Windows Explorer Advanced File Search Filter Builder

Win Explorer Advanced File Search Filter Builder

Select filters; ext, content, author, title, image metadata, path, date, size, file types

Basic Rules

Operator	Example	Result
NOT	social NOT security	Finds items that contain social, but not security.
Space = AND	social security	Finds items that contain social and security. A space in the query is equivalent to an AND! For example, ext:jpg ext:png is an impossible combination! A file extension cannot be both ext:jpg AND ext:png.
OR	social OR security	Finds items that contain social or security.
Quotation marks	"social security"	Finds items that contain the exact phrase social security.

📎 File Extension & Content

🔍 File extension (ext:)

Manual: ext:jpg OR ext:png | Tags add cumulatively

png jpg pdf docx xlsx txt mp4 zip

Click tags to add OR combine

📄 Content search (content:"phrase")

Enable content search (auto-enabled when you type)

The proper way to search inside file contents for the exact phrase!

✍️ Author & Title Metadata

👤 Author (author:"name")

Enable author filter (auto-enabled when you type)

For multiple authors, author:"Name 1" OR author:"Name 2", edit manually

📌 Title (title:"document name")

Enable title filter (auto-enabled when you type)

For multiple titles, title:"Name 1" OR title:"Name 2", edit manually

🖼️ Image Metadata

📷 Camera Model (model:)

Enable model filter (auto-enabled when you type)

For multiple models, model:"Name 1" OR model:"Name 2", edit manually

📅 Date Taken (datetaken:)

Enable date taken (auto-enabled when selected)

Pick a date → checkbox auto-enables

📁 Path & Exclude Folder

📂 Limit to folder (path:)

Enable path filter (auto-enabled when you type)

🚫 Exclude folder (NOT path:)

Enable exclude folder (auto-enabled when you type)

💡 Type a path → checkbox enables automatically

📅 Date Modified & Size

📆 Date modified range

Enable date range (auto-enabled when date selected)

💡 Pick a start date → end date auto-fills

💾 Size range (KB / MB / GB)

KB MB GB

KB MB GB

Enable size range (auto-enabled when you type)

Type min or max value → size filter auto-enables | Supports KB, MB, GB

📋 🔍 Copy'n paste query into Windows Explorer

⚡ Un-click checkbox to remove filter. Builds Windows Explorer syntax with ext:, content:, author:, title:, model:, datetaken:, path:, NOT path:, datemodified:.., size:..

Questrade Phishing Email with subject Optional Account Update for Improved Investment Experience

For the record, this is a Questrade phishing email attempt that is recently going around, with subject Information about your online security and body "Optional Account Update for Improved Investment Experience"

What to do?  Report them, goto bottom of page. 

From: Questrade<transaction@ddqhbe.com> Subject: Optional Account Update for Improved Investment Experience Dear Client, We hope you are having a pleasant day. As part of our ongoing efforts to improve account accuracy and enhance user experience across our platform, we periodically invite clients to review and update their account information. During a recent internal review, your account was identified as one that may benefit from a profile update. At the moment, your stock subscription is undergoing a temporary internal check while we ensure that all account details remain consistent within our system. We would like to emphasize that this process is a standard operational procedure and does not indicate any problem with your investment or account status. Your assets and positions remain unchanged. To proceed with the update, you may access your account through the following secure link: Update Profile The update process will guide you through reviewing your basic personal details, confirming your communication preferences, and checking your account security settings. It has been designed to be clear, straightforward, and user-friendly. Once the update is completed, the review flag will be removed automatically, and your subscription will continue its standard processing without further interruption. We recommend completing this update at your convenience to help us provide you with smoother account services, clearer notifications, and more accurate records in the future. If you have any questions or need assistance, please contact our support team through the official channels provided in your account interface. Thank you for your understanding and continued use of our services.

Phishing Link

1. https://l9yaz2ib7.com/?token=xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

National Bank Email with subject Account Tax Records Maintenance Notification

For the record, this is a National Bank phishing email attempt that is recently going around, with subject Information about your online security and body "Account Tax Records Maintenance Notification"

What to do?  Report them, goto bottom of page. 

From: National Bank Direct Brokerage <noreply@tlnakf.com> Subject: Account Tax Records Maintenance Notification Account Tax Records Maintenance Notification   Dear Client, This notification is sent to inform you that your account tax records require maintenance in the form of a W-8BEN update. This process ensures that your tax classification and residency status are correctly reflected in our system. Your current record may have reached its scheduled review date or may not reflect your latest information. Under such circumstances, regulatory guidelines require us to request updated documentation. You may complete this update by accessing your account through our official, secured system at: Secure Account Maintenance Link After signing into your account, please locate the tax records or compliance section and follow the on-screen instructions to update your W-8BEN details. We do not collect or process tax data via email or direct messaging services. All updates must be completed through our secured platform.

Phishing Link

1. https://bnc-nbdb-coip.com/?token=xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

WealthSimple Phishing Email with subject Required Renewal Due to Expiration of Your W-8BEN Form

For the record, this is a Wealthsimple phishing email attempt that is recently going around, with subject Information about your online security and body "Required Renewal Due to Expiration of Your W-8BEN Form"

What to do?  Report them, goto bottom of page. 

From: Wealthsimple <account@chkkwz.com> Subject: Required Renewal Due to Expiration of Your W-8BEN Form Required Renewal Due to Expiration of Your W-8BEN Form   Dear Client, This notice is provided to inform you that the W-8BEN form currently associated with  your account has expired and is no longer valid for tax or regulatory purposes. The W-8BEN plays a critical role in certifying non-U.S. tax residency and determining appropriate withholding and reporting obligations. When tax documentation expires, it no longer satisfies compliance requirements. In the absence of a renewed W-8BEN, default tax treatment may be applied in accordance with applicable regulations. This may affect payment processing, income distributions, or other account-related activities. To ensure your account remains properly documented and compliant, a renewed W-8BEN must be submitted. The renewal process allows you to reconfirm your tax residency information and provide an updated certification reflecting your current status. Please complete the renewal through the secure portal below: Renew Certification After logging in, follow the instructions in the tax documentation section to review your information and submit a new certification. Upon approval, the renewed form will replace the expired documentation currently on file. Submitting your renewal in a timely manner helps ensure uninterrupted account processing and continued regulatory compliance. Have questions or need help? Reach out to our team. Wealthsimple 400 – 80 Spadina Avenue Toronto, ON, M5V 2J4 Instagram | Facebook | Twitter | Instagram Privacy Policy •  View in browser Replies to this email address are not monitored. Have questions? Visit our Help Centre or submit a request to our Client Support team. Managed accounts are offered by Wealthsimple Inc., a registered portfolio manager in each province and territory of Canada. © 2025 Wealthsimple Technologies Inc.

Phishing Link

1. https://bcupcehvwrzr.com/?token=xxxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Windows Explorer File Search Query Builder Online

                                   

Windows Explorer File Search Query Builder

Update May 1, 2026 : 👉 Windows Explorer Advanced File Search Filter Builder

✨ Smart date range: pick "From date" → auto-fills "To date" (if empty)

📅 Date modified range (mm/dd/yyyy) ⚡ Auto-fill: From → To

From date (start)

To date (end)

✓ Enable date range filter

📅 Output format: datemodified:4/15/1990..12/1/2025 (Windows uses mm/dd/yyyy)

💾 File size range (min..max)

Minimum size

KB

Maximum size

KB

✓ Enable size range filter

Use MB (converts values to MB in output)

💾 Output examples: size:500KB..5MB or size:10MB..100MB

📄 File types (choose any combination)

📌 Multiple types: (type:=.pdf OR type:=.docx OR type:=.jpg)

📋 🔍 Optimized Explorer Query (range syntax)

🧩 Uses datemodified:start..end and size:min..max syntax — paste directly into Windows File Explorer.

⚡ Windows supports range queries with .. (two dots). Smart: pick a "From date" → auto-fills "To date" to same day (if empty).

CAA Phishing Email with subject Your Emergency Tool Is Reserved — Claim It Now

For the record, this is a CAA storage phishing email attempt that is recently going around, with subject Information about your online security and body "Your Emergency Tool Is Reserved — Claim It Now"

What to do?  Report them, goto bottom of page. 

From: CAA Members Update <news.ixu@wildrock0511.zonafrancabarranquilla.com> Subject: Your Emergency Tool Is Reserved — Claim It Now CAA Hello We appreciate your continued interest in road safety. A note regarding your road safety profile: In recognition of your commitment, we have reserved a Breaker 2‑in‑1 Emergency Tool for your account. This device cuts through jammed seatbelts and shatters tempered glass — designed for critical roadside moments. Confirm your details below — availability is limited to registered members. Confirm My Tool Sincerely, Your CAA Team Vehicle Safety Device

Phishing Link

1. http://xn--xxx-xxxx.hdslholdings.com/xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Apple iCloud Phishing Email with subject Nous avons bloqué votre compte! Vos photos et vidéos seront supprimées aujourd'hui

For the record, this is a Google Cloud storage phishing email attempt that is recently going around, with subject Information about your online security and body "Nous avons bloqué votre compte! Vos photos et vidéos seront supprimées aujourd'hui"

What to do?  Report them, goto bottom of page. 

From: Betaling geweigerd <noreply@fitnessloft-wolfenbuettel.de> Subject: Nous avons bloqué votre compte! Vos photos et vidéos seront supprimées aujourd'hui ⚠️ Votre méthode de paiement a expiré Mettez à jour vos informations de paiement.. Vous pouvez mettre à niveau votre abonnement ❌ Votre cloud a été désactivé Nous n’avons pas pu renouveler votre stockage cloud ! Tous vos fichiers et données seront perdus Détails de commande : Formule d'abonnement : 250GB Produit : Stockage Cloud Expiration : [Redacted] ⚠️ Dernier avertissement : vos données seront supprimées Votre compte a été bloqué ! Toutes vos photos et vidéos seront supprimées aujourd’hui ! METTRE À NIVEAU L'ABONNEMENT Merci pour votre confiance. Cordialement. ⚠️ Your payment method has expired Update your payment information.. You can upgrade your subscription ❌ Your cloud has been deactivated We could not renew your cloud storage! All your files and data will be lost Order details: Subscription plan: 250GB Product: Cloud Storage Expiration: [Redacted] ⚠️ Last warning: your data will be deleted Your account has been blocked! All your photos and videos will be deleted today! UPGRADE SUBSCRIPTION Thank you for your trust. Sincerely

Phishing Link

1. http://uadoi.gsh-hardware.com/xxx.orhhm16?xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx