We Recommend: You Boost your PC today


6.3.9431.0 (winmain_bluemp.130615-1214) 0.71%
6.2.9200.16384 (win8_rtm.120725-1247) 19.86%
6.2.9200.16384 (win8_rtm.120725-1247) 2.84%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 21.99%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 33.33%
6.1.7600.16385 (win7_rtm.090713-1255) 4.96%
6.1.7600.16385 (win7_rtm.090713-1255) 2.84%
6.0.6000.16386 (vista_rtm.061101-2205) 6.38%
6.0.6000.16386 (vista_rtm.061101-2205) 0.71%
5.1.2600.5512 (xpsp.080413-2111) 6.38%



Windows Command Processor by Microsoft

This is a Windows system installed file with Windows File Protection (WFP) enabled.


There are 10 versions of cmd.exe in the wild, the latest version being 6.3.9431.0 (winmain_bluemp.130615-1214). cmd.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 339.45 KB. Some variations of the file have been seen to be installed with the program Sophos AutoUpdate from Sophos Limited. During the process's lifecycle, the typical CPU resource utilization is about 0.0046% including both foreground and background operations, the average private memory consumption is about 2.11 MB with the maximum memory reaching around 2.71 MB. Addionally, typically read and write I/O disk operations is about 426 Bytes per minute for reads and 508 Bytes per minute for writes.

What is cmd.exe?

Command processor in windows is the command prompt(cmd).
To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.


File name:cmd.exe
Publisher:Microsoft Corporation
Product name:Windows Command Processor
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\cmd.exe
Original name:Cmd.Exe.MUI

ResourcesPrograms installed in

(Note, the programs listed below are for all versions of Windows Command Processor.)
Sophos Limited
4% remove


(Note, the behaviors below are for all versions of cmd.exe, select a unique version for details.)
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Del94878045' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del136013075' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeiMeshdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
  • 'Del52821423' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeiLividdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
  • 'Del153953127' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeSearchqutoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
  • 'Del16657287' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'AvgUninstallURL' → cmd.exe /c start httC://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAyAD
  • 'removeSearchqudatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar"
  • 'Del4058325' → cmd.exe /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeiMeshtoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar"
Startup files (user) run once
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Uninstall C:\Users\rdelafontaine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_2' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_2"
  • 'Uninstall C:\Users\rdelafontaine\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_2\amd64' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_2\amd64"
  • 'Uninstall C:\Users\rdelafontaine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112"
  • 'Uninstall C:\Users\rdelafontaine\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\maveryjr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Uninstall C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
  • 'Uninstall C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64"
  • 'Uninstall C:\Users\Michael-HP8\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Uninstall C:\Users\Resse812\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112_1"
  • 'Uninstall C:\Users\tacom_000\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\tacom_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Uninstall C:\Users\vish6_000\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
  • 'Uninstall C:\Users\vish6_000\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
  • 'Uninstall C:\Users\reper_000\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64' → C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
  • 'adawarebp_INSTALL_FOLDER' → cmd.exe /c rmdir "C:\users\user\appdata\Local\adawarebp" /s /q
  • 'adawarebp_DATA_FOLDER' → cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q
  • 'Uninstall C:\Users\Shandell Perez\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910"
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Adobe Flash Player SU' → C:\Windows\System32\cmd.exe /k start httC://3zz.info/ && exit
  • 'AMD AVT' → Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Bomgar_Cleanup_ZD12543155818005' → cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f
Scheduled tasks
  • The job 'BoostApp' runs in the path '\BoostApp'

VersionsAll file variations of cmd.exe

MD5SHA-1File size
0964875566ccdec4972629915a58e20f 4942bf2c4c008682dccebccab031e41be1ade42d 348 KB
bf93a2f9901e9b3dfca8a7982f4a9868 76128671ca0aac549a9162ef07be1e0bc94c1c31 395.5 KB
5996c79fb52bde3fa10f77396654ae42 ac4d87e771010698cdc82116f289abfcf7d67027 341.5 KB
ad7b9c14083b52bc532fba5948342b98 ee8cbf12d87c4d388f09b4f69bed2e91682920b5 295.5 KB
5746bd7e255dd6a8afa06f7c42c1ba41 0f3c4ff28f354aede202d54e9d1c5529a3bf87d8 337 KB
6960d29abe74341fab8300db3e6f883d 4bbbd51de263b20d9553560f57b6eff526fcb55e 336.5 KB
8ae6dd9a6d246004da047f704f0cc487 b1b941420333fd6f4220e98fa18c0471cac8a38b 294.5 KB
74f26fc01b180d4a99a168ed69c30a53 46372c2278b2e369a7ce3e0879a23d009ccb6340 311.5 KB
72a73b43c20902760022fbc91b3ec948 25e58b570dcf7dd4c135def33094d75f6488ece5 354.5 KB
6d778e0f95447e6546553eeea709d03c 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1 380 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 33.33%
Windows 7 Ultimate 20.00%
Windows 8 Pro 11.11%
Windows 7 Professional 7.41%
Microsoft Windows XP 5.93%
Windows 8 4.44%
Windows 8 Pro with Media Center 3.70%
Windows Vista Home Basic 3.70%
Windows Vista Home Premium 2.96%
Windows 7 Ultimate N 2.22%
Windows 7 Home Basic 1.48%
Windows 7 Starter 1.48%
Windows 8.1 Pro Preview with Media Center 0.74%
Windows 8 Pro N 0.74%
Windows 8 Enterprise N 0.74%

Distribution by countryDistribution by country

United States installs about 50.00% of Windows Command Processor.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 28.57%
Toshiba 14.29%
ASUS 10.20%
Lenovo 10.20%
Dell 10.20%
Acer 6.12%
Sony 6.12%
Samsung 5.10%
Intel 2.04%
Compaq 2.04%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE