Microsoft Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control server that can serve for sending commands and exfiltrating data. Windows Defender antivirus built into Windows can download arbitrary files using the -DownloadFile command-line argument, added either in version 4.18.2007.9 or 418.1818.2009.9. The latest addition is finger.exe, a command that ships with Windows to retrieve information about users on remote computers running Finger service or daemon.
Source: https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/