Script level todos

[baileydauterman]

• [ ] JSON Detection Output to easily encapsulate more details
• [ ] Non-Standard Service/Task running as/created by Local Administrator
• [ ] Browser Extension Analysis
• [ ] Temporary RID Hijacking
• [ ] ntshrui.dll - https://www.mandiant.com/resources/blog/malware-persistence-windows-registry
• [ ] Add file metadata for detected files (COM/DLL Hijacks, etc)
• [ ] Add more suspicious paths for running processes
• [ ] Iterate through HKEY_USERS when encountering HKEY_CURRENT_USER hive reference