cmd.exe AutoRun

Location:

HKCU\Software\Microsoft\Command Processor\AutoRun

Classification:

Criteria	Value
Permissions	User
Security context	User
Persistence type	Registry
Code type	EXE; Other; Fileless
Launch type	User initiated¹
Impact	Non-destructive
OS Version	All OS versions
Dependencies	OS only
Toolset	Scriptable

Description:

cmd.exe /? says:

when CMD.EXE starts, it looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and [...], they are executed first. HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

References:

https://devblogs.microsoft.com/oldnewthing/20071121-00/?p=24433

Credits:

Remarks:

Footnotes

User must launch cmd.exe ↩

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cmdautorun.md

cmdautorun.md

cmd.exe AutoRun

Location:

Classification:

Description:

References:

Credits:

See also:

Remarks:

Files

cmdautorun.md

Latest commit

History

cmdautorun.md

File metadata and controls

cmd.exe AutoRun

Location:

Classification:

Description:

References:

Credits:

See also:

Remarks:

Footnotes