unlikely (at.exe deprecated as of windows 8)

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_at_interactive_execution.yml>sigma
technicques: t1053 t1053.002

Techniques

Detects an interactive AT job, which may be used as a form of privilege escalation.

condition: selection
selection:
  CommandLine|contains: interactive
  Image|endswith: \at.exe