quickassist.exe

  • File Path: C:\Windows\SysWOW64\quickassist.exe
  • Description: Quick Assist

Screenshot

quickassist.exe

Hashes

Type Hash
MD5 46C5310AD64D2611E2EF6194A1D52BD9
SHA1 4840596B20E73EE5CAC821001E03E2E068B28F1A
SHA256 614B6B3090990103ECE98B737A1961C9F5C14FFDC86EBD1552B1D86D9A577394
SHA384 9BAF4E184D0663BDBC43BB37A8C2F4B7D964500481D7BC4D9ED84D5EC9B34FE6A480563EA59DF4D4BEB1D114D57AF4F6
SHA512 9AC491BDFE0A90D7878089C6933B4EFE637F4D5CC90D0204998C527FF8D54A7E0882C3D00A356BE7563026C80ACE9C0D5734872F17D933419066E2E29FC73739
SSDEEP 12288:FVg2QPROIoCaYG8n2XdUzzPchW3Zol8L06B0JwH2ZF:bVQPROIoCaN8n2Xd8jchWJouL06B0JwH
IMP 63B599DA8F9E668A6815077A1E438DBD
PESHA1 64839A04BE390BA06580E39358CEF4A540F1A2AA
PE256 BEFC7DF5D3BB29E0645FB638B8844A60C106C15E81DFF3C8F5E1959F97456184

Runtime Data

Window Title:

Quick Assist

Open Handles:

Path Type
(R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\ieframe.dll.mui File
(R-D) C:\Windows\System32\en-US\mshtml.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\jscript9.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\quickassist.exe.mui File
(R-D) C:\Windows\SysWOW64\en-US\urlmon.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ie\55503AHR\StrgMDL2.1.58[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ie\P7EE9DF0\DevCMDL2.1.62[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ie\P7EE9DF0\RemtMDL2[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ie\P7EE9DF0\WNKBJDJD.htm File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ie\TEDMJC85\MemMDL2.1.62[1].eot File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_d94e4effe1070d4b File
(RWD) C:\Windows\Fonts File
(RWD) C:\Windows\Fonts\segoeui.ttf File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\ecHWNDInterface:1000782 Section
\Sessions\1\BaseNamedObjects\ecHWNDInterface:be07ee Section
\Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_ie_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\quickassist.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: QuickAssist.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: Language Neutral
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: Unknown

Possible Misuse

The following table contains possible examples of quickassist.exe being misused. While quickassist.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_middle_east_talosreport.yar $s1 = “QuickAssist.exe” fullword wide CC BY-NC 4.0
signature-base apt_middle_east_talosreport.yar $s4 = “name="QuickAssist" “ fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.