"pattern":"[file:content_ref.payload_bin = 'UEsDBBQACQAIACtoGUukqykhYgcAAHwUAAAgABwANjY2MWQ2ZjJlMGYzMjVhNTc5ZTJkY2FlMzdiMzU0YjJVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAv2TaI3Bevq8FOcam9IZkV1/dBZotfZAgM0JsimAo9igMGqy/VscIxQ9lColrupsJ3NP2/nmPFY3rfd73YSDSoZTVuPbCFzvByob1hobTUKS8H2HybuxMPf3AucVW5uGw1donuVPTSGIyypMH5GmhKlF98bbuIorUZi8KCCUcWWSvpoJTBsRAvEZeYEHmXtHYaucU19NJrCkoM6F1idQZlfmx1IH+h69Cp+tN58RGnkPPtJuAq/9IfRZBuUPYuLF5lR71PqfWzzWrcmt6/RAK3tnrDQWtnXZ+DtjFYJ7+8G9AL2QrPQ7uPN9iMJJLzX0McgP0nUGC63BuDh6bPR5ffrIpJri7Hk/rBbRVI9bS8s3SCSgmXzXJ5YueJvwdzq7HpdMJQcXbj+i58xOg/ij4qfJPwknHz7cxz8vvu1F96sYToC++WOzFylYmNvzHDMj2rqGiQshI/WqJhCeUncUyDtkhRu1OllavwVBXzo33Ks49I7Oh+WxCKoSJuPY+DlJT+uJH01xr84oxuCnKrLiRIQtEiahwpbW9g6ro8oGE1DdW6MLinaV8S3fUU64POTsiNAJ5uGH08Q3hCDUcVSqDaY+hQW+iOIUgm+UdWLjYJMsp5kQNJKwU7XvkVcNCJi5zpGem3voongfsHHwRHVSNyDhfdlEcvNBlzcnWSibpBRVzJPQ4vW4QtVflWIgxDZxwG/WWFaRycCfQMTxlAuyZarmagufVFl4INDw1xWOjGxTA1Ql2iI3Ip7Rkk/vJ4XoBwx/et0zmHFxGiCCkB2PUIissb8I0HwoapZC65SBA8rr+g3IgbjVWiLa4jU7sNWfQqpIeNH5A3SrW7RMEtkgCixQevZzxYJJRJChtK0F/pCPg/yd3J3Spsr7TQ+zo79a3fE9eyzV6jPszRSthLD4zdiDVCuVVPN12+pbcQcu+OhJsXwgdPCUSSdzV99EWSZA3chgv8+dVbutBSRoh5WkbMvE2hAHL4dksgO0sx5cVNQn3CHdNhxdBt31Y5yS7PUDavheDY6RwarSBlGVMIMUKlA/AZkwwzxserDNPcLW2kGtgVQgD8Gk7UgKb5GFvqqJv4sLTc5mbLINLwWQEiBxIRGc/SWw0MXs8lvDMlhdXSRxLoQ0qj0UpquHCVXOjaHDbioC2JphhWUkpg7PCPHsxmGZ0ET+Xb6lk8YuoE4axwrz/xcq6CzdRx0plHCbswxFSbiRTUi0fepdiyn52C8YzhXRAdVN4ZYNV5xzR503i/MPlQBq6HjHmq4QH5rcJorCyxkpiOf/rOv7jqhcQqimUxEEIdFfB4vbOSIUjwopdruKGoI1pucEvqoc7xAjWtMK0jL1lN2VVmja7M0WDdMMxusn504db/PQVMAm+hqliAg2eAnGUHXNk0UZq51o2UAJ/sdOjAARD9UE1IaNqg5yK6jp9vNlkSdoApLb/kIW6IaDDwZgPOd2HwCo5xRmWSjBJif3GP7FsAVPRgXtGfnW5r7AQNZJB48FzX/s1fxREvBUvszqSlaE9NFPJh8UQ8f30K7qLZeKKaKYV8FZxLj7lGxepuBjmKLADZQMthq517sMxF0Jw0G+o9fHBE7El8ePAjq0QmCwAoBHTKPt2t2SSdGAZAGEEZyArruS4xYDVqyrsjQ5MyWdj2Bm/mHI9jQkmYU1+yfiQAF+WBCVAQ2vZnKNkeiHYO0luLf3uD/lvTFlnTvD0374TbfCa436J6i2lwPGkuhuB5G2Dzzdf9um6HK/+dCk4ZUWj20J+R6HJ9dbcp95zhimiTPMeCZztQxY7ryQNbHzBqwvfGwE/eqxIk2HD9Q7KHQNPwUOt8zeUFqzu+P+pd4jWuBIo6nEtZ32pjM4B4OHR+btXM4d869GwiSckCfz17c+srnCjXIjULuoiuvItqIr15awDkufy0i9fSphutvF6JNB1mTUQ/qMkJx3RyJNYW6EbPpOE1kp/+6up/OpDiv64LMfpxMTlUm4o8A31uiVDJbgQeXkXBH+Y9qlnpJE3qPSE0CjG2RLparox6Itr/rGGBUIxowg8aeEBNautl0LTu2sai2dvZIwnuDo5TxyCsmIi9E1x8G/xml/qW5d/WtYA1ge+6B71zL2jahkwocmGbr3GjrYdUTp7KVDQfEQNsQpZI416EqtV4DBhOnzYAYHA7M1YloZlbn39kJTaOudJTIydcamPS63CpskKwH6vkQ6pezQit6A0BdXNyO1yXY7nRiJ295gVuMgQ8dTI6fynCKcfgCnvrlUMANkyFfrYaShEioEk4RweinDdvTbU6y3AO1/u4qzMHri4FWJiTvWPg8umtY8iSnnKNULQmIdYAotTXI+7hfD6gIrO+PwZWNZ+3gd7cdr7KivQxiel8eJoDsQ1zqp1qz6UKR/rigtzBoZF2X8hMj1Y8BxdXzFFqBl7g82FsYErRokNv578ArB2XlwTWu/7nXdqZ1cIFH7jUJLMjzTqY/bawiXoppGeQzpTmOTxGJDhobFvpcurZPpXJ49VRrGPwEnrdoYKUEsHCKSrKSFiBwAAfBQAAFBLAwQKAAkAAAAraBlLKD58gSQAAAAYAAAALQAcADY2NjFkNmYyZTBmMzI1YTU3OWUyZGNhZTM3YjM1NGIyLmZpbGVuYW1lLnR4dFVUCQADoh+gWaIfoFl1eAsAAQQhAAAABCEAAABJvD9gkhFCsP9+7YnH7tEI8JsxU7aAIMAYIxOxELZ9DNzYtvlQSwcIKD58gSQAAAAYAAAAUEsBAh4DFAAJAAgAK2gZS6SrKSFiBwAAfBQAACAAGAAAAAAAAQAAAKSBAAAAADY2NjFkNmYyZTBmMzI1YTU3OWUyZGNhZTM3YjM1NGIyVVQFAAOiH6BZdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAK2gZSyg+fIEkAAAAGAAAAC0AGAAAAAAAAQAAAKSBzAcAADY2NjFkNmYyZTBmMzI1YTU3OWUyZGNhZTM3YjM1NGIyLmZpbGVuYW1lLnR4dFVUBQADoh+gWXV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABnCAAAAAA=' AND file:name = '20170825_ID136934614.vbs' AND file:hashes.MD5 = '6661d6f2e0f325a579e2dcae37b354b2' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern":"[file:content_ref.payload_bin = 'UEsDBBQACQAIACtoGUsTZHHbdQcAAGQVAAAgABwAZDkxZTViNDE1YjY3NWEzODY0NjdhZGM3YzVlZjNkMjZVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAVUOz1CJ78pmFQhmpuRWz7VEujkKRehuaYS6j/+dftDIYK8lo7fi4xdiVs+6gPmEnzATDTInVRlImILU+stECkBgXI4mQqepoxKb4EjTtEh2u49XPlijYq5VhfdiSfYseGplWLtt6K5vIBxY/Px+98musDuxoEdeZUa37ad0siSRVrMGJH7dH0yNux+4EsyJvOZfQzqXdx39yvEezo1LGvJcBfKjwQvFnHW4n+eUa4tIVVqI4OKNzknlxp+b8gnsf4RXLCs00WnKHP+CbRnDTdQVhw80783v/cealXcdAYZ2eP6hNX7y0+1L65HgEstzzBnEbJiBeI5gcHD0SsZdANIFxY9ukT/+Gz/JdwcUxtF/vyBwqvsFEx6KExf7WuaXPEbAx1kwzUWE+RPBBY+gq/SvI24xBwq8lF5de3XK3Inrf0tndkqFKeBOHbulROcK9kDAMPaoYOL1KFVnqcpubNRZuacpafeTj/7FV6HBOGGONscrDx2VKYZCMKtRkd3IUX447PIyxh7PAm6rSsUM4T5PVny7zC5IDuKxLOm5X/+rA5zOZ2Yb7byTN1Ow7ncoy3BvZN3o8ndlUdmL4DQ/Apku+xPyobSbH79DRbp7BQlENye8+Os1TW6Y1scN5kV1tYQcNLWO8B0qv2F26fBS9bQPrW58ti9kXxPM7oiDETy4klnxn0DgNauNk2SCCePiP5az2HioA7P1m7y+PFHUUxpJ1cPEa3o2S3fw/p6sWOpVBnE8SM7KzwV8w1Zh1VKeBxCTwA51MEZ6QifLmJE9ocktiFN9Ubl8pK/er7zmWrLVAXr+YqlOd7Mr52HqJTVQqIOOMu5e+INSRWGO7tz+BD/pgQ6FU1Temqz4djkxNl3XmA4Bbxyz8Ls0h/W1Z5AOHUXeMF8Bf7XpMMNhqfHMbeelKAa1cp3oW2dFHM75GKUeFg60xeVv8nhLc82yG6vE2PnnPsGjjFrQAaJFwFH/Y82qXhQzWXlFtJ+oNLHrIUiGf74HZLudyjVCnh7AECqZ4q+Qp26fMFsHKasKLddwFn5QibRo/h7il262pg8+CAmiQgLxBTcbysqEPawzxKqnggl/mKhGJqIrWY0HvqKQf9H0rcd/iB5+v+opMAV2P1iaWD67CQVg/A5HWqeZspKSIKlGRnUn3K080L4JsvIkOVPAN+JEoTsIoBQW0RVg7YXYTKmFtpJsewn+Sk44nR5reZVAstqdC5EcklvE48n+dxXDAFXjdRqurVB5uWlOmEBjQALKdpoEH06Em9Eu/pdxDqq8FLki90T3PgP6opKCbhxrofgkx40XCZeMZybu6ag2ONn/l9c+BfuCseAyp3r8aGQL2Ozh3nP+NHasQymIqUK86Q47oO0kTFbgfq9jMteyPwnSOeCadCBzYJSQ7cvFNU5NRpqSFknIHfuybVuu9zxFUQH9j6QT7VJ3qnPDLCfAhetsGfiaseRLLN1iRTVDWH86+sVLESk/UkHHzAWVPbexTzY4GNvcAT3rm1+ucYkrANIO9mLaKLkoCP3ys9skoxTfdGkXTPWthpZQgs3M+SrxvWXiU7p4R09EjZusRO0HkicUa5NO9QMoi8JDhTqY+wjruusuOB9568ixIqOXjYlLIc9G2OEc4pvOXRfEWQEVeTyvXo25WtZbnAA/sPNtKcK00a1zL1z9POkmh5U6Z5L4fn7CPOvTpCik6iBj9CwPXTmW2pqS64wW54BXjmhkc2AnimhgMVrBLc3GfPtNIUWCbDR+mUo+NMdLvGz++VLkNfWL4WeGmOL7p+RCL+jtr9gK7MY4HdR/7oZ07N5tzm3HDd7DQ07WTmBOTAUsfzyLSAKM2aqlrz2kufuy6OUsMdmqnBS3F4vQQI4TeoI5YBXwpDjT8DPxKj9yyIiGYMy48PlbZhUG29CRVIHMTkR9vT8xkR7LivOhJHeK9zcBpwUILwusD3MqYtohFjGS/bI7Gy8EmYsiJUiBMs5ZKumLScD9d2Xsf1A7AuWYhJvAIR7p1sBH3IiN9CutjOiF2/WEphFETIJeqNE8YtaHFFaiOGEhMxXQ02UdnYBWkNzZmUw3/eSfidxIZR+zyaHXTOUdKxBqgN9+SmlONl0L6flZIP3zyTbaroDjVkzqd9PjDKE1IkgsXXggzOZwXemLQV6tOAYz0ICWJukVBzPwNVeYp17GsUd4w3Kph/c38jX4InAYUlY+ND28XfkTOEJ9/WyYLN9fpnrCENXWN8yEnekwu8DbD/P1+fxgJfJUDBWR23/qxUOQQOzkgo7fEHaYxJOUt7R/dPluvGjNJGit+JJbS1r6jqxWhplcTXxzKiQo4uELGfkkds0MDv9ERdR/Aj5iQGaP7pnkW9EyXYSUknOk+40LCISETzrQlTQ2zUSbUHkURD/ZgE/QyvseWhb0tklARDWSBW7xY2A0sOgMPwWRwRVNv1YW5/tpWfg/grojPUef/dexX9hvZuGRBMCAEq8jEbiBNR9pGV0OMlTu6O6BgQd2Drg9ZK8SM1I5NVjlY2mI/vlNS+4P/oQ8/LcxmZKiRmDOCDVBLBwgTZHHbdQcAAGQVAABQSwMECgAJAAAAK2gZSwYoJIQkAAAAGAAAAC0AHABkOTFlNWI0MTViNjc1YTM4NjQ2N2FkYzdjNWVmM2QyNi5maWxlbmFtZS50eHRVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAuGdVLdwqc+gUnc1uCS5prGdSMYrovp2aXxQwGp4BUOHoJ28UUEsHCAYoJIQkAAAAGAAAAFBLAQIeAxQACQAIACtoGUsTZHHbdQcAAGQVAAAgABgAAAAAAAEAAACkgQAAAABkOTFlNWI0MTViNjc1YTM4NjQ2N2FkYzdjNWVmM2QyNlVUBQADoh+gWXV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACtoGUsGKCSEJAAAABgAAAAtABgAAAAAAAEAAACkgd8HAABkOTFlNWI0MTViNjc1YTM4NjQ2N2FkYzdjNWVmM2QyNi5maWxlbmFtZS50eHRVVAUAA6IfoFl1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAeggAAAAA' AND file:name = '20170825_ID769270889.vbs' AND file:hashes.MD5 = 'd91e5b415b675a386467adc7c5ef3d26' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern":"[file:content_ref.payload_bin = 'UEsDBBQACQAIACtoGUscB9AFawcAAE0VAAAgABwAYTE5OWViMjcyNDMwNDQ3NGUzN2RjYzJkOTM3Y2NkYzBVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAOp6+OjZQpK6FMjWiRXz0Vxp8d3phKsdZLMPXY1+JXJK2XK28cjnjZekwR9xHHEK4B9bPf43ulvDhP2K8JJgdsnh4dr5cufem1NESGHhLIVW/esqt0tNxyISXn/izEaNqMr2oLrBhsDptSX+C05efO+FT37tRiqRJkt7W3Uf/w1Qd2lj43FoZCduJgJFv3mBoqktkuHf51LGufY7TeUsiG98ljbOC02ykDNOIpnfCfxmE+6oag4b9VASFpkmPRAa+xtc0S0/oxLEpuEtj1wi5AqaTcEJS30FcPxO4ljEgKozXZWv89d1sO+xkvnd7c+XKOi65BOxbG9s9s0xSJLitH0tPBzRFs/7HLmnauIGCxrI9qkmb/UWWQ4R/iLwHnmQg5CKf5Vu/wH1DI0Hmi1rX2A7U9NE4BMid8+bb3IRvkHtux2kKrQj5dDuMbcsU92f6DROEKiJjfj9rcWdOqLRKfVvSeuKVbbqqqtgo6gAj3iCr0foRbnzpQJSoUfXTdmii3E8x2j3BdRXL/c12zdh6Zmxm7njzhsaekfGMrSU8p6A6+M9030Cnj5wXExskeWbuLkU7q1388B+nC1qwxp/3zeNuEJCN6LQPTmu14YRR18hHz1A+qCi9ZaM2iT6njo0DLIrfcjmCEfFrH0hUDRBRCkp2Cm2SjaBXtj59wJJbKeY7/zZkd7+ZVXuOwqG5FhZBJX9o+eHVdSA9fR8hOERQ+3xw/qf7VQutkTD/YggOkIeeHMVz6MJQpfyk5uOlr8unbdABxs337vis18p61FTCd7pXT3RaH5YJEqpzH/Zie2SA++ZLbD8/8cUF006xhUC7W/pDoUETw2LedAJw1s0xH5cb176ck6y1cMILHjY7s0AqUhrkYbFcji+Fnt+7nT6hM8Vziyz2jheHdnUKaKjrvT8ITm/NEOKs2oNbfqbbuZvbC67FLSalTuZq8qnSRsgzndhypnZdmX7kKCa0fzOLUwhS04fL5t7LvLyTyASSNHpqK4IOFqcp5kw+eZVHaJeuhSr9Yx65e2e+X+KyHcK8elA4A+44cX26mbtIpD/AQ+X6BCuIafcYz1QDXrcP8ZwBf6NmUK0xthQBm7X/xF3MzJUHxJtZ4dNnXi9hui4Wz0PBx+ZvY8b0jOUZbf+zQ2VjUtQwXg2tL9dTASAoalseSJbBEIhzBrbrHxjzMYET7GWfh59isYbit+TqRA5O9rP4E9i2dd5tw5ttKVTfa+XZkYy/odFGIJTMLqhGmpA2JvdL3VwKa8qGxD6CPaFwzY75gwecLf8be3mMkKgvdrbKi9wqzgv7PBhAa1Tjtd+U3pNZocaBQwsctqJtRvmfQBlXqiHyYpf/dH88kjfGC4VGlBYD1SExDRfFgcujXUH24sz6ouWTWXMLYw5KKKdR6hcbEosDHN0NvlHo8si5rBgUIXtRyeYuzw+nhPtDRIbaNYJuWZO/T9VHDJd3yVtL5EsGRNBkTCkF8z6hxpXu0VmoTM3HunaD4QpjoXej68e12R4m2bms8ALhzJFHIA3+6Qd2XteQpPq/EEDbvRQp73OSfF3ptRJOO6uI7G19mHk3G0+ho4OxqmTLd+AmkWTxR4nTW/uqjRuXLx/7wefAQ/0yEFDLnaBAJfLWWGTE7UMkfB3g0Hx4Njm15JMyn3ii9Z/+kgu28naLOA4pqc1o44BhhKKMAu0c8W64N3d8R1bMy5c8NZ4dJ8QJvIPQp1lOtZT2vEezXnB8lVc6AZEEFiYB/thKZTn+GkKy7hf3Or9f+Ms2LsPjQsskKuOvnuKGY0Y04DXVcISQCKReMOksV9b3gmSUC9AqUKxpLWdV5jAYZp42LKcJj/BokQwNDDHIN2YgJ8OXP5Zc3PW4rPREly+A4V/ZcTZ3VljlprSEmBe+5ygOCKDmKVzTrOms3GuYiB4Q1klnzvk/RYN6oudcFZ7oDkVYt28WXWa1GEvo1LpWHGZXatcu5WxO2JscsEQJo3JzWJMlHFqVlOYVYAuVYe1RTGo+mCWZ9mRB+ospWBlq47GqYPHBp5LZUzaU5Cda3Onl0orUf4ryGboRb/f7PS7+YtP+t3VZ3I79viobnSq7L+kZXxGT3w6LlVMCpymUk7jvN6IHC/aa5hi5kIa4gZY6LFSK84iWc6+5OpnnP4e1Ra9///4Uc87ux7vPfSAySYLtDB+qTItAcXdDdwa4vMDgxgqxVssQN+dfPIWTvhxUeRBg0InIPABqaanuyND+kM2QI+k73leNtJz/nZGQzjbh1MTdftIZZ602PcopIH3RSVx97IbIUvIUkv53UBLU5VvfRbj/woWkiHziSe2GZIGCA7aXHd9YN/6aE5H/s+WEoK0PVoZHXInl1VUK3wV4zkPjvMKyVW0c8x12eLsvozR7PZQk4u6UEz+f/8mPQ8lM8G/gS9/Vi7xz1U7inBkjJ8FY/uQA4zbYbv25FzRpCucwy1otQBzI9gh72l0CemwyuoET9YtJN145G31/joPjH28iBAf/5f6DRMqbWumyH3a2Wdiqyzi8xg4QnEGBUEsHCBwH0AVrBwAATRUAAFBLAwQKAAkAAAAraBlLExDgBiQAAAAYAAAALQAcAGExOTllYjI3MjQzMDQ0NzRlMzdkY2MyZDkzN2NjZGMwLmZpbGVuYW1lLnR4dFVUCQADoh+gWaIfoFl1eAsAAQQhAAAABCEAAAAR0iOnK/eIyfqeeLzTAgnZ6g2UxU6HWc/+olItEP7NIosFsrNQSwcIExDgBiQAAAAYAAAAUEsBAh4DFAAJAAgAK2gZSxwH0AVrBwAATRUAACAAGAAAAAAAAQAAAKSBAAAAAGExOTllYjI3MjQzMDQ0NzRlMzdkY2MyZDkzN2NjZGMwVVQFAAOiH6BZdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAK2gZSxMQ4AYkAAAAGAAAAC0AGAAAAAAAAQAAAKSB1QcAAGExOTllYjI3MjQzMDQ0NzRlMzdkY2MyZDkzN2NjZGMwLmZpbGVuYW1lLnR4dFVUBQADoh+gWXV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABwCAAAAAA=' AND file:name = '20170825_ID967558221.vbs' AND file:hashes.MD5 = 'a199eb2724304474e37dcc2d937ccdc0' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern":"[file:content_ref.payload_bin = 'UEsDBAoACQAAACtoGUvFMGpzzgcAAMIHAAAgABwAYmFmNDQ4MmVkOWY2ZGVlOGNiZTZmNjkzNjZhYWM0MzRVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAgTjAg1/4RP9adBimnQmFJ6FwGQ5QF4xEvP+2PuKLRt1eX3xsqGXiMbE/yOznqRRHI7wrAOFQEVtKf5lwW8kMhqRbdOS9wMB2a5tqwqbXnHQxLVI7ktZ2S0ksL/ctDYFFC85/ONkBaf0n8KADYoRcDu0RnnEzRhWKAnsiV+75lJvWVfzICukFeP7xoooDTUjnJkVwLeRDmZ7V6r2nMlfZf3+Tt3oZ318OSewQ93GGK6g/kO6STxFkV7ji1WyEARMEVsuy6CZ58g4NcvEXqDtOEv/4TutCUUKcMQknDSkImv/aSAckCx59PA/xgth/SnyvC+QdsZJrgJ27fCnFDSNShENiWZ1mWtdQMJHDrM3+nPaEA1dafKaHGn6E0Yoagub40OTIl9z6GJbEEWLwR4xfwXGxSbP7UOQp7PxqyxW/+Gt1TQ93sBxRoMw6dMuUX/P78aSMv6GaFFCNOGmRwnjAZTKv1UBPMQgZmEPOpLlk5N4gN8s3/oiGOvBxA3i4EMmUAzqazoHjpBEXj9+RQ9z+aKPpJc9WrETdJWE47yLf4aOy93jkIqcI/l88gf3xQ8rJ+XH5HbP/QO4VkZgcPtil8+fJnvEGXGcFdYspHuHSih9vhHrlTmMjxSDtJwqXu36SthWru69i+Bzz4bXUweA/ucFXHdn2ZmSDFp+S6v2m+bvRRiVpAqnoT1yYfu2S3MkRvpA+8ziTfpXWoOtBEsfIw0WlM1jtrg3Ti943yljOWz/XE/uFekmaquF9PSxAhxYKh42HS6KZL5N48i5JQdm0hpOucUphvvqHdlcY91rUPwzd47f+Ik9ub0XEgCNZdSR4XFOfCpRzxkrFL/2JhHkQxAB5/giCIQvGeiSx6hoaOf863cwiQRGF4LMy1C5B89UVBOwGhWjQ28bMLjEAYzAzzbGRnGoR/8V/aVV/axtbGL1A9GFyoOLv5/UOF71c+kLurdfeFGA03qL8FaHexCFcDhR8yNgElHalFGBf1G0maGFJTqPz9slkyfYHPwdv/LamxuGrp2wlk0H1A0MIMK1m+Txz3LJ8AtfbMoryb14nejFWARwF6q5J+6jisPaNnmUOXpI0tChkZiTOLq3f5M5rdLOfdibwp4bTYmZmnePKFX2C/SX0F9fM2bzJQ7Kh/8J4NpHeHPPO3QOrrX4jgcTK0ZfnkvPYb4aWebKHWaKjClVbNsIN8kVN/AVFQH0JFu5LqaVFT5/wOuuw4bz2tLZdhovAr4WUAM2MoDhNNzZubFbDdRzJ7805ww1kGjedZTnuSxocJxJ7VKzH4UcC6+1ynWXzKKwOk6358wN3QfGQgdPQgd4eukhQh457OYCNj+OayRWx+1gXvIdGzYDz+5p+aRJ+tF+iAuCxEUH1mdzB8mhJ0lZhj9b7kQK31n+tlbqrMdFnJB289mQJANvlKTA/sYJP/1eHvwxeezinPN9AsxLkfsWVXhREBlHI978Wd2YnqKegQKHV9G3DwTpNj5oDdiL2Vni15ooOjp4OWvn76s1SR1hQ2X1xHUhiRS/EeruafzzQk3erftbTEkF5wMQ8Gg1p+0EA7FZ5uqiNYY6wB0VRPjb0+RLrl+8qCAWGie0CNLQAFLvwtAnlWzZmYI4Wfi1YlMUppsOwO9XXwXO3YUnGUQzdD68uKpjwqbncxSPG0ux2L2EDvmCejR475CRro4MqIapYA1OkDGFuqkzwLsNyYmVuFm4RI9eHpVJUlbcX6v3x1iZC6MofA3BoIW9Rx6r/UnBL5WikEz6fLeZPgk2JQAQLOMO4EeuoOat3A0UKi6ZHPfNuIbz2pAI9BL08UJ646sfqrUJIPQ21hFCjXt/qMVpSYIPmceHHgKmBdBE1AdQ+oMBlfytR/f3m7psjHeh77sjH2sksdQIrStgabVvTByZEc0fE5bMVVHJQmzZgtVNZQda4G1TQ+dG529mY32jcn/xVGch8OQSkorya07E7qGLqFzfkbGnY3K+4euXGAGk2NKMQ5jeK11+wUl4ZUDkO+MuL5wWyvJopNarYaXYsGkxh1rl97pYkNSXnUgYvuKgqwQtGzuEtbfp1nUa4wE10rzs3xB1fCtByhgBxfBdnz6w8wTUAmqP2ZYT74YLFcwvbs8zLM8Qrlc7TYh8C4YePmuZLhXYhchFOHv6/rAdv5418sUsVAyQBiuyfq0vkxjQ1BbPYsJTDxhNtX02DW/6qvQ3Ay7d1LXkL0a7/sMj+KTvQw4z/A3x5Xt8W1SXO/d9Ovirk6ctAOCqOWZylA0ILn9ymsnsfoE702c1+IMidUBeK4wS7B+9s/PdG9FX1BLFmKI2NhOzm+Sug2VmN5KSw2EPXbhzIlICLudRoNIOTP962SKYl+W/cv57BnvpG4PC+2MMe0TLpasrWQO9JKZRUVPMbyutNsahCXcNt+wIyh8UlZ6/9csnqTN9Vwt9P79EUSpzhxdFXx0Ggt2HW7YJyf2oqOTIHI1Im6CgCeKGEw/niIBQsWFAD4AP5JKYvQxwMkzp1UrkhKFpFC0wu4UCB5Az6bN4n4viHuz6+o6EdzGzyHkZ24Ostyv3K370V9sy3ruRBZfKgAjYvETFUsrGHO2x+PKupy60khnjRl7rwlUFd3X7srt6tuZwePOuOp0T4sbCuH7OMyqPOuSpq13uLubH20VFmedCMkjZgUEsHCMUwanPOBwAAwgcAAFBLAwQKAAkAAAAraBlLL5ixGxcAAAALAAAALQAcAGJhZjQ0ODJlZDlmNmRlZThjYmU2ZjY5MzY2YWFjNDM0LmZpbGVuYW1lLnR4dFVUCQADoh+gWaIfoFl1eAsAAQQhAAAABCEAAADb+Oan5CN3qpVRBUE5vNyf3KZN4a81SVBLBwgvmLEbFwAAAAsAAABQSwECHgMKAAkAAAAraBlLxTBqc84HAADCBwAAIAAYAAAAAAAAAAAApIEAAAAAYmFmNDQ4MmVkOWY2ZGVlOGNiZTZmNjkzNjZhYWM0MzRVVAUAA6IfoFl1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAraBlLL5ixGxcAAAALAAAALQAYAAAAAAABAAAApIE4CAAAYmFmNDQ4MmVkOWY2ZGVlOGNiZTZmNjkzNjZhYWM0MzQuZmlsZW5hbWUudHh0VVQFAAOiH6BZdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAMYIAAAAAA==' AND file:name = 'msg0472.rar' AND file:hashes.MD5 = 'baf4482ed9f6dee8cbe6f69366aac434' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern":"[file:content_ref.payload_bin = 'UEsDBAoACQAAACtoGUtkGAEywgcAALYHAAAgABwANTU2YTZmYzRkNTYwNzIxMGZhN2VmM2NhZjNjZTU5ZDZVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAAeRQtg8R7EpQuenBmWz236BpTRXvzPM/vWGcXigB0v1UMwvSkyU5oAKIiASksmWSEnEe3J9qAuBkgiLmUGWPCvYlOFLGmopHo3RK6v7dLda8mxKIyu+M708sea6d5CBU4wKpjkZx5G440+SN2QVjrhTqWI+npf6zs+/EOKEBK1cou2bf95Sq9DLz7o3AA/7CM7U5tA/IgxhNL8AK2Gn2++iywncfS0HhkFHvQCmzUdGsNeO8zna8DtiYWweOG6YvicRlBv9fAgNs8Ls6jOgDOFfAkIn7qUfWqa+83SBfz7bXAPHf2KebFqZRY1nId+NOWTlpFNIBHBIqxG/8tapnEJZlC6VqCCVspKpPWK3G8yMzkR/NMV9IZWyrouC13+R5XCVCEcN2bTPbhHjFeJbaW5AFElkaHpwjgcdPw7jj30yNS89FLTeht+dWTmueHF21swiIY7AMLa+mNX10w/TP/u6y1OhS9nQvwmGnv96GoDJEQfkvsdT4eS/QYUTMsQRLp/nwVhkpNT5FMm4e2aA2sgzlUJCdRsjUyRDuhXwETag5rwddn5YmYeGrSU+bLFWlmmlOyTb7WBHzGSj16UuTXRovP0eEocCik8grAFImcc9xDXVXxZii0NYtkD/1ecoi7sG0vj93ZCdQKhFF8643iPY04pnlNSislOa3lZm7ReE9aChjCLG+01nttFnLzXVV3ThApysV2mUAHpwsdCLH4GgRyVSDt+C5U2zjSBTS0MDUrJXiT0ccXu6fbCRyxsNcjAx91mRkXTxq/HGbi765fF/36Jac8mXroh94ASI2Hx14rB+0jhOkPih9kcS/aDgtBfRRYee8nqbNRCFcnalKwurB/6ldrDiTIQxUPLshm4Bh6XXAT8f8F8U9peCt9CtwcWxhMl1RZk4Vv1k7I34oVj0LVeddF8W8IJB4m7nrtgXw0sfMO5ObSiX14msA6MUh/N7wBE40/5BttvGje1OoaJ0e9MlGFo6+CTYJIgxbNcHP2yTCGIb+lJWHknJ92eTcduwZAUQaYoXjuVXBbqatCyqJwGJk8sA783QnR0S7FhghwoJgoj2r6RqujJakdFjUTOTcsNePm1fD9BvLqfycYoaDLvpIZNg/cNo4Vx2jsdzTzsFVlIqMW3Kh5bwLNb0kUljlIzCAl95Ponkq655QzBwutz61YMXrwhfVPA7upwpDuT2eOLy8Zat3Nr26BFyRy52MrZe9vcPk9FOr/osPr/OkYz4vnKp15L6E5savKmeiES9EUphwGujnUkgNCJ6cJUf9vGgKSYuV5dNvaE+SXynrBktf5DgEWx2bbDTcVVWApt6zfGTGsN2ZgdYUHCaea/4VNkOJL1CX1qko2QzTPue0fjGab9QF9u6RJGFGDJNzeJGdrKEnRgsoUISB0u8A1VGB7VkqLowkE4AQVN9iuC/BXLlB9W4s8C3MhMQFgJWX9Urd1Bk3PvwZ+Gnk+2t0eItE9Qw2oUCZT6giR9rRJg1fw1697hxN28RLp7jRdoZxO0jTd2p5o2yT4+rSIOX+Pn6qRrucii/mc5Gtj74HpCFkwXshHFd9kxaxNcVWGYk74prNKsQLZ3udHGQxPe094k3jjRGbxsHwYjZb5X/KiCHmh+4zF63yLNcxjS90cyrqqOe68wqOX3IOj9fncqm/Y8cLbkPgBvuc02HV9taPqyHJXH6XZaVSxMlbabaAJU9S1BGh0xT16x2NL5eqxQrcGChSiGrelYGTn8jUxtu7/7OTVzxzSMMiVGQa9fy5k1AeSAS0kOuwUmJHgu32Sqtl54Ep4haeWYS/Qh9ibI33VBbEZ5JEKZgelyQayATlwTm6dIsNorR/sDW7aFwDwHI/D9Sd00UgniGfcDpB4unPT3B8IMxH5+00jCyy3Tj8tIdVOyhXflAKGhlNJNYMRtcs+6pr1lCDJ+hlxueAwT6GDr37L+cx754rmRhLnyKvLCPW5KmN4zNx0GPMTLmlOyHH8441mc38irHlMc+Ingjx2UpYVB9dh+i1orawOdd4qVjsAuKBbJHZyM7TCaZFsQQml59uSOIkxuv3yJ//ArY2TwB4FLn4MFn4QPOMaq+Z9gOnvXy8UMyvg0iv2xAQarKdbS1jAzQ6UrcNGZACfV6SMeu1bUXOn4VPbkq6J8Nm9hMvcGPwXOAagL2xlObY8ZX8Uc6TzRkmteMbWIYIi2qWI59E41beYgnKGFQfDW0zfAhi/eAPcj4DPgPwFXnSp5en92LDlW0rqVd3wg9qlsmBMsu3mAXG/HQKdJuBq1yFvieIHfYL2vyb0CcijJpXJ/fWxTVLZaTQFrdkr6vy8zX9U/z/uM4s6D1mchYWvxwDAPEpbrRxbGWyGp1s4Ywg/Jh/BARoPWhsjTdoPwACq145fp2pDqHvJtWFtEp9eIkbUNocsK9KAtV/0sC5/Or5rDvgPnstIj08726jD04Egnu3Vl3WHYVzsfZfbD4djb5Cqq65kGzLFS0lGayHhHlzEQU0XmN2amsGgAX2PPuPdZkKsqomX+mv8WNrFvzAbFy0r6DmtLT4gZnqvMqrgdoVVVVB74zCH7vdMdZLowDVZao7EiBSgcilsm76IExL375+8HgGjC/ZuwUrVSBj69y9ElrBiwrTDMTpr/VUEdJOXrOZ7uV9kUEsHCGQYATLCBwAAtgcAAFBLAwQKAAkAAAAraBlLMSq+uhcAAAALAAAALQAcADU1NmE2ZmM0ZDU2MDcyMTBmYTdlZjNjYWYzY2U1OWQ2LmZpbGVuYW1lLnR4dFVUCQADoh+gWaIfoFl1eAsAAQQhAAAABCEAAADucAzhCa3B2NcWIjCUEtpmTzbtXSycMFBLBwgxKr66FwAAAAsAAABQSwECHgMKAAkAAAAraBlLZBgBMsIHAAC2BwAAIAAYAAAAAAAAAAAApIEAAAAANTU2YTZmYzRkNTYwNzIxMGZhN2VmM2NhZjNjZTU5ZDZVVAUAA6IfoFl1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAraBlLMSq+uhcAAAALAAAALQAYAAAAAAABAAAApIEsCAAANTU2YTZmYzRkNTYwNzIxMGZhN2VmM2NhZjNjZTU5ZDYuZmlsZW5hbWUudHh0VVQFAAOiH6BZdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAALoIAAAAAA==' AND file:name = 'msg0558.rar' AND file:hashes.MD5 = '556a6fc4d5607210fa7ef3caf3ce59d6' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern":"[file:content_ref.payload_bin = 'UEsDBAoACQAAACtoGUuY51+iuAcAAKwHAAAgABwAOGM5YjIwYTYxMzY4ZTg5NTZiNmM0OWRhOWFmZjMwZDFVVAkAA6IfoFmiH6BZdXgLAAEEIQAAAAQhAAAA0VVPHiUgFrMn5YDs0vDsZfrVQEKUaNBapEHHyHUuZP/uMDFeKumTKcG4ofOEr93kVH1Ny6OPwABzr+t/vqluRRZPFy16KCiRTn/ov/NTxQ0yso1gmwiAyNq8Oqb5KFLX44wPgWKRxkTHADfOi8eEBsVGgWTfZ+Reewdj9l29XhF9nyi6zOcW6l05AKsvU/rHAn/KXV/CQW8CuEwMtje0tvGwib+zqLoepwl1djVyMGwEjRKpQ8mBbtPmnFckYsYpqdK66EioarTl76EPBTDKTWSi0RJ7+U/W25nw420QuBOnMpPnYeZ0bNrWesf+XAk/XTReIpAlpdywhA/K9BQzIHMUu3mieg3txnFT481ga7xik+quSiZpuKZkujsQ0jY4y5ar1+qdo0oxhmdM8Hh15li/XEfwsqZpXWpLKq/+TwCuAUs688J8BHWFPD49H+W/NKRhAUhT6MIYMDVSsZPlWxq3Mc8m8AmBATcu6uCkVvqMvgMaz9SB804xgc2HZVx7sOzpEvPfKLcXPLPUnTm42HWRuIaSAopkYXmDQYnurcsgkd9XXQvOcChEsAUIkFWaCWjPbTTdtRcPLJb/DeD7IMDw9dxzUCyWCblhhDBSbmLwAJtqEI0g9p5LPOC05toPLIHspSiIu7yQoKdNE0Q9sGqMmCwYReHjh2ogDW0nMcV5yZIMmwJRpt7h+RWYCJs1OUxstZ8VsLa+TBCl1u1k210uFsROxOVgGPNEQYXcBlajhD45KaHyvjkK0Y9SeZOubMXepdPkK/7eS8EpIttkU9TMpLyIMtqGtLZAfJqjsnkRRQEhaLT16DSBYkRimorhZjBHcDACZf2eV+zKjbtZLekVGsAgWh9LFsGFBnQCl7aHnj68E5mvZjAiFYy3dAxURt6FcT5/ofB2XJ9JEy+05iJzTugFmVMDXDvkLl+gI6T2psHbfCWVVdEVB9bUQ6/sEsUcWY9Sn53SqAvN3sMcL6K5832hMOFsxAheYIAFZX+jqdRu8jjNY5J3O/93flFgccj0jVBIt6LomxjG5oEprTH8FpbPNLPmgczXdZDMyznzbM5Aw1CI1sGYayHh1Y5fbIG4hYaAOGvFiCTq+J376mJcXwV4lzYURVF2j0Mh7HhN6oZ1oA7UIosXYvHTVPeuFPZd2mjZFLHib6DrpeoFw5m2Jmv+77Bj/oWtpaiiGVwD2TS2CsRq1C8dZEQDrevqlupd1EgxD3HqQO2/cNrVxAjAAR1v/Mh5YFcyeZElgKR9FCvEl1Pj9cM8FkNtg2i6LngXA0zYJo24YDA8rNpphzBvdgEeMKiRHDQgSXRm92rATsjY0XspUggn1dlBMFPi0hyxobNxb1oZN5jGnwr0CQGe3YOw0RCw6ZJPew9o+oUrrycGqcJxBk3mtXk435PLRpQfFGTQ/MdeYyS4ouvTAqGGtwvfiWAPf3TZmPF9vqIcuUy2/9G7LWMgcqNu2LtDOeE36vPfMF3nfR5iPpca4yKizILWMxO3gSSQNEJom7bLAp4HTrkhglYZW5aZCJB+GbryFW7JFMkffaqfVo9dbTnwa3duIdECCbf/6Is7tzMM+JhpKor3c7EcxAJrsDQmFwy+Z011jrcvrJW15otdn3J0mW2PjERAlaXM1tYMLnoj1NlQWHJixehg1jC8iP5s45Dt7K7gutaXedcGr/Y+pwgJ2GhZ1nmJmwAudYqJFH6y76+trL7arluceYkt4J3DwEljAadBFEtQmjEAG1smUhYjCkMW5KS8oEBXtgJ4CyPRmKKUz8QKMA+XUkW2COAI+3jOebn3tRiJi3MDLSpNeL/6cCWM/qZopTiLKEVyoxiw6rOev8Z2whKlQjUk1Tr/Ts4Q+WSKE2X8JLtpzvYoT11tGGtJ0Ap+bNOhsZ1k4cyz8MyscJScZtVzrSmAb6pizBb1KH9iq9UaGlIPnOZqmgTgvPXEeGmJkBD8ErVNx/TscU5+q2KBbnvz1r331APKIOgEscmcKfew53lPIYvxAa0FEDAJEHJEH5o+ZmmwSReOR15CHlG33aAzRP3NwgAoPQovlXaqqmnox8d0lN9K32vXP/FkAbyI5oVXDeN4Ak8BgENE5ee5gsBdzWiN3choABKRjGIEXy6fWXaIe4lUFQnmRthM30RPGIEzWEkrbb8nFJW/qnjRKSRrh8yMTvA7Zae4Q8ohj54GNkG1A4aLdzYKWEM2Lj28xi03BGuTdkRC2VsMG6xaFeMoF9YsUhOFwb1SbhODUAms7y47IgY+O1LR0sxrG24ZB4rcwmW2zwvYeZs/UGdqh6q/Ql5sjtrlqjplL6l0FW9a5YWWBlQxYoHoM0XulLRNTCOC/5wNP0luZsxHEnZZgfSnsx/1rxllgHAAIxpvn4Yq3fh7qcDnQSDuQV6aNcsxyA8xl/CKeiSfQgK/Rlcy4qZu7Xje5RYQ6wjqJQXjcARUIIY7tsIS/M6nTHVJQ77VdGF6i4DqeaJyXxlH2wGb3Um2cZHFrvIprHzqqyha9UGHTy3mkOh3x561UTsdWxILrI8G+n9inzA+VdkX+C2qF2YWCX3dJD7zZsOIjjqlHmOUjKlC8Pd8SoT+8HLOqSgSJ9fHJ1knmsAihem5hx3m4kBUGIWOt5st2oDzF9SgvZ5QSwcImOdforgHAACsBwAAUEsDBAoACQAAACtoGUtO4dYwFwAAAAsAAAAtABwAOGM5YjIwYTYxMzY4ZTg5NTZiNmM0OWRhOWFmZjMwZDEuZmlsZW5hbWUudHh0VVQJAAOiH6BZoh+gWXV4CwABBCEAAAAEIQAAAKsRQX5fqK1uTNNX3QMeTnceIG9YN8S9UEsHCE7h1jAXAAAACwAAAFBLAQIeAwoACQAAACtoGUuY51+iuAcAAKwHAAAgABgAAAAAAAAAAACkgQAAAAA4YzliMjBhNjEzNjhlODk1NmI2YzQ5ZGE5YWZmMzBkMVVUBQADoh+gWXV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAACtoGUtO4dYwFwAAAAsAAAAtABgAAAAAAAEAAACkgSIIAAA4YzliMjBhNjEzNjhlODk1NmI2YzQ5ZGE5YWZmMzBkMS5maWxlbmFtZS50eHRVVAUAA6IfoFl1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAsAgAAAAA' AND file:name = 'msg0978.rar' AND file:hashes.MD5 = '8c9b20a61368e8956b6c49da9aff30d1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
