quickassist.exe

  • File Path: C:\Windows\system32\quickassist.exe
  • Description: Quick Assist

Screenshot

quickassist.exe

Hashes

Type Hash
MD5 7BCDCE45F31D451C840A09F76E444234
SHA1 1A90C4C11AD8151D03020D3DA3F90CDA6D605E67
SHA256 AE58CEB26C7785FC56A582B351886DD2E02B0B473F49FE312AB7A2560A06F2E5
SHA384 2EF3DD0CA670ED81DF90DE39AA79DF177BDE6389AE870B12670AB3791272DD568C7261024D4B00579A087E40D991D791
SHA512 E2292D44251DB02E6BF7DCE4C6AB61FC0E27AA12A66317953817283BBB4ED880B89FCFF6D34B9001ED51927C5E0E0DFF47EC0DFD3E8182E5B20781C0ACE07D8B
SSDEEP 12288:B4fmOWyMAAk/dxtc+CQCYxpupjXvlYTBvse:B4fmOv/rnCYPupjflEvs
IMP B3B37E90F4622CA003036530E8182BF8
PESHA1 519995BE21622531A2B24FA8F15D6CC0D571D713
PE256 C8BC65B031497F99DC071485BF08CEE8B3124D5EDB05C7836EA3D221CCB051D8

Runtime Data

Window Title:

Quick Assist

Open Handles:

Path Type
(R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\ieframe.dll.mui File
(R-D) C:\Windows\System32\en-US\jscript9.dll.mui File
(R-D) C:\Windows\System32\en-US\mshtml.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\System32\en-US\quickassist.exe.mui File
(R-D) C:\Windows\System32\en-US\urlmon.dll.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2EF6BGRE\StrgMDL2.1.58[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\55503AHR\MemMDL2.1.62[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P7EE9DF0\8B4JPXFD.htm File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P7EE9DF0\DevCMDL2.1.62[1].eot File
(RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\TEDMJC85\RemtMDL2[1].eot File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_91a11828cc8ae445 File
(RWD) C:\Windows\Fonts File
(RWD) C:\Windows\Fonts\segoeui.ttf File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\284HWNDInterface:5d08ba Section
\Sessions\1\BaseNamedObjects\284HWNDInterface:e0910 Section
\Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user Section
\Sessions\1\BaseNamedObjects\windows_ie_global_counters Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Windows\system32\ATL.DLL
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\quickassist.exe
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: QuickAssist.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: Language Neutral
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/ae58ceb26c7785fc56a582b351886dd2e02b0b473f49fe312ab7a2560a06f2e5/detection

Possible Misuse

The following table contains possible examples of quickassist.exe being misused. While quickassist.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_middle_east_talosreport.yar $s1 = “QuickAssist.exe” fullword wide CC BY-NC 4.0
signature-base apt_middle_east_talosreport.yar $s4 = “name="QuickAssist" “ fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.