cs=Array(#,#,#,#,...): cmd="": For each c in cs: cmd=cmd&Chr(c): Next: cmd=cmd&vbcrlf: Execute(cmd)
This is remotely loaded into memory from source phishing doc that uses renamed wscript & pubprn.vbs to load COM Scriptlet.
![](https://pbs.twimg.com/media/DRriCxpWsAAwLqZ.jpg)
![](https://pbs.twimg.com/media/DRriEhBWAAIXIJj.jpg)
![](https://pbs.twimg.com/media/DRrjjw4XcAIj9te.jpg)
Relevant slide screenshots attached.
They are continually improving each phase of their dynamic, multi-stage infection chain.
![](https://pbs.twimg.com/media/DRrlul-WAAAiL7n.jpg)
![](https://pbs.twimg.com/media/DRrm6hRWsAArqsl.jpg)
![](https://pbs.twimg.com/media/DRrn9l9XkAIcPtJ.jpg)