Suspicious Download From File-Sharing Website Via Bitsadmin

Action1: actionname = "Process started" AND (PROCESSNAME endswith "\bitsadmin.exe" OR ORIGINALFILENAME = "bitsadmin.exe") AND COMMANDLINE contains " /transfer , /create , /addfile " AND (COMMANDLINE contains ".githubusercontent.com,anonfiles.com,cdn.discordapp.com,ddns.net,dl.dropboxusercontent.com,ghostbin.co,glitch.me,gofile.io,hastebin.com,mediafire.com,mega.nz,onrender.com,pages.dev,paste.ee,pastebin.com" OR COMMANDLINE contains "pastebin.pl,pastetext.net,privatlab.com,privatlab.net,send.exploit.in,sendspace.com,storage.googleapis.com,storjshare.io,supabase.co,temp.sh,transfer.sh,trycloudflare.com,ufile.io,w3spaces.com,workers.dev") select Action1.HOSTNAME,Action1.MESSAGE,Action1.COMMANDLINE,Action1.FILE_NAME,Action1.PROCESSNAME,Action1.USERNAME,Action1.PARENTPROCESSNAME