tskill.exe

  • File Path: C:\Windows\system32\tskill.exe
  • Description: Remote Desktop Services End Process Utility

Hashes

Type Hash
MD5 ECB28BE6AB10EC79A0E817A27F9AA6DD
SHA1 2D2F4442D825FBF47E9D4081738211BB2C6532D7
SHA256 56E8D6C41D904C855FC44BC50E7460AC0D1803111C0C8032B12C00B3C0482816
SHA384 4D7843AA7B77A4F52EB5E82946722A9C5BD87F2B88F22B8FF7FD6F39DB6C95E98AD9D83042574EB0D864C7C0C43A5015
SHA512 06DD864E107E835100F31E20EE32D70600E1914A9F017D90EF6A7C183EC735C50F10D55F2351781B9212C64FA8FE12D556585EAA26BFDFE66D32845382540EC5
SSDEEP 384:i3siK/v9kWMiajErDSPVQgE4z5mtpBK8bgqKl4uwkU2oTAUHWqSUZp51wCW4wQW:i8Ph9TrDS9QwA7BK8brKZwPXAQLIB
IMP 0568AF4DCDD3B8A976BBBBC1530C6847
PESHA1 BC46D5579AE3FE633C2B78747A394F1E44774575
PE256 C48509A6853221E7E4C85BB8CEEA7D09D6D0FD420C4835624275638B1CDF455D

Runtime Data

Usage (stderr):

Invalid parameter(s)
Ends a process.

TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]

  processid           Process ID for the process to be terminated.
  processname         Process name to be terminated.
  /SERVER:servername  Server containing processID (default is current).
                         /ID or /A must be specified when using processname
                         and /SERVER
  /ID:sessionid       End process running under the specified session.
  /A                  End process running under ALL sessions.
  /V                  Display information about actions being performed.


Loaded Modules:

Path
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\tskill.exe
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\system32\WINSTA.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: tskill.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/56e8d6c41d904c855fc44bc50e7460ac0d1803111c0c8032b12c00b3c0482816/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\tskill.exe 47

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


tskill

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Ends a process running in a session on a Remote Desktop Session Host server.

[!NOTE] You can use this command to end only those processes that belong to you, unless you are an administrator. Administrators have full access to all tskill functions and can end processes that are running in other user sessions.

To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server.

Syntax

tskill {<processID> | <processname>} [/server:<servername>] [/id:<sessionID> | /a] [/v]

Parameters

Parameter Description
<processID> Specifies the ID of the process that you want to end.
<processname> Specifies the name of the process that you want to end. This parameter can include wildcard characters.
/server:<servername> Specifies the terminal server that contains the process that you want to end. If /server isn’t specified, the current Remote Desktop Session Host server is used.
/id:<sessionID> Ends the process that is running in the specified session.
/a Ends the process that is running in all sessions.
/v Displays information about the actions being performed.
/? Displays help at the command prompt.
Remarks
  • When all processes that are running in a session end, the session also ends.

  • If you use the <processname> and the /server:<servername> parameters, you must also specify either the /id:<sessionID> or the /a parameter.

Examples

To end process 6543, type:

tskill 6543

To end the process explorer running on session 5, type:

tskill explorer /id:5

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.