/hub/author/sigmahq/scenarios/proc_creation_win_powershell_token_obfuscation