: The process actively calls wscript.exe and cmd.exe to trigger hidden Visual Basic (VB) scripts. This mechanism allows the malware to alter system settings without raising basic administrative warnings.