In the landscape of cybersecurity, threat actors leverage deceptive techniques to orchestrate sophisticated attacks. This session explores the use of LNK, ISO and PEEXE files as a conduit to deliver hidden malware payloads while using PDF documents to trick the victim. By dissecting sandbox-generated artifacts for example in VirusTotal, we illuminate the strategies employed by adversaries, enabling practitioners to enhance threat detection and threat hunting methodologies to track this threats using artifacts generated during the execution of the initial payloads, helping with pivoting and hunting. We will see real examples of the PatchWork APT group and other crime groups.