Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell ScriptBlock (cacef8fc-9d3d-41f7-956d-455c6e881bc5)
Detects PowerShell module creation where the module Contents are set to "function Get-VMRemoteFXPhysicalVideoAdapter". This could be a sign of potential abuse of the "RemoteFXvGPUDisablement.exe" binary which is known to be vulnerable to module load-order hijacking.