New VBS Downloader variant observed

Update February 11, 2021:

This appears to be a Danabot downloader. I ran across the following sample:
After grabbing the downloaded executable from the link in the VBS, I ran it through a sandbox.
Today I saw another one a here is that sandbox run:

Quick post on this, I've run across a variant of a VBS downloader that does not appear to have a lot of detection and can only find a few other similar samples. There appears to be junk comments to throw off analysis and AV detection, but otherwise its fairly easy to follow. Here is a screenshot:

As you can see this downloads another file, which appears to be placed in "programdata" and registered using regsvr32. The couple samples I've worked with do not pull down the file. However there are a couple samples I've found via VirusTotal Hunting which are similar.

One string I looked at was "a.setOption 2,13056:" which leads to the following related pages:
These suggest a tool called MSHTA-VBS-download-and-execute use this string, the may not be related, if it is, it may be more of an inspiration than anything.

Another sample, which has some comments and relations to a downloaded DLL is as follows:

And the downloaded DLL is

I'm definitely still looking for some answers to what this is, I'll keep digging, but if someone runs across this and knows, please let me know.

EDR Detection:
Process Path containing RegSvr32.exe and a Process CommandLine of "programdata"
There are potentially a couple false positives.