Pick your Poison - A Double-Edged Email Attack

This Cofense Phishing Defense Center report details a dual-path phishing campaign that lures victims with a files.fm file-deletion reminder PDF which either directs victims to a fake Microsoft login to harvest Office365 credentials or downloads a disguised executable (SecuredOnedrive.ClientSetup.exe) that installs ConnectWise/ScreenConnect RAT. The report includes execution and persistence analysis (service and registry modifications), C2 endpoints, payload and infection URLs, IP addresses, and file hashes to support detection and remediation.