Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module (38a7625e-b2cb-485d-b83d-aff137d859f4)
Detects PowerShell module creation where the module Contents are set to "function Get-VMRemoteFXPhysicalVideoAdapter". This could be a sign of potential abuse of the "RemoteFXvGPUDisablement.exe" binary which is known to be vulnerable to module load-order hijacking.