proquota.exe

  • File Path: C:\WINDOWS\system32\proquota.exe
  • Description: ProQuota

Hashes

Type Hash
MD5 2D6079B421FD5265BCEA82CAD17DDCA8
SHA1 A7B8CF6EC86AB7B5323BC6A39CDD0DAA53A3FA97
SHA256 A3C2045176AC87766D80D1FBB7CF2517313157283C0607EAE642FA0FED9DD03C
SHA384 486A24A904F943F10643EB24A79FBA558CB7C1979E26772748179B6B57BAB3C0071753C62AF2525D813F901E4343B69F
SHA512 214993D58D5811ECCC7CEA0387837954095D184B47CE478D639714B6A113629E5A62D7E2CE97CBA2AFCE1126CD0231E8BBEDCD4A41BDCC24020162CFB1530262
SSDEEP 1536:CfowwqNShX3NwzqpCbIM1KAVRRYpsHflS2TtM66W:CiUSVNrp1C9IytM69
IMP 3F32C4F6EBFEC67C604916772E1803F1
PESHA1 2CAA2B9CD200E0C729B380A2E88566F96AC202BD
PE256 B7855610BF7525E47D255882BECD73E91830D9C10196A7683837DF8E51A270B3

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\proquota.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: proquota.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/a3c2045176ac87766d80d1fbb7cf2517313157283c0607eae642fa0fed9dd03c/detection

Possible Misuse

The following table contains possible examples of proquota.exe being misused. While proquota.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml - '\proquota.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.