Command argument won't execute with powershell full path

[juan-pablito]

Invoke-EventVwrBypass.ps1

UAC bypass works only when the command argument doesn't specify the powershell executable full path :

Invoke-EventVwrBypass -Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ..." => NOK Invoke-EventVwrBypass -Command "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe ..." => NOK Invoke-EventVwrBypass -Command "powershell.exe ..." => OK

Error message : "Cannot start Event Viewer. Application not found"

Tested on :

OS Name: Microsoft Windows 8.1 Enterprise OS Version: 6.3.9600 N/A Build 9600 System Model: VMware Virtual Platform System Type: x64-based PC