Abuses OpenXML format to download file from external location

Loads dropped DLL

Reads user/profile data of web browsers

Infostealers often target stored browser data, which can include saved credentials etc.

Uses the VBS compiler for execution

Checks whether UAC is enabled

Drops Chrome extension

Suspicious use of SetThreadContext