Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
22/10/2023, 17:20
Behavioral task
behavioral1
Sample
NEAS.65b63b818157265abb5d6b2a6c671030.exe
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.65b63b818157265abb5d6b2a6c671030.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
NEAS.65b63b818157265abb5d6b2a6c671030.exe
-
Size
9.1MB
-
MD5
65b63b818157265abb5d6b2a6c671030
-
SHA1
9bab3a77c6afc460513fa42d5decab9daf4c8ae9
-
SHA256
d1eadb0f53b2c6950f4377321560e9d3853b1796d1dcfd7f5e132143d53de67f
-
SHA512
9810e3aa71608cebf49304e225542b32caacea7c6d906436d7abba1995d7bb1ab8d390e5b41a81a6d39a94cc003eb27c36291b0d511297b78d666ebed6ac7a7c
-
SSDEEP
196608:UbFb3bPk5HyC8k5h/wDdEoNiV4I/WWwA7mdoNkBLOrrDfgZeVmCJWly:UbFb3bPk5HPhJCdBBB8Y7y
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/440-0-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral2/memory/440-2-0x0000000000400000-0x0000000000410000-memory.dmp upx -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\bitsadmin.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\dccw.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\efsui.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\explorer.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\mspaint.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\PING.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\TSTheme.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\CameraSettingsUIHost.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\icsunattend.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\InstallShield\_isdel.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\OpenWith.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\ARP.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\bthudtask.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\cscript.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\finger.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\GameBarPresenceWriter.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\sfc.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\agentactivationruntimestarter.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\convert.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\gpscript.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\nslookup.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\powercfg.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\TpmInit.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\msiexec.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\sdbinst.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\SearchIndexer.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\systeminfo.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\systray.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\wbem\WMIC.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\autoconv.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\PickerHost.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\RMActivate.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\TRACERT.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\xcopy.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\regedit.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\SearchFilterHost.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\TokenBrokerCookies.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\w32tm.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\InfDefaultInstall.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\ktmutil.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\proquota.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\runas.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\tar.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\tracerpt.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\fsutil.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\openfiles.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\RMActivate_isv.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\sort.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\srdelayed.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\attrib.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\backgroundTaskHost.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\ctfmon.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\mobsync.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\Taskmgr.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\TapiUnattend.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\diskpart.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\gpresult.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\raserver.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SysWOW64\regsvr32.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1237_none_9ad73d125ac89655\r\bfsvc.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_10.0.19041.84_none_bf1eecf3f472e3ce\r\Defrag.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1_none_b6a6a2ae8b1ec7b0\vfpctrl.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\vmwp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\cttunesvr.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1202_none_b918e36ffc7a6ffe\r\ShellLauncherConfig.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1_none_2eeab9eac7c3eb5c\WFS.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\r\CHXSmartScreen.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.928_none_85ac1b118ff2a924\dxgiadaptercache.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.19041.264_none_dc8146375466099a\r\DWWIN.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.746_none_11e04cec24452336\dwm.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.928_none_0b17415ae0dd0379\r\hvc.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.1052_none_0bde546bcaf8e34a\f\ClipUp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..mnotificationbroker_31bf3856ad364e35_10.0.19041.746_none_a5ade2e84580e250\r\DmNotificationBroker.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..esslockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_15e5bfcd83a1911a\r\AssignedAccessLockApp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.19041.746_none_2c2bcd67e9d4665c\r\FileHistory.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\cleanmgr.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.207_none_4054ef70f69f6ff9\f\wpr.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.19041.746_none_cabafbc5834ab93f\f\DisplaySwitch.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\DataSvcUtil.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-castserver_31bf3856ad364e35_10.0.19041.746_none_a5986eca8fd4063b\r\CastSrv.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-certutil_31bf3856ad364e35_10.0.19041.746_none_937e52b9922bd791\certutil.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_7777dd52093f9dd6\control.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\CameraBarcodeScannerPreview.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.423_none_841c30f68571c385\hnsdiag.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_a40a1f93665b43eb\r\SndVol.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1266_none_c4b179e0b12fe4b9\winload.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.19041.1288_none_6c70124c60e2b4ef\r\vmcompute.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.19041.1_none_b6b7b206d4b9d895\comp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.19041.1202_none_a5a4c3f2637b55fa\r\aitstatic.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.1_none_9b8799837b1e944c\WindowsSandboxClient.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\FileExplorer.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.19041.1_none_a3224c6911783037\IMJPUEX.EXE NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.19041.1_none_ac65d58626f4027c\efsui.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\f\hvax64.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1266_none_a88c5999d8585853\pcalua.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.264_none_839983ebef167c68\f\CredentialEnrollmentManager.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.19041.546_none_36dd2ad842e4f8c3\f\csrss.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.1202_none_c0150a0a443c0ffc\r\wbadmin.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1_none_14f1e9e91239944a\MdmDiagnosticsTool.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.264_none_223a5768a6257099\ShellLauncherConfig.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\f\hvsiproxyapp.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.546_none_f786fa028426f858\fltMC.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1288_none_e25de9f9d964cdad\f\conhost.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-alg_31bf3856ad364e35_10.0.19041.746_none_86e29cecb9edce01\alg.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.19041.1_none_0ed4f15b837334c7\csrss.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1202_none_3594628932065f23\f\wevtutil.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1266_none_cfec8db821d83671\f\winresume.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicesetupmanagerapi_31bf3856ad364e35_10.0.19041.1_none_2da6c69fad3fdf0b\DsmUserTask.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.264_none_c1c396da5ea1410f\r\wbengine.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-computerdefaults_31bf3856ad364e35_10.0.19041.1_none_bc67af2f62a6f130\ComputerDefaults.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1202_none_24329c73afbd2316\r\DeviceCensus.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1023_none_d3d892f3280079d7\r\MdmDiagnosticsTool.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_9613f8b833f2e8f1\ByteCodeGenerator.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\f\AppResolverUX.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.867_none_b4e9fc09cfcbdd7c\AxInstUI.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dlna-mdeserver_31bf3856ad364e35_10.0.19041.746_none_b4017de081b11e02\MDEServer.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.19041.1_none_0b4eeb140948562c\drvinst.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..eapplifetimemanager_31bf3856ad364e35_10.0.19041.746_none_45062eb997366a7f\f\RemoteAppLifetimeManager.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.153_none_c283d2cf01b0b7d8\r\EoAExperiences.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.746_none_3db5b5ee37a4dee7\CompPkgSrv.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\Microsoft.Uev.CscUnpinTool.exe NEAS.65b63b818157265abb5d6b2a6c671030.exe