Formbook Lab

On April 29, 2026, an employee at the Silver Group reported that a routine "quotation request" email prompted them to download and open an attachment, after which their workstation began behaving oddly. Shortly afterward, endpoint monitoring flagged unexpected script activity, a newly created recurring task, and repeated outbound connections to unfamiliar external hosts, raising concerns that an information stealer had taken hold despite antivirus software showing no alerts. You have been handed an offline triage collection from the affected workstation, including file-system metadata, endpoint telemetry, recovered loader scripts, and several disguised payload files staged in a shared directory. Your task...