Once done, the hacker can return to the workstation at any point later in time and launch an administrator level command prompt just by pressing shift 5 times in a row.

However, targets that want to read the document are directed to a fake device registration link that instructs them to run PowerShell as an administrator and paste attacker-provided code.