proquota.exe

• File Path: C:\Windows\SysWOW64\proquota.exe
• Description: ProQuota

Hashes

Type	Hash
MD5	CDDF9E547309F29892FBC5922C535770
SHA1	E69375F1116E0461672310B972E4ABC44FCDC2B8
SHA256	CD0F437D9658F06E19FE93809270E2906148807314703475457C70C59D54C354
SHA384	04640949A9B6D9D4DFF8CA08895D9DFC7149BC53E2CD7F3BB6B7F4BBB5695CF63C0A8F90E76BC3AE78B5E7331314F777
SHA512	3D1C78DE572DFE5A4C250932E3762DBC330FE8D7A996400E6323D4A7419F978F3EF8422FED22252BC2915AED48FC0AAF0FA460F975AA23844302D7978C90A9AE
SSDEEP	384:8ZzhBPZsCHCOeEC9crAObqBLZfFB6bF6s0+hYhUGU68VVrVjkZecZjsWbuWbKAe6:6VBPZ7HBPY/jc6sUUGUV5kZe6zl
IMP	9E64C66B08DB18BB977AB395CAE4C0A2
PESHA1	42F718DCD147A6BE5F5D25012D6A89E970BA89B7
PE256	141B922C8BBABE94619D823F3853A5FBC6D1B63E7CCC973629723050EB87BAB7

Signature

• Status: Signature verified.
• Serial: 33000001C422B2F79B793DACB20000000001C4
• Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: proquota.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.17763.1 (WinBuild.160101.0800)
• Product Version: 10.0.17763.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/70
• VirusTotal Link: https://www.virustotal.com/gui/file/cd0f437d9658f06e19fe93809270e2906148807314703475457c70c59d54c354/detection/

Possible Misuse

The following table contains possible examples of proquota.exe being misused. While proquota.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml	- '\proquota.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.