Helper binary for Assistive Technology (AT)
Paths:
Acknowledgement:
Adam - @hexacorn
Detection:
Changes to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration
Changes to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs
Unknown AT starting C:\Windows\System32\ATBroker.exe /start malware
ATBroker.exe /start malware