query.exe

Hashes

Type	Hash
MD5	`1F85FC4EF8B60C9ADD72F6C856DD0589`
SHA1	`4568C5F804ACCC63045F5F2C1FA4DA3750ADFC14`
SHA256	`E0655B492CA255745D122CAA2A1147AE01554CA5AE2F53454863D6706D667910`
SHA384	`35392498A7B0820129EC713985077739EA53001F46BD7461C5FECADEB1129020A9A28427D9A4ADC79897AE3BFB5B937E`
SHA512	`D579ED855CF035CE0B608FC923A20567B05DA75693E9787D8F2C42DCCB49B8C854FB1ED644C98F98DCEDB1EA93A263ED2B3B9F4A68A7FE92B047B194EF65333F`
SSDEEP	`384:oyymcKXLaxy2eeTX94dnntGHK2aCP4WQ3W:Ym8etdnWHPS`

QUERY { PROCESS | SESSION | TERMSERVER | USER }

Invalid parameter(s)
QUERY { PROCESS | SESSION | TERMSERVER | USER }

Status: Signature verified.
Serial: 33000001C422B2F79B793DACB20000000001C4
Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File	Score
C:\WINDOWS\system32\change.exe	75
C:\WINDOWS\system32\reset.exe	71

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Displays information about processes, sessions, and Remote Desktop Session Host servers. To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server.

query process
query session
query termserver
query user

Parameter	Description
query process	Displays information about processes running on an Remote Desktop Session Host server.
query session	Displays information about sessions on a Remote Desktop Session Host server.
query termserver	Displays a list of all Remote Desktop Session Host servers on the network.
query user	Displays information about user sessions on a Remote Desktop Session Host server.