poqexec.exe

• File Path: C:\Windows\system32\poqexec.exe
• Description: Primitive Operations Queue Executor

Hashes

Type	Hash
MD5	311F9A3A9059EAE049253D3F5A813763
SHA1	1A80BCA7E5A51BA1FCAB8B32873CA889F79103CC
SHA256	719A2F4960E8FD9BB340F9182749E561E0DA3F9F0464D022AC597A3B4B4A350C
SHA384	CD1A6ECCA690C0D55331F589335DB32FD0F61325C0AB03DB5BBCDA5BD6C87F412574B74701FFC837741E846E948B2B00
SHA512	1569D5FC5FF02644756127CBDB074DFF29A3DEB4347ED6C1F92858E7EF8992A0654DE6F76C72A52B692D63439AE1BBCCD4E06B4F050B156FF8CB4A33DC681F47
SSDEEP	12288:Ya08Hr0ycItJ3KEoz8XQ1C+1TEpt9MpkFoxrInyH5q7l:88HrPj3oymC4TGMGmxrL5m

Signature

• Status: The file C:\Windows\system32\poqexec.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
• Serial: ``
• Thumbprint: ``
• Issuer:
• Subject:

File Metadata

• Original Filename: poqexec.exe.mui
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\poqexec.exe	99
C:\Windows\system32\poqexec.exe	94
C:\Windows\system32\poqexec.exe	99

Possible Misuse

The following table contains possible examples of poqexec.exe being misused. While poqexec.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	registry_event_asep_reg_keys_modification_common.yml	- 'C:\Windows\System32\poqexec.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.