cmd.exe
Windows Command Processor by Microsoft
| Version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| MD5: | 8ae6dd9a6d246004da047f704f0cc487 |
| SHA1: | b1b941420333fd6f4220e98fa18c0471cac8a38b |
| SHA256: | 8deab32f7297bcbc22caa7baeb2ddb6bf36e73d9a7f68b6737c1e4c75e213cb9 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is cmd.exe?
Command processor in windows is the command prompt(cmd).
To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.
Overview
cmd.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It is installed with a couple of know programs including XXConsole: Super Console Generator ver 0.96 published by Pixelab, Inc., FieldServer Utilities from FieldServer Technologies and FieldServer Utilities by FieldServer Technologies. This version is designed to run on Windows 7 and is compiled as a 32 bit program.
Details
| File name: | cmd.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Command Processor |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\cmd.exe |
| Original name: | Cmd.Exe.MUI |
| File version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| Product version: | 6.1.7600.16385 |
| Size: | 294.5 KB (301,568 bytes) |
| Digital DNA |
| PE subsystem: | Windows Console |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
“As a bonus feature of the new Vista-compatible XXCOPY, when the
application is installed, a shortcut icon will be created on the
Desktop which will open up a console window (CMD.EXE) with the
Administrator privilege. Under a UAC-enabled Vista environment,
the command console with the elevated privilege is probably the
best way to run XXCOPY and batch files alike.
Rather than adding the one-time-only func...”
Behaviors
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'FastFoxUninstall5' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software"
- 'FastFoxUninstall4' → cmd.exe /C rmdir /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files"
- 'FastFoxUninstall3' → cmd.exe /C rmdir /S /Q "C:\users\user\appdata\Roaming\NCH Software\Program Files\FastFox"
- 'FastFoxUninstall2' → cmd.exe /C rmdir /Q "C:\Program Files\NCH Software\FastFox"
- 'FastFoxUninstall' → cmd.exe /C rmdir /S /Q "C:\Program Files\NCH Software\FastFox"
- 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
- 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del125888062' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del95943703' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del160256437' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del1203196625' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del94878045' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del326931' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del136013075' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeiMeshdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
- 'Del52821423' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeiLividdatamngr' → cmd.exe /c RD /S /Q "C:\Program Files\Search Results Toolbar"
- 'Del153953127' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'removeSearchqutoolbar' → cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
Startup files (user) run once
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'Uninstall C:\Users\Adilson\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
- 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
- 'Uninstall C:\Users\StoneyBC\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
- 'DelTr4467046' → cmd.exe /c rd /s /q "C:\users\user\appdata\Roaming\mysearchdial"
- 'Del1639781' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Uninstall C:\Users\Brandon\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
- 'Uninstall C:\Users\Татьяна\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Del32322796' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\centrogum\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
- 'Del43786750' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Del43774332' → cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"
- 'Uninstall C:\Users\Janine\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64' → C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
- 'Uninstall C:\Users\prettymomma\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2006.0314_5\amd64"
- 'Uninstall C:\Users\Angela Doran\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112_5\amd64"
- 'Uninstall C:\Users\Eric Feller\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64' → C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'CMD' → cmd.exe /k if %datC:~6,4%%datC:~3,2%%datC:~0,2% LEQ 20130909 (exit) else (start httC://alt-rutor.org && exit)
- 'Adobe Flash Player SU' → C:\Windows\System32\cmd.exe /k start httC://3zz.info/ && exit
- 'AMD AVT' → Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Bomgar_Cleanup_ZD12543155818005' → cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f
Scheduled tasks
- The job 'BoostApp' runs in the path '\BoostApp'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.04288766% | |
| Kernel CPU: | 0.02144576% | |
| User CPU: | 0.02144190% | |
| Kernel CPU time: | 94 ms/min | |
| Memory |
| Private memory: | 1.89 MB | |
| Private (maximum): | 2.7 MB | |
| Private (minimum): | 2.5 MB | |
| Non-paged memory: | 1.89 MB | |
| Virtual memory: | 27.85 MB | |
| Virtual memory (peak): | 31.77 MB | |
| Working set: | 1.89 MB | |
| Working set (peak): | 2.69 MB | |
| Resource allocations |
| Threads: | 1 | |
| Handles: | 21 | |
| GUI GDI count: | 4 | |
| GUI GDI peak: | 4 | |
| GUI USER count: | 1 | |
| GUI USER peak: | 1 | |
Process properties
| Platform: | 32-bit |
| Command lines: |
- "C:\Windows\System32\cmd.exe"
- cmd.exe /c ""C:\any video converter\gnu\avc\mplayer.exe" -af volnorm -vf scale=480:-2,expand=:272:::,crop=480:272,harddup -ao pcC:file="\\.\pipe\wmvmplayerpcmdump" -format s16le -vo yuv4mpeC:file="\\.\pipe\wmvmplayeryuvdump" -nolirc -noframedrop "C:\studym~1\videos\scienc~1\introd~1.mp4""
|
| Owner: | User |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
33.00% |
|
| Windows 7 Ultimate |
17.00% |
|
| Windows 8 Pro |
9.50% |
|
| Windows 7 Professional |
6.00% |
|
| Windows 8 |
5.50% |
|
| Windows Vista Home Premium |
5.00% |
|
| Windows 7 Home Basic |
4.50% |
|
| Windows 8.1 |
4.50% |
|
| Microsoft Windows XP |
4.00% |
|
| Windows 8 Pro with Media Center |
2.50% |
|
| Windows 8.1 Pro |
1.50% |
|
| Windows 7 Ultimate N |
1.50% |
|
| Windows 7 Starter |
1.00% |
|
| Windows Vista Home Basic |
1.00% |
|
| Windows 8.1 Single Language |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
| Windows 8.1 Pro with Media Center |
0.50% |
|
| Windows Vista Ultimate |
0.50% |
|
| Windows 8.1 Pro Preview with Media Center |
0.50% |
|
| Windows 8 Pro N |
0.50% |
|
| Windows 8 Enterprise N |
0.50% |
|
| 21 other Windows OS version |
Distribution by country
United States installs about 49.75% of Windows Command Processor.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
26.84% |
|
| Dell |
18.95% |
|
| Toshiba |
13.68% |
|
| ASUS |
11.58% |
|
| Acer |
7.89% |
|
| Lenovo |
7.37% |
|
| GIGABYTE |
3.68% |
|
| Samsung |
3.68% |
|
| Sony |
3.16% |
|
| Gateway |
1.05% |
|
| Intel |
1.05% |
|
| Compaq |
1.05% |
|
