proquota.exe

  • File Path: C:\Windows\system32\proquota.exe
  • Description: ProQuota

Hashes

Type Hash
MD5 4D60B00A13EAB7734CA1CF92B124B1DA
SHA1 B7E1AF128EB6FE1BB6C3DEA2B3E9E6E06CAA8788
SHA256 817ED06C7BEC832CD3B574491D149CEC61D3D33F86AF93607893F76D349BC38F
SHA384 8621502D9AA1905D912B46D367C81A26E32B6C7C6AC704AF1915F2A87F04D1AFDB892231E07DA3ABD56BFBD98E414F94
SHA512 939D3A598000CE1D8FDFF625A3E8477933B779EF2920BF99EF1A8A8376426CAA4D25A8CAEB6B3D6D5C4E199FEFB6B5F96373A9DAE1530E0D681D55D7028B56C6
SSDEEP 1536:/dR90jjOyqIFvu77b+pJhHBHB3Q/4qvTs/dV:/7xyqazhhHB3QVsr
IMP ABC8E22DBBEBF60ED7A7AEEE0144B820
PESHA1 37C256710B2E3BC2F867190BCF40BC063B78FD2F
PE256 9F4F4D25972D1E16D42EDA33255FB693063A893F64CAD6AE0867B3DA5D816D48

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\system32\proquota.exe
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\USERENV.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_4238de57f6b64d28\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: proquota.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/817ed06c7bec832cd3b574491d149cec61d3d33f86af93607893f76d349bc38f/detection

Possible Misuse

The following table contains possible examples of proquota.exe being misused. While proquota.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml - '\proquota.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.