Windows Analysis Report
USBRecoveryCreator.exe

Compliance

Source: USBRecoveryCreator.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: USBRecoveryCreator.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 13.215.130.214:443 -> 192.168.2.17:49712 version: TLS 1.2

Source: USBRecoveryCreator.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.163.250

Source: global traffic	DNS traffic detected: DNS query: dds.lenovo.com
Source: global traffic	DNS traffic detected: DNS query: passport.lenovo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 13.215.130.214:443 -> 192.168.2.17:49712 version: TLS 1.2

System Summary

Source: USBRecoveryCreator.exe

Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Source: USBRecoveryCreator.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus36.evad.winEXE@14/96@13/122

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

File created: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ControlPanel

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

File created: C:\Users\user\AppData\Local\Temp\.net

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

File read: C:\Users\user\Desktop\USBRecoveryCreator.exe

Source: unknown	Process created: C:\Users\user\Desktop\USBRecoveryCreator.exe "C:\Users\user\Desktop\USBRecoveryCreator.exe"
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=7132.6416.13364086456236290218
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: icu.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: cryptxml.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: webservices.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: d3dcompiler_47_cor3.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: d3d9.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: winsta.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: msctfui.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wshunix.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.devices.sensors.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: biwinrt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msdmo.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwritecore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wevtapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: bitsproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwmapi.dll

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: USBRecoveryCreator.exe

Static PE information: certificate valid

Source: USBRecoveryCreator.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: USBRecoveryCreator.exe

Static file information: File size 74500240 > 1048576

Source: USBRecoveryCreator.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x541c00
Source: USBRecoveryCreator.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x13ca00
Source: USBRecoveryCreator.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x194a00

Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: USBRecoveryCreator.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: USBRecoveryCreator.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: USBRecoveryCreator.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: USBRecoveryCreator.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: USBRecoveryCreator.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: USBRecoveryCreator.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: USBRecoveryCreator.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: USBRecoveryCreator.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Source: USBRecoveryCreator.exe	Static PE information: section name: .CLR_UEF
Source: USBRecoveryCreator.exe	Static PE information: section name: .didat
Source: USBRecoveryCreator.exe	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\D3DCompiler_47_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dll			Jump to dropped file

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	File created: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dll			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Memory allocated: 5250000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Memory allocated: 5480000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Memory allocated: 8480000 memory reserve | memory write watch

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Window / User API: threadDelayed 621

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dll			Jump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dll			Jump to dropped file

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\blob_storage\09dd40c7-9998-4598-b0ef-63466da43b13 FullSizeInformation

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Thread delayed: delay time: 922337203685477

Anti Debugging

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Process queried: DebugPort

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=mojoipcz --mojo-named-platform-channel-pipe=7132.6416.13364086456236290218
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Users\user\Desktop\USBRecoveryCreator.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob