| BH12134 | Adds new users. | |
| BH12138 | Asks user to download file. | |
| BH12143 | Attempts to spawn a root shell. | |
| BH12154 | Changes if print dialog is shown. | |
| BH12156 | Changes password. | |
| BH12318 | Enables or disables an app or extension. | |
| BH12326 | Executes actions from the application menu. | |
| BH12461 | Opens downloaded file. | |
| BH12527 | Restarts or shuts down computers. | |
| BH12559 | Set the launch type of an app. | |
| BH12742 | Tampers with System Restore settings. | |
| BH12798 | Unblocks files downloaded from the Internet. | |
| BH12799 | Uninstalls a currently installed app or extension. | |
| BH12800 | Uninstalls an installed application using WMI. | |
| BH12848 | Sets wallpaper. | |
| BH12850 | Prompts user for credentials. | |
| BH12901 | Halts the system. | |
| BH13011 | Parses an email message. | |
| BH13040 | Stores a password. | |
| BH13052 | Communicates with a running gpg agent. | |
| BH13060 | Executes commands in the PostgreSQL interactive terminal. | |
| BH13063 | Sets the uid mapping of a user space. | |
| BH13064 | Sets the gid mapping of a user space. | |
| BH13113 | Imports an OpenPGP key. | |
| BH13114 | Imports OpenPGP keys from a keyserver. | |
| BH13241 | Emits an event, effectively calling each of the registered listeners for that event. | |
| BH13242 | Enumerates listeners for an event. | |
| BH13243 | Adds a listener function for a specified event. | |
| BH13244 | Adds a one-time listener function for a specified event. | |
| BH13245 | Removes listeners for a specified event. | |
| BH13262 | Deletes a password. | |
| BH13276 | Installs a printer driver. | |
| BH13277 | Removes a printer driver. | |
| BH13278 | Removes a printer. | |
| BH13279 | Starts a print job. | |
| BH13280 | Deletes a printer's spool file. | |
| BH13281 | Adds a printer to the list of supported printers for a specified server. | |
| BH13285 | Creates an OLE object. | |
| BH15273 | Uses Diffie-Hellman key exchange algorithm. | |
| BH15274 | Uses Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm. | |
| BH17341 | Edits an OpenPGP key. | |
| BH17342 | Exports secret OpenPGP keys. | |
| BH17425 | Writes data to a credentials file that holds passwords for MSN Messenger. | |
| BH19519 | Queries a specific selector within the page's Document Object Model. | |
| BH19520 | Queries a specific element within the page's Document Object Model. | |
| BH20108 | Uses a Nishang command to check running processes for malware. | |
| BH20109 | Uses a Nishang command to clear the persistence added by Nishang payloads and scripts. | |
| BH20110 | Uses a Nishang command to convert a PE file in text format to an executable. | |
| BH20111 | Uses a Nishang command to convert an executable to text file. | |
| BH20161 | Uses a Nishang command to silently remove updates from the target machine. | |
| BH20163 | Uses PowerSploit/Empire command to abuse a function the current user has configuration rights on in order to add a local administrator or execute a custom command. | |
| BH20181 | Uses PowerSploit/Empire command to create a new domain user and returns the user object. | |
| BH20182 | Uses PowerSploit/Empire command to create a new runas/netonly type logon and impersonate the token. | |
| BH20184 | Uses PowerSploit/Empire command to create logons with clear-text credentials. | |
| BH20240 | Uses PowerSploit/Empire command to modify the owner for a specified Active Directory object. | |
| BH20257 | Uses PowerSploit/Empire command to request the Kerberos ticket for a specified service principal name (SPN). | |
| BH20288 | Uses PowerSploit/Empire command to return the ACLs associated with a specific Active Directory object. | |
| BH20301 | Uses PowerSploit/Empire command to revert any token impersonation. | |
| BH20312 | Uses PowerSploit/Empire command to set the password for a given user identity. | |
