well thats the neat part, the url it presumably downloads and executes the first payload from has died so no unless you catch it when its live you can’t easily replicate what happended on your computer anywhere else i have no clue what the powershell is doing but hiding malware in a weird file or pretending its a different file type and then executing that file isn’t uncommon

as others have said its a virus, its probably a infostealer, it might have some sort of persistance mechanism so put your pc offline and use another one to change all of your passwords (email & banks ones first) and log out everywhere to invalidate tokens, if youve saved cards freeze them, then wipe your pc that got infected and fresh install https://www.youtube.com/watch?v=HUR4QOHEurY