query.exe

  • File Path: C:\WINDOWS\system32\query.exe
  • Description: MultiUser Query Utility

Hashes

Type Hash
MD5 198E5A25B3F577F5E7C86F3A94909686
SHA1 269731F31CADA134126F99D3AD80FFAB800BBC87
SHA256 C02F3831375BDA955F13909985FAF5987B14968AE5A19F6128E407649AA3DD66
SHA384 338460918D9E5F0F198D3BF2A9D786FA54FA65B822F6798055AF708CB11FE366DFB2F6BE50A3B420852420943045F79B
SHA512 889633E09E747C6239834AACA0E1C1513CACFF99EEF949D380F489F3EB18E2D3B221326B163DDABCE72ADF36283629B16F8F175B696695A2AF44631006B0C309
SSDEEP 384:zw7SbB9BPhgulSQ8jWqU/vqhITHlP4Wa3W:c7SPhg68yqUnFP4
IMP CCC9DA4A55E90DFE34CBCDB066D6A6B3
PESHA1 D68F6943074107D4BC92EA45E70A887ED091DBA7
PE256 FF2590B18E5326EBD20A75854E269521855997E083C0E420104203334DB545F1

Runtime Data

Usage (stdout):

QUERY { PROCESS | SESSION | TERMSERVER | USER }

Usage (stderr):

Invalid parameter(s)
QUERY { PROCESS | SESSION | TERMSERVER | USER }

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\query.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: query.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/c02f3831375bda955f13909985faf5987b14968ae5a19f6128e407649aa3dd66/detection

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\change.exe 77
C:\WINDOWS\system32\reset.exe 72

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


query commands

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays information about processes, sessions, and Remote Desktop Session Host servers. To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server.

Syntax

query process
query session
query termserver
query user

Parameters

Parameter Description
query process Displays information about processes running on an Remote Desktop Session Host server.
query session Displays information about sessions on a Remote Desktop Session Host server.
query termserver Displays a list of all Remote Desktop Session Host servers on the network.
query user Displays information about user sessions on a Remote Desktop Session Host server.

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.