Description

• Probable Name: Trojan.Script.Heuristic-js.iacgm? (one of the files downloaded)
• URL: https://goo.gl/NrGdrX
  • Redirected to: Location: https://www.googledrive.com/host/0BxqXKTpruwHMOEVibmdrNjNwOWs
    • Redirected to: Location: https://26ca0f7cda8bfb6ae3d1301a29dcf2563946356e-www.googledrive.com/host/0BxqXKTpruwHMOEVibmdrNjNwOWs
    • Unzipped-Content-Md5: mwBrCUKydJkinbFZAeTArA==
    • X-Goog-Hash: crc32c=7kyNcw==
• Last file downloaded and included here: NrGdrX

Timeline

Sat Jun 11 01:31:14 CEST 2016

Started windows-normal-1

Sat Jun 11 01:34:00 CEST 2016

infected with https://goo.gl/NrGdrX

https://virustotal.com/en/url/f75f607099028e4799b45f9670f131b2480c87bcd1c687734ea51612201b5642/analysis/1465606509/

That downloads this file... https://virustotal.com/en/file/c974f5d5294849c3d7869dddda349a9f81a148644bb484245fb6837085aad8ff/analysis/1465603719/ Trojan.Script.Heuristic-js.iacgm

Sat Jun 11 01:42:40 CEST 2016

It is still doing stuff but I will install the extension.

Sat Jun 11 01:43:16 CEST 2016

Extension installed