dump
-embedding
privilege
administrator
password
key
shadowcopy
delete
masquerade
evil
bad
anonymous
allprofiles
.hta
createobject
target
suspicious
obfuscated
bypass
bootstatuspolicy
recoveryenabled
systemstatebackup
comspec
base64string
.text.encoding
.compression.
memorystream
writeallbytes
webclient
downloadfile
downloadstring
bitstransfer
invoke-exp
invoke-web
reflection.assembly
assembly.gettype
sockets