yeah, you paste malicious code into the run window (basically a powershell) and then paste in code. pretty obvious most of the time