BITSAdmin and BITS transfer artifact detector — free browser tool | fatcousin

drop 4688 evtx csv and bits operational evtx csv · detect bitsadmin used for malicious file transfer · identify bits jobs downloading attacker content · surface persistence via bits job scheduling · runs locally

artifacts

drop security 4688 · bits-client operational · sysmon csv (multi-file)

or click

Select file

/transfer · SetNotifyCmdLine persistence · bits job lifecycle · download→execute chains

drop 4688 security evtx csv · bits-client operational evtx · sysmon csv

ready