check all the keywords mentioned in https://www.countercept.com/blog/dechaining-macros-and-evading-edr

Other keywords: https://twitter.com/gabriele_pippi/status/1276181417270169600 other two code execution methods on Shell.Application object:

ShellApplication.NameSpace("C:\Windows\system32") Set Item = objFolder.ParseName("cmd.exe") Item.InvokeVerbEx ("open") Set Item = objFolder.ParseName("notepad.exe") Item.InvokeVerbEx ("open")