Networking
- Networking
Windows
Linux
Enterprise Architecture
Mac
- Forensics
  - Page 3
Attacker Information
IR Playbook
- Activity from Unmanaged Host
- Recommendations
Reverse Engineering
- Python - Pyinstaller

Powered by GitBook

On this page

Deployment Server:
Default Install Locations:
Service Install Name:
PDQDeployInstall.log:
server_summary.txt:
Destination Hosts (Ransomed):
Service Name:
Default Install Location:
Debug.txt:
command.cmd

Windows

Forensics

3rd Party Apps

"TA Tools"

PDQ Deploy

Previous7-Zip NextIdentity Apps

Last updated 7 months ago

Deployment Server:

Default Install Locations:

C:\Program Files (x86)\Admin Arsenal\PDQ Deploy
C:\ProgramData\Admin Arsenal\PDQ Deploy

Service Install Name:

PDQ Deploy

PDQDeployInstall.log:

C:\Users<user>\AppData\Local\Temp\PDQDeployInstall.log

server_summary.txt:

C:\ProgramData\Admin Arsenal\PDQ Deploy\server_summary.txt

Destination Hosts (Ransomed):

Service Name:

PDQDeploymentRunner-1

Default Install Location:

C:\Windows\AdminArsenal\PDQDeployRunner\service-1\PDQDeployRunner-1.exe
C:\Windows\AdminArsenal

Debug.txt:

C:\Windows\AdminArsenal\PDQDeployRunner\service-1\debug.txt
- debug.txt shows which process or file was executed on the host via PDQ Deploy.

command.cmd

C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\command.cmd
- command.cmd contains the commands to be executed on the host(s), which in our case, is the ransomware.

Help for PDQ Deploy