.. /CL_Invocation.ps1
Star

Aero diagnostics script

Paths:

C:\Windows\diagnostics\system\AERO\CL_Invocation.ps1
C:\Windows\diagnostics\system\Audio\CL_Invocation.ps1
C:\Windows\diagnostics\system\WindowsUpdate\CL_Invocation.ps1

Resources:

Acknowledgements:

Jimmy (@bohops)
Pierre-Alexandre Braeken (@pabraeken)

Detection:

Execute

Import the PowerShell Diagnostic CL_Invocation script and call SyncInvoke to launch an executable.
```
. C:\Windows\diagnostics\system\AERO\CL_Invocation.ps1   \nSyncInvoke <executable> [args]
```
Use case
Proxy execution

Privileges required
User

Operating systems
Windows 10

ATT&CK® technique
T1216