cmd.exe AutoRun
Location:
HKCU\Software\Microsoft\Command Processor\AutoRun
Classification:
| Criteria | Value |
|---|---|
| Permissions | User |
| Security context | User |
| Persistence type | Registry |
| Code type | EXE; Other; Fileless |
| Launch type | User initiated1 |
| Impact | Non-destructive |
| OS Version | All OS versions |
| Dependencies | OS only |
| Toolset | Scriptable |
Description:
cmd.exe /? says:
when CMD.EXE starts, it looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and […], they are executed first.
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
References:
https://devblogs.microsoft.com/oldnewthing/20071121-00/?p=24433
Credits:
See also:
Remarks:
-
User must launch cmd.exe ↩