTiA/PjwvIg==\nJHMyID0gImhyZWY9XCJtYWlsdG86IFtZT1UgQ0FOIEVOVEVSIFlPVVIgTUFJTCBIRVJFXS0gW0FERElUSU9OQUwgVEVYVF08L2E+PC9pPiI=\n', '1 of them', ' Semi-Auto-generated  - file phpshell17.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(443, 'myshell_php_php', 'JHMwID0gIkBjaGRpcigkd29ya19kaXIpIG9yICgkc2hlbGxPdXRwdXQgPSBcIk15U2hlbGw6IGNhbid0IGNoYW5nZSBkaXJlY3RvcnkuIg==\nJHMxID0gImVjaG8gXCI8Zm9udCBjb2xvcj0kbGlua0NvbG9yPjxiPk15U2hlbGwgZmlsZSBlZGl0b3I8L2ZvbnQ+IEZpbGU6PGZvbnQgY29sb3Ii\nJHMyID0gIiAkZmlsZUVkaXRJbmZvID0gXCImbmJzcDsmbmJzcDs6Ojo6Ojo6Jm5ic3A7Jm5ic3A7T3duZXI6IDxmb250IGNvbG9yPSQi\n', '2 of them', ' Semi-Auto-generated  - file myshell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(444, 'SimShell_1_0___Simorgh_Security_MGZ_php', 'JHMwID0gIlNpbW9yZ2ggU2VjdXJpdHkgTWFnYXppbmUgIg==\nJHMxID0gIlNpbXNoZWxsLmNzcyI=\nJHMyID0gIn0gZWxzZWlmIChlcmVnKCdeW1s6Ymxhbms6XV0qY2RbWzpibGFuazpdXSsoW147XSspJCcsICRfUkVRVUVTVFsnY29tbWFuZCddLCAi\nJHMzID0gInd3dy5zaW1vcmdoLWV2LmNvbSI=\n', '2 of them', ' Semi-Auto-generated  - file SimShell 1.0 - Simorgh Security MGZ.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(445, 'jspshall_jsp', 'JHMwID0gImtqMDIxMzIwIg==\nJHMxID0gImNhc2UgJ1QnOnN5c3RlbVRvb2xzKG91dCk7YnJlYWs7Ig==\nJHMyID0gIm91dC5wcmludGxuKFwiPHRyPjx0ZD5cIitpY28oNTApK2ZbaV0uZ2V0TmFtZSgpK1wiPC90ZD48dGQ+IGZpbGUi\n', '2 of them', ' Semi-Auto-generated  - file jspshall.jsp.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(446, 'webshell_php', 'JHMyID0gIjxkaWUoXCJDb3VsZG4ndCBSZWFkIGRpcmVjdG9yeSwgQmxvY2tlZCEhIVwiKTsi\nJHMzID0gIlBIUCBXZWIgU2hlbGwi\n', 'all of them', ' Semi-Auto-generated  - file webshell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(447, 'rootshell_php', 'JHMwID0gInNoZWxscy5kbC5hbSI=\nJHMxID0gIlRoaXMgc2VydmVyIGhhcyBiZWVuIGluZmVjdGVkIGJ5ICRvd25lciI=\nJHMyID0gIjxpbnB1dCB0eXBlPVwic3VibWl0XCIgdmFsdWU9XCJJbmNsdWRlIVwiIG5hbWU9XCJpbmNcIj48L3A+Ig==\nJHM0ID0gIkNvdWxkIG5vdCB3cml0ZSB0byBmaWxlISAoTWF5YmUgeW91IGRpZG4ndCBlbnRlciBhbnkgdGV4dD8pIg==\n', '2 of them', ' Semi-Auto-generated  - file rootshell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(448, 'connectback2_pl', 'JHMwID0gIiNXZSBBcmU6IE1hc3RlcktpZCwgQWxlWHV0eiwgRmF0TWFuICYgTWlLdVR1TCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIg==\nJHMxID0gImVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsIg==\nJHMyID0gIkNvbm5lY3RCYWNrIEJhY2tkb29yIg==\n', '1 of them', ' Semi-Auto-generated  - file connectback2.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(449, 'DefaceKeeper_0_2_php', 'JHMwID0gInRhcmdldCBmaTFlOjxicj48aW5wdXQgdHlwZT1cInRleHRcIiBuYW1lPVwidGFyZ2V0XCIgdmFsdWU9XCJpbmRleC5waHBcIj48L2JyPiI=\nJHMxID0gImV2YWwoYmFzZTY0X2RlY29kZShcIlpYWmhiQ2hpWVhObE5qUmZaR1ZqYjJSbEtDSmhWMlIxWWpOS2JGZ3pWbnBhV0VwbVdWZEtkbU51VVc5Ig==\nJHMyID0gIjxpbWcgc3JjPVwiaHR0cDovL3M0My5yYWRpa2FsLnJ1L2kxMDEvMTAwNC9kOC9jZWQxZjZiMmY1YTkucG5nXCIgYWxpZ249XCJjZW50ZXIi\n', '1 of them', ' Semi-Auto-generated  - file DefaceKeeper_0.2.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(450, 'shells_PHP_wso', 'JHMwID0gIiRiYWNrX2Nvbm5lY3RfcD1cIkl5RXZkWE55TDJKcGJpOXdaWEpzRFFwMWMyVWdVMjlqYTJWME93MEtKR2xoWkdSeVBXbHVaWFJmWVhSdmJpIg==\nJHMzID0gImVjaG8gJzxoMT5FeGVjdXRpb24gUEhQLWNvZGU8L2gxPjxkaXYgY2xhc3M9Y29udGVudD48Zm9ybSBuYW1lPXBmIG1ldGhvZD1wb3Mi\n', '1 of them', ' Semi-Auto-generated  - file wso.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(451, 'backdoor1_php', 'JHMxID0gImVjaG8gXCJbRElSXSA8QSBIUkVGPVxcXCJcIi4kX1NFUlZFUlsnUEhQX1NFTEYnXS5cIj9yZXA9XCIucmVhbHBhdGgoJHJlcC5cIi4uIg==\nJHMyID0gImNsYXNzIGJhY2tkb29yIHsi\nJHM0ID0gImVjaG8gXCI8YSBocmVmPVxcXCJcIi4kX1NFUlZFUlsnUEhQX1NFTEYnXS5cIj9jb3B5PTFcXFwiPkNvcGllciB1biBmaWNoaWVyPC9hPiA8Ig==\n', '1 of them', ' Semi-Auto-generated  - file backdoor1.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(454, 'DxShell_php_php', 'JHMwID0gInByaW50IFwiXFxuXCIuJ1RpcDogdG8gdmlldyB0aGUgZmlsZSBcImFzIGlzXCIgLSBvcGVuIHRoZSBwYWdlIGluIDxhIGhyZWY9XCInLkR4Ig==\nJHMyID0gInByaW50IFwiXFxuXCIuJzx0cj48dGQgd2lkdGg9MTAwcHQgY2xhc3M9bGluZWxpc3Rpbmc+PG5vYnI+UE9TVCAocGhwIGV2YWwpPC90ZD48Ig==\n', '1 of them', ' Semi-Auto-generated  - file DxShell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(455, 's72_Shell_v1_1_Coding_html', 'JHMwID0gIkRpemluPC9mb250PjwvYj48L2ZvbnQ+PGZvbnQgZmFjZT1cIlZlcmRhbmFcIiBzdHlsZT1cImZvbnQtc2l6ZTogOHB0XCI+PCI=\nJHMxID0gInM3MiBTaGVsbCB2MS4wIENvZGluZiBieSBDckB6eV9LaW5nIg==\nJHMzID0gImVjaG8gXCI8cCBhbGlnbj1jZW50ZXI+RG9zeWEgWmF0ZW4gQnVsdW51eW9yPC9wPlwiIg==\n', '1 of them', ' Semi-Auto-generated  - file s72 Shell v1.1 Coding.html.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(456, 'hidshell_php_php', 'JHMwID0gIjw/JGQ9J0c3bUhXUTl2dlhpTC9RWDJvWjJWVERwbzZnM0ZZQWE2WCs4RE1JemNEMGVIWmFCWkg3akZwWnpVejdYTmVueFNZdkJQMld5MzZVIg==\n', 'all of them', ' Semi-Auto-generated  - file hidshell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(458, 'PHP_Backdoor_Connect_pl_php', 'JHMwID0gIkxvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFIg==\nJHMxID0gIkxvckQtQzBkM3ItTlQi\nJHMyID0gImVjaG8gLS09PVVzZXJpbmZvPT0tLSA7Ig==\n', '1 of them', ' Semi-Auto-generated  - file PHP Backdoor Connect.pl.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(459, 'Antichat_Socks5_Server_php_php', 'JHMwID0gIiRwb3J0ID0gYmFzZV9jb252ZXJ0KGJpbjJoZXgoc3Vic3RyKCRyZXFtZXNzYWdlWyRpZF0sIDMrJHJlcWxlbisxLCAyKSksIDE2LCAxMCk7Ig==\nJHMzID0gIiMgICBbK10gRG9tYWluIG5hbWUgYWRkcmVzcyB0eXBlIg==\nJHM0ID0gInd3dy5hbnRpY2hhdC5ydSI=\n', '1 of them', ' Semi-Auto-generated  - file Antichat Socks5 Server.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(460, 'Antichat_Shell_v1_3_php', 'JHMwID0gIkFudGljaGF0Ig==\nJHMxID0gIkNhbid0IG9wZW4gZmlsZSwgcGVybWlzc2lvbiBkZW5pZGUi\nJHMyID0gIiRyYTQ0Ig==\n', '2 of them', ' Semi-Auto-generated  - file Antichat Shell v1.3.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(461, 'Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php', 'JHMwID0gIldlbGNvbWUuLiBCeSBUaGlzIHNjcmlwdCB5b3UgY2FuIGp1bXAgaW4gdGhlIChTYWZlIE1vZGU9T04pIC4uIEVuam95Ig==\nJHMxID0gIk1vZGUgU2hlbGwgdjEuMDwvZm9udD48L3NwYW4+Ig==\nJHMyID0gImhhcyBiZWVuIGFscmVhZHkgbG9hZGVkLiBQSFAgRW1wZXJvciA8eGI1QGhvdG1haWwuIg==\n', '1 of them', ' Semi-Auto-generated  - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(462, 'mysql_php_php', 'JHMwID0gImFjdGlvbj1teXNxbHJlYWQmbWFzcz1sb2FkbWFzc1wiPmxvYWQgYWxsIGRlZmF1bHRzIg==\nJHMyID0gImlmIChAcGFzc3RocnUoJGNtZCkpIHsgZWNobyBcIiAtLT5cIjsgJHRoaXMtPm91dHB1dF9zdGF0ZSgxLCBcInBhc3N0aHJ1Ig==\nJHMzID0gIiRyYTQ0ICA9IHJhbmQoMSw5OTk5OSk7JHNqOTggPSBcInNoLSRyYTQ0XCI7JG1sID0gXCIkc2Q5OFwiOyRhNSA9ICI=\n', '1 of them', ' Semi-Auto-generated  - file mysql.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(463, 'Worse_Linux_Shell_php', 'JHMxID0gInByaW50IFwiPHRyPjx0ZD48Yj5TZXJ2ZXIgaXM6PC9iPjwvdGQ+PHRkPlwiLiRfU0VSVkVSWydTRVJWRVJfU0lHTkFUVVJFJ10uXCI8L3RkIg==\nJHMyID0gInByaW50IFwiPHRyPjx0ZD48Yj5FeGVjdXRlIGNvbW1hbmQ6PC9iPjwvdGQ+PHRkPjxpbnB1dCBzaXplPTEwMCBuYW1lPVxcXCJfY21kIg==\n', '1 of them', ' Semi-Auto-generated  - file Worse Linux Shell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(464, 'cyberlords_sql_php_php', 'JHMwID0gIkNvZGVkIGJ5IG4wIFtuWmVyMF0i\nJHMxID0gIiB3d3cuY3liZXJsb3Jkcy5uZXQi\nJHMyID0gIlUyOW1kSGRoY21VQVFXUnZZbVVnU1cxaFoyVlNaV0ZrZVhISlpUd0FBQUFNVUV4VVJmLy8vd0FBQUptWnpBQUFBQ0pvVVJrQUFBQUUi\nJHMzID0gInJldHVybiBcIjxCUj5EdW1wIGVycm9yISBDYW4ndCB3cml0ZSB0byBcIi5odG1sc3BlY2lhbGNoYXJzKCRmaWxlKTsi\n', '1 of them', ' Semi-Auto-generated  - file cyberlords_sql.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(466, 'pws_php_php', 'JHMwID0gIjxkaXYgYWxpZ249XCJsZWZ0XCI+PGZvbnQgc2l6ZT1cIjFcIj5JbnB1dCBjb21tYW5kIDo8L2ZvbnQ+PC9kaXY+Ig==\nJHMxID0gIjxpbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCJjbWRcIiBzaXplPVwiMzBcIiBjbGFzcz1cImlucHV0XCI+PGJyPiI=\nJHM0ID0gIjxpbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCJkaXJcIiBzaXplPVwiMzBcIiB2YWx1ZT1cIjw/IHBhc3N0aHJ1KFwicHdkXCIpOyA/PiI=\n', '2 of them', ' Semi-Auto-generated  - file pws.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(467, 'PHP_Shell_php_php', 'JHMwID0gImVjaG8gXCI8L2Zvcm0+PGZvcm0gYWN0aW9uPVxcXCIkU0ZpbGVOYW1lPyR1cmxBZGRcXFwiIG1ldGhvZD1cXFwicG9zdFxcXCI+PGlucHV0Ig==\nJHMxID0gImVjaG8gXCI8Zm9ybSBhY3Rpb249XFxcIiRTRmlsZU5hbWU/JHVybEFkZFxcXCIgbWV0aG9kPVxcXCJQT1NUXFxcIj48aW5wdXQgdHlwZT0i\n', 'all of them', ' Semi-Auto-generated  - file PHP Shell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(468, 'Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html', 'JHMwID0gIkF5eWlsZGl6Ig==\nJHMxID0gIlRvdUNoIEJ5IGlKT28i\nJHMyID0gIkZpcnN0IHdlIGNoZWNrIGlmIHRoZXJlIGhhcyBiZWVuIGFza2VkIGZvciBhIHdvcmtpbmcgZGlyZWN0b3J5Ig==\nJHMzID0gImh0dHA6Ly9heXlpbGRpei5vcmcvaW1hZ2VzL3dob3NvbmxpbmUyLmdpZiI=\n', '2 of them', ' Semi-Auto-generated  - file Ayyildiz Tim  -AYT- Shell v 2.1 Biz.html.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(470, 'lamashell_php', 'JHMwID0gImxhbWEncydoZWxsIg==\nJHMxID0gImlmKCRfUE9TVFsna2luZyddID09IFwiXCIpIHsi\nJHMyID0gImlmIChtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1snZmlsYSddWyd0bXBfbmFtZSddLCAkY3VyZGlyLlwiL1wiLiRfRklMRVNbJ2Yi\n', '1 of them', ' Semi-Auto-generated  - file lamashell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(471, 'Ajax_PHP_Command_Shell_php', 'JHMxID0gIm5ld2h0bWwgPSAnPGI+RmlsZSBicm93c2VyIGlzIHVuZGVyIGNvbnN0cnVjdGlvbiEgVXNlIGF0IHlvdXIgb3duIHJpc2shPC9iPiA8YnI+Ig==\nJHMyID0gIkVtcHR5IENvbW1hbmQuLnR5cGUgXFxcInNoZWxsaGVscFxcXCIgZm9yIHNvbWUgZWhoLi4uaGVscCI=\nJHMzID0gIm5ld2h0bWwgPSAnPGZvbnQgc2l6ZT0wPjxiPlRoaXMgd2lsbCByZWxvYWQgdGhlIHBhZ2UuLi4gOig8L2I+PGJyPjxicj48Zm9ybSBlbmN0Ig==\n', '1 of them', ' Semi-Auto-generated  - file Ajax_PHP Command Shell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(472, 'JspWebshell_1_2_jsp', 'JHMwID0gIkpzcFdlYnNoZWxsIg==\nJHMxID0gIkNyZWF0ZUFuZERlbGV0ZUZvbGRlciBpcyBlcnJvcjoi\nJHMyID0gIjx0ZCB3aWR0aD1cIjcwJVwiIGhlaWdodD1cIjIyXCI+Jm5ic3A7PCU9ZW52LnF1ZXJ5SGFzaHRhYmxlKFwiamF2YS5jIg==\nJHMzID0gIlN0cmluZyBfcGFzc3dvcmQgPVwiMTExXCI7Ig==\n', '2 of them', ' Semi-Auto-generated  - file JspWebshell 1.2.jsp.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(473, 'Sincap_php_php', 'JHMwID0gIiRiYWdsYW49Zm9wZW4oXCIvdG1wLyRla2luY2lcIiwncicpOyI=\nJHMyID0gIiR0YW1wb240PSR0YW1wb24zLTEi\nJHMzID0gIkBhdmVudGdydXAubmV0Ig==\n', '2 of them', ' Semi-Auto-generated  - file Sincap.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(474, 'Test_php_php', 'JHMwID0gIiR5YXppID0gXCJ0ZXN0XCIgLiBcIlxcclxcblwiOyI=\nJHMyID0gImZ3cml0ZSAoJGZwLCBcIiR5YXppXCIpOyI=\nJHMzID0gIiRlbnRyeV9saW5lPVwiSEFDS2VkIGJ5IEVudHJpS2FcIjsi\n', '1 of them', ' Semi-Auto-generated  - file Test.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(475, 'Phyton_Shell_py', 'JHMxID0gInNoX291dD1vcy5wb3BlbihTSEVMTCtcIiBcIitjbWQpLnJlYWRsaW5lcygpIg==\nJHMyID0gIiMgICBkMDByLnB5IDAuM2EgKHJldmVyc2V8YmluZCktc2hlbGwgaW4gcHl0aG9uIGJ5IGZRIg==\nJHMzID0gInByaW50IFwiZXJyb3I7IGhlbHA6IGhlYWQgLW4gMTYgZDAwci5weVwiIg==\nJHM0ID0gInByaW50IFwiUFc6XCIsUFcsXCJQT1JUOlwiLFBPUlQsXCJIT1NUOlwiLEhPU1Qi\n', '1 of them', ' Semi-Auto-generated  - file Phyton Shell.py.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(476, 'mysql_tool_php_php', 'JHMwID0gIiRlcnJvcl90ZXh0ID0gJzxzdHJvbmc+RmFpbGVkIHNlbGVjdGluZyBkYXRhYmFzZSBcIicuJHRoaXMtPmRiWyci\nJHMxID0gIiRyYTQ0ICA9IHJhbmQoMSw5OTk5OSk7JHNqOTggPSBcInNoLSRyYTQ0XCI7JG1sID0gXCIkc2Q5OFwiOyRhNSA9ICRfU0VSViI=\nJHM0ID0gIjxkaXYgYWxpZ249XCJjZW50ZXJcIj5UaGUgYmFja3VwIHByb2Nlc3MgaGFzIG5vdyBzdGFydGVkPGJyICI=\n', '1 of them', ' Semi-Auto-generated  - file mysql_tool.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(478, 'sh_php_php', 'JHMxID0gIiRhcl9maWxlPWFycmF5KCcvZXRjL3Bhc3N3ZCcsJy9ldGMvc2hhZG93JywnL2V0Yy9tYXN0ZXIucGFzc3dkJywnL2V0Yy9mc3RhYicsJy9lIg==\nJHMyID0gIlNob3cgPGlucHV0IHR5cGU9dGV4dCBzaXplPTUgdmFsdWU9XCIuKChpc3NldCgkX1BPU1RbJ2JyX3N0J10pKT8kX1BPU1RbJ2JyX3N0J106Ig==\n', '1 of them', ' Semi-Auto-generated  - file sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(479, 'phpbackdoor15_php', 'JHMxID0gImVjaG8gXCJmaWNoaWVyIHRlbGVjaGFyZ2UgZGFucyBcIi5nb29kX2xpbmsoXCIuL1wiLiRfRklMRVNbXCJmaWNcIl1bXCJuYSI=\nJHMyID0gImlmKG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTW1wiZmljXCJdW1widG1wX25hbWVcIl0sZ29vZF9saW5rKFwiLi9cIi4kX0ZJIg==\nJHMzID0gImVjaG8gXCJDbGlxdWV6IHN1ciB1biBub20gZGUgZmljaGllciBwb3VyIGxhbmNlciBzb24gdGVsZWNoYXJnZW1lbnQuIENsaXF1ZXogcyI=\n', '1 of them', ' Semi-Auto-generated  - file phpbackdoor15.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(480, 'phpjackal_php', 'JHMzID0gIiRkbD0kX1JFUVVFU1RbJ2Rvd25sb2FEJ107Ig==\nJHM0ID0gImVsc2Ugc2hlbEwoXCJwZXJsLmV4ZSAkbmFtZSAkcG9ydFwiKTsi\n', '1 of them', ' Semi-Auto-generated  - file phpjackal.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(481, 'sql_php_php', 'JHMxID0gImZwdXRzICgkZnAsIFwiIyBSU1QgTXlTUUwgdG9vbHNcXHJcXG4jIEhvbWUgcGFnZTogaHR0cDovL3JzdC52b2lkLnJ1XFxyXFxuIyI=\nJHMyID0gImh0dHA6Ly9yc3Qudm9pZC5ydSI=\nJHMzID0gInByaW50IFwiPGEgaHJlZj1cXFwiJF9TRVJWRVJbUEhQX1NFTEZdP3M9JHMmbG9naW49JGxvZ2luJnBhc3N3ZD0kcGFzc3dkJiI=\n', '1 of them', ' Semi-Auto-generated  - file sql.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(482, 'cgi_python_py', 'JHMwID0gImEgQ0dJIGJ5IEZ1enp5bWFuIg==\nJHMxID0gIlwiXCJcIitmb250bGluZSArXCJWZXJzaW9uIDogXCIgKyB2ZXJzaW9uc3RyaW5nICsgXCJcIlwiLCBSdW5uaW5nIG9uIDogXCJcIlwiICsgIg==\nJHMyID0gInZhbHVlcyA9IG1hcChsYW1iZGEgeDogeC52YWx1ZSwgdGhlZm9ybVtmaWVsZF0pICAgICAjIGFsbG93cyBmb3Ii\n', '1 of them', ' Semi-Auto-generated  - file cgi-python.py.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(483, 'ru24_post_sh_php_php', 'JHMxID0gIjx0aXRsZT5SdTI0UG9zdFdlYlNoZWxsIC0gXCIuJF9QT1NUWydjbWQnXS5cIjwvdGl0bGU+Ig==\nJHMzID0gImlmICgoISRfUE9TVFsnY21kJ10pIHx8ICgkX1BPU1RbJ2NtZCddPT1cIlwiKSkgeyAkX1BPU1RbJ2NtZCddPVwiaWQ7cHdkO3VuYW1lIC1hIg==\nJHM0ID0gIldyaXRlZCBieSBEcmVBbWVSeiI=\n', '1 of them', ' Semi-Auto-generated  - file ru24_post_sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(484, 'DTool_Pro_php', 'JHMwID0gInIzdjNuZzRuc1xcbkRpZ2l0ZSI=\nJHMxID0gImlmKCFAb3BlbmRpcigkY2hkaXIpKSAkY2hfbXNnPVwiZHRvb2w6IGxpbmUgMTogY2hkaXI6IEl0IHNlZW1zIHRoYXQgdGhlIHBlcm1pc3NpIg==\nJHMzID0gImlmIChlbXB0eSgkY21kKSBhbmQgJGNoX21zZz09XCJcIikgZWNobyAoXCJDb21hbmRvcyBFeGNsdXNpdm9zIGRvIERUb29sIFByb1xcbiI=\n', '1 of them', ' Semi-Auto-generated  - file DTool Pro.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(485, 'telnetd_pl', 'JHMwID0gIjBsZFcwbGYi\nJHMxID0gIkhvd2V2ZXIgeW91IGFyZSBsdWNreSA6UCI=\nJHMyID0gIkknbSBGdUNLZUQi\nJHMzID0gImlvY3RsKCRDTElFTlR7JGNsaWVudH0tPntzaGVsbH0sICZUSU9DU1dJTlNaLCAkd2luc2l6ZSk7IyI=\nJHM0ID0gImF0cml4QGlyYy5icmFzbmV0Lm9yZyI=\n', '1 of them', ' Semi-Auto-generated  - file telnetd.pl.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(486, 'php_include_w_shell_php', 'JHMwID0gIiRkYXRhb3V0IC49IFwiPHRkPjxhIGhyZWY9JyRNeUxvYz8kU1JFUSZpbmNkYmhvc3Q9JG15aG9zdCZpbmNkYnVzZXI9JG15dXNlciZpbmNkIg==\nJHMxID0gImlmKCRydW4gPT0gMSAmJiAkcGhwc2hlbGxhcHAgJiYgJHBocHNoZWxsaG9zdCAmJiAkcGhwc2hlbGxwb3J0KSAkc3RyT3V0cHV0IC49IERCIg==\n', '1 of them', ' Semi-Auto-generated  - file php-include-w-shell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(487, 'Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php', 'JHMwID0gIlNhZmUwdmVyIg==\nJHMxID0gIlNjcmlwdCBHZWNpc2kgVGFtYW1sYXlhbWFkaSEi\nJHMyID0gImRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCclM0MlNjglNzQlNkQlNkMlM0UlM0MlNjIlNkYlNjQlNzklM0UlM0MlNTMlNDMlNTIlNDklNTAlIg==\n', '1 of them', ' Semi-Auto-generated  - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(488, 'shell_php_php', 'JHMxID0gIi8qIFdlIGhhdmUgZm91bmQgdGhlIHBhcmVudCBkaXIuIFdlIG11c3QgYmUgY2FyZWZ1bGwgaWYgdGhlIHBhcmVudCAi\nJHMyID0gIiR0bXBmaWxlID0gdGVtcG5hbSgnL3RtcCcsICdwaHBzaGVsbCcpOyI=\nJHMzID0gImlmIChlcmVnKCdeW1s6Ymxhbms6XV0qY2RbWzpibGFuazpdXSsoW147XSspJCcsICRjb21tYW5kLCAkcmVncykpIHsi\n', '1 of them', ' Semi-Auto-generated  - file shell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(489, 'telnet_cgi', 'JHMwID0gInd3dy5yb2hpdGFiLmNvbSI=\nJHMxID0gIlcgQSBSIE4gSSBOIEc6IFByaXZhdGUgU2VydmVyIg==\nJHMyID0gInByaW50IFwiU2V0LUNvb2tpZTogU0FWRURQV0Q9O1xcblwiOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUi\nJHMzID0gIiRQcm9tcHQgPSAkV2luTlQgPyBcIiRDdXJyZW50RGlyPiBcIiA6IFwiW2FkbWluXFxAJFNlcnZlck5hbWUgJEMi\n', '1 of them', ' Semi-Auto-generated  - file telnet.cgi.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(490, 'ironshell_php', 'JHMwID0gInd3dy5pcm9ud2FyZXouaW5mbyI=\nJHMxID0gIiRjb29raWVuYW1lID0gXCJ3aWVlZWVlXCI7Ig==\nJHMyID0gIn4gU2hlbGwgSSI=\nJHMzID0gInd3dy5yb290c2hlbGwtdGVhbS5pbmZvIg==\nJHM0ID0gInNldGNvb2tpZSgkY29va2llbmFtZSwgJF9QT1NUWydwYXNzJ10sIHRpbWUoKSszNjAwKTsi\n', '1 of them', ' Semi-Auto-generated  - file ironshell.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(491, 'backdoorfr_php', 'JHMxID0gInd3dy52aWN0aW1lLmNvbS9pbmRleC5waHA/cGFnZT1odHRwOi8vZW1wbGFjZW1lbnRfZGVfbGFfYmFja2Rvb3IucGhwICwgb3UgZW4gdGFuIg==\nJHMyID0gInByaW50KFwiPGJyPlByb3ZlbmFuY2UgZHUgbWFpbCA6IDxpbnB1dCB0eXBlPVxcXCJ0ZXh0XFxcIiBuYW1lPVxcXCJwcm92ZW5hbmMi\n', '1 of them', ' Semi-Auto-generated  - file backdoorfr.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(493, 'cmdjsp_jsp', 'JHMwID0gIi8vIG5vdGUgdGhhdCBsaW51eCA9IGNtZCBhbmQgd2luZG93cyA9IFwiY21kLmV4ZSAvYyArIGNtZFwiICI=\nJHMxID0gIlByb2Nlc3MgcCA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMoXCJjbWQuZXhlIC9DIFwiICsgY21kKTsi\nJHMyID0gImNtZGpzcC5qc3Ai\nJHMzID0gIm1pY2hhZWxkYXcub3JnIg==\n', '2 of them', ' Semi-Auto-generated  - file cmdjsp.jsp.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(494, 'h4ntu_shell__powered_by_tsoi_', 'JHMwID0gImg0bnR1IHNoZWxsIg==\nJHMxID0gInN5c3RlbShcIiRjbWQgMT4gL3RtcC9jbWR0ZW1wIDI+JjE7IGNhdCAvdG1wL2NtZHRlbXA7IHJtIC90bXAvY21kdGVtcFwiKTsi\n', '1 of them', ' Semi-Auto-generated  - file h4ntu shell [powered by tsoi].txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(496, 'PHANTASMA_php', 'JHMwID0gIj5bKl0gU2FmZW1vZGUgTW9kZSBSdW48L0RJVj4i\nJHMxID0gIiRmaWxlMSAtICRmaWxlMiAtIDxhIGhyZWY9JFNDUklQVF9OQU1FPyRRVUVSWV9TVFJJTkcmc2VlPSRmaWxlPiRmaWxlPC9hPjxicj4i\nJHMyID0gIlsqXSBTcGF3bmluZyBTaGVsbCI=\nJHMzID0gIkNoYTBzIg==\n', '2 of them', ' Semi-Auto-generated  - file PHANTASMA.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(497, 'MySQL_Web_Interface_Version_0_8_php', 'JHMwID0gIlNvb01pbiBLaW0i\nJHMxID0gImh0dHA6Ly9wb3BleWUuc251LmFjLmtyL35zbWtpbS9teXNxbCI=\nJHMyID0gImhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZHJvcEZpZWxkJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lIg==\nJHMzID0gIjx0aD5UeXBlPC90aD48dGg+Jm5ic3BNJm5ic3A8L3RoPjx0aD4mbmJzcEQmbmJzcDwvdGg+PHRoPnVuc2lnbmVkPC90aD48dGg+emVyb2ZpIg==\n', '2 of them', ' Semi-Auto-generated  - file MySQL Web Interface Version 0.8.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(498, 'simple_cmd_html', 'JHMxID0gIjx0aXRsZT5HLVNlY3VyaXR5IFdlYnNoZWxsPC90aXRsZT4i\nJHMyID0gIjxpbnB1dCB0eXBlPVRFWFQgbmFtZT1cIi1jbWRcIiBzaXplPTY0IHZhbHVlPVwiPD89JGNtZD8+XCIgIg==\nJHMzID0gIjw/IGlmKCRjbWQgIT0gXCJcIikgcHJpbnQgU2hlbGxfRXhlYygkY21kKTs/PiI=\nJHM0ID0gIjw/ICRjbWQgPSAkX1JFUVVFU1RbXCItY21kXCJdOz8+Ig==\n', 'all of them', ' Semi-Auto-generated  - file simple_cmd.html.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(499, 'multiple_webshells_0001', 'JHMwID0gImVjaG8gXCI8Yj5DaGFuZ2luZyBmaWxlLW1vZGUgKFwiLiRkLiRmLlwiKSwgXCIudmlld19wZXJtc19jb2xvcigkZC4kZikuXCIgKFwiIg==\nJHMzID0gImVjaG8gXCI8dGQ+Jm5ic3A7PGEgaHJlZj1cXFwiXCIuJHNxbF9zdXJsLlwic3FsX2FjdD1xdWVyeSZzcWxfcXVlcnk9XCIudXIi\n', '1 of them', ' Semi-Auto-generated  - from files 1.txt, c2007.php.php.txt, c100.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(500, 'multiple_webshells_0002', 'JHMwID0gIjx0cj48Zm9ybSBtZXRob2Q9cG9zdD48dGQ+PGZvbnQgY29sb3I9cmVkPjxiPkJhY2sgY29ubmVjdDo8L2I+PC9mb250PjwvdGQ+PHRkPjxpIg==\nJHMxID0gIiRwZXJsX3Byb3h5X3NjcCA9IFwiSXlFdmRYTnlMMkpwYmk5d1pYSnNJQ0FOQ2lNaEwzVnpjaTkxYzJNdmNHVnliQzgxTGpBd05DOWlhVzR2Ig==\nJHMyID0gIjx0cj48Zm9ybSBtZXRob2Q9cG9zdD48dGQ+PGZvbnQgY29sb3I9cmVkPjxiPkJhY2tkb29yOjwvYj48L2ZvbnQ+PC90ZD48dGQ+PGlucHV0Ig==\n', '1 of them', ' Semi-Auto-generated  - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(501, 'multiple_webshells_0003', 'JHMwID0gIi50ZXh0Ym94IHsgYmFja2dyb3VuZDogV2hpdGU7IGJvcmRlcjogMXB4ICMwMDAwMDAgc29saWQ7IGNvbG9yOiAjMDAwMDk5OyBmb250LWZhIg==\nJHMyID0gIjxpbnB1dCBjbGFzcz0naW5wdXRib3gnIHR5cGU9J3RleHQnIG5hbWU9J3Bhc3NfZGUnIHNpemU9NTAgb25jbGljaz10aGlzLnZhbHVlPScnIg==\n', 'all of them', ' Semi-Auto-generated  - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(502, 'multiple_webshells_0004', 'JHMyID0gImVjaG8gXCI8aHIgc2l6ZT1cXFwiMVxcXCIgbm9zaGFkZT48Yj5Eb25lITwvYj48YnI+VG90YWwgdGltZSAoc2Vjcy4pOiBcIi4kZnQi\nJHMzID0gIiRmcWJfbG9nIC49IFwiXFxyXFxuLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXFxyXFxuRG9uZSFcXHIi\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(503, 'multiple_webshells_0005', 'JHMyID0gIidlbmdfdGV4dDcxJz0+XCJTZWNvbmQgY29tbWFuZHMgcGFyYW0gaXM6XFxyXFxuLSBmb3IgQ0hPV04gLSBuYW1lIG9mIG5ldyBvd25lciBvIg==\nJHM0ID0gImlmKCFlbXB0eSgkX1BPU1RbJ3NfbWFzayddKSAmJiAhZW1wdHkoJF9QT1NUWydtJ10pKSB7ICRzciA9IG5ldyBTZWFyY2hSZXN1bHQi\n', '1 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(504, 'multiple_webshells_0006', 'JHMwID0gIlwiQUFBQUFDSDVCQUVBQUFrQUxBQUFBQUFVQUJRQUFBUjBNTWxKcXl6RmFscUVRSnVHRVFTQ25XZzZGb2dwa0hBTUY0SEFKc1doNy96ZVwiIg==\nJHMyID0gIlwibVRQL3pEUC8vMllBQUdZQU0yWUFabVlBbVdZQXpHWUEvMll6QUdZek0yWXpabVl6bVdZenpHWXovMlptQUdabU0yWm1abVptbVdabVwiIg==\nJHM0ID0gIlwiUjBsR09EbGhGQUFVQUtML0FQLzQvOERBd0g5L0FQLzRBTCsvdndBQUFBQUFBQUFBQUNINUJBRUFBQUVBTEFBQUFBQVVBQlFBUUFNb1wiIg==\n', '2 of them', ' Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt, ctt_sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(505, 'multiple_webshells_0007', 'JHMyID0gImVjaG8gJHRlLlwiPGRpdiBhbGlnbj1jZW50ZXI+PHRleHRhcmVhIGNvbHM9MzUgbmFtZT1kYl9xdWVyeT5cIi4oIWVtcHR5KCRfUE9TVFsnIg==\nJHMzID0gImVjaG8gc3IoNDUsXCI8Yj5cIi4kbGFuZ1skbGFuZ3VhZ2UuJ190ZXh0ODAnXS4kYXJyb3cuXCI8L2I+XCIsXCI8c2VsZWN0IG5hbWU9ZGI+Ig==\n', '1 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(506, 'multiple_webshells_0008', 'JHMwID0gIiAgaWYgKCRjb3B5X3Vuc2V0KSB7Zm9yZWFjaCgkc2Vzc19kYXRhW1wiY29weVwiXSBhcyAkaz0+JHYpIHt1bnNldCgkc2Vzc19kYXRhW1wiIg==\nJHMxID0gIiAgaWYgKGZpbGVfZXhpc3RzKCRta2ZpbGUpKSB7ZWNobyBcIjxiPk1ha2UgRmlsZSBcXFwiXCIuaHRtbHNwZWNpYWxjaGFycygkbWtmaWxlIg==\nJHMyID0gIiAgZWNobyBcIjxjZW50ZXI+PGI+TXlTUUwgXCIubXlzcWxfZ2V0X3NlcnZlcl9pbmZvKCkuXCIgKHByb3RvIHYuXCIubXlzcWxfZ2V0X3ByIg==\nJHMzID0gIiAgZWxzZWlmICghZm9wZW4oJG1rZmlsZSxcIndcIikpIHtlY2hvIFwiPGI+TWFrZSBGaWxlIFxcXCJcIi5odG1sc3BlY2lhbGNoYXJzKCRtIg==\n', 'all of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt, SpecialShell_99.php.php.txt, ctt_sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(507, 'multiple_webshells_0009', 'JHMwID0gIiRzZXNzX2RhdGFbXCJjdXRcIl0gPSBhcnJheSgpOyBjOTlfcyI=\nJHMzID0gImlmICgoIWVyZWdpKFwiaHR0cDovL1wiLCR1cGxvYWR1cmwpKSBhbmQgKCFlcmVnaShcImh0dHBzOi8vXCIsJHVwbG9hZHVybCkpIg==\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(508, 'multiple_webshells_0010', 'JHMwID0gIlwiPHRkPiZuYnNwOzxhIGhyZWY9XFxcIlwiLiRzcWxfc3VybC5cInNxbF9hY3Q9cXVlcnkmc3FsX3F1ZXJ5PVwiLnVyIg==\nJHMyID0gImM5OXNoX3NxbHF1ZXJ5Ig==\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(509, 'multiple_webshells_0011', 'JHMwID0gImVsc2UgeyRhY3QgPSBcImZcIjsgJGQgPSBkaXJuYW1lKCRta2ZpbGUpOyBpZiAoc3Vic3RyKCRkLC0xKSAhPSBESVJFQ1RPUllfU0VQQSI=\nJHMzID0gImVsc2Uge2VjaG8gXCI8Yj5GaWxlIFxcXCJcIi4kc3FsX2dldGZpbGUuXCJcXFwiOjwvYj48YnI+XCIubmwyYnIoaHRtbHNwZWMi\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, SsEs.php.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(510, 'multiple_webshells_0012', 'JHMwID0gImVjaG8gc3IoMTUsXCI8Yj5cIi4kbGFuZ1skbGFuZ3VhZ2UuJ190ZXh0Ig==\nJHMxID0gIi4kYXJyb3cuXCI8L2I+XCIsaW4oJ3RleHQnLCci\n', '2 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(511, 'multiple_webshells_0013', 'JHMwID0gIidydV90ZXh0OScgPT4nPz8/Pz8/Pz8gPz8/Pz8gPyA/Pz8/Pz8/PyA/Pz8gPyAvYmluL2Jhc2gnLCI=\nJHMxID0gIiRuYW1lPSdlYzM3MTc0OGRjMmRhNjI0YjM1YTRmOGY2ODVkZDEyMici\nJHMyID0gInJzdC52b2lkLnJ1Ig==\n', '3 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(512, 'multiple_webshells_0014', 'JHMwID0gImVjaG8gd3MoMikuJGxiLlwiIDxhIg==\nJHMxID0gIiRzcWwgPSBcIkxPQUQgREFUQSBJTkZJTEUgXFxcIlwiLiRfUE9TVFsndGVzdDNfZmlsZSddIg==\nJHMzID0gImlmIChlbXB0eSgkX1BPU1RbJ2NtZCddKSYmISRzYWZlX21vZGUpIHsgJF9QT1NUWydjbWQnXT0oJHdpbmRvd3MpPyhcImRpclwiKTooXCJsIg==\n', '2 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(513, 'multiple_webshells_0015', 'JHMwID0gImlmKGVyZWdpKFwiLi9zaGJkICRwb3JcIiwkc2NhbikpIg==\nJHMxID0gIiRfUE9TVFsnYmFja2Nvbm5lY3RpcCddIg==\nJHMyID0gIiRfUE9TVFsnYmFja2Njb25ubXNnJ10i\n', '1 of them', ' Semi-Auto-generated  - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(514, 'multiple_webshells_0016', 'JHMxID0gImlmKHJtZGlyKCRfUE9TVFsnbWtfbmFtZSddKSki\nJHMyID0gIiRyIC49ICc8dHI+PHRkPicud3MoMykuJzxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yPjxiPicuJGtleS4nPC9iPjwvZm9udD48L3RkPiI=\nJHMzID0gImlmKHVubGluaygkX1BPU1RbJ21rX25hbWUnXSkpIGVjaG8gXCI8dGFibGUgd2lkdGg9MTAwJSBjZWxscGFkZGluZz0wIGNlbGwi\n', '2 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(515, 'multiple_webshells_0017', 'JHMwID0gIlwiZXh0X2F2aVwiPT5hcnJheShcImV4dF9hdmlcIixcImV4dF9tb3ZcIixcImV4dF9tdmki\nJHMxID0gImVjaG8gXCI8Yj5FeGVjdXRlIGZpbGU6PC9iPjxmb3JtIGFjdGlvbj1cXFwiXCIuJHN1cmwuXCJcXFwiIG1ldGhvZD1QT1NUPjxpbnB1Ig==\nJHMyID0gIlwiZXh0X2h0YWNjZXNzXCI9PmFycmF5KFwiZXh0X2h0YWNjZXNzXCIsXCJleHRfaHRwYXNzd2Qi\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, wacking.php.php.txt, SsEs.php.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(516, 'multiple_webshells_0018', 'JHMwID0gInJldHVybiAkdHlwZSAuICRvd25lciAuICRncm91cCAuICRvdGhlcjsi\nJHMxID0gIiRvd25lciAgPSAoJG1vZGUgJiAwMDQwMCkgPyAncicgOiAnLSc7Ig==\n', 'all of them', ' Semi-Auto-generated  - from files webadmin.php.php.txt, iMHaPFtp.php.php.txt, Private-i3lue.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(517, 'multiple_php_webshells', 'JHMwID0gImtWeWNtOXlPaUFrSVZ4dUlpazdEUXBqYjI1dVpXTjBLRk5QUTB0RlZDd2dKSEJoWkdSeUtTQjhmQ0JrYVdVb0lrVnljbTl5T2lBa0lWeHVJIg==\nJHMyID0gInNOQ2lSd2NtOTBiejFuWlhSd2NtOTBiMko1Ym1GdFpTZ25kR053SnlrN0RRcHpiMk5yWlhRb1UwOURTMFZVTENCUVJsOUpUa1ZVTENCVFQwIg==\nJHM0ID0gIkE4YzNsekwzTnZZMnRsZEM1b1BnMEtJMmx1WTJ4MVpHVWdQRzVsZEdsdVpYUXZhVzR1YUQ0TkNpTnBibU5zZFdSbElEeGxjbkp1Ynk1b1BnIg==\n', '2 of them', ' Semi-Auto-generated  - from files multiple_php_webshells', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(518, 'multiple_webshells_0019', 'JHMwID0gIjxiPkR1bXBlZCEgRHVtcCBoYXMgYmVlbiB3cml0ZWQgdG8gIg==\nJHMxID0gImlmICgoIWVtcHR5KCRkb25hdGVkX2h0bWwpKSBhbmQgKGluX2FycmF5KCRhY3QsJGRvbmF0ZWRfYWN0KSkpIHtlY2hvIFwiPFRBQkxFIHN0Ig==\nJHMyID0gIjxpbnB1dCB0eXBlPXN1Ym1pdCBuYW1lPWFjdGFyY2J1ZmYgdmFsdWU9XFxcIlBhY2sgYnVmZmVyIHRvIGFyY2hpdmUi\n', '1 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(519, 'multiple_webshells_0020', 'JHMwID0gIkBpbmlfc2V0KFwiaGlnaGxpZ2h0Ig==\nJHMxID0gImVjaG8gXCI8Yj5SZXN1bHQgb2YgZXhlY3V0aW9uIHRoaXMgUEhQLWNvZGU8L2I+Ojxicj5cIjsi\nJHMyID0gInskcm93W10gPSBcIjxiPk93bmVyL0dyb3VwPC9iPlwiO30i\n', '2 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(520, 'multiple_webshells_0021', 'JHMyID0gImVjaG8gJHVuYW1lLlwiPC9mb250Pjxicj48Yj5cIjsi\nJHMzID0gIndoaWxlKCFmZW9mKCRmKSkgeyAkcmVzLj1mcmVhZCgkZiwxMDI0KTsgfSI=\nJHM0ID0gImVjaG8gXCJ1c2VyPVwiLkBnZXRfY3VycmVudF91c2VyKCkuXCIgdWlkPVwiLkBnZXRteXVpZCgpLlwiIGdpZD1cIi5AZ2V0bXlnaWQoKSI=\n', '2 of them', ' Semi-Auto-generated  - from files GFS web-shell ver 3.1.7 - PRiV8.php.txt, nshell.php.php.txt, gfs_sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(521, 'multiple_webshells_0022', 'JHMwID0gImM5OWZ0cGJydXRlY2hlY2si\nJHMxID0gIiRmdHBxdWlja190ID0gcm91bmQoZ2V0bWljcm90aW1lKCktJGZ0cHF1aWNrX3N0LDQpOyI=\nJHMyID0gIiRmcWJfbGVuZ2h0ID0gJG5peHB3ZHBlcnBhZ2U7Ig==\nJHMzID0gIiRzb2NrID0gQGZ0cF9jb25uZWN0KCRob3N0LCRwb3J0LCR0aW1lb3V0KTsi\n', '2 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(522, 'multiple_webshells_0023', 'JHMwID0gIiRzcWxxdWlja2xhdW5jaFtdID0gYXJyYXkoXCIi\nJHMxID0gImVsc2Uge2VjaG8gXCI8Y2VudGVyPjxiPkZpbGUgZG9lcyBub3QgZXhpc3RzIChcIi5odG1sc3BlY2lhbGNoYXJzKCRkLiRmKS5cIikhPCI=\n', 'all of them', ' Semi-Auto-generated  - from files w.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(523, 'multiple_webshells_0024', 'JHMwID0gImlmKEAkX1BPU1RbJ3NhdmUnXSl3cml0ZWYoJGZpbGUsJF9QT1NUWydkYXRhJ10pOyI=\nJHMxID0gImlmKCRhY3Rpb249PVwicGhwZXZhbFwiKXsi\nJHMyID0gIiR1cGxvYWRmaWxlID0gJGRpcnVwbG9hZC5cIi9cIi4kX1BPU1RbJ2ZpbGVuYW1lJ107Ig==\nJHMzID0gIiRkaXI9Z2V0Y3dkKCkuXCIvXCI7Ig==\n', '2 of them', ' Semi-Auto-generated  - from files antichat.php.php.txt, Fatalshell.php.php.txt, a_gedit.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(524, 'multiple_webshells_0025', 'JHMzID0gImlmICghZW1wdHkoJGRlbGVycikpIHtlY2hvIFwiPGI+RGVsZXRpbmcgd2l0aCBlcnJvcnM6PC9iPjxicj5cIi4kZGVsZXJyO30i\n', '1 of them', ' Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(525, 'multiple_webshells_0026', 'JHMwID0gImlmICgkZmlsZW5hbWUgIT0gXCIuXCIgYW5kICRmaWxlbmFtZSAhPSBcIi4uXCIpeyI=\nJHMxID0gIiRkaXJlcyA9ICRkaXJlcyAuICRkaXJlY3Rvcnk7Ig==\nJHM0ID0gIiRhcnIgPSBhcnJheV9tZXJnZSgkYXJyLCBnbG9iKFwiKlwiKSk7Ig==\n', '2 of them', ' Semi-Auto-generated  - from files Crystal.php.txt, nshell.php.php.txt, load_shell.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(526, 'multiple_webshells_0027', 'JHMwID0gIkAkcnRvPSRfUE9TVFsncnRvJ107Ig==\nJHMyID0gIlNDUk9MTEJBUi1UUkFDSy1DT0xPUjogIzkxQUFGRiI=\nJHMzID0gIiR0bzE9c3RyX3JlcGxhY2UoXCIvL1wiLFwiL1wiLCR0bzEpOyI=\n', '2 of them', ' Semi-Auto-generated  - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(527, 'multiple_webshells_0028', 'JHMwID0gIiBpZiAoJG1vZGUgJiAweDIwMCkgeyR3b3JsZFtcImV4ZWN1dGVcIl0gPSAoJHdvcmxkW1wiZXhlY3V0ZVwiXSA9PSBcInhcIik/XCJ0XCI6Ig==\nJHMxID0gIiAkZ3JvdXBbXCJleGVjdXRlXCJdID0gKCRtb2RlICYgMDAwMTApP1wieFwiOlwiLVwiOyI=\n', 'all of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, dC3 Security Crew Shell PRiV.php.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(528, 'multiple_webshells_0029', 'JHMwID0gIiRyZXN1bHQgPSBteXNxbF9xdWVyeShcIlNIT1cgUFJPQ0VTU0xJU1RcIiwgJHNxbF9zb2NrKTsgIg==\n', 'all of them', ' Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, 1.txt, c2007.php.php.txt, c100.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(529, 'multiple_php_webshells_2', 'JHMwID0gImVsc2VpZiAoIWVtcHR5KCRmdCkpIHtlY2hvIFwiPGNlbnRlcj48Yj5NYW51YWxseSBzZWxlY3RlZCB0eXBlIGlzIGluY29ycmVjdC4gSSI=\nJHMxID0gImVsc2Uge2VjaG8gXCI8Y2VudGVyPjxiPlVua25vd24gZXh0ZW5zaW9uIChcIi4kZXh0LlwiKSwgcGxlYXNlLCBzZWxlY3QgdHlwZSBtYSI=\nJHMzID0gIiRzID0gXCIhXihcIi5pbXBsb2RlKFwifFwiLCR0bXApLlwiKSQhaVwiOyI=\n', 'all of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt, SpecialShell_99.php.php.txt, ctt_sh.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(530, 'multiple_webshells_0030', 'JHMwID0gImlmICgkdG90YWwgPT09IEZBTFNFKSB7JHRvdGFsID0gMDt9Ig==\nJHMxID0gIiRmcmVlX3BlcmNlbnQgPSByb3VuZCgxMDAvKCR0b3RhbC8kZnJlZSksMik7Ig==\nJHMyID0gImlmICghJGJvb2wpIHskYm9vbCA9IGlzX2RpcigkbGV0dGVyLlwiOlxcXFxcIik7fSI=\nJHMzID0gIiRib29sID0gJGlzZGlza2V0dGUgPSBpbl9hcnJheSgkbGV0dGVyLCRzYWZlbW9kZV9kaXNrZXR0ZXMpOyI=\n', '2 of them', ' Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(531, 'multiple_webshells_0031', 'JHMwID0gIiRyZXMgPSBtc3NxbF9xdWVyeShcInNlbGVjdCAqIGZyb20gcjU3X3RlbXBfdGFibGVcIiwkZGIpOyI=\nJHMyID0gIidlbmdfdGV4dDMwJz0+J0NhdCBmaWxlJywi\nJHMzID0gIkBtc3NxbF9xdWVyeShcImRyb3AgdGFibGUgcjU3X3RlbXBfdGFibGVcIiwkZGIpOyI=\n', '1 of them', ' Semi-Auto-generated  - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(532, 'multiple_webshells_0032', 'JHMwID0gIiRudW0gPSAkbml4cGFzc3dkICsgJG5peHB3ZHBlcnBhZ2U7Ig==\nJHMxID0gIiRyZXQgPSBwb3NpeF9raWxsKCRwaWQsJHNpZyk7Ig==\nJHMyID0gImlmICgkdWlkKSB7ZWNobyBqb2luKFwiOlwiLCR1aWQpLlwiPGJyPlwiO30i\nJHMzID0gIiRpID0gJG5peHBhc3N3ZDsi\n', '2 of them', ' Semi-Auto-generated  - from files nixrem.php.php.txt, c99shell_v1.0.php.php.txt, c99php.txt, NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php.txt', ' Neo23x0 Yara BRG + customization by Stefan -dfate- Molls', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(533, 'DarkSecurityTeam_Webshell', 'JHMwID0gImZvcm0gbWV0aG9kPXBvc3Q+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9XCJcIiNcIlwiIHZhbHVlPUV4ZWN1dGUoU2Vzc2lvbihcIlwiI1wiXCIpKT48aW5wdXQgbmFtZT10aGVQYXRoIHZhbHVlPVwiXCJcIiZIdG1sRW5jb2RlKFNlcnZlci5NYXBQYXRoKFwiLlwiKSkmIg==\n', '1 of them', ' Dark Security Team Webshell', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(534, 'PHP_Cloaked_Webshell_SuperFetchExec', 'JHMwID0gImVsc2V7JGQuPUBjaHIoKCRoWyRlWyRvXV08PDQpKygkaFskZVsrKyRvXV0pKTt9fWV2YWwoJGQpOyI=\n', '$s0', ' Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(536, 'WebShell_dC3_Security_Crew_Shell_PRiV', 'JHMwID0gIkBybWRpcigkX0dFVFsnZmlsZSddKSBvciBkaWUgKFwiWy1dRXJyb3IgZGVsZXRpbmcgZGlyIVwiKTsi\nJHM0ID0gIiRwcz1zdHJfcmVwbGFjZShcIlxcXFxcIixcIi9cIixnZXRlbnYoJ0RPQ1VNRU5UX1JPT1QnKSk7Ig==\nJHM1ID0gImhlYWRlcihcIkV4cGlyZXM6IFwiLmRhdGUoXCJyXCIsbWt0aW1lKDAsMCwwLDEsMSwyMDMwKSkpOyI=\nJHMxNSA9ICJzZWFyY2hfZmlsZSgkX1BPU1RbJ3NlYXJjaCddLHVybGRlY29kZSgkX1BPU1RbJ2RpciddKSk7Ig==\nJHMxNiA9ICJlY2hvIGJhc2U2NF9kZWNvZGUoJGltYWdlc1skX0dFVFsncGljJ11dKTsi\nJHMyMCA9ICJpZiAoaXNzZXQoJF9HRVRbJ3JlbmFtZV9hbGwnXSkpIHsi\n', '3 of them', ' PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(537, 'WebShell_simattacker', 'JHMxID0gIiRmcm9tID0gcmFuZCAoNzEsMTAyMDAwMDAwMCkuXCJAXCIuXCJBdHRhY2tlci5jb21cIjsi\nJHM0ID0gIiZuYnNwO1R1cmtpc2ggSGFja2VycyA6IFdXVy5BTFRVUktTLkNPTSA8YnI+Ig==\nJHM1ID0gIiZuYnNwO1Byb2dyYW1lciA6IFNpbUF0dGFja2VyIC0gRWRpdGVkIEJ5IEtpbmdEZWZhY2VyPGJyPiI=\nJHM2ID0gIi8vZmFrZSBtYWlsID0gVXNlIHZpY3RpbSBzZXJ2ZXIgNCBET1MgLSBmYWtlIG1haWwgIg==\nJHMxMCA9ICImbmJzcDtlLW1haWwgOiBraW5nZGVmYWNlckBtc24uY29tPGJyPiI=\nJHMxNyA9ICJlcnJvcl9yZXBvcnRpbmcoRV9FUlJPUiB8IEVfV0FSTklORyB8IEVfUEFSU0UpOyI=\nJHMxOCA9ICJlY2hvIFwiPGZvbnQgc2l6ZT0nMScgY29sb3I9JyM5OTk5OTknPkRvbnQgaW4gd2luZG93c1wiOyI=\nJHMyMCA9ICIkQ29tbWVudHM9JF9QT1NUWydDb21tZW50cyddOyI=\n', '2 of them', ' PHP Webshells Github Archive - file simattacker.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(538, 'WebShell_DTool_Pro', 'JHMxID0gImZ1bmN0aW9uIFBIUGdldCgpe2luY2xWYXIoKTsgaWYoY29uZmlybShcIk8gUEhQZ2V0IGFnb3JhIG9mZXJlY2UgdW1hIGxpc3RhIHByb250Ig==\nJHMyID0gIjxmb250IHNpemU9Mz5ieSByM3Yzbmc0bnMgLSByZXZlbmdhbnNAZ21haWwuY29tIDwvZm9udD4i\nJHMzID0gImZ1bmN0aW9uIFBIUHdyaXRlcigpe2luY2xWYXIoKTt2YXIgdXJsPXByb21wdChcIlsgUEhQd3JpdGVyIF0gYnkgcjN2M25nNG5zXFxuRGlnIg==\nJHMxMSA9ICIvL1R1cm5zIHRoZSAnbHMnIGNvbW1hbmQgbW9yZSB1c2VmdWxsLCBzaG93aW5nIGl0IGFzIGl0IGxvb2tzIGluIHRoZSBzaGVsbCI=\nJHMxMyA9ICJpZiAoQGZpbGVfZXhpc3RzKFwiL3Vzci9iaW4vd2dldFwiKSkgJHBybzM9XCI8aT53Z2V0PC9pPiBhdCAvdXNyL2Jpbi93Z2V0LCBcIjsi\nJHMxNCA9ICIvL1RvIGtlZXAgdGhlIGNoYW5nZXMgaW4gdGhlIHVybCwgd2hlbiB1c2luZyB0aGUgJ0dFVCcgd2F5IHRvIHNlbmQgcGhwIHZhcmlhYmxlcyI=\nJHMxNiA9ICJmdW5jdGlvbiBQSFBmKCl7aW5jbFZhcigpO3ZhciBvPXByb21wdChcIlsgUEhQZmlsRWRpdG9yIF0gYnkgcjN2M25nNG5zXFxuRGlnaXRlICI=\nJHMxOCA9ICJpZihlbXB0eSgkZnUpKSAkZnUgPSBAJF9HRVRbJ2Z1J107Ig==\n', '3 of them', ' PHP Webshells Github Archive - file DTool Pro.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(542, 'WebShell_b374k_mini_shell_php_php', 'JHMwID0gIkBlcnJvcl9yZXBvcnRpbmcoMCk7Ig==\nJHMyID0gIkBldmFsKGd6aW5mbGF0ZShiYXNlNjRfZGVjb2RlKCRjb2RlKSkpOyI=\nJHMzID0gIkBzZXRfdGltZV9saW1pdCgwKTsgIg==\n', 'all of them', ' PHP Webshells Github Archive - file b374k-mini-shell-php.php.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(543, 'WebShell_Sincap_1_0', 'JHM0ID0gIjwvZm9udD48L3NwYW4+PGEgaHJlZj1cIm1haWx0bzpzaG9wZW5AYXZlbnRncnVwLm5ldFwiPiI=\nJHM1ID0gIjx0aXRsZT46OiBBdmVudEdydXAgOjouLiAtIFNpbmNhcCAxLjAgfCBTZXNzaW9uKE90dXJ1bSkgQiI=\nJHM5ID0gIjwvc3Bhbj5BdnJhc3lhIFZlcmkgdmUgTmV0V29yayBUZWtub2xvamlsZXJpIEdlbGki\nJHMxMiA9ICJ3aGlsZSAoKCRla2luY2k9cmVhZGRpciAoJHNlZGF0KSkpeyI=\nJHMxOSA9ICIkZGVnZXIyPSBcIiRpY2hbJHRhbXBvbjRdXCI7Ig==\n', '2 of them', ' PHP Webshells Github Archive - file Sincap 1.0.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(544, 'WebShell_b374k_php', 'JHMwID0gIi8vIGVuY3J5cHQgeW91ciBwYXNzd29yZCB0byBtZDUgaGVyZSBodHRwOi8va2VyaW5jaS5uZXQvP3g9ZGVjb2RlIg==\nJHM2ID0gIi8vIHBhc3N3b3JkIChkZWZhdWx0IGlzOiBiMzc0ayki\nJHM4ID0gIi8vKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqIg==\nJHM5ID0gIi8vIGIzNzRrIDIuMiI=\nJHMxMCA9ICJldmFsKFwiPz5cIi5nemluZmxhdGUoYmFzZTY0X2RlY29kZSgi\n', '3 of them', ' PHP Webshells Github Archive - file b374k.php.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(545, 'WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend', 'JHM0ID0gIiZuYnNwO0lyYW5pYW4gSGFja2VycyA6IFdXVy5TSU1PUkdILUVWLkNPTSA8YnI+Ig==\nJHM1ID0gIi8vZmFrZSBtYWlsID0gVXNlIHZpY3RpbSBzZXJ2ZXIgNCBET1MgLSBmYWtlIG1haWwgIg==\nJHMxMCA9ICI8YSBzdHlsZT1cIlRFWFQtREVDT1JBVElPTjogbm9uZVwiIGhyZWY9XCJodHRwOi8vd3d3LnNpbW9yZ2gtZXYuY29tXCI+Ig==\nJHMxNiA9ICJlcnJvcl9yZXBvcnRpbmcoRV9FUlJPUiB8IEVfV0FSTklORyB8IEVfUEFSU0UpOyI=\nJHMxNyA9ICJlY2hvIFwiPGZvbnQgc2l6ZT0nMScgY29sb3I9JyM5OTk5OTknPkRvbnQgaW4gd2luZG93c1wiOyI=\nJHMxOSA9ICIkQ29tbWVudHM9JF9QT1NUWydDb21tZW50cyddOyI=\nJHMyMCA9ICJWaWN0aW0gTWFpbCA6PGJyPjxpbnB1dCB0eXBlPSd0ZXh0JyBuYW1lPSd0bycgPjxicj4i\n', '3 of them', ' PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(546, 'WebShell_h4ntu_shell__powered_by_tsoi_', 'JHMxMSA9ICI8dGl0bGU+aDRudHUgc2hlbGwgW3Bvd2VyZWQgYnkgdHNvaV08L3RpdGxlPiI=\nJHMxMyA9ICIkY21kID0gJF9QT1NUWydjbWQnXTsi\nJHMxNiA9ICIkdW5hbWUgPSBwb3NpeF91bmFtZSggKTsi\nJHMxNyA9ICJpZighJHdob2FtaSkkd2hvYW1pPWV4ZWMoXCJ3aG9hbWlcIik7Ig==\nJHMxOCA9ICJlY2hvIFwiPHA+PGZvbnQgc2l6ZT0yIGZhY2U9VmVyZGFuYT48Yj5UaGlzIElzIFRoZSBTZXJ2ZXIgSW5mb3JtYXRpb248L2I+PC9mb250PiI=\nJHMyMCA9ICJvYl9lbmRfY2xlYW4oKTsi\n', '3 of them', ' PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(547, 'WebShell_php_webshells_MyShell', 'JHMzID0gIjx0aXRsZT5NeVNoZWxsIGVycm9yIC0gQWNjZXNzIERlbmllZDwvdGl0bGU+Ig==\nJHM0ID0gIiRhZG1pbkVtYWlsID0gXCJ5b3VyZW1haWxAeW91cnNlcnZlci5jb21cIjsi\nJHM1ID0gIi8vQSB3b3JrZGlyIGhhcyBiZWVuIGFza2VkIGZvciAtIHdlIGNoZGlyIHRvIHRoYXQgZGlyLiI=\nJHM2ID0gInN5c3RlbSgkY29tbWFuZCAuIFwiIDE+IC90bXAvb3V0cHV0LnR4dCAyPiYxOyBjYXQgL3RtcC9vdXRwdXQudHh0OyBybSAvdG1wL28i\nJHMxMyA9ICIjJGF1dG9FcnJvclRyYXAgRW5hYmxlIGF1dG9tYXRpYyBlcnJvciB0cmFwaW5nIGlmIGNvbW1hbmQgcmV0dXJucyBlcnJvci4i\nJHMxNCA9ICIvKiBObyB3b3JrX2RpciAtIHdlIGNoZGlyIHRvICRET0NVTUVOVF9ST09UICovIg==\nJHMxOSA9ICIjZXZlcnkgY29tbWFuZCB5b3UgZXhjZWN1dGUuIg==\nJHMyMCA9ICI8Zm9ybSBuYW1lPVwic2hlbGxcIiBtZXRob2Q9XCJwb3N0XCI+Ig==\n', '3 of them', ' PHP Webshells Github Archive - file MyShell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(548, 'WebShell_php_webshells_pws', 'JHM2ID0gImlmICgkX1BPU1RbJ2NtZCddKXsi\nJHM3ID0gIiRjbWQgPSAkX1BPU1RbJ2NtZCddOyI=\nJHMxMCA9ICJlY2hvIFwiRklMRSBVUExPQURFRCBUTyAkZGV6XCI7Ig==\nJHMxMSA9ICJpZiAoZmlsZV9leGlzdHMoJHVwbG9hZGVkKSkgeyI=\nJHMxMiA9ICJjb3B5KCR1cGxvYWRlZCwgJGRleik7Ig==\nJHMxNyA9ICJwYXNzdGhydSgkY21kKTsi\n', '4 of them', ' PHP Webshells Github Archive - file pws.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(554, 'WebShell_php_webshells_pHpINJ', 'JHMzID0gImVjaG8gJzxhIGhyZWY9Jy4kZXhwdXJsLic+IENsaWNrIEhlcmUgdG8gRXhwbG9pdCA8L2E+IDxiciAvPic7Ig==\nJHMxMCA9ICI8Zm9ybSBhY3Rpb24gPSBcIjw/cGhwIGVjaG8gXCIkX1NFUlZFUltQSFBfU0VMRl1cIiA7ID8+XCIgbWV0aG9kID0gXCJwb3N0XCI+Ig==\nJHMxMSA9ICIkc3FsID0gXCIwJyBVTklPTiBTRUxFQ1QgJzAnICwgJzw/IHN5c3RlbShcXCRfR0VUW2NwY10pO2V4aXQ7ID8+JyAsMCAsMCAsMCAsMCBJTiI=\nJHMxMyA9ICJGdWxsIHNlcnZlciBwYXRoIHRvIGEgd3JpdGFibGUgZmlsZSB3aGljaCB3aWxsIGNvbnRhaW4gdGhlIFBocCBTaGVsbCA8YnIgLz4i\nJHMxNCA9ICIkZXhwdXJsPSAkdXJsLlwiP2lkPVwiLiRzcWwgOyI=\nJHMxNSA9ICI8aGVhZGVyPnx8ICAgLjo6TmV3cyBQSFAgU2hlbGwgSW5qZWN0aW9uOjouICAgfHw8L2hlYWRlcj4gPGJyIC8+IDxiciAvPiI=\nJHMxNiA9ICI8aW5wdXQgdHlwZSA9IFwic3VibWl0XCIgdmFsdWUgPSBcIkNyZWF0ZSBFeHBsb2l0XCI+IDxiciAvPiA8YnIgLz4i\n', '1 of them', ' PHP Webshells Github Archive - file pHpINJ.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(555, 'WebShell_php_webshells_NGH', 'JHMwID0gIjx0aXRsZT5XZWJjb21tYW5kZXIgYXQgPD89JF9TRVJWRVJbXCJIVFRQX0hPU1RcIl0/PjwvdGl0bGU+Ig==\nJHMyID0gIi8qIFdlYmNvbW1hbmRlciBieSBDcjRzaF9ha2FfUktMIHYwLjMuOSBOR0ggZWRpdGlvbiA6cCAqLyI=\nJHM1ID0gIjxmb3JtIGFjdGlvbj08Pz0kc2NyaXB0Pz4/YWN0PWJpbmRzaGVsbCBtZXRob2Q9UE9TVD4i\nJHM5ID0gIjxmb3JtIGFjdGlvbj08Pz0kc2NyaXB0Pz4/YWN0PWJhY2tjb25uZWN0IG1ldGhvZD1QT1NUPiI=\nJHMxMSA9ICI8Zm9ybSBhY3Rpb249PD89JHNjcmlwdD8+P2FjdD1ta2RpciBtZXRob2Q9UE9TVD4i\nJHMxNiA9ICJkaWUoXCI8Zm9udCBjb2xvcj0jREYwMDAwPkxvZ2luIGVycm9yPC9mb250PlwiKTsi\nJHMyMCA9ICI8Yj5CaW5kIC9iaW4vYmFzaCBhdCBwb3J0OiA8L2I+PGlucHV0IHR5cGU9dGV4dCBuYW1lPXBvcnQgc2l6ZT04PiI=\n', '2 of them', ' PHP Webshells Github Archive - file NGH.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(556, 'WebShell_php_webshells_matamu', 'JHMyID0gIiRjb21tYW5kIC49ICcgLUYnOyI=\nJHMzID0gIi8qIFdlIHRyeSBhbmQgbWF0Y2ggYSBjZCBjb21tYW5kLiAqLyI=\nJHM0ID0gImRpcmVjdG9yeS4uLiBUcnVzdCBtZSAtIGl0IHdvcmtzIDotKSAqLyI=\nJHM1ID0gIiRjb21tYW5kIC49IFwiIDE+ICR0bXBmaWxlIDI+JjE7IFwiIC4i\nJHMxMCA9ICIkbmV3X2RpciA9ICRyZWdzWzFdOyAvLyAnY2QgL3NvbWV0aGluZy8uLi4nIg==\nJHMxNiA9ICIvKiBUaGUgbGFzdCAvIGluIHdvcmtfZGlyIHdlcmUgdGhlIGZpcnN0IGNoYXJlY3Rlci4i\n', '2 of them', ' PHP Webshells Github Archive - file matamu.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(557, 'WebShell_ru24_post_sh', 'JHMxID0gImh0dHA6Ly93d3cucnUyNC10ZWFtLm5ldCI=\nJHM0ID0gImlmICgoISRfUE9TVFsnY21kJ10pIHx8ICgkX1BPU1RbJ2NtZCddPT1cIlwiKSkgeyAkX1BPU1RbJ2NtZCddPVwiaWQ7cHdkO3VuYW1lIC1hIg==\nJHM2ID0gIlJ1MjRQb3N0V2ViU2hlbGwi\nJHM3ID0gIldyaXRlZCBieSBEcmVBbWVSeiI=\nJHM5ID0gIiRmdW5jdGlvbj1wYXNzdGhydTsgLy8gc3lzdGVtLCBleGVjLCBjbWQi\n', '1 of them', ' PHP Webshells Github Archive - file ru24_post_sh.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(558, 'WebShell_hiddens_shell_v1', 'JHMwID0gIjw/JGQ9J0c3bUhXUTl2dlhpTC9RWDJvWjJWVERwbzZnM0ZZQWE2WCs4RE1JemNEMGVIWmFCWkg3akZwWnpVejdYTmVueFNZdkJQMld5MzZVIg==\n', 'all of them', ' PHP Webshells Github Archive - file hiddens shell v1.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(559, 'WebShell_c99_madnet', 'JHMwID0gIiRtZDVfcGFzcyA9IFwiXCI7IC8vSWYgbm8gcGFzcyB0aGVuIGhhc2gi\nJHMxID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJyI=\nJHMyID0gIiRwYXNzID0gXCJwYXNzXCI7ICAvL1Bhc3Mi\nJHMzID0gIiRsb2dpbiA9IFwidXNlclwiOyAvL0xvZ2luIg==\nJHM0ID0gIiAgICAgICAgICAgICAvL0F1dGhlbnRpY2F0aW9uIg==\n', 'all of them', ' PHP Webshells Github Archive - file c99_madnet.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(560, 'WebShell_c99_locus7s', 'JHM4ID0gIiRlbmNvZGVkID0gYmFzZTY0X2VuY29kZShmaWxlX2dldF9jb250ZW50cygkZC4kZikpOyAi\nJHM5ID0gIiRmaWxlID0gJHRtcGRpci5cImR1bXBfXCIuZ2V0ZW52KFwiU0VSVkVSX05BTUVcIikuXCJfXCIuJGRiLlwiX1wiLmRhdGUoXCJkLW0tWSI=\nJHMxMCA9ICJlbHNlIHskdG1wID0gaHRtbHNwZWNpYWxjaGFycyhcIi4vZHVtcF9cIi5nZXRlbnYoXCJTRVJWRVJfTkFNRVwiKS5cIl9cIi4kc3Ei\nJHMxMSA9ICIkYzk5c2hfc291cmNlc3VybCA9IFwiaHR0cDovL2xvY3VzN3MuY29tL1wiOyAvL1NvdXJjZXMtc2VydmVyICI=\nJHMxOSA9ICIkbml4cHdkcGVycGFnZSA9IDEwMDsgLy8gR2V0IGZpcnN0IE4gbGluZXMgZnJvbSAvZXRjL3Bhc3N3ZCAi\n', '2 of them', ' PHP Webshells Github Archive - file c99_locus7s.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(561, 'WebShell_JspWebshell_1_2', 'JHMwID0gIlN5c3RlbS5vdXQucHJpbnRsbihcIkNyZWF0ZUFuZERlbGV0ZUZvbGRlciBpcyBlcnJvcjpcIitleCk7ICI=\nJHMxID0gIlN0cmluZyBwYXNzd29yZD1yZXF1ZXN0LmdldFBhcmFtZXRlcihcInBhc3N3b3JkXCIpOyI=\nJHMzID0gIjwlQCBwYWdlIGNvbnRlbnRUeXBlPVwidGV4dC9odG1sOyBjaGFyc2V0PUdCS1wiIGxhbmd1YWdlPVwiamF2YVwiIGltcG9ydD1cImphdmEuIg==\nJHM3ID0gIlN0cmluZyBlZGl0ZmlsZT1yZXF1ZXN0LmdldFBhcmFtZXRlcihcImVkaXRmaWxlXCIpOyI=\nJHM4ID0gIi8vU3RyaW5nIHRlbXBmaWxlbmFtZT1yZXF1ZXN0LmdldFBhcmFtZXRlcihcImZpbGVcIik7Ig==\nJHMxMiA9ICJwYXNzd29yZCA9IChTdHJpbmcpc2Vzc2lvbi5nZXRBdHRyaWJ1dGUoXCJwYXNzd29yZFwiKTsi\n', '3 of them', ' PHP Webshells Github Archive - file JspWebshell_1.2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(562, 'WebShell_safe0ver', 'JHMzID0gIiRzY3JpcHRpZGVudCA9IFwiJHNjcmlwdFRpdGxlIEJ5IEV2aWxjMGRlci5jb21cIjsi\nJHM0ID0gIndoaWxlIChmaWxlX2V4aXN0cyhcIiRsYXN0ZGlyL25ld2ZpbGUkaS50eHRcIikpIg==\nJHM1ID0gImVsc2UgeyAvKiA8IS0tIFRoZW4gaXQgbXVzdCBiZSBhIEZpbGUuLi4gLS0+ICovIg==\nJHM3ID0gIiRjb250ZW50cyAuPSBodG1sZW50aXRpZXMoICRsaW5lICkgOyI=\nJHM4ID0gIjxicj48cD48YnI+U2FmZSBNb2RlIEJ5UEFzczxwPjxmb3JtIG1ldGhvZD1cIlBPU1RcIj4i\nJHMxNCA9ICJlbHNlaWYgKCAkY21kPT1cInVwbG9hZFwiICkgeyAvKiA8IS0tIFVwbG9hZCBGaWxlIGZvcm0gLS0+ICovICI=\nJHMyMCA9ICIvKiA8IS0tIEVuZCBvZiBBY3Rpb25zIC0tPiAqLyI=\n', '3 of them', ' PHP Webshells Github Archive - file safe0ver.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(563, 'WebShell_Uploader', 'JHMxID0gIm1vdmVfdXBsb2FkZWRfZmlsZSgkdXNlcmZpbGUsIFwiZW50cmlrYS5waHBcIik7ICI=\n', 'all of them', ' PHP Webshells Github Archive - file Uploader.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(564, 'WebShell_php_webshells_kral', 'JHMxID0gIiRhZHJlcz1nZXRob3N0YnluYW1lKCRpcCk7Ig==\nJHMzID0gImN1cmxfc2V0b3B0KCRjaCxDVVJMT1BUX1BPU1RGSUVMRFMsXCJkb21haW49XCIuJHNpdGUpOyI=\nJHM0ID0gIiRla2xlPVwiL2luZGV4LnBocD9vcHRpb249Y29tX3VzZXImdmlldz1yZXNldCZsYXlvdXQ9Y29uZmlybVwiOyI=\nJHMxNiA9ICJlY2hvICRzb24uJyA8YnI+IDxmb250IGNvbG9yPVwiZ3JlZW5cIj5BY2Nlc3M8L2ZvbnQ+PGJyPic7Ig==\nJHMxNyA9ICI8cD5rb2RsYW1hIGJ5IDxhIGhyZWY9XCJtYWlsdG86cHJpdjhjb2RlckBnbWFpbC5jb21cIj5CTGFTVEVSPC9hPjxiciAvIg==\nJHMyMCA9ICI8cD48c3Ryb25nPlNlcnZlciBsaXN0ZWxleWljaTwvc3Ryb25nPjxiciAvPiI=\n', '2 of them', ' PHP Webshells Github Archive - file kral.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(565, 'WebShell_cgitelnet', 'JHM5ID0gIiMgQXV0aG9yIEhvbWVwYWdlOiBodHRwOi8vd3d3LnJvaGl0YWIuY29tLyI=\nJHMxMCA9ICJlbHNpZigkQWN0aW9uIGVxIFwiY29tbWFuZFwiKSAjIHVzZXIgd2FudHMgdG8gcnVuIGEgY29tbWFuZCI=\nJHMxOCA9ICIjIGluIGEgY29tbWFuZCBsaW5lIG9uIFdpbmRvd3MgTlQuIg==\nJHMyMCA9ICJwcmludCBcIlRyYW5zZmVyZWQgJFRhcmdldEZpbGVTaXplIEJ5dGVzLjxicj5cIjsi\n', '2 of them', ' PHP Webshells Github Archive - file cgitelnet.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(567, 'WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_2', 'JHMxID0gIjxvcHRpb24gdmFsdWU9XCIvZXRjL3Bhc3N3ZFwiPkdldCAvZXRjL3Bhc3N3ZDwvb3B0aW9uPiI=\nJHMzID0gInhiNUBob3RtYWlsLmNvbTwvRk9OVD48L0NFTlRFUj48L0I+XCIpOyI=\nJHM0ID0gIiR2ID0gQGluaV9nZXQoXCJvcGVuX2Jhc2VkaXJcIik7Ig==\nJHM2ID0gImJ5IFBIUCBFbXBlcm9yPHhiNUBob3RtYWlsLmNvbT4i\n', '2 of them', ' PHP Webshells Github Archive - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(568, 'WebShell_NTDaddy_v1_9', 'JHMyID0gInwgICAgIC1vYnplcnZlIDogbXJfb0BpaGF0ZWNsb3ducy5jb20gfCI=\nJHM2ID0gInN6VGVtcEZpbGUgPSBcIkM6XFxcIiAmIG9GaWxlU3lzLkdldFRlbXBOYW1lKCApIg==\nJHMxMyA9ICI8Zm9ybSBhY3Rpb249bnRkYWRkeS5hc3AgbWV0aG9kPXBvc3Q+Ig==\nJHMxNyA9ICJyZXNwb25zZS53cml0ZShcIjxFUlJPUjogVEhJUyBJUyBOT1QgQSBURVhUIEZJTEU+XCIpIg==\n', '2 of them', ' PHP Webshells Github Archive - file NTDaddy v1.9.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(569, 'WebShell_lamashell', 'JHMwID0gImlmKCgkX1BPU1RbJ2V4ZSddKSA9PSBcIkV4ZWN1dGVcIikgeyI=\nJHM4ID0gIiRjdXJjbWQgPSAkX1BPU1RbJ2tpbmcnXTsi\nJHMxNiA9ICJcImh0dHA6Ly93d3cudzMub3JnL1RSL2h0bWw0L2xvb3NlLmR0ZFwiPiI=\nJHMxOCA9ICI8dGl0bGU+bGFtYSdzJ2hlbGwgdi4gMy4wPC90aXRsZT4i\nJHMxOSA9ICJffF8gIE8gICAgXyAgICBPICBffF8i\nJHMyMCA9ICIkY3VyY21kID0gXCJscyAtbGFoXCI7Ig==\n', '2 of them', ' PHP Webshells Github Archive - file lamashell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(570, 'WebShell_Simple_PHP_backdoor_by_DK', 'JHMwID0gIjwhLS0gU2ltcGxlIFBIUCBiYWNrZG9vciBieSBESyAoaHR0cDovL21pY2hhZWxkYXcub3JnKSAtLT4i\nJHMxID0gIjwhLS0gICAgaHR0cDovL21pY2hhZWxkYXcub3JnICAgMjAwNiAgICAtLT4i\nJHMyID0gIlVzYWdlOiBodHRwOi8vdGFyZ2V0LmNvbS9zaW1wbGUtYmFja2Rvb3IucGhwP2NtZD1jYXQrL2V0Yy9wYXNzd2Qi\nJHM2ID0gImlmKGlzc2V0KCRfUkVRVUVTVFsnY21kJ10pKXsi\nJHM4ID0gInN5c3RlbSgkY21kKTsi\n', '2 of them', ' PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(571, 'WebShell_Moroccan_Spamers_Ma_EditioN_By_GhOsT', 'JHM0ID0gIiRjb250ZW50ID0gY2h1bmtfc3BsaXQoYmFzZTY0X2VuY29kZSgkY29udGVudCkpOyAi\nJHMxMiA9ICJwcmludCBcIlNlbmRpbmcgbWFpbCB0byAkdG8uLi4uLi4uIFwiOyAi\nJHMxNiA9ICJpZiAoISRmcm9tICYmICEkc3ViamVjdCAmJiAhJG1lc3NhZ2UgJiYgISRlbWFpbGxpc3QpeyAi\n', 'all of them', ' PHP Webshells Github Archive - file Moroccan Spamers Ma-EditioN By GhOsT.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(572, 'WebShell_C99madShell_v__2_0_madnet_edition', 'JHMwID0gIiRtZDVfcGFzcyA9IFwiXCI7IC8vSWYgbm8gcGFzcyB0aGVuIGhhc2gi\nJHMxID0gImV2YWwoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJyI=\nJHMyID0gIiRwYXNzID0gXCJcIjsgIC8vUGFzcyI=\nJHMzID0gIiRsb2dpbiA9IFwiXCI7IC8vTG9naW4i\nJHM0ID0gIi8vQXV0aGVudGljYXRpb24i\n', 'all of them', ' PHP Webshells Github Archive - file C99madShell v. 2.0 madnet edition.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(574, 'WebShell_NCC_Shell', 'JHMwID0gIiBpZiAoaXNzZXQoJF9GSUxFU1sncHJvYmUnXSkgYW5kICEgJF9GSUxFU1sncHJvYmUnXVsnZXJyb3InXSkgeyI=\nJHMxID0gIjxiPi0tQ29kZWQgYnkgU2lsdmVyIg==\nJHMyID0gIjx0aXRsZT5VcGxvYWQgLSBTaGVsbC9EYXRlaTwvdGl0bGU+Ig==\nJHM4ID0gIjxhIGhyZWY9XCJodHRwOi8vd3d3Lm4tYy1jLjZ4LnRvXCIgdGFyZ2V0PVwiX2JsYW5rXCI+LS0+TkNDPC0tPC9hPjwvY2VudGVyPjwvYj48Ig==\nJHMxNCA9ICJ+fF9UZWFtIC46TmF0aW9uYWwgQ3JhY2tlciBDcmV3Oi5ffH48YnI+Ig==\nJHMxOCA9ICJwcmludGYoXCJTaWUgaXN0ICV1IEJ5dGVzIGdybyI=\n', '3 of them', ' PHP Webshells Github Archive - file NCC-Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(575, 'WebShell_php_webshells_README', 'JHMwID0gIkNvbW1vbiBwaHAgd2Vic2hlbGxzLiBEbyBub3QgaG9zdCB0aGUgZmlsZShzKSBpbiB5b3VyIHNlcnZlciEi\nJHMxID0gInBocC13ZWJzaGVsbHMi\n', 'all of them', ' PHP Webshells Github Archive - file README.md', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(576, 'WebShell_backupsql', 'JHMwID0gIiRoZWFkZXJzIC49IFwiXFxuTUlNRS1WZXJzaW9uOiAxLjBcXG5cIiAuXCJDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDtcXG5cIiAuIg==\nJHMxID0gIiRmdHBjb25uZWN0ID0gXCJuY2Z0cHB1dCAtdSAkZnRwX3VzZXJfbmFtZSAtcCAkZnRwX3VzZXJfcGFzcyAtZCBkZWJzZW5kZXJfZnRwbG9nIg==\nJHMyID0gIiogYXMgZW1haWwgYXR0YWNobWVudCwgb3Igc2VuZCB0byBhIHJlbW90ZSBmdHAgc2VydmVyIGJ5Ig==\nJHMxNiA9ICIqIE5lYWd1IE1paGFpPG5lYWd1bWloYWlAaG90bWFpbC5jb20+Ig==\nJHMxNyA9ICIkZnJvbSAgICA9IFwiTmV1LUNvb2xAZW1haWwuY29tXCI7ICAvLyBXaG8gc2hvdWxkIHRoZSBlbWFpbHMgYmUgc2VudCBmcm9tPywgbWF5ICI=\n', '2 of them', ' PHP Webshells Github Archive - file backupsql.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(577, 'WebShell_AK_74_Security_Team_Web_Shell_Beta_Version', 'JHM4ID0gIi0gQUstNzQgU2VjdXJpdHkgVGVhbSBXZWIgU2l0ZTogd3d3LmFrNzQtdGVhbS5uZXQi\nJHM5ID0gIjxiPjxmb250IGNvbG9yPSM4MzAwMDA+OC4gWCBGb3J3YXJkZWQgRm9yIElQIC0gPC9mb250PjwvYj48Zm9udCBjb2xvcj0jODMwMDAwPicuIg==\nJHMxMCA9ICI8Yj48Zm9udCBjb2xvcj0jODMwMDA+RXhlY3V0ZSBzeXN0ZW0gY29tbWFuZHMhPC9mb250PjwvYj4i\n', '1 of them', ' PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(578, 'WebShell_php_webshells_cpanel', 'JHMwID0gImZ1bmN0aW9uIGZ0cF9jaGVjaygkaG9zdCwkdXNlciwkcGFzcywkdGltZW91dCl7Ig==\nJHMzID0gImN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9VUkwsIFwiaHR0cDovLyRob3N0OjIwODJcIik7Ig==\nJHM0ID0gIlsgdXNlckBhbHR1cmtzLmNvbSBdIyBpbmZvPGI+PGJyPjxmb250IGZhY2U9dGFob21hPjxicj4i\nJHMxMiA9ICJjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRlRQTElTVE9OTFksIDEpOyI=\nJHMxMyA9ICJQb3dlcmZ1bCB0b29sICwgZnRwIGFuZCBjUGFuZWwgYnJ1dGUgZm9yY2VyICwgcGhwIDUuMi45IHNhZmVfbW9kZSAmIG9wZW5fYmFzZWRpciI=\nJHMyMCA9ICI8YnI+PGI+UGxlYXNlIGVudGVyIHlvdXIgVVNFUk5BTUUgYW5kIFBBU1NXT1JEIHRvIGxvZ29uPGJyPiI=\n', '2 of them', ' PHP Webshells Github Archive - file cpanel.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(579, 'WebShell_accept_language', 'JHMwID0gIjw/cGhwIHBhc3N0aHJ1KGdldGVudihcIkhUVFBfQUNDRVBUX0xBTkdVQUdFXCIpKTsgZWNobyAnPGJyPiBieSBxMXcyZTNyNCc7ID8+Ig==\n', 'all of them', ' PHP Webshells Github Archive - file accept_language.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(580, 'WebShell_php_webshells_529', 'JHMwID0gIjxwPk1vcmU6IDxhIGhyZWY9XCIvXCI+TWQ1Q3JhY2tpbmcuQ29tIENyZXc8L2E+ICI=\nJHM3ID0gImhyZWY9XCIvXCIgdGl0bGU9XCJTZWN1cml0eWhvdXNlXCI+U2VjdXJpdHkgSG91c2UgLSBTaGVsbCBDZW50ZXIgLSBFZGl0ZWQgQnkgS2luIg==\nJHM5ID0gImVjaG8gJzxQUkU+PFA+VGhpcyBpcyBleHBsb2l0IGZyb20gPGEgIg==\nJHMxMCA9ICJUaGlzIEV4cGxvaXQgV2FzIEVkaXRlZCBCeSBLaW5nRGVmYWNlciI=\nJHMxMyA9ICJzYWZlX21vZGUgYW5kIG9wZW5fYmFzZWRpciBCeXBhc3MgUEhQIDUuMi45ICI=\nJHMxNCA9ICIkaGFyZHN0eWxlID0gZXhwbG9kZShcIi9cIiwgJGZpbGUpOyAi\nJHMyMCA9ICJ3aGlsZSgkbGV2ZWwtLSkgY2hkaXIoXCIuLlwiKTsgIg==\n', '2 of them', ' PHP Webshells Github Archive - file 529.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(581, 'WebShell_STNC_WebShell_v0_8', 'JHMzID0gImlmKGlzc2V0KCRfUE9TVFtcImFjdGlvblwiXSkpICRhY3Rpb24gPSAkX1BPU1RbXCJhY3Rpb25cIl07Ig==\nJHM4ID0gImVsc2VpZihmZShcInN5c3RlbVwiKSl7b2Jfc3RhcnQoKTtzeXN0ZW0oJHMpOyRyPW9iX2dldF9jb250ZW50cygpO29iX2VuZF9jbGVhbigpIg==\nJHMxMyA9ICJ7ICRwd2QgPSAkX1BPU1RbXCJwd2RcIl07ICR0eXBlID0gZmlsZXR5cGUoJHB3ZCk7IGlmKCR0eXBlID09PSBcImRpclwiKWNoZGlyKCRwdyI=\n', '2 of them', ' PHP Webshells Github Archive - file STNC WebShell v0.8.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(582, 'WebShell_php_webshells_tryag', 'JHMxID0gIjx0aXRsZT5UcllhRyBUZWFtIC0gVHJZYUcucGhwIC0gRWRpdGVkIEJ5IEtpbmdEZWZhY2VyPC90aXRsZT4i\nJHMzID0gIiR0YWJsZWR1bXAgPSBcIkRST1AgVEFCTEUgSUYgRVhJU1RTICR0YWJsZTtcXG5cIjsgIg==\nJHM2ID0gIiRzdHJpbmcgPSAhZW1wdHkoJF9QT1NUWydzdHJpbmcnXSkgPyAkX1BPU1RbJ3N0cmluZyddIDogMDsgIg==\nJHM3ID0gIiR0YWJsZWR1bXAgLj0gXCJDUkVBVEUgVEFCTEUgJHRhYmxlIChcXG5cIjsgIg==\nJHMxNCA9ICJlY2hvIFwiPGNlbnRlcj48ZGl2IGlkPWxvZ29zdHJpcD5FZGl0IGZpbGU6ICRlZGl0ZmlsZSA8L2Rpdj48Zm9ybSBhY3Rpb249JyRSRVFVRSI=\n', '3 of them', ' PHP Webshells Github Archive - file tryag.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(583, 'WebShell_dC3_Security_Crew_Shell_PRiV_2', 'JHMwID0gIkBybWRpcigkX0dFVFsnZmlsZSddKSBvciBkaWUgKFwiWy1dRXJyb3IgZGVsZXRpbmcgZGlyIVwiKTsi\nJHM5ID0gImhlYWRlcihcIkxhc3QtTW9kaWZpZWQ6IFwiLmRhdGUoXCJyXCIsZmlsZW10aW1lKF9fRklMRV9fKSkpOyI=\nJHMxMyA9ICJoZWFkZXIoXCJDb250ZW50LXR5cGU6IGltYWdlL2dpZlwiKTsi\nJHMxNCA9ICJAY29weSgkZmlsZSwkdG8pIG9yIGRpZSAoXCJbLV1FcnJvciBjb3B5aW5nIGZpbGUhXCIpOyI=\nJHMyMCA9ICJpZiAoaXNzZXQoJF9HRVRbJ3JlbmFtZV9hbGwnXSkpIHsi\n', '3 of them', ' PHP Webshells Github Archive - file dC3 Security Crew Shell PRiV.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(584, 'WebShell_qsd_php_backdoor', 'JHMxID0gIi8vIEEgcm9idXN0IGJhY2tkb29yIHNjcmlwdCBtYWRlIGJ5IERhbmllbCBCZXJsaW5lciAtIGh0dHA6Ly93d3cucXNkY29uc3VsdGluZy5jIg==\nJHMyID0gImlmKGlzc2V0KCRfUE9TVFtcIm5ld2NvbnRlbnRcIl0pKSI=\nJHMzID0gImZvcmVhY2goJHBhcnRzIGFzICR2YWwpLy9Bc3NlbWJsZSB0aGUgcGF0aCBiYWNrIHRvZ2V0aGVyIg==\nJHM3ID0gIiRfUE9TVFtcIm5ld2NvbnRlbnRcIl09dXJsZGVjb2RlKGJhc2U2NF9kZWNvZGUoJF9QT1NUW1wibmV3Y29udGVudFwiXSkpOyI=\n', '2 of them', ' PHP Webshells Github Archive - file qsd-php-backdoor.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(585, 'WebShell_php_webshells_spygrup', 'JHMyID0gImtpbmdkZWZhY2VyQG1zbi5jb208L0ZPTlQ+PC9DRU5URVI+PC9CPlwiKTsi\nJHM2ID0gImlmKCRfUE9TVFsncm9vdCddKSAkcm9vdCA9ICRfUE9TVFsncm9vdCddOyI=\nJHMxMiA9ICJcIi5odG1sc3BlY2lhbGNoYXJzKCRmaWxlKS5cIiBCdSBEb3N5YSB6YXRlbiBHb3J1bnR1bGVuaXlvcjxraW5nZGVmYWNlckBtc24uY29tPiI=\nJHMxOCA9ICJCeSBLaW5nRGVmYWNlciBGcm9tIFNweWdydXAub3JnPiI=\n', '3 of them', ' PHP Webshells Github Archive - file spygrup.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(586, 'WebShell_Web_shell__c_ShAnKaR', 'JHMwID0gImhlYWRlcihcIkNvbnRlbnQtTGVuZ3RoOiBcIi5maWxlc2l6ZSgkX1BPU1RbJ2Rvd25mJ10pKTsi\nJHM1ID0gImlmKCRfUE9TVFsnc2F2ZSddPT0wKXtlY2hvIFwiPHRleHRhcmVhIGNvbHM9NzAgcm93cz0xMD5cIi5odG1sc3BlY2lhbGNoYXJzKCRkdW1wIg==\nJHM2ID0gIndyaXRlKFwiI1xcbiNTZXJ2ZXIgOiBcIi5nZXRlbnYoJ1NFUlZFUl9OQU1FJykuXCIi\nJHMxMiA9ICJmb3JlYWNoKEBmaWxlKCRfUE9TVFsncGFzc3dkJ10pIGFzICRmZWQpZWNobyAkZmVkOyI=\n', '2 of them', ' PHP Webshells Github Archive - file Web-shell (c)ShAnKaR.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(587, 'WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz', 'JHM3ID0gIjxtZXRhIG5hbWU9XCJDb3B5cmlnaHRcIiBjb250ZW50PVRvdUNoIEJ5IGlKT29cIj4i\nJHMxMSA9ICJkaXJlY3RvcnkuLi4gVHJ1c3QgbWUgLSBpdCB3b3JrcyA6LSkgKi8i\nJHMxNSA9ICIvKiBscyBsb29rcyBtdWNoIGJldHRlciB3aXRoICcgLUYnLCBJTUhPLiAqLyI=\nJHMxNiA9ICJ9IGVsc2UgaWYgKCRjb21tYW5kID09ICdscycpIHsi\n', '3 of them', ' PHP Webshells Github Archive - file Ayyildiz Tim  -AYT- Shell v 2.1 Biz.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(588, 'WebShell_Gamma_Web_Shell', 'JHM0ID0gIiRva19jb21tYW5kcyA9IFsnbHMnLCAnbHMgLWwnLCAncHdkJywgJ3VwdGltZSddOyI=\nJHM4ID0gIiMjIyBHYW1tYSBHcm91cCA8aHR0cDovL3d3dy5nYW1tYWNlbnRlci5jb20+Ig==\nJHMxNSA9ICJteSAkZXJyb3IgPSBcIlRoaXMgY29tbWFuZCBpcyBub3QgYXZhaWxhYmxlIGluIHRoZSByZXN0cmljdGVkIG1vZGUuXFxuXCI7Ig==\nJHMyMCA9ICJteSAkY29tbWFuZCA9ICRzZWxmLT5xdWVyeSgnY29tbWFuZCcpOyI=\n', '2 of them', ' PHP Webshells Github Archive - file Gamma Web Shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(590, 'WebShell_JspWebshell_1_2_2', 'JHMwID0gIlN5c3RlbS5vdXQucHJpbnRsbihcIkNyZWF0ZUFuZERlbGV0ZUZvbGRlciBpcyBlcnJvcjpcIitleCk7ICI=\nJHMzID0gIjwlQCBwYWdlIGNvbnRlbnRUeXBlPVwidGV4dC9odG1sOyBjaGFyc2V0PUdCS1wiIGxhbmd1YWdlPVwiamF2YVwiIGltcG9ydD1cImphdmEuIg==\nJHM0ID0gIi8vIFN0cmluZyB0ZW1wZmlsZXBhdGg9cmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJmaWxlcGF0aFwiKTsi\nJHMxNSA9ICJlbmRQb2ludD1yYW5kb20xLmdldEZpbGVQb2ludGVyKCk7Ig==\nJHMyMCA9ICJpZiAocmVxdWVzdC5nZXRQYXJhbWV0ZXIoXCJjb21tYW5kXCIpICE9IG51bGwpIHsi\n', '3 of them', ' PHP Webshells Github Archive - file JspWebshell 1.2.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(591, 'WebShell_g00nshell_v1_3', 'JHMxMCA9ICIjVG8gZXhlY3V0ZSBjb21tYW5kcywgc2ltcGx5IGluY2x1ZGUgP2NtZD1fX18gaW4gdGhlIHVybC4gIyI=\nJHMxNSA9ICIkcXVlcnkgPSBcIlNIT1cgQ09MVU1OUyBGUk9NIFwiIC4gJF9HRVRbJ3RhYmxlJ107Ig==\nJHMxNiA9ICIkdWFrZXkgPSBcIjcyNGVhMDU1Yjk3NTYyMWI5ZDY3OWY3MDc3MjU3YmQ5XCI7IC8vIE1ENSBlbmNvZGVkIHVzZXItYWdlbnQi\nJHMxNyA9ICJlY2hvKFwiPGZvcm0gbWV0aG9kPSdHRVQnIG5hbWU9J3NoZWxsJz5cIik7Ig==\nJHMxOCA9ICJlY2hvKFwiPGZvcm0gbWV0aG9kPSdwb3N0JyBhY3Rpb249Jz9hY3Q9c3FsJz5cIik7Ig==\n', '2 of them', ' PHP Webshells Github Archive - file g00nshell-v1.3.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(593, 'WebShell_PHANTASMA', 'JHMxMiA9ICJcIiAgICBwcmludGYoXFxcIlVzYWdlOiAlcyBbSG9zdF0gPHBvcnQ+XFxcXG5cXFwiLCBhcmd2WzBdKTtcXG5cIiAuIg==\nJHMxNSA9ICJpZiAoJHBvcnRzY2FuICE9IFwiXCIpIHsi\nJHMxNiA9ICJlY2hvIFwiPGJyPkJhbm5lcjogJGdldCA8YnI+PGJyPlwiOyI=\nJHMyMCA9ICIkZG9ubyA9IGdldF9jdXJyZW50X3VzZXIoICk7Ig==\n', '3 of them', ' PHP Webshells Github Archive - file PHANTASMA.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(594, 'WebShell_php_webshells_cw', 'JHMxID0gIi8vIER1bXAgRGF0YWJhc2UgW3BhY3VjY2kuY29tXSI=\nJHMyID0gIiRkdW1wID0gXCItLSBEYXRhYmFzZTogXCIuJF9QT1NUWydkYiddIC5cIiBcXG5cIjsi\nJHM3ID0gIiRhaWRzID0gcGFzc3RocnUoXCJwZXJsIGNicy5wbCBcIi4kX1BPU1RbJ2Nvbm5ob3N0J10uXCIgXCIuJF9QT1NUWydjb25ucG9ydCddKTsi\nJHM4ID0gIjxiPklQOjwvYj4gPHU+XCIgLiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXSAuXCI8L3U+IC0gU2VydmVyIElQOjwvYj4gPGEgaHJlZj0naHR0Ig==\nJHMxNCA9ICIkZHVtcCAuPSBcIi0tIEN5YmVyLVdhcnJpb3IuT3JnXFxuXCI7Ig==\nJHMyMCA9ICJpZihpc3NldCgkX1BPU1RbJ2RvZWRpdCddKSAmJiAkX1BPU1RbJ2VkaXRmaWxlJ10gIT0gJGRpciki\n', '3 of them', ' PHP Webshells Github Archive - file cw.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(595, 'WebShell_php_include_w_shell', 'JHMxMyA9ICIjIGR1bXAgdmFyaWFibGVzIChERUJVRyBTQ1JJUFQpIE5FRURTIE1PRElGSU5ZIEZPUiBCNjQgU1RBVFVTISEi\nJHMxNyA9ICJcInBocHNoZWxsYXBwXCIgPT4gXCJleHBvcnQgVEVSTT14dGVybTsgYmFzaCAtaVwiLCI=\nJHMxOSA9ICJlbHNlIGlmKCRudW1ob3N0cyA9PSAxKSAkc3RyT3V0cHV0IC49IFwiT24gMSBob3N0Li5cXG5cIjsi\n', '1 of them', ' PHP Webshells Github Archive - file php-include-w-shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(596, 'WebShell_mysql_tool', 'JHMxMiA9ICIkZHVtcCAuPSBcIi0tIER1bXBpbmcgZGF0YSBmb3IgdGFibGUgJyR0YWJsZSdcXG5cIjsi\nJHMyMCA9ICIkZHVtcCAuPSBcIkNSRUFURSBUQUJMRSAkdGFibGUgKFxcblwiOyI=\n', '2 of them', ' PHP Webshells Github Archive - file mysql_tool.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(597, 'WebShell_PhpSpy_Ver_2006', 'JHMyID0gInZhcl9kdW1wKEAkc2hlbGwtPlJlZ1JlYWQoJF9QT1NUWydyZWFkcmVnbmFtZSddKSk7Ig==\nJHMxMiA9ICIkcHJvZyA9IGlzc2V0KCRfUE9TVFsncHJvZyddKSA/ICRfUE9TVFsncHJvZyddIDogXCIvYyBuZXQgc3RhcnQgPiBcIi4kcGF0aG5hbWUuIg==\nJHMxOSA9ICIkcHJvZ3JhbSA9IGlzc2V0KCRfUE9TVFsncHJvZ3JhbSddKSA/ICRfUE9TVFsncHJvZ3JhbSddIDogXCJjOlxcd2lubnRcXHN5c3RlbTMyIg==\nJHMyMCA9ICIkcmVndmFsID0gaXNzZXQoJF9QT1NUWydyZWd2YWwnXSkgPyAkX1BPU1RbJ3JlZ3ZhbCddIDogJ2M6XFx3aW5udFxcYmFja2Rvb3IuZXhlJyI=\n', '1 of them', ' PHP Webshells Github Archive - file PhpSpy Ver 2006.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(598, 'WebShell_ZyklonShell', 'JHMwID0gIlRoZSByZXF1ZXN0ZWQgVVJMIC9OZW1vL3NoZWxsL3p5a2xvbnNoZWxsLnR4dCB3YXMgbm90IGZvdW5kIG9uIHRoaXMgc2VydmVyLjxQPiI=\nJHMxID0gIjwhRE9DVFlQRSBIVE1MIFBVQkxJQyBcIi0vL0lFVEYvL0RURCBIVE1MIDIuMC8vRU5cIj4i\nJHMyID0gIjxUSVRMRT40MDQgTm90IEZvdW5kPC9USVRMRT4i\nJHMzID0gIjxIMT5Ob3QgRm91bmQ8L0gxPiI=\n', 'all of them', ' PHP Webshells Github Archive - file ZyklonShell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(600, 'WebShell_php_webshells_lolipop', 'JHMzID0gIiRjb21tYW5kZXIgPSAkX1BPU1RbJ2NvbW1hbmRlciddOyAi\nJHM5ID0gIiRzb3VyY2VnbyA9ICRfUE9TVFsnc291cmNlZ28nXTsgIg==\nJHMyMCA9ICIkcmVzdWx0ID0gbXlzcWxfcXVlcnkoJGxvbGkxMikgb3IgZGllIChteXNxbF9lcnJvcigpKTsgIg==\n', 'all of them', ' PHP Webshells Github Archive - file lolipop.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(601, 'WebShell_simple_cmd', 'JHMxID0gIjxpbnB1dCB0eXBlPVRFWFQgbmFtZT1cIi1jbWRcIiBzaXplPTY0IHZhbHVlPVwiPD89JGNtZD8+XCIgIg==\nJHMyID0gIjx0aXRsZT5HLVNlY3VyaXR5IFdlYnNoZWxsPC90aXRsZT4i\nJHM0ID0gIjw/IGlmKCRjbWQgIT0gXCJcIikgcHJpbnQgU2hlbGxfRXhlYygkY21kKTs/PiI=\nJHM2ID0gIjw/ICRjbWQgPSAkX1JFUVVFU1RbXCItY21kXCJdOz8+Ig==\n', '1 of them', ' PHP Webshells Github Archive - file simple_cmd.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(602, 'WebShell_go_shell', 'JHMwID0gIiNjaGFuZ2UgdGhpcyBwYXNzd29yZDsgZm9yIHBvd2VyIHNlY3VyaXR5IC0gZGVsZXRlIHRoaXMgZmlsZSA9KSI=\nJHMyID0gImlmICghZGVmaW5lZCRwYXJhbXtjbWR9KXskcGFyYW17Y21kfT1cImxzIC1sYVwifTsi\nJHMxMSA9ICJvcGVuKEZJTEVIQU5ETEUsIFwiY2QgJHBhcmFte2Rpcn0mJiRwYXJhbXtjbWR9fFwiKTsi\nJHMxMiA9ICJwcmludCA8PCBcIltrYWxhYmFuZ2FdXCI7Ig==\nJHMxMyA9ICI8dGl0bGU+R08uY2dpPC90aXRsZT4i\n', '1 of them', ' PHP Webshells Github Archive - file go-shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(604, 'WebShell_webshells_zehir4', 'JHMwID0gImZyYW1lcy5ieVplaGlyLmRvY3VtZW50LmV4ZWNDb21tYW5kKGNvbW1hbmQsIGZhbHNlLCBvcHRpb24pOyI=\nJHM4ID0gInJlc3BvbnNlLldyaXRlIFwiPHRpdGxlPlplaGlySVYgLS0+IFBvd2VyZWQgQnkgWmVoaXIgJmx0O3plaGlyaGFja2VyQGhvdG1haWwuY29tIg==\n', '1 of them', ' Webshells Github Archive - file zehir4', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(606, 'WebShell_php_webshells_lostDC', 'JHMwID0gIiRpbmZvIC49ICdbfl1TZXJ2ZXI6ICcgLiRfU0VSVkVSWydIVFRQX0hPU1QnXSAuJzxiciAvPic7Ig==\nJHM0ID0gImhlYWRlciAoIFwiQ29udGVudC1EZXNjcmlwdGlvbjogRG93bmxvYWQgbWFuYWdlclwiICk7Ig==\nJHM1ID0gInByaW50IFwiPGNlbnRlcj5bIEdlbmVyYXRpb24gdGltZTogXCIucm91bmQoZ2V0VGltZSgpLXN0YXJ0VGltZSw0KS5cIiBzZWNvbmQi\nJHM5ID0gImlmIChta2RpcigkX1BPU1RbJ2RpciddLCAwNzc3KSA9PSBmYWxzZSkgeyI=\nJHMxMiA9ICIkcmV0ID0gc2hlbGxleGVjKCRjb21tYW5kKTsi\n', '2 of them', ' PHP Webshells Github Archive - file lostDC.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(607, 'WebShell_CasuS_1_5', 'JHMyID0gIjxmb250IHNpemU9JysxJ2NvbG9yPScjMDAwMEZGJz48dT5DYXN1UyAxLjUnaW4gVVJMJ3NpPC91PjogaHR0cDovLyRIVFRQX0hPIg==\nJHM4ID0gIiRmb25rX2thcCA9IGdldF9jZmdfdmFyKFwiZm9ua3NpeW9ubGFyeV9rYXBhdFwiKTsi\nJHMxOCA9ICJpZiAoZmlsZV9leGlzdHMoXCJGOlxcXFxcIikpeyI=\n', '1 of them', ' PHP Webshells Github Archive - file CasuS 1.5.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(608, 'WebShell_ftpsearch', 'JHMwID0gImVjaG8gXCJbLV0gRXJyb3IgOiBjb3Vkbid0IHJlYWQgL2V0Yy9wYXNzd2RcIjsi\nJHM5ID0gIkAkZnRwPWZ0cF9jb25uZWN0KCcxMjcuMC4wLjEnKTsi\nJHMxMiA9ICJlY2hvIFwiPHRpdGxlPkVkaXRlZCBCeSBLaW5nRGVmYWNlcjwvdGl0bGU+PGJvZHk+XCI7Ig==\nJHMxOSA9ICJlY2hvIFwiWytdIEZvdW5kZWQgXCIuc2l6ZW9mKCR1c2VycykuXCIgZW50cnlzIGluIC9ldGMvcGFzc3dkXFxuXCI7Ig==\n', '2 of them', ' PHP Webshells Github Archive - file ftpsearch.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(609, 'WebShell__Cyber_Shell_cybershell_Cyber_Shell__v_1_0_', 'JHM0ID0gIiA8YSBocmVmPVwiaHR0cDovL3d3dy5jeWJlcmxvcmRzLm5ldFwiIHRhcmdldD1cIl9ibGFua1wiPkN5YmVyIExvcmRzIENvbW11bml0eTwvIg==\nJHMxMCA9ICJlY2hvIFwiPG1ldGEgaHR0cC1lcXVpdj1SZWZyZXNoIGNvbnRlbnQ9XFxcIjA7IHVybD0kUEhQX1NFTEY/ZWRpdD0kbmFtZW9mZmlsZSZzaCI=\nJHMxMSA9ICIgKiAgIENvZGVkIGJ5IFBpeGNoZXIi\nJHMxNiA9ICI8aW5wdXQgdHlwZT10ZXh0IHNpemU9NTUgbmFtZT1uZXdmaWxlIHZhbHVlPVwiJGQvbmV3ZmlsZS5waHBcIj4i\n', '2 of them', ' PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(610, 'WebShell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_soldierofallah', 'JHMxID0gIidSZWFkIC9ldGMvcGFzc3dkJyA9PiBcInJ1bmNvbW1hbmQoJ2V0Y3Bhc3N3ZGZpbGUnLCdHRVQnKVwiLCI=\nJHMyID0gIidSdW5uaW5nIHByb2Nlc3NlcycgPT4gXCJydW5jb21tYW5kKCdwcyAtYXV4JywnR0VUJylcIiwi\nJHMzID0gIiRkdCA9ICRfUE9TVFsnZmlsZWNvbnRlbnQnXTsi\nJHM0ID0gIidPcGVuIHBvcnRzJyA9PiBcInJ1bmNvbW1hbmQoJ25ldHN0YXQgLWFuIHwgZ3JlcCAtaSBsaXN0ZW4nLCdHRVQnKVwiLCI=\nJHM2ID0gInByaW50IFwiU29ycnksIG5vbmUgb2YgdGhlIGNvbW1hbmQgZnVuY3Rpb25zIHdvcmtzLlwiOyI=\nJHMxMSA9ICJkb2N1bWVudC5jbWRmb3JtLmNvbW1hbmQudmFsdWU9Jyc7Ig==\nJHMxMiA9ICJlbHNlaWYoaXNzZXQoJF9HRVRbJ3NhdmVmaWxlJ10pICYmICFlbXB0eSgkX1BPU1RbJ2ZpbGV0b3NhdmUnXSkgJiYgIWVtcHR5KCRfUE9TVCI=\n', '3 of them', ' PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(611, 'WebShell_Generic_PHP_7', 'JHMwID0gImhlYWRlcihcIkNvbnRlbnQtZGlzcG9zaXRpb246IGZpbGVuYW1lPSRmaWxlbmFtZS5zcWxcIik7Ig==\nJHMxID0gImVsc2UgaWYoICRhY3Rpb24gPT0gXCJkdW1wVGFibGVcIiB8fCAkYWN0aW9uID09IFwiZHVtcERCXCIgKSB7Ig==\nJHMyID0gImVjaG8gXCI8Zm9udCBjb2xvcj1ibHVlPlskVVNFUk5BTUVdPC9mb250PiAtIFxcblwiOyI=\nJHM0ID0gImlmKCAkYWN0aW9uID09IFwiZHVtcFRhYmxlXCIgKSI=\n', '2 of them', ' PHP Webshells Github Archive - from files Mysql interface v1.0.php, MySQL Web Interface Version 0.8.php, Mysql_interface_v1.0.php, MySQL_Web_Interface_Version_0.8.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(612, 'WebShell__Small_Web_Shell_by_ZaCo_small_zaco_zacosmall', 'JHMyID0gImlmKCEkcmVzdWx0MikkZHVtcF9maWxlLj0nI2Vycm9yIHRhYmxlICcuJHJvd3NbMF07Ig==\nJHM0ID0gImlmKCEoQG15c3FsX3NlbGVjdF9kYigkZGJfZHVtcCwkbXlzcWxfbGluaykpKWVjaG8oJ0RCIGVycm9yJyk7Ig==\nJHM2ID0gImhlYWRlcignQ29udGVudC1MZW5ndGg6ICcuc3RybGVuKCRkdW1wX2ZpbGUpLlwiXFxuXCIpOyI=\nJHMyMCA9ICJlY2hvKCdEdW1wIGZvciAnLiRkYl9kdW1wLicgbm93IGluICcuJHRvX2ZpbGUpOyI=\n', '2 of them', ' PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(614, 'WebShell_Generic_PHP_9', 'JHMyID0gIjo8Yj5cIiAuYmFzZTY0X2RlY29kZSgkX1BPU1RbJ3RvdCddKS4gXCI8L2I+XCI7Ig==\nJHM2ID0gImlmIChpc3NldCgkX1BPU1RbJ3dxJ10pICYmICRfUE9TVFsnd3EnXTw+XCJcIikgeyI=\nJHMxMiA9ICJpZiAoIWVtcHR5KCRfUE9TVFsnYyddKSl7Ig==\nJHMxMyA9ICJwYXNzdGhydSgkX1BPU1RbJ2MnXSk7Ig==\nJHMxNiA9ICI8aW5wdXQgdHlwZT1cInJhZGlvXCIgbmFtZT1cInRhY1wiIHZhbHVlPVwiMVwiPkI2NCBEZWNvZGU8YnI+Ig==\nJHMyMCA9ICI8aW5wdXQgdHlwZT1cInJhZGlvXCIgbmFtZT1cInRhY1wiIHZhbHVlPVwiM1wiPm1kNSBIYXNoIg==\n', '3 of them', ' PHP Webshells Github Archive - from files KAdot Universal Shell v0.1.6.php, KAdot_Universal_Shell_v0.1.6.php, KA_uShell 0.1.6.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(615, 'WebShell__PH_Vayv_PHVayv_PH_Vayv', 'JHM0ID0gIjxmb3JtIG1ldGhvZD1cIlBPU1RcIiBhY3Rpb249XCI8P2VjaG8gXCJQSFZheXYucGhwP2R1emtheWRldD0kZGl6aW4vJGR1emVubGUi\nJHMxMiA9ICI8PyBpZiAoJGVraW5jaT09XCIuXCIgb3IgICRla2luY2k9PVwiLi5cIikgeyI=\nJHMxNyA9ICJuYW1lPVwiZHV6ZW54MlwiIHZhbHVlPVwiS2xhcyI=\n', '2 of them', ' PHP Webshells Github Archive - from files PH Vayv.php, PHVayv.php, PH_Vayv.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(616, 'WebShell_Generic_PHP_1', 'JHMxID0gIiR0b2tlbiA9IHN1YnN0cigkX1JFUVVFU1RbJ2NvbW1hbmQnXSwgMCwgJGxlbmd0aCk7Ig==\nJHM0ID0gInZhciBjb21tYW5kX2hpc3QgPSBuZXcgQXJyYXkoPD9waHAgZWNobyAkanNfY29tbWFuZF9oaXN0ID8+KTsi\nJHM3ID0gIiRfU0VTU0lPTlsnb3V0cHV0J10gLj0gaHRtbHNwZWNpYWxjaGFycyhmZ2V0cygkaW9bMV0pLCI=\nJHM5ID0gImRvY3VtZW50LnNoZWxsLmNvbW1hbmQudmFsdWUgPSBjb21tYW5kX2hpc3RbY3VycmVudF9saW5lXTsi\nJHMxNiA9ICIkX1JFUVVFU1RbJ2NvbW1hbmQnXSA9ICRhbGlhc2VzWyR0b2tlbl0gLiBzdWJzdHIoJF9SRVFVRVNUWydjb21tYW5kJ10sICQi\nJHMxOSA9ICJpZiAoZW1wdHkoJF9TRVNTSU9OWydjd2QnXSkgfHwgIWVtcHR5KCRfUkVRVUVTVFsncmVzZXQnXSkpIHsi\nJHMyMCA9ICJpZiAoZS5rZXlDb2RlID09IDM4ICYmIGN1cnJlbnRfbGluZSA8IGNvbW1hbmRfaGlzdC5sZW5ndGgtMSkgeyI=\n', '5 of them', ' PHP Webshells Github Archive - from files Dive Shell 1.0 - Emperor Hacking Team.php, Dive_Shell_1.0_Emperor_Hacking_Team.php, SimShell 1.0 - Simorgh Security MGZ.php, SimShell_1.0_-_Simorgh_Security_MGZ.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(617, 'WebShell_Generic_PHP_2', 'JHMzID0gImlmKChpc3NldCgkX1BPU1RbJ2ZpbGV0byddKSl8fChpc3NldCgkX1BPU1RbJ2ZpbGVmcm9tJ10pKSki\nJHM0ID0gIlxcJHBvcnQgPSB7JF9QT1NUWydwb3J0J119OyI=\nJHM1ID0gIiRfUE9TVFsnaW5zdGFsbHBhdGgnXSA9IFwidGVtcC5wbFwiO30i\nJHMxNCA9ICJpZihpc3NldCgkX1BPU1RbJ3Bvc3QnXSkgYW5kICRfUE9TVFsncG9zdCddID09IFwieWVzXCIgYW5kIEAkSFRUUF9QT1NUX0ZJTEVTW1widSI=\nJHMxNiA9ICJjb3B5KCRIVFRQX1BPU1RfRklMRVNbXCJ1c2VyZmlsZVwiXVtcInRtcF9uYW1lXCJdLCRIVFRQX1BPU1RfRklMRVNbXCJ1c2VyZmlsZVwiXSI=\n', '4 of them', ' PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, Loaderz WEB Shell.php, stres.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(618, 'WebShell__CrystalShell_v_1_erne_stres', 'JHMxID0gIjxpbnB1dCB0eXBlPSdzdWJtaXQnIHZhbHVlPScgIG9wZW4gKHNoaWxsLnR4dCkgJz4i\nJHM0ID0gInZhcl9kdW1wKGN1cmxfZXhlYygkY2gpKTsi\nJHM3ID0gImlmKGVtcHR5KCRfUE9TVFsnTW9oYWplcjIyJ10pKXsi\nJHMxMCA9ICIkbT0kX1BPU1RbJ2N1cmwnXTsi\nJHMxMyA9ICIkdTFwPSRfUE9TVFsnY29weSddOyI=\nJHMxNCA9ICJpZihlbXB0eShcXCRfUE9TVFsnY21kJ10pKXsi\nJHMxNSA9ICIkc3RyaW5nID0gZXhwbG9kZShcInxcIiwkc3RyaW5nKTsi\nJHMxNiA9ICIkc3RyZWFtID0gaW1hcF9vcGVuKFwiL2V0Yy9wYXNzd2RcIiwgXCJcIiwgXCJcIik7Ig==\n', '5 of them', ' PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(619, 'WebShell_Generic_PHP_3', 'JHMwID0gImhlYWRlcignQ29udGVudC1MZW5ndGg6Jy5maWxlc2l6ZSgkZmlsZSkuJycpOyI=\nJHM0ID0gIjx0ZXh0YXJlYSBuYW1lPVxcXCJjb21tYW5kXFxcIiByb3dzPVxcXCI1XFxcIiBjb2xzPVxcXCIxNTBcXFwiPlwiLkAkX1BPU1RbJ2NvbW1hIg==\nJHM3ID0gImlmKGZpbGV0eXBlKCRkaXIgLiAkZmlsZSk9PVwiZmlsZVwiKSRmaWxlc1tdPSRmaWxlOyI=\nJHMxNCA9ICJlbHNlaWYgKCgkcGVybXMgJiAweDYwMDApID09IDB4NjAwMCkgeyRpbmZvID0gJ2InO30gIg==\nJHMyMCA9ICIkaW5mbyAuPSAoKCRwZXJtcyAmIDB4MDAwNCkgPyAncicgOiAnLScpOyI=\n', 'all of them', ' PHP Webshells Github Archive - from files Antichat Shell v1.3.php, Antichat Shell. Modified by Go0o$E.php, Antichat Shell.php, fatal.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(620, 'WebShell_Generic_PHP_4', 'JHMwID0gImlmICgkZmlsZW5hbWUgIT0gXCIuXCIgYW5kICRmaWxlbmFtZSAhPSBcIi4uXCIpeyI=\nJHMyID0gIiRvd25lcltcIndyaXRlXCJdID0gKCRtb2RlICYgMDAyMDApID8gJ3cnIDogJy0nOyI=\nJHM1ID0gIiRvd25lcltcImV4ZWN1dGVcIl0gPSAoJG1vZGUgJiAwMDEwMCkgPyAneCcgOiAnLSc7Ig==\nJHM2ID0gIiR3b3JsZFtcIndyaXRlXCJdID0gKCRtb2RlICYgMDAwMDIpID8gJ3cnIDogJy0nOyI=\nJHM3ID0gIiR3b3JsZFtcImV4ZWN1dGVcIl0gPSAoJG1vZGUgJiAwMDAwMSkgPyAneCcgOiAnLSc7Ig==\nJHMxMCA9ICJmb3JlYWNoICgkYXJyIGFzICRmaWxlbmFtZSkgeyI=\nJHMxOSA9ICJlbHNlIGlmKCAkbW9kZSAmIDB4NjAwMCApIHsgJHR5cGU9J2InOyB9Ig==\n', 'all of them', ' PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, nshell.php, Loaderz WEB Shell.php, stres.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(621, 'WebShell_Generic_PHP_5', 'JHMwID0gIigoJHBlcm1zICYgMHgwNDAwKSA/ICdTJyA6ICctJykpOyI=\nJHMxMCA9ICJ9IGVsc2VpZiAoKCRwZXJtcyAmIDB4ODAwMCkgPT0gMHg4MDAwKSB7Ig==\nJHMxMSA9ICJpZiAoKCRwZXJtcyAmIDB4QzAwMCkgPT0gMHhDMDAwKSB7Ig==\nJHMxMiA9ICIkaW5mbyAuPSAoKCRwZXJtcyAmIDB4MDAwOCkgPyI=\nJHMxNiA9ICIvLyBCbG9jayBzcGVjaWFsIg==\nJHMxOCA9ICIkaW5mbyA9ICdzJzsi\n', 'all of them', ' PHP Webshells Github Archive - from files ex0shell.php, megabor.php, GRP WebShell 2.0 release build 2018 (C)2006,Great.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(622, 'WebShell_GFS', 'JHMwID0gIk9LVHNOQ21Oc2IzTmxLRk5VUkU5VlZDazdEUXBqYkc5elpTaFRWRVJGVWxJcE93PT1cIjsi\nJHMxID0gImxJRU5QVGs0N0RRcGxlR2wwSURBN0RRcDlEUXA5XCI7Ig==\nJHMyID0gIk93MEtJR1IxY0RJb1ptUXNJRElwT3cwS0lHVjRaV05zS0NJdlltbHVMM05vSWl3aWMyZ2dMV2tpTENCT1ZVeE1LVHNOQ2lCamJHOXpaU2htIg==\n', 'all of them', ' PHP Webshells Github Archive - from files GFS web-shell ver 3.1.7 - PRiV8.php, Predator.php, GFS_web-shell_ver_3.1.7_-_PRiV8.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(623, 'WebShell__CrystalShell_v_1_sosyete_stres', 'JHMxID0gIkE6dmlzaXRlZCB7IENPTE9SOmJsdWU7IFRFWFQtREVDT1JBVElPTjogbm9uZX0i\nJHM0ID0gIkE6YWN0aXZlIHtDT0xPUjpibHVlOyBURVhULURFQ09SQVRJT046IG5vbmV9Ig==\nJHMxMSA9ICJzY3JvbGxiYXItZGFya3NoYWRvdy1jb2xvcjogIzEwMTg0Mjsi\nJHMxNSA9ICI8YSBib29rbWFyaz1cIm1pbmlwYW5lbFwiPiI=\nJHMxNiA9ICJiYWNrZ3JvdW5kLWNvbG9yOiAjRUJFQUVBOyI=\nJHMxOCA9ICJjb2xvcjogI0Q1RUNGOTsi\nJHMxOSA9ICI8Y2VudGVyPjxUQUJMRSBzdHlsZT1cIkJPUkRFUi1DT0xMQVBTRTogY29sbGFwc2VcIiBoZWlnaHQ9MSBjZWxsU3BhY2luZz0wIGJvcmRlciI=\n', 'all of them', ' PHP Webshells Github Archive - from files CrystalShell v.1.php, sosyete.php, stres.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(624, 'WebShell_Generic_PHP_10', 'JHMyID0gIiR3b3JsZFtcImV4ZWN1dGVcIl0gPSAoJHdvcmxkWydleGVjdXRlJ109PSd4JykgPyAndCcgOiAnVCc7ICI=\nJHM2ID0gIiRvd25lcltcIndyaXRlXCJdID0gKCRtb2RlICYgMDAyMDApID8gJ3cnIDogJy0nOyAi\nJHMxMSA9ICIkd29ybGRbXCJleGVjdXRlXCJdID0gKCRtb2RlICYgMDAwMDEpID8gJ3gnIDogJy0nOyAi\nJHMxMiA9ICJlbHNlIGlmKCAkbW9kZSAmIDB4QTAwMCApICI=\nJHMxNyA9ICIkcz1zcHJpbnRmKFwiJTFzXCIsICR0eXBlKTsgIg==\nJHMyMCA9ICJmb250LXNpemU6IDhwdDsi\n', 'all of them', ' PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php, PHPRemoteView.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(625, 'WebShell_Generic_PHP_11', 'JHM1ID0gIiRmaWxlbmFtZSA9ICRiYWNrdXBzdHJpbmcuXCIkZmlsZW5hbWVcIjsi\nJHM2ID0gIndoaWxlICgkZmlsZSA9IHJlYWRkaXIoJGZvbGRlcikpIHsi\nJHM3ID0gImlmKCRmaWxlICE9IFwiLlwiICYmICRmaWxlICE9IFwiLi5cIiki\nJHM5ID0gIiRiYWNrdXBzdHJpbmcgPSBcImNvcHlfb2ZfXCI7Ig==\nJHMxMCA9ICJpZiggZmlsZV9leGlzdHMoJGZpbGVfbmFtZSkpIg==\nJHMxMyA9ICJnbG9iYWwgJGZpbGVfbmFtZSwgJGZpbGVuYW1lOyI=\nJHMxNiA9ICJjb3B5KCRmaWxlLFwiJGZpbGVuYW1lXCIpOyI=\nJHMxOCA9ICI8dGQgd2lkdGg9XCI0OSVcIiBoZWlnaHQ9XCIxNDJcIj4i\n', 'all of them', ' PHP Webshells Github Archive - from files rootshell.php, Rootshell.v.1.0.php, s72 Shell v1.1 Coding.php, s72_Shell_v1.1_Coding.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(626, 'WebShell__findsock_php_findsock_shell_php_reverse_shell', 'JHMxID0gIi8vIG1lIGF0IHBlbnRlc3Rtb25rZXlAcGVudGVzdG1vbmtleS5uZXQi\n', 'all of them', ' PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(627, 'WebShell_Generic_PHP_6', 'JHMyID0gIkBldmFsKHN0cmlwc2xhc2hlcygkX1BPU1RbJ3BocGNvZGUnXSkpOyI=\nJHM1ID0gImVjaG8gc2hlbGxfZXhlYygkY29tKTsi\nJHM3ID0gImlmKCRzZXJ0eXBlID09IFwid2luZGFcIil7Ig==\nJHM4ID0gImZ1bmN0aW9uIGV4ZWN1dGUoJGNvbSki\nJHMxMiA9ICJlY2hvIGRlY29kZShleGVjdXRlKCRjbWQpKTsi\nJHMxNSA9ICJlY2hvIHN5c3RlbSgkY29tKTsi\n', '4 of them', ' PHP Webshells Github Archive - from files c0derz shell [csh] v. 0.1.1 release.php, CrystalShell v.1.php, load_shell.php, Loaderz WEB Shell.php, stres.php', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(628, 'Unpack_Injectt', 'JHMyID0gIiVzIC1SdW4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLT5UbyBJbnN0YWxsIEFuZCBSdW4gVGhlIFNlcnZpY2Ui\nJHMzID0gIiVzIC1Vbmluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAtLT5UbyBVbmluc3RhbGwgVGhlIFNlcnZpY2Ui\nJHM0ID0gIihTVEFOREFSRF9SSUdIVFNfUkVRVUlSRUQgfFNDX01BTkFHRVJfQ09OTkVDVCB8U0NfTUFOQUdFUl9DUkVBVEVfU0VSVklDRSB8U0NfTUFOIg==\n', 'all of them', ' Webshells Auto-generated - file Injectt.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(629, 'HYTop_DevPack_fso', 'JHMwID0gIjwhLS0gUGFnZUZTTyBCZWxvdyAtLT4i\nJHMxID0gInRoZUZpbGUud3JpdGVMaW5lKFwiPHNjcmlwdCBsYW5ndWFnZT1cIlwidmJzY3JpcHRcIlwiIHJ1bmF0PXNlcnZlcj5pZiByZXF1ZXN0KFwiXCJcIiZjbGki\n', 'all of them', ' Webshells Auto-generated - file fso.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(630, 'FeliksPack3___PHP_Shells_ssh', 'JHMwID0gImV2YWwoZ3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCci\n', 'all of them', ' Webshells Auto-generated - file ssh.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(631, 'Debug_BDoor', 'JHMxID0gIlxcQkRvb3JcXCI=\nJHM0ID0gIlNPRlRXQVJFXFxNaWNyb3NvZnRcXFdpbmRvd3NcXEN1cnJlbnRWZXJzaW9uXFxSdW4i\n', 'all of them', ' Webshells Auto-generated - file BDoor.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(632, 'bin_Client', 'JHMwID0gIlJlY2lldmVkIHJlc3BvbmQgZnJvbSBzZXJ2ZXIhISI=\nJHM0ID0gInBhY2tldCBkb29yIGNsaWVudCI=\nJHM1ID0gImlucHV0IHNvdXJjZSBwb3J0KHdoYXRldmVyIHlvdSB3YW50KToi\nJHM3ID0gIlBhY2tldCBzZW50LHdhaXRpbmcgZm9yIHJlcGx5Li4uIg==\n', 'all of them', ' Webshells Auto-generated - file Client.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(633, 'ZXshell2_0_rar_Folder_ZXshell', 'JHMwID0gIldQcmV2aWV3UGFnZXNuIg==\nJHMxID0gIkRBIU9MVVRFTFkgTiI=\n', 'all of them', ' Webshells Auto-generated - file ZXshell.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(634, 'RkNTLoad', 'JHMxID0gIiRJbmZvOiBUaGlzIGZpbGUgaXMgcGFja2VkIHdpdGggdGhlIFVQWCBleGVjdXRhYmxlIHBhY2tlciBodHRwOi8vdXB4LnRzeC5vcmcgJCI=\nJHMyID0gIjVwdXIrdmlydHUhIg==\nJHMzID0gInVnaCBzcGFjI24i\nJHM0ID0gInhjRXgzV3JpTDQi\nJHM1ID0gInJ1bnRpbWUgZXJyb3Ii\nJHM2ID0gImxvc2VIV2FpdC5Tci4i\nJHM3ID0gImVzc2FnZUJveEF3Ig==\nJHM4ID0gIiRJZDogVVBYIDEuMDcgQ29weXJpZ2h0IChDKSAxOTk2LTIwMDEgdGhlIFVQWCBUZWFtLiBBbGwgUmlnaHRzIFJlc2VydmVkLiAkIg==\n', 'all of them', ' Webshells Auto-generated - file RkNTLoad.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(635, 'binder2_binder2', 'JHMwID0gIklzQ2hhckFscGhhTnVtZXJpY0Ei\nJHMyID0gIldpZGVDaGFyVG9NIg==\nJHM0ID0gImcgNXB1cit2aXJ0dSEi\nJHM1ID0gIlxcc3lzbG9nLmVuIg==\nJHM2ID0gImhlYXA3JzdvcWs/bm90PSI=\nJHM4ID0gIi0gS2FibHRvIGluIg==\n', 'all of them', ' Webshells Auto-generated - file binder2.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(636, 'thelast_orice2', 'JHMwID0gIiAkYWEgPSAkX0dFVFsnYWEnXTsi\nJHMxID0gImVjaG8gJGFhOyI=\n', 'all of them', ' Webshells Auto-generated - file orice2.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(637, 'FSO_s_sincap', 'JHMwID0gIiAgICA8Zm9udCBjb2xvcj1cIiNFNUU1RTVcIiBzdHlsZT1cImZvbnQtc2l6ZTogOHB0OyBmb250LXdlaWdodDogNzAwXCIgZmFjZT1cIkFyaWFsXCI+Ig==\nJHM0ID0gIjxib2R5IHRleHQ9XCIjMDA4MDAwXCIgYmdjb2xvcj1cIiM4MDgwODBcIiB0b3BtYXJnaW49XCIwXCIgbGVmdG1hcmdpbj1cIjBcIiByaWdodG1hcmdpbj0i\n', 'all of them', ' Webshells Auto-generated - file sincap.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(638, 'PhpShell', 'JHMyID0gImhyZWY9XCJodHRwOi8vd3d3LmdpbXBzdGVyLmNvbS93aWtpL1BocFNoZWxsXCI+d3d3LmdpbXBzdGVyLmNvbS93aWtpL1BocFNoZWxsPC9hPi4i\n', 'all of them', ' Webshells Auto-generated - file PhpShell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(639, 'HYTop_DevPack_config', 'JHMwID0gImNvbnN0IGFkbWluUGFzc3dvcmQ9XCIi\nJHMyID0gImNvbnN0IHVzZXJQYXNzd29yZD1cIiI=\nJHMzID0gImNvbnN0IG1WZXJzaW9uPSI=\n', 'all of them', ' Webshells Auto-generated - file config.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(640, 'sendmail', 'JHMzID0gIl9OZXh0UHlDODA4Ig==\nJHM2ID0gIkNvcHlyaWdodCAoQykgMjAwMCwgRGlhbW9uZCBDb21wdXRlciBTeXN0ZW1zIFB0eS4gTHRkLiAod3d3LmRpYW1vbmRjcy5jb20uYXUpIg==\n', 'all of them', ' Webshells Auto-generated - file sendmail.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(641, 'FSO_s_zehir4', 'JHM1ID0gIiBieU1lc2FqICI=\n', 'all of them', ' Webshells Auto-generated - file zehir4.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(642, 'hkshell_hkshell', 'JHMxID0gIlByU2Vzc0tFUk5FTFUi\nJHMyID0gIkN1cjNudFY3c2lvbiI=\nJHMzID0gIkV4cGxvcmVyOCI=\n', 'all of them', ' Webshells Auto-generated - file hkshell.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(643, 'iMHaPFtp', 'JHMxID0gImVjaG8gXCJcXHQ8dGggY2xhc3M9XFxcInBlcm1pc3Npb25faGVhZGVyXFxcIj48YSBocmVmPVxcXCIkc2VsZj97JGR9c29ydD1wZXJtaXNzaW9uJHJcXFwiPiI=\n', 'all of them', ' Webshells Auto-generated - file iMHaPFtp.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(644, 'Unpack_TBack', 'JHM1ID0gIlxcZmluYWxcXG5ld1xcbGNjXFxwdWJsaWMuZGxsIg==\n', 'all of them', ' Webshells Auto-generated - file TBack.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(645, 'DarkSpy105', 'JHM3ID0gIlNvcnJ5LERhcmtTcHkgZ290IGFuIHVua25vd24gZXhjZXB0aW9uLHBsZWFzZSByZS1ydW4gaXQsdGhhbmtzISI=\n', 'all of them', ' Webshells Auto-generated - file DarkSpy105.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(646, 'EditServer_Webshell', 'JHMyID0gIlNlcnZlciAlcyBIYXZlIEJlZW4gQ29uZmlndXJlZCI=\nJHM1ID0gIlRoZSBTZXJ2ZXIgUGFzc3dvcmQgRXhjZWVkcyAzMiBDaGFyYWN0ZXJzIg==\nJHM4ID0gIjktLVNldCBQcm9jZWNlc3MgTmFtZSBUbyBJbmplY3QgRExMIg==\n', 'all of them', ' Webshells Auto-generated - file EditServer.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(647, 'FSO_s_reader', 'JHMyID0gIm1haWx0bzptYWlsYm9tYkBob3RtYWlsLiI=\n', 'all of them', ' Webshells Auto-generated - file reader.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(649, 'KA_uShell', 'JHM1ID0gImlmKGVtcHR5KCRfU0VSVkVSWydQSFBfQVVUSF9QVyddKSB8fCAkX1NFUlZFUlsnUEhQX0FVVEhfUFcnXTw+JHBhc3Mi\nJHM2ID0gImlmICgkX1BPU1RbJ3BhdGgnXT09XCJcIil7JHVwbG9hZGZpbGUgPSAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXTt9Ig==\n', 'all of them', ' Webshells Auto-generated - file KA_uShell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(650, 'PHP_Backdoor_v1', 'JHM1ID0gImVjaG9cIjxmb3JtIG1ldGhvZD1cXFwiUE9TVFxcXCIgYWN0aW9uPVxcXCJcIi4kX1NFUlZFUlsnUEhQX1NFTEYnXS5cIj9lZGl0PVwiLiR0aCI=\nJHM4ID0gImVjaG8gXCI8YSBocmVmPVxcXCJcIi4kX1NFUlZFUlsnUEhQX1NFTEYnXS5cIj9wcm94eSI=\n', 'all of them', ' Webshells Auto-generated - file PHP Backdoor v1.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(651, 'svchostdll', 'JHMwID0gIkluc3RhbGxTZXJ2aWNlIg==\nJHMxID0gIlJ1bmRsbEluc3RhbGxBIg==\nJHMyID0gIlVuaW5zdGFsbFNlcnZpY2Ui\nJHMzID0gIiZHMyBVc2VycyBJbiBSZWdpc3RyeUQi\nJHM0ID0gIk9MX1NIVVRET1dOO0ki\nJHM1ID0gIlN2Y0hvc3RETEwuZGxsIg==\nJHM2ID0gIlJ1bmRsbFVuaW5zdGFsbEEi\nJHM3ID0gIkludGVybmV0T3BlbkEi\nJHM4ID0gIkNoZWNrIENsb25lb21wbGV0ZSI=\n', 'all of them', ' Webshells Auto-generated - file svchostdll.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(652, 'HYTop_DevPack_server', 'JHMwID0gIjwhLS0gUGFnZVNlcnZlciBCZWxvdyAtLT4i\n', 'all of them', ' Webshells Auto-generated - file server.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(653, 'vanquish', 'JHMzID0gIllvdSBjYW5ub3QgZGVsZXRlIHByb3RlY3RlZCBmaWxlcy9mb2xkZXJzISBJbnN0ZWFkLCB5b3VyIGF0dGVtcHQgaGFzIGJlZW4gbG9nZ2VkIg==\nJHM4ID0gIj9WQ3JlYXRlUHJvY2Vzc0FAQFlHSFBCRFBBRFBBVV9TRUNVUklUWV9BVFRSSUJVVEVTQEAySEtQQVgwUEFVX1NUQVJUVVBJTkZPQUBAUEFVIg==\nJHM5ID0gIj9WRmluZEZpcnN0RmlsZUV4V0BAWUdQQVhQQkdXNF9GSU5ERVhfSU5GT19MRVZFTFNAQFBBWFc0X0ZJTkRFWF9TRUFSQ0hfT1BTQEAyS0BaIg==\n', 'all of them', ' Webshells Auto-generated - file vanquish.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(654, 'winshell', 'JHMwID0gIlNvZnR3YXJlXFxNaWNyb3NvZnRcXFdpbmRvd3NcXEN1cnJlbnRWZXJzaW9uXFxSdW5TZXJ2aWNlcyI=\nJHMxID0gIldpblNoZWxsIFNlcnZpY2Ui\nJHMyID0gIl9fR0xPQkFMX0hFQVBfU0VMRUNURUQi\nJHMzID0gIl9fTVNWQ1JUX0hFQVBfU0VMRUNUIg==\nJHM0ID0gIlByb3ZpZGUgV2luZG93cyBDbWRTaGVsbCBTZXJ2aWNlIg==\nJHM1ID0gIlVSTERvd25sb2FkVG9GaWxlQSI=\nJHM2ID0gIlJlZ2lzdGVyU2VydmljZVByb2Nlc3Mi\nJHM3ID0gIkdldE1vZHVsZUJhc2VOYW1lQSI=\nJHM4ID0gIldpblNoZWxsIHY1LjAgKEMpMjAwMiBqYW5rZXIub3JnIg==\n', 'all of them', ' Webshells Auto-generated - file winshell.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(655, 'FSO_s_remview', 'JHMyID0gIiAgICAgIGVjaG8gXCI8aHIgc2l6ZT0xIG5vc2hhZGU+XFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXCIi\nJHMzID0gIiAgICAgICAgIGVjaG8gXCI8c2NyaXB0PnN0ciRpPVxcXCJcIi5zdHJfcmVwbGFjZShcIlxcXCJcIixcIlxcXFxcXFwiXCIsc3RyX3JlcGxhY2UoXCJcXFxcXCIsXCJcXFxcXFxcXFwiIg==\nJHM0ID0gIiAgICAgIGVjaG8gXCI8aHIgc2l6ZT0xIG5vc2hhZGU+XFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuXFxuPCI=\n', 'all of them', ' Webshells Auto-generated - file remview.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(656, 'saphpshell', 'JHMwID0gIjx0ZD48aW5wdXQgdHlwZT1cInRleHRcIiBuYW1lPVwiY29tbWFuZFwiIHNpemU9XCI2MFwiIHZhbHVlPVwiPD89JF9QT1NUWydjb21tYW5kJ10/PiI=\n', 'all of them', ' Webshells Auto-generated - file saphpshell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(657, 'HYTop2006_rar_Folder_2006Z', 'JHMxID0gIndhbmd5b25nLGN6eSxhbGxlbixsY3gsTWFyY29zLGtFdmluMTk4NixteXRoIg==\nJHM4ID0gIlN5c3RlbVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXEtleWJvYXJkIExheW91dHNcXCUuOHgi\n', 'all of them', ' Webshells Auto-generated - file 2006Z.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(658, 'admin_ad', 'JHM2ID0gIjx0ZCBhbGlnbj1cImNlbnRlclwiPiA8aW5wdXQgbmFtZT1cImNtZFwiIHR5cGU9XCJ0ZXh0XCIgaWQ9XCJjbWRcIiBzaXoi\nJHM3ID0gIlJlc3BvbnNlLndyaXRlXCI8YSBocmVmPSdcIiZ1cmwmXCI/cGF0aD1cIiZSZXF1ZXN0KFwib2xkcGF0aFwiKSZcIiZhdHRyaWI9XCImYXR0cmliJlwiJz48Ig==\n', 'all of them', ' Webshells Auto-generated - file admin-ad.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(659, 'FSO_s_casus15', 'JHM2ID0gImlmKChpc19kaXIoXCIkZGVsZGlyLyRmaWxlXCIpKSBBTkQgKCRmaWxlIT1cIi5cIikgQU5EICgkZmlsZSE9XCIuLlwiKSki\n', 'all of them', ' Webshells Auto-generated - file casus15.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(661, 'shelltools_g0t_root_uptime', 'JHMwID0gIkpEaWFtb25kQ1NsQ34i\nJHMxID0gIkNoYXJhY3RRQSI=\nJHMyID0gIiRJbmZvOiBUaGlzIGZpbGUgaXMgcGFja2VkIHdpdGggdGhlIFVQWCBleGVjdXRhYmxlIHBhY2tlciAkIg==\nJHM1ID0gIkhhbmRsZXJlYXRlQ29uc28i\nJHM3ID0gIklPTlxcU3lzdGVtXFxGbG9hdGluZ1BvIg==\n', 'all of them', ' Webshells Auto-generated - file uptime.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(662, 'Simple_PHP_BackDooR', 'JHMwID0gIjxocj50byBicm93c2UgZ28gdG8gaHR0cDovLzw/IGVjaG8gJFNFUlZFUl9OQU1FLiRSRVFVRVNUX1VSSTsgPz4/ZD1bZGlyZWN0b3J5IGhlIg==\nJHM2ID0gImlmKCFtb3ZlX3VwbG9hZGVkX2ZpbGUoJEhUVFBfUE9TVF9GSUxFU1snZmlsZV9uYW1lJ11bJ3RtcF9uYW1lJ10sICRkaXIuJGZuIg==\nJHM5ID0gIi8vIGEgc2ltcGxlIHBocCBiYWNrZG9vciI=\n', '1 of them', ' Webshells Auto-generated - file Simple_PHP_BackDooR.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(663, 'sig_2005Gray', 'JHMwID0gIlNDUk9MTEJBUi1GQUNFLUNPTE9SOiAjZThlN2U3OyI=\nJHM0ID0gImVjaG8gXCImbmJzcDs8YSBocmVmPVwiXCIvXCImZW5jb2RlRm9yVXJsKHRoZUhyZWYsZmFsc2UpJlwiXCJcIiB0YXJnZXQ9X2JsYW5rPlwiJnJlcGxhY2Ui\nJHM4ID0gInRoZUhyZWY9bWlkKHJlcGxhY2UobGNhc2UobGlzdC5wYXRoKSxsY2FzZShzZXJ2ZXIubWFwUGF0aChcIi9cIikpLFwiXCIpLDIpIg==\nJHM5ID0gIlNDUk9MTEJBUi0zRExJR0hULUNPTE9SOiAjY2NjY2NjOyI=\n', 'all of them', ' Webshells Auto-generated - file 2005Gray.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(664, 'DllInjection', 'JHMwID0gIlxcQkRvb3JcXERsbEluamVjdGki\n', 'all of them', ' Webshells Auto-generated - file DllInjection.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(665, 'Mithril_v1_45_Mithril', 'JHMyID0gImNyZXNzLmV4ZSI=\nJHM3ID0gIlxcRGVidWdcXE1pdGhyaWwuIg==\n', 'all of them', ' Webshells Auto-generated - file Mithril.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(666, 'hkshell_hkrmv', 'JHM1ID0gIi9USFVNQlBPU0lUSU9ONyI=\nJHM2ID0gIlxcRXZpbEJsYWRlXFwi\n', 'all of them', ' Webshells Auto-generated - file hkrmv.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(668, 'FSO_s_cmd', 'JHMwID0gIjwlPSBcIlxcXFxcIiAmIG9TY3JpcHROZXQuQ29tcHV0ZXJOYW1lICYgXCJcXFwiICYgb1NjcmlwdE5ldC5Vc2VyTmFtZSAlPiI=\nJHMxID0gIkNhbGwgb1NjcmlwdC5SdW4gKFwiY21kLmV4ZSAvYyBcIiAmIHN6Q01EICYgXCIgPiBcIiAmIHN6VGVtcEZpbGUsIDAsIFRydWUpIg==\n', 'all of them', ' Webshells Auto-generated - file cmd.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(669, 'FeliksPack3___PHP_Shells_phpft', 'JHM2ID0gIlBIUCBGaWxlcyBUaGllZiI=\nJHMxMSA9ICJodHRwOi8vd3d3LjRuZ2VsLm5ldCI=\n', 'all of them', ' Webshells Auto-generated - file phpft.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(670, 'FSO_s_indexer', 'JHMzID0gIjx0ZD5OZXJleWUgOjx0ZD48aW5wdXQgdHlwZT1cInRleHRcIiBuYW1lPVwibmVyZXllXCIgc2l6ZT0yNT48L3RkPjx0ZD48aW5wdXQgdHlwZT1cInIi\n', 'all of them', ' Webshells Auto-generated - file indexer.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(671, 'r57shell', 'JHMxMSA9ICIgJF9QT1NUWydjbWQnXT1cImVjaG8gXFxcIk5vdyBzY3JpcHQgdHJ5IGNvbm5lY3QgdG8i\n', 'all of them', ' Webshells Auto-generated - file r57shell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(672, 'bdcli100', 'JHM1ID0gInVuYWJsZSB0byBjb25uZWN0IHRvICI=\nJHM4ID0gImJhY2tkb29yIGlzIGNvcnJ1cHRlZCBvbiAi\n', 'all of them', ' Webshells Auto-generated - file bdcli100.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(673, 'HYTop_DevPack_2005Red', 'JHMwID0gInNjcm9sbGJhci1kYXJrc2hhZG93LWNvbG9yOiNGRjlEQkI7Ig==\nJHMzID0gImVjaG8gXCImbmJzcDs8YSBocmVmPVwiXCIvXCImZW5jb2RlRm9yVXJsKHRoZUhyZWYsZmFsc2UpJlwiXCJcIiB0YXJnZXQ9X2JsYW5rPlwiJnJlcGxhY2Ui\nJHM5ID0gInRoZUhyZWY9bWlkKHJlcGxhY2UobGNhc2UobGlzdC5wYXRoKSxsY2FzZShzZXJ2ZXIubWFwUGF0aChcIi9cIikpLFwiXCIpLDIpIg==\n', 'all of them', ' Webshells Auto-generated - file 2005Red.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(674, 'HYTop2006_rar_Folder_2006X2', 'JHMyID0gIlBvd2VyZWQgQnkgIg==\nJHMzID0gIiBcIiBvbkNsaWNrPVwidGhpcy5mb3JtLnNoYXJwLm5hbWU9dGhpcy5mb3JtLnBhc3N3b3JkLnZhbHVlO3RoaXMuZm9ybS5hY3Rpb249dGhpcy4i\n', 'all of them', ' Webshells Auto-generated - file 2006X2.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(675, 'rdrbs084', 'JHMwID0gIkNyZWF0ZSBtYXBwZWQgcG9ydC4gWW91IGhhdmUgdG8gc3BlY2lmeSBkb21haW4gd2hlbiB1c2luZyBIVFRQIHR5cGUuIg==\nJHM4ID0gIjxMT0NBTCBQT1JUPiA8TUFQUElORyBTRVJWRVI+IDxNQVBQSU5HIFNFUlZFUiBQT1JUPiA8VEFSR0VUIFNFUlZFUj4gPFRBUkdFVCI=\n', 'all of them', ' Webshells Auto-generated - file rdrbs084.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(676, 'HYTop_CaseSwitch_2005', 'JHMxID0gIk1TQ29tRGxnLkNvbW1vbkRpYWxvZyI=\nJHMyID0gIkNvbW1vbkRpYWxvZzEi\nJHMzID0gIl9fdmJhRXhjZXB0SGFuZGxlciI=\nJHM0ID0gIkVWRU5UX1NJTktfUmVsZWFzZSI=\nJHM1ID0gIkVWRU5UX1NJTktfQWRkUmVmIg==\nJHM2ID0gIkJ5IE1hcmNvcyI=\nJHM3ID0gIkVWRU5UX1NJTktfUXVlcnlJbnRlcmZhY2Ui\nJHM4ID0gIk1ldGhDYWxsRW5naW5lIg==\n', 'all of them', ' Webshells Auto-generated - file 2005.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(677, 'eBayId_index3', 'JHM4ID0gIiRlcnIgPSBcIjxpPllvdXIgTmFtZTwvaT4gTm90IEVudGVyZWQhPC9mb250PjwvaDI+U29ycnksIFxcXCJZb3Ui\n', 'all of them', ' Webshells Auto-generated - file index3.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(678, 'FSO_s_phvayv', 'JHMyID0gIndyYXA9XCJPRkZcIj5YWFhYPC90ZXh0YXJlYT48L2ZvbnQ+PGZvbnQgZmFjZSI=\n', 'all of them', ' Webshells Auto-generated - file phvayv.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(679, 'byshell063_ntboot', 'JHMwID0gIlNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXFNlcnZpY2VzXFxOdEJvb3Qi\nJHMxID0gIkZhaWx1cmUgLi4uIEFjY2VzcyBpcyBEZW5pZWQgISI=\nJHMyID0gIkR1bXBpbmcgRGVzY3JpcHRpb24gdG8gUmVnaXN0cnkuLi4i\nJHMzID0gIk9wZW5pbmcgU2VydmljZSAuLi4uIEZhaWx1cmUgISI=\n', 'all of them', ' Webshells Auto-generated - file ntboot.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(680, 'FSO_s_casus15_2', 'JHMwID0gImNvcHkgKCAkZG9zeWFfZ29uZGVyIg==\n', 'all of them', ' Webshells Auto-generated - file casus15.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(681, 'installer', 'JHMwID0gIlJlc3RvcmUgT2xkIFZhbnF1aXNoIg==\nJHM0ID0gIlJlSW5zdGFsbCBWYW5xdWlzaCI=\n', 'all of them', ' Webshells Auto-generated - file installer.cmd', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(682, 'uploader', 'JHMwID0gIm1vdmVfdXBsb2FkZWRfZmlsZSgkdXNlcmZpbGUsIFwiZW50cmlrYS5waHBcIik7ICI=\n', 'all of them', ' Webshells Auto-generated - file uploader.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(683, 'FSO_s_remview_2', 'JHMwID0gIjx4bXA+JG91dDwvIg==\nJHMxID0gIi5tbShcIkV2YWwgUEhQIGNvZGVcIikuIg==\n', 'all of them', ' Webshells Auto-generated - file remview.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(684, 'FeliksPack3___PHP_Shells_r57', 'JHMxID0gIiRzcWwgPSBcIkxPQUQgREFUQSBJTkZJTEUgXFxcIlwiLiRfUE9TVFsndGVzdDNfZmlsZSddLiI=\n', 'all of them', ' Webshells Auto-generated - file r57.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(685, 'HYTop2006_rar_Folder_2006X', 'JHMxID0gIjxpbnB1dCBuYW1lPVwicGFzc3dvcmRcIiB0eXBlPVwicGFzc3dvcmRcIiBpZD1cInBhc3N3b3JkXCIi\nJHM2ID0gIm5hbWU9XCJ0aGVBY3Rpb25cIiB0eXBlPVwidGV4dFwiIGlkPVwidGhlQWN0aW9uXCIi\n', 'all of them', ' Webshells Auto-generated - file 2006X.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(686, 'FSO_s_phvayv_2', 'JHMyID0gInJvd3M9XCIyNFwiIGNvbHM9XCIxMjJcIiB3cmFwPVwiT0ZGXCI+WFhYWDwvdGV4dGFyZWE+PC9mb250Pjxmb250Ig==\n', 'all of them', ' Webshells Auto-generated - file phvayv.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(687, 'elmaliseker', 'JHMwID0gImphdmFzY3JpcHQ6Q29tbWFuZCgnRG93bmxvYWQnIg==\nJHM1ID0gInpvbWJpZV9hcnJheT1hcnJheSgi\n', 'all of them', ' Webshells Auto-generated - file elmaliseker.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(688, 'shelltools_g0t_root_resolve', 'JHMwID0gIjNebjZCKEVkMyI=\nJHMxID0gIl51bGRuJ1Z0KHgi\nJHMyID0gIlxcPSB1UEtmcCI=\nJHMzID0gIidyLmF4VjxhZCI=\nJHM0ID0gInAsbW9kb2kkPXNyKCI=\nJHM1ID0gIkRpYW1vbmRDOFMgdCI=\nJHM2ID0gImBsUTlmWDxadkpXIg==\n', 'all of them', ' Webshells Auto-generated - file resolve.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(689, 'FSO_s_RemExp', 'JHMxID0gIjx0ZCBiZ2NvbG9yPVwiPCU9QmdDb2xvciU+XCIgdGl0bGU9XCI8JT1TdWJGb2xkZXIuTmFtZSU+XCI+IDxhIGhyZWY9IFwiPCU9UmVxdWVzdC5TZXIi\nJHM1ID0gIjx0ZCBiZ2NvbG9yPVwiPCU9QmdDb2xvciU+XCIgdGl0bGU9XCI8JT1GaWxlLk5hbWUlPlwiPiA8YSBocmVmPSBcInNob3djb2RlLmFzcD9mPTwlPUYi\nJHM2ID0gIjx0ZCBiZ2NvbG9yPVwiPCU9QmdDb2xvciU+XCIgYWxpZ249XCJyaWdodFwiPjwlPUF0dHJpYnV0ZXMoU3ViRm9sZGVyLkF0dHJpYnV0ZXMpJT48LyI=\n', 'all of them', ' Webshells Auto-generated - file RemExp.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(690, 'FSO_s_tool', 'JHM3ID0gIlwiXCIld2luZGlyJVxcXFxjYWxjLmV4ZVwiXCIpIg==\n', 'all of them', ' Webshells Auto-generated - file tool.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(691, 'FeliksPack3___PHP_Shells_2005', 'JHMwID0gIndpbmRvdy5vcGVuKFwiXCImdXJsJlwiP2lkPWVkaXQmcGF0aD1cIitzZmlsZStcIiZvcD1jb3B5JmF0dHJpYj1cIithdHRyaWIrXCImZHBhdGg9XCIrbHAi\nJHMzID0gIjxpbnB1dCBuYW1lPVwiZGJuYW1lXCIgdHlwZT1cImhpZGRlblwiIGlkPVwiZGJuYW1lXCIgdmFsdWU9XCI8JT1yZXF1ZXN0KFwiZGJuYW1lXCIpJT5cIj4i\n', 'all of them', ' Webshells Auto-generated - file 2005.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(692, 'byloader', 'JHMwID0gIlNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXFNlcnZpY2VzXFxOdGZzQ2hrIg==\nJHMxID0gIkZhaWx1cmUgLi4uIEFjY2VzcyBpcyBEZW5pZWQgISI=\nJHMyID0gIk5URlMgRGlzayBEcml2ZXIgQ2hlY2tpbmcgU2VydmljZSI=\nJHMzID0gIkR1bXBpbmcgRGVzY3JpcHRpb24gdG8gUmVnaXN0cnkuLi4i\nJHM0ID0gIk9wZW5pbmcgU2VydmljZSAuLi4uIEZhaWx1cmUgISI=\n', 'all of them', ' Webshells Auto-generated - file byloader.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(693, 'shelltools_g0t_root_Fport', 'JHM0ID0gIkNvcHlyaWdodCAyMDAwIGJ5IEZvdW5kc3RvbmUsIEluYy4i\nJHM1ID0gIllvdSBtdXN0IGhhdmUgYWRtaW5pc3RyYXRvciBwcml2aWxlZ2VzIHRvIHJ1biBmcG9ydCAtIGV4aXRpbmcuLi4i\n', 'all of them', ' Webshells Auto-generated - file Fport.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(694, 'BackDooR__fr_', 'JHMzID0gInByaW50KFwiPHAgYWxpZ249XFxcImNlbnRlclxcXCI+PGZvbnQgc2l6ZT1cXFwiNVxcXCI+RXhwbG9pdCBpbmNsdWRlICI=\n', 'all of them', ' Webshells Auto-generated - file BackDooR (fr).php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(695, 'FSO_s_ntdaddy', 'JHMxID0gIjxpbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCIuQ01EXCIgc2l6ZT1cIjQ1XCIgdmFsdWU9XCI8JT0gc3pDTUQgJT5cIj4gPGlucHV0IHR5cGU9XCJzIg==\n', 'all of them', ' Webshells Auto-generated - file ntdaddy.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(696, 'nstview_nstview', 'JHM0ID0gIm9wZW4gU1RESU4sXFxcIjwmWFxcXCI7b3BlbiBTVERPVVQsXFxcIj4mWFxcXCI7b3BlbiBTVERFUlIsXFxcIj4mWFxcXCI7ZXhlYyhcXFwiL2Jpbi9zaCAtaVxcXCIpOyI=\n', 'all of them', ' Webshells Auto-generated - file nstview.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(697, 'HYTop_DevPack_upload', 'JHMwID0gIjwhLS0gUGFnZVVwbG9hZCBCZWxvdyAtLT4i\n', 'all of them', ' Webshells Auto-generated - file upload.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(698, 'PasswordReminder', 'JHMzID0gIlRoZSBlbmNvZGVkIHBhc3N3b3JkIGlzIGZvdW5kIGF0IDB4JTguOGx4IGFuZCBoYXMgYSBsZW5ndGggb2YgJWQuIg==\n', 'all of them', ' Webshells Auto-generated - file PasswordReminder.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(699, 'Pack_InjectT', 'JHMzID0gImFpbCBUbyBPcGVuIFJlZ2lzdHJ5Ig==\nJHM0ID0gIjMyZkRzc2lnbmltIg==\nJHM1ID0gInZpZGUgSW50ZXJuZXQgUyI=\nJHM2ID0gImRdU29mdHdhcmVcXE0i\nJHM3ID0gIlRJbmplY3QuRGxsIg==\n', 'all of them', ' Webshells Auto-generated - file InjectT.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(700, 'FSO_s_RemExp_2', 'JHMyID0gIiBUaGVuIFJlc3BvbnNlLldyaXRlIFwiIg==\nJHMzID0gIjxhIGhyZWY9IFwiPCU9UmVxdWVzdC5TZXJ2ZXJWYXJpYWJsZXMoXCJzY3JpcHRfbmFtZVwiKSU+Ig==\n', 'all of them', ' Webshells Auto-generated - file RemExp.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(701, 'FSO_s_c99', 'JHMyID0gIlwidHh0XCIsXCJjb25mXCIsXCJiYXRcIixcInNoXCIsXCJqc1wiLFwiYmFrXCIsXCJkb2NcIixcImxvZ1wiLFwic2ZjXCIsXCJjZmdcIixcImh0YWNjZSI=\n', 'all of them', ' Webshells Auto-generated - file c99.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(702, 'rknt_zip_Folder_RkNT', 'JHMwID0gIlBhdGhTdHJpcFBhdGhBIg==\nJHMxID0gImBjTEdldCFBZGRyJSI=\nJHMyID0gIiRJbmZvOiBUaGlzIGZpbGUgaXMgcGFja2VkIHdpdGggdGhlIFVQWCBleGVjdXRhYmxlIHBhY2tlciBodHRwOi8vdXB4LnRzeC5vcmcgJCI=\nJHMzID0gIm9RVG9PZW1CdWZmKiA8PSI=\nJHM0ID0gImlvbkNkdW5Bc3dbVXMnIg==\nJHM2ID0gIkNyZWF0ZVByb2Nlc3NXOiAlUyI=\nJHM3ID0gIkltYWdlRGlyZWN0b3J5RW50cnlUb0RhdGEi\n', 'all of them', ' Webshells Auto-generated - file RkNT.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(703, 'dbgntboot', 'JHMyID0gIm5vdyBET1MgaXMgd29ya2luZyBhdCBtb2RlICVkLGZha2V0eXBlICVkLGFnYWluc3QgJXMsaGFzIHdvcmtlZCAlZCBtaW51dGVzLGJ5IHNwIg==\nJHMzID0gInN0aCBqdW5rIHRoZSBNJCBXaW5kMHdaIHJldHVyIg==\n', 'all of them', ' Webshells Auto-generated - file dbgntboot.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(705, 'hxdef100', 'JHMwID0gIlJ0bEFuc2lTdHJpbmdUb1VuaWNvZGVTdHJpbmci\nJHM4ID0gIlNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXFNhZmVCb290XFwi\nJHM5ID0gIlxcXFwuXFxtYWlsc2xvdFxcaHhkZWYtcmsxMDBzQUJDREVGR0gi\n', 'all of them', ' Webshells Auto-generated - file hxdef100.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(706, 'rdrbs100', 'JHMzID0gIlNlcnZlciBhZGRyZXNzIG11c3QgYmUgSVAgaW4gQS5CLkMuRCBmb3JtYXQuIg==\nJHM0ID0gIiBtYXBwZWQgcG9ydHMgaW4gdGhlIGxpc3QuIEN1cnJlbnRseSAi\n', 'all of them', ' Webshells Auto-generated - file rdrbs100.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(707, 'Mithril_Mithril', 'JHMwID0gIk9wZW5Qcm9jZXNzIGVycm9yISI=\nJHMxID0gIldyaXRlUHJvY2Vzc01lbW9yeSBlcnJvciEi\nJHM0ID0gIkdldFByb2NBZGRyZXNzIGVycm9yISI=\nJHM1ID0gIkhIdGBISHRcXCI=\nJHM2ID0gIkNtYXVkaTAi\nJHM3ID0gIkNyZWF0ZVJlbW90ZVRocmVhZCBlcnJvciEi\nJHM4ID0gIktlcm5lbDMyIg==\nJHM5ID0gIlZpcnR1YWxBbGxvY0V4IGVycm9yISI=\n', 'all of them', ' Webshells Auto-generated - file Mithril.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(708, 'hxdef100_2', 'JHMwID0gIlxcXFwuXFxtYWlsc2xvdFxcaHhkZWYtcmtjMDAwIg==\nJHMyID0gIlNoYXJlZCBDb21wb25lbnRzXFxPbiBBY2Nlc3MgU2Nhbm5lclxcQmVoYXZpb3VyQmxvIg==\nJHM2ID0gIlNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXENvbnRyb2xcXFNhZmVCb290XFwi\n', 'all of them', ' Webshells Auto-generated - file hxdef100.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(709, 'Release_dllTest', 'JHMwID0gIjs7O1k7YDtkO2g7bDtwO3Q7eDt8OyI=\nJHMxID0gIjAgMCYwMDA2MEswUjBYMGYwbDBxMHcwIg==\nJHMyID0gIjogOiQ6KDosOjA6NDo4OkQ6YD1kPSI=\nJHMzID0gIjRANVA1VDVcXDVUN1xcN2Q3bDd0N3w3Ig==\nJHM0ID0gIjEsMTIxPjFDMUsxUTFYMV4xZTFrMXMxeTEi\nJHM1ID0gIjkgOSQ5KDksOVA5WDlcXDlgOWQ5aDlsOXA5dDl4OXw5Ig==\nJHM2ID0gIjApME8wXFwwYTBvMFwiMUUxUDFxMSI=\nJHM3ID0gIjwuPEk8ZDxoPGw8cDx0PHg8fDwi\nJHM4ID0gIjMmMzEzODM+M0YzUTNYM2AzZjN3M3wzIg==\nJHM5ID0gIjhAO0Q7SDtMO1A7VDtYO1xcO2E7OT1XPXo9Ig==\n', 'all of them', ' Webshells Auto-generated - file dllTest.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(710, 'webadmin', 'JHMwID0gIjxpbnB1dCBuYW1lPVxcXCJlZGl0ZmlsZW5hbWVcXFwiIHR5cGU9XFxcInRleHRcXFwiIGNsYXNzPVxcXCJzdHlsZTFcXFwiIHZhbHVlPSdcIi4kdGhpcy0+aW5wdSI=\n', 'all of them', ' Webshells Auto-generated - file webadmin.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(711, 'commands', 'JHMxID0gIklmIENoZWNrUmVjb3JkKFwiU0VMRUNUIENPVU5UKElEKSBGUk9NIFZpY3RpbURldGFpbCBXSEVSRSBWaWN0aW1JRCA9IFwiICYgVmljdGltSUQi\nJHMyID0gInByb3h5QXJyID0gQXJyYXkgKFwiSFRUUF9YX0ZPUldBUkRFRF9GT1JcIixcIkhUVFBfVklBXCIsXCJIVFRQX0NBQ0hFX0NPTlRST0xcIixcIkhUVFBfRiI=\n', 'all of them', ' Webshells Auto-generated - file commands.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(712, 'hkdoordll', 'JHM2ID0gIkNhbid0IHVuaW5zdGFsbCxtYXliZSB0aGUgYmFja2Rvb3IgaXMgbm90IGluc3RhbGxlZCBvcix0aGUgUGFzc3dvcmQgeW91IElOUFVUIGlzIg==\n', 'all of them', ' Webshells Auto-generated - file hkdoordll.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(713, 'r57shell_2', 'JHMyID0gImVjaG8gXCI8YnI+XCIud3MoMikuXCJIREQgRnJlZSA6IDxiPlwiLnZpZXdfc2l6ZSgkZnJlZSkuXCI8L2I+IEhERCBUb3RhbCA6IDxiPlwiLnZpZXdfIg==\n', 'all of them', ' Webshells Auto-generated - file r57shell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(714, 'Mithril_v1_45_dllTest', 'JHMzID0gInN5c3BhdGgi\nJHM0ID0gIlxcTWl0aHJpbCI=\nJHM1ID0gIi0tbGlzdCB0aGUgc2VydmljZXMgaW4gdGhlIGNvbXB1dGVyIg==\n', 'all of them', ' Webshells Auto-generated - file dllTest.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(715, 'dbgiis6cli', 'JHMwID0gIlVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDUuMDE7IFdpbmRvd3MgTlQgNS4wKSI=\nJHM1ID0gIiMjI2NvbW1hbmQ6KE5PIG1vcmUgdGhhbiAxMDAgYnl0ZXMhKSI=\n', 'all of them', ' Webshells Auto-generated - file dbgiis6cli.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(716, 'remview_2003_04_22', 'JHMxID0gIlwiPGI+XCIubW0oXCJFdmFsIFBIUCBjb2RlXCIpLlwiPC9iPiAoXCIubW0oXCJkb24ndCB0eXBlXCIpLlwiIFxcXCImbHQ7P1xcXCIi\n', 'all of them', ' Webshells Auto-generated - file remview_2003_04_22.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(717, 'FSO_s_test', 'JHMwID0gIiR5YXppID0gXCJ0ZXN0XCIgLiBcIlxcclxcblwiOyI=\nJHMyID0gImZ3cml0ZSAoJGZwLCBcIiR5YXppXCIpOyI=\n', 'all of them', ' Webshells Auto-generated - file test.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(718, 'Debug_cress', 'JHMwID0gIlxcTWl0aHJpbCAi\nJHM0ID0gIk1pdGhyaWwuZXhlIg==\n', 'all of them', ' Webshells Auto-generated - file cress.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(719, 'webshell', 'JHMwID0gIlJoVmlSWU96eiI=\nJHMxID0gImRcXE8haldXIg==\nJHMyID0gImJjIWpXVyI=\nJHMzID0gIjBXWyZ7bCI=\nJHM0ID0gIltJTmhRQFxcIg==\n', 'all of them', ' Webshells Auto-generated - file webshell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(720, 'FSO_s_EFSO_2', 'JHMwID0gIjshKy9EUmtuRDcrLlxcbURyQyhWK2tjSnpubmRtXFxmfG56S3VKYidyQCEmMEtVWUAqSmJAI0AmWGxcImRLVmNKXFxDc2xVLCksQCEwS3hEfm1LViI=\nJHM0ID0gIlxcY28hVlYyQ0R0U0onRSojQCNAJm1LeC9EUDE0bE0vbll7SkM4MU4rNkx0YkwzXmhVV2E7TS9PRS1BWFhcImJ+L2ZBcyF1Jjl8SlxcZ3JLcFwiaiI=\n', 'all of them', ' Webshells Auto-generated - file EFSO_2.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(721, 'thelast_index3', 'JHM1ID0gIiRlcnIgPSBcIjxpPllvdXIgTmFtZTwvaT4gTm90IEVudGVyZWQhPC9mb250PjwvaDI+U29ycnksIFxcXCJZb3VyIE5hbWVcXFwiIGZpZWxkIGlzIHIi\n', 'all of them', ' Webshells Auto-generated - file index3.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(722, 'adjustcr', 'JHMwID0gIiRJbmZvOiBUaGlzIGZpbGUgaXMgcGFja2VkIHdpdGggdGhlIFVQWCBleGVjdXRhYmxlIHBhY2tlciAkIg==\nJHMyID0gIiRMaWNlbnNlOiBOUlYgZm9yIFVQWCBpcyBkaXN0cmlidXRlZCB1bmRlciBzcGVjaWFsIGxpY2Vuc2UgJCI=\nJHM2ID0gIkFkanVzdENSIENhcnIi\nJHM3ID0gIklPTlxcU3lzdGVtXFxGbG9hdGluZ1BvIg==\n', 'all of them', ' Webshells Auto-generated - file adjustcr.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(723, 'FeliksPack3___PHP_Shells_xIShell', 'JHMzID0gImlmICghJG5peCkgeyAkeGlkID0gaW1wbG9kZShleHBsb2RlKFwiXFxcXFwiLCR4aWQpLFwiXFxcXFxcXFxcIik7fWVjaG8gKFwiPHRkPjxhIGhyZWY9J0phdmEi\n', 'all of them', ' Webshells Auto-generated - file xIShell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(724, 'HYTop_AppPack_2005', 'JHM2ID0gIlwiIG9uY2xpY2s9XCJ0aGlzLmZvcm0uc3FsU3RyLnZhbHVlPSdlOlxcaHl0b3AubWRiIg==\n', 'all of them', ' Webshells Auto-generated - file 2005.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(725, 'xssshell', 'JHMxID0gImlmKCAhZ2V0UmVxdWVzdChDT01NQU5EU19VUkwgKyBcIj92PVwiICsgVklDVElNICsgXCImcj1cIiArIGdlbmVyYXRlSUQoKSwgXCJwdXNoQ29tbWEi\n', 'all of them', ' Webshells Auto-generated - file xssshell.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(726, 'FeliksPack3___PHP_Shells_usr', 'JHMwID0gIjw/cGhwICRpZF9pbmZvID0gYXJyYXkoJ25vdGlmeScgPT4gJ29mZicsJ3N1YicgPT4gJ2Fhc2QnLCdzX25hbWUnID0+ICdudXJ1bGxhaG9yIg==\n', 'all of them', ' Webshells Auto-generated - file usr.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(727, 'FSO_s_phpinj', 'JHM0ID0gImVjaG8gJzxhIGhyZWY9Jy4kZXhwdXJsLic+IENsaWNrIEhlcmUgdG8gRXhwbG9pdCA8L2E+IDxiciAvPic7Ig==\n', 'all of them', ' Webshells Auto-generated - file phpinj.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(728, 'xssshell_db', 'JHM4ID0gIicvLyBCeSBGZXJydWggTWF2aXR1bmEgfCBodHRwOi8vZmVycnVoLm1hdml0dW5hLmNvbSI=\n', 'all of them', ' Webshells Auto-generated - file db.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(729, 'PHP_sh', 'JHMxID0gIlwiQCRTRVJWRVJfTkFNRSBcIi5leGVjKFwicHdkXCIpIg==\n', 'all of them', ' Webshells Auto-generated - file sh.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(730, 'xssshell_default', 'JHMzID0gIklmIFByb3h5RGF0YSA8PiBcIlwiIFRoZW4gUHJveHlEYXRhID0gUmVwbGFjZShQcm94eURhdGEsIERBVEFfU0VQRVJBVE9SLCBcIjxiciAvPlwiKSI=\n', 'all of them', ' Webshells Auto-generated - file default.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(731, 'EditServer_Webshell_2', 'JHMwID0gIkBIT1RNQUlMLkNPTSI=\nJHMxID0gIlByZXNzIEFueSBLZSI=\nJHMzID0gImdsaXNoIE1lbnVaIg==\n', 'all of them', ' Webshells Auto-generated - file EditServer.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(732, 'by064cli', 'JHM3ID0gInBhY2tldCBkcm9wcGVkLHJlZGlyZWN0aW5nIg==\nJHM5ID0gImlucHV0IHRoZSBwYXNzd29yZCh0aGUgZGVmYXVsdCBvbmUgaXMgJ2J5Jyki\n', 'all of them', ' Webshells Auto-generated - file by064cli.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(733, 'Mithril_dllTest', 'JHMwID0gInBsZWFzZSBlbnRlciB0aGUgcGFzc3dvcmQ6Ig==\nJHMzID0gIlxcZGxsVGVzdC5wZGIi\n', 'all of them', ' Webshells Auto-generated - file dllTest.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(734, 'peek_a_boo', 'JHMwID0gIl9fdmJhSHJlc3VsdENoZWNrT2JqIg==\nJHMxID0gIlxcVkJcXFZCNS5PTEIi\nJHMyID0gImNhcEdldERyaXZlckRlc2NyaXB0aW9uQSI=\nJHMzID0gIl9fdmJhRXhjZXB0SGFuZGxlciI=\nJHM0ID0gIkVWRU5UX1NJTktfUmVsZWFzZSI=\nJHM4ID0gIl9fdmJhRXJyb3JPdmVyZmxvdyI=\n', 'all of them', ' Webshells Auto-generated - file peek-a-boo.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(735, 'fmlibraryv3', 'JHMzID0gIkV4ZU5ld1JzLkNvbW1hbmRUZXh0ID0gXCJVUERBVEUgXCIgJiB0YWJsZW5hbWUgJiBcIiBTRVQgXCIgJiBFeGVOZXdSc1ZhbHVlcyAmIFwiIFdIRVIi\n', 'all of them', ' Webshells Auto-generated - file fmlibraryv3.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(736, 'Debug_dllTest_2', 'JHM0ID0gIlxcRGVidWdcXGRsbFRlc3QucGRiIg==\nJHM1ID0gIi0tbGlzdCB0aGUgc2VydmljZXMgaW4gdGhlIGNvbXB1dGVyIg==\n', 'all of them', ' Webshells Auto-generated - file dllTest.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(737, 'connector', 'JHMyID0gIklmICggQXR0YWNrSUQgPSBCUk9BRENBU1RfQVRUQUNLICki\nJHM0ID0gIkFkZCBVTklRVUUgSUQgZm9yIHZpY3RpbXMgLyB6b21iaWVzIg==\n', 'all of them', ' Webshells Auto-generated - file connector.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(738, 'shelltools_g0t_root_HideRun', 'JHMwID0gIlVzYWdlIC0tIGhpZGVydW4gW0FwcE5hbWVdIg==\nJHM3ID0gIlBWQVggU1csIEFsZXhleSBBLiBQb3BvZmYsIE1vc2NvdywgMTk5Ny4i\n', 'all of them', ' Webshells Auto-generated - file HideRun.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(739, 'regshell', 'JHMwID0gIkNoYW5nZXMgdGhlIGJhc2UgaGl2ZSB0byBIS0VZX0NVUlJFTlRfVVNFUi4i\nJHM0ID0gIkRpc3BsYXlzIGEgbGlzdCBvZiB2YWx1ZXMgYW5kIHN1Yi1rZXlzIGluIGEgcmVnaXN0cnkgSGl2ZS4i\nJHM1ID0gIkVudGVyIGEgbWVudSBzZWxlY3Rpb24gbnVtYmVyICgxIC0gMykgb3IgOTkgdG8gRXhpdDogIg==\n', 'all of them', ' Webshells Auto-generated - file regshell.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(740, 'PHP_Shell_v1_7', 'JHM4ID0gIjx0aXRsZT5bQURESVRJTkFMIFRJVFRMRV0tcGhwU2hlbGwgYnk6W1lPVVJOQU1FXSI=\n', 'all of them', ' Webshells Auto-generated - file PHP_Shell_v1.7.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(741, 'xssshell_save', 'JHM0ID0gIlJhd0NvbW1hbmQgPSBDb21tYW5kICYgQ09NTUFORF9TRVBFUkFUT1IgJiBQYXJhbSAmIENPTU1BTkRfU0VQRVJBVE9SICYgQXR0YWNrSUQi\nJHM1ID0gIlZpY3RpbUlEID0gZm1fTlN0cihWaWN0aW1zKGkpKSI=\n', 'all of them', ' Webshells Auto-generated - file save.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(742, 'screencap', 'JHMwID0gIkdldERJQkNvbG9yVGFibGUi\nJHMxID0gIlNjcmVlbi5ibXAi\nJHMyID0gIkNyZWF0ZURDQSI=\n', 'all of them', ' Webshells Auto-generated - file screencap.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(743, 'FSO_s_phpinj_2', 'JHM5ID0gIjw/IHN5c3RlbShcXCRfR0VUW2NwY10pO2V4aXQ7ID8+JyAsMCAsMCAsMCAsMCBJTlRPIg==\n', 'all of them', ' Webshells Auto-generated - file phpinj.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(744, 'ZXshell2_0_rar_Folder_zxrecv', 'JHMwID0gIlJ5Rmx1c2hCdWZmIg==\nJHMxID0gInRlVG9XaWRlQ2hhcl5GaVlQIg==\nJHMyID0gIm1kZXNjKzhGIEQi\nJHMzID0gIlxcdm9uNzZzdGQi\nJHM0ID0gIjVwdXIrdmlydHVsIg==\nJHM1ID0gIi0gS2FibHRvIGlvIg==\nJHM2ID0gImFjI2Z7bG93aThhIg==\n', 'all of them', ' Webshells Auto-generated - file zxrecv.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(745, 'FSO_s_ajan', 'JHM0ID0gImVudHJpa2Eud3JpdGUgXCJCaW5hcnlTdHJlYW0uU2F2ZVRvRmlsZSI=\n', 'all of them', ' Webshells Auto-generated - file ajan.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(746, 'c99shell', 'JHMwID0gIjxiciAvPklucHV0Jm5ic3A7VVJMOiZuYnNwOyZsdDtpbnB1dCZuYnNwO25hbWU9XFxcInVwbG9hZHVybFxcXCImbmJzcDt0eXBlPVxcXCJ0ZXh0XFxcIiYi\n', 'all of them', ' Webshells Auto-generated - file c99shell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(747, 'phpspy_2005_full', 'JHM3ID0gImVjaG8gXCIgIDx0ZCBhbGlnbj1cXFwiY2VudGVyXFxcIiBub3dyYXAgdmFsaWduPVxcXCJ0b3BcXFwiPjxhIGhyZWY9XFxcIj9kb3duZmlsZT1cIi51cmxlbmNvIg==\n', 'all of them', ' Webshells Auto-generated - file phpspy_2005_full.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(748, 'FSO_s_zehir4_2', 'JHM0ID0gIlwiUHJvZ3JhbSBGaWxlc1xcU2Vydi11XFxTZXJ2Ig==\n', 'all of them', ' Webshells Auto-generated - file zehir4.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(749, 'httpdoor', 'JHM0ID0gIicnJycnJycnJycnJycnJycnJ0RhSktIUGFtIg==\nJHM1ID0gIm8sV2lkZUNoYXJSXSFuXSI=\nJHM2ID0gIkhBdXRvQ29tcGxldGUi\nJHM3ID0gIjw/eG1sIHZlcnNpb249XCIxLjBcIiBlbmNvZGluZz1cIlVURi04XCIgc3RhbmRhbG9uZT1cInllc1wiPz4gPGFzc2VtYmx5IHhtbG5zPVwidXJuOnNjaCI=\n', 'all of them', ' Webshells Auto-generated - file httpdoor.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(750, 'FSO_s_indexer_2', 'JHM1ID0gIjx0ZD5OZXJkZW4gOjx0ZD48aW5wdXQgdHlwZT1cInRleHRcIiBuYW1lPVwibmVyZGVuXCIgc2l6ZT0yNSB2YWx1ZT1pbmRleC5odG1sPjwvdGQ+Ig==\n', 'all of them', ' Webshells Auto-generated - file indexer.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(751, 'HYTop_DevPack_2005', 'JHM3ID0gInRoZUhyZWY9ZW5jb2RlRm9yVXJsKG1pZChyZXBsYWNlKGxjYXNlKGxpc3QucGF0aCksbGNhc2Uoc2VydmVyLm1hcFBhdGgoXCIvXCIpKSxcIlwiKSI=\nJHM4ID0gInNjcm9sbGJhci1kYXJrc2hhZG93LWNvbG9yOiM5QzlDRDM7Ig==\nJHM5ID0gInNjcm9sbGJhci1mYWNlLWNvbG9yOiNFNEU0RjM7Ig==\n', 'all of them', ' Webshells Auto-generated - file 2005.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(752, '_root_040_zip_Folder_deploy', 'JHM1ID0gImhhbG9uIHN5bnNjYW4gMTI3LjAuMC4xIDEtNjU1MzYi\nJHM4ID0gIk9idmlvdXNseSB5b3UgcmVwbGFjZSB0aGUgaXAgYWRkcmVzcyB3aXRoIHRoYXQgb2YgdGhlIHRhcmdldC4i\n', 'all of them', ' Webshells Auto-generated - file deploy.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(753, 'by063cli', 'JHMyID0gIiNwb3Btc2doZWxsbyxhcmUgeW91IGFsbCByaWdodD8i\nJHM0ID0gImNvbm5lY3QgZmFpbGVkLGNoZWNrIHlvdXIgbmV0d29yayBhbmQgcmVtb3RlIGlwLiI=\n', 'all of them', ' Webshells Auto-generated - file by063cli.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(755, 'FSO_s_EFSO_2_2', 'JHMwID0gIjshKy9EUmtuRDcrLlxcbURyQyhWK2tjSnpubmRtXFxmfG56S3VKYidyQCEmMEtVWUAqSmJAI0AmWGxcImRLVmNKXFxDc2xVLCksQCEwS3hEfm1LViI=\nJHM0ID0gIlxcY28hVlYyQ0R0U0onRSojQCNAJm1LeC9EUDE0bE0vbll7SkM4MU4rNkx0YkwzXmhVV2E7TS9PRS1BWFhcImJ+L2ZBcyF1Jjl8SlxcZ3JLcFwiaiI=\n', 'all of them', ' Webshells Auto-generated - file EFSO_2.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(756, 'byshell063_ntboot_2', 'JHM2ID0gIk9LLGpvYiB3YXMgZG9uZSxjdXogd2UgaGF2ZSBsb2NhbHN5c3RlbSAmIFNFX0RFQlVHX05BTUU6KSI=\n', 'all of them', ' Webshells Auto-generated - file ntboot.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(757, 'u_uay', 'JHMxID0gImV4ZWMgXCJjOlxcV0lORE9XU1xcU3lzdGVtMzJcXGZyZWVjZWxsLmV4ZSI=\nJHM5ID0gIlNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXFNlcnZpY2VzXFx1YXkuc3lzXFxTZWN1cml0eSI=\n', '1 of them', ' Webshells Auto-generated - file uay.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(758, 'bin_wuaus', 'JHMxID0gIjkoOTA5ODlAOVY5XjlmOW45djki\nJHMyID0gIjooOiw6MDo0Ojg6QzpIOk46VDpZOl86ZTpvOnk6Ig==\nJHMzID0gIjsoPUA9Rz1PPVQ9WD1cXD0i\nJHM0ID0gIlRDUCBTZW5kIEVycm9yISEi\nJHM1ID0gIjFcIjE7MVgxXjFlMW0xdzF+MSI=\nJHM4ID0gIj0kPSk9Lz08PVk9Xz1qPXA9ej0i\n', 'all of them', ' Webshells Auto-generated - file wuaus.dll', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(759, 'pwreveal', 'JHMwID0gIio8QmxhbmsgLSBubyBlcyI=\nJHMzID0gIkpEaWFtb25kQ1MgIg==\nJHM4ID0gInN3b3JkIHNldD4gW0xlaXRoPTAgYnl0ZXNdIg==\nJHM5ID0gIklPTlxcU3lzdGVtXFxGbG9hdGluZy0i\n', 'all of them', ' Webshells Auto-generated - file pwreveal.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(760, 'shelltools_g0t_root_xwhois', 'JHMxID0gInJ0aW5nISAi\nJHMyID0gImFUeXBDb2coIg==\nJHM1ID0gIkRpYW1vbmQi\nJHM2ID0gInIpcj1yUXJlcnlyIg==\n', 'all of them', ' Webshells Auto-generated - file xwhois.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(761, 'vanquish_2', 'JHMyID0gIlZhbnF1aXNoIC0gRExMIGluamVjdGlvbiBmYWlsZWQ6Ig==\n', 'all of them', ' Webshells Auto-generated - file vanquish.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(762, 'down_rar_Folder_down', 'JHMwID0gInJlc3BvbnNlLndyaXRlIFwiPGZvbnQgY29sb3I9Ymx1ZSBzaXplPTI+TmV0QmlvcyBOYW1lOiBcXFxcXCIgICYgU25ldC5Db21wdXRlck5hbWUgJiI=\n', 'all of them', ' Webshells Auto-generated - file down.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(763, 'cmdShell', 'JHMxID0gImlmIGNtZFBhdGg9XCJ3c2NyaXB0U2hlbGxcIiB0aGVuIg==\n', 'all of them', ' Webshells Auto-generated - file cmdShell.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(764, 'ZXshell2_0_rar_Folder_nc', 'JHMwID0gIldTT0NLMzIuZGxsIg==\nJHMxID0gIj9iU1VOS05PV05WIg==\nJHM3ID0gInBAZ3JhbSBKbTZoKSI=\nJHM4ID0gInNlcjMyLmRsbENPTkZQQCI=\n', 'all of them', ' Webshells Auto-generated - file nc.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(765, 'portlessinst', 'JHMyID0gIkZhaWwgVG8gT3BlbiBSZWdpc3RyeSI=\nJHMzID0gImY8LVdMRWdnRHJcIiI=\nJHM2ID0gIm9NZW1vcnlDcmVhdGVQIg==\n', 'all of them', ' Webshells Auto-generated - file portlessinst.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(766, 'SetupBDoor', 'JHMxID0gIlxcQkRvb3JcXFNldHVwQkRvb3Ii\n', 'all of them', ' Webshells Auto-generated - file SetupBDoor.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(767, 'phpshell_3', 'JHMzID0gIjxpbnB1dCBuYW1lPVwic3VibWl0X2J0blwiIHR5cGU9XCJzdWJtaXRcIiB2YWx1ZT1cIkV4ZWN1dGUgQ29tbWFuZFwiPjwvcD4i\nJHM1ID0gIiAgICAgIGVjaG8gXCI8b3B0aW9uIHZhbHVlPVxcXCIkd29ya19kaXJcXFwiIHNlbGVjdGVkPkN1cnJlbnQgRGlyZWN0b3J5PC9vcHRpb24+XFxuXCI7Ig==\n', 'all of them', ' Webshells Auto-generated - file phpshell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(768, 'BIN_Server', 'JHMwID0gImNvbmZpZ3NlcnZlciI=\nJHMxID0gIkdldExvZ2ljYWxEcml2ZXMi\nJHMyID0gIldpbkV4ZWMi\nJHM0ID0gImZ4ZnRlc3Qi\nJHM1ID0gInVwZmlsZW9rIg==\nJHM3ID0gInVwZmlsZWVyIg==\n', 'all of them', ' Webshells Auto-generated - file Server.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(769, 'HYTop2006_rar_Folder_2006', 'JHM2ID0gInN0ckJhY2tEb29yID0gc3RyQmFja0Rvb3IgIg==\n', 'all of them', ' Webshells Auto-generated - file 2006.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(770, 'r57shell_3', 'JHMxID0gIjxiPlwiLiRfUE9TVFsnY21kJ10i\n', 'all of them', ' Webshells Auto-generated - file r57shell.php', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(771, 'HDConfig', 'JHMwID0gIkFuIGVuY3J5cHRpb24ga2V5IGlzIGRlcml2ZWQgZnJvbSB0aGUgcGFzc3dvcmQgaGFzaC4gIg==\nJHMzID0gIkEgaGFzaCBvYmplY3QgaGFzIGJlZW4gY3JlYXRlZC4gIg==\nJHM0ID0gIkVycm9yIGR1cmluZyBDcnlwdENyZWF0ZUhhc2ghIg==\nJHM1ID0gIkEgbmV3IGtleSBjb250YWluZXIgaGFzIGJlZW4gY3JlYXRlZC4i\nJHM2ID0gIlRoZSBwYXNzd29yZCBoYXMgYmVlbiBhZGRlZCB0byB0aGUgaGFzaC4gIg==\n', 'all of them', ' Webshells Auto-generated - file HDConfig.exe', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(772, 'FSO_s_ajan_2', 'JHMyID0gIlwiU2V0IFdzaFNoZWxsID0gQ3JlYXRlT2JqZWN0KFwiXCJXU2NyaXB0LlNoZWxsXCJcIiki\nJHMzID0gIi9maWxlLnppcCI=\n', 'all of them', ' Webshells Auto-generated - file ajan.asp', ' Yara Bulk Rule Generator by Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(773, 'Webshell_and_Exploit_CN_APT_HK', 'JGEwID0gIjxzY3JpcHQgbGFuZ3VhZ2U9amF2YXNjcmlwdCBzcmM9aHR0cDovL2phdmEtc2UuY29tL28uanM8L3NjcmlwdD4i\nJHMwID0gIjxzcGFuIHN0eWxlPVwiZm9udDoxMXB4IFZlcmRhbmE7XCI+UGFzc3dvcmQ6IDwvc3Bhbj48aW5wdXQgbmFtZT1cInBhc3N3b3JkXCIgdHlwZT1cInBhc3N3b3JkXCIgc2l6ZT1cIjIwXCI+Ig==\nJHMxID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgbmFtZT1cImRvaW5nXCIgdmFsdWU9XCJsb2dpblwiPiI=\n', '$a0 or ( all of ($s*) )', ' Webshell and Exploit Code in relation with APT against Honk Kong protesters', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(774, 'JSP_Browser_APT_webshell', 'JGExYSA9ICJwcml2YXRlIHN0YXRpYyBmaW5hbCBTdHJpbmdbXSBDT01NQU5EX0lOVEVSUFJFVEVSID0ge1wiIg==\nJGExYiA9ICJjbWRcIiwgXCIvQ1wifTsgLy8gRG9zLFdpbmRvd3Mi\nJGEyID0gIlByb2Nlc3MgbHNfcHJvYyA9IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMoY29tbSwgbnVsbCwgbmV3IEZpbGUoZGlyKSk7Ig==\nJGEzID0gInJldC5hcHBlbmQoXCIhISEhIFByb2Nlc3MgaGFzIHRpbWVkIG91dCwgZGVzdHJveWVkICEhISEhXCIpOyI=\n', 'all of them', ' VonLoesch JSP Browser used as web shell by APT groups - jsp File browser 1.1a', ' F.Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(775, 'JSP_jfigueiredo_APT_webshell', 'JGExID0gIlN0cmluZyBmaGlkZGVuID0gbmV3IFN0cmluZyhCYXNlNjQuZW5jb2RlQmFzZTY0KHBhdGguZ2V0Qnl0ZXMoKSkpOyI=\nJGEyID0gIjxmb3JtIGlkPVwidXBsb2FkXCIgbmFtZT1cInVwbG9hZFwiIGFjdGlvbj1cIlNlcnZGTVVwbG9hZFwiIG1ldGhvZD1cIlBPU1RcIiBlbmN0eXBlPVwibXVsdGlwYXJ0L2Zvcm0tZGF0YVwiPiI=\n', 'all of them', ' JSP Browser used as web shell by APT groups - author: jfigueiredo', ' F.Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(776, 'JSP_jfigueiredo_APT_webshell_2', 'JGExID0gIjxkaXYgaWQ9XCJia29yb3RhdG9yXCI+PGltZyBhbHQ9XCJcIiBzcmM9XCJpbWFnZXMvcm90YXRvci8xLmpwZ1wiPjwvZGl2PiI=\nJGEyID0gIiQoXCIjZGlhbG9nXCIpLmRpYWxvZyhcImRlc3Ryb3lcIik7Ig==\nJHMxID0gIjxmb3JtIGlkPVwiZm9ybVwiIGFjdGlvbj1cIlNlcnZGTVVwbG9hZFwiIG1ldGhvZD1cInBvc3RcIiBlbmN0eXBlPVwibXVsdGlwYXJ0L2Zvcm0tZGF0YVwiPiI=\nJHMyID0gIjxpbnB1dCB0eXBlPVwiaGlkZGVuXCIgaWQ9XCJmaGlkZGVuXCIgbmFtZT1cImZoaWRkZW5cIiB2YWx1ZT1cIkwzQmtaaTg9XCIgLz4i\n', 'all of ($a*) or all of ($s*)', ' JSP Browser used as web shell by APT groups - author: jfigueiredo', ' F.Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(777, 'AJAX_FileUpload_webshell', 'JGExID0gInZhciBmcmFtZUlkID0gJ2pVcGxvYWRGcmFtZScgKyBpZDsi\nJGEyID0gInZhciBmb3JtID0galF1ZXJ5KCc8Zm9ybSAgYWN0aW9uPVwiXCIgbWV0aG9kPVwiUE9TVFwiIG5hbWU9XCInICsgZm9ybUlkICsgJ1wiIGlkPVwiJyArIGZvcm1JZCArICdcIiBlbmN0eXBlPVwibXVsdGlwYXJ0L2Zvcm0tZGF0YVwiPjwvZm9ybT4nKTsi\nJGEzID0gImpRdWVyeShcIjxkaXY+XCIpLmh0bWwoZGF0YSkuZXZhbFNjcmlwdHMoKTsi\n', 'all of them', ' AJAX JS/CSS components providing web shell by APT groups', ' F.Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(778, 'Webshell_Insomnia', 'JHMwID0gIlJlc3BvbnNlLldyaXRlKFwiLSBGYWlsZWQgdG8gY3JlYXRlIG5hbWVkIHBpcGU6XCIpOyI=\nJHMxID0gIlJlc3BvbnNlLk91dHB1dC5Xcml0ZShcIisgU2VuZGluZyB7MH08YnI+XCIsIGNvbW1hbmQpOyI=\nJHMyID0gIlN0cmluZyBjb21tYW5kID0gXCJleGVjIG1hc3Rlci4ueHBfY21kc2hlbGwgJ2RpciA+IFxcXFxcXFxcMTI3LjAuMC4xIg==\nJHMzID0gIlJlc3BvbnNlLldyaXRlKFwiLSBFcnJvciBHZXR0aW5nIFVzZXIgSW5mbzxicj5cIik7Ig==\nJHM0ID0gInN0cmluZyBscENvbW1hbmRMaW5lLCByZWYgU0VDVVJJVFlfQVRUUklCVVRFUyBscFByb2Nlc3NBdHRyaWJ1dGVzLCI=\nJHM1ID0gIltEbGxJbXBvcnQoXCJBZHZhcGkzMi5kbGxcIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldIg==\nJHM5ID0gInVzZXJuYW1lID0gRHVtcEFjY291bnRTaWQodG9rVXNlci5Vc2VyLlNpZCk7Ig==\nJHMxNCA9ICIvL1Jlc3BvbnNlLk91dHB1dC5Xcml0ZShcIk9wZW5lZCBwcm9jZXNzIFBJRDogezB9IDogezF9PGJyPlwiLCBwIg==\n', '3 of them', ' Insomnia Webshell - file InsomniaShell.aspx', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(779, 'HawkEye_PHP_Panel', 'JHMwID0gIiRmbmFtZSA9ICRfR0VUWydmbmFtZSddOyI=\nJHMxID0gIiRkYXRhID0gJF9HRVRbJ2RhdGEnXTsi\nJHMyID0gInVubGluaygkZm5hbWUpOyI=\nJHMzID0gImVjaG8gXCJTdWNjZXNzXCI7Ig==\n', 'all of ($s*) and filesize < 600', ' Detects HawkEye Keyloggers PHP Panel', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(780, 'SoakSoak_Infected_Wordpress', 'JHMwID0gIndwX2VucXVldWVfc2NyaXB0KFwic3dmb2JqZWN0XCIpOyI=\nJHMxID0gImZ1bmN0aW9uIEZ1bmNRdWV1ZU9iamVjdCgpIg==\nJHMyID0gImFkZF9hY3Rpb24oXCJ3cF9lbnF1ZXVlX3NjcmlwdHNcIiwgJ0Z1bmNRdWV1ZU9iamVjdCcpOyI=\n', 'all of ($s*)', ' Detects a SoakSoak infected Wordpress site http://goo.gl/1GzWUX', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(781, 'Pastebin_Webshell', 'JHMwID0gImZpbGVfZ2V0X2NvbnRlbnRzKFwiaHR0cDovL3Bhc3RlYmluLmNvbSI=\nJHMxID0gInhjdXJsKCdodHRwOi8vcGFzdGViaW4uY29tL2Rvd25sb2FkLnBocCI=\nJHMyID0gInhjdXJsKCdodHRwOi8vcGFzdGViaW4uY29tL3Jhdy5waHAi\nJHgwID0gImlmKCRjb250ZW50KXt1bmxpbmsoJ2V2ZXgucGhwJyk7Ig==\nJHgxID0gIiRmaDIgPSBmb3BlbihcImV2ZXgucGhwXCIsICdhJyk7Ig==\nJHkwID0gImZpbGVfcHV0X2NvbnRlbnRzKCRwdGgi\nJHkxID0gImVjaG8gXCI8bG9naW5fb2s+Ig==\nJHkyID0gInN0cl9yZXBsYWNlKCcqIEBwYWNrYWdlIFdvcmRwcmVzcycsJHRlbXAi\n', '1 of ($s*) or all of ($x*) or all of ($y*)', ' Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(783, 'Webshell_27_9_c66_c99', 'JHM0ID0gImlmICghZW1wdHkoJHVuc2V0X3N1cmwpKSB7c2V0Y29va2llKFwiYzk5c2hfc3VybFwiKTsgJHN1cmwgPSBcIlwiO30i\nJHM2ID0gIkBleHRyYWN0KCRfUkVRVUVTVFtcImM5OXNoY29va1wiXSk7Ig==\nJHM3ID0gImlmICghZnVuY3Rpb25fZXhpc3RzKFwiYzk5X2J1ZmZfcHJlcGFyZVwiKSki\n', 'filesize < 685KB and 1 of them', ' Detects Webshell - rule generated from from files 27.9.txt, c66.php, c99-shadows-mod.php, c99.php ...', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(784, 'Webshell_acid_AntiSecShell_3', 'JHMwID0gImVjaG8gXCI8b3B0aW9uIHZhbHVlPWRlbGV0ZVwiLigkZHNwYWN0ID09IFwiZGVsZXRlXCI/XCIgc2VsZWN0ZWRcIjpcIlwiKS5cIj5EZWxldGU8L29wdGlvbj5cIjsi\nJHMxID0gImlmICghaXNfcmVhZGFibGUoJG8pKSB7cmV0dXJuIFwiPGZvbnQgY29sb3I9cmVkPlwiLnZpZXdfcGVybXMoZmlsZXBlcm1zKCRvKSkuXCI8L2ZvbnQ+XCI7fSI=\n', 'filesize < 900KB and all of them', ' Detects Webshell Acid', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(785, 'Webshell_c99_4', 'JHMxID0gImRpc3BsYXlzZWNpbmZvKFwiTGlzdCBvZiBBdHRyaWJ1dGVzXCIsbXlzaGVsbGV4ZWMoXCJsc2F0dHIgLWFcIikpOyI=\nJHMyID0gImRpc3BsYXlzZWNpbmZvKFwiUkFNXCIsbXlzaGVsbGV4ZWMoXCJmcmVlIC1tXCIpKTsi\nJHMzID0gImRpc3BsYXlzZWNpbmZvKFwiV2hlcmUgaXMgcGVybD9cIixteXNoZWxsZXhlYyhcIndoZXJlaXMgcGVybFwiKSk7Ig==\nJHM0ID0gIiRyZXQgPSBteXNoZWxsZXhlYygkaGFuZGxlcik7Ig==\nJHM1ID0gImlmIChwb3NpeF9raWxsKCRwaWQsJHNpZykpIHtlY2hvIFwiT0suXCI7fSI=\n', 'filesize < 900KB and 1 of them', ' Detects C99 Webshell', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(786, 'Webshell_r57shell_2', 'JHMxID0gIiRjb25uZWN0aW9uID0gQGZ0cF9jb25uZWN0KCRmdHBfc2VydmVyLCRmdHBfcG9ydCwxMCk7Ig==\nJHMyID0gImVjaG8gJGxhbmdbJGxhbmd1YWdlLidfdGV4dDk4J10uJHN1Yy5cIlxcclxcblwiOyI=\n', 'filesize < 900KB and all of them', ' Detects Webshell R57', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(787, 'Webshell_27_9_acid_c99_locus7s', 'JHMwID0gIiRibGFoID0gZXgoJHAyLlwiIC90bXAvYmFjayBcIi4kX1BPU1RbJ2JhY2tjb25uZWN0aXAnXS5cIiBcIi4kX1BPU1RbJ2JhY2tjb25uZWN0cG9ydCddLlwiICZcIik7Ig==\nJHMxID0gIiRfUE9TVFsnYmFja2Njb25ubXNnZSddPVwiPC9icj48L2JyPjxiPjxmb250IGNvbG9yPXJlZCBzaXplPTM+RXJyb3I6PC9mb250PiBDYW4ndCBiYWNrZG9vciBob3N0ITwvYj5cIjsi\n', 'filesize < 1711KB and 1 of them', ' Detects Webshell - rule generated from from files 27.9.txt, acid.php, c99_locus7s.txt', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(788, 'Webshell_Backdoor_PHP_Agent_r57_mod_bizzz_shell_r57', 'JHMxID0gIiRfUE9TVFsnY21kJ10gPSB3aGljaCgnIg==\nJHMyID0gIiRibGFoID0gZXgoIg==\n', 'filesize < 600KB and all of them', ' Detects Webshell - rule generated from from files Backdoor.PHP.Agent.php, r57.mod-bizzz.shell.txt ...', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(789, 'Webshell_c100', 'JHMwID0gIjxPUFRJT04gVkFMVUU9XCJ3Z2V0IGh0dHA6Ly9mdHAucG93ZXJuZXQuY29tLnRyL3N1cGVybWFpbC9kZWJ1Zy9rM1wiPktlcm5lbCBhdHRhY2sgKEtyYWQuYykgUFQxIChJZiB3Z2V0IGluc3RhbGxlZCki\nJHMxID0gIjxjZW50ZXI+S2VybmVsIEluZm86IDxmb3JtIG5hbWU9XCJmb3JtMVwiIG1ldGhvZD1cInBvc3RcIiBhY3Rpb249XCJodHRwOi8vZ29vZ2xlLmNvbS9zZWFyY2hcIj4i\nJHMzID0gImN1dCAtZDogLWYxLDIsMyAvZXRjL3Bhc3N3ZCB8IGdyZXAgOjoi\nJHM0ID0gIndoaWNoIHdnZXQgY3VybCB3M20gbHlueCI=\nJHM2ID0gIm5ldHN0YXQgLWF0dXAgfCBncmVwIElTVCI=\n', 'filesize < 685KB and 2 of them', ' Detects Webshell - rule generated from from files c100 v. 777shell', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(790, 'Webshell_AcidPoison', 'JHMxID0gImVsc2VpZiAoIGVuYWJsZWQoXCJleGVjXCIpICkgeyBleGVjKCRjbWQsJG8pOyAkb3V0cHV0ID0gam9pbihcIlxcclxcblwiLCRvKTsgfSI=\n', 'filesize < 550KB and all of them', ' Detects Poison Sh3ll - Webshell', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(791, 'Webshell_acid_FaTaLisTiCz_Fx_fx_p0isoN_sh3ll_x0rg_byp4ss_256', 'JHMwID0gIjxmb3JtIG1ldGhvZD1cIlBPU1RcIj48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hY3QgdmFsdWU9XCJsc1wiPiI=\nJHMyID0gImZvcmVhY2goJHF1aWNrbGF1bmNoMiBhcyAkaXRlbSkgeyI=\n', 'filesize < 882KB and all of them', ' Detects Webshell - rule generated from from files acid.php, FaTaLisTiCz_Fx.txt, fx.txt, p0isoN.sh3ll.txt, x0rg.byp4ss.txt', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(792, 'Webshell_zehir', 'JHMxID0gImZvciAoaT0xOyBpPD1mcm1VcGxvYWQubWF4LnZhbHVlOyBpKyspIHN0cis9J0ZpbGUgJytpKyc6IDxpbnB1dCB0eXBlPWZpbGUgbmFtZT1maWxlJytpKyc+PGJyPic7Ig==\nJHMyID0gImlmIChmcm1VcGxvYWQubWF4LnZhbHVlPD0wKSBmcm1VcGxvYWQubWF4LnZhbHVlPTE7Ig==\n', 'filesize < 200KB and 1 of them', ' Detects Webshell - rule generated from from files elmaliseker.asp, zehir.asp, zehir.txt, zehir4.asp, zehir4.txt', ' Florian Roth', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(793, 'chinese_spam_spreader', 'JGEgPSAiVXNlci1BZ2VudDogYVEwTzAxME8i\nJGIgPSAiPGZvbnQgY29sb3I9J3JlZCc+PGI+Q29ubmVjdGlvbiBFcnJvciE8L2I+PC9mb250PiI=\n', 'all of them', ' Catches chinese PHP spam files (autospreaders)', ' Vlad https://github.com/vlad-s', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(794, 'chinese_spam_echoer', 'JGEgPSAic2V0X3RpbWVfbGltaXQoMCki\nJGIgPSAiZGF0ZV9kZWZhdWx0X3RpbWV6b25lX3NldCgnUFJDJyk7Ig==\nJGMgPSAiJENvbnRlbnRfbWI7Ig==\nJGQgPSAiL2luZGV4LnBocD9ob3N0PSI=\n', 'all of them', ' Catches chinese PHP spam files (printers)', ' Vlad https://github.com/vlad-s', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(795, 'fire2013', 'JGEgPSAiZXZhbChcIlxceDY1XFx4NzZcXHg2MVxceDZDXFx4MjhcXHg2N1xceDdBXFx4NjlcXHg2RVxceDY2XFx4NkNcXHg2MSI=\nJGIgPSAieWMwQ0pZYitPLy9YZ2o5L3krVS9kZC8vdmtmJ1xceDI5XFx4MjlcXHgyOVxceDNCXCIpIg==\n', 'all of them', ' Catches a webshell', ' Vlad https://github.com/vlad-s', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(797, 'moose', 'JHMwID0gIlN0YXR1czogT0si\nJHMxID0gIi0tc2NyeXB0Ig==\nJHMyID0gInN0cmF0dW0rdGNwOi8vIg==\nJHMzID0gImNtZC5zbyI=\nJHM0ID0gIi9DaGFsbGVuZ2Ui\nJHM3ID0gInByb2Nlc3NvciI=\nJHM5ID0gImNwdSBtb2RlbCI=\nJHMyMSA9ICJwYXNzd29yZCBpcyB3cm9uZyI=\nJHMyMiA9ICJwYXNzd29yZDoi\nJHMyMyA9ICJ1dGhlbnRpY2F0aW9uIGZhaWxlZCI=\nJHMyNCA9ICJzaCI=\nJHMyNSA9ICJwcyI=\nJHMyNiA9ICJlY2hvIC1uIC1lICI=\nJHMyNyA9ICJjaG1vZCI=\nJHMyOCA9ICJlbGFuMiI=\nJHMyOSA9ICJlbGFuMyI=\nJHMzMCA9ICJjaG1vZDogbm90IGZvdW5kIg==\nJHMzMSA9ICJjYXQgL3Byb2MvY3B1aW5mbyI=\nJHMzMiA9ICIvcHJvYy8lcy9jbWRsaW5lIg==\nJHMzMyA9ICJraWxsICVzIg==\n', 'is_elf and all of them', ' Linux/Moose malware', ' Thomas Dupuy', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(798, 'ELF_Linux_Torte', 'JHMwID0gIk1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgZW4tVVM7IHJ2OjEuNy42KSI=\nJHMxID0gIk1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgemgtQ047IHJ2OjEuNy42KSI=\nJHMyID0gIj9zZXNzZD0i\nJHMzID0gIiZzZXNzYz0i\nJHM0ID0gIiZzZXNzaz0i\nJHM1ID0gIjNhMDhmZTdiOGM0ZGE2ZWQwOWYyMWMzZWY5N2VmY2UyIg==\nJHM2ID0gIkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8i\nJHM3ID0gIl9aTjExQ1RocmVhZFBvb2wxMGdldEJhdGNoZXNFUlN0NnZlY3RvcklTdDRwYWlySVNzaUVTYUlTMl9FRSI=\nJHM4ID0gIl9aTlNzNF9SZXAxMF9NX2Rlc3Ryb3lFUktTYUljRUBAR0xJQkNYWF8zLjQi\nJHM5ID0gIl9aTlN0NnZlY3RvckltU2FJbUVFMTNfTV9pbnNlcnRfYXV4RU45X19nbnVfY3h4MTdfX25vcm1hbF9pdGVyYXRvcklQbVMxX0VFUkttIg==\nJHMxMCA9ICJfWk5TdDZ2ZWN0b3JJU3Q0cGFpcklTc2lFU2FJUzFfRUUxM19NX2luc2VydF9hdXhFTjlfX2dudV9jeHgxN19fbm9ybWFsX2l0ZXJhdG9ySVBTMV9TM19FRVJLUzFfIg==\nJHMxMSA9ICJfWlN0MjBfX3Rocm93X291dF9vZl9yYW5nZVBLY0BAR0xJQkNYWF8zLjQi\n', 'is_elf and all of ($s*)', ' Detects ELF Linux/Torte infection', ' @mmorenog,@yararules', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(799, 'ELF_Linux_Torte_domains', 'JDEgPSAicGFnZXMudG91Y2hwYWR6LmNvbSI=\nJDIgPSAiYmF0LnRvdWNocGFkei5jb20i\nJDMgPSAic3RhdC50b3VjaHBhZHouY29tIg==\nJDQgPSAic2syLnRvdWNocGFkei5jb20i\n', 'any of them', ' Detects ELF Linux/Torte infection', ' @mmorenog,@yararules', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(800, 'dump_sales_quote_payment', 'c3RyaW5nczogJCA9ICIuLi8uLi8uLi8uLi8uLi8uLi9hcHAvTWFnZS5waHAnOyBNYWdlOjphcHAoKTsgdmFyX2R1bXAoTWFnZTo6Z2V0TW9kZWwoJ3NhbGVzL29yZGVyJyki\nc3RyaW5nczogJCA9ICJyVWw2UXR0VkVQNWVxZjl1c3hmSmpnb092ZE5XRlNHb0hEZ2x1ays0T053WFFOYkduaVFMdHRmeXJna0I4ZDki\nc3RyaW5nczogJCA9ICJiYXNlNjRfZGVjb2RlKCdiMjVsY0dGblpYeG5ZMTloWkcxcGJnPT0nKSI=\nJCA9ICJETkVjSGRRYld0WFUzZFNNREExVm1aMWMyOVdVVkZYZFVoUFQweFliMGszWkRKeVdtRlZabEY1WTBaRWVIVjRLMkZuVm1ZME9VdGpiemhuYzAi\nJCA9ICJVM2hrVFZWaWJTdDJNVGd5UmpZMFZtWmxRV28zZDFWbGFGSlZOVk5uU0daVVZVaEtaWGRFYkd4SlVUbFhXV2xxV1N0MGNFdGFjVVpPU1hGNGMi\nJCA9ICJyYjJKSGFUSlZkVVJNTmxoUVoxWmxUR1ZqVm5Gb2JWZG5NazVuYkRsdmJFZEJRVlpLUnpKMVdtWlVTamRWT1dOd1dVUlpZbFowTDFCdE5DdCI=\nJCA9ICJldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUIg==\nJCA9ICJldmFsKCR1bmRlY29kZSgkdG9uZ2ppKSki\nJCA9ICJldmFsKCRfUE9TVCI=\nJCA9ICI8c3Ryb25nPld3Vy5ab25lLU9yZzwvc3Ryb25nPiI=\nJCA9ICJlY2hvIGV2YWwodXJsZGVjb2RlKCI=\nc3RyaW5nczogJCA9ICIkZGV6ID0gJHB3ZGRpci5cIi9cIi4kcmVhbDtjb3B5KCR1cGxvYWRlZCwgJGRleik7Ig==\nc3RyaW5nczogJCA9ICJAJF8oJF9SRVFVRVNUWyci\nc3RyaW5nczogJCA9ICJldmFsKHh4dGVhX2RlY3J5cHQi\nc3RyaW5nczogJCA9ICIqKiBTY2FtIFJlZGlyZWN0b3Ii\nLy8gc3RyaW5nczogJCA9ICIkb29vb28wMG9vMDAwMG9vMCI=\nc3RyaW5nczogJCA9ICJjdXJsX2Nsb3NlKCRjdSk7ZXZhbCgkbyk7fTtkaWUoKTsi\nJHBocCA9ICI8P3BocCI=\nc3RyaW5nczogJCA9ICJmb3BlbihcImNhY2hlLnBocFwiLCBcIncrXCIpIg==\nc3RyaW5nczogJCA9ICIwQjZLVnVhN0QyU0xDTkROMlJXMU9SbWhaUldzL3NwX3RpbGFuZy5qcyI=\nc3RyaW5nczogJCA9ICJpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7ZWNobyAnPGI+dXAhISE8L2I+PGJyPjxicj4nO319Ig==\nc3RyaW5nczogJCA9ICJlY2hvIFwiSW5kb1hwbG9pdCAtIEF1dG8gWHBsb2l0ZXJcIiI=\nc3RyaW5nczogJCA9ICJldmFsKGJhc2U2NF9kZWNvZGUoJGEpKTsi\nJCA9ICJcIi8uKi9lXCIi\nc3RyaW5nczogJCA9ICIocHJlZ19tYXRjaCgnL1xcL2FkbWluXFwvQ21zX1d5c2l3eWdcXC9kaXJlY3RpdmVcXC9pbmRleFxcLy8nLCAkX1NFUlZFUlsnUkVRVUVTVF9VUkknXSkpIg==\nc3RyaW5nczogJCA9ICJldmFsKGd6aW5mbGF0ZShiYXNlNjRfZGVjb2RlKHN0cl9yb3QxMyhzdHJyZXYoIg==\nc3RyaW5nczogJCA9ICJhdHRyaWJ1dGVfY29kZT0weDcwNjE3MzczNzc2ZjcyNjQ1ZjY4NjE3MzY4Ig==\nc3RyaW5nczogJCA9ICIpKXVubGluaygnLi4vbWVkaWEvY2F0YWxvZy9jYXRlZ29yeS8nLmJhc2VuYW1lKCQi\nc3RyaW5nczogJCA9ICJpZihpc3NldCgkX0dFVFsnZG8nXSkpeyRnMD0nYWRtaW5odG1sL2RlZmF1bHQvZGVmYXVsdC9pbWFnZXMnIg==\nJCA9ICJzdHJpcG9zKCRidWYsICdWaXNib3QnKSE9PWZhbHNlICYmIHN0cmlwb3MoJGJ1ZiwgJ1BvbmcnKSE9PWZhbHNlIg==\nJCA9ICJzdHJpcG9zKCRidWYsICdWaXNib3QnKSAhPT0gZmFsc2UgJiYgc3RyaXBvcygkYnVmLCAnUG9uZycpIg==\nJCA9ICI8P1BIUCAvKioqIE1hZ2VudG8qKiBOT1RJQ0UgT0YgTElDRU5TRSoqIFRoaXMgc291cmNlIGZpbGUgaXMgc3ViamVjdCB0byB0aGUgT3BlbiBTb2Z0d2FyZSBMaWNlbnNlIChPU0wgMy4wKSogdGhhdCBpcyBidW5kbGVkIHdpdGggdGhpcyBwYWNrYWdlIGluIHRoZSBmaWxlIExJQ0VOU0UudHh0LiogSXQgaXMgYWxzbyBhdmFpbGFibGUgdGhyb3VnaCB0aGUgd29ybGQtd2lkZS13ZWIgYXQgdGhpcyBVUkw6KiBodHRwOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvb3NsLTMuMC5waHAqKi8kIg==\nJCA9ICIkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10gPT0gJ1Zpc2JvdC8yLjAgKCtodHRwOi8vd3d3LnZpc3ZvLmNvbS9lbi93ZWJtYXN0ZXJzLmpzcDtib3RAdmlzdm8uY29tKSci\nJCA9ICJpZihtZDUoQCRfQ09PS0lFW3F6XSk9PSI=\nJCA9ICIoJF89QCRfUkVRVUVTVFtxXSkuQCRfKCRfUkVRVUVTVFt6XSk7Ig==\nc3RyaW5nczogJCA9ICJAZXZhbChzdHJpcHNsYXNoZXMoJF9SRVFVRVNUW3FdKSk7Ig==\nc3RyaW5nczogJCA9ICIkbG9nX2VudHJ5ID0gc2VyaWFsaXplKCRBUklORk8pIg==\nc3RyaW5nczogJCA9ICJjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUyxodHRwX2J1aWxkX3F1ZXJ5KGFycmF5KCdkYXRhJz0+JGRhdGEsJ3V0bXAnPT4kaWQpKSk7Ig==\nLyogJEdMT0JBTFNbJ3k2MzU4MSddID0gIg==\nc3RyaW5nczogJCA9ICJraWxsYWxsIC05IFwiLmJhc2VuYW1lKFwiL3Vzci9iaW4vaG9zdCI=\nc3RyaW5nczogJCA9ICJtYWdlbnRvcGF0Y2h1cGRhdGUuY29tIg==\nc3RyaW5nczogJCA9ICInYmFzZScuKDEyOC8yKS4nX2RlJy4nY29kZSci\nc3RyaW5nczogJCA9ICJlY2hvKFwiRklMRV9CYWRcIik7Ig==\nc3RyaW5nczogJCA9ICJcXHg2RlxceDZFXFx4NjVcXHg3MFxceDYxXFx4NjdcXHg2NVxceDdDXFx4NjNcXHg2OFxceDY1XFx4NjNcXHg2QlxceDZGXFx4NzVcXHg3NCI=\nc3RyaW5nczogJCA9ICI1ZTkwOHI5NDhxOWU2MDVqOHQ5YjkxNW41bzlmOHI1ZTVkOTY5ZzlkNzk1YjRzNnA4dDloOWY5NzhvOHA4czk1OTA5MzZsNms4ajk2NzA1MjRwNzQ5MDkxNWw1ZjhyOTA4Nzh0OTE3ZjdnOHA4bzhwOGs5YzYwNWk4ZDkzN3Q3bThpOHE4bzhxOTU5aDdwODI4ZTdyOGU3cTdlOG04bzVnNWU5MTk5OTE4bzlnN3E3YzhjOHQ5OTkwNWE1aThsOTQ5ODloN3I3ZzhpOHQ4bTVmNW85MjkxN3E3azlpOWU5NDhjOTE5aDkyNWE1ZDhqOTE1aDYwOHQ4cDh0OWY5MzdiN2s5aTllOTQ4YzkxOWg5MiI=\nc3RyaW5nczogJCA9ICIxMTgsOTcsMTE0LDMyLDExNSwxMTAsMTAwLDMyLDYxLDExMCwxMTcsMTA4LDEwOCw1OSwxMCwxMCwxMDIsMTE3Ig==\nc3RyaW5nczogJCA9ICJ0X3AjMC5xbGIjMC4jMUJsc2pqIzFAIy4/Iy4/ZHNsYXJnbWwjMC5xcl9wciMwNiMwNyM1QCMuPyMwIg==\nc3RyaW5nczogJCA9ICJcXHgyRlxceDZEXFx4NjVcXHg2NFxceDY5XFx4NjFcXHgyRlxceDYzXFx4NjFcXHg3NFxceDYxXFx4NkNcXHg2RlxceDY3XFx4MkZcXHg3MFxceDcyXFx4NkZcXHg2NFxceDc1XFx4NjNcXHg3NFxceDJGXFx4NjNcXHg2MVxceDYzXFx4NjhcXHg2NVxceDJGXFx4MzFcXHgyRlxceDc0XFx4NjhcXHg3NVxceDZEXFx4NjJcXHg2RVxceDYxXFx4NjlcXHg2Q1xceDJGXFx4MzdcXHgzMFxceDMwXFx4NzhcXHgyRlxceDMyXFx4NjJcXHg2NlxceDM4XFx4NjZcXHgzMlxceDYyXFx4MzhcXHg2NFxceDMwXFx4MzJcXHgzOFxceDYzXFx4NjNcXHg2NVxceDM5XFx4MzZcXHgyRlxceDQyXFx4MkZcXHg1N1xceDJGXFx4NjRcXHg2MVxceDM0XFx4MzFcXHgzOFxceDMwXFx4MzNcXHg2M1xceDYzXFx4MzlcXHgzOFxceDM0XFx4NjJcXHgzOFxceDYzXFx4MkVcXHg3MFxceDY4XFx4NzAi\nc3RyaW5nczogJCA9ICJcXHg2OVxceDcwXFx4MmVcXHgzNVxceDc1XFx4NzVcXHgzOFxceDJlXFx4NjNcXHg2ZlxceDZkIg==\nc3RyaW5nczogJCA9ICImIzk5OyYjMTA4OyYjMTExOyYjMTE3OyYjMTAwOyYjMTAyOyYjMTE3OyYjMTE1OyYjMTA1OyYjMTExOyYjMTEwOyYjNDY7JiMxMDk7JiMxMDE7Ig==\nc3RyaW5nczogJCA9ICJ2YXIgZ3JlbG9zX3Yi\nJCA9ICJpbmZvcHJvbW8uYml6Ig==\nJCA9ICJqcXVlcnktY29kZS5zdSI=\nJCA9ICJqcXVlcnktY3NzLnN1Ig==\nJCA9ICJtZWdhbGl0aC1nYW1lcy5jb20i\nJCA9ICJjZG4tY2xvdWQucHci\nJCA9ICJhbmltYWx6ejkyMS5wdyI=\nJCA9ICJzdGF0c2RvdC5ldSI=\nc3RyaW5nczogJCA9ICJcXHg2RFxceDYxXFx4NjdcXHg2NVxceDJEXFx4NjNcXHg2NFxceDZFXFx4MkVcXHg2Q1xceDY5XFx4NkVcXHg2QiI=\nc3RyaW5nczogJCA9ICJSZWdFeHAoXCJbMC05XXsxMywxNn1cIiki\nc3RyaW5nczogJCA9ICIxMDUsMTAyLDQwLDQwLDExMCwxMDEsMTE5LDMyLDgyLDEwMSwxMDMsNjksMTIwLDExMiw0MCwzOSwxMTEsMTEwLDEwMSwxMTIsOTcsMTAzLDEwMSI=\nc3RyaW5nczogJCA9ICI9b1FLcGt5SjhkQ0swbEdid05uTG40MmJwUlhZajlHYkVORGZ0MTJia0JqTThWMllweDJjOFJuYmw1MmJ3MTJiRGxrVVZWR1p2Tldaa1owTTg1V2F2cEdmc0pYZDhSMVVQQjFOeXdYWnRGbWIwTjNib3gi\nc3RyaW5nczogJCA9ICJ6PXhbJ2xlbmd0aCddO2ZvcihpPTA7aTx6O2krKyl7eSs9U3RyaW5nWydmcm9tQ2hhckNvZGUnXSh4WydjaGFyQ29kZUF0J10oaSktMTApIH13PXRoaXNbJ3VuZXNjYXBlJ10oeSk7dGhpc1snZXZhbCddKHcpOyI=\nc3RyaW5nczogJCA9ICJ0aGlzWydldmFsJ10odGhpc1snYXRvYiddKCci\nc3RyaW5nczogJCA9ICJ0ZHNqcXUhdHNkPiNpdXVxOzAwaHBwaGpmcW1iei9qb2dwMG5iaGZvdXBgaHBwaGpmcW1iei9rdCM/PTB0ZHNqcXU/Ig==\nJCA9ICJvbmVwYWdlfGNoZWNrb3V0fG9uZXN0ZXB8ZmlyZWNoZWNrb3V0fG9uZXN0ZXBjaGVja291dCI=\nJCA9ICInb25lfGNoZWNrJyI=\nc3RyaW5nczogJCA9ICJ8UmVnRXhwfG9uZXBhZ2V8Y2hlY2tvdXR8Ig==\nc3RyaW5nczogJCA9ICJncmVsb3Nfdj0gbnVsbCI=\nZGVzY3JpcHRpb24gPSAiQW5nbGVyIEV4cGxvaXQgS2l0IFJlZGlyZWN0b3Ii\ncmVmID0gImh0dHA6Ly9ibG9nLnhhbmRhLm9yZy8yMDE1LzA4LzI4L3lhcmEtcnVsZS1mb3ItYW5nbGVyLWVrLXJlZGlyZWN0b3ItanMvIg==\nYXV0aG9yID0gImFkbmFuLnNodWtvckBnbWFpbC5jb20i\nZGF0ZSA9ICIwOC1KdWx5LTIwMTUi\naW1wYWN0ID0gIjUi\ndmVyc2lvbiA9ICIxIg==\nJGVrcjEgPSAiPHNjcmlwdD52YXIgZGF0ZSA9IG5ldyBEYXRlKG5ldyBEYXRlKCkuZ2V0VGltZSgpICsgNjAqNjAqMjQqNyoxMDAwKTsi\nJGVrcjIgPSAiZG9jdW1lbnQuY29va2llPVwiUEhQX1NFU1NJT05fUEhQPSI=\nJGVrcjMgPSAicGF0aD0vOyBleHBpcmVzPVwiK2RhdGUudG9VVENTdHJpbmcoKTs8L3NjcmlwdD4i\nJGVrcjQgPSAiPGlmcmFtZSBzcmM9Ig==\nJGVrcjUgPSAiPC9pZnJhbWU+PC9kaXY+Ig==\n', 'all of them', '', ': https://github.com/gwillem', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(801, 'angler_flash', 'JHN0cmluZzAgPSAiKDlPT1NwIg==\nJHN0cmluZzEgPSAiciRnQCAwJ1tBIg==\nJHN0cmluZzIgPSAiO1ItMXFUUCI=\nJHN0cmluZzMgPSAieHdCdFI0Ig==\nJHN0cmluZzQgPSAiWWJWanhwIg==\nJHN0cmluZzUgPSAiZGRnWGtGIg==\nJHN0cmluZzYgPSAiKW4nVVJGIg==\nJHN0cmluZzcgPSAidkF6cUBXIg==\nJHN0cmluZzggPSAick9rWCQ2bTwi\nJHN0cmluZzkgPSAiQEBEQn1xICI=\nJHN0cmluZzEwID0gIlRpS1YnaVYi\nJHN0cmluZzExID0gIjUzOHg7QiI=\nJHN0cmluZzEyID0gIjlwRU17ZCI=\nJHN0cmluZzEzID0gIi5TSXkvTyI=\nJHN0cmluZzE0ID0gIkVSPEd1LCI=\n', '14 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(802, 'angler_flash2', 'JHN0cmluZzAgPSAiNHlPT1VqIg==\nJHN0cmluZzEgPSAiQ1N2STRlIg==\nJHN0cmluZzIgPSAiJ2Z3YUVua0ki\nJHN0cmluZzMgPSAiJ3k0bSVYIg==\nJHN0cmluZzQgPSAiZU9jKWEsIg==\nJHN0cmluZzUgPSAiJzB7UTU8Ig==\nJHN0cmluZzYgPSAiMUJkWDtQIg==\nJHN0cmluZzcgPSAiRCBfSilDIg==\nJHN0cmluZzggPSAiLWVwWi5FIg==\nJHN0cmluZzkgPSAiUXBSa1AuIg==\nJHN0cmluZzEwID0gIjxvL11hdGVsIg==\nJHN0cmluZzExID0gIkBCLixYPCI=\nJHN0cmluZzEyID0gIjVyW2MpVSI=\nJHN0cmluZzEzID0gIjUyUjdGJyI=\nJHN0cmluZzE0ID0gIk5aW0ZWJ1Ai\n', '14 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(803, 'angler_flash4', 'JHN0cmluZzAgPSAiX3U7Y3dEOyI=\nJHN0cmluZzEgPSAibGhOcDc0Ig==\nJHN0cmluZzIgPSAiWTBHUSV2Ig==\nJHN0cmluZzMgPSAicWpxQ2Isbngi\nJHN0cmluZzQgPSAidm57bHtXbCI=\nJHN0cmluZzUgPSAiNWo1ano1Ig==\nJHN0cmluZzYgPSAiYTNFV3doTSI=\nJHN0cmluZzcgPSAiaFZKYi80QXV0Ig==\nJHN0cmluZzggPSAiLGxtNHYsIg==\nJHN0cmluZzkgPSAiLDZNZWtTIg==\nJHN0cmluZzEwID0gIllNLm14ek8i\nJHN0cmluZzExID0gIjs2IC0kRSI=\nJHN0cmluZzEyID0gIlFBJTogZnki\nJHN0cmluZzEzID0gIjxAe3F2UiI=\nJHN0cmluZzE0ID0gImI5JyQnNmwi\nJHN0cmluZzE1ID0gIix4OnBRQC0i\nJHN0cmluZzE2ID0gIjJEeXlyOSI=\n', '16 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(804, 'angler_flash5', 'JHN0cmluZzAgPSAiMGslMnt1Ig==\nJHN0cmluZzEgPSAiXFxQYkAoUiI=\nJHN0cmluZzIgPSAieXMpZFZJIg==\nJHN0cmluZzMgPSAidGs0X3lbIg==\nJHN0cmluZzQgPSAiTE0yR3J4Ig==\nJHN0cmluZzUgPSAibn1zNWZiIg==\nJHN0cmluZzYgPSAialQgTng8aEtPIg==\nJHN0cmluZzcgPSAiNXhMPj59Ig==\nJHN0cmluZzggPSAiUyUsMXtiIg==\nJHN0cmluZzkgPSAiQyczZzdqIg==\nJHN0cmluZzEwID0gIn1nZm9oXSI=\nJHN0cmluZzExID0gIixLRlZRYiI=\nJHN0cmluZzEyID0gIkxBO3tEeCI=\n', '12 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(805, 'angler_flash_uncompressed', 'JHN0cmluZzAgPSAiRGlzcGxheU9iamVjdENvbnRhaW5lciI=\nJHN0cmluZzEgPSAiWHRpbWUyIg==\nJHN0cmluZzIgPSAiKEhNUlRRIg==\nJHN0cmluZzMgPSAiZmxhc2guZXZlbnRzOkV2ZW50RGlzcGF0Y2hlciRmbGFzaC5kaXNwbGF5OkRpc3BsYXlPYmplY3RDb250YWluZXIi\nJHN0cmluZzQgPSAiX2VfLV9fXy1fXyI=\nJHN0cmluZzUgPSAiWnZpSmJmIg==\nJHN0cmluZzYgPSAicmFuZG9tLSI=\nJHN0cmluZzcgPSAiX2VfLV8tXy1fIg==\nJHN0cmluZzggPSAiX2VfLS0tLS0tIg==\nJHN0cmluZzkgPSAiODE3Njc3MTYyIg==\nJHN0cmluZzEwID0gIl9lXy1fXy0i\nJHN0cmluZzExID0gIi1bdk5uWloi\nJHN0cmluZzEyID0gIjU6dW5wYWQ6IEludmFsaWQgcGFkZGluZyB2YWx1ZS4gZXhwZWN0ZWQgWyI=\nJHN0cmluZzEzID0gIndyaXRlQnl0ZS8i\nJHN0cmluZzE0ID0gImVudW1lcmF0ZUZvbnRzIg==\nJHN0cmluZzE1ID0gIl9lXy0tLV9fXyI=\nJHN0cmluZzE2ID0gIl9lXy1fLSI=\nJHN0cmluZzE3ID0gImYoZk9KNCI=\n', '17 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(806, 'angler_html', 'JHN0cmluZzAgPSAiIEE5IDNFIEFGIEQ1IDlBUSBGQSAxNCBCQyBGMiBBMEggRUEgN0ZmSiBBNTggQTMgQjEgQkQgODUgREIgRjMgQjQgQjYgRkIgQjIgQjQgMTQgODIgMTkgODggMjggRDAgRUEgMiI=\nJHN0cmluZzEgPSAiIDJCUyAyNSAyNnAgMjAgM0YgODEgMEUgRDMgOUMgODQgQzcgRUMgQzMgQzQxTSBDNDggRDMgQjVOIDA5IEMyeiA5OCA3QiAwOS4gREYgMDUgNUVRIERGIEEzIEI2IEVFIEQ1ICI=\nJHN0cmluZzIgPSAiOSBBMUZnIEE4IDgzNyA5QSBBOSAwQSAxRCA0MGIwMiBBNVU2IDIybyAxNiBEQyA1RCBGNSBGNSBGQSBCRSBGQiBFRFggRjAgODcgREIgQzkgN0IgRDYgQUMgRjZEIDEwIDFBSiI=\nJHN0cmluZzMgPSAiMjQgQUEgMTcgRkIgQjAgOTZkIERCTiAwNSBFRSBGNiAwRiAyNCBENCBEMCBDMCBFNCA5NiAwMyBBMyAwMyAyMC8gMDQgNDAgREIgOEYgN0ZJIEE2IERDIEY1IDA5IDBGV1YgMSI=\nJHN0cmluZzQgPSAiRnEgQjMgOTQgRTMgM0UgRUZ3IEU2IEFBOSAzQSA1QiA5RTIgRDIgRUMgQUY2IDEwYyA4MyAwRiBERiBCQiBGQnggQUYgQjQgMUJWIDVDIEREIEY4IDlCUiA5N3YgRDBVIDlFRyI=\nJHN0cmluZzUgPSAiMjkgOUIgMDFFIEM4NSA4NiBCMCAwOSBFQyBFMDcgQUZDWSAxOSBFNSAxMSAxQyA5MiBFMiBEQSBBOSA1RCAxOVAgM0EgQkYgQUIgRDYgQjMgM0ZaIEI0IDkyIEZGIEUxIDI3ICI=\nJHN0cmluZzYgPSAiQiBBOSA4OCBCOCBGMCBFQkxkIDhFIDA4IDE4IDExUCBFRSBCRmsgMTUgNUJNIEQ2IEI3IENFaCBBRiA5QyA4RiAwNCA4OSA4OCA1RSBGNiBFRCAxMyA4RU4xcCA4NlZrIEJDICI=\nJHN0cmluZzcgPSAidyBGNCBDOCAxNnBWIDIyIDBBIEJCIEVCIDgzIDdEIEJDIDg5IEI2IEUwNiA4QiAyQSBEQyBFNiA3RCBDRS4gMERoIDE4IDBBOCA1RSA2MCAwQyBCRiBBNCAwME0gMDAgRTMgMyI=\nJHN0cmluZzggPSAiQjcgQzYgRTMgOEUgREMgM0JSIDYwTCA5NGggRDggQUE3azVzIDBEIDdGYiA4QiA4MFAgRTAgMUJQIEVCVCBCNSAwM3pFIEQwbyAyQSBCOTcgMTggRjM5IDdDIDk0IDk5IDExICI=\nJHN0cmluZzkgPSAia1kgMjQgOEUgM0UgOTQgODQgRDIgMDAgMUVCIDE2IEE0IDlDIDI4IDI0IEMxQiBCQiAyMiA3RCA5N2MgRjUgQkEgQUQgQzQgNUMgMjMgNUQgM0QgNUMgQTdkNSAwQyBGNiBFQSI=\nJHN0cmluZzEwID0gIjA4IDAxIDNBIDE1IDNCIEUwIDFBIEUyIDg5IDVCIEEyIEY0IEVEIDg3TyBGOWwgQTk5IDEyNCAyNyBCRiBCQiBBMWMgMkJXIDEyWiAwNyBBQSBEOSA4MSBCNyBBNi01IEUyIEUi\nJHN0cmluZzExID0gIiAxNiBCRiBBNyAwRSAwMCAxNiBCQiA4RkIgQ0JuIEZDIEQ4IDlDIEM3IEVBIEFDIEMycSA4NW4gQTk2SSBEMSA5QiBGQzggQkRsIEI4IDNBamYgN0IgQURIIEZEIDIwIDg4IEYi\nJHN0cmluZzEyID0gIiAgTUwgICAgIg==\nJHN0cmluZzEzID0gIiBBRUogM0IgQzcgQkZ5IEVGIEYwN1ggRDMgQTAgMUUgQjRxIEM0IEJFIDNBIDEwIEU3IEEwIEZFIEQxSmhwIDg5IEEwc2ogMUNXIDA4IEQ1IEY3IEM4IEM2IEQ1SSA4MSBEMiAi\nJHN0cmluZzE0ID0gIkIgMjQgOTAgRUQgQ0VQIEM4IEM5IDlCIEU1IDI1IDA5IEM2Qi0gMkIgM0IgQzcgMjggQzkgQzYyIEVCIEQzIEQ1IEVEIERFIEE4IDdGIEE5bU5zIDg3IDEyIDgyIDAzIEEyIDgi\nJHN0cmluZzE1ID0gIkEgM0EgQTJMIERGYSAxOCAxMVAgMDAgN0YxIEJCYlkgRkEgNUUgMDQgQzQgNUQgODkgRjNTIERBTiBCNSBDQWkgOEQgMEEgQUMgQTggMEEgQUJJIEU2IDFFIDg5IEJCIDA3IEQi\nJHN0cmluZzE2ID0gIkMgQjUgRkQgMEIgRjkgMENoIENFIDAxIDE0IDhEcCBBRiAyNCBFMCBFMyBEOTAgREQgRkYgQjAgMDcgMkFkIDBCIDdEIEIwIEIyIEQ4IEJEIEU2IEE3IENFIEUxIEU0IDNFNSAi\nJHN0cmluZzE3ID0gIjE5IDBDIDg1IDE0ci8gOEMgRjMgODQgMkIgOEMgQ0YgOTAgOTMgRTIgRjZ6byBDMyBENDAgQTYgOTQgMDEgMDJRIDIxRyBBQiBCOSBDRHggOUQgRkIgMjEgMkMgMTAgQzMgM0Mi\nJHN0cmluZzE4ID0gIkZBViBEN3kgQTAgQzdMZDQgMDEgMjIgRUUgQjAgMUVZIEZBQiBCQSBFMCAwMSAyNCAxNWcgQzUgREE2IDE5IEVFc2wgQkYgQzdPIDlGIDhCIEU4IEFGIDkzIEY1MiAwMCAwNiAi\n', '18 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(807, 'angler_html2', 'JHN0cmluZzAgPSAiRSAwNiBFN2kgMUUgOTFxIDlDIEQwSiAxRCA5QiAxNCBFN2cgMUQgREQgRUNLIDIwYyA0MCBDNiAwQyBBRlI1IDNEIDAzIDlFbSBFQyAwQ0IgQzkgQTkgREZ3IEM5IEFEUCA1QiI=\nJHN0cmluZzEgPSAiMTRCYyA1QyAzQnAgQ0IgMkEgMTIgM0QgQTU2IEFBIDE0IDg3IEUzIDgxIDhBIDgwaCAyNyAxQyAzQTQgQ0UgMTIgQUUgRkF5IEYwIDhBIDIxIEI4SSBBRCAxRSBCOSAyQyBEMSI=\nJHN0cmluZzIgPSAiMEogOTUgODMgQ0MgMUMgOTVEIENBRCAxQSBFQSBGMyAwMCBFOSBEQV8gRjIgRUQgM0NNMSBBMCAwMXQgMUIgRUUgMkMgQjZBV0txIEJGIENBWSBGRSBEOCBGMiA3QyA5NiA5MiI=\nJHN0cmluZzMgPSAiQThNVENzbiBDOSBEQnUgRDMgMTAgQTAgRDQgQUMgQTkgOTcgMDZSbiAwMSBEQUsgRUZGTiBBRFAgQUUgMEUgOEZKZCA4RiBEQSBCNiAyNVJPIDE4IDJBIDAwIEVBIEY5IDhCICI=\nJHN0cmluZzQgPSAiQTMgRUIgQzEgQ0UgMUUgQzRvayBDNCAxOSBGMiBBNyAxNyA5RkNveiBCNi0gQzYgMjVKIEJCIDBCIDhDMU9aIEU0IDdCIEFFeiBGNiAwNkEgNUQgQzAgRDcgRTggRkYgREIgRCI=\nJHN0cmluZzUgPSAiIDA3IERFIEEzIEY4IEIwIEIzIDIwViBBNCBCMiBDOCA2MCBCRCBFRUcgOTUgQkIgMDQgMUNrdyBBNCA4MCBFNiAyMyBGMDIgRkEgOUMgOUEgMTRGIEJEQyAxOCBCRSBCRCBCNCI=\nJHN0cmluZzYgPSAiNyBEMSBCOSA5QiBBQyAyQU4gQkEgRDMgMDAgQTkgMUNKM0ogQzBWIDhGIDhFIEZDIEI2cDkgMDAgRTEgMDEgMjFqIEIzIDI3IEZGIEMzIDhFIDJCIDkyIDhCIERFaVVJIEMzICI=\nJHN0cmluZzcgPSAiIDk5IDJDIEFGOSBGOSAzRjUgQTggRjAgMUJVIEM4ZS8gMDBRIEI0IDEwIEREIEJDIDlEIDhBIEJGIEIyIDE3IDhGIEJGZCBEQiBEMSBCNyBFNjYgMjEgOTYgODYgMUUgQjIgMSI=\nJHN0cmluZzggPSAiRTg2IERGOSAyMlRnIEU5MyA5RW0gMjkgMEEgNUIgQjVtIEUyIERDSUYgRDYgRDIgRjVCIENGIEY3WGtSdiBCRSBFQSBBNiBDNSA4MnAgNUUgQjMgQjRhRCBCOSAzQSBFMCAyMiI=\nJHN0cmluZzkgPSAiIDdDIDk1LnEgRDZmIEU4IDFBRSAxNyA4MlQgODQgRjEvTyA4MiBDMnEgQzcgRkUgMDVDIEU0IEU1VyBGNSAwQSBFNGwgMTIgM0JydCA4QSBFMCBFNyBEREogMUYgMUYgQzQgQSI=\nJHN0cmluZzEwID0gIjR0IDkxaUUgQkQgMkMgOTVVIEU5IDFDIEFFIDVCIDVCIEEzIDlEIEIyIEY5IDBCIEI1IDE1UzkgQUIgOUQgOTQgODUgQTYgRjEgQUYgQjYgRkMgQ0F0IDkxaUUgQkQgMkMgOTUi\nJHN0cmluZzExID0gIiAgPC9pbnB1dD4i\nJHN0cmluZzEyID0gIjIgRDEyIDkzIEZEIEFCIDBES0sgQUVOIDQwIERBIDg4IDdCIEZBIDNCIDE4IEVFIDA5IDkyIEVEIEFGIEE4YiAwNyAwMDIgMEEgQTNTIDA0IDI5IEY5IEEzIEVBIEJCIEU5IDci\nJHN0cmluZzEzID0gIjQwIEM2IDBDIEFGUjVFIDE1IDA3IEVFIENCZyBCMyBDNiA2MEcgOTJ0RnQgRDdFIDdEIEYwIEM0IEE4OSAyOSBFQyBCQSBFMSBEOSAzRCAyMyBGMCAwQiBFMG8gM0UyYyBCMyAi\nJHN0cmluZzE0ID0gIjIgQTMuIEEzIEYxIEQ4IEQ0IEE4M0sgOUMgQUV1IEZGIEVBIDAyIEY0IEI4IEEwIEVFIEM5IDdCIDE1IEMxIDA3RCA4MCA3QyAxMCA4NjQgOTYgRTMgQUEgRjggOTliZ3ZlIEQi\nJHN0cmluZzE1ID0gIkMgN0QgREMgMEEgRTkgMEQgQTFrIDg1cyA5RCAyNCA4QyBEMGsgRTEgN0UgM0FIIEUyIDA1MiBEOHEgMTYgRkMgOTYgMEFSIEMwIEVDIDk5SzQgM0YgQkUgRUQgQ0MgREJFIEEi\nJHN0cmluZzE2ID0gIjQwIERBIDg4IDdCIDlFIDFBIEIzIEZBIERFIDkwVSA1QiBCRDZ4IDlBIDBDIDE2MyBBQiBFQSBFRCBCNCBCNSA5OCBBREwgQjcgMDYgRUUgRTV5IEI4IDlCIEM5USAwMCBFOSAi\nJHN0cmluZzE3ID0gIkYgQkZfIEY5IEFDIDVCIENDIDBCMSA3QiA2MCAyMGMgNDAgQzYgMEMgQUZSNSAwQiBDN0QgMDkgOUQgRTMwIDE0IEFDIDAyNyBCMiBCOUIgQTcgMDYgRTN6IERDLSBCMiA2MCAi\nJHN0cmluZzE4ID0gIjAgODAgOTdPaSA4QyA4NSBEMiAxQnAgQ0R2IDExIDA1IEQ0IDI2IEU3IEZDIDNEbE8gQUUgOTYgRDIgMUIgODkgN0MgMTZIIDExIDg2IEQwIEE2IEI5NSBGQyAwMSBDNSA4RSAi\n', '18 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(808, 'angler_jar', 'JHN0cmluZzAgPSAibXlmdHlzYnJ0aCI=\nJHN0cmluZzEgPSAiY2xhc3NQSyI=\nJHN0cmluZzIgPSAiOGFvYWROIg==\nJHN0cmluZzMgPSAiajUvXzxGIg==\nJHN0cmluZzQgPSAiRlhQcmVsb2FkZXIuY2xhc3Mi\nJHN0cmluZzUgPSAiVjR3XFxLLCI=\nJHN0cmluZzYgPSAiV1xcVnIyYSI=\nJHN0cmluZzcgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUYi\nJHN0cmluZzggPSAiTmE4JE5TIg==\nJHN0cmluZzkgPSAiX1lKakInIg==\n', '9 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(809, 'angler_js', 'JHN0cmluZzAgPSAiICAgIDI2NTQ0MzU3NjksICAgQmUi\nJHN0cmluZzEgPSAiREZPTUlxa2EgIg==\nJHN0cmluZzIgPSAiLCAgWnlkciQ+PjE2Ig==\nJHN0cmluZzMgPSAiREZPTUlxa2EoICdPUFBqX3BodVB1aXd6REZvJyki\nJHN0cmluZzQgPSAiVTBCTkpXWjlKMHZNNDNUbmxOWmNXblpqWlNlbFFabGIxSEdUVGxsWlRtMTllbWMwZGxzWUYxM0d2aFFKbVRabWJWTXhhbGxNZGhXVzk0OFlXaSB0ICAgIFAgIGI1MEdXIg==\nJHN0cmluZzUgPSAiICAgIGF1U3Q7Ig==\nJHN0cmluZzYgPSAiIGV2YWwgICAgKE5EYk1GUiAi\nJHN0cmluZzcgPSAialdVd1lEWmhOVnlNSTJUenlrRVlqV2swTURNNU1BJVpRMVREMWdFTXpqICAgICAgICAgMyAgRCAgICAgICAnLCI=\nJHN0cmluZzggPSAiKCdmRScpLnN1YnN0ciAgICAoMiAgICAsICAgIDEgIg==\nJHN0cmluZzkgPSAiLCAgLTEgIg==\nJHN0cmluZzEwID0gIiAgICApICApO1p5ZHIkICBbIDFdIg==\nJHN0cmluZzExID0gIiAxMTtQc0tuQVJQUXVOTlpNUDw5O1BzS25BUlBRdU5OWk1QIg==\nJHN0cmluZzEyID0gIm5ldyAgIEFycmF5ICAoMiksICBZa3oi\nJHN0cmluZzEzID0gIjxzY3JpcHQ+ICI=\nJHN0cmluZzE0ID0gIik7ICAgIENZeGluICI=\nJHN0cmluZzE1ID0gIlp5ZHIkICAgIFsgICAgMV0i\nJHN0cmluZzE2ID0gInZhciB0S1RHVmJ3LGF1U3QsIHZuRWloWSwgZ2Z0aVVJZFYsIFhuSHMsIFVHbE1IRywgS1dscUNLTGZDVjsi\nJHN0cmluZzE3ID0gInJlWEt5UXNvYjFyZVhLeVFzb2IzICI=\n', '17 of them', ' Angler Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(810, 'blackhole2_jar', 'JHN0cmluZzAgPSAiazAvMztOIg==\nJHN0cmluZzEgPSAiZzpXbFkwIg==\nJHN0cmluZzIgPSAiKHd3Nk91Ig==\nJHN0cmluZzMgPSAiU09VR1hbIg==\nJHN0cmluZzQgPSAiN1gyQU5iIg==\nJHN0cmluZzUgPSAicjhMPDt6WUgpIg==\nJHN0cmluZzYgPSAiZmJlYXRiZWEvZmJlYXRiZWUuY2xhc3NQSyI=\nJHN0cmluZzcgPSAiZmJlYXRiZWEvZmJlYXRiZWMuY2xhc3Mi\nJHN0cmluZzggPSAiZmJlYXRiZWEvZmJlYXRiZWYuY2xhc3Mi\nJHN0cmluZzkgPSAiZmJlYXRiZWEvZmJlYXRiZWYuY2xhc3NQSyI=\nJHN0cmluZzEwID0gImZiZWF0YmVhL2ZiZWF0YmVhLmNsYXNzIg==\nJHN0cmluZzExID0gImZiZWF0YmVhL2ZiZWF0YmViLmNsYXNzUEsi\nJHN0cmluZzEyID0gIm5PSmgtMiI=\nJHN0cmluZzEzID0gIlthZjpGciI=\n', '13 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(811, 'blackhole2_jar2', 'JHN0cmluZzAgPSAiNl9PNmQwOSI=\nJHN0cmluZzEgPSAianVxaXJ2cy5jbGFzc1BLIg==\nJHN0cmluZzIgPSAiaHcuY2xhc3NQSyI=\nJHN0cmluZzMgPSAiYS5jbGFzc1BLIg==\nJHN0cmluZzQgPSAidy5jbGFzc3VTXXci\nJHN0cmluZzUgPSAidy5jbGFzc1BLIg==\nJHN0cmluZzYgPSAiWUV9MHZDWiI=\nJHN0cmluZzcgPSAidilRLEZmIg==\nJHN0cmluZzggPSAiJThIJXQoIg==\nJHN0cmluZzkgPSAiaHcuY2xhc3Mi\nJHN0cmluZzEwID0gImEuY2xhc3NtViI=\nJHN0cmluZzExID0gIjJDbmlZRlUi\nJHN0cmluZzEyID0gImp1cWlydnMuY2xhc3Mi\n', '12 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(812, 'blackhole2_jar3', 'JHN0cmluZzAgPSAiNjkvc2pdXW8i\nJHN0cmluZzEgPSAiR0prNU5kIg==\nJHN0cmluZzIgPSAidmNzLmNsYXNzdSI=\nJHN0cmluZzMgPSAiVDxFc3NCIg==\nJHN0cmluZzQgPSAiMXZtUW1RIg==\nJHN0cmluZzUgPSAiS2YxRXdyIg==\nJHN0cmluZzYgPSAiYyRXdXV1S0t1NSI=\nJHN0cmluZzcgPSAibS5jbGFzc1BLIg==\nJHN0cmluZzggPSAiY2hjeWloLmNsYXNzUEsi\nJHN0cmluZzkgPSAiaHcuY2xhc3Mi\nJHN0cmluZzEwID0gImYnOzs7O3si\nJHN0cmluZzExID0gInZjcy5jbGFzc1BLIg==\nJHN0cmluZzEyID0gIlZiaGZfNiI=\n', '12 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(813, 'blackhole2_pdf', 'JHN0cmluZzAgPSAiL1N0cnVjdFRyZWVSb290IDUgMCBSL1R5cGUvQ2F0YWxvZz4+Ig==\nJHN0cmluZzEgPSAiMDAwMDAzNjA5NSAwMDAwMCBuIg==\nJHN0cmluZzIgPSAiaHR0cDovL3d3dy54ZmEub3JnL3NjaGVtYS94ZmEtbG9jYWxlLXNldC8yLjEvIg==\nJHN0cmluZzMgPSAic3ViZm9ybVswXS5JbWFnZUZpZWxkMVswXSkvU3VidHlwZS9XaWRnZXQvVFUoSW1hZ2UgRmllbGQpL1BhcmVudCAyMiAwIFIvRiA0L1AgOCAwIFIvVDxGRUZGMDA0OTAwNkQwMCI=\nJHN0cmluZzQgPSAiMDAwMDAwMDAyNiA2NTUzNSBmIg==\nJHN0cmluZzUgPSAiMDAwMDAyOTAzOSAwMDAwMCBuIg==\nJHN0cmluZzYgPSAiMDAwMDAyOTY5MyAwMDAwMCBuIg==\nJHN0cmluZzcgPSAiJVBERi0xLjYi\nJHN0cmluZzggPSAiMjcgMCBvYmo8PC9TdWJ0eXBlL1R5cGUwL0Rlc2NlbmRhbnRGb250cyAyOCAwIFIvQmFzZUZvbnQvS0xHTllaIg==\nJHN0cmluZzkgPSAiMDAwMDAzNDQyMyAwMDAwMCBuIg==\nJHN0cmluZzEwID0gIjAwMDAwMDAwMTAgNjU1MzUgZiI=\nJHN0cmluZzExID0gIj5zdHJlYW0i\nJHN0cmluZzEyID0gIi9QYWdlcyAyIDAgUiUvU3RydWN0VHJlZVJvb3QgNSAwIFIvVHlwZS9DYXRhbG9nPj4i\nJHN0cmluZzEzID0gIjE5IDAgb2JqPDwvU3VidHlwZS9UeXBlMUMvTGVuZ3RoIDIzMDk0L0ZpbHRlci9GbGF0ZURlY29kZT4+c3RyZWFtIg==\nJHN0cmluZzE0ID0gIjAwMDAwMDM2NTMgMDAwMDAgbiI=\nJHN0cmluZzE1ID0gIjAwMDAwMDAwMjMgNjU1MzUgZiI=\nJHN0cmluZzE2ID0gIjAwMDAwMjgyNTAgMDAwMDAgbiI=\nJHN0cmluZzE3ID0gImljZVJHQj4+Pj4vWFN0ZXAgOS4wL1R5cGUvUGF0dGVybi9UaWxpbmdUeXBlIDIvWVN0ZXAgOS4wL0JCb3hbMCAwIDkgOV0+PnN0cmVhbSI=\nJHN0cmluZzE4ID0gIjw8L1Jvb3QgMSAwIFI+PiI=\n', '18 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(814, 'blackhole1_jar', 'JHN0cmluZzAgPSAiQ3JlYXRlZC1CeTogMS42LjBfMTggKFN1biBNaWNyb3N5c3RlbXMgSW5jLiki\nJHN0cmluZzEgPSAid29ya3BhY2svZGVjb2Rlci5jbGFzc21RXVMi\nJHN0cmluZzIgPSAid29ya3BhY2svZGVjb2Rlci5jbGFzc1BLIg==\nJHN0cmluZzMgPSAid29ya3BhY2svZWRpdG9yLmNsYXNzUEsi\nJHN0cmluZzQgPSAieG1sZWRpdG9yL0dVSS5jbGFzc21PIg==\nJHN0cmluZzUgPSAieG1sZWRpdG9yL0dVSS5jbGFzc1BLIg==\nJHN0cmluZzYgPSAieG1sZWRpdG9yL3BlZXJzLmNsYXNzUEsi\nJHN0cmluZzcgPSAidihTaVNdVCI=\nJHN0cmluZzggPSAiLFIzVGlWIg==\nJHN0cmluZzkgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUZQSyI=\nJHN0cmluZzEwID0gInhtbGVkaXRvci9QSyI=\nJHN0cmluZzExID0gIlpbT2c4byI=\nJHN0cmluZzEyID0gIndvcmtwYWNrL1BLIg==\n', '12 of them', ' BlackHole1 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(815, 'blackhole2_css', 'JHN0cmluZzEgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1jb3VudHJpZXMuZ2lmJyki\nJHN0cmluZzIgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1leHBsb2l0LmdpZicpIg==\nJHN0cmluZzMgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1vc2VzLmdpZicpIg==\nJHN0cmluZzQgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1icm93c2Vycy5naWYnKSI=\nJHN0cmluZzUgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1lZGl0LnBuZycpIg==\nJHN0cmluZzYgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1hZGQucG5nJyki\nJHN0cmluZzcgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1hY2NlcHQucG5nJyki\nJHN0cmluZzggPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1kZWwucG5nJyki\nJHN0cmluZzkgPSAiYmFja2dyb3VuZDp1cmwoJyUlP2E9aW1nJmltZz1zdGF0LmdpZicpIg==\n', '18 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(816, 'blackhole2_htm', 'JHN0cmluZzAgPSAiPmxpbmtzLzwvYT48L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzEgPSAiPjY4NEs8L3RkPjx0ZD4i\nJHN0cmluZzIgPSAiPiAzNks8L3RkPjx0ZD4i\nJHN0cmluZzMgPSAibW92ZV9sb2dzLnBocCI=\nJHN0cmluZzQgPSAiZmlsZXMvIg==\nJHN0cmluZzUgPSAiY3Jvbl91cGRhdGV0b3IucGhwIg==\nJHN0cmluZzYgPSAiPjEyLVNlcC0yMDEyIDIzOjQ1ICA8L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzcgPSAiPiAgLSA8L3RkPjx0ZD4i\nJHN0cmluZzggPSAiY3Jvbl9jaGVjay5waHAi\nJHN0cmluZzkgPSAiLS8vVzNDLy9EVEQgSFRNTCAzLjIgRmluYWwvL0VOIg==\nJHN0cmluZzEwID0gImJoYWRtaW4ucGhwIg==\nJHN0cmluZzExID0gIj4yMS1TZXAtMjAxMiAxNToyNSAgPC90ZD48dGQgYWxpZ24i\nJHN0cmluZzEyID0gIj5kYXRhLzwvYT48L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzEzID0gIj4zLjNLPC90ZD48dGQ+Ig==\nJHN0cmluZzE0ID0gImNyb25fdXBkYXRlLnBocCI=\n', '14 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(817, 'blackhole2_htm10', 'JHN0cmluZzAgPSAiPC9ib2R5PjwvaHRtbD4i\nJHN0cmluZzEgPSAiL2ljb25zL2JhY2suZ2lmIg==\nJHN0cmluZzIgPSAiPjM3M0s8L3RkPjx0ZD4i\nJHN0cmluZzMgPSAiL2ljb25zL3Vua25vd24uZ2lmIg==\nJHN0cmluZzQgPSAiPkxhc3QgbW9kaWZpZWQ8L2E+PC90aD48dGg+PGEgaHJlZiI=\nJHN0cmluZzUgPSAidG1wLmd6Ig==\nJHN0cmluZzYgPSAiPnRtcC5nejwvYT48L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzcgPSAibmJzcDs8L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzggPSAiPC90YWJsZT4i\nJHN0cmluZzkgPSAiPiAgLSA8L3RkPjx0ZD4i\nJHN0cmluZzEwID0gIj5maWxlZmRjN2FhZjRhMzwvYT48L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzExID0gIj4xOS1TZXAtMjAxMiAwNzowNiAgPC90ZD48dGQgYWxpZ24i\nJHN0cmluZzEyID0gIj48aW1nIHNyYyI=\nJHN0cmluZzEzID0gImZpbGUzZmE3YmRkN2RjIg==\nJHN0cmluZzE0ID0gIiAgPHRpdGxlPkluZGV4IG9mIC9maWxlczwvdGl0bGU+Ig==\nJHN0cmluZzE1ID0gIjBkYTQ5ZTA0MmQi\n', '15 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(818, 'blackhole2_htm11', 'JHN0cmluZzAgPSAiPjwvdGg+PHRoPjxhIGhyZWYi\nJHN0cmluZzEgPSAiL2ljb25zL2JhY2suZ2lmIg==\nJHN0cmluZzIgPSAiPkRlc2NyaXB0aW9uPC9hPjwvdGg+PC90cj48dHI+PHRoIGNvbHNwYW4i\nJHN0cmluZzMgPSAibmJzcDs8L3RkPjx0ZCBhbGlnbiI=\nJHN0cmluZzQgPSAibmJzcDs8L3RkPjwvdHI+Ig==\nJHN0cmluZzUgPSAiPiAgLSA8L3RkPjx0ZD4i\nJHN0cmluZzYgPSAiLS8vVzNDLy9EVEQgSFRNTCAzLjIgRmluYWwvL0VOIg==\nJHN0cmluZzcgPSAiPGgxPkluZGV4IG9mIC9kdW1teTwvaDE+Ig==\nJHN0cmluZzggPSAiPlNpemU8L2E+PC90aD48dGg+PGEgaHJlZiI=\nJHN0cmluZzkgPSAiIDwvaGVhZD4i\nJHN0cmluZzEwID0gIi9pY29ucy9ibGFuay5naWYi\nJHN0cmluZzExID0gIj48aHI+PC90aD48L3RyPiI=\n', '11 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(819, 'blackhole2_htm12', 'JHN0cmluZzAgPSAiICA8dGl0bGU+SW5kZXggb2YgL2RhdGE8L3RpdGxlPiI=\nJHN0cmluZzEgPSAiPHRyPjx0aCBjb2xzcGFuIg==\nJHN0cmluZzIgPSAiPC9ib2R5PjwvaHRtbD4i\nJHN0cmluZzMgPSAiPiAyMEs8L3RkPjx0ZD4i\nJHN0cmluZzQgPSAiL2ljb25zL2xheW91dC5naWYi\nJHN0cmluZzUgPSAiIDxib2R5PiI=\nJHN0cmluZzYgPSAiPk5hbWU8L2E+PC90aD48dGg+PGEgaHJlZiI=\nJHN0cmluZzcgPSAiPnNwbi5qYXI8L2E+PC90ZD48dGQgYWxpZ24i\nJHN0cmluZzggPSAiPnNwbjIuamFyPC9hPjwvdGQ+PHRkIGFsaWduIg==\nJHN0cmluZzkgPSAiIDxoZWFkPiI=\nJHN0cmluZzEwID0gIi0vL1czQy8vRFREIEhUTUwgMy4yIEZpbmFsLy9FTiI=\nJHN0cmluZzExID0gIj4gMTBLPC90ZD48dGQ+Ig==\nJHN0cmluZzEyID0gIj43LjlLPC90ZD48dGQ+Ig==\nJHN0cmluZzEzID0gIj5TaXplPC9hPjwvdGg+PHRoPjxhIGhyZWYi\nJHN0cmluZzE0ID0gIj48aHI+PC90aD48L3RyPiI=\n', '14 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(820, 'blackhole2_htm3', 'JHN0cmluZzAgPSAiL2Rvd25sb2FkLnBocCI=\nJHN0cmluZzEgPSAiLi9maWxlcy9mZGM3YWFmNGEzIG1kNSBpcyAzMTY5OTY5ZTkxZjVmZTU0NDY5MDliYmFiNmUxNGQ1ZCI=\nJHN0cmluZzIgPSAiMzIxZTc3NGQ4MWIyYzNhZSI=\nJHN0cmluZzMgPSAiL2ZpbGVzL25ldzAwMDEwLzU1NC0wMDAyLmV4ZSBtZDUgaXMgOGE0OTdjZjRmZmE4YTE3M2E3YWM3NWYwZGUxZjhkOGIi\nJHN0cmluZzQgPSAiLi9maWxlcy8zZmE3YmRkN2RjIG1kNSBpcyA4YTQ5N2NmNGZmYThhMTczYTdhYzc1ZjBkZTFmOGQ4YiI=\nJHN0cmluZzUgPSAiMTYwMzI1NjYzNjUzMDEyMDkxNSBtZDUgaXMgNDI1ZWJkZmNmMDMwNDU5MTdkOTA4NzhkMjY0NzczZDIi\n', '3 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(821, 'blackhole2_htm4', 'JHN0cmluZzAgPSAid29yZHMuZGF0Ig==\nJHN0cmluZzEgPSAiL2ljb25zL2JhY2suZ2lmIg==\nJHN0cmluZzIgPSAiZGF0YS5kYXQi\nJHN0cmluZzMgPSAiZmlsZXMucGhwIg==\nJHN0cmluZzQgPSAianMucGhwIg==\nJHN0cmluZzUgPSAidGVtcGxhdGUucGhwIg==\nJHN0cmluZzYgPSAia2NhcHRjaGEi\nJHN0cmluZzcgPSAiL2ljb25zL2JsYW5rLmdpZiI=\nJHN0cmluZzggPSAiamF2YS5kYXQi\n', '8 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(822, 'blackhole2_htm5', 'JHN0cmluZzAgPSAicnVsZUVkaXQucGhwIg==\nJHN0cmluZzEgPSAiZG9tYWlucy5waHAi\nJHN0cmluZzIgPSAibWVudS5waHAi\nJHN0cmluZzMgPSAiYnJvd3NlcnNfc3RhdC5waHAi\nJHN0cmluZzQgPSAiSW5kZXggb2YgL2xpYnJhcnkvdGVtcGxhdGVzIg==\nJHN0cmluZzUgPSAiL2ljb25zL3Vua25vd24uZ2lmIg==\nJHN0cmluZzYgPSAiYnJvd3NlcnNfYnN0YXQucGhwIg==\nJHN0cmluZzcgPSAib3Nlc19zdGF0LnBocCI=\nJHN0cmluZzggPSAiZXhwbG9pdHNfYnN0YXQucGhwIg==\nJHN0cmluZzkgPSAiYmxvY2tfY29uZmlnLnBocCI=\nJHN0cmluZzEwID0gInRocmVhZHNfYnN0YXQucGhwIg==\nJHN0cmluZzExID0gImJyb3dzZXJzX2JzdGF0LnBocCI=\nJHN0cmluZzEyID0gInNldHRpbmdzLnBocCI=\n', '12 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(823, 'blackhole2_htm6', 'JHN0cmluZzAgPSAidW5pcTEucG5nIg==\nJHN0cmluZzEgPSAiZWRpdC5wbmci\nJHN0cmluZzIgPSAibGVmdC5naWYi\nJHN0cmluZzMgPSAiaW5maW4ucG5nIg==\nJHN0cmluZzQgPSAib3V0ZGVudC5naWYi\nJHN0cmluZzUgPSAiZXhwbG9pdC5naWYi\nJHN0cmluZzYgPSAic2VtX2cucG5nIg==\nJHN0cmluZzcgPSAiSW5kZXggb2YgL2xpYnJhcnkvdGVtcGxhdGVzL2ltZyI=\nJHN0cmluZzggPSAidW5pcTEucG5nIg==\n', '8 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(824, 'blackhole2_htm8', 'JHN0cmluZzAgPSAiPkRlc2NyaXB0aW9uPC9hPjwvdGg+PC90cj48dHI+PHRoIGNvbHNwYW4i\nJHN0cmluZzEgPSAiPk5hbWU8L2E+PC90aD48dGg+PGEgaHJlZiI=\nJHN0cmluZzIgPSAibWFpbi5qcyI=\nJHN0cmluZzMgPSAiZGF0ZXBpY2tlci5qcyI=\nJHN0cmluZzQgPSAiZm9ybS5qcyI=\nJHN0cmluZzUgPSAiPGFkZHJlc3M+QXBhY2hlLzIuMi4xNSAoQ2VudE9TKSBTZXJ2ZXIgYXQgb25saW5lLW1vby12aWlpLm5ldCBQb3J0IDgwPC9hZGRyZXNzPiI=\nJHN0cmluZzYgPSAid3lzaXd5Zy5qcyI=\n', '6 of them', ' BlackHole2 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(825, 'crimepack_jar', 'JHN0cmluZzAgPSAici5KTSxJTSI=\nJHN0cmluZzEgPSAiY3Bhay9DcmltZXBhY2skMS5jbGFzc1BLIg==\nJHN0cmluZzIgPSAiY3Bhay9LQVZTLmNsYXNzUEsi\nJHN0cmluZzMgPSAiY3Bhay9LQVZTLmNsYXNzbVEi\nJHN0cmluZzQgPSAiY3Bhay9DcmltZXBhY2skMS5jbGFzc21QW08i\nJHN0cmluZzUgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUYi\nJHN0cmluZzYgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUZQSyI=\n', '6 of them', ' CrimePack Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(826, 'crimepack_jar3', 'JHN0cmluZzAgPSAicGF5bG9hZC5zZXJQSyI=\nJHN0cmluZzEgPSAidkUvSkRbaiI=\nJHN0cmluZzIgPSAicGF5bG9hZC5zZXJbIg==\nJHN0cmluZzMgPSAiRXhwbG9pdCQyLmNsYXNzUEsi\nJHN0cmluZzQgPSAiRXhwbG9pdCQyLmNsYXNzIg==\nJHN0cmluZzUgPSAiSG8oKGkvIg==\nJHN0cmluZzYgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUYi\nJHN0cmluZzcgPSAiSDU2NDFZayI=\nJHN0cmluZzggPSAiRXhwbG9pdCQxLmNsYXNzUEsi\nJHN0cmluZzkgPSAiUGF5bG9hZGVyLmNsYXNzUEsi\nJHN0cmluZzEwID0gIiVwNiRNQ1Mi\nJHN0cmluZzExID0gIkV4cGxvaXQkMSQxLmNsYXNzUEsi\n', '11 of them', ' CrimePack Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(827, 'eleonore_jar', 'JHN0cmluZzAgPSAici5KTSxJTSI=\nJHN0cmluZzEgPSAiZGV2L3MvRHllc3lhc1ouY2xhc3NQSyI=\nJHN0cmluZzIgPSAiazRralJ2Ig==\nJHN0cmluZzMgPSAiZGV2L3MvTG9hZGVyWC5jbGFzc31WW3Qi\nJHN0cmluZzQgPSAiZGV2L3MvUEsi\nJHN0cmluZzUgPSAiSHN6NiV5Ig==\nJHN0cmluZzYgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUYi\nJHN0cmluZzcgPSAiZGV2L1BLIg==\nJHN0cmluZzggPSAiZGV2L3MvQWRncmVkWS5jbGFzcyI=\nJHN0cmluZzkgPSAiZGV2L3MvRHllc3lhc1ouY2xhc3Mi\nJHN0cmluZzEwID0gImRldi9zL0xvYWRlclguY2xhc3NQSyI=\nJHN0cmluZzExID0gImVTMEw1ZCI=\nJHN0cmluZzEyID0gIjhFezRPTiI=\n', '12 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(828, 'eleonore_jar2', 'JHN0cmluZzAgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUZNYW5pZmVzdC1WZXJzaW9uOiAxLjAi\nJHN0cmluZzEgPSAid1BWdlZ5eiI=\nJHN0cmluZzIgPSAiSmF2YUZYLmNsYXNzIg==\nJHN0cmluZzMgPSAieyVEQCdcXCI=\nJHN0cmluZzQgPSAiSmF2YUZYQ29sb3IuY2xhc3Mi\nJHN0cmluZzUgPSAiYld4RUJJfVki\nJHN0cmluZzYgPSAiJCgyfVVvRCI=\nJHN0cmluZzcgPSAiaiU0bXVSIg==\nJHN0cmluZzggPSAidnFLQlppIg==\nJHN0cmluZzkgPSAibDZnczg7Ig==\nJHN0cmluZzEwID0gIkphdmFGWFRydWVDb2xvci5jbGFzc2VTS28i\nJHN0cmluZzExID0gIlp5WVF4ICI=\nJHN0cmluZzEyID0gIk1FVEEtSU5GLyI=\nJHN0cmluZzEzID0gIkphdmFGWC5jbGFzc1BLIg==\nJHN0cmluZzE0ID0gIjtJZTh7QSI=\n', '14 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(829, 'eleonore_jar3', 'JHN0cmluZzAgPSAiMTZsTllGMlYi\nJHN0cmluZzEgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUZQSyI=\nJHN0cmluZzIgPSAiZ2hzZHIvSmV3cmVkZC5jbGFzc1BLIg==\nJHN0cmluZzMgPSAiZ2hzZHIvR2Vkc3JkYy5jbGFzcyI=\nJHN0cmluZzQgPSAiZVs8bjU1Ig==\nJHN0cmluZzUgPSAiZ2hzZHIvR2Vkc3JkYy5jbGFzc1BLIg==\nJHN0cmluZzYgPSAiTUVUQS1JTkYvIg==\nJHN0cmluZzcgPSAibmF9cHlPIg==\nJHN0cmluZzggPSAiOUExLkZcXCI=\nJHN0cmluZzkgPSAiZ2hzZHIvS29jZXIuY2xhc3Mi\nJHN0cmluZzEwID0gIk1YR1hPOCI=\nJHN0cmluZzExID0gImdoc2RyL0tvY2VyLmNsYXNzUEsi\nJHN0cmluZzEyID0gImdoc2RyL0pld3JlZGQuY2xhc3Mi\n', '12 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(830, 'eleonore_js', 'JHN0cmluZzAgPSAidmFyIGRlIg==\nJHN0cmluZzEgPSAic2Rqa107Ig==\nJHN0cmluZzIgPSAicmV0dXJuIGRmc2hrOyI=\nJHN0cmluZzMgPSAiZnVuY3Rpb24gamtzaGRrKCl7Ig==\nJHN0cmluZzQgPSAiJ3ZhbCc7Ig==\nJHN0cmluZzUgPSAidmFyIHNkamsi\nJHN0cmluZzYgPSAicmV0dXJuIGZzZGprbDsi\nJHN0cmluZzcgPSAiIHdpbmRvd1tkIg==\nJHN0cmluZzggPSAidmFyIGZzZGprbCI=\nJHN0cmluZzkgPSAiZnVuY3Rpb24gamtsc2RqZmsoKSB7Ig==\nJHN0cmluZzEwID0gImZ1bmN0aW9uIHJld2lyeSh5aXlyLGZqa2hkKXsi\nJHN0cmluZzExID0gIiBzZGpkICI=\n', '11 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(831, 'eleonore_js2', 'JHN0cmluZzAgPSAidmFyIGRmc2hrICI=\nJHN0cmluZzEgPSAiYXJyb3dfbmV4dF9kb3duIg==\nJHN0cmluZzIgPSAicmV0dXJuIGV2YWwoJ3lpeXIucmVwbGFjJyI=\nJHN0cmluZzMgPSAiYXJyb3dfbmV4dF9vdmVyIg==\nJHN0cmluZzQgPSAiYXJyb3dfcHJldl9vdmVyIg==\nJHN0cmluZzUgPSAieGNDU1NXZWVrZGF5QmxvY2si\nJHN0cmluZzYgPSAieGNDU1NIZWFkQmxvY2si\nJHN0cmluZzcgPSAieGNDU1NEYXlTcGVjaWFsIg==\nJHN0cmluZzggPSAieGNDU1NEYXki\nJHN0cmluZzkgPSAiIHdpbmRvd1tkZiAi\nJHN0cmluZzEwID0gImRheV9zcGVjaWFsIg==\nJHN0cmluZzExID0gInZhciBkZiI=\nJHN0cmluZzEyID0gImZ1bmN0aW9uIGprbHNkamZrKCkgeyI=\nJHN0cmluZzEzID0gIiBzZGpkICI=\nJHN0cmluZzE0ID0gIidlKC9rbGpmIGhkZmsgc2RmL2csZmpraGQpOycpOyI=\nJHN0cmluZzE1ID0gImFycm93X25leHQi\n', '15 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(832, 'eleonore_js3', 'JHN0cmluZzAgPSAiQG1vemlsbGEub3JnL2ZpbGUvZGlyZWN0b3J5X3NlcnZpY2U7MSI=\nJHN0cmluZzEgPSAidmFyIGV4ZSAi\nJHN0cmluZzIgPSAidmFyIGZpbGUgIg==\nJHN0cmluZzMgPSAiZm9TdHJlYW0ud3JpdGUoZGF0YSwgZGF0YS5sZW5ndGgpOyI=\nJHN0cmluZzQgPSAiICB2YXIgZmlsZV9kYXRhICI=\nJHN0cmluZzUgPSAicmV0dXJuICI=\nJHN0cmluZzYgPSAiIENvbXBvbmVudHMuY2xhc3Nlc1si\nJHN0cmluZzcgPSAidXJsIDogIg==\nJHN0cmluZzggPSAiXS5jcmVhdGVJbnN0YW5jZShDb21wb25lbnRzLmludGVyZmFjZXMubnNJTG9jYWxGaWxlKTsi\nJHN0cmluZzkgPSAiICB2YXIgYnN0cmVhbSAi\nJHN0cmluZzEwID0gIiBic3RyZWFtLnJlYWRCeXRlcyhzaXplKTsgIg==\nJHN0cmluZzExID0gIkBtb3ppbGxhLm9yZy9zdXBwb3J0cy1zdHJpbmc7MSI=\nJHN0cmluZzEyID0gIiAgdmFyIGNoYW5uZWwgIg==\nJHN0cmluZzEzID0gInRtcC5leGUi\nJHN0cmluZzE0ID0gIiAgaWYgKGNoYW5uZWwgaW5zdGFuY2VvZiBDb21wb25lbnRzLmludGVyZmFjZXMubnNJSHR0cENoYW5uZWwgIg==\nJHN0cmluZzE1ID0gIkBtb3ppbGxhLm9yZy9uZXR3b3JrL2lvLXNlcnZpY2U7MSI=\nJHN0cmluZzE2ID0gIiBic3RyZWFtLmF2YWlsYWJsZSgpKSB7ICI=\nJHN0cmluZzE3ID0gIl0uZ2V0U2VydmljZShDb21wb25lbnRzLmludGVyZmFjZXMubnNJSU9TZXJ2aWNlKTsgIg==\n', '17 of them', ' Eleonore Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(833, 'fragus_htm', 'JHN0cmluZzAgPSAiPkhlbGxvLCAi\nJHN0cmluZzEgPSAiaHR0cDovL3d3dy5jbGFudGVtcGxhdGVzLmNvbSI=\nJHN0cmluZzIgPSAidGhpcyB0ZW1wbGF0ZSB3YXMgY3JlYXRlZCBieSBCbDFuayBhbmQgaXMgZG93bmxvYWRhYmxlIGF0IDxCPkNsYW5UZW1wbGF0ZXMuY29tPEJSPjwvQj5SZXBsYWNlICI=\nJHN0cmluZzMgPSAiPjwvVEQ+PC9UUj48L1RBQkxFPiAi\nJHN0cmluZzQgPSAiSW1hZ2UyMSI=\nJHN0cmluZzUgPSAic2Nyb2xsYmFyIGV0Yy48QlI+PEJSPkVuam95LCBCbDFuazwvRk9OVD48L1REPjwvVFI+PC9UQUJMRT48QlI+PC9DRU5URVI+PC9URD48L1RSPiAi\nJHN0cmluZzYgPSAidG8gdGhpcyBXYXJDcmFmdCBUZW1wbGF0ZSI=\nJHN0cmluZzcgPSAiIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKSB4Ig==\nJHN0cmluZzggPSAiICAgIGlmIChhW2ldLmluZGV4T2YoIg==\nJHN0cmluZzkgPSAieC5vU3JjOyI=\nJHN0cmluZzEwID0gInguc3JjOyB4LnNyYyI=\nJHN0cmluZzExID0gIjxIVE1MPiI=\nJHN0cmluZzEyID0gIkZGRkZGRiI=\nJHN0cmluZzEzID0gIiBDRUxMU1BBQ0lORyI=\nJHN0cmluZzE0ID0gImltYWdlcy9sYXlvdXRub3JtYWxfMDMuZ2lmIg==\nJHN0cmluZzE1ID0gIjxUUj4gPFREICI=\nJHN0cmluZzE2ID0gIiBDRUxMUEFERElORyI=\n', '16 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(834, 'fragus_js', 'JHN0cmluZzAgPSAiKSk7RUxJNlEzUFoi\nJHN0cmluZzEgPSAiVkdoTlUycFdRbU15VVhoUFNGSTJUVE5DVkdWRVVYcFNSM2h1WW0xYWVFNVVhRmhYUkZJMFpGaENRVk14V2tSTlZHaDBWMGhaTkZaVll6QlhXRkpwVFZSb1ZGcEZVa2xhVkd4RyI=\nJHN0cmluZzIgPSAiZUZnd2VETmFlazVZWkRGa2FXRnRUbGhaYkRsbVYydEdhMDlWYTNwU01sRXlUMGR3U0ZGSVFsWlJibHBFWXpCS1JXTkZlR1pPVm14NlYwUlNVMUpFWXpKalJsWTBUVlk1U0ZrdyI=\nJHN0cmluZzMgPSAiVGtoWGEwWnJUMWhhTkdSRlNYaFJNM0JyVGtSb1ZHTXhaRUpTTW1jeVQwZHdObGt6U1RKWU0xcENZa1puTVZWcVFtcFdNRVpJWVVSWk5HRnVjR3BqYWxwbVpHdEdjMWRFUlhwVCI=\nJHN0cmluZzQgPSAiYnlLWktrcFpVPDwxOCI=\nJHN0cmluZzUgPSAiKTtDVWVyMHgi\nJHN0cmluZzYgPSAiYnpXUmVicFUzeUU+PjE2Ig==\nJHN0cmluZzcgPSAiUlVKRVdsVnZNR05zVlRWTk1FcE5XRE5hTkdKVlNrcFBSVUpyVWxWd1JWUXdRbE5hUjJjeVkwWldTRTVHYkRCUlZGWjVVakZuTWs5SFZsZE9XR2hNWVVkRmVsUklaRzVOTVdReiI=\nJHN0cmluZzggPSAiV25aU1ZHeHVUMVpTUmt3d2FGWlNlbFpHVW01R1JsSkZWVEJMVkhRMFVXeEtRMWRyZHpCaVdFSjVXa2hTZFZCdGRHOVhWV2Q2VFZWR1NHRkZlRFZUTWxrM1pVVktVMUZzY0UxTyI=\nJHN0cmluZzkgPSAiUW1aak1HTjRZakJDZDFveU9YQlVSVUpKWkVodk1GZFljR3RPYW1oRlYxWndVMDFHVmxaWmJYQnBVVVpLVjFscVRYcFdNREF3WTBkU05sRjZhRTFTZWtaNVpFYzRNRTlGZUV0TiI=\nJHN0cmluZzEwID0gIlNDcE1hV1hPdU1FKCI=\nJHN0cmluZzExID0gIlZqSktjVmt4WkdsWU1UbGhVVmRSTlZOVVRraGFSRmswWVdwc1lXSnNXa1JOVkdoMFYwaFpORlpWWXpCWFdGSjJUbTVDVm1GRVVscFdWbWhEVDBaV1YwNVlhREJSYTFaVFVrVXci\nJHN0cmluZzEyID0gIjI7fWVsc2V7WXVpaTM3RFdVIg==\nJHN0cmluZzEzID0gIkVMSTZRM1BaIg==\nJHN0cmluZzE0ID0gIlpVaE5OVlpZUWxabFJGWTBVVVpuTWs5SE1WbE9Sa3BGWWtSc05HTXhiRXBQUlVKU1RWWTVTR05FVGxsUFJYQjBZakJzYWxveVNuaFBWVlozVWtaV1FWZ3pUbGxPUkdnd1YwUlMi\nJHN0cmluZzE1ID0gIlMwNUdiRTFsYWxrMFZtMU9SbVZFV25wWGJFcFhaREJXYVU1dWJ6SmpSbGt6VmpGc2JGZ3dWbWxVUmxwdVlucENVRTVITlRCaFJGcGFWRVpyTVZGWVRqWk9ia0l3V1RCVk5FNHgi\nJHN0cmluZzE2ID0gIlZtNUNXRkZWWkc5T2FtaHhaVzFPZVU1c09USlJWM2haVFZST1NscEVXVFJWTTI5NFYxVlNVRkZGZEZkWmFsRTBXbFZqZUdOc1NtdE9ibWhCWVVSVk5GWlZaRUZqUmxaRFpHdE8i\nJHN0cmluZzE3ID0gIll1aWkzN0RXVTw8MTIi\nJHN0cmluZzE4ID0gIjt3aGlsZShoZG5SOWVvM3BaNkUzPFpaZUQzTGpKUS5sZW5ndGgpe2VNSW1HQiI=\n', '18 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(835, 'fragus_js2', 'JHN0cmluZzAgPSAiKEVMSTZRM1BaIg==\nJHN0cmluZzEgPSAiU25KVGJWSnFWMnRPYTA5VmJHWlNNSGN3WTBaV1ptUnJSakJqUkZZMFkzcHNWbU5HVmpST1dHaEJWMFJaTkdKV1p6QlZhMUo0VGpOQ1ZsZ3dWbWxoUmpreVpVUmFTMU5XT1VoaiI=\nJHN0cmluZzIgPSAiZUZnd2VETmFlazVZWkRGa2FXRnRUbGhaYkRsbVYydEdhMDlWYTNwU01sRXlUMGR3U0ZGSVFsWlJibHBFWXpCS1JXTkZlR1pPVm14NlYwUlNVMUpFWXpKalJsWTBUVlk1U0ZrdyI=\nJHN0cmluZzMgPSAiVlVwS1VWZFdTMDVJU2xaak1YQlRUVWRXUmxORlFtcGFNamxyVkRCQ1RGWXpZM3BaYkdScFpHNW9lbGRGVW5ka1NFMTZZakI0TTJKWFNuRlpNV1JwWlZZNGVsbHJlRE5hTWtvMSI=\nJHN0cmluZzQgPSAiKChZdWlpMzdEV1Ui\nJHN0cmluZzUgPSAiWVVSVk5GWlhVbGhqUmxaRFpHeHNRVko2VWxOYVJUbEJVekZrTTAweVNsaGlla1UwWkVobk1XTnJValpaTTBreVdETmFRbUpHWjNoTk1HeHJUbXBvVkdWcVJscGtTRVV5VjFkVyI=\nJHN0cmluZzYgPSAiU3RyaW5nLmZyb21DaGFyQ29kZShaWmVEM0xqSlEpO31lbHNlIGlmKFFJeVpzdnZiRW1WT3BwIg==\nJHN0cmluZzcgPSAiMSk7RUxJNlEzUFoi\nJHN0cmluZzggPSAiKSk7WXVpaTM3RFdVIg==\nJHN0cmluZzkgPSAiKTtDVWVyMHgi\nJHN0cmluZzEwID0gIlQxWmFRMDVJVWtSVFZHaHFUMVZXZDFaV09VcFJNbFpMWkc1b05sUXdRa3hXTTJONldXeGtRbVJyUmtGUFZtUjNWbFJzWVdKc1duTk9XR2hLVDFaa2VGWldhekZSYkVVMVVsWksi\nJHN0cmluZzExID0gIlRscGtNMnd4UzNsemNFeFVVVFJZVTJzNFVFaG9jRlZxUms5amF6QTNTVWRzYlV0SWFIQlZha1pQWTJzd2NHVjVRa2RXZWs1TlZubHpPVlZyU2tsV1ZFMHdWREowTmxwVFp6SlAi\nJHN0cmluZzEyID0gIlN0cmluZy5mcm9tQ2hhckNvZGUoKChlTUltR0Ii\nJHN0cmluZzEzID0gIlJHUkRVa1YwV0ZWNlZrSmtSa1Y0V0hwQ2FsWXdSa2hoUkZrMFlXNXdhbU5xV21aa2EwWnpWMFJhU1dFeFp6QlhXRVpEVWxac1FWcEVXa0pPTUVveVpVaHdkMWR1U2xSWFZFNUoi\nJHN0cmluZzE0ID0gIlNDcE1hV1hPdU1FKG1pMW1tOGJ1ODdyTDBXKTtldmFsKFBjaWkzaVZrMUFHKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPiI=\nJHN0cmluZzE1ID0gIll1aWkzN0RXVSI=\nJHN0cmluZzE2ID0gIll1aWkzN0RXVTw8MTIi\nJHN0cmluZzE3ID0gImVUVnpXbGMxYm1SSFozTkpSV2hXVW5wV1JsSnVSa1pTUlZVd1VGUkZkMDFxVVhOSlIyaFFWbFpzUlZKRlZteFZhWGRuWlVWS1UxRnNjRTFPUnpGM1kyMVNNR0pwZDJkU2JHTjYi\n', '17 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(836, 'fragus_js_flash', 'JHN0cmluZzAgPSAiZG9jdW1lbnQuYXBwZW5kQ2hpbGQoYmR5KTt0cnl7Zm9yIChpIg==\nJHN0cmluZzEgPSAiMDsgaTwxMDsgaSI=\nJHN0cmluZzIgPSAiZGVmYXVsdCI=\nJHN0cmluZzMgPSAidmFyIG0gIg==\nJHN0cmluZzQgPSAiL2csIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdkaXZpZCcpLmlubmVySFRNTCkpOyI=\nJHN0cmluZzUgPSAiIG4uc3Vic3RyaW5nKDAsci8yKTsi\nJHN0cmluZzYgPSAiZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2YnKS5pbm5lckhUTUwi\nJHN0cmluZzcgPSAiJ2F0aycgb25jbGljayI=\nJHN0cmluZzggPSAiZnVuY3Rpb24gTUFLRUhFQVAoKSI=\nJHN0cmluZzkgPSAiZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZGl2Jyk7Ig==\nJHN0cmluZzEwID0gIjxidXR0b24gaWQi\nJHN0cmluZzExID0gIi9nLCBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZGl2aWQnKS5pbm5lckhUTUwpOyI=\nJHN0cmluZzEyID0gImRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZ2cpOyI=\nJHN0cmluZzEzID0gInZhciBiZHkgIg==\nJHN0cmluZzE0ID0gInZhciBnZyI=\nJHN0cmluZzE1ID0gIiB1bmVzY2FwZShnZyk7d2hpbGUobi5sZW5ndGg8ci8yKSB7IG4i\n', '15 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(837, 'fragus_js_java', 'JHN0cmluZzAgPSAiST48L1hNTD48U1BBTiBEQVRBU1JDIg==\nJHN0cmluZzEgPSAic2V0VGltZW91dCgndnBhcml2YXRlbCgpJyw4MDAwKTtmdW5jdGlvbiB2cGFyaXZhdGVsKCl7ZG9jdW1lbnQud3JpdGUoJzxpZnJhbWUgc3JjIg==\nJHN0cmluZzIgPSAiSSBEQVRBRkxEIg==\nJHN0cmluZzMgPSAiIHVuZXNjYXBlKCI=\nJHN0cmluZzQgPSAiLCAxKTtzd2Yuc2V0QXR0cmlidXRlKCI=\nJHN0cmluZzUgPSAiZnVuY3Rpb24gWE1MTkVXKCl7dmFyIHNwcmF5ICI=\nJHN0cmluZzYgPSAidnBhcml2YXRlbC5waHAi\nJHN0cmluZzcgPSAiNikgKXtpZiAoIChsdiI=\nJHN0cmluZzggPSAiJ1dJTiA5LDAsMTYsMCcpIg==\nJHN0cmluZzkgPSAiZDovUHJvZ3JhbSBGaWxlcy9PdXRsb29rIEV4cHJlc3MvV0FCLkVYRSI=\nJHN0cmluZzEwID0gIjxYTUwgSUQi\nJHN0cmluZzExID0gIm5ldyBBY3RpdmVYT2JqZWN0KCI=\nJHN0cmluZzEyID0gIic3LjEuMCcpICl7U0hPV1BERignaWVwZGYucGhwIg==\nJHN0cmluZzEzID0gImZ1bmN0aW9uIFNXRigpe3RyeXtzdiI=\nJHN0cmluZzE0ID0gIidXSU4gOSwwLDI4LDAnKSI=\nJHN0cmluZzE1ID0gIkMgREFUQUZPUk1BVEFTIg==\nJHN0cmluZzE2ID0gIiBzaGVsbGNvZGU7eG1sY29kZSAi\nJHN0cmluZzE3ID0gImZ1bmN0aW9uIFNOQVBTSE9UKCl7dmFyIGEi\n', '17 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(838, 'fragus_js_quicktime', 'JHN0cmluZzAgPSAiICAgICAgICAgICAgICAgIHNldFRpbWVvdXQoIg==\nJHN0cmluZzEgPSAid25kLmxvY2F0aW9uIg==\nJHN0cmluZzIgPSAid2luZG93OyI=\nJHN0cmluZzMgPSAiICAgICAgICB2YXIgcGxzICI=\nJHN0cmluZzQgPSAiICAgICAgICBtZW1fZmxhZyAi\nJHN0cmluZzUgPSAiLCAxNTAwKTt9IGVsc2V7IFBSeXl0NE8zd3ZneigxKTt9Ig==\nJHN0cmluZzYgPSAiICAgICAgICAgfSBjYXRjaChlKSB7IH0i\nJHN0cmluZzcgPSAiIG1lbV9mbGFnKSBKUDdSWEx5RXUoKTsi\nJHN0cmluZzggPSAiIDB4NDAwMDAwOyI=\nJHN0cmluZzkgPSAiLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSI=\nJHN0cmluZzEwID0gIiAgICAgICAgaGVhcEJsb2NrcyAi\nJHN0cmluZzExID0gIiAgICAgICAgcmV0dXJuIG1tOyI=\nJHN0cmluZzEyID0gIjB4MzgpOyI=\nJHN0cmluZzEzID0gIiAgICAgICAgaCgpOyI=\nJHN0cmluZzE0ID0gIiBnZXRiKGIsYlNpemUpOyI=\nJHN0cmluZzE1ID0gImdldGZpbGUucGhwIg==\n', '15 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(839, 'fragus_js_vml', 'JHN0cmluZzAgPSAiIDB4MTAwMDAwOyI=\nJHN0cmluZzEgPSAiICAgICAgICAgICAgdmFyIGdnICI=\nJHN0cmluZzIgPSAiL2csIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdkaXZpZCcpLmlubmVySFRNTCkpOyI=\nJHN0cmluZzMgPSAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YXIgc3NzICI=\nJHN0cmluZzQgPSAiICAgICAgICAgICAgICAgIH0i\nJHN0cmluZzUgPSAiICAgICAgICAgICAgICAgICAgICAgICAgZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChvYmopOyI=\nJHN0cmluZzYgPSAiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YXIgaGJzICI=\nJHN0cmluZzcgPSAiIHNoY29kZTsgfSI=\nJHN0cmluZzggPSAiICc8ZGl2IGlkIg==\nJHN0cmluZzkgPSAiIGhicyAtIChzaGNvZGUubGVuZ3RoIg==\nJHN0cmluZzEwID0gIil7IG1baV0gIg==\nJHN0cmluZzExID0gIiB1bmVzY2FwZShnZyk7Ig==\nJHN0cmluZzEyID0gIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFyIHogIg==\nJHN0cmluZzEzID0gIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFyIGhiICI=\nJHN0cmluZzE0ID0gIiBNYXRoLmNlaWwoJzAnIg==\n', '14 of them', ' Fragus Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(840, 'phoenix_html', 'JHN0cmluZzEgPSAiJz48L2FwcGxldD48Ym9keSBpZCI=\nJHN0cmluZzIgPSAiPGFwcGxldCBtYXlzY3JpcHQi\nJHN0cmluZzMgPSAiL2dtaSxTdHJpbmcuZnJvbUNoYXJDb2RlKDIi\nJHN0cmluZzQgPSAiL2dtaSwnICcpLnJlcGxhY2UoLyI=\nJHN0cmluZzUgPSAicGU7aTs7Lmoxcy0+YyI=\nJHN0cmluZzYgPSAiZXM0RGV0Ig==\nJHN0cmluZzcgPSAiPHRleHRhcmVhPmZ1bmN0aW9uIg==\nJHN0cmluZzggPSAiLnJlcGxhY2UoLyI=\nJHN0cmluZzkgPSAiLmphcicgY29kZSI=\nJHN0cmluZzEwID0gIjtpRmM7ZnQnYiloe3Mi\n', '10 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(841, 'phoenix_html10', 'JHN0cmluZzAgPSAicGFlPmNyQWVhaG9pbEwi\nJHN0cmluZzEgPSAiRDExQzAwMDJDMDA2OTczM0U2MDY1NkY2NDYyMDcwRDAwMDQwMkRGRjIwMDY5NkUi\nJHN0cmluZzIgPSAibmJ0ZSliYm4i\nJHN0cmluZzMgPSAidjlvMTYsMCcpMEI4MDAwMjMyODIwMzspODJGMDAyMjNBMjE2aWZBMTYwQTI2MkE0NjIoYSI=\nJHN0cmluZzQgPSAiMDQ0MkRGRDJFMzBFQzgwRTQyRDJFMDBBQzNGM0Q1M0M5Q0FFQkZGN0UxRTgwNTA4MEIwNDQwNTdDQjFDMEVGN0YyNjNEQzY0RTBDQkU0N0MyQTIxRTM3MEVFNEEi\nJHN0cmluZzUgPSAiOylucGVpdHMwZS51dnI7XVt0dnIi\nJHN0cmluZzYgPSAiNDMzRUJFOTAyNDIwMDNFMDBDNjA2RDA0MDM2NTYzNDM1ODA1MDAwMTAyMDAwdjAyMEU2NTZ3YS5pMTE4LDAnLDlGOTAyRjI4MjYyMCcnQzYyMDIyNjQ2NjYwfXtBNzgwMjMyQSI=\nJHN0cmluZzcgPSAiMzUwO3ZhciB5c2p6eXEi\nJHN0cmluZzggPSAiYVNtZCdsbS90L2ltLn1kLi1MamcsbC0i\nJHN0cmluZzkgPSAiMDAxNzY4N0Y2MTY0NzA2RTY5NjcwNjAwMDIwMDgxMDEnMjE3NjA0NWNrYiI=\nJHN0cmluZzEwID0gIjYzKGRjbWEpbmVubjg2OSI=\nJHN0cmluZzExID0gIicpLnJlcGxhY2UoLyI=\nJHN0cmluZzEyID0gInhkJ2MwbHJsczA5c2FyZSI=\nJHN0cmluZzEzID0gIihddC4oN3UoPHAi\nJHN0cmluZzE0ID0gImR7ZXQ7YmRCY3JpWXRjOmVheUYyMCdGNjI7MjNDNEFBQkEzQjg0RkUyMUMyQjBCMDY2QzAwMzhCODM1M0FGNUMwQjRERjhGRjQzRTg1RkI2RjA1Q0VDNDA4MDIzNkYzQ0RFNkUi\nJHN0cmluZzE1ID0gIi92YXIgYW5vdGhlcjs8L3RleHRhcmVhPiI=\nJHN0cmluZzE2ID0gIkZhNTI3NDk2QzYyZVNoSG1hcihiQSxwUGVjIg==\nJHN0cmluZzE3ID0gIkZhQTI0NEE2NzZDLDE1MGU2MkE1QjJCNjEsJzJGIg==\n', '17 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(842, 'phoenix_html11', 'JHN0cmluZzAgPSAiRCcwMDA5RjBDNjk0MTYxN0M0MzQyN0E3NjA4MDAwMTAwMEY0NzAyMEM2MDZ2b2x2OTksMCw2LCI=\nJHN0cmluZzEgPSAiJzspbldkIg==\nJHN0cmluZzIgPSAiSVcnZWVDbilzLmE5ZTswQ0YzMDBGRjM3OTAxMTA3OEUwNDc4NzM3NTQxNjM2MzY5NjA0OTYyNzA0ODYyNjQ0MTY0NTU3NDdENjk3Mzc4MTIwNjAyMDkwMTEzMDEwMTAxMDREMCI=\nJHN0cmluZzMgPSAiRDhENTFGNTEwMDAxOTAwNkQ2MDY2N0YyRTA1Njk0MDE3MEUwMTAxMDc0NyI=\nJHN0cmluZzQgPSAiNTE1RjJGNDM2V2VtQmgyQTQ1NjA2ODNhRmFub2kodXRzZS5vMS9mO3Bpc3RlbHppIg==\nJHN0cmluZzUgPSAiL3AoZS9vYWgpRkh3J2FhYXJEc253aS0i\nJHN0cmluZzYgPSAiQ09hNTA2dSVkYjEwdSUxMDU3dSVmODUwdSVmNTAwdSUwNjgzdSUwNWE4dSUwMDMwdSUwNzA2dSVkMzAwdSU1ODVkdSUzOGQwdSUwMDgwdSU1NjEydSd1JUEyRGRGNnUlMU06LiI=\nJHN0cmluZzcgPSAiUyh5dClEaiI=\nJHN0cmluZzggPSAiRmFBMjYyODUzMjUsMTUwZTgyOTJBNjk2OCwnMkYi\nJHN0cmluZzkgPSAiMDIwMGV7YjwwOkQ+cjVkNHUlYzAwNXUlMDAyOHUlMjUxZXUlYTA5NXUlNjAyOHUlMDAyOHUlMjUwMHUlZjdmN3UlNzBkN3UlMjAyNXUlOTAwOHUlMDhmOHUlYzYwN3VzdSUzNyI=\nJHN0cmluZzEwID0gIihtRXRsbHRvcG97e2Ui\nJHN0cmluZzExID0gImFTbWQnbG0vdC9pbS59ZC4tTGpnLGwtIg==\nJHN0cmluZzEyID0gInIpQzRzbmZhcGZ1b30i\nJHN0cmluZzEzID0gIicpLnJlcGxhY2UoLyI=\nJHN0cmluZzE0ID0gIkEyODJBNWlmQTE2MEYyNjI4MjA2KGEi\nJHN0cmluZzE1ID0gIm9ibjBjZiI=\nJHN0cmluZzE2ID0gImQoaSdDKXJ0ci4ncHZpZilpdjFpbFcpUygoTHRsLikyLDAsOTswc2Ui\nJHN0cmluZzE3ID0gIkUyM3MzMDAzNDc2QjE4NzAzQzE3OTM5NkQwOEI4NDFCQzU1NEYxMTY3OEYwRkVCOTUwNUZCMzU1RTA0NEYzM0E1NDBGNjE3NDM3MzgzMjdFMzJEOTdEMDcwRkEzN0Q4N3MwMDAi\nJHN0cmluZzE4ID0gIjYwMzc0MkU1NDU5MDQ1NzUnMjk0RTIwNjgwLDZGOTAyRTI5MkE2MCcnRTYyMDJBNEU2NDY4fSxlKSl0ZXAi\n', '18 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(843, 'phoenix_html2', 'JHN0cmluZzAgPSAiUGVjLmxpbHNEKUUpaS1nb25QKG1nZ2UuZU9tbiI=\nJHN0cmluZzEgPSAiKHRydDtvbyI=\nJHN0cmluZzIgPSAiYWNlZUM6MGgi\nJHN0cmluZzMgPSAiVnViYi5vZWMubilhLiI=\nJHN0cmluZzQgPSAidDtveyhic3BkfWNpOjBPT1tnKGNmamRofTFzTn1udG5ybHQ7MHB3ZnstIg==\nJHN0cmluZzUgPSAic2VpZXJiKWdNbGUofWV2O2lzeyhiO2dhIg==\nJHN0cmluZzYgPSAiZSl9aWZ0Ig==\nJHN0cmluZzcgPSAiRHVke3J0Ig==\nJHN0cmluZzggPSAiYmxlY3JvZWVseX1kaXVGSS0i\nJHN0cmluZzkgPSAidHRlY110ciI=\nJHN0cmluZzEwID0gImZTZ2NzbyI=\nJHN0cmluZzExID0gImVpZy50KWVSe3R9YWVlc2JkdGJsezFzciltIg==\nJHN0cmluZzEyID0gIikufW4sUmFhLnMi\nJHN0cmluZzEzID0gInNMdGZjYi5ucmZ7V2lhbnRzY25jYWQxYWMpc2NiMGVvXX1EaXV1KG5hciI=\nJHN0cmluZzE0ID0gImR4Yy4sOnRmcih1Y3hSbiI=\nJHN0cmluZzE1ID0gImVEbm5mb3JieXJpKHRibW5zKS5baS5lZTtkbChhTmltcChsKGhbdVt0aTt1KSI=\nJHN0cmluZzE2ID0gIn10bilpe2VicixfLm5zKE5lcywsZ20oYXIudCI=\nJHN0cmluZzE3ID0gImxdaXR9TihwZTMsaWFhTGRzLilscWVhOlBzMDBIYztbe0V1aWhsYylMaUxJIg==\n', '17 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(844, 'phoenix_html3', 'JHN0cmluZzAgPSAibXRmbGEvLClhc2FmKSd9Ig==\nJHN0cmluZzEgPSAiNzIyNjdFN0MnQTMwMzVDRkM0MTVERkFBQTgzNEIyMDhEOEMyMzBGRDMwM0UyRUZGRTM4NkJFMDU5NjBDNTg4QzZFODU2NTA3NDZFNjkwQzM5RjcwNkY5N0RDNzQzNDlCQTEzNCI=\nJHN0cmluZzIgPSAiTidlaXVpN0Y2ZTYxN2UwMEYxNDVBMDAyNjQ1RTUyN0JGRjI2NDg0MkY4NzdCMkZGQzFGRTg0QkNDNkE1MEYwMzA1QjVCMEMzNkEwMTlGNTM2NzRGRDREMzczNkM0OTRCRDVDMiI=\nJHN0cmluZzMgPSAibG5kbH19KTw+Ig==\nJHN0cmluZzQgPSAib3RvZGN9O2I8MDpEPnI1ZDR1JWMwMDV1JTAwMjh1JTI1MWV1JWEwOTV1JTYwMjh1JTAwMjh1JTI1MDB1JWY3Zjd1JTcwZDd1JTIwMjV1JTkwMDh1JTA4Zjh1JWM2MDd1c3UlMyI=\nJHN0cmluZzUgPSAidHVKYWJvYW9wYiI=\nJHN0cmluZzYgPSAiYSh2eGZ7cCd0U293YS5pLDFOSVdtKCI=\nJHN0cmluZzcgPSAiMjAwNGV0Ig==\nJHN0cmluZzggPSAiMjA1NHN0dEU1MzU2NDk2NDc4Ig==\nJHN0cmluZzkgPSAieWklQSUlQSUlQSUlQSVDdmxkMyw1MzE0LDAwNCw2MjExLDkzMSwsLDAxMTM5NDYxNyw5ODMsMTE1NCw1LDEsLDEsMSwxMywwOCw0MzA0LDEi\nJHN0cmluZzEwID0gIjBvdmVsMDRlcnZFZWllZWVtKWgpKUIoaWhzQUU7dSUwNGI4dSUxYzA4dSUwZTUwdSVhMDAwdSUxMDEwdSU0MDAwdSUyMGFmdSUwMDA2dSUyNDc4dSUwMDIwdSUxMDY1dSUyMTAi\nJHN0cmluZzExID0gIi9nbWksU3RyaW5nLmZyb21DaGFyQ29kZSgyIg==\nJHN0cmluZzEyID0gIm5jQmNhb2N0YS55ZSI=\nJHN0cmluZzEzID0gIjAyMDEwMTAwMzAwMDRBMDMzMTAyMDkwO25hIg==\nJHN0cmluZzE0ID0gIjY2dSUwKGVjJ2h7aWlzJSVBJSVBJSVBJSVBJWZyUzEsLDgxODcsMSw0LDExLDkxNTE2LCw2MSwsMTA4NDEsMSwxMywsLDExMjQ4LDAxODE4ODQ5LDIzLCwsLDc5MW1laXRzMGUi\nJHN0cmluZzE1ID0gIkQxMUMwMDAyQzAwNjk3MzNFNjA2NTZGNjQ2MjA3MEQwMDA0MDJERkYyMDA2OTZFIg==\nJHN0cmluZzE2ID0gIjgxMHAweTk4Ig==\nJHN0cmluZzE3ID0gIjksMCxlJ0ZtNjkyRTU4Mzc2MCI=\nJHN0cmluZzE4ID0gIjU3Nzg0MjM0NjMzYSkodSI=\n', '18 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(845, 'phoenix_html4', 'JHN0cmluZzAgPSAiL2RyLnBocCI=\nJHN0cmluZzEgPSAiQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQSI=\nJHN0cmluZzIgPSAibGF1bmNoam5scCI=\nJHN0cmluZzMgPSAiY2xzaWQ6Q0FGRUVGQUMtREVDNy0wMDAwLTAwMDAtQUJDREVGRkVEQ0JBIg==\nJHN0cmluZzQgPSAidXJsbW9uLmRsbCI=\nJHN0cmluZzUgPSAiPGJvZHk+Ig==\nJHN0cmluZzYgPSAiIGRvY2Jhc2Ui\nJHN0cmluZzcgPSAiPC9odG1sPiI=\nJHN0cmluZzggPSAiIGNsYXNzaWQi\nJHN0cmluZzkgPSAiQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEi\nJHN0cmluZzEwID0gIjYzQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEi\nJHN0cmluZzExID0gIjwvb2JqZWN0PiI=\nJHN0cmluZzEyID0gImFwcGxpY2F0aW9uL3gtamF2YS1hcHBsZXQi\nJHN0cmluZzEzID0gImphdmFfb2JqIg==\n', '13 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(846, 'phoenix_html5', 'JHN0cmluZzAgPSAiZHRlc3V9Ig==\nJHN0cmluZzEgPSAiPHRleHRhcmVhPmZ1bmN0aW9uIGd2Z3N4b3koZ3djcWcxKXtyZXR1cm4gZ3djcWcxLnJlcGxhY2UoLyI=\nJHN0cmluZzIgPSAidn1BaG5oeHdldCI=\nJHN0cmluZzMgPSAiMDEyNUM2QkJBMkI4NEY3QTFEMjk0MEMwNEM4Qjc0NDlBNDBFRUIwRDE0QzgwMDM1MzVDMDA0MkQ3NUUwNUYwRDdGM0UwQTdCNEUzM0VCNEQ4RDQ3MTE5MjkwRkMi\nJHN0cmluZzQgPSAiYTJGczIzMjUyMjM4NjllJ0ZtMjg3MzM2NzEzMCI=\nJHN0cmluZzUgPSAibTAwMDBGMEY2RTY2NjA3QzcxNjQ2RjY2MDcwMDAxMDdGQTYxMDIxRjYwNjAoYWVXV0lOIg==\nJHN0cmluZzYgPSAiKShyPmhkMS9kTmFzbWQoZnBhcyI=\nJHN0cmluZzcgPSAiOSwwLGUnRm02OTJFNTgzNzYwIg==\nJHN0cmluZzggPSAiNXVkKGRpcyI=\nJHN0cmluZzkgPSAibmFjbWFtYnVudGNtaSI=\nJHN0cmluZzEwID0gIkZhMDc4NTk3NDY3LDFDMGU2NzQzNjY4NzEsJzJGIg==\nJHN0cmluZzExID0gIkZhNTZGMzg2QTc2LDE4MGU4Mjg1OTIwMjQsJzJGIg==\nJHN0cmluZzEyID0gImFsQSkoMmF2b3lPaTtpYyl0Nl0pdGVwdHAsYW59dG52MGknZm1zPHVpYyI=\nJHN0cmluZzEzID0gImlSJ25hbmRlZSI=\nJHN0cmluZzE0ID0gIignMC5hRWEtOWxlYWwi\nJHN0cmluZzE1ID0gImJzRDBzZUYi\nJHN0cmluZzE2ID0gInQuY2syNjMvNkYzYTAwMUNFN0EyNjg0MDY3Rjk4QkVDMThCNzM4ODAxRUYxRjdGN0U0OUEwODg2OTUwNTBDMDAwODY1RkMzODA4MEZFMjM3MjdFMEU4REU5Q0I1M0U3NDg0NzIi\n', '16 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(847, 'phoenix_html6', 'JHN0cmluZzAgPSAiRjRCNkIyRTY3KUE3ODBBMzczQTYzMzthc3QyMzE2MzYzNjc3ZmEnZXM2RjM2MzUyNDQi\nJHN0cmluZzEgPSAicGlpYS5hfXJuZWVjYy5jbnVvaXIi\nJHN0cmluZzIgPSAiMDQ0OEQ1QTU0QkUxMEE1REE2MjgxMDBBQzNGM0Q1M0M5Q0FFQkZGN0UxRTgwNTA4MEIwNDQwNTdDQjFDMEVGN0YyNjNEQzY0RTBDQkU0N0MyQTIxRTU1RTlFQTYyMDAwMDEwNiI=\nJHN0cmluZzMgPSAiXSxlbkVuLi5vIg==\nJHN0cmluZzQgPSAibzsxKClzbmEi\nJHN0cmluZzUgPSAiKGVyZXMoMC4sIg==\nJHN0cmluZzYgPSAifWZzMmhlfW8udCI=\nJHN0cmluZzcgPSAiZid1Pmppc2NoMzspSWUpQydlTyI=\nJHN0cmluZzggPSAicmVmaGlhY2VpIg==\nJHN0cmluZzkgPSAiMDAyNjYzMjUyOChzQ0U3QTI2ODQwNjdGOThCRUMxczAwMDAwRjUxMkZtMjg2NjMxNjY2Ig==\nJHN0cmluZzEwID0gInZldiU4MGI0dSVlZTE4dSUyOGI4dSUyNjE3dSU1YzA4dSUwZTUwdSVhMDAwdSU5MDA2dSU3NmVmdSViMWNidSViYTJmdSU2ODUwdSUwNTI0dSU5NzIwdSVmNzA8fTFtc2E5NTAi\nJHN0cmluZzExID0gInBkdSx4emlpZW4saWUi\nJHN0cmluZzEyID0gInJyKWw7Lil2ci5uYmwi\nJHN0cmluZzEzID0gImlpKXJ1Y2NzKTFlIg==\nJHN0cmluZzE0ID0gIkYzMDQ3NjczNzkzMGFuRDx0QWhuaHh3ZXQi\nJHN0cmluZzE1ID0gIil5ZnsoZWUuLmVybmVlZiI=\nJHN0cmluZzE2ID0gImllaWlYdU1rQ1N3ZXRFZXQi\nJHN0cmluZzE3ID0gIkYzMDg0NzdFN0E3aXRtZSI=\n', '17 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(848, 'phoenix_html7', 'JHN0cmluZzAgPSAiRUJGMGEwMDAxQjA1RDI2NjUwMzA0NkM3QTQ5MUEwQzAwMDQ0RjAwMDIwMzVEMEQwdHdsJydXSU4i\nJHN0cmluZzEgPSAiYWg4MDY3MjUyODY1NyI=\nJHN0cmluZzIgPSAibik7dGN0dClFbHRjKERqIg==\nJHN0cmluZzMgPSAiO2NudDI8dEVmIg==\nJHN0cmluZzQgPSAiaXdrbmUpe2J2ZnZnemc1Ig==\nJHN0cmluZzUgPSAiLi4nYW57ZWEtRWN0JzgtaHVKLikvbCcvdENhYWF9PEN0OTVsIg==\nJHN0cmluZzYgPSAiJ1dJV2hhRnRGNjYyRjY1NzdJc2VGZTQyNzM0NzYzNyI=\nJHN0cmluZzcgPSAiZGRUaDc1ZXsi\nJHN0cmluZzggPSAiQWUnbiwsOSI=\nJHN0cmluZzkgPSAiJUU3RTNWZW10eWki\nJHN0cmluZzEwID0gImNmJ3RyZXJhbiI=\nJHN0cmluZzExID0gIm5jQmNhb2N0YS55ZSI=\nJHN0cmluZzEyID0gIiknMCxwOGsi\nJHN0cmluZzEzID0gIjA7e3RjNEZ9YztlcHRkcGR1b0N1dWVkUGw4MGV2RCI=\nJHN0cmluZzE0ID0gImlxLHEsTmQobmNjZnInQmVhcmMnbkJ0cHci\nJHN0cmluZzE1ID0gIjspbnBlaXRzMGUudXZoRiRJJyI=\nJHN0cmluZzE2ID0gIm52YXNhaTAuLSI=\nJHN0cmluZzE3ID0gImxtenYnaXMnIg==\n', '17 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(849, 'phoenix_html8', 'JHN0cmluZzAgPSAiMHg1KSkucmVwbGFjZSgvIg==\nJHN0cmluZzEgPSAiJUElJUElJW5jKCwxNDUsOSw4NDAzNywxNzExLCw0MTIxLDU2LDEsLDA1MDUsLDY1MSwsMyw1MTQxMDEsMDEsMjksNzg2OCw5MCI=\nJHN0cmluZzIgPSAiL2dtaSxTdHJpbmcuZnJvbUNoYXJDb2RlKDIi\nJHN0cmluZzMgPSAidHVydDtvbylzIg==\nJHN0cmluZzQgPSAiOTE7dmFyIGp0ZHBhciI=\nJHN0cmluZzUgPSAiUigsMTMsNyw2Myw0ODE0MDYwMSw1MDU3LCwzMTksLDYsMSwxLDIsLDExMCwwLDEwMTExNzEsMjMxOSwsLCwxMHZFQXMpdGZtbmV5ZWglQSUlQSUlQSUlQSVzPHU5MSw0NjkzLCI=\nJHN0cmluZzYgPSAieSUlQSUlQSUlQSUlQS5tZW8yMTExNyw3LDEsLDEwLDEsOSw4LDEsOSwxMDAsNiwxNDEwMDMsNzQxODEsMTYzLDQ0MTExNCw0MywyMDcsLHJlbWMndXQi\nJHN0cmluZzcgPSAiZXBqdGpxZSl7anRkcGFyIg==\nJHN0cmluZzggPSAiL2dtaSwnIg==\nJHN0cmluZzkgPSAiPGZvbnQ+PC9mb250Pjxib2R5IGlkIg==\nJHN0cmluZzEwID0gIiBlcGp0anFlOyBmcWN6aSA+IDA7IGZxY3ppLS0pe2ZvciAoYndqbWdsNyAi\nJHN0cmluZzExID0gIm5idGUpYmIoZWdzJUElJUElJUElJUElJW0i\nJHN0cmluZzEyID0gImZ2Qzk2MTQxNjUsLCwxLDE4MDExNTEwMzAsLDAsLDQ4NzY0MTExNCwsMSwxNDEsOTE0ODEwMDM2LCw4ODgsMjAxdGUuKSdldGRjOnlzYUElJUElJUElJUElJTVzYW8sNjEsMCwi\nJHN0cmluZzEzID0gIih0aUFtcmR7L3RuQSUlQSUlQSUlQSUlQWlpbjExLCwxNjM3LDM0MTkxLDYyNjk1ODMxNCwxMTAwNywsNjExNDUsNDExLDcsOSwxODIxLCw0Myw4MzExLDI2O2QnZWJ0LmR5dnMi\nJHN0cmluZzE0ID0gIkElJUElJUElJUFvIg==\nJHN0cmluZzE1ID0gImhya3N5d2QoY3Brd2lzazQpOy8i\nJHN0cmluZzE2ID0gIjs8L3NjcmlwdD4i\n', '16 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(850, 'phoenix_html9', 'JHN0cmluZzAgPSAidHV0ZSliYnI6Ig==\nJHN0cmluZzEgPSAibmZobyh0Z2hSeCI=\nJHN0cmluZzIgPSAiKClpcmZFL1J0Li5jT2NDIg==\nJHN0cmluZzMgPSAiTmNFbmV2YmYi\nJHN0cmluZzQgPSAiNjNGQjhCNDI5NkJCQzI5MEEwLicwMDAwMDc5J0ZoMjAyMTZCNkE2YXJBOzwi\nJHN0cmluZzUgPSAid0hlKGNMbnlleWV0KGEuaSxyLnsuLiI=\nJHN0cmluZzYgPSAidHV0ZSliYmRmaWlpeCdiY3Ii\nJHN0cmluZzcgPSAiaXRpZmRmKWQxTDJmJ2FzYXUlZDAwNHUlOGUwMHUlMDQxOXUlYTU4ZHUlMjA5M3UlZWMxMHUlMDA1MHUlMDBkNHUlNDYyMnUlYmNkMXUlYjFjZXUlNTAwMHUlZjdmNXUlNTYwNiI=\nJHN0cmluZzggPSAiMkY0NjkzNTI5NzgzJzgyRjA3NjY3NkMzOCd0ZSI=\nJHN0cmluZzkgPSAic20odGVvZW9pKWNmaCkpcGlobmlwZWVlb30uLCguKCgi\nJHN0cmluZzEwID0gImFvKW50YXZsbGx7KSl5bmxjb2l4fWhpTi5pbCd0ZXMxYWQpYm07Ig==\nJHN0cmluZzExID0gImkpfW0wZihlQ2xlaSgvdGUi\nJHN0cmluZzEyID0gIn1hZXRzYyI=\nJHN0cmluZzEzID0gImlyZWZuaWcucFQi\nJHN0cmluZzE0ID0gImEwbXJJaWYvdGJuZSwod3NrLCI=\nJHN0cmluZzE1ID0gIjUwMEYxNEIwNjAwMDAwMDYzMEU2QjcyNjM2RjYwNjMyQzZFNzExQzZFNzYyRTY0NkYxNDdGNDQ3NjdGNjUwQTA4MDQwNjE5MDEwMjAwMDkwMDZCMTIwMDA1QTIwMDZMIg==\nJHN0cmluZzE2ID0gIi5oQi5Dc2YpZGRlU3Mi\nJHN0cmluZzE3ID0gInRubmUsSVBkNExlIg==\nJHN0cmluZzE4ID0gImhNZGFyYyduQnRwdyI=\n', '18 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(851, 'phoenix_jar', 'JHN0cmluZzAgPSAici5KTSxJTSI=\nJHN0cmluZzEgPSAicVgkOCRhIg==\nJHN0cmluZzIgPSAiTUVUQS1JTkYvc2VydmljZXMvamF2YXguc291bmQubWlkaS5zcGkuTWlkaURldmljZVByb3ZpZGVyNSI=\nJHN0cmluZzMgPSAiYS5jbGFzc1BLIg==\nJHN0cmluZzQgPSAiNjtcXFFdUSI=\nJHN0cmluZzUgPSAiaFtzXSBYIg==\nJHN0cmluZzYgPSAiVG9vbHNEZW1vU3ViQ2xhc3MuY2xhc3NQSyI=\nJHN0cmluZzcgPSAiYS5jbGFzcyI=\nJHN0cmluZzggPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUZQSyI=\nJHN0cmluZzkgPSAiVG9vbHNEZW1vU3ViQ2xhc3MuY2xhc3NlTyI=\nJHN0cmluZzEwID0gIk1FVEEtSU5GL3NlcnZpY2VzL2phdmF4LnNvdW5kLm1pZGkuc3BpLk1pZGlEZXZpY2VQcm92aWRlclBLIg==\n', '10 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(852, 'phoenix_jar2', 'JHN0cmluZzAgPSAiYTY2ZDU3OGYwODQuY2xhc3NlUSI=\nJHN0cmluZzEgPSAiYTRjYjliMWE4YTUuY2xhc3Mi\nJHN0cmluZzIgPSAiKXN6TnVcXE11dEsi\nJHN0cmluZzMgPSAicUNDd0JVIg==\nJHN0cmluZzQgPSAiTUVUQS1JTkYvTUFOSUZFU1QuTUYi\nJHN0cmluZzUgPSAiUVIsR09YIg==\nJHN0cmluZzYgPSAiYWI1NjAxZDQ4NDguY2xhc3NtVCI=\nJHN0cmluZzcgPSAiYTZhN2E3NjBjMGVbIg==\nJHN0cmluZzggPSAiMlpVS1tMIg==\nJHN0cmluZzkgPSAiMlZUKEF1NSI=\nJHN0cmluZzEwID0gImE2YTdhNzYwYzBlUEsi\nJHN0cmluZzExID0gImFhNzlkMTAxOWQ4LmNsYXNzIg==\nJHN0cmluZzEyID0gImFhNzlkMTAxOWQ4LmNsYXNzUEsi\nJHN0cmluZzEzID0gIk1FVEEtSU5GL01BTklGRVNULk1GUEsi\nJHN0cmluZzE0ID0gImFiNTYwMWQ0ODQ4LmNsYXNzUEsi\n', '14 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(853, 'phoenix_jar3', 'JHN0cmluZzAgPSAiJz4gPiQ+Ig==\nJHN0cmluZzEgPSAiYnBhYy9QSyI=\nJHN0cmluZzIgPSAiYnBhYy9wdXJvayQxLmNsYXNzbVBdSyI=\nJHN0cmluZzMgPSAiYnBhYy9LQVZTLmNsYXNzbVEi\nJHN0cmluZzQgPSAiJ24gbiRuIg==\nJHN0cmluZzUgPSAiYnBhYy9wdXJvayQxLmNsYXNzUEsi\nJHN0cmluZzYgPSAiJC40YVgsR3Q8Ig==\nJHN0cmluZzcgPSAiYnBhYy9LQVZTLmNsYXNzUEsi\nJHN0cmluZzggPSAiYnBhYy9iLmNsYXNzUEsi\nJHN0cmluZzkgPSAiYnBhYy9iLmNsYXNzIg==\n', '9 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(854, 'phoenix_pdf', 'JHN0cmluZzAgPSAiMDAwMDAwMDI1NCAwMDAwMCBuIg==\nJHN0cmluZzEgPSAiMDAwMDAwMDI5NSAwMDAwMCBuIg==\nJHN0cmluZzIgPSAidHJhaWxlcjw8L1Jvb3QgMSAwIFIgL1NpemUgNz4+Ig==\nJHN0cmluZzMgPSAiMDAwMDAwMDAwMCA2NTUzNSBmIg==\nJHN0cmluZzQgPSAiMyAwIG9iajw8L0phdmFTY3JpcHQgNSAwIFIgPj5lbmRvYmoi\nJHN0cmluZzUgPSAiMDAwMDAwMDEyMCAwMDAwMCBuIg==\nJHN0cmluZzYgPSAiJVBERi0xLjAi\nJHN0cmluZzcgPSAic3RhcnR4cmVmIg==\nJHN0cmluZzggPSAiMDAwMDAwMDA2OCAwMDAwMCBuIg==\nJHN0cmluZzkgPSAiZW5kb2JqeHJlZiI=\nJHN0cmluZzEwID0gIik2IDAgUiBdPj5lbmRvYmoi\nJHN0cmluZzExID0gIjAwMDAwMDAwMTAgMDAwMDAgbiI=\n', '11 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(855, 'phoenix_pdf2', 'JHN0cmluZzAgPSAiXFxuUWI8JSI=\nJHN0cmluZzEgPSAiMDAwMDAwMDI1NCAwMDAwMCBuIg==\nJHN0cmluZzIgPSAiOlMzPnYwJEVGIg==\nJHN0cmluZzMgPSAidHJhaWxlcjw8L1Jvb3QgMSAwIFIgL1NpemUgNz4+Ig==\nJHN0cmluZzQgPSAiJVBERi0xLjAi\nJHN0cmluZzUgPSAiMDAwMDAwMDAwMCA2NTUzNSBmIg==\nJHN0cmluZzYgPSAiZW5kc3RyZWFtIg==\nJHN0cmluZzcgPSAiMDAwMDAwMDAxMCAwMDAwMCBuIg==\nJHN0cmluZzggPSAiNiAwIG9iajw8L0pTIDcgMCBSL1MvSmF2YVNjcmlwdD4+ZW5kb2JqIg==\nJHN0cmluZzkgPSAiMyAwIG9iajw8L0phdmFTY3JpcHQgNSAwIFIgPj5lbmRvYmoi\nJHN0cmluZzEwID0gIn1wcjJJRSI=\nJHN0cmluZzExID0gIjAwMDAwMDAxNTcgMDAwMDAgbiI=\nJHN0cmluZzEyID0gIjEgMCBvYmo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIgL05hbWVzIDMgMCBSID4+ZW5kb2JqIg==\nJHN0cmluZzEzID0gIjUgMCBvYmo8PC9OYW1lc1soIg==\n', '13 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(856, 'phoenix_pdf3', 'JHN0cmluZzAgPSAidHJhaWxlcjw8L1Jvb3QgMSAwIFIgL1NpemUgNz4+Ig==\nJHN0cmluZzEgPSAic3RyZWFtIg==\nJHN0cmluZzIgPSAiO19vSTV6Ig==\nJHN0cmluZzMgPSAiMDAwMDAwMDAxMCAwMDAwMCBuIg==\nJHN0cmluZzQgPSAiMyAwIG9iajw8L0phdmFTY3JpcHQgNSAwIFIgPj5lbmRvYmoi\nJHN0cmluZzUgPSAiNyAwIG9iajw8L0ZpbHRlclsgL0ZsYXRlRGVjb2RlIC9BU0NJSUhleERlY29kZSAvQVNDSUk4NURlY29kZSBdL0xlbmd0aCAzMzI0Pj4i\nJHN0cmluZzYgPSAiZW5kb2JqeHJlZiI=\nJHN0cmluZzcgPSAiTCV9Z0UoIg==\nJHN0cmluZzggPSAiMDAwMDAwMDE1NyAwMDAwMCBuIg==\nJHN0cmluZzkgPSAiMSAwIG9iajw8L1R5cGUvQ2F0YWxvZy9QYWdlcyAyIDAgUiAvTmFtZXMgMyAwIFIgPj5lbmRvYmoi\nJHN0cmluZzEwID0gIjAwMDAwMDAxMjAgMDAwMDAgbiI=\nJHN0cmluZzExID0gIjQgMCBvYmo8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSIC9Db250ZW50cyAxMiAwIFI+PmVuZG9iaiI=\n', '11 of them', ' Phoenix Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(857, 'sakura_jar', 'JHN0cmluZzAgPSAiUm90b2suY2xhc3NQSyI=\nJHN0cmluZzEgPSAibm5ub2xnIg==\nJHN0cmluZzIgPSAiWCRaJ1xcNF49YUViSWRVbWlwcnN4dH12PCI=\nJHN0cmluZzMgPSAiKClMamF2YS91dGlsL1NldDsi\nJHN0cmluZzQgPSAiKExqYXZhL2xhbmcvU3RyaW5nOylWIg==\nJHN0cmluZzUgPSAiTGphdmEvbGFuZy9FeGNlcHRpb247Ig==\nJHN0cmluZzYgPSAib29veTMyIg==\nJHN0cmluZzcgPSAiVG9vLmphdmEi\nJHN0cmluZzggPSAiYmJmd2tkIg==\nJHN0cmluZzkgPSAiTGphdmEvbGFuZy9Qcm9jZXNzOyI=\nJHN0cmluZzEwID0gImdldFBhcmFtZXRlciI=\nJHN0cmluZzExID0gImxlbmd0aCI=\nJHN0cmluZzEyID0gIlNpbWlvLmphdmEi\nJHN0cmluZzEzID0gIkxqYXZheC9zd2luZy9KTGlzdDsi\nJHN0cmluZzE0ID0gIi0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsi\nJHN0cmluZzE1ID0gIkxqYXZhL2lvL0lucHV0U3RyZWFtOyI=\nJHN0cmluZzE2ID0gInZmbm5ucm9mLmV4bm5ucm9lIg==\nJHN0cmluZzE3ID0gIk9sc25uZnci\n', '17 of them', ' Sakura Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(858, 'sakura_jar2', 'JHN0cmluZzAgPSAiZ2V0UHJvcGVydHki\nJHN0cmluZzEgPSAiamF2YS9pby9GaWxlTm90Rm91bmRFeGNlcHRpb24i\nJHN0cmluZzIgPSAiTExvbHA7Ig==\nJHN0cmluZzMgPSAiY2poZ3Jlc2hobnVmICI=\nJHN0cmluZzQgPSAiU3RhY2tNYXBUYWJsZSI=\nJHN0cmluZzUgPSAib25md3dhIg==\nJHN0cmluZzYgPSAiKEMpTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOyI=\nJHN0cmluZzcgPSAicmVwbGFjZSI=\nJHN0cmluZzggPSAiTEVzaWEkZmZmZ3NzOyI=\nJHN0cmluZzkgPSAiPGNsaW5pdD4i\nJHN0cmluZzEwID0gIigpTGphdmEvaW8vSW5wdXRTdHJlYW07Ig==\nJHN0cmluZzExID0gIm9wZW5Db25uZWN0aW9uIg==\nJHN0cmluZzEyID0gIiBnamhncmVzaGhuaWpoZ3Jlc2hocnRTamhncmVzaGhvdC5zamhncmVzaGhpaGpoZ3Jlc2hodDspIg==\nJHN0cmluZzEzID0gIk9pLmNsYXNzIg==\nJHN0cmluZzE0ID0gIiByamhncmVzaGhvcmpoZ3Jlc2hocmUgcmFqaGdyZXNoaHYi\nJHN0cmluZzE1ID0gImphdmEvbGFuZy9TdHJpbmci\nJHN0cmluZzE2ID0gImphdmEvbmV0L1VSTCI=\nJHN0cmluZzE3ID0gIkNyZWF0ZWQtQnk6IDEuNy4wLWIxNDcgKE9yYWNsZSBDb3Jwb3JhdGlvbiki\n', '17 of them', ' Sakura Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(859, 'zeroaccess_css', 'JHN0cmluZzAgPSAiY2xvc2UtbWFpbHtyaWdodDoxMzBweCAi\nJHN0cmluZzEgPSAiY2NjO2JveC1zaGFkb3c6MCAwIDVweCAxcHggIg==\nJHN0cmluZzIgPSAiNzU3NTc1O2JvcmRlci1ib3R0b206MXB4IHNvbGlkICI=\nJHN0cmluZzMgPSAiNzc3O2hlaWdodDoxLjhlbTtsaW5lLWhlaWdodDoxLjllbTtkaXNwbGF5OmJsb2NrO2Zsb2F0OmxlZnQ7cGFkZGluZzoxcHggMTVweDttYXJnaW46MDt0ZXh0LXNoYWRvdzotMSI=\nJHN0cmluZzQgPSAiQzRDNEM0O30i\nJHN0cmluZzUgPSAiOTk5Oy13ZWJraXQtYm94LXNoYWRvdzowIDAgM3B4ICI=\nJHN0cmluZzYgPSAiaGVhZGVyIGRpdi5zZXJ2aWNlLWxpbmtzIHVse2Rpc3BsYXk6aW5saW5lO21hcmdpbjoxMHB4IDAgMDt9Ig==\nJHN0cmluZzcgPSAidCBkaXYgaDIudGl0bGV7cGFkZGluZzowO21hcmdpbjowO30uYm94NS1jb25kaXRpb24tbmV3cyBoMi5wYW5lLXRpdGxle2Rpc3BsYXk6YmxvY2s7bWFyZ2luOjAgMCA5cHg7cCI=\nJHN0cmluZzggPSAiZm9vdGVyIGRpdi5jb21wLWluZm8gcHtjb2xvcjoi\nJHN0cmluZzkgPSAicGNtaS1saXN0aW5nLWNlbnRlciAuZnVsbC1wYWdlLWxpc3Rpbmd7d2lkdGg6NDkwcHg7fSI=\nJHN0cmluZzEwID0gInBjbWktY29udGVudC10b3AgLnBob3RvIGltZywi\nJHN0cmluZzExID0gIjMzMzt9ZGl2LnRmdy1oZWFkZXIgYSB2YXJ7ZGlzcGxheTppbmxpbmUtYmxvY2s7bWFyZ2luOjA7bGluZS1oZWlnaHQ6MjBweDtoZWlnaHQ6MjBweDt3aWR0aDoxMjBweDtiYWMi\nJHN0cmluZzEyID0gImF5Om5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7b3V0bGluZTpub25lO3BhZGRpbmc6NHB4O3RleHQtYWxpZ246Y2VudGVyO2ZvbnQtc2l6ZTo5cHg7Y29sb3I6Ig==\nJHN0cmluZzEzID0gIjMzMzt9Ym9keS5wYWdlLXZpZGVvcGxheWVyIGRpdiI=\nJHN0cmluZzE0ID0gIjM3MzczNztwb3NpdGlvbjpyZWxhdGl2ZTt9Ym9keS5ub2RlLXR5cGUtdmlkZW8gZGl2Ig==\nJHN0cmluZzE1ID0gInBjbWktY29udGVudC1zaWRlYmFyYSwucGFnZS1lcnJvci1wYWdlICI=\nJHN0cmluZzE2ID0gImZmZjt0ZXh0LWRlY29yYXRpb246bm9uZTt9Ig==\nJHN0cmluZzE3ID0gInF0YWJzLWxpc3QgbGkgYSwi\nJHN0cmluZzE4ID0gImNkbjIuZGFpbHlyeC5jb20i\n', '18 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(860, 'zeroaccess_css2', 'JHN0cmluZzAgPSAiZXIgZGl2LnBhbmVsLWhpZGV7ZGlzcGxheTpibG9jaztwb3NpdGlvbjphYnNvbHV0ZTt6LWluZGV4OjIwMDttYXJnaW4tdG9wOi0xLjVlbTt9ZGl2LnBhbmVsLXBhbmUgZGl2LiI=\nJHN0cmluZzEgPSAidmUuZ2lmKSByaWdodCBjZW50ZXIgbm8tcmVwZWF0O31kaXYuY3Rvb2xzLWFqYXhpbmd7ZmxvYXQ6bGVmdDt3aWR0aDoxOHB4O2JhY2tncm91bmQ6dXJsKGh0dHA6Ly9jZG4zLiI=\nJHN0cmluZzIgPSAiY2RuMi5kYWlseXJ4LmNvbSI=\nJHN0cmluZzMgPSAiZWZlZmVmO21hcmdpbjo1cHggMCA1cHggMDt9Ig==\nJHN0cmluZzQgPSAibm9kZXttYXJnaW46MDtwYWRkaW5nOjA7fWRpdi5wYW5lbC1wYW5lIGRpdi5mZWVkIGF7ZmxvYXQ6cmlnaHQ7fSI=\nJHN0cmluZzUgPSAiOjAgNXB4IDAgMDtmbG9hdDpsZWZ0O31kaXYudHdlZXRzLXB1bGxlZC1saXN0aW5nIGRpdi50d2VldC1hdXRob3JwaG90byBpbWd7bWF4LWhlaWdodDo0MHB4O21heC13aWR0aCI=\nJHN0cmluZzYgPSAiaSBhe2NvbG9yOiI=\nJHN0cmluZzcgPSAiOmJvbGQ7fWRpdi50d2VldHMtcHVsbGVkLWxpc3RpbmcgLnR3ZWV0LXRpbWUgYXtjb2xvcjpzaWx2ZXI7fWRpdi50d2VldHMtcHVsbGVkLWxpc3RpbmcgIGRpdi50d2VldC1kaSI=\nJHN0cmluZzggPSAiZGl2LnBhbmVsLXBhbmUgZGl2LmFkbWluLWxpbmtze2ZvbnQtc2l6ZTp4eC1zbWFsbDttYXJnaW4tcmlnaHQ6MWVtO31kaXYucGFuZWwtcGFuZSBkaXYuYWRtaW4tbGlua3MgbCI=\nJHN0cmluZzkgPSAiZGl2LnR3ZWV0cy1wdWxsZWQtbGlzdGluZyB1bHtsaXN0LXN0eWxlOm5vbmU7fWRpdi50d2VldHMtcHVsbGVkLWxpc3RpbmcgZGl2LnR3ZWV0LWF1dGhvcnBob3Rve21hcmdpbiI=\nJHN0cmluZzEwID0gIkZGRkZERCBub25lIHJlcGVhdCBzY3JvbGwgMCAwO2JvcmRlcjoxcHggc29saWQgIg==\nJHN0cmluZzExID0gInZpZGVye2NsZWFyOmxlZnQ7Ym9yZGVyLWJvdHRvbToxcHggc29saWQgIg==\n', '11 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(861, 'zeroaccess_htm', 'JHN0cmluZzAgPSAic2NyZWVuLmhlaWdodDoi\nJHN0cmluZzEgPSAiPC9zY3JpcHQ+PC9oZWFkPjxib2R5IG9ubG9hZCI=\nJHN0cmluZzIgPSAiRngwWkFRUktYVVZnYmgwcU5EUkpWeFl3R2c0dEdoOGFIUW9BVlFRU055bzBORWxYRmpBYURpME5GUVlFU2wxRkJCTm5URm9TUGlCbUFEd25QVFF4UFNkS1dVVUVFMlVjR1IweiI=\nJHN0cmluZzMgPSAiMCk7LTEwPGIi\nJHN0cmluZzQgPSAiZnVuY3Rpb24gZmwoKXt2YXIgYSI=\nJHN0cmluZzUgPSAiMCk7ZWxzZSBpZihuYXZpZ2F0b3IubWltZVR5cGVzIg==\nJHN0cmluZzYgPSAiKTtiLmhyZWYi\nJHN0cmluZzcgPSAiL3ByZXN1bHRzLmpzcCI=\nJHN0cmluZzggPSAiMTI4LjE2NC4xMDcuMjIxIg==\nJHN0cmluZzkgPSAiKVswXS5jbGllbnRXaWR0aCI=\nJHN0cmluZzEwID0gInByZXN1bHRzLmpzcCI=\nJHN0cmluZzExID0gIjplc2NhcGUoYyksZSI=\nJHN0cmluZzEyID0gIm5hdmlnYXRvci5wbHVnaW5zLmxlbmd0aCluYXZpZ2F0b3IucGx1Z2luc1si\nJHN0cmluZzEzID0gIndpbmRvdztkIg==\nJHN0cmluZzE0ID0gImdyKCksaiI=\nJHN0cmluZzE1ID0gIlZJRVdQT1JUIg==\nJHN0cmluZzE2ID0gIkZRVjJEMFpBSDFWR0R4Z1pWZzlDT3dZQ0F3a2NUekFjQnhzY0JGb0tBQU1IVUZWdVdGNUVWVllWZFZ0VVIxOGJBMVFkQVU4SFFqZ2VVRlllQUVaNFNCRWNFazFGVHhzZFVsVkEi\n', '16 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(862, 'zeroaccess_js', 'JHN0cmluZzAgPSAiU3F1YXJlIGFkIHRhZyAgKHRpbGUi\nJHN0cmluZzEgPSAiICBhZFJhbmROdW0gIg==\nJHN0cmluZzIgPSAiIGNlbGxzcGFjaW5nIg==\nJHN0cmluZzMgPSAiXFxuLy8tLT5cXG48L3NjcmlwdD4i\nJHN0cmluZzQgPSAiZm9ybWF0Ig==\nJHN0cmluZzUgPSAiLy8tLT4nICI=\nJHN0cmluZzYgPSAiMjI4Nzk3NDQ0NiI=\nJHN0cmluZzcgPSAiTm9TY3JCZWcgIg==\nJHN0cmluZzggPSAiLS0gc3RhcnQgYWRibGFkZSAtLT4nICI=\nJHN0cmluZzkgPSAiMzQyNzA1NDU1NiI=\nJHN0cmluZzEwID0gIiAgICAgICAgd2hpbGUgKGkgPiI=\nJHN0cmluZzExID0gInJldHVybiAnPHRhYmxlIHdpZHRoIg==\nJHN0cmluZzEyID0gIjwvc2NyJyAi\nJHN0cmluZzEzID0gIiBzLnN1YnN0cmluZygwLCBpIg==\nJHN0cmluZzE0ID0gIiAvPjwvYT48L25vc2NyaXB0PicgIg==\nJHN0cmluZzE1ID0gIiAgICBlbHNlIHsgaXNFbWFpbCAi\nJHN0cmluZzE2ID0gIikuc3VibWl0KCk7Ig==\nJHN0cmluZzE3ID0gIiBib3JkZXIi\nJHN0cmluZzE4ID0gInB1Yi04MzAxMDExMzIxMzk1OTgyIg==\n', '18 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(863, 'zeroaccess_js2', 'JHN0cmluZzAgPSAiQXBpQ2xpZW50Q29uZmlnIg==\nJHN0cmluZzEgPSAiZnVuY3Rpb24vLnRlc3QocGEudG9TdHJpbmcoKSki\nJHN0cmluZzIgPSAiYmFja2dyb3VuZC1pbWFnZTp1cmwoaHR0cDpcXC9cXC9zdGF0aWMuYWsuZmJjZG4ubmV0XFwvcnNyYy5waHBcXC92MlxcL3k2XFwveFxcL3M4MTZlV0MtMnNsLmdpZil9Ig==\nJHN0cmluZzMgPSAiTXVzaWMuaW5pdCI=\nJHN0cmluZzQgPSAiJyxoZWFkZXI6J2Jvb2wnLHJlY29tbWVuZGF0aW9uczonYm9vbCcsc2l0ZTonaG9zdG5hbWUnfSxjcmVhdGVfZXZlbnRfYnV0dG9uOnt9LGRlZ3JlZXM6e2hyZWY6J3VybCd9LCI=\nJHN0cmluZzUgPSAiY2NhNjQ3NzI3MmZjNWNiODA1Zjg1YTg0ZjIwZmNhMWQi\nJHN0cmluZzYgPSAiZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZm9ybScpO2MuYWN0aW9uIg==\nJHN0cmluZzcgPSAiamF2YXNjcmlwdDpmYWxzZSI=\nJHN0cmluZzggPSAicy5vbk1lc3NhZ2Upe2ouZXJyb3IoJ0FuIGluc3RhbmNlIHdpdGhvdXQgd2hlblJlYWR5IG9yIG9uTWVzc2FnZSBtYWtlcyBubyBzZW5zZScpO3Rocm93IG5ldyBFcnJvcignQSI=\nJHN0cmluZzkgPSAiTmFOO31lbHNlIGgi\nJHN0cmluZzEwID0gInNwcmludGYi\nJHN0cmluZzExID0gIndpbmRvdyxqIg==\nJHN0cmluZzEyID0gIm8uZ2V0VXNlcklEKCksZGEi\nJHN0cmluZzEzID0gIkZCLlJ1bnRpbWUuZ2V0TG9naW5TdGF0dXMoKTtpZihiIg==\nJHN0cmluZzE0ID0gIiknKTtrLnRvU3RyaW5nIg==\nJHN0cmluZzE1ID0gInJvdmlkZSgnWEZCTUwuU2VuZCcse0RpbWVuc2lvbnM6e3dpZHRoOjgwLGhlaWdodDoyNX19KTsi\nJHN0cmluZzE2ID0gIntsb2c6aX07ZS5leHBvcnRzIg==\nJHN0cmluZzE3ID0gImE7RkIuYXBpKCcvZnFsJywnR0VUJyxmLGZ1bmN0aW9uKGcpe2lmKGcuZXJyb3Ipe0VTNShFUzUoJ09iamVjdCcsJ2tleXMnLGZhbHNlLGIpLCdmb3JFYWNoJyx0cnVlLGZ1bmMi\nJHN0cmluZzE4ID0gInRydWU7fX12YXIgaWEi\n', '18 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(864, 'zeroaccess_js3', 'JHN0cmluZzAgPSAiZG9jdW1lbnQuY3JlYXRlRG9jdW1lbnRGcmFnbWVudCgpO2ltZy5zcmMi\nJHN0cmluZzEgPSAidHlwZU9mKGV2ZW50cyki\nJHN0cmluZzIgPSAidmFyIGkseCx5LEFSUmNvb2tpZXMi\nJHN0cmluZzMgPSAiY2FsbGJhY2tzLmxlbmd0aDtqPGw7aiI=\nJHN0cmluZzQgPSAiZW5jb2RlVVJJQ29tcG9uZW50KHZhbHVlKTtpZihvcHRpb25zLmRvbWFpbil2YWx1ZSI=\nJHN0cmluZzUgPSAiZXZlbnQsSEcuY29tcG9uZW50cy5nZXQoJ3dpbmRvd0V2ZW50Xyci\nJHN0cmluZzYgPSAiJ3JlYWQnaW4gQ29va2llKXtyZXR1cm4gQ29va2llLnJlYWQoY19uYW1lKTt9Ig==\nJHN0cmluZzcgPSAiaXRlbTt9LGdldDpmdW5jdGlvbihuYW1lLGRlZil7cmV0dXJuIEhHLmNvbXBvbmVudHMuZXhpc3RzKG5hbWUpIg==\nJHN0cmluZzggPSAiKXt3aW5kb3cuYWRkRXZlbnQod2luZG93RXZlbnRzW2ldLGZ1bmN0aW9uKCl7dmFyIGNhbGxiYWNrcyI=\nJHN0cmluZzkgPSAicmV1bmxvYWQ6ZnVuY3Rpb24oY2FsbGJhY2spe0hHLmV2ZW50cy5hZGQoJ2JlZm9yZXVubG9hZCcsY2FsbGJhY2spO30sYWRkOmZ1bmN0aW9uKGV2ZW50LGNhbGxiYWNrKXtIRyI=\nJHN0cmluZzEwID0gIm5hbWUpe2lmKEhHLmNvbXBvbmVudHMuZXhpc3RzKG5hbWUpKXtkZWxldGUgSEcuY29tcG9uZW50TGlzdFtuYW1lXTt9fX0sdXRpbDp7dXVpZDpmdW5jdGlvbigpe3JldHVybici\nJHN0cmluZzExID0gIndpbmRvdy5IRyI=\nJHN0cmluZzEyID0gIngucmVwbGFjZSgvIg==\nJHN0cmluZzEzID0gImVuY29kZVVSSUNvbXBvbmVudCh0aGlzLmF0dHJba2V5XSkpO30i\nJHN0cmluZzE0ID0gIm9wdGlvbnMuZG9tYWluO2lmKG9wdGlvbnMucGF0aCl2YWx1ZSI=\nJHN0cmluZzE1ID0gInRoaXMucGFnZV9zaWQ7dGhpcy5hdHRyLnVzZXJfc2lkIg==\n', '15 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(865, 'zeroaccess_js4', 'JHN0cmluZzAgPSAiKS5qb2luKCI=\nJHN0cmluZzEgPSAiSlNPTi5zdHJpbmdpZnk6ZnVuY3Rpb24obyl7aWYobyI=\nJHN0cmluZzIgPSAiKXt0cnl7dmFyIGEi\nJHN0cmluZzMgPSAiKTtyZXR1cm4gJC5qcW90ZWNhY2hlW2ldIg==\nJHN0cmluZzQgPSAiby5nZXRVVENGdWxsWWVhcigpLGhvdXJzIg==\nJHN0cmluZzUgPSAic2Vjb25kcyI=\nJHN0cmluZzYgPSAiJyknKTt9OyQuc2VjdXJlRXZhbEpTT04i\nJHN0cmluZzcgPSAiaXNGaW5pdGUobik7fSxzZWNvbmRzVG9UaW1lOmZ1bmN0aW9uKHNlY19udW1iKXtzZWNfbnVtYiI=\nJHN0cmluZzggPSAiJyknKTt9ZWxzZXt0aHJvdyBuZXcgU3ludGF4RXJyb3IoJ0Vycm9yIHBhcnNpbmcgSlNPTiwgc291cmNlIGlzIG5vdCB2YWxpZC4nKTt9fTskLnF1b3RlU3RyaW5nIg==\nJHN0cmluZzkgPSAib1tuYW1lXTt2YXIgcmV0Ig==\nJHN0cmluZzEwID0gImFbbV0uc3Vic3RyKDIpIg==\nJHN0cmluZzExID0gIik7aWYoZCl7cmV0dXJuIHRydWU7fX19Y2F0Y2goZSl7cmV0dXJuIGZhbHNlO319Ig==\nJHN0cmluZzEyID0gImEubGVuZ3RoO208azttIg==\nJHN0cmluZzEzID0gImlmKHBhcmVudENsYXNzZXMubGVuZ3RoIg==\nJHN0cmluZzE0ID0gIm8uZ2V0VVRDSG91cnMoKSxtaW51dGVzIg==\nJHN0cmluZzE1ID0gIiQuanFvdGUoZSxkLHQpLCQkIg==\nJHN0cmluZzE2ID0gInEudGVzdCh4KSl7ZSI=\nJHN0cmluZzE3ID0gInt9O0hHV2lkZ2V0LmNyZWF0b3Ii\n', '17 of them', ' ZeroAccess Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(866, 'zerox88_js2', 'JHN0cmluZzAgPSAiZnVuY3Rpb24gZ1NIKCkgeyI=\nJHN0cmluZzEgPSAiMjAwIEhFSUdIVCI=\nJHN0cmluZzIgPSAiJ3NoLmpzJz48XFwvU0NSSVBUPiI=\nJHN0cmluZzMgPSAiIDIgLSAyNjsi\nJHN0cmluZzQgPSAiPElGUkFNRSBJRCI=\nJHN0cmluZzUgPSAiLDEwMCk7Ig==\nJHN0cmluZzYgPSAiMjAwPjwvSUZSQU1FPiI=\nJHN0cmluZzcgPSAic2V0VGltZW91dCgi\nJHN0cmluZzggPSAiJ2Fib3V0OmJsYW5rJyBXSURUSCI=\nJHN0cmluZzkgPSAibWYuZG9jdW1lbnQud3JpdGUoIg==\nJHN0cmluZzEwID0gImRvY3VtZW50LndyaXRlKCI=\nJHN0cmluZzExID0gIkthc3BlciAi\n', '11 of them', ' 0x88 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(867, 'zerox88_js3', 'JHN0cmluZzAgPSAiIG5ldyBBY3RpdmVYT2JqZWN0KHN6SFRUUCk7ICI=\nJHN0cmluZzEgPSAiIENzYTI7Ig==\nJHN0cmluZzIgPSAidmFyIEFETyAi\nJHN0cmluZzMgPSAiIG5ldyBBY3RpdmVYT2JqZWN0KHN6T3g4OCk7Ig==\nJHN0cmluZzQgPSAiIHVuZXNjYXBlKCI=\nJHN0cmluZzUgPSAiL3Rlc3QuZXhlIg==\nJHN0cmluZzYgPSAiIHN6RXRZaWo7Ig==\nJHN0cmluZzcgPSAidmFyIEhUVFAgIg==\nJHN0cmluZzggPSAiJTQxJTQ0JTRGJTQ0JTQyJTJFIg==\nJHN0cmluZzkgPSAiJTREJTY1JTY0JTY5JTYxIg==\nJHN0cmluZzEwID0gInZhciBzelNSanEi\nJHN0cmluZzExID0gIiU0MyUzQSU1QyU1QyU1MCU3MiU2RiU2NyU3MiU2MSU2RCI=\nJHN0cmluZzEyID0gInZhciBNRVRIT0QgIg==\nJHN0cmluZzEzID0gIkFETy5Nb2RlICI=\nJHN0cmluZzE0ID0gIiU2MSU3OSU2NSU3MiI=\nJHN0cmluZzE1ID0gIiUyRSU1OCU0RCU0QyU0OCU1NCU1NCU1MCI=\nJHN0cmluZzE2ID0gIiA3IC0gNjsgSFRUUC5PcGVuKE1FVEhPRCwgc3pVUkwsIGktMyk7ICI=\n', '16 of them', ' 0x88 Exploit Kit Detection', ' Josh Berry', '', '', '');
INSERT INTO `wp_ah_rules` (`id`, `name`, `strings`, `cond`, `descri`, `autor`, `url`, `obs`, `flag`) VALUES(868, 'zeus_js', 'JHN0cmluZzAgPSAidmFyIGpzbUxhc3RNZW51ICI=\nJHN0cmluZzEgPSAicG9zaXRpb246YWJzb2x1dGU7IHotaW5kZXg6OTknICI=\nJHN0cmluZzIgPSAiIC0xKWpzbVNldERpc3BsYXlTdHlsZSgncG9wdXBtZW51JyAi\nJHN0cmluZzMgPSAiICc8dHI+PHRkPjxhIGhyZWYi\nJHN0cmluZzQgPSAiICBqc21MYXN0TWVudSAi\nJHN0cmluZzUgPSAiICB2YXIgaWRzICI=\nJHN0cmluZzYgPSAidGhpcy50YXJnZXQi\nJHN0cmluZzcgPSAiIGpzbVByZXZNZW51LCAnbm9uZScpOyI=\nJHN0cmluZzggPSAiICBpZihqc21QcmV2TWVudSAi\nJHN0cmluZzkgPSAiKWlmKE1lbnVEYXRhW2ldKSI=\nJHN0cmluZzEwID0gIiAnPGRpdiBzdHlsZSI=\nJHN0cmluZzExID0gInBvcHVwbWVudSI=\nJHN0cmluZzEyID0gIiAganNtU2V0RGlzcGxheVN0eWxlKCdwb3B1cG1lbnUnICI=\nJHN0cmluZzEzID0gImZ1bmN0aW9uIGpzbUhpZGVMYXN0TWVudSgpIg==\nJHN0cmluZzE0ID0gIiBNZW51RGF0YS5sZW5ndGg7IGki\n', '14 of them', ' Zeus Exploit Kit Detection', ' Josh Berry', '', '', '');