Incident with unknown and undetected malware

Responding to an alert at one of our customers we came across the following incident.

The customer was phished with a seemingly targetted phishing attack back in late April through the site diymania[.]eu (behind cloudflare) (URL: hxxp://diymania[.]eu/hvilke-fordele-er-der-ved-bredygtig-energi.html (dead now)). The original link was most probably delivered through a mail to the user (not recovered).

Only a single client machine was affected....