Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	7.04%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.47%
6.2.9200.16384 (win8_rtm.120725-1247)	17.37%
6.2.9200.16384 (win8_rtm.120725-1247)	1.88%
6.1.7601.17514 (win7sp1_rtm.101119-1850)	17.84%
6.1.7601.17514 (win7sp1_rtm.101119-1850)	37.09%
6.1.7600.16385 (win7_rtm.090713-1255)	3.29%
6.1.7600.16385 (win7_rtm.090713-1255)	2.82%
6.0.6000.16386 (vista_rtm.061101-2205)	7.51%
6.0.6000.16386 (vista_rtm.061101-2205)	0.47%
5.1.2600.5512 (xpsp.080413-2111)	4.23%

Relationships

Parent processes

Child processes

Related files

PE file structure

Show functions

Import table

advapi32.dll

RevertToSelf, SaferRecordEventLogEntry, ImpersonateLoggedOnUser, SaferCloseLevel, SaferComputeTokenFromLevel, SaferIdentifyLevel, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyW, RegDeleteValueW, RegOpenKeyW, RegDeleteKeyW, RegSetValueW, CreateProcessAsUserW, RegSetValueExW, RegCreateKeyExW, LookupAccountSidW, GetSecurityDescriptorOwner, GetFileSecurityW

kernel32.dll

FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime, FreeEnvironmentStringsW, SetEnvironmentStringsW, GetConsoleWindow, GetStartupInfoW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, NeedCurrentDirectoryForExePathW, SetFilePointerEx, CancelSynchronousIo, HeapSetInformation, OpenThread, SetEndOfFile, FindNextStreamW, FindFirstStreamW, DeviceIoControl, ResumeThread, SetProcessAffinityMask, GetSystemInfo, GetVolumePathNameW, CreateSymbolicLinkW, CreateHardLinkW, InterlockedCompareExchange, Sleep, LoadLibraryExA, DelayLoadFailureHook, GetThreadGroupAffinity, GetNumaNodeProcessorMaskEx, FindFirstFileExW, GetACP, GlobalAlloc, GlobalFree, GetNumaHighestNodeNumber, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyExW, QueryFullProcessImageNameW, RegSetValueExW, RegCreateKeyExW

msvcrt.dll

DllMain

ntdll.dll

RtlDosPathNameToNtPathName_U, NtFsControlFile, RtlFreeHeap, NtQueryInformationProcess, NtSetInformationProcess, RtlNtStatusToDosError, NtQueryInformationToken, NtClose, NtOpenProcessToken, NtOpenThreadToken, RtlFindLeastSignificantBit

user32.dll

GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

winbrand.dll

BrandingFormatString

cmd.exe

Windows Command Processor by Microsoft

Remove cmd.exe

Version:	6.0.6000.16386 (vista_rtm.061101-2205)
MD5:	74f26fc01b180d4a99a168ed69c30a53
SHA1:	46372c2278b2e369a7ce3e0879a23d009ccb6340
SHA256:	d2fd623d70340f650bfac8c31102e1b9168fe1750c141a23accc1a21f9f93a94

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is cmd.exe?

Command processor in windows is the command prompt(cmd).
To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.

Overview

cmd.exe executes as a process with the local user's privileges typically within the context of its parent dcserverhttpd.exe (Apache HTTP Server by Apache Software Foundation). It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It is installed with a couple of know programs including Hitman Pro published by Mark Loman, Android SDK Tools from Google Inc and Android SDK Tools by Google Inc. This version is designed to run on Windows Vista and is compiled as a 32 bit program.

Details

File name:	cmd.exe
Publisher:	Microsoft Corporation
Product name:	Windows Command Processor
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\cmd.exe
Original name:	Cmd.Exe.MUI
File version:	6.0.6000.16386 (vista_rtm.061101-2205)
Product version:	6.0.6000.16386
Size:	311.5 KB (318,976 bytes)
Digital DNA
PE subsystem:	Windows Console
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Programs

The following programs will install this file

Android SDK Tools

Google Inc

9% remove

“SDK Tools is a downloadable component for the Android SDK. It includes the complete set of development and debugging tools for the Android SDK. The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android. If you're a new Android developer, we recommend you download the ADT Bundle to quickly start developing apps. It includes the essential Android SDK components and a version of...”

Hitman Pro

Mark Loman

6% remove

Behaviors

Startup files (all users) run once

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'

'FastFoxUninstall5' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software"
'FastFoxUninstall4' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files"
'FastFoxUninstall3' → cmd.exe /C rmdir /S /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files\FastFox"
'FastFoxUninstall2' → cmd.exe /C rmdir /Q "C:\Program Files\NCH Software\FastFox"
'FastFoxUninstall' → cmd.exe /C rmdir /S /Q "C:\Program Files\NCH Software\FastFox"
'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del125888062' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del95943703' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del160256437' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del1203196625' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del94878045' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del136013075' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'removeiMeshdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
'Del52821423' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'removeiLividdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
'Del153953127' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'removeSearchqutoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"

Startup files (user) run once

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'

'Uninstall C:\Users\Adilson\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
'Uninstall C:\Users\Татьяна\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Uninstall C:\Users\centrogum\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
'Uninstall C:\Users\Janine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
'Uninstall C:\Users\prettymomma\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64"
'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64"
'Uninstall C:\Users\Eric Feller\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'CMD' → cmd.exe /k if %datC:~6,4%%datC:~3,2%%datC:~0,2% LEQ 20130909 (exit) else (start httC://alt-rutor.org && exit)
'Adobe Flash Player SU' → C:\Windows\System32\cmd.exe /k start httC://3zz.info/ && exit
'AMD AVT' → Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'Bomgar_Cleanup_ZD12543155818005' → cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f

Scheduled tasks

The job 'BoostApp' runs in the path '\BoostApp'

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00006447%	0.028634%
Kernel CPU:	0.00006447%	0.013761%
Kernel CPU time:	31,206 ms/min	100,923,805ms/min
CPU cycles:	171,667/sec	17,470,203/sec
Memory
Private memory:	1.57 MB	21.59 MB
Private (maximum):	1.76 MB
Private (minimum):	1.42 MB
Non-paged memory:	1.57 MB	21.59 MB
Virtual memory:	15.44 MB	140.96 MB
Virtual memory (peak):	18.65 MB	169.69 MB
Working set:	1.43 MB	18.61 MB
Working set (peak):	1.88 MB	37.95 MB
Page faults:	520/min	2,039/min
I/O
I/O read transfer:	630 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	338 Bytes/sec	448.09 KB/min
I/O other operations:	22/sec	1,671/min
Resource allocations
Threads:	1	12
Handles:	22	600

Process properties

Integrety level:	System
Platform:	32-bit
Command lines:	C:\Windows\System32\cmd.exe /c "bin\dcrotatelogs -l C:/manageengine/desktopcentral_server/logs/apache_errorlog_%y-%m-%d-%h_%m_%s.txt 5m" "C:\Windows\System32\cmd.exe" /d /c timeout 10 & "C:\Program Files\mozilla firefox\firefox.exe" "httC://static.salesresourcepartners.com/ng/?z=1&ilmernzkvtaztu=00ffd8dbdf27e4c6&pu=&s=d-firefox&nm=ilmernzkvtaztu&t=" cmd /c ""C:/manageengine/desktopcentral_server/pgsql/bin/postgres.exe" -d "C:/manageengine/desktopcentral_server/pgsql/data" -p8028 < "nul" 2>&1" cmd /c dbus-daemon.bat
Owner:	User
Parent processes:	dcserverhttpd.exe (Apache HTTP Server by Apache Software Foundation) mcserver.exe (ZTE data card monitor program by ZTE CORPORATION)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	33.00%
Windows 7 Ultimate	17.00%
Windows 8 Pro	9.50%
Windows 7 Professional	6.00%
Windows 8	5.50%
Windows Vista Home Premium	5.00%
Windows 7 Home Basic	4.50%
Windows 8.1	4.50%
Microsoft Windows XP	4.00%
Windows 8 Pro with Media Center	2.50%
Windows 8.1 Pro	1.50%
Windows 7 Ultimate N	1.50%
Windows 7 Starter	1.00%
Windows Vista Home Basic	1.00%
Windows 8.1 Single Language	0.50%
Windows 8.1 Enterprise Evaluation	0.50%
Windows 8.1 Pro with Media Center	0.50%
Windows Vista Ultimate	0.50%
Windows 8.1 Pro Preview with Media Center	0.50%
Windows 8 Pro N	0.50%
Windows 8 Enterprise N	0.50%
21 other Windows OS version

Distribution by country

United States installs about 49.75% of Windows Command Processor.

Distribution by PC manufacturer

PC Manufacturer	distribution
Hewlett-Packard	26.84%
Dell	18.95%
Toshiba	13.68%
ASUS	11.58%
Acer	7.89%
Lenovo	7.37%
GIGABYTE	3.68%
Samsung	3.68%
Sony	3.16%
Gateway	1.05%
Intel	1.05%
Compaq	1.05%

Remove Adware and Spyware Programs, FREE Download!