diff --git a/nxc/modules/powershell_history.py b/nxc/modules/powershell_history.py
index 3e531dc33..5e897cc8d 100644
--- a/nxc/modules/powershell_history.py
+++ b/nxc/modules/powershell_history.py
@@ -36,8 +36,8 @@ def on_admin_login(self, context, connection):
                             buf = BytesIO()
                             connection.conn.getFile("C$", file_path, buf.write)
                             buf.seek(0)
-                            file_content = buf.read().decode("utf-8", errors="ignore").lower()                
-                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword in file_content]
+                            file_content = buf.read().decode("utf-8", errors="ignore")
+                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword.lower() in file_content.lower()]
                             if len(keywords):
                                 context.log.highlight(f"C:\\{file_path} [ {' '.join(keywords)} ]")
                             else: