query.exe
- File Path:
C:\Windows\system32\query.exe - Description: MultiUser Query Utility
Hashes
| Type | Hash |
|---|---|
| MD5 | 8A7520A6CC2A2968F4A8EE4DB946AD8D |
| SHA1 | B7B0589F7CA2A526F77E39BD6534CBD8A53BC7D0 |
| SHA256 | 3369E8FEA09C3C226D636B13108DA357093D0D98214236417839A94F56D3BA02 |
| SHA384 | DB9ED4EACEEB20C1F895DC2066E0F1AD08B2485EDA4A0D1864B463180B2A0EF1B635E34287AD824EA614C9A651F4B093 |
| SHA512 | A0643B80F86B18F40BF7717B131341AFCB43158705B8339C717BC78D79F3BFA318759CF8A548427F2D3AD59EF5296B1EA70CEA0E1E812417CB2D02AA61D7D48D |
| SSDEEP | 384:5yKvwEHdWH1ZMqxdBeEh+98XfGHK2aKPoWW3W:8Kv5SVBA984vP8 |
| IMP | CCC9DA4A55E90DFE34CBCDB066D6A6B3 |
| PESHA1 | A4493A79E3020E560A71C4B67CE78FAE8ABC66D4 |
| PE256 | 720EBD80DA487D87055B12A3596F6EEAD620FB458CCEF94CB0F51532EEC87FB3 |
Runtime Data
Usage (stdout):
QUERY { PROCESS | SESSION | TERMSERVER | USER }
Usage (stderr):
Invalid parameter(s)
QUERY { PROCESS | SESSION | TERMSERVER | USER }
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\IMM32.DLL |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\query.exe |
| C:\Windows\system32\REGAPI.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4 - Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: query.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/3369e8fea09c3c226d636b13108da357093d0d98214236417839a94f56d3ba02/detection/
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\Windows\system32\change.exe | 80 |
| C:\Windows\system32\reset.exe | 74 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
query commands
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays information about processes, sessions, and Remote Desktop Session Host servers. To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server.
Syntax
query process
query session
query termserver
query user
Parameters
| Parameter | Description |
|---|---|
| query process | Displays information about processes running on an Remote Desktop Session Host server. |
| query session | Displays information about sessions on a Remote Desktop Session Host server. |
| query termserver | Displays a list of all Remote Desktop Session Host servers on the network. |
| query user | Displays information about user sessions on a Remote Desktop Session Host server. |
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.