PDQ Deploy

Deployment Server:

Default Install Locations:

  • C:\Program Files (x86)\Admin Arsenal\PDQ Deploy

  • C:\ProgramData\Admin Arsenal\PDQ Deploy

Service Install Name:

  • PDQ Deploy

PDQDeployInstall.log:

  • C:\Users<user>\AppData\Local\Temp\PDQDeployInstall.log

server_summary.txt:

  • C:\ProgramData\Admin Arsenal\PDQ Deploy\server_summary.txt

Destination Hosts (Ransomed):

Service Name:

  • PDQDeploymentRunner-1

Default Install Location:

  • C:\Windows\AdminArsenal\PDQDeployRunner\service-1\PDQDeployRunner-1.exe

  • C:\Windows\AdminArsenal

Debug.txt:

  • C:\Windows\AdminArsenal\PDQDeployRunner\service-1\debug.txt

    • debug.txt shows which process or file was executed on the host via PDQ Deploy.

command.cmd

  • C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\command.cmd

    • command.cmd contains the commands to be executed on the host(s), which in our case, is the ransomware.

Help for PDQ Deploy
Previous7-ZipNextTotalCMD

Last updated