LOLBAS/yml/OSBinaries/Atbroker.yml

---
Name: Atbroker.exe
Description: Execute
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
  - Command: ATBroker.exe /start malware
    Description: Start a registered Assistive Technology (AT).
Full Path:
  - C:\Windows\System32\Atbroker.exe
  - C:\Windows\SysWOW64\Atbroker.exe
Code Sample: []
Detection: []
Resources:
  - http://www.hexacorn.com/blog/2016/07/22/beyond-good-ol-run-key-part-42/
Notes: >
  Thanks to Adam - @hexacorn
  Modifications must be made to the system registry to either register or modify an existing Assistibe Technology (AT) service entry.
Initial commit - LOLBAS V2.0 2018-06-09 00:15:06 +02:00			`---`
			`Name: Atbroker.exe`
			`Description: Execute`
			`Author: ''`
			`Created: '2018-05-25'`
			`Categories: []`
			`Commands:`
			`- Command: ATBroker.exe /start malware`
			`Description: Start a registered Assistive Technology (AT).`
			`Full Path:`
			`- C:\Windows\System32\Atbroker.exe`
			`- C:\Windows\SysWOW64\Atbroker.exe`
			`Code Sample: []`
			`Detection: []`
			`Resources:`
			`- http://www.hexacorn.com/blog/2016/07/22/beyond-good-ol-run-key-part-42/`
			`Notes: >`
			`Thanks to Adam - @hexacorn`
			`Modifications must be made to the system registry to either register or modify an existing Assistibe Technology (AT) service entry.`