Extracting the file.

After executing cacl.exe on the system, it took a few minutes to find, on the triage sandbox it was showing the jse files in /AppData/Local/Temp and it was not there on my system, but it was running from the Downloads folder where I was executing calc.exe from…

The obfuscated code

Decrypted code

Printing the output

def decode_string(encoded):
    decoded = []
    lines = encoded.split("\\n")
    
    for line in lines:
        line = line.strip()
        if line.startswith("begin") or line.startswith("end") or line == "":
            continue
        
        length = (ord(line[0]) - 32) & 63 
        
        for i in range(1, len(line), 4):
            if i + 3 >= len(line):
                break
            
            i1 = (ord(line[i]) - 32) & 63
            i2 = (ord(line[i + 1]) - 32) & 63
            i3 = (ord(line[i + 2]) - 32) & 63
            i4 = (ord(line[i + 3]) - 32) & 63
            
            decoded.append(chr((i1 << 2) | (i2 >> 4)))
            if i + 2 < len(line) - 1:
                decoded.append(chr(((i2 & 15) << 4) | (i3 >> 2)))
            if i + 3 < len(line) - 1:
                decoded.append(chr(((i3 & 3) << 6) | i4))
        
    return ''.join(decoded)[:length]

encoded_string = "GGFQA9MLY.3(R9F(R,6%A9C$W-3=E,V9D8C(X9#<X.3!A-60Y,WT*"

decoded_string = decode_string(encoded_string)

print("Decoded string:", decoded_string)

An alternative code I did that printed the flag from more of the whole original obfuscated code