PDQ Deploy

Deployment Server:

Default Install Locations:

• C:\Program Files (x86)\Admin Arsenal\PDQ Deploy

• C:\ProgramData\Admin Arsenal\PDQ Deploy

Service Install Name:

• PDQ Deploy

PDQDeployInstall.log:

• C:\Users<user>\AppData\Local\Temp\PDQDeployInstall.log

server_summary.txt:

• C:\ProgramData\Admin Arsenal\PDQ Deploy\server_summary.txt

Destination Hosts (Ransomed):

Service Name:

• PDQDeploymentRunner-1

Default Install Location:

• C:\Windows\AdminArsenal\PDQDeployRunner\service-1\PDQDeployRunner-1.exe

• C:\Windows\AdminArsenal

Debug.txt:

• C:\Windows\AdminArsenal\PDQDeployRunner\service-1\debug.txt

  • debug.txt shows which process or file was executed on the host via PDQ Deploy.

command.cmd

• C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\command.cmd

  • command.cmd contains the commands to be executed on the host(s), which in our case, is the ransomware.

  

Help for PDQ Deploy