31 lines
441 B
Markdown
31 lines
441 B
Markdown
## Atbroker.exe
|
|
|
|
* Functions: Execute
|
|
|
|
```
|
|
ATBroker.exe /start malware
|
|
```
|
|
|
|
Acknowledgements:
|
|
* Adam - @hexacorn
|
|
|
|
Code sample:
|
|
* Missing
|
|
|
|
Resources:
|
|
* http://www.hexacorn.com/blog/2016/07/22/beyond-good-ol-run-key-part-42/
|
|
|
|
Full path:
|
|
```
|
|
C:\Windows\System32\Atbroker.exe
|
|
C:\Windows\SysWOW64\Atbroker.exe
|
|
```
|
|
|
|
Notes:
|
|
In Windows 10 you need to add registry keys under:
|
|
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs
|
|
|
|
|
|
|
|
|
|
|