proquota.exe

  • File Path: C:\WINDOWS\SysWOW64\proquota.exe
  • Description: ProQuota

Hashes

Type Hash
MD5 561732EDD61FE0749A192E46EE932B77
SHA1 569F120F317407ABC684066CDD43D1DE24B75334
SHA256 CAB826AC0D9AD191C1A8181F5C1D92DA0EDABDF724C6953A44BE5C5526E5F7FB
SHA384 C94C03AD1BFBBB913A2DF547CE59F89BE6891789639BE866C3CC0D1E100626E9E52BF3B8E8372B63DABD5F539E7A64A9
SHA512 AD485D9E49A5A9ED835CE81D93FBEFBB24C97C3FA00D0C47FF0325CB3E23B6CDAAEA4BAF603A604E5F958F76B5B5715A50F0D49F4BBB1DB30F0D5684969121F1
SSDEEP 768:TkI2xSPuc0uiPp0dmewTLW9V/FU7RaL7wVrWB3nITXVLLYHTh2a:TkI2puiPp0dmewTa9VO7RC7wVrQ3nITS
IMP CB17B2F9B1E1BC989C7DB371EF6BDBC0
PESHA1 B28968F1F51CFA7367AC7F112401ED549A8A04F2
PE256 C98752D5A5200F382E3A2F4CC1C69F0BED2CBC10FE0A0B007CC971C24CC2620A

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\proquota.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: proquota.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/cab826ac0d9ad191c1a8181f5c1d92da0edabdf724c6953a44be5c5526e5f7fb/detection

Possible Misuse

The following table contains possible examples of proquota.exe being misused. While proquota.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml - '\proquota.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.