6.3.9600.16384 (winblue_rtm.130821-1623) 7.04%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.47%
6.2.9200.16384 (win8_rtm.120725-1247) 17.37%
6.2.9200.16384 (win8_rtm.120725-1247) 1.88%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 17.84%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 37.09%
6.1.7600.16385 (win7_rtm.090713-1255) 3.29%
6.1.7600.16385 (win7_rtm.090713-1255) 2.82%
6.0.6000.16386 (vista_rtm.061101-2205) 7.51%
6.0.6000.16386 (vista_rtm.061101-2205) 0.47%
5.1.2600.5512 (xpsp.080413-2111) 4.23%



Windows Command Processor by Microsoft

Remove cmd.exe
This is a Windows system installed file with Windows File Protection (WFP) enabled.


There are 11 versions of cmd.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). cmd.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 340.18 KB. The programs Call of Duty Modern Warfare 2, Sophos AutoUpdate and Watch_Dogs have been observed as installing specific variations of cmd.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 2.24 MB with the maximum memory reaching around 2.79 MB. Addionally, typically read and write I/O disk operations is about 412 Bytes per minute for reads and 508 Bytes per minute for writes.

What is cmd.exe?

Command processor in windows is the command prompt(cmd).
To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.


File name:cmd.exe
Publisher:Microsoft Corporation
Product name:Windows Command Processor
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\cmd.exe
Original name:Cmd.Exe.MUI

Programs installed in

(Note, the programs listed below are for all versions of Windows Command Processor.)
9% remove
Call of Duty: Modern Warfare 2 is a first-person shooter video game developed by Infinity Ward and published by Activision. The player assumes the role of various characters during the single-player c...
authorGEN Technologies Private Limited
6% remove
FieldServer Technologies
4% remove
Google Inc
9% remove
SDK Tools is a downloadable component for the Android SDK. It includes the complete set of development and debugging tools for the Android SDK. The Android SDK provides you the API libraries and devel...
Institute for Systems Biology
8% remove
Institute for Systems Biology
8% remove
8% remove
Mark Loman
6% remove
NVIDIA Corporation
2% remove
The NVIDIA Driver is the software driver for NVIDIA Graphics GPU installed on the PC. It is a program used to communicate from the Windows PC OS to the device. This software is required in most cases ...
Pixelab, Inc.
7% remove
As a bonus feature of the new Vista-compatible XXCOPY, when the application is installed, a shortcut icon will be created on the Desktop which will open up a console window (CMD.EXE) with th...
PlotSoft LLC
6% remove
PlotSoft LLC
1% remove
Sophos Limited
4% remove
Sophos AutoUpdate is the updater program which runs with Windows (in the background as a service) and automatically starts up when your computer boots. It checks for updates and automatically download...
12% remove
You play as Aiden Pearce, a brilliant hacker and former thug, whose criminal past led to a violent family tragedy. While seeking justice for those events, you'll monitor and hack those around you by m...


(Note, the behaviors below are for all versions of cmd.exe, select a unique version for details.)
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'FastFoxUninstall5' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software"
  • 'FastFoxUninstall4' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files"
  • 'FastFoxUninstall3' → cmd.exe /C rmdir /S /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files\FastFox"
  • 'FastFoxUninstall2' → cmd.exe /C rmdir /Q "C:\Program Files\NCH Software\FastFox"
  • 'FastFoxUninstall' → cmd.exe /C rmdir /S /Q "C:\Program Files\NCH Software\FastFox"
  • 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
  • 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del125888062' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del95943703' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del160256437' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del1203196625' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del94878045' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del136013075' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeiMeshdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
  • 'Del52821423' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeiLividdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
  • 'Del153953127' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'removeSearchqutoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
Startup files (user) run once
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Uninstall C:\Users\Adilson\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
  • 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
  • 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
  • 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
  • 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
  • 'Uninstall C:\Users\Татьяна\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Uninstall C:\Users\centrogum\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
  • 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
  • 'Uninstall C:\Users\Janine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
  • 'Uninstall C:\Users\prettymomma\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64"
  • 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64"
  • 'Uninstall C:\Users\Eric Feller\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'CMD' → cmd.exe /k if %datC:~6,4%%datC:~3,2%%datC:~0,2% LEQ 20130909 (exit) else (start httC:// && exit)
  • 'Adobe Flash Player SU' → C:\Windows\System32\cmd.exe /k start httC:// && exit
  • 'AMD AVT' → Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Bomgar_Cleanup_ZD12543155818005' → cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f
Scheduled tasks
  • The job 'BoostApp' runs in the path '\BoostApp'

VersionsAll file variations of cmd.exe

MD5SHA-1File size
fc0b4a626881d7c5980d757214db2d25 0c2e3cf2d2f09792960a73dc772a086e99a96764 347.5 KB
0964875566ccdec4972629915a58e20f 4942bf2c4c008682dccebccab031e41be1ade42d 348 KB
bf93a2f9901e9b3dfca8a7982f4a9868 76128671ca0aac549a9162ef07be1e0bc94c1c31 395.5 KB
5996c79fb52bde3fa10f77396654ae42 ac4d87e771010698cdc82116f289abfcf7d67027 341.5 KB
ad7b9c14083b52bc532fba5948342b98 ee8cbf12d87c4d388f09b4f69bed2e91682920b5 295.5 KB
5746bd7e255dd6a8afa06f7c42c1ba41 0f3c4ff28f354aede202d54e9d1c5529a3bf87d8 337 KB
6960d29abe74341fab8300db3e6f883d 4bbbd51de263b20d9553560f57b6eff526fcb55e 336.5 KB
8ae6dd9a6d246004da047f704f0cc487 b1b941420333fd6f4220e98fa18c0471cac8a38b 294.5 KB
74f26fc01b180d4a99a168ed69c30a53 46372c2278b2e369a7ce3e0879a23d009ccb6340 311.5 KB
72a73b43c20902760022fbc91b3ec948 25e58b570dcf7dd4c135def33094d75f6488ece5 354.5 KB
6d778e0f95447e6546553eeea709d03c 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1 380 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 32.85%
Windows 7 Ultimate 16.91%
Windows 8 Pro 9.18%
Windows 7 Professional 6.28%
Windows 8 5.31%
Windows Vista Home Premium 4.83%
Windows 7 Home Basic 4.35%
Windows 8.1 4.35%
Microsoft Windows XP 3.86%
Windows 8 Pro with Media Center 2.42%
Windows Vista Home Basic 2.42%
Windows 8.1 Pro 1.45%
Windows 7 Ultimate N 1.45%
Windows 7 Starter 0.97%
Windows 8.1 Single Language 0.48%
Windows 8.1 Enterprise Evaluation 0.48%
Windows 8.1 Pro with Media Center 0.48%
Windows Vista Ultimate 0.48%
Windows 8.1 Pro Preview with Media Center 0.48%
Windows 8 Pro N 0.48%
Windows 8 Enterprise N 0.48%
21 other Windows OS version

Distribution by countryDistribution by country

United States installs about 50.97% of Windows Command Processor.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 27.23%
Dell 18.85%
Toshiba 13.61%
ASUS 11.52%
Acer 7.85%
Lenovo 7.33%
Samsung 3.66%
Sony 3.14%
Gateway 1.05%
Intel 1.05%
Compaq 1.05%
