c2cc4fc2f3e86e77128b765d778c40ec4f1ccb5daa59e8117d0e0f93dd23dd1f

Analysis

max time kernel
137s
max time network
147s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 15:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63c372e6b85c5f82a1c68db7232937d1_JaffaCakes118.html
Size

77KB
MD5

63c372e6b85c5f82a1c68db7232937d1
SHA1

15a95c472a1208ffecbe87aa0ec067339deb40c4
SHA256

c2cc4fc2f3e86e77128b765d778c40ec4f1ccb5daa59e8117d0e0f93dd23dd1f
SHA512

d2d764ae835f1877c58c8b1908a194424e9e8aced14773073c2d17bcd1eecb84aee51ab8ddc62fca3ab8f0a6f2f229857aee8a6da226367e339f937651486f3c
SSDEEP

768:SZs7nYtZzFJA9PP2sgv9I3F1q1IdbEidlhdeyICX0wm4MCb/bOMjuslqVISBJEAr:SZs7+KPjg8db7x70dMjuoqWtA

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f1fce54edcda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427825266"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C560C71-4842-11EF-8BF0-428107983482} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000d6c6615fb65ed0f10c3d62955ee476db4878b6893e3287763fbf738878f07a0a000000000e8000000002000020000000c114cf018d337007e5f9c0f6b08b5b3e6bf86a9e5af02370390634d880d69a6890000000488709d96ebe40d867f463998f0560a6ea87d07ec530fd4f6aa1ed09be84cb35dc9bfce4769e148f7a4c07ceea947a2cc2c7f222347520fec4f7ab5623d90b55e7628a1310da9af9edfec19368db70f33c74ac3323d68cdb14088da36c2250409c7d725b731fbbed8f9f3da09950bb058a6f72e4adbba297ca85359c33d966a9dceb3f82bcc2d1d804606d87cb855e6740000000705972b451ba04fb031030930c07c7475168eb4bf541176785569a5f53b5bfe35b343c6f01b3314255ce838b535b8a94a6ac8f9286ff0c8756538f1f21a7f5d4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000006774426f81b1b3be6effa0c683cb5cf6d45fcc114836f6540f51ef0b7196a219000000000e8000000002000020000000c205f4a1891dab94526a86c2b27e3656cf3689adedc11d2e3932ffe642d1685b200000008a00d02092f1575ff7aec32aa43352db4c9038ede3a6eb02a12e909a0afd09c540000000244cd8fb29fb9c07afa29eb73d6e5a2f17f62a627cb482e83c3a852fd0453ac4b3a2e574f1e4b1391e40225a35510a35f92feb49b2b2cf0b4b3de0682c614e6b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2152	2072	iexplore.exe	30
PID 2072 wrote to memory of 2152	2072	iexplore.exe	30
PID 2072 wrote to memory of 2152	2072	iexplore.exe	30
PID 2072 wrote to memory of 2152	2072	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63c372e6b85c5f82a1c68db7232937d1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2152

Network

DNS

www.malwaremechanic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.malwaremechanic.com

IN A

Response

www.malwaremechanic.com

IN CNAME

malwaremechanic.com

malwaremechanic.com

IN A

64.68.200.44
DNS

www.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.statcounter.com

IN A

Response

www.statcounter.com

IN A

104.20.94.138

www.statcounter.com

IN A

104.20.95.138
GET

http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/jquery.min.1.2.6.js

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/themes/DynaBlue/js/jquery.min.1.2.6.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/plugins/wp-spamfree/js/wpsf-js.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250696727522_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250696727522_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/270696157167_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/270696157167_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250750869681_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250750869681_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/400200949333_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/400200949333_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/390184144650_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/390184144650_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/200585496309_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/200585496309_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/130495298002_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/130495298002_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-includes/js/comment-reply.js?ver=20090102

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260724789018_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260724789018_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/plugins/sociable/images/services-sprite.png

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/plugins/sociable/images/services-sprite.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/130385743869_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/130385743869_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250696727520_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250696727520_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250749747115_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250749747115_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250749775572_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250749775572_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260715666400_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260715666400_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/120686073253_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/120686073253_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/plugins/sociable/images/services-sprite.gif

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/plugins/sociable/images/services-sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/370491240360_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/370491240360_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/380293580740_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/380293580740_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/310230969611_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/310230969611_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/390184097281_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/390184097281_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/plugins/wp-spamfree/img/wpsf-img.php

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/plugins/wp-spamfree/img/wpsf-img.php HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.statcounter.com/counter/counter_xhtml.js

IEXPLORE.EXE

Remote address:

104.20.94.138:80

Request

GET /counter/counter_xhtml.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.statcounter.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 22 Jul 2024 15:50:03 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 19 Jul 2024 12:27:52 GMT
ETag: W/"8c17-61d98d2fa96bd"
Cache-Control: max-age=43200
Expires: Mon, 22 Jul 2024 19:43:32 GMT
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
User-Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 29191
Server: cloudflare
CF-RAY: 8a74958fbefd952d-LHR
GET

http://www.malwaremechanic.com/images/e/250748857489_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250748857489_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/390182554603_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/390182554603_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/pp.gif

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/pp.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/370491536647_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/370491536647_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/120682219584_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/120682219584_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/330472475760_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/330472475760_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/170615206193_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/170615206193_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/carousel/stepcarousel.js

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/themes/DynaBlue/js/carousel/stepcarousel.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/310302827283_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/310302827283_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/logo.gif

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/290518195117_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/290518195117_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250696727519_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250696727519_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/200585509151_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/200585509151_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/270718451960_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/270718451960_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260715666374_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260715666374_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/jqueryslidemenu/jqueryslidemenu.js

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/themes/DynaBlue/js/jqueryslidemenu/jqueryslidemenu.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/120593681795_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/120593681795_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/190511330861_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/190511330861_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/130493873968_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/130493873968_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/200584849676_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/200584849676_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260714660855_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260714660855_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260714678527_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260714678527_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/plugins/sociable/sociable.css?ver=2.9.2

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/plugins/sociable/sociable.css?ver=2.9.2 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250697953367_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250697953367_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/themes/DynaBlue/images/button_go.gif

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/themes/DynaBlue/images/button_go.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/150576308128_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/150576308128_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250697971242_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250697971242_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/330472475753_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/330472475753_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/400201728284_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/400201728284_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/wp-content/themes/DynaBlue/style.css

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /wp-content/themes/DynaBlue/style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250697941421_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250697941421_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/120486825115_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/120486825115_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:03 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/360295256962_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/360295256962_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/120590932814_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/120590932814_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/260715666411_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/260715666411_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:04 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/390185168319_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/390185168319_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/250749783950_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/250749783950_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:05 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

c.statcounter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c.statcounter.com

IN A

Response

c.statcounter.com

IN A

104.20.95.138

c.statcounter.com

IN A

104.20.94.138
GET

http://www.malwaremechanic.com/images/e/400116442758_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/400116442758_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:08 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.malwaremechanic.com/images/e/200575146883_0.jpg

IEXPLORE.EXE

Remote address:

64.68.200.44:80

Request

GET /images/e/200575146883_0.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.malwaremechanic.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 22 Jul 2024 15:50:08 GMT
Server: Apache
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

64.68.200.44:80

http://www.malwaremechanic.com/images/e/200585496309_0.jpg

http

IEXPLORE.EXE

3.9kB
3.7kB
21
13

HTTP Request

GET http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/jquery.min.1.2.6.js

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250696727522_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/270696157167_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250750869681_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/400200949333_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/390184144650_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/200585496309_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/images/e/250749775572_0.jpg

http

IEXPLORE.EXE

4.0kB
4.1kB
22
14

HTTP Request

GET http://www.malwaremechanic.com/images/e/130495298002_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-includes/js/comment-reply.js?ver=20090102

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/260724789018_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/plugins/sociable/images/services-sprite.png

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/130385743869_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250696727520_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250749747115_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250749775572_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/wp-content/plugins/wp-spamfree/img/wpsf-img.php

http

IEXPLORE.EXE

4.0kB
3.7kB
21
13

HTTP Request

GET http://www.malwaremechanic.com/images/e/260715666400_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/120686073253_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/plugins/sociable/images/services-sprite.gif

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/370491240360_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/380293580740_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/310230969611_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/390184097281_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/plugins/wp-spamfree/img/wpsf-img.php

HTTP Response

404
104.20.94.138:80

http://www.statcounter.com/counter/counter_xhtml.js

http

IEXPLORE.EXE

780 B
14.1kB
11
14

HTTP Request

GET http://www.statcounter.com/counter/counter_xhtml.js

HTTP Response

200
64.68.200.44:80

http://www.malwaremechanic.com/images/e/170615206193_0.jpg

http

IEXPLORE.EXE

3.3kB
3.7kB
14
13

HTTP Request

GET http://www.malwaremechanic.com/images/e/250748857489_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/390182554603_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/pp.gif

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/370491536647_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/120682219584_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/330472475760_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/170615206193_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/images/e/270718451960_0.jpg

http

IEXPLORE.EXE

3.2kB
3.3kB
13
12

HTTP Request

GET http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/carousel/stepcarousel.js

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/310302827283_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/logo.gif

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/290518195117_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250696727519_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/200585509151_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/270718451960_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/images/e/260714678527_0.jpg

http

IEXPLORE.EXE

4.0kB
4.1kB
22
14

HTTP Request

GET http://www.malwaremechanic.com/images/e/260715666374_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/themes/DynaBlue/js/jqueryslidemenu/jqueryslidemenu.js

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/120593681795_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/190511330861_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/130493873968_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/200584849676_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/260714660855_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/260714678527_0.jpg

HTTP Response

404
104.20.94.138:80

www.statcounter.com

IEXPLORE.EXE

466 B
92 B
10
2
64.68.200.44:80

http://www.malwaremechanic.com/images/e/400201728284_0.jpg

http

IEXPLORE.EXE

3.3kB
3.7kB
14
13

HTTP Request

GET http://www.malwaremechanic.com/wp-content/plugins/sociable/sociable.css?ver=2.9.2

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250697953367_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/wp-content/themes/DynaBlue/images/button_go.gif

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/150576308128_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250697971242_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/330472475753_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/400201728284_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/images/e/250749783950_0.jpg

http

IEXPLORE.EXE

3.5kB
3.7kB
14
13

HTTP Request

GET http://www.malwaremechanic.com/wp-content/themes/DynaBlue/style.css

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250697941421_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/120486825115_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/360295256962_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/120590932814_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/260715666411_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/390185168319_0.jpg

HTTP Response

404

HTTP Request

GET http://www.malwaremechanic.com/images/e/250749783950_0.jpg

HTTP Response

404
104.20.95.138:443

c.statcounter.com

tls

IEXPLORE.EXE

726 B
6.1kB
9
9
104.20.95.138:443

c.statcounter.com

tls

IEXPLORE.EXE

726 B
6.1kB
9
9
64.68.200.44:80

http://www.malwaremechanic.com/images/e/400116442758_0.jpg

http

IEXPLORE.EXE

902 B
569 B
13
4

HTTP Request

GET http://www.malwaremechanic.com/images/e/400116442758_0.jpg

HTTP Response

404
64.68.200.44:80

http://www.malwaremechanic.com/images/e/200575146883_0.jpg

http

IEXPLORE.EXE

902 B
569 B
13
4

HTTP Request

GET http://www.malwaremechanic.com/images/e/200575146883_0.jpg

HTTP Response

404
104.20.95.138:443

c.statcounter.com

tls

IEXPLORE.EXE

966 B
6.1kB
13
9
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.7kB
9
12

8.8.8.8:53

www.malwaremechanic.com

dns

IEXPLORE.EXE

69 B
99 B
1
1

DNS Request

www.malwaremechanic.com

DNS Response

64.68.200.44
8.8.8.8:53

www.statcounter.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

www.statcounter.com

DNS Response

104.20.94.138

104.20.95.138
8.8.8.8:53

c.statcounter.com

dns

IEXPLORE.EXE

63 B
95 B
1
1

DNS Request

c.statcounter.com

DNS Response

104.20.95.138

104.20.94.138

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66dfc85c8c414bcb8bf913c21c4e0fa4

SHA1
d995686b381f9db273cc88a0ec7bdd8d9d1b81cb

SHA256
f528a00e8fc4d43cbe4123253e9003c7608e9fd2983ee2080d1eeb61fcddbbdc

SHA512
828b61ef2814ac1b52aa89ae9391322bfdb2a2673b6a2555877f6601e271c724fddd91d40d4e9abb0d1d17b186ae813ef2d1cf5f9fa73f9310e6dbae04890dc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
231b5194afa96a38b71909defa4e3bf6

SHA1
bb8aa426e4d822122bc4f056b5fd3127ef7a6bc3

SHA256
5a01c60397f6ce34c28cf37c3bb030d8b7f06e9381c48c8467658e4b51e85d88

SHA512
6660d0bfffca81f9b598d66b7a6ea17ff9f5ef081782b8cf7d162f35d8d6dfed98ad467693d98c072dd8c1d85e1ecfbfef84a8080a66db1648b3474f882e1283

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddd7ed929b9c6faee6acf0d5845f38b5

SHA1
a81be842930abf9e3fdbface1659533c74ff2663

SHA256
62617105d0b6a1364b146a89ad85d82602b20efdf5d60d5b39050b9741e9e9bd

SHA512
7633bc15911085a60c3ae3aa8beaeb7de217c1d8fe5824905d248ec74b9876d2b57b4ee50ad9d33f4b77cd4eb683a5f2560a3856b9e03871435bfb0f7591febc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1b2613d7d6ce7e4c492c4f02c73198d

SHA1
6b8d9daaab99f65237389a4db59883b86ce7f2cc

SHA256
3c3279f0802c4475a74f34a73943cd008af51cd9675383bb08b05dd0e91dd4ad

SHA512
93d15309e5b7e5e55332268028a0fd2037968b8621af5cf1308ceebd886daa9de58e121a4b2fd7e2a6d6a0379ad986fc2c84fed6208dfb76da0144783ff01694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e72f5e5817c5e32fceceadd64a37b7db

SHA1
49adc5c16ee1475b4172d4fcc23bb31e3829e614

SHA256
84899c915fb2f457e9f06818b034bb11c4d61e8ec23a17325afad45949716828

SHA512
a89e366e08e564ea31c3c60824d6c15eb0cfe595c492f047c48a2839c72191b5eb84359a05889c4d3cd58caae3918364ae1655575f6979d0c9424069ffc16890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfcd3aa9058b6803765bfbd3a6ab62d1

SHA1
f490b6c9d3dcad144acc30a379df8050686a5c1d

SHA256
56102e45b23bdbfba4ca628735e5b3449b3c258268a19570ac85f9fa4b916e73

SHA512
f3c9d1f4114af568c06c37ccdd9faef9db66b2163dc59f57ec097ce8da7e62982c16294c6dccb645d58b4f378574688b26fadeb3b0ea73cdef8cdc0ab161c527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7db08d45643b0a706243d0cc4980753e

SHA1
cf71344d96d815df47771846a73ad34e62e64daa

SHA256
3299ac09c8eaef8b4a766dc20bb7c6e6c00e1ad17182a55a1d272a037de1b36a

SHA512
e6a10dbd086c5adb84230489cb8c697cd5fb89d097216d25bb27411243f911236022735907842036babf864f93e10cdd34ed26b96a287361d7e1989b849b3de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9ec62fd6260df510b2d858097e0772

SHA1
40c2cb9c71ca11647a1ef0935b7d8b6916f99859

SHA256
6b556c04e5025d101cf134634d4c77f08e93e3b44b278ddc2304e6b0d6eb5e5b

SHA512
7ff4238b5a1a9ab7d142141d906976c1026886d9d1a069e078163c583c89a397846e2749850040c5d97e49ba41731b32f1c083a1673072ad95437f97d8eb7b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
659591da59a946ad6fb081a6c8bcb253

SHA1
57829a35bda3a0e6de989225a2b2863ba9cf0ef9

SHA256
0949fa702a697fc319ce8fcdba5bdd9d0ff9c56d17deca1e554c1215ef0142e6

SHA512
de9027b8b372babcae2fcf0ac3b19d3a822225709bbcc2e74f6edd5ef8b81af8e2d6229f26d5e7515722a4a7c532b895ff852dbf5e1798b43569bb1027588993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8473d8664b814096472913ba128f097

SHA1
0af57215b244c8773f01ab7e3643b4a52b6f1247

SHA256
59614ea2e6987a526631889649d8c85f5627df3a1c1f76d6b7560a97d4467109

SHA512
b7e10279816dfa0be15a76cb787911574379d16a65949d60bde426919811dcfaad0422419657dd6c1f5b86be16f873b365651bac735497bc47c85ac21f86e241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68fa139a6bade603cf9c3ced675bed08

SHA1
584d1cf42914d11715797b5cc24b514add20e98b

SHA256
eb154f7be3adddbda22be560b89a870a9e5491ddb5436135eee38a2586e584f4

SHA512
f9c55b16d339318fed6fe94a45dbb7aa5c4a3148fcc37a594e98e0ccee7f11c7cdabdc0497c46c516186d0f42278bbc96b4ceba9eef9c371514963343ac84179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5b31b54c5456a60fd5c44fc94431efd

SHA1
cb308bc56608e9ef5d5d0e0faa7d2f41fd5d3a43

SHA256
273f4c95ae627939e30f6a5eb18aa8846db1041e71399276bbf24b5fc6f20bcc

SHA512
fc5e3fc9d017507e2a43f5b723ab5ad3b0afc11688bcf8247b66ce9ca6099fa0847a22bfb69a10afa2d48c1dbf13e03749387ab89d869be1d7e9f131e0e4bcd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d396cc9cfa8a90e041d59a44051a72e

SHA1
098345b8b97cd5768bd85649a37369be80e4412e

SHA256
130b44227c76e8361554ed3b059fc41f73420857474a58ae35ee4f712a0f7a0f

SHA512
e5c7a28f56e744ffde25448831772afd7b699c5df12e69b03eb6c7ff0ad768e879dc1a6546d6117d0581cd4b658e976db8388f386459ee345f951b24f5fddd8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
275f11004c8d190576fd91836848d460

SHA1
fef246a527b25be80fe3671c1f900c5c8e1b1216

SHA256
af597227036a69038a3f91b841c50438d2209c8c441770ff796f6d8dca81cda2

SHA512
9c297a9facd44f305c4fe02f31caa986bf7097da0adbe7282fda5301e1755957eaa437bd415c7ce42e9c872d229fa114b72b81814517f15e606697e9b61958bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2a7c06cf9032eb0c1a8efc851f98ae

SHA1
48372ce1fb52d8161654c71c01e22fcad82ca6f2

SHA256
941271fe03d8b0a3ff8cce3f4045b0f4eb99ecf068e09887012870635465aed6

SHA512
9940fdac677b4e8a341b9f9a703f5100fb5849033131b6ea9f82c852bdb9ba5a58b97db842d8183c51162de2614580ee9690a66226833bb713d57f6d524d8d19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f80acd57699883d6b880787b7feab71c

SHA1
124e83e67db63c440b3f22ed685dacce3c899215

SHA256
76ca5b3d9a82107834dc8756ac9c3c32f715b96c7fd5f85d6d6388bf43682bd1

SHA512
f73c08df55a7463b89e326bbb62a856376c8bd97195d0d34bdf196a7d4b6c71a48c673eb0894f94709d4fc2d8d4c5fa08392adbdc9f2f4d4396f3541a71c07d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a07d618c846799b162b5694df48a5ea8

SHA1
ed3e3fc5c20bd09131b60908b633b43165b385b0

SHA256
90f4347af43db8653f12cd4dabafed720254c102d577b9425f556e9cdbd18c12

SHA512
c14cafdaf8381975780a795a0364009bb00d11c9e6fbabfa12fecfd3bf570f3dd607cdc8c639305c755b563809375d13985867a9e3a03632ba91a70dcb2315c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c8f9aef3279112748013f179261d437

SHA1
fa7912ccde7c5de0b92b27716bb3c53a2754d167

SHA256
f35e9d1e0ff66b1dbfcac3f9635e36905717eb5625f92d6e58ea69a32eebeae4

SHA512
6e4b2bfec7c6e6faf5b31a887693b0ad92d1e0d780663efdf88c313f8bbc49cecc0280b07a46cbfaa571648b10618ab2103249be0a49760c182ceb530516aa5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df814540cf02f4a612a0d7150e6d9288

SHA1
62fa78ac69c67b8c80f8b4a669629d57c0866773

SHA256
60fd158abb8f2b6915964e3b4bb36ab475fb1bc96d62e7b5d4d74081563797fd

SHA512
b27c4cb58ab5d71a4eb424aa124c91dcd53e24ebc4c012d1be9c875303e1295d0fbd860a7f999189c1aa491ea92c4aec52a549e98a7eec2626532d98cd260c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf7fa899fedcc30b333acd95d0d22bf

SHA1
f470984609bb0851d1ebbf44c36426a5c996e438

SHA256
9afe640ac2f2d34516b0e7e9a75b8b5db827e2b5eb80518183e4a850dd167dc7

SHA512
d95e8cad4a310636b8f2bcf0a73818ff201cfdb57582dc38024f6542e70901fca80e90fb2f7f630796486742b59ced5e3a6ac768d505243d6516f45ab5db848a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ce0e68678a4958b8548ab490cbeadd3

SHA1
3723b4efb307efcf8adea779bf38a9e5680d0da9

SHA256
a94623420b14017be11f4e7401cdcd398121e36e63e55c5e8ec299d3a33aea3b

SHA512
1b4094bd5b529f1298fbfdcfd3383c9babcd7d58cee048650c36aa8a899069b0072bde0c855a5ec2928794ea62d78c57f57f9ead318bad3a6c4f59ed8cfc22f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9dbacfa3ff8b864162c4e193fc86a52

SHA1
fc25a3b5fe4d9cf25f7043acd3d8802a419eb400

SHA256
954552ffb9bcc6826c84e2f5a7fa6340d9cf447a4b5a3ce2ae117dac7f6f1a4f

SHA512
b3fcef7e680b9ea866b1360593c5fc48744df3bab3ad587d0e2884d4f9f0f066b5fe99a53801dff4cf7636eca4d9ed38c33c79c47352f7816a2a0dd7e9df959e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f73428f385413b9b2855391362a15d5

SHA1
9b4bdebedf9fa7a620d3168494345254a50f84b6

SHA256
1d5ab667ef4b6fbf22f376e4866fb44ce083369ddfd31d88236ae2ed79862f97

SHA512
bcd88e3b5afd08839219d3dadd52afd8cc27a3ec79be0f76002f59d6df38fe8e680f6dfc74db83479d9d1d0682e6a8b5d9a8f3de3ab0dded35a3e06d86286fc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCE77.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF36.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request