Found potential malicious PDF (bad image similarity)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Yara detected Qbot Downloader
Clickable URLs found in PDF pointing to potentially malicious files
Creates a DirectInput object (often for capturing keystrokes)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Sample execution stops while process was sleeping (likely an evasion)
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware