From cdd4e39fc515e48e7b2ca93054fc8f4783208fe4 Mon Sep 17 00:00:00 2001
From: api0cradle <oddvar.moe@gmail.com>
Date: Wed, 25 Apr 2018 22:47:50 +0200
Subject: [PATCH] Added mftrace, extexport++

---
 OSBinaries/Atbroker.md  |  5 ++++-
 OSBinaries/Extexport.md | 31 +++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 OSBinaries/Extexport.md

diff --git a/OSBinaries/Atbroker.md b/OSBinaries/Atbroker.md
index 507299b..d19bf7e 100644
--- a/OSBinaries/Atbroker.md
+++ b/OSBinaries/Atbroker.md
@@ -22,7 +22,10 @@ C:\Windows\SysWOW64\Atbroker.exe
 ```
 
 Notes:
-Not certain if it works on Windows 10.
+In Windows 10 you need to add registry keys under:
+HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs
+
+
 
 
  
\ No newline at end of file
diff --git a/OSBinaries/Extexport.md b/OSBinaries/Extexport.md
new file mode 100644
index 0000000..c7a2ed6
--- /dev/null
+++ b/OSBinaries/Extexport.md
@@ -0,0 +1,31 @@
+## Extexport.exe
+
+* Functions: Execute
+
+```
+Extexport.exe c:\test foo bar
+```
+
+Acknowledgements:
+* Adam - @hexacorn
+
+Code sample:
+* 
+
+Resources:
+* http://www.hexacorn.com/blog/2018/04/24/extexport-yet-another-lolbin/
+
+Full path:
+```
+C:\Program Files\Internet Explorer\Extexport.exe    
+C:\Program Files\Internet Explorer(x86)\Extexport.exe
+```
+
+Notes:
+Place mozcrt19.dll, mozsqlite3.dll, sqlite3.dll inside the c:\test folder
+
+Detection:
+
+
+
+