This process has been abused by attackers and pentesters for quite some time. It is a powerful, native tool for acquiring privileged information or conducting arbitrary privileged activity on Windows systems. As such, it has become a favorite for attacker abuse over the years.