I also dumped the shellcode to disk. (Carefully) used VB to do it which took care of the negative numbers and all. Now trying to make sense of that.
Edit: Got it. This was a great challenge. Learned a lot. Interesting read I stumbled across about real attacks using this vector: Ten process injection techniques: A technical survey of common and trending process injection techniques | Elastic Blog
Feel free to ping me for nudges.