Query.dll

• File Path: C:\Windows\SysWOW64\Query.dll
• Description: Content Index Utility DLL

Hashes

Type	Hash
MD5	23213AF0943223AC771D19C87B72A0EC
SHA1	9F7CFDE32FEF0E37CA331A0CD133B3B7ED08D988
SHA256	91B590BF6BCAA4FFEF30D3476ADCC216DB3963C158091D93032AE2268A977821
SHA384	92502E3A3EAE93B5B33BC6AE062D09EDABF0DCDB28D386204C474F08EF19C2B7B9304A3EC4E12758535BC4FE6A0E824A
SHA512	FA067D057DB8904AC0CACFDC0E31110D835E9D5971D4C8326E94C87D3F4A89E86BA26B0F216A36F6627CD6495E06A75B5D63ED6E672D8EF8E97358DF96690F84
SSDEEP	1536:lOWO6/fEQUv6ENxHaE30fAHZMoxBhBCzMAU0rFCF3AfeQMxRm3CT:VOhQUvxx6EQIMQBnAMAUyAF3Af7MxRms
IMP	FB575F462A1DB6FCACADF4100004F438
PESHA1	D38DD15D8383E0A9AB4BE9C7AB79168BF3436B50
PE256	D5369FCBBEA676999924429615542AB118A2B60100E471776D9255C8566D8440

DLL Exports:

Function Name	Ordinal	Type
LoadBinaryFilter	1	Exported Function
DllUnregisterServer	8	Exported Function
LoadIFilter	9	Exported Function
LoadTextFilter	2	Exported Function
LoadIFilterEx	10	Exported Function
BindIFilterFromStream	4	Exported Function
BindIFilterFromStorage	3	Exported Function
DllCanUnloadNow	5	Exported Function
DllRegisterServer	7	Exported Function
DllGetClassObject	6	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: query.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/71
• VirusTotal Link: https://www.virustotal.com/gui/file/91b590bf6bcaa4ffef30d3476adcc216db3963c158091d93032ae2268a977821/detection/

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

---

query commands

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays information about processes, sessions, and Remote Desktop Session Host servers. To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server.

Syntax

query process
query session
query termserver
query user

Parameters

Parameter	Description
query process	Displays information about processes running on an Remote Desktop Session Host server.
query session	Displays information about sessions on a Remote Desktop Session Host server.
query termserver	Displays a list of all Remote Desktop Session Host servers on the network.
query user	Displays information about user sessions on a Remote Desktop Session Host server.

Additional References

• Command-Line Syntax Key

• Remote Desktop Services (Terminal Services) Command Reference

---

MIT License. Copyright (c) 2020-2021 Strontic.