softlay.net

From: CHYRON (DSMITHHFX)24 Jul 2017 18:33
To: ALL6 of 7
A fresh softlay-sourced Windows 7 install in virtualbox passed a MS Malicious Software Removal Tool scan, so I installed Firefox (which Mrs.D uses) and opened the site she said was the last one she browsed before the attack: http://arizonamountaineeringclub.org.

Nothing happened. I suppose it's possible another malware-infected web site she had browsed earlier was the culprit.

I also opened the actual web page the attack apparently came from, based on her ff history:
http://187679863776586953687908945.win/?a=10012294&offer_key=d26a2baaa128ee148b74161dcfb52443&nrid=3

which (unsurprisingly) returned a 404 not found

Another scan with the Microsoft tool after browsing these sites also turned up nothing.

Conclusion: attack vector unknown.
EDITED: 24 Jul 2017 18:35 by DSMITHHFX
Message 41996.7 was deleted