How can an attacker obtain PowerShell command history from a background process that cannot receive keyboard input?

If the PowerShell process is running a script in the background (e.g., `PowerShell -ep bypass -f 1.ps1`), the attacker can read the process's command-line arguments to extract useful information. Open-source tools exist to enumerate and read these arguments, as sensitive data like credentials may be embedded directly in the script's parameters.