Resubmissions
13/02/2022, 03:26
220213-dy59eafben 1025/06/2021, 19:08
210625-fml1gypkn6 819/06/2021, 15:14
210619-d3391n953n 10Analysis
-
max time kernel
289s -
max time network
291s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
19/06/2021, 15:14
Static task
static1
Behavioral task
behavioral1
Sample
Tray.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Tray.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
Tray.exe
-
Size
321KB
-
MD5
6585cb51ff21007fb9ef936e96c58982
-
SHA1
7a3d5563460b9935fe84879ee14fabfc7c664825
-
SHA256
e07b0cd7eca5bc70b07ea786c3ef4da28036c901effa2193a93caf945cb2b334
-
SHA512
523c7b3ed0907a473eac04c8cb8642eeea1d3a223069f876a7e0bc18075d59f9903319f6b2e3c2fa262158f04c4ad3637568dd9b0558732c8a574ffe566efc7d
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 9 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\wimmount.sys Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\gm.dls Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui Tray.exe File opened for modification C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui Tray.exe -
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File opened for modification C:\Users\Admin\Pictures\ResolveOpen.tiff Tray.exe File opened for modification C:\Users\Admin\Pictures\SearchUndo.tiff Tray.exe -
Drops startup file 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Tray.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 64 IoCs
description ioc Process File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Tray.exe File opened for modification C:\Windows\Media\Savanna\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..-gb-links-component_31bf3856ad364e35_6.1.7601.17514_none_0ea01e97df141032\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\Desktop.ini Tray.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini Tray.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini Tray.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini Tray.exe File opened for modification C:\Users\Public\Libraries\desktop.ini Tray.exe File opened for modification C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.1.7600.16385_none_36604ea896f9a97d\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\Searches\desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XVLP3GFJ\desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini Tray.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7601.17514_none_da0c2f9edf5b1353\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\MLS6OOW4\desktop.ini Tray.exe File opened for modification C:\Windows\assembly\Desktop.ini Tray.exe File opened for modification C:\Windows\Globalization\MCT\MCT-US\Wallpaper\desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MTLR0RV\desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini Tray.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini Tray.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini Tray.exe File opened for modification C:\Windows\Media\Characters\Desktop.ini Tray.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Tray.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-landscapes_31bf3856ad364e35_6.1.7600.16385_none_e57abb2f66db71a9\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQE06QBJ\desktop.ini Tray.exe File opened for modification C:\Windows\Downloaded Program Files\desktop.ini Tray.exe File opened for modification C:\Windows\Web\Wallpaper\Landscapes\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ehome-reg-inf_31bf3856ad364e35_6.1.7601.17514_none_535245f3d98ecb9a\desktop.ini Tray.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini Tray.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini Tray.exe File opened for modification C:\Users\Admin\Music\desktop.ini Tray.exe File opened for modification C:\Windows\Globalization\MCT\MCT-US\Link\desktop.ini Tray.exe File opened for modification C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini Tray.exe File opened for modification C:\Windows\Web\Wallpaper\Characters\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\Desktop.ini Tray.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\desktop.ini Tray.exe File opened for modification C:\Windows\Media\Afternoon\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini Tray.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..-us-links-component_31bf3856ad364e35_6.1.7601.17514_none_b325aa489d61d3a5\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_6.1.7600.16385_none_7ff91f5d2dd6c770\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini Tray.exe File opened for modification C:\Users\Public\Music\desktop.ini Tray.exe File opened for modification C:\Windows\Media\Garden\Desktop.ini Tray.exe File opened for modification C:\Windows\Media\Landscape\Desktop.ini Tray.exe File opened for modification C:\Windows\Media\Raga\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.2.9600.16428_none_197d7b3a29314757\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_6.1.7600.16385_none_64398328adc9c59d\Desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini Tray.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini Tray.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini Tray.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini Tray.exe File opened for modification C:\Windows\Fonts\desktop.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Desktop.ini Tray.exe -
Drops autorun.inf file 1 TTPs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\msxbde40.dll Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnep00c.inf_amd64_neutral_f0d9ddf52f04765c\Amd64\EP0NGP8W.GPD Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\rpcnsh.dll.mui Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd5300t.gpd Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\NetworkItemFactory.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\diskcopy.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\sdchange.exe Tray.exe File opened for modification C:\Windows\SysWOW64\fontext.dll Tray.exe File opened for modification C:\Windows\SysWOW64\chtbrkr.dll Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnok002.inf_amd64_neutral_616c1e9b7df7d5a9\Amd64\OKML391T.GPD Tray.exe File opened for modification C:\Windows\SysWOW64\diskcopy.com Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Xps-Foundation-Client-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prngt003.inf_amd64_neutral_8c9aae54a5673a35\Amd64\GS55006.GPD Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\nslookup.exe.mui Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\jscript9.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\sqlsrv32.dll Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-Shell-WinIP-Package~31bf3856ad364e35~amd64~it-IT~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\System32\DriverStore\en-US\prnca00f.inf_loc Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\rdrleakdiag.exe.mui Tray.exe File opened for modification C:\Windows\SysWOW64\wbem\en-US\vss.mfl Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\CNB_0303.GPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPDJ5550.CFG Tray.exe File opened for modification C:\Windows\SysWOW64\wscapi.dll Tray.exe File opened for modification C:\Windows\SysWOW64\vfpodbc.dll Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Multimedia-Package~31bf3856ad364e35~amd64~nl-NL~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_96_for_KB3109118~31bf3856ad364e35~amd64~~6.1.4.0.cat Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualPC-Licensing-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnbr002.inf_amd64_neutral_db1d8c9efda9b3c0\Amd64\BRD560CN.GPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\IF6000.GPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\BrUs2Sti.dll Tray.exe File opened for modification C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs Tray.exe File opened for modification C:\Windows\SysWOW64\InstallShield\setupdir\000e\_setup.dll Tray.exe File opened for modification C:\Windows\SysWOW64\mstscax.dll Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-Multimedia-Package~31bf3856ad364e35~amd64~de-DE~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00a.inf_amd64_neutral_d64d696193e69d7b\Amd64\CNBBR325.DLL Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\IF40006.GPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnnr002.inf_amd64_neutral_37896c5e81c8d488\Amd64\NR8200.GPD Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\route.exe.mui Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Win8IP-Microsoft-Windows-DownlevelApisets-WinIP-Package~31bf3856ad364e35~amd64~he-IL~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpoa320t.exp Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\lxa3comc.DLL Tray.exe File opened for modification C:\Windows\SysWOW64\tpmcompc.dll Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\blbdrive.sys Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\wscsvc.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\dsound.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\migwiz\dlmanifests\PeerToPeerAdmin-DL.man Tray.exe File opened for modification C:\Windows\SysWOW64\wbem\OfflineFilesWmiProvider_Uninstall.mof Tray.exe File opened for modification C:\Windows\SysWOW64\ja-JP\fms.dll.mui Tray.exe File opened for modification C:\Windows\SysWOW64\migwiz\dlmanifests\DFSClient-DL.man Tray.exe File opened for modification C:\Windows\SysWOW64\VBAME.DLL Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\CNB7TKAA.ICM Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\hpmcpdp6.gpd Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPF4A63L.GPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN1341E3.PPD Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\wvmbus.inf Tray.exe File opened for modification C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall Tray.exe File opened for modification C:\Windows\SysWOW64\drmmgrtn.dll Tray.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\Amd64\KYUD5400.GDL Tray.exe File opened for modification C:\Windows\SysWOW64\autochk.exe Tray.exe File opened for modification C:\Windows\System32\DriverStore\en-US\netloop.inf_loc Tray.exe File opened for modification C:\Windows\SysWOW64\en-US\tracert.exe.mui Tray.exe File opened for modification C:\Windows\SysWOW64\tcpmonui.dll Tray.exe File opened for modification C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat Tray.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\winsxs\Manifests\msil_system.management_b03f5f7f11d50a3a_6.1.7601.17514_none_f391cd7ec90fa718.manifest Tray.exe File opened for modification C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ed4e6c0f14dce27e\aspnet_compiler.exe Tray.exe File opened for modification C:\Windows\inf\mdmmc288.inf Tray.exe File opened for modification C:\Windows\servicing\Packages\Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-MiniLP~31bf3856ad364e35~amd64~sk-SK~7.1.7601.16492.mum Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-ntlanman_31bf3856ad364e35_6.1.7601.17514_none_32187fb040e2395a.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\wow64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_en-us_1eb04467622ff377.manifest Tray.exe File opened for modification C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_6.1.7600.16385_none_df4bbe8e10903104_8514sysr.fon_d6a097a2 Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bea58db7ca7da311.manifest Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\photoedge_selectionsubpicture.png Tray.exe File opened for modification C:\Windows\winsxs\amd64_prnod002.inf_31bf3856ad364e35_6.1.7600.16385_none_ae12c1cb94acf497\Amd64\OKML490.GPD Tray.exe File opened for modification C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_38fe497fea9b41b8.manifest Tray.exe File opened for modification C:\Windows\Cursors\size4_rm.cur Tray.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif Tray.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.5\csc.rsp Tray.exe File opened for modification C:\Windows\winsxs\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-ie-esc_881b20a0d2777648.cdf-ms Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a0227acea6dfc9e.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_7e4d2e821b015f43.manifest Tray.exe File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll Tray.exe File opened for modification C:\Windows\Fonts\vijaya.ttf Tray.exe File opened for modification C:\Windows\winsxs\Backup\amd64_microsoft-windows-commonlog.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e4dacd214324325.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_qd3x64.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81adc978a2ffa974.manifest Tray.exe File opened for modification C:\Windows\winsxs\amd64_prngt004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3b245ba30f11cee7\prngt004.inf_loc Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_609ebaed9a394a1c\TextServicesFramework-Migration-DL.man Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\msdelta.dll Tray.exe File opened for modification C:\Windows\winsxs\amd64_prnhp003.inf_31bf3856ad364e35_6.1.7600.16385_none_2fd781a76c9dcc13\Amd64\hpzurw71.dll Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_6.1.7600.16385_none_6fcb8c193931bf54\devmgmt.msc Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_6.1.7600.16385_none_69c0c0c8dd122d42\cliegaliases.mof Tray.exe File opened for modification C:\Windows\winsxs\Backup\wow64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_bf2d7fd1322776ee.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..-wow64-setupdll0011_31bf3856ad364e35_6.1.7600.16385_none_4a9f5a28c99a3ce4.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.1.7600.16385_none_73c8b7ae239db6b0.manifest Tray.exe File opened for modification C:\Windows\inf\SMSvcHost 4.0.0.0\000A\_SMSvcHostPerfCounters.ini Tray.exe File opened for modification C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\brmsl07f.bin Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\form.dll Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-f..itmap-ms_sans_serif_31bf3856ad364e35_6.1.7600.16385_none_ac9f9e10add68c8b\sserifet.fon Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..onal-codepage-10005_31bf3856ad364e35_6.1.7600.16385_none_23d94eeb2a190849.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\wow64_microsoft-windows-p..kingfull-deployment_31bf3856ad364e35_6.1.7600.16385_none_1cce834d9276591b.manifest Tray.exe File opened for modification C:\Windows\winsxs\x86_netfx-microsoft_vsa_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_e65fcc6ca26c50f7\Microsoft.Vsa.tlb Tray.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui Tray.exe File opened for modification C:\Windows\servicing\Packages\Win8IP-Microsoft-Windows-DownlevelApisets-Base-WinIP-Package~31bf3856ad364e35~amd64~en-GB~7.1.7601.16492.cat Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4570dd9fe024ca48\DiagPackage.dll.mui Tray.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-wlanutil_31bf3856ad364e35_6.1.7600.16385_none_3aee095e6f5dd427\wlanutil.dll Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-powershell-events_31bf3856ad364e35_6.1.7600.16385_none_34c714dabcba0250\PSEvents.dll Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_4f18faed6aae2509.manifest Tray.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Stars.htm Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.1.7601.17514_none_8d32f6bc0f6a779e\Security-SPP-Component-SKU-HomePremium-OEM-SLP1-ul-oob.xrm-ms Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-whoami_31bf3856ad364e35_6.1.7600.16385_none_2a716ffd9b872f68\whoami.exe Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..rationmanagement-ui_31bf3856ad364e35_6.1.7600.16385_none_bdfcbd27e06339bf.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_en-us_640c39565389940a.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.16492_none_f6dafd66fdb9c254.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_8db1585d2ab21c6f.manifest Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1ea6e4bf5d22f7cd.manifest Tray.exe File opened for modification C:\Windows\winsxs\amd64_wiacn001.inf_31bf3856ad364e35_6.1.7600.16385_none_95eb24d2d4a0a55b\CNHW170S.DLL Tray.exe File opened for modification C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_7.2.7601.16406_none_7534ffe4c3fab325.manifest Tray.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_93e92ccb07b605c3\gpresult.exe.mui Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\eapcommon.xsd Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-rpc-http.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b143921936942d2a\rpchttp.dll.mui Tray.exe File opened for modification C:\Windows\winsxs\amd64_prnlx008.inf_31bf3856ad364e35_6.1.7600.16385_none_4ad9791e5ccc3974\Amd64\LXX850e.gpd Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..l-keyboard-00020401_31bf3856ad364e35_6.1.7600.16385_none_89739e04630afaa3.manifest Tray.exe File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_7.2.7601.16406_none_1d703207ee64f209\fastprox.dll Tray.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_en-us_25c5f7bfa2f67233\drt.dll.mui Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7601.17514_none_fc00d9a9415b5f6e\NlsData0816.dll Tray.exe File opened for modification C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..eakerstemmer-french_31bf3856ad364e35_7.0.7600.16385_none_ca326e8ca7946b57.manifest Tray.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\System Diagnostics.xml Tray.exe