| BH12134 | Adds new users. | |
| BH12138 | Asks user to download file. | |
| BH12143 | Attempts to spawn a root shell. | |
| BH12154 | Changes if print dialog is shown. | |
| BH12156 | Changes password. | |
| BH12318 | Enables or disables an app or extension. | |
| BH12326 | Executes actions from the application menu. | |
| BH12461 | Opens downloaded file. | |
| BH12527 | Restarts or shuts down computers. | |
| BH12559 | Set the launch type of an app. | |
| BH12742 | Tampers with System Restore settings. | |
| BH12798 | Unblocks files downloaded from the Internet. | |
| BH12799 | Uninstalls a currently installed app or extension. | |
| BH12800 | Uninstalls an installed application using WMI. | |
| BH12848 | Sets wallpaper. | |
| BH12850 | Prompts user for credentials. | |
| BH12901 | Halts the system. | |
| BH13011 | Parses an email message. | |
| BH13040 | Stores a password. | |
| BH13052 | Communicates with a running gpg agent. | |
| BH13060 | Executes commands in the PostgreSQL interactive terminal. | |
| BH13063 | Sets the uid mapping of a user space. | |
| BH13064 | Sets the gid mapping of a user space. | |
| BH13113 | Imports an OpenPGP key. | |
| BH13114 | Imports OpenPGP keys from a keyserver. | |
| BH13241 | Emits an event, effectively calling each of the registered listeners for that event. | |
| BH13242 | Enumerates listeners for an event. | |
| BH13243 | Adds a listener function for a specified event. | |
| BH13244 | Adds a one-time listener function for a specified event. | |
| BH13245 | Removes listeners for a specified event. | |
| BH13262 | Deletes a password. | |
| BH13276 | Installs a printer driver. | |
| BH13277 | Removes a printer driver. | |
| BH13278 | Removes a printer. | |
| BH13279 | Starts a print job. | |
| BH13280 | Deletes a printer's spool file. | |
| BH13281 | Adds a printer to the list of supported printers for a specified server. | |
| BH13285 | Creates an OLE object. | |
| BH13411 | Retrieves the position of the mouse cursor. | |
| BH13436 | Converts an integer number to a string. | |
| BH13437 | Converts a string to an integer number. | |
| BH13438 | Uses math functions. | |
| BH13439 | Uses string related methods. | |
| BH13440 | Stops the current print job. | |
| BH13451 | Uses string-related functions. | |
| BH13455 | Performs a mouse click operation. | |
| BH13456 | Performs a bitwise AND operation. | |
| BH13457 | Performs a bitwise NOT operation. | |
| BH13458 | Performs a bitwise OR operation. | |
| BH13459 | Performs a bit shifting operation. | |
| BH13460 | Performs a bitwise exclusive OR (XOR) operation. | |
| BH13469 | Creates a GUI window. | |
| BH13470 | Uses GUI related functions. | |
| BH13472 | Activates a window. | |
| BH13474 | Uses functions to determine variable type. | |
| BH13476 | Converts a number to its Unicode character representation. | |
| BH13477 | Creates a customizable text popup window. | |
| BH13488 | Uses Linux kernel APIs for user space memory access. | |
| BH13489 | Uses Linux kernel APIs for high resolution timers. | |
| BH13499 | Uses date and time functions. | |
| BH13500 | Uses logical functions. | |
| BH13510 | Concatenates strings. | |
| BH13511 | Creates a regular expression. | |
| BH13512 | Replaces a substring in a string using a regular expression. | |
| BH13513 | Splits a string using a regular expression. | |
| BH13529 | Contains multi-line comments. | |
| BH13530 | Contains standard localization language codes. | |
| BH13540 | Might change active document. | |
| BH13574 | Converts an integer number to a binary string. | |
| BH13576 | Converts a value to an integer number. | |
| BH13577 | Converts a number to its octal representation. | |
| BH13600 | Contains UserForm objects. | |
| BH13617 | Loads a dataset used for machine learning. | |
| BH13618 | Defines a neural network model. | |
| BH13619 | Defines layers used to build neural networks. | |
| BH13620 | Moves the model to a specified device, such as a GPU or CPU. | |
| BH13621 | Checks if a CUDA-capable GPU is available. | |
| BH13622 | Implements optimization algorithms used in machine learning. | |
| BH13623 | Adjusts the learning rate during the training process of machine learning models. | |
| BH15273 | Uses Diffie-Hellman key exchange algorithm. | |
| BH15274 | Uses Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm. | |
| BH15328 | Generates pseudo-random numbers. | |
| BH16342 | Gets the session identifier for the currently active session. | |
| BH17341 | Edits an OpenPGP key. | |
| BH17342 | Exports secret OpenPGP keys. | |
| BH17425 | Writes data to a credentials file that holds passwords for MSN Messenger. | |
| BH19519 | Queries a specific selector within the page's Document Object Model. | |
| BH19520 | Queries a specific element within the page's Document Object Model. | |
| BH20108 | Uses a Nishang command to check running processes for malware. | |
| BH20109 | Uses a Nishang command to clear the persistence added by Nishang payloads and scripts. | |
| BH20110 | Uses a Nishang command to convert a PE file in text format to an executable. | |
| BH20111 | Uses a Nishang command to convert an executable to text file. | |
| BH20161 | Uses a Nishang command to silently remove updates from the target machine. | |
| BH20163 | Uses PowerSploit/Empire command to abuse a function the current user has configuration rights on in order to add a local administrator or execute a custom command. | |
| BH20181 | Uses PowerSploit/Empire command to create a new domain user and returns the user object. | |
| BH20182 | Uses PowerSploit/Empire command to create a new runas/netonly type logon and impersonate the token. | |
| BH20184 | Uses PowerSploit/Empire command to create logons with clear-text credentials. | |
| BH20240 | Uses PowerSploit/Empire command to modify the owner for a specified Active Directory object. | |
| BH20257 | Uses PowerSploit/Empire command to request the Kerberos ticket for a specified service principal name (SPN). | |
| BH20288 | Uses PowerSploit/Empire command to return the ACLs associated with a specific Active Directory object. | |
| BH20301 | Uses PowerSploit/Empire command to revert any token impersonation. | |
| BH20312 | Uses PowerSploit/Empire command to set the password for a given user identity. | |
