Full PowerShell payload (newer branch); matches both payload_new.php.malw from exposed server and runtime payload c9dba5b0552d879be654.txt extracted from victim host