wsqmcons.exe

  • File Path: C:\Windows\system32\wsqmcons.exe
  • Description: Windows SQM Consolidator

Hashes

Type Hash
MD5 67FA4FB09632BC10881316F229E0D128
SHA1 F2DAEC3A3459ADD53D5D81E9BE32E8CFE2B48227
SHA256 9FD2D9FE6BB0620B8DBDBE1335CE93F508B3CB5CF7F5C053A5C91C2220AD4332
SHA384 5C05573CFAAAEFB91386D39202207308569475E6BE293B30A5DAF6F793834DF7474CBFB9D64A94998061A13424BF0B1D
SHA512 4524C89FC3CEB9854888D8767A6D1A53935856068EF3FFC3CEEC416823A575878B2F5E397FF82D8A200D7FAB7695CF5354CADE8B2F8336081BE9D5582C57F9BD
SSDEEP 768:xO9MbwAtFq+ogaRQpv1ojVbPJGJBMCat2Jp0sBflQuWnnnPreUVnbO6wGNj4:tbLogYkv16PJGACLJp0sB9Qumre2q6Q

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wsqmcons.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\wsqmcons.exe 30
C:\Windows\system32\wsqmcons.exe 32
C:\WINDOWS\system32\wsqmcons.exe 36
C:\Windows\system32\wsqmcons.exe 33
C:\Windows\system32\wsqmcons.exe 32
C:\Windows\system32\wsqmcons.exe 30
C:\Windows\system32\wsqmcons.exe 35
C:\WINDOWS\system32\wsqmcons.exe 47

Possible Misuse

The following table contains possible examples of wsqmcons.exe being misused. While wsqmcons.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_turla_comrat_may20.yml - '.WSqmCons))\|iex;' DRL 1.0
malware-ioc misp-turla-comrat-v4-event.json "value": "HKLM\\SOFTWARE\\Microsoft\\SQMClient\\Windows.WSqmCons", © ESET 2014-2018
malware-ioc turla * ++HKLM\SOFTWARE\Microsoft\SQMClient\Windows.WSqmCons++``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.