![6053abe1aa106c5b3386eba6b906c6e3f4c2f07f483c9f7a216a4727e122382f | ANY.RUN - Free Malware Sandbox Online 6053abe1aa106c5b3386eba6b906c6e3f4c2f07f483c9f7a216a4727e122382f | ANY.RUN - Free Malware Sandbox Online](https://content.any.run/tasks/ee37f929-3aaa-4550-965d-fd20652e034f/download/screens/d0ee9de2-c0e9-4775-87ce-84e475af0473/image.jpeg)
6053abe1aa106c5b3386eba6b906c6e3f4c2f07f483c9f7a216a4727e122382f | ANY.RUN - Free Malware Sandbox Online
Rahmat Nurfauzi on Twitter: "If powershell.exe & dlls, cmd.exe, certutil.exe, bitsadmin.exe, ftp.exe x/copy.exe, and print.exe is already to blocked? uses expand.exe to remote copy file. #RedTeam #DFIR https://t.co/tgkNmfizCR" / Twitter
Rahmat Nurfauzi on Twitter: "In the folder %systemroot%\SoftwareDistribution i found an interesting #LOLBIN microsoft signed binary unifiedinstaller.exe that will extract https://t.co/RLOyLiguOX and execute a windows installer UpdHealthTools.msi cc ...
![Paranoid Ninja on Twitter: "I was just building a demo for one of my projects and I found a few new ways of exfiltration. I used to use *bitsadmin* to download stuff Paranoid Ninja on Twitter: "I was just building a demo for one of my projects and I found a few new ways of exfiltration. I used to use *bitsadmin* to download stuff](https://pbs.twimg.com/media/DdPVFzBVMAU14lh.jpg)