cmd.exe
Windows Command Processor by Microsoft
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Overview
There are 11 versions of cmd.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). cmd.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 340.18 KB. The programs Call of Duty Modern Warfare 2, EasyBB and Watch_Dogs have been observed as installing specific variations of cmd.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 2.24 MB with the maximum memory reaching around 2.79 MB. Addionally, typically read and write I/O disk operations is about 412 Bytes per minute for reads and 508 Bytes per minute for writes.
What is cmd.exe?
Command processor in windows is the command prompt(cmd).
To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.
 Details
|
| File name: | cmd.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Command Processor |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\cmd.exe |
| Original name: | Cmd.Exe.MUI |
Programs installed in
(Note, the programs listed below are for all versions of Windows Command Processor.)
Call of Duty: Modern Warfare 2 is a first-person shooter video game developed by Infinity Ward and published by Activision. The player assumes the role of various characters during the single-player c...
|
authorGEN Technologies Private Limited |
|
“SDK Tools is a downloadable component for the Android SDK. It includes the complete set of development and debugging tools for the Android SDK. The Android SDK provides you the API libraries and devel...”
|
Institute for Systems Biology |
|
|
Institute for Systems Biology |
|
The NVIDIA Driver is the software driver for NVIDIA Graphics GPU installed on the PC. It is a program used to communicate from the Windows PC OS to the device. This software is required in most cases ...
“As a bonus feature of the new Vista-compatible XXCOPY, when the
application is installed, a shortcut icon will be created on the
Desktop which will open up a console window (CMD.EXE) with th...”
Sophos AutoUpdate is the updater program which runs with Windows (in the background as a service) and automatically starts up when your computer boots. It checks for updates and automatically download...
“You play as Aiden Pearce, a brilliant hacker and former thug, whose criminal past led to a violent family tragedy. While seeking justice for those events, you'll monitor and hack those around you by m...”
Behaviors
(Note, the behaviors below are for all versions of cmd.exe, select a unique version for details.)
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'FastFoxUninstall5' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software"
- 'FastFoxUninstall4' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files"
- 'FastFoxUninstall3' → cmd.exe /C rmdir /S /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files\FastFox"
- 'FastFoxUninstall2' → cmd.exe /C rmdir /Q "C:\Program Files\NCH Software\FastFox"
- 'FastFoxUninstall' → cmd.exe /C rmdir /S /Q "C:\Program Files\NCH Software\FastFox"
- 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
- 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del125888062' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del95943703' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del160256437' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del1203196625' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del94878045' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del136013075' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeiMeshdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
- 'Del52821423' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeiLividdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
- 'Del153953127' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeSearchqutoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
Startup files (user) run once
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'Uninstall C:\Users\Adilson\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
- 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
- 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
- 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
- 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
- 'Uninstall C:\Users\Татьяна\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\centrogum\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\Janine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
- 'Uninstall C:\Users\prettymomma\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64"
- 'Uninstall C:\Users\Eric Feller\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'CMD' → cmd.exe /k if %datC:~6,4%%datC:~3,2%%datC:~0,2% LEQ 20130909 (exit) else (start httC://alt-rutor.org && exit)
- 'Adobe Flash Player SU' → C:\Windows\System32\cmd.exe /k start httC://3zz.info/ && exit
- 'AMD AVT' → Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Bomgar_Cleanup_ZD12543155818005' → cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f
Scheduled tasks
- The job 'BoostApp' runs in the path '\BoostApp'
All file variations of cmd.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
32.85% |
|
| Windows 7 Ultimate |
16.91% |
|
| Windows 8 Pro |
9.18% |
|
| Windows 7 Professional |
6.28% |
|
| Windows 8 |
5.31% |
|
| Windows Vista Home Premium |
4.83% |
|
| Windows 7 Home Basic |
4.35% |
|
| Windows 8.1 |
4.35% |
|
| Microsoft Windows XP |
3.86% |
|
| Windows 8 Pro with Media Center |
2.42% |
|
| Windows Vista Home Basic |
2.42% |
|
| Windows 8.1 Pro |
1.45% |
|
| Windows 7 Ultimate N |
1.45% |
|
| Windows 7 Starter |
0.97% |
|
| Windows 8.1 Single Language |
0.48% |
|
| Windows 8.1 Enterprise Evaluation |
0.48% |
|
| Windows 8.1 Pro with Media Center |
0.48% |
|
| Windows Vista Ultimate |
0.48% |
|
| Windows 8.1 Pro Preview with Media Center |
0.48% |
|
| Windows 8 Pro N |
0.48% |
|
| Windows 8 Enterprise N |
0.48% |
|
| 21 other Windows OS version |
Distribution by country
United States installs about 50.97% of Windows Command Processor.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
27.23% |
|
| Dell |
18.85% |
|
| Toshiba |
13.61% |
|
| ASUS |
11.52% |
|
| Acer |
7.85% |
|
| Lenovo |
7.33% |
|
| GIGABYTE |
3.66% |
|
| Samsung |
3.66% |
|
| Sony |
3.14% |
|
| Gateway |
1.05% |
|
| Intel |
1.05% |
|
| Compaq |
1.05% |
|
