Adversaries may abuse theat.exeutility to perform task scheduling for initial or recurring execution of malicious code. The [at](https://attack.mitre.org/software/S0110) utility exists as an executable within Windows for scheduling tasks at a specified time and date. Using [at](https://attack.mitre.org/software/S0110) requires that the Task Scheduler service be running, and the user to be logged on as a member of the local Administrators group.An adversary may use
at.exein Windows environments to execute programs at system startup or on a scheduled basis for persistence. at can also be abused to conduct remote Execution as part of Lateral Movement and or to run a process under the context of a specified account (such as SYSTEM).Note: The
at.execommand line utility has been deprecated in current versions of Windows in favor ofschtasks.
Executes cmd.exe Note: deprecated in Windows 8+
Upon successful execution, cmd.exe will spawn at.exe and create a scheduled task that will spawn cmd at a specific time.
Supported Platforms: Windows
at 13:20 /interactive cmd