5a25c07a642638eff37434f5451b24ea7cc11fd7003d6240ef0fb92274a597f7

Analysis

max time kernel
45s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 18:42 UTC

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

code.vbs
Size

923B
MD5

56ff801439eb03af43d41a9f54fce845
SHA1

c4e24ff844f99918ff2663642215a8e56c91228b
SHA256

5a25c07a642638eff37434f5451b24ea7cc11fd7003d6240ef0fb92274a597f7
SHA512

e5c643b1a17eaf043e5caf65147c452dc96b6a14a2b24283d4437f3aa263ac6333949476c84abc56093b31899b04ad5f8702813c6eb2810ddd844c3d5ee580ed

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	WScript.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 1668	3156	WScript.exe	85
PID 3156 wrote to memory of 1668	3156	WScript.exe	85
PID 1668 wrote to memory of 3412	1668	WScript.exe	86
PID 1668 wrote to memory of 3412	1668	WScript.exe	86
PID 3412 wrote to memory of 4624	3412	WScript.exe	87
PID 3412 wrote to memory of 4624	3412	WScript.exe	87
PID 4624 wrote to memory of 3392	4624	WScript.exe	88
PID 4624 wrote to memory of 3392	4624	WScript.exe	88
PID 3392 wrote to memory of 1040	3392	WScript.exe	89
PID 3392 wrote to memory of 1040	3392	WScript.exe	89
PID 1040 wrote to memory of 3052	1040	WScript.exe	90
PID 1040 wrote to memory of 3052	1040	WScript.exe	90
PID 3052 wrote to memory of 3096	3052	WScript.exe	91
PID 3052 wrote to memory of 3096	3052	WScript.exe	91
PID 3096 wrote to memory of 2808	3096	WScript.exe	93
PID 3096 wrote to memory of 2808	3096	WScript.exe	93
PID 2808 wrote to memory of 736	2808	WScript.exe	94
PID 2808 wrote to memory of 736	2808	WScript.exe	94
PID 736 wrote to memory of 4008	736	WScript.exe	96
PID 736 wrote to memory of 4008	736	WScript.exe	96
PID 4008 wrote to memory of 2500	4008	WScript.exe	97
PID 4008 wrote to memory of 2500	4008	WScript.exe	97
PID 2500 wrote to memory of 1440	2500	WScript.exe	99
PID 2500 wrote to memory of 1440	2500	WScript.exe	99
PID 1440 wrote to memory of 3080	1440	WScript.exe	100
PID 1440 wrote to memory of 3080	1440	WScript.exe	100
PID 3080 wrote to memory of 2144	3080	WScript.exe	101
PID 3080 wrote to memory of 2144	3080	WScript.exe	101
PID 2144 wrote to memory of 3516	2144	WScript.exe	102
PID 2144 wrote to memory of 3516	2144	WScript.exe	102
PID 3516 wrote to memory of 4784	3516	WScript.exe	103
PID 3516 wrote to memory of 4784	3516	WScript.exe	103
PID 4784 wrote to memory of 3004	4784	WScript.exe	104
PID 4784 wrote to memory of 3004	4784	WScript.exe	104
PID 3004 wrote to memory of 4960	3004	WScript.exe	105
PID 3004 wrote to memory of 4960	3004	WScript.exe	105
PID 4960 wrote to memory of 3472	4960	WScript.exe	106
PID 4960 wrote to memory of 3472	4960	WScript.exe	106
PID 3472 wrote to memory of 3912	3472	WScript.exe	107
PID 3472 wrote to memory of 3912	3472	WScript.exe	107
PID 3912 wrote to memory of 3724	3912	WScript.exe	109
PID 3912 wrote to memory of 3724	3912	WScript.exe	109
PID 3724 wrote to memory of 4764	3724	WScript.exe	154
PID 3724 wrote to memory of 4764	3724	WScript.exe	154
PID 4764 wrote to memory of 2764	4764	WScript.exe	111
PID 4764 wrote to memory of 2764	4764	WScript.exe	111
PID 2764 wrote to memory of 4476	2764	WScript.exe	112
PID 2764 wrote to memory of 4476	2764	WScript.exe	112
PID 4476 wrote to memory of 436	4476	WScript.exe	113
PID 4476 wrote to memory of 436	4476	WScript.exe	113
PID 436 wrote to memory of 1916	436	WScript.exe	114
PID 436 wrote to memory of 1916	436	WScript.exe	114
PID 1916 wrote to memory of 3652	1916	WScript.exe	115
PID 1916 wrote to memory of 3652	1916	WScript.exe	115
PID 3652 wrote to memory of 4316	3652	WScript.exe	116
PID 3652 wrote to memory of 4316	3652	WScript.exe	116
PID 4316 wrote to memory of 4124	4316	WScript.exe	117
PID 4316 wrote to memory of 4124	4316	WScript.exe	117
PID 4124 wrote to memory of 4864	4124	WScript.exe	118
PID 4124 wrote to memory of 4864	4124	WScript.exe	118
PID 4864 wrote to memory of 4508	4864	WScript.exe	119
PID 4864 wrote to memory of 4508	4864	WScript.exe	119
PID 4508 wrote to memory of 4584	4508	WScript.exe	120
PID 4508 wrote to memory of 4584	4508	WScript.exe	120

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\code.vbs"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3412
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:4624
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3392
      - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3052
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        8⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        9⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        10⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:736
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        11⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4008
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2500
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        13⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1440
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        14⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        15⤵
        Checks computer location settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2144
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:3516
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        17⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4784
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        18⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:4960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:3472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        21⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:3724
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        23⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4764
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        24⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        25⤵
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4476
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        26⤵
        Suspicious use of WriteProcessMemory
        
        PID:436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        27⤵
        Suspicious use of WriteProcessMemory
        
        PID:1916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        28⤵
        Suspicious use of WriteProcessMemory
        
        PID:3652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        29⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        30⤵
        Suspicious use of WriteProcessMemory
        
        PID:4124
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        31⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4864
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        32⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4508
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        33⤵
        Modifies registry class
        
        PID:4584
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        34⤵
        
        PID:1768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        35⤵
        
        PID:3696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        36⤵
        
        PID:3228
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        37⤵
        
        PID:1724
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        38⤵
        
        PID:3268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        39⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4804
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        40⤵
        
        PID:4604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        41⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4480
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        42⤵
        
        PID:1808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        43⤵
        Checks computer location settings
        
        PID:4352
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        44⤵
        
        PID:2448
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        45⤵
        
        PID:2920
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        46⤵
        
        PID:4872
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        47⤵
        
        PID:5040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        48⤵
        Checks computer location settings
        
        PID:3236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        49⤵
        
        PID:4912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        50⤵
        
        PID:2432
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        51⤵
        
        PID:1652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        52⤵
        Modifies registry class
        
        PID:2304
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        53⤵
        Checks computer location settings
        
        PID:736
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        54⤵
        
        PID:4388
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        55⤵
        
        PID:5012
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        56⤵
        
        PID:2500
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        57⤵
        
        PID:1648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        58⤵
        Checks computer location settings
        Modifies registry class
        
        PID:3704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        59⤵
        
        PID:4932
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        60⤵
        
        PID:4392
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        61⤵
        
        PID:1204
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        62⤵
        Modifies registry class
        
        PID:3004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        63⤵
        
        PID:4960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        64⤵
        Checks computer location settings
        Modifies registry class
        
        PID:3444
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        65⤵
        
        PID:4520
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        66⤵
        Modifies registry class
        
        PID:4876
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        67⤵
        
        PID:4764
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        68⤵
        
        PID:4012
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        69⤵
        Modifies registry class
        
        PID:2504
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        70⤵
        
        PID:4868
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        71⤵
        Checks computer location settings
        
        PID:4184
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        72⤵
        Modifies registry class
        
        PID:3096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        73⤵
        
        PID:4692
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        74⤵
        
        PID:4488
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        75⤵
        Checks computer location settings
        
        PID:2648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        76⤵
        Modifies registry class
        
        PID:4008
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        77⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4028
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        78⤵
        
        PID:1036
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        79⤵
        
        PID:3604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        80⤵
        
        PID:4544
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        81⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2664
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        82⤵
        
        PID:4104
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        83⤵
        Modifies registry class
        
        PID:4392
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        84⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1692
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        85⤵
        
        PID:332
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        86⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2256
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        87⤵
        
        PID:4276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        88⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4992
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        89⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        90⤵
        
        PID:968
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        91⤵
        Checks computer location settings
        
        PID:4016
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        92⤵
        
        PID:4796
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        93⤵
        
        PID:436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        94⤵
        
        PID:5064
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        95⤵
        
        PID:1260
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        96⤵
        
        PID:2396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        97⤵
        Modifies registry class
        
        PID:4436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        98⤵
        
        PID:848
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        99⤵
        
        PID:4536
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        100⤵
        Checks computer location settings
        Modifies registry class
        
        PID:3864
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        101⤵
        
        PID:3556
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        102⤵
        
        PID:4516
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        103⤵
        
        PID:2696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        104⤵
        
        PID:2460
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        105⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1568
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        106⤵
        
        PID:3176
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        107⤵
        Modifies registry class
        
        PID:3364
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        108⤵
        Checks computer location settings
        
        PID:3312
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        109⤵
        
        PID:4344
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        110⤵
        Checks computer location settings
        
        PID:4268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        111⤵
        Checks computer location settings
        
        PID:4176
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        112⤵
        
        PID:2448
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        113⤵
        
        PID:4476
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        114⤵
        
        PID:3904
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        115⤵
        
        PID:2212
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        116⤵
        Modifies registry class
        
        PID:3236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        117⤵
        Checks computer location settings
        
        PID:4020
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        118⤵
        
        PID:1260
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        119⤵
        
        PID:2396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        120⤵
        
        PID:4436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        121⤵
        
        PID:848
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        122⤵
        
        PID:4536
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        123⤵
        
        PID:608
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        124⤵
        
        PID:3080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        125⤵
        
        PID:4368
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        126⤵
        Checks computer location settings
        
        PID:2284
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        127⤵
        
        PID:1588
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        128⤵
        
        PID:4396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        129⤵
        
        PID:3472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        130⤵
        
        PID:1236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        131⤵
        
        PID:4824
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        132⤵
        Modifies registry class
        
        PID:1892
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        133⤵
        
        PID:3412
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        134⤵
        
        PID:1856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        135⤵
        Checks computer location settings
        
        PID:5040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        136⤵
        Modifies registry class
        
        PID:664
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        137⤵
        
        PID:4868
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        138⤵
        
        PID:4216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        139⤵
        
        PID:1908
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        140⤵
        Checks computer location settings
        
        PID:1276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        141⤵
        
        PID:1644
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        142⤵
        
        PID:2936
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        143⤵
        
        PID:8
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        144⤵
        
        PID:2280
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        145⤵
        Checks computer location settings
        
        PID:3256
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        146⤵
        
        PID:768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        147⤵
        
        PID:3980
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        148⤵
        Modifies registry class
        
        PID:3224
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        149⤵
        
        PID:2644
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        150⤵
        
        PID:4696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        151⤵
        
        PID:5004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        152⤵
        Modifies registry class
        
        PID:2268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        153⤵
        Modifies registry class
        
        PID:1948
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        154⤵
        
        PID:4496
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        155⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        156⤵
        Modifies registry class
        
        PID:4984
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        157⤵
        Modifies registry class
        
        PID:3200
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        158⤵
        Checks computer location settings
        Modifies registry class
        
        PID:3972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        159⤵
        
        PID:4192
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        160⤵
        Modifies registry class
        
        PID:4912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        161⤵
        
        PID:3320
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        162⤵
        
        PID:624
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        163⤵
        Checks computer location settings
        
        PID:4000
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        164⤵
        
        PID:4704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        165⤵
        
        PID:1644
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        166⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2936
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        167⤵
        
        PID:8
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        168⤵
        Checks computer location settings
        
        PID:2280
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        169⤵
        
        PID:1724
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        170⤵
        
        PID:1912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        171⤵
        Checks computer location settings
        
        PID:2416
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        172⤵
        
        PID:3224
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        173⤵
        
        PID:4288
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        174⤵
        Checks computer location settings
        
        PID:4396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        175⤵
        
        PID:5004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        176⤵
        
        PID:2268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        177⤵
        
        PID:1948
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        178⤵
        
        PID:4496
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        179⤵
        Checks computer location settings
        
        PID:4276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        180⤵
        
        PID:4244
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        181⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4016
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        182⤵
        Checks computer location settings
        
        PID:3936
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        183⤵
        
        PID:4596
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        184⤵
        
        PID:4980
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        185⤵
        Checks computer location settings
        
        PID:856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        186⤵
        Modifies registry class
        
        PID:4692
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        187⤵
        
        PID:2748
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        188⤵
        
        PID:2640
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        189⤵
        
        PID:2936
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        190⤵
        Checks computer location settings
        
        PID:8
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        191⤵
        
        PID:4628
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        192⤵
        
        PID:1724
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        193⤵
        Modifies registry class
        
        PID:3228
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        194⤵
        
        PID:4604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        195⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        196⤵
        
        PID:4288
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        197⤵
        
        PID:4960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        198⤵
        
        PID:3444
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        199⤵
        
        PID:2264
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        200⤵
        
        PID:4268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        201⤵
        Modifies registry class
        
        PID:4496
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        202⤵
        
        PID:2368
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        203⤵
        
        PID:2848
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        204⤵
        
        PID:3316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        205⤵
        
        PID:1700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        206⤵
        Modifies registry class
        
        PID:4376
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        207⤵
        Checks computer location settings
        
        PID:1096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        208⤵
        
        PID:1484
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        209⤵
        
        PID:4124
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        210⤵
        
        PID:1452
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        211⤵
        
        PID:4916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        212⤵
        
        PID:4584
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        213⤵
        
        PID:60
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        214⤵
        
        PID:2276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        215⤵
        Checks computer location settings
        Modifies registry class
        
        PID:608
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        216⤵
        
        PID:4516
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        217⤵
        Modifies registry class
        
        PID:2416
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        218⤵
        
        PID:1492
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        219⤵
        Modifies registry class
        
        PID:2712
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        220⤵
        
        PID:4480
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        221⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        222⤵
        
        PID:3392
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        223⤵
        
        PID:2604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        224⤵
        Checks computer location settings
        
        PID:1040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        225⤵
        
        PID:4012
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        226⤵
        
        PID:1996
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        227⤵
        
        PID:2088
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        228⤵
        
        PID:4596
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        229⤵
        
        PID:4892
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        230⤵
        
        PID:5092
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        231⤵
        
        PID:4124
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        232⤵
        
        PID:1452
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        233⤵
        
        PID:4916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        234⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1644
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        235⤵
        Checks computer location settings
        
        PID:1280
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        236⤵
        Modifies registry class
        
        PID:4264
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        237⤵
        Modifies registry class
        
        PID:4816
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        238⤵
        
        PID:1032
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        239⤵
        
        PID:1912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        240⤵
        Modifies registry class
        
        PID:1064
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        241⤵
        
        PID:4668
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        242⤵
        Checks computer location settings
        
        PID:3720
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        243⤵
        Checks computer location settings
        
        PID:2584
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        244⤵
        
        PID:2336
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        245⤵
        Checks computer location settings
        
        PID:4764
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        246⤵
        
        PID:2680
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        247⤵
        Checks computer location settings
        
        PID:3936
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        248⤵
        Modifies registry class
        
        PID:3652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        249⤵
        Checks computer location settings
        
        PID:3900
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        250⤵
        
        PID:1260
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        251⤵
        
        PID:2932
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        252⤵
        Modifies registry class
        
        PID:3216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        253⤵
        
        PID:4900
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        254⤵
        
        PID:4448
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        255⤵
        
        PID:1440
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        256⤵
        Modifies registry class
        
        PID:2236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        257⤵
        Checks computer location settings
        
        PID:4628
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        258⤵
        
        PID:4700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        259⤵
        
        PID:4996
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        260⤵
        Modifies registry class
        
        PID:1912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        261⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1064
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        262⤵
        Modifies registry class
        
        PID:2804
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        263⤵
        
        PID:2264
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        264⤵
        
        PID:552
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        265⤵
        
        PID:752
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        266⤵
        Checks computer location settings
        
        PID:3412
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        267⤵
        Modifies registry class
        
        PID:1648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        268⤵
        
        PID:820
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        269⤵
        
        PID:4056
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        270⤵
        
        PID:3096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        271⤵
        
        PID:1096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        272⤵
        
        PID:1652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        273⤵
        
        PID:4568
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        274⤵
        
        PID:2024
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        275⤵
        
        PID:4812
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        276⤵
        
        PID:1768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        277⤵
        
        PID:2420
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        278⤵
        
        PID:3556
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        279⤵
        
        PID:2976
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        280⤵
        
        PID:2416
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        281⤵
        
        PID:2712
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        282⤵
        
        PID:4480
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        283⤵
        
        PID:4472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        284⤵
        
        PID:3340
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        285⤵
        
        PID:1400
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        286⤵
        
        PID:1040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        287⤵
        
        PID:4880
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        288⤵
        
        PID:3316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        289⤵
        
        PID:4088
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        290⤵
        
        PID:2528
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        291⤵
        
        PID:2808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        292⤵
        
        PID:4316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        293⤵
        
        PID:1068
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        294⤵
        
        PID:2648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        295⤵
        
        PID:4836
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        296⤵
        
        PID:4008
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        297⤵
        
        PID:1644
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        298⤵
        
        PID:3908
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        299⤵
        
        PID:5080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        300⤵
        
        PID:4932
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        301⤵
        
        PID:3704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        302⤵
        
        PID:4424
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        303⤵
        
        PID:1692
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        304⤵
        
        PID:3708
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        305⤵
        
        PID:4528
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        306⤵
        
        PID:2820
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        307⤵
        
        PID:2856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        308⤵
        
        PID:2676
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        309⤵
        
        PID:2220
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        310⤵
        
        PID:1700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        311⤵
        
        PID:2660
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        312⤵
        
        PID:2088
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        313⤵
        
        PID:4488
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        314⤵
        
        PID:856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        315⤵
        
        PID:1004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        316⤵
        
        PID:1380
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        317⤵
        
        PID:2036
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        318⤵
        
        PID:1960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        319⤵
        
        PID:5056
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        320⤵
        
        PID:1944
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        321⤵
        
        PID:4520
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        322⤵
        
        PID:1724
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        323⤵
        
        PID:4648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        324⤵
        
        PID:4348
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        325⤵
        
        PID:4572
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        326⤵
        
        PID:1912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        327⤵
        
        PID:1808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        328⤵
        
        PID:4528
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        329⤵
        
        PID:2820
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        330⤵
        
        PID:3824
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        331⤵
        
        PID:2676
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        332⤵
        
        PID:2220
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        333⤵
        
        PID:1700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        334⤵
        
        PID:1996
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        335⤵
        
        PID:3320
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        336⤵
        
        PID:4324
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        337⤵
        
        PID:856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        338⤵
        
        PID:2648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        339⤵
        
        PID:1788
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        340⤵
        
        PID:3808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        341⤵
        
        PID:1948
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        342⤵
        
        PID:1396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        343⤵
        
        PID:3556
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        344⤵
        
        PID:4700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        345⤵
        
        PID:4996
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        346⤵
        
        PID:3004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        347⤵
        
        PID:5116
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        348⤵
        
        PID:1432
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        349⤵
        
        PID:4760
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        350⤵
        
        PID:860
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        351⤵
        
        PID:3236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        352⤵
        
        PID:2192
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        353⤵
        
        PID:1544
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        354⤵
        
        PID:4924
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        355⤵
        
        PID:4980
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        356⤵
        
        PID:712
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        357⤵
        
        PID:4864
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        358⤵
        
        PID:4448
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        359⤵
        
        PID:3468
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        360⤵
        
        PID:4604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        361⤵
        
        PID:2696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        362⤵
        
        PID:2460
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        363⤵
        
        PID:608
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        364⤵
        
        PID:3704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        365⤵
        
        PID:4960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        366⤵
        
        PID:4668
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        367⤵
        
        PID:3392
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        368⤵
        
        PID:2264
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        369⤵
        
        PID:1040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        370⤵
        
        PID:2212
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        371⤵
        
        PID:4988
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        372⤵
        
        PID:2220
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        373⤵
        
        PID:3972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        374⤵
        
        PID:3652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        375⤵
        
        PID:968
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        376⤵
        
        PID:1856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        377⤵
        
        PID:4892
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        378⤵
        
        PID:2788
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        379⤵
        
        PID:2500
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        380⤵
        
        PID:4948
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        381⤵
        
        PID:3560
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        382⤵
        
        PID:4628
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        383⤵
        
        PID:4520
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        384⤵
        
        PID:2276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        385⤵
        
        PID:3312
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        386⤵
        
        PID:3912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        387⤵
        
        PID:4424
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        388⤵
        
        PID:1580
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        389⤵
        
        PID:2012
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        390⤵
        
        PID:4504
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        391⤵
        
        PID:1400
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        392⤵
        
        PID:3788
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        393⤵
        
        PID:2676
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        394⤵
        
        PID:4216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        395⤵
        
        PID:2236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        396⤵
        
        PID:4376
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        397⤵
        
        PID:2528
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        398⤵
        
        PID:1096
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        399⤵
        
        PID:4000
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        400⤵
        
        PID:2740
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        401⤵
        
        PID:2748
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        402⤵
        
        PID:3536
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        403⤵
        
        PID:3876
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        404⤵
        
        PID:2420
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        405⤵
        
        PID:1492
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        406⤵
        
        PID:608
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        407⤵
        
        PID:3396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        408⤵
        
        PID:2868
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        409⤵
        
        PID:1236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        410⤵
        
        PID:5040
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        411⤵
        
        PID:1628
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        412⤵
        
        PID:4472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        413⤵
        
        PID:3436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        414⤵
        
        PID:3412
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        415⤵
        
        PID:436
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        416⤵
        
        PID:1320
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        417⤵
        
        PID:1700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        418⤵
        
        PID:4088
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        419⤵
        
        PID:2492
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        420⤵
        
        PID:3016
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        421⤵
        
        PID:3596
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        422⤵
        
        PID:5060
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        423⤵
        
        PID:1560
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        424⤵
        
        PID:3812
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        425⤵
        
        PID:1960
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        426⤵
        
        PID:5068
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        427⤵
        
        PID:4104
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        428⤵
        
        PID:3080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        429⤵
        
        PID:3664
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        430⤵
        
        PID:3912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        431⤵
        
        PID:4252
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        432⤵
        
        PID:2768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        433⤵
        
        PID:4636
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        434⤵
        
        PID:3528
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        435⤵
        
        PID:4796
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        436⤵
        
        PID:3236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        437⤵
        
        PID:4916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        438⤵
        
        PID:1592
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        439⤵
        
        PID:4128
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        440⤵
        
        PID:1900
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        441⤵
        
        PID:444
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        442⤵
        
        PID:4748
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        443⤵
        
        PID:1452
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        444⤵
        
        PID:2500
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        445⤵
        
        PID:5108
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        446⤵
        
        PID:1768
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        447⤵
        
        PID:3128
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        448⤵
        
        PID:3556
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        449⤵
        
        PID:4956
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        450⤵
        
        PID:3704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        451⤵
        
        PID:4256
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        452⤵
        
        PID:4396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        453⤵
        
        PID:1912
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        454⤵
        
        PID:3964
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        455⤵
        
        PID:4664
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        456⤵
        
        PID:4180
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        457⤵
        
        PID:4992
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        458⤵
        
        PID:3940
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        459⤵
        
        PID:2676
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        460⤵
        
        PID:4216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        461⤵
        
        PID:4056
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        462⤵
        
        PID:4316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        463⤵
        
        PID:1484
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        464⤵
        
        PID:2640
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        465⤵
        
        PID:3596
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        466⤵
        
        PID:2788
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        467⤵
        
        PID:1988
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        468⤵
        
        PID:3460
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        469⤵
        
        PID:1780
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        470⤵
        
        PID:1428
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        471⤵
        
        PID:2664
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        472⤵
        
        PID:1836
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        473⤵
        
        PID:1064
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        474⤵
        
        PID:4480
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        475⤵
        
        PID:4496
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        476⤵
        
        PID:1628
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        477⤵
        
        PID:4880
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        478⤵
        
        PID:3728
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        479⤵
        
        PID:4012
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        480⤵
        
        PID:5064
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        481⤵
        
        PID:3216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        482⤵
        
        PID:2236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        483⤵
        
        PID:4128
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        484⤵
        
        PID:2808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        485⤵
        
        PID:4324
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        486⤵
        
        PID:4000
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        487⤵
        
        PID:1280
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        488⤵
        
        PID:4416
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        489⤵
        
        PID:3968
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        490⤵
        
        PID:4476
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        491⤵
        
        PID:3460
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        492⤵
        
        PID:2420
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        493⤵
        
        PID:3556
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        494⤵
        
        PID:3364
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        495⤵
        
        PID:4668
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        496⤵
        
        PID:4840
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        497⤵
        
        PID:4424
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        498⤵
        
        PID:4252
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        499⤵
        
        PID:4872
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        500⤵
        
        PID:3484
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        501⤵
        
        PID:4908
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        502⤵
        
        PID:4868
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        503⤵
        
        PID:3236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        504⤵
        
        PID:4916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        505⤵
        
        PID:2752
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        506⤵
        
        PID:2304
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        507⤵
        
        PID:3672
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        508⤵
        
        PID:2660
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        509⤵
        
        PID:4864
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        510⤵
        
        PID:4680
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        511⤵
        
        PID:4416
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        512⤵
        
        PID:4920
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        513⤵
        
        PID:4476
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        514⤵
        
        PID:3460
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        515⤵
        
        PID:4384
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        516⤵
        
        PID:3980
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        517⤵
        
        PID:2828
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        518⤵
        
        PID:4328
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        519⤵
        
        PID:4672
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        520⤵
        
        PID:4496
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        521⤵
        
        PID:2232
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        522⤵
        
        PID:2336
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        523⤵
        
        PID:3728
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        524⤵
        
        PID:3832
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        525⤵
        
        PID:3972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        526⤵
        
        PID:720
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        527⤵
        
        PID:1260
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        528⤵
        
        PID:1680
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        529⤵
        
        PID:2548
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        530⤵
        
        PID:444
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        531⤵
        
        PID:2640
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        532⤵
        
        PID:2396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        533⤵
        
        PID:4864
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        534⤵
        
        PID:5060
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        535⤵
        
        PID:4852
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        536⤵
        
        PID:3560
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        537⤵
        
        PID:1396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        538⤵
        
        PID:4700
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        539⤵
        
        PID:5068
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        540⤵
        
        PID:2276
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        541⤵
        
        PID:4648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        542⤵
        
        PID:2268
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        543⤵
        
        PID:3340
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        544⤵
        
        PID:4952
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        545⤵
        
        PID:2604
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        546⤵
        
        PID:4472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        547⤵
        
        PID:1400
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        548⤵
        
        PID:3412
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        549⤵
        
        PID:3728
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        550⤵
        
        PID:3832
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        551⤵
        
        PID:3972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        552⤵
        
        PID:4404
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        553⤵
        
        PID:636
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        554⤵
        
        PID:4316
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        555⤵
        
        PID:4892
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        556⤵
        
        PID:1196
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        557⤵
        
        PID:4008
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        558⤵
        
        PID:5072
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        559⤵
        
        PID:1652
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        560⤵
        
        PID:4484
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        561⤵
        
        PID:5108
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        562⤵
        
        PID:3812
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        563⤵
        
        PID:4264
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        564⤵
        
        PID:1780
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        565⤵
        
        PID:3080
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        566⤵
        
        PID:1692
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        567⤵
        
        PID:4996
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        568⤵
        
        PID:2712
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        569⤵
        
        PID:3392
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        570⤵
        
        PID:4760
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        571⤵
        
        PID:4016
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        572⤵
        
        PID:2212
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        573⤵
        
        PID:4180
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        574⤵
        
        PID:4988
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        575⤵
        
        PID:2940
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        576⤵
        
        PID:2292
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        577⤵
        
        PID:3216
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        578⤵
        
        PID:720
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        579⤵
        
        PID:736
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        580⤵
        
        PID:1680
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        581⤵
        
        PID:1856
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        582⤵
        
        PID:2836
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        583⤵
        
        PID:4656
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        584⤵
        
        PID:548
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        585⤵
        
        PID:5036
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        586⤵
        
        PID:1948
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        587⤵
        
        PID:5032
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        588⤵
        
        PID:4536
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        589⤵
        
        PID:1396
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        590⤵
        
        PID:3160
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        591⤵
        
        PID:5068
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        592⤵
        
        PID:4696
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        593⤵
        
        PID:1236
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        594⤵
        
        PID:2248
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        595⤵
        
        PID:4360
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        596⤵
        
        PID:224
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        597⤵
        
        PID:1472
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        598⤵
        
        PID:3408
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        599⤵
        
        PID:3916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        600⤵
        
        PID:3576
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        601⤵
        
        PID:1244
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        602⤵
        
        PID:1004
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        603⤵
        
        PID:2324
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        604⤵
        
        PID:4916
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        605⤵
        
        PID:4704
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        606⤵
        
        PID:4980
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        607⤵
        
        PID:4376
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        608⤵
        
        PID:2808
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        609⤵
        
        PID:444
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        610⤵
        
        PID:4968
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        611⤵
        
        PID:1816
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        612⤵
        
        PID:2788
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        613⤵
        
        PID:1380
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        614⤵
        
        PID:1560
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        615⤵
        
        PID:3812
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        616⤵
        
        PID:4520
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        617⤵
        
        PID:4104
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        618⤵
        
        PID:3312
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        619⤵
        
        PID:4648
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        620⤵
        
        PID:2256
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        621⤵
        
        PID:4328
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        622⤵
        
        PID:4132
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        623⤵
        
        PID:4872
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        624⤵
        
        PID:4824
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        625⤵
        
        PID:2972
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        626⤵
        
        PID:4908
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        627⤵
        
        PID:2024
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        628⤵
        
        PID:840
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        629⤵
        
        PID:4108
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        630⤵
        
        PID:3020
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        631⤵
        
        PID:4508
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        632⤵
        
        PID:1908
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        633⤵
        
        PID:4128
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        634⤵
        
        PID:3544
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        635⤵
        
        PID:3056
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        636⤵
        
        PID:2640
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        637⤵
        
        PID:2720
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        638⤵
        
        PID:4816
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        639⤵
        
        PID:5036
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        640⤵
        
        PID:3152
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        641⤵
        
        PID:3968
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        642⤵
        
        PID:4536
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        643⤵
        
        PID:2976
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        644⤵
        
        PID:3144
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs"
        645⤵
        
        PID:3396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SelfReplicatingScript.vbs

Filesize
923B

MD5
56ff801439eb03af43d41a9f54fce845

SHA1
c4e24ff844f99918ff2663642215a8e56c91228b

SHA256
5a25c07a642638eff37434f5451b24ea7cc11fd7003d6240ef0fb92274a597f7

SHA512
e5c643b1a17eaf043e5caf65147c452dc96b6a14a2b24283d4437f3aa263ac6333949476c84abc56093b31899b04ad5f8702813c6eb2810ddd844c3d5ee580ed

Download Submit