Attackers are utilizing a fake Adobe Acrobat Reader lure to deploy a highly obfuscated VBScript loader that executes a .NET payload entirely in-memory. The attack chain leverages PEB manipulation for process masquerading and abuses auto-elevated COM objects to bypass UAC, ultimately installing the legitimate ScreenConnect remote access tool for malicious purposes.