The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.
The Egregor ransomware double extortion website is again up, with new victims and a message: “Despite your hopes, we are with you again”
Egregor ransomware group is back online. After some days in which the data leak website of the cybercrime group has been shut down, it returned visible with a clear message: “Despite your hopes, we are with you again”. Last companies hit by the double extortion scheme, according the site, should be Randstad USA, RMB Products. Baxter James & Rose LLP, Clyde Ferraro & Co, and City of Independence. The FBI just a week ago issued a Private Industry Notification (PIN) to warn the companies about the Egregor malware attacks. The authors started the operations in September 2020 and compromised over 150 targets worldwide.