Edit tour

Windows Analysis Report
XDA_CDS v6.8.54_SE.exe

Overview

General Information

Sample name:	XDA_CDS v6.8.54_SE.exe
Analysis ID:	1529182
MD5:	5f0a52b6484cd9d70421a3ac1389f220
SHA1:	ca4d8c695752c63639b063239014bda6b332ace7
SHA256:	9b70be65faaa9818825e0b89cfa38a9fed843babb2970c901237a22a38f485c8
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	51
Range:	0 - 100

Signatures

Suricata IDS alerts for network traffic

.NET source code contains potential unpacker

Installs new ROOT certificates

Reads the Security eventlog

Reads the System eventlog

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for available system drives (often done to infect USB drives)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Creates processes with suspicious names

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

XDA_CDS v6.8.54_SE.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe" MD5: 5F0A52B6484CD9D70421A3AC1389F220)

XDA_CDS v6.8.54.exe (PID: 6528 cmdline: "C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe" MD5: F58898CE6418ADC6C7B52E6EB409A2DD)

Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe (PID: 2712 cmdline: "C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe" /L1033 /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false MD5: FBCAE8A69E9363EAEECE61DBF97D066D)

Setup.exe (PID: 2868 cmdline: /prereqcheck /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped MD5: 740220BE9C7EB7266701109C1A762F66)

Setup.exe (PID: 424 cmdline: /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped MD5: 740220BE9C7EB7266701109C1A762F66)

dbVersionDetect.exe (PID: 3312 cmdline: "C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE MD5: 1120ED381A9D0F6E818E3C8762501CAA)

conhost.exe (PID: 780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msiexec.exe (PID: 7140 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6896 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 398AEE39D053096B8B7CCBB4A051E035 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 6056 cmdline: rundll32.exe "C:\Windows\Installer\MSI387B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6830312 2 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteInitialize MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 3840 cmdline: rundll32.exe "C:\Windows\Installer\MSI48B8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6834390 8 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteBegin MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 2424 cmdline: rundll32.exe "C:\Windows\Installer\MSI55F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6837765 14 CustomAction!CustomActionsShared.ExecuteSequence.SilentExecuteValidations MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 3408 cmdline: rundll32.exe "C:\Windows\Installer\MSI90D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6852843 20 CustomAction!CustomActionsShared.ExecuteSequence.InstallExecuteSeq MD5: 889B99C52A60DD49227C5E485A016679)

DbCreate.exe (PID: 3252 cmdline: "C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DBCreate.exe" SQLCE MD5: ADE887FAF60C4EAB240D15A4A40BAAF0)

conhost.exe (PID: 3724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Suricata Signatures

ET MALWARE Possible Windows executable sent when remote host claims to send html content

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T18:05:57.637846+0200	2009897	1	A Network Trojan was detected	13.14.0.17	443	192.168.2.16	49714	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T18:05:57.549001+0200	2803305	3	Unknown Traffic	192.168.2.16	49714	13.14.0.17	443	TCP
2024-10-08T18:06:29.825255+0200	2803305	3	Unknown Traffic	192.168.2.16	49716	13.14.0.17	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

Uses 32bit PE files

Source: XDA_CDS v6.8.54_SE.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Window detected: &Cancel&Next >License agreementSQL Server SelectionDatabase ServerSQL Database CreationDestination FolderDatabase OptionsReady To InstallInstallation ProgressSetup Complete&View ReadmeLicense agreementPlease read the following license agreement carefully.I &do not accept the terms in the license agreementI &accept the terms in the license agreementXerox CorporationSoftware End-User License Agreement (EULA)1.WHEN USED IN THIS EULA XEROX MEANS XEROX CORPORATION. YOU MEANS THE INDIVIDUAL OR LEGAL ENTITY ACQUIRING THE SOFTWARE. Please read this EULA carefully before downloading installing or using the Licensed Software. BY DOWNLOADING INSTALLING OR USING THE LICENSED SOFTWARE YOU ARE AGREEING TO BE LEGALLY BOUND BY THE TERMS OF THIS EULA GOVERNING THE USE OF THE LICENSED software. If you do not agree to the terms of this EULA downloading installation and use of the Licensed Software are strictly prohibited.2.Licensed Software. This EULA applies to the following software products (as they are issued as of the date of this EULA) and any subsequent upgrades supplements add-ons and substitute releases thereof: Xerox Device Manager (XDM) Xerox Device Agent (XDA) and the XDA family of software products CentreWare Web (CWW) Xerox Workplace Cloud Agent (XWCA) when provided with XDA and to any other software products provided with this EULA each a Licensed Software.3.Xerox Tools. The Xerox Tools are certain software-based components documentation and methodology-based components hosted by Xerox and used to provide print services to customers. No rights are granted to you under this EULA with respect to the hosted Xerox Tools. The Licensed Software interacts with the Xerox Tools as set forth in Paragraph 6 below.4.License Grant. Xerox grants You a non-exclusive non-transferable license to install the Licensed Software on a host computer or server and to use the Licensed Software provided to you (a) if you have a contract for print services with Xerox or a Xerox-authorized service provider (Contract) to use XDM or XDA for the purpose of receiving print services during the term of the Contract; or (b) if you downloaded CWW from an authorized Xerox website to use CWW in accordance with the terms set forth on the authorized Xerox website or the accompanying user manual or documentation. If the Licensed Software includes software developed by a third party such third party shall be considered a third party beneficiary of Your obligations under this EULA. The readme and notice files may include third party flow down terms and conditions which are a part of this EULA. This EULA incorporates by reference and makes a part hereof any readme or notice files accompanying the Licensed Software. Title to the Licensed Software and all copies shall at all times reside exclusively with Xerox and/or its licensor(s). 5.Licensed Software Updates. Xerox may provide or otherwise make available updates bug fixes feature enhancements or improvem
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Window detected: &Cancel&Next >License agreementSQL Server SelectionDatabase ServerSQL Database CreationDestination FolderDatabase OptionsReady To InstallInstallation ProgressSetup Complete&View ReadmeLicense agreementPlease read the following license agreement carefully.I &do not accept the terms in the license agreementI &accept the terms in the license agreementXerox CorporationSoftware End-User License Agreement (EULA)1.WHEN USED IN THIS EULA XEROX MEANS XEROX CORPORATION. YOU MEANS THE INDIVIDUAL OR LEGAL ENTITY ACQUIRING THE SOFTWARE. Please read this EULA carefully before downloading installing or using the Licensed Software. BY DOWNLOADING INSTALLING OR USING THE LICENSED SOFTWARE YOU ARE AGREEING TO BE LEGALLY BOUND BY THE TERMS OF THIS EULA GOVERNING THE USE OF THE LICENSED software. If you do not agree to the terms of this EULA downloading installation and use of the Licensed Software are strictly prohibited.2.Licensed Software. This EULA applies to the following software products (as they are issued as of the date of this EULA) and any subsequent upgrades supplements add-ons and substitute releases thereof: Xerox Device Manager (XDM) Xerox Device Agent (XDA) and the XDA family of software products CentreWare Web (CWW) Xerox Workplace Cloud Agent (XWCA) when provided with XDA and to any other software products provided with this EULA each a Licensed Software.3.Xerox Tools. The Xerox Tools are certain software-based components documentation and methodology-based components hosted by Xerox and used to provide print services to customers. No rights are granted to you under this EULA with respect to the hosted Xerox Tools. The Licensed Software interacts with the Xerox Tools as set forth in Paragraph 6 below.4.License Grant. Xerox grants You a non-exclusive non-transferable license to install the Licensed Software on a host computer or server and to use the Licensed Software provided to you (a) if you have a contract for print services with Xerox or a Xerox-authorized service provider (Contract) to use XDM or XDA for the purpose of receiving print services during the term of the Contract; or (b) if you downloaded CWW from an authorized Xerox website to use CWW in accordance with the terms set forth on the authorized Xerox website or the accompanying user manual or documentation. If the Licensed Software includes software developed by a third party such third party shall be considered a third party beneficiary of Your obligations under this EULA. The readme and notice files may include third party flow down terms and conditions which are a part of this EULA. This EULA incorporates by reference and makes a part hereof any readme or notice files accompanying the Licensed Software. Title to the Licensed Software and all copies shall at all times reside exclusively with Xerox and/or its licensor(s). 5.Licensed Software Updates. Xerox may provide or otherwise make available updates bug fixes feature enhancements or improvem

Creates install or setup log file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\xda.service.InstallLog

Creates license or readme file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\ReadMe.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\data\ReadMeData.txt

PE / OLE file has a valid certificate

Source: XDA_CDS v6.8.54_SE.exe

Static PE information: certificate valid

Uses new MSVCR Dlls

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe

File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\msvcr90.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown

HTTPS traffic detected: 13.14.0.17:443 -> 192.168.2.16:49712 version: TLS 1.2

Binary contains paths to debug symbols

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.PDB source: dbVersionDetect.exe, 0000000F.00000002.1892522532.00000000007E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Web.Administration.pdb source: rundll32.exe, 00000013.00000003.1937540569.0000000004C60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.1943162223.000000000325E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000014.00000003.1977139019.000000000327C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000015.00000003.2011135049.000000000319C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2162785269.00000000029DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Controller\bin\Release\Merged.Controller.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\MasterRepo\DSC\Device.SmartClient\ZPrototypes\dbVersionDetect\dbVersionDetect\obj\x86\Debug\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000000.1889093552.0000000000012000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: mscorlib.pdb source: dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Release\Bootstrapper.pdb& source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598044610.0000000000CCA000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Release\Bootstrapper.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598044610.0000000000CCA000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: b77a5c561934e089\mscorlib.pdb source: dbVersionDetect.exe, 0000000F.00000002.1892522532.000000000082F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xml9 source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlSTLIST. source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xml8 source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1892522532.00000000007E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ProductVersion%Init file copying =bin\Infrastructure.Library.dllEbin\Old_Infrastructure.Library.dll=bin\Infrastructure.Library.pdbEbin\Old_Infrastructure.Library.pdb?Infrastructure.Library_5435.dll?Infrastructure.Library_5435.pdb?Infrastructure.Library_5447.dll?Infrastructure.Library_5447.pdbEDM Error Patch Files move failed: ?Unable to stop Service / Shell -DM Error ReplaceDlls: +Starting XDA service ]The xda.service status is currently set to {0}QStarting XDA service fails source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlSTa source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sqlceqp40.pdb source: DbCreate.exe, DbCreate.exe, 00000017.00000002.2804693445.000001D5BF954000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Xerox\DSC Packager\Util\DownloadManager452\DownloadManager\Output\DownloadManager.pdb source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlST` source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m@C:\Windows\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1891229583.00000000001A8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: XEROXX~1.PDBXerox.XDAMonitorService.pdb source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.000000000304B000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002738000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\agents\_work\6\s\Xerox.Installer.Platform\bin\Release\Merged\Xerox.Installer.Platform.pdb source: rundll32.exe, 00000013.00000003.1937540569.0000000004C60000.00000004.00000020.00020000.00000000.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 4x nop then jmp 007969DEh	15_2_00796758
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 4x nop then jmp 00793DDCh	15_2_00793815
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 4x nop then jmp 00793DDCh	15_2_00793AAB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 13.14.0.17:443 -> 192.168.2.16:49714

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: transactions.services.xerox.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-455b-8874-10a3a6ff206e HTTP/1.1Host: transactions.services.xerox.com
Source: global traffic	HTTP traffic detected: GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-43fe-93a0-af3015e8a46c HTTP/1.1Host: transactions.services.xerox.com

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 13.14.0.17 13.14.0.17

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: XEROX-WBUS XEROX-WBUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49714 -> 13.14.0.17:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49716 -> 13.14.0.17:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: transactions.services.xerox.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-455b-8874-10a3a6ff206e HTTP/1.1Host: transactions.services.xerox.com
Source: global traffic	HTTP traffic detected: GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-43fe-93a0-af3015e8a46c HTTP/1.1Host: transactions.services.xerox.com

Source: global traffic

DNS traffic detected: DNS query: transactions.services.xerox.com

Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://TRANSACTIONS.SERVICES.XEROX.COM
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46F01000.00000004.00000020.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://localhost:1767/XLMAUWebSite/XLMAUWebService.asmx
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDF3000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000B.00000002.1772398910.0000000005347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/CheckForOfferingChange
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/GetLatestDSCBrandingInfo
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/GetLatestDSCBrandingInfoTestPage
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/T
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/TU
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/TestLog
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/UpdateDownloadCounter
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://tempuri.org/checkForUpdate
Source: rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://test.support.xerox.com/String
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDC2000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://transactions-services.idns-ext.xerox.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://transactions-services.idns-ext.xerox.comH
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDC2000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://transactions.services.xerox.com
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: http://vyaskn.tripod.com
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.bouncycastle.org).
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.chilkatsoft.com/
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.icsharpcode.net/OpenSource/SharpZipLib/).
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.support.xerox.com/support/smart-esolutions/support
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.or
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.xerox.com/
Source: rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xerox.com/String
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.xerox.com/about-
Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.xerox.com/about-xero
Source: Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.xerox.com/about-xerox/privacy-policy
Source: rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xerox.comString
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.xerox.comT
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dcs.support.xerox.comString
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://home.lcatterton.com
Source: Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://office.services.xerox.com/GDOSupport
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.services.xerox.com/XeroxServicesManager/
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/X
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/XeroxAP
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EB0C000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/XeroxAutoUpdate
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/XeroxAutoUpdate/
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-4
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-4
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/p
Source: rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transactions.services.xerox.com/xeroxautoupdateString

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Uses secure TLS version for HTTPS connections

Source: unknown

HTTPS traffic detected: 13.14.0.17:443 -> 192.168.2.16:49712 version: TLS 1.2

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\mypfx.pfx (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\mycredentials.spc (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-ajgiex4m.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-ctp1fcj2.tmp	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\DSC Download Manager Log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Xerox DM (Device Management)
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6834c2.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI387B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI48B8.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI55E8.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI55F9.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6834c5.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6834c5.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}\appicon.ico
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9053.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90D1.tmp
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\CustomAction.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\InstallerResources.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Xerox.Installer.Platform.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Web.Administration.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\InstallerResources.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Xerox.Installer.Platform.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Web.Administration.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\InstallerResources.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Xerox.Installer.Platform.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Web.Administration.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\InstallerResources.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Xerox.Installer.Platform.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Web.Administration.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.config

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI387B.tmp

Detected potential crypto function

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Code function: 0_2_023046B7	0_2_023046B7
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 15_2_00795D58	15_2_00795D58
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 15_2_00792F08	15_2_00792F08
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 15_2_00792C1C	15_2_00792C1C
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Code function: 15_2_00792CAC	15_2_00792CAC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_04E45848	19_3_04E45848
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_04E45839	19_3_04E45839
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_04E452D8	19_3_04E452D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 20_3_074D4F98	20_3_074D4F98
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 20_3_074D5508	20_3_074D5508
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 20_3_074D54F8	20_3_074D54F8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 21_3_050A5839	21_3_050A5839
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 21_3_050A5848	21_3_050A5848
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 21_3_050A52D8	21_3_050A52D8
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_00007FFEC8341089	23_2_00007FFEC8341089

Sample file is different than original file name gathered from version info

Source: XDA_CDS v6.8.54_SE.exe	Binary or memory string: OriginalFilename vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDownloadManager.exe0 vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650296995.00000000022B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <OriginalFilename>DownloadManager.exe</OriginalFilename> vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650713073.0000000002300000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650713073.0000000002300000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: !OriginalFilename"0 vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDownloadManager.exe vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <OriginalFilename>DownloadManager.exe</OriginalFilename> vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDownloadManager.exe0 vs XDA_CDS v6.8.54_SE.exe
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000000.1181188237.0000000000467000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDownloadManager.exe vs XDA_CDS v6.8.54_SE.exe

Uses 32bit PE files

Source: XDA_CDS v6.8.54_SE.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp

Binary or memory string: order by NewCSSecurityAdminAccessHistory.SlNo asc

Source: classification engine

Classification label: mal48.evad.winEXE@26/460@1/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\CDS

Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{380298ff-87f5-4840-8e13-f575d9f814fa}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{380298ff-87f5-4840-8e13-f575d9f814fa}:sqlce_se_lck:1
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\mutex_xerox_setupexe_XDA
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1baf0fff-8ff8-4ad7-853e-308cb5fe69c1}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{d3fb13ff-ac5b-4eed-9970-9588ee2a13c1}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{9b424dff-1b15-420c-b5a6-dbcf3e16f5dc}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1baf0fff-8ff8-4ad7-853e-308cb5fe69c1}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{d3fb13ff-ac5b-4eed-9970-9588ee2a13c1}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{3178dfff-5f7d-44ca-9a0f-36ba459aabbb}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{3178dfff-5f7d-44ca-9a0f-36ba459aabbb}:sqlce_se_lck:1
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Xerox.Installer.Platform.InfoLogging.C:_ProgramData_Xerox_InstallLogs_Xerox_XDA_6.8.54_08_10_2024_1728410229.txt
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{b07e51ff-f097-4cea-b56f-ab9ae221b226}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{df3249ff-b2d7-4c6e-bcbc-5236145e924c}:sqlce_se_lck:2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3724:120:WilError_03
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{df3249ff-b2d7-4c6e-bcbc-5236145e924c}:sqlce_se_lck:1
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:780:120:WilError_03
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304673:x
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd2e91ff-6e22-4a19-a1a5-36fa4c868fd8}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd2e91ff-6e22-4a19-a1a5-36fa4c868fd8}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304673:splk:3252
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{b07e51ff-f097-4cea-b56f-ab9ae221b226}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SSCE_FILELOG_FILE_MUTEX_
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{e091f1ff-fb6f-4c22-ad00-10d87f662316}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{e091f1ff-fb6f-4c22-ad00-10d87f662316}:sqlce_se_lck:1
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\Xerox.Installer.Platform.InfoLogging.C:_ProgramData_Xerox_InstallLogs_Xerox_XDA_6.8.54.html
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304673
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{96ce06ff-bf76-4d37-bd13-a6405b46fe85}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304674
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{96ce06ff-bf76-4d37-bd13-a6405b46fe85}:sqlce_se_lck:2
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Mutant created: \Sessions\1\BaseNamedObjects\mutex_xerox_bootstrapper_XDA
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Xerox.Installer.Platform.Core.MSI
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304674:splk:3252
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Mutant created: \Sessions\1\BaseNamedObjects\7fdc7a35-d7e6-dc11-843d-001aa0e3d086
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd3fdeff-4161-433f-a3c1-8caae8c068dc}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd4c19ff-8769-40c3-9435-e083ec635ab6}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd3fdeff-4161-433f-a3c1-8caae8c068dc}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{e28fa0ff-b2b2-4627-badb-171839625d8f}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{0a19ceff-7763-49d6-9b68-8cf70b795430}:sqlce_se_lck:1
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\Xerox.Installer.Platform.InfoLogging.C:_ProgramData_Xerox_InstallLogs_Xerox_XDA_6.8.54.ldhtml
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{e28fa0ff-b2b2-4627-badb-171839625d8f}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{0a19ceff-7763-49d6-9b68-8cf70b795430}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{bd4c19ff-8769-40c3-9435-e083ec635ab6}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{db8b02ff-eb84-42b8-a669-69da75084aad}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{db8b02ff-eb84-42b8-a669-69da75084aad}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{9b424dff-1b15-420c-b5a6-dbcf3e16f5dc}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{adb6acff-40ea-4f12-bc3c-52cbeaf30c8b}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_131072_304674:x
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{adb6acff-40ea-4f12-bc3c-52cbeaf30c8b}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{35d13aff-f0e1-4aa5-b85e-95f004fae8c4}:sqlce_se_lck:1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{35d13aff-f0e1-4aa5-b85e-95f004fae8c4}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{f0b24dff-cdc3-4be1-ba47-4ccfef54184b}:sqlce_se_lck:2
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{f0b24dff-cdc3-4be1-ba47-4ccfef54184b}:sqlce_se_lck:1

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

File created: C:\Users\user\AppData\Local\Temp\DSC

Jump to behavior

Source: XDA_CDS v6.8.54_SE.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI387B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6830312 2 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteInitialize

Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_CANNOT_FIND_JOB', N'Cannot find job in the queue.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_USER_INITATED_SYNCHRONIZATION', N'Benutzer hat Synchronisierung mit {0}-Server eingeleitet');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_TONER_LEVEL_10PCTLOW1', N'Niveau de toner : Magenta faible 10 %');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_LOW_PROFILE_DESKTOP', N'Low Profile Desktop');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ILLEGAL_MASK_CLASS', N'[tr_tr]Illegal Mask for that Class of IP Address.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_MAIN_SYSTEM_CHASSIS', N'Telaio di sistema principale');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_PRINTER_SEARCH_COMPLETED', N'Druckersuche abgeschlossen.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SCAN_FILE_COUNT', N'Telling scans naar bestand');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_DAYS1', N'nap');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_EMAIL_SETTINGS1', N'E-Mail Settings');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_DO_WANT_UPLOAD', N'Deseja carregar o arquivo selecionado?');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_DRUM_REPLACE', N'Trommel ersetzen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_FLOOR', N'\|iB\');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_BLACK_TONER', N'Zwarte toner');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_FIND_MORE', N'Rechercher encore');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_NOT_REGISTERED1', N'Non registrato');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_EXPORT', N'Export');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_UPDATE_SERVER', N'Server aktualisieren');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'BLACK_COMMON_NUMBER_WRONG', N'Onjuist nummer zwarte inkt.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_SMARTCARD', N'SmartCard');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PRINTER_TYPE', N'Printer Type');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CLEAR_SELECTED_TRAPS', N'Eliminar trampas seleccionadas');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_CANNOT_FIND_JOB', N'Der Auftrag wurde nicht in der Warteschlange gefunden.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_APPLICATION_SUCCESSFULLY_REGISTERED', N'Seu aplicativo foi registrado com sucesso.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_LARGE_MONOCHROME_PRINT', N'Compte d''impression monochrome grand format');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_PROXY_TEST_TIMED', N'[hu_hu]Proxy test timed out.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_SAP_ENABLED', N'SAP ativado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_DATE', N'Tarih');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_PRINTER_MIB', N'Imprimante MIB');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_PLEASE_WAIT_WHILE', N'Attendere la fine dell''esportazione dei dati.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_WIZARD_CAN_ALWAYS1', N'[hu_hu]This wizard can always be accessed from the "Configuration Wizard" button.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_STARTUP_WIZARD', N'Autostart-Assistent');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_FAILED_RETRIEVE_SCOPE1', N'Falha em recuperar a lista de impressoras no escopo');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_PRINTER_CONTROL_LANGUAGE', N'Linguagem de Controle de Impressora');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ASSET', N'Risorsa');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (16, N'SDE_IBM_5250', N'IBM 5250');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_SERVER_FAX_IMPRESSIONS', N'Odbitki faksowane serwera');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_QUEUE_EMAIL_ALERTS', N'Wachtrijstatusalarmen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_INVALID_PORT_NUMBER2', N'Invalid Port Number. Must be between 1 and 65535.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_RESET_PRINTER', N'[tr_tr]Reset Printer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_EXPANSION_CHASSIS', N'[hu_hu]Expansion Chassis');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SCAN_RESOLUTION', N'Risoluzione di scansione');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_COMPUTER_NAME', N'Computer Name');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_AGENT_FAILED_COMMUNICATE', N'Falha do agente em se comunicar com o servidor');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_EMAIL_ALERTS_ALTERNATE', N'E-Mail-Warnungen');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_NUMBER_MANAGED_PRINTERS1', N'Anzahl an verwalteten Druckern');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_LARGE_COLOR_PRINT', N'Telling grote kleurenafdrukken');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_VERSION_PRODUCT_ALREADY', N'This version of the product is already installed on this machine. Please go to Add/Remove Programs to remove it.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_INSTALLATION_DATE', N'Installation Date');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_AGENT_INSTALLED', N'Agente instalado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_UNIX', N'[tr_tr]Unix');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_JAPAN', N'Japan');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_FILE_UPLOADED_ALREADY', N'El archivo ya se ha cargado.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_YEARS', N't^');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SINGLE_IMPRESSION', N'Impressioni singole');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_IP_SUBNET_SCAN', N'[hu_hu]IP Subnet Scan');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_UNMANAGED_NETWORK_PRINTERS', N'[tr_tr]Unmanaged Network Printers Report settings modified');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_UNDEFINED_PDL_INTERPRETER', N'[tr_tr]undefined PDL interpreter detected');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_CLOUDDM_INSTALLING', N'Installation en cours');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_COLUMN', N'[tr_tr]Column');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CLOSE1_XDA', N'Kapat');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_APP_SOCKET', N'App Socket');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (16, N'SDE_IBM_3270', N'IBM 3270');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_PLEASE_SEE_CONTENT', N'[tr_tr]Please see content to review warnings');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_LOCAL_ALERTS', N'Alertas locais');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_XEROXGRAPHIC_UNIT_MISSING', N'Xerografische module ontbreekt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PRODNAME_PCH_REPORT', N'%PRODUCTNAME% Page Count History Report');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (16, N'SDE_WINDOWS', N'Windows');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_DQUOT', N'"');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_READ_STATUS', N'Read Status');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_TOTAL1', N'Total');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PAGESUSER', N'Pages/User');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_DEVICE_IMPORT', N'Drucker-Import');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_CURRENT_LEVEL', N'Derzeitige Stufe');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COMMUNICATION_EMAIL_SERVER', N'Comunicazione con il server di posta {0} attiva');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_HEBREW', N'[tr_tr]Hebrew');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ACTUAL_TRAPS_REGISTERED', N'[tr_tr]The actual traps registered depends on the printer manufacturer.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'HRS_XDA', N'[tr_tr]hrs');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SERVICE_PROVIDER', N'Fornitore del servizio');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_OUTGOING_MAIL_SERVER1', N'The Outgoing Mail Server information must be configured on the Network page.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_INVALID_SUBNET_MASK', N'Subnet mask non valida.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_STACK', N'Stapelen');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_1_ADDITIONAL_CARD', N'[1] Leitor de placa adicional conectado');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_XDA_DISABLED', N'XDA has been disabled!');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_AUTOIPV6', N'AutoIPv6');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_NONE1', N'Brak');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ALERT_TABLE_TRAPS', N'[tr_tr]Alert Table Traps');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_REMOTE_ALERTS', N'Alertes distantes');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CUMULATIVE_TIME_STATE', N'Tiempo acumulativo en el estado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CUSTPROP_5', N'Campo personalizado 5');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_NONCOMPLIANT_ERROR_RECEIVED', N'Nicht-konformen Fehler erhalten');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_XEROX_PRINT_AGENT7', N'Print Agent hat nicht angehalten');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_NETWORK_SCANNING_IMAGES5', N'[tr_tr]Network Scanning Images Sent (Units)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_BACKUP_SERVER_PORT', N'Back-upserverpoort');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_COPYRIGHT', N'Copyright');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_INITIATED_REGISTRATION_FMTSTR', N'Aanvang registratie bij de {0} server voltooid');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_MANAGED_PRINT_SERVER', N'Scansione server di stampa gestiti');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SOFTWARE_INFORMATION', N'Informatie over de software');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_START_IP_ADDRESS2', N'Indirizzo IP iniziale');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_PASS_WARNING_HIGHER', N'Passa avvertenza e superiore');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SERIAL_NUMBER_FMTSTRPCTMETERING1', N'[tr_tr]Serial Number: {0}%CRLF%%SVC_SUITE_NAME% Registration Status: {1}%CRLF%DNS Name: {2}%CRLF%IP Address: {3}%CRLF%IPX Network: {4}%CRLF%IPX Address: {5}%CRLF%Printer Model: {6}%CRLF%Printer Location: {7}%CRLF%');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_COLOR_PRINTED_EXTRA', N'Hojas muy largas impresas en color');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_HOLE_PUNCH_WASTE', N'Contenitore scarti di perforatura pieno');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_JOBS', N'Jobs');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_BACK1_XDA', N'Terug');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PLEASE_VALIDATE_INFORMATION', N'Please validate that the information you have entered is correct. To do this click the "Back" button.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_WINDOWS', N'Windows');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_RETRIEVING_SUPPLIES_INFORMATION', N'[hu_hu]Retrieval of supplies information');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_A3', N'A3 (420mm x 297 mm)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_FAILED_RETRIEVE_OUT', N'[tr_tr]Failed to retrieve the Out of Scope printer status');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_WINDOWS_NOT_CONFIGURED', N'Windows has not been configured for IPv6');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_INSTALLATION_DATE', N'Installatiedatum');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_2_SIDED_SHEETS', N'2-zijdige vellen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CHANGE_UPDATE_SETTINGS', N'Actualizar opciones');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_VALIDATION_ERROR_FMTSTR', N'Erreur de validation : la longueur [{0}] est trop longue.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_ZERO_0_HOPS_XDA', N'[hu_hu]Zero (0) hops means that the search is limited to the local subnet.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (10, N'SDE_AUTOMATIC_METER_READ', N'%SVC_SUITE_NAME%');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_XEROX_DEVICE_AGENT', N'Xerox Device Agent');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CONTRACT_SETUP_NOT1', N'Contract opstellen is niet voltooid. Probeer het over 5 minuten opnieuw.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_NETWARE', N'[tr_tr]NetWare');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_REGISTRATION_PENDING', N'Anmeldung steht bevor');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_PRINT_TEST_PAGE1', N'Testseite direkt drucken');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_ACCOUNT', N'Account');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_IMAGING_DEVICE_PROTOCOL', N'Imaging Device Protocol interpreter (Apple)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_TONER_LEVEL_LOW2', N'Livello toner: Giallo scarso');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_UNABLE_REGISTER_DEVICES1_XDA', N'Impossibile registrare i dispositivi');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_UNABLE_TURN_OFF1', N'Kan %AMR_SVC_NAME% niet uitschakelen voor {0}. Bevestiging met de Xerox Communication Server mislukt.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ARABIC', N'Arabo');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_OVERALL_STATUS', N'Gesamtstatus');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_FAILURE_UNKNOWN_REASON', N'Storing met onbekende oorzaak.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_NETWORK_ADDRESS', N'Netzwerkadresse');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (10, N'SDE_WINDOWS_2000', N'Windows 2000');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_FOR_FURTHER_ASSISTANCE', N'Neem voor meer hulp contact op met uw {0}.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_COMMUNICATION_PROBLEM_DUE', N'[hu_hu]The communication problem is due to an issue in the Xerox Communication Gateway and cannot be resolved locally. If the communication does not restart after 48 hours, please contact Support for further instruction.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_DEFINITION_WHICH_ALERTS', N'De definitie van welke alarmen een fout of waarschuwing vormen, wordt gebruikt voor het bepalen van de kleur van het statuspictogram.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_STAPLE_LOW', N'Nieten bijna op');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_FMTSTR_CRITICAL_SYSTEM', N'{0} system status(es) occurred:');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ERROR_XAM_DATA', N'[tr_tr]Error with Xerox Services Manager data export.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_SCANNER_FEED_ROLLER', N'Renouvellement galet d''alimentation du scanner');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (9, N'SDE_XEROX_PRINT_AGENT2', N'Xerox Print Agent');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_UNABLE_CONNECT_XEROX', N'Connexion impossible avec le Service de programmation de Xerox. Lancer le Service via le programmation de gestion des services.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_PRINTED_2_SIDED6', N'Afgedrukte 2-zijdige vellen (eenheden)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_UNDO_FAILED', N'[hu_hu]Undo failed.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_NETHERLANDS', N'Holandia');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_REPORT_PAGE_COUNT', N'A report of page count histories for printers that have historical data collection enabled in %PRODUCTNAME%.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_MICROSOFT_OLE', N'[hu_hu]Microsoft OLE');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_ALTERNATE_SERVER_4', N'Servidor Alternativo 4');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_LEVEL_3_IMPRESSIONS6', N'[tr_tr]Level 3 Impressions Transmitted');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_DECLINE', N'Recusar');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_TRIM', N'Trim');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_OS_VERSION', N'[tr_tr]OS Version');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_WINDOWS_NT_40', N'Servidor do Windows NT 4.0');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CONFIGURE_EIP_APPLICATIONS', N'[tr_tr]Configure EIP Applications');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_STACK', N'Stos');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_XEROX_SUPPORT_SERVICES', N'Xerox Support Services');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_PARALLEL_PORT', N'Porta paralela');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_CARD_READER_TYPE', N'Card Reader Type');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_QUEUE_STATUS_AGE', N'[tr_tr]Queue Status Age');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_BLACK_SINGLE_IMPRESSIONS', N'Impresiones a una cara en negro (unidades)');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SETTING_NO_SEARCH', N'Impostando l''opzione "Nessuna ricerca", in quanto non sono fornite impostazioni SNMP v1/V2 ed SNMP v3.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_REPORT_STATUS_DETAILED', N'[tr_tr]A report of status and detailed alerts that have been detected by %PRODUCTNAME% from network printers.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_SITE_STATUS_EXPORT', N'Standort-Status-Export');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_NEVER', N'Jamais');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_THANK_INSTALLING_XEROX', N'Vielen Dank, dass Sie Xerox Device Agent installiert haben. Bitte schicken Sie im Falle eines Systemabsturzes Diagnosedaten an Xerox und helfen Sie uns damit, unsere Produkte weiter zu verbessern.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_DOMAIN', N'Domaine');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_IN_PROGRESS', N'Bezig');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_PATH_DOES_NOT', N'Il percorso non esiste.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_FOLDER_NAME_CURRENTLY_XDA', N'Een map met deze naam bestaat momenteel in de door u geselecteerde doelmap. Wijzig de naam van de map of verplaats deze naar een andere bestemming.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_PRINTED_IMPRESSIONS', N'[hu_hu]Printed Impressions');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_DUPLICATE_REGISTRATION', N'Zduplikowana rejestracja');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_DISPLAY_PROMPT_1', N'Mostrar anuncio 1');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_THERMAL_TRANSFER', N'Transfert thermal');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SYSTEM_DISABLED', N'Systeem uitgeschakeld');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_PHOTOGRAPHIC_IMAGE_SETTER', N'Impositore immagine fotografica');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_PHONE', N'Telefon');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_LESS_THAN_EQUAL', N'Menor que o igual a');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SEARCH_NOW', N'Nu zoeken');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_FAX_IMPRESSIONS', N'[tr_tr]Fax Impressions');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_COLOR_PAGE_COUNT', N'Telling kleurenpagina''s');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_PRINTER_DRIVER_NOT1', N'[tr_tr]Printer driver not installed.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SUCCESSFULLY_SENT_REGISTERED', N'[tr_tr]Successfully sent registered printer status information for %SVC_SUITE_NAME% to the Xerox Communication Server.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_PHYSICAL_CONNECTION', N'Fysische toestand');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_INDEX', N'Indice analitico');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SEARCH_SUCCEEDED', N'Ricerca riuscita');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_PRINTED', N'Gedruckt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_ORIGINATING_GROUP_NAME', N'Name der Ausgangsgruppe');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_FAILED_REGISTER_BECAUSE2', N'[tr_tr]Failed to register because the server rejected the registration due to incorrect application type identity.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PIZZA_BOX', N'Pizza Box');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_UNABLE_REGISTER_DEVICES1_XDA', N'No se pueden registrar los dispositivos:');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_COLOR_COPIED_21', N'Gekopieerde 2-zijdige vellen in kleur');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_FAX_IMAGES_RECEIVED5', N'Fax Images Received Transmitted');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_FUJI_XEROX_METER11', N'[hu_hu]Fuji Xerox Meter 2 (Units)');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_RUN_SNMP_V3', N'Run SNMP V3 Discovery');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_TEST_FAILED', N'Test mislukt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COMMUNICATION_ERRORS', N'Errori di comunicazione');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CURRENT_VERSION', N'Huidige versie:');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_HELP_IMPROVE_XEROX', N'Help mee om Xerox Device Agent te verbeteren');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_AUTHENTICATION_TYPE', N'[tr_tr]Authentication Type');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_NETWORK_PRINTER', N'Network Printer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_TONER_LEVEL_LOW1', N'Tonerniveau: Magenta bijna op');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_TRUNK_NAME', N'Nombre del gabinete');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SDE_BATCH_TEST3', N'SDE_BATCH_TEST3');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_AUTOMATIC', N'Automatyczny');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_IPV6_ADDRESS_ALREADY', N'IPv6-adres staat al in lijst.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_DEBUG_REGISTRATION_FAILURE', N'Foutdetails registratie ');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_HARD_DRIVE_SIZE', N'[hu_hu]Hard Drive Size');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_POLL_XWC', N'XWC abfragen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_BACKUP_SERVER_ADDRESS', N'Indirizzo server di backup');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_DETAILED_INFORMATION_RETRIEVAL', N'[tr_tr]Detailed information retrieval not supported.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_SKILL_LEVEL', N'Skill Level');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_LARGE_MONOCHROME_PRINT', N'Totale stampe grandi in b/n');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_UNMANAGED_DIRECTLY_CONNECTED1', N'Nicht verwaltete, direkt angeschlossene Drucker');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_IP', N'IP');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_TECHNICIAN_DISPATCH_REQUIRED', N'Wartungsbesuch erforderlich');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_DEVICE_IDENTITY_INFO', N'Info su ID dispositivo');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ENABLE_SASL_BINDS', N'[tr_tr]Enable SASL Binds to LDAP');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_UPDATE_FMTSTR_AVAILABLE', N'[tr_tr]An update of {0} is available. Would you like to install it?');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_ROOM', N'Pomieszczenie');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CONSUMABLE_INFO', N'[tr_tr]Consumable Info');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_MARKER_INDEX', N'Marker Index');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_DIRECTORY_STATUS_RETRIEVAL', N'[tr_tr]Directory Status Retrieval');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_NEW', N'Nowy');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_FOLLOWING_CRITICAL_SYSTEM', N'[hu_hu]The following critical system statuses have occurred at {0} on {1}:');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_IMPORT_FILE_EXAMPLES', N'Importa file di esempi');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_RAW_TCP_PORT', N'Porta TCP bruta');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_LEASED', N'Geleast');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_METERS_SUCCESSFULLY_EXPORTED1', N'Dados satisfatoriamente exportados.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PLEASE_ENTER_WORKPLACE_XDA', N'Please enter your workplace credentials');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_COMPUTER_DOMAIN_DISCOVERY', N'Computerdomein-discovery');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_NOT_REGISTERED2', N'Niezarejestrowany');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_TONER_LEVEL_LOW', N'Tonerstufe: Cyan niedrig');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_NEW_XDA', N'New');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_REGISTRATION_NOT_REQUESTED', N'Registro no pedido');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PLEASE_CONTACT_ADMINISTRATOR2_XDA', N'Please contact your administrator for assistance.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_MONARCH', N'Enveloppe Monarch (3,9 x 7,5 pouces)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PAPER_TRAYS', N'Paper Trays');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_MB', N'MB');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_LEGAL_85_X', N'[tr_tr]Legal (8.5 x 14")');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_XEROX_SERVICES_GROUPS', N'Groupes de Services Xerox ');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_POLL_XWC', N'Interroger XWC');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_COPIED_LARGE_SHEETS4', N'Hojas grandes de copia (unidades)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_IP_ADDRESS_DNS', N'IP Address or DNS Name');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_FINISHER_FAULT', N'Errore stazione di finitura');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SYNCHRONIZE', N'Senkronize Et');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_GERMAN', N'Almanca');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (22, N'SDE_DOT_MATRIX', N'Dot Matrix');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (9, N'SDE_SINGLE_IMPRESSION', N'pS!k');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_HOURS', N'Hour(s)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SEARCH_RESULTS', N'[tr_tr]Search Results');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_REPOSITORY_5', N'[hu_hu]Repository 5');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_PROCEED', N'Devam Et');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_WINDOWS_XP2003', N'Windows XP/2003/Vista/2008');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SERVER_PING_FAILED', N'Esecuzione ping server non riuscita.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_UPNP', N'UPnP/SSDP');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_NOT_SUPPORTED_BY2', N'Not supported by the printer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_LABEL', N'Etykieta');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_COLOR_PRINTED_LARGE5', N'Afgedrukte grote gekleurde vellen (eenheden)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_FUSER_OVERTEMP', N'[tr_tr]Fuser Overtemp');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_UTILIZATION_PERCENTAGE', N'Auslastung (in Prozent)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_IEEE_1394', N'IEEE 1394');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_OS_SERIAL_NUMBER', N'OS serienummer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_TOTALS', N';`
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_MICROSOFT_EXCEL_WORKSHEET', N'Foglio di lavoro di Microsoft Excel');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_INSTALLATION_DATE', N'Data di installazione');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_USER_DOES_NOT21', N'Gebruiker heeft niet voldoende machtiging(en) om licentiecontrole uit te voeren.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_NETWARE_REMOTE_PRINTER', N'[hu_hu]NetWare Remote Printer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_MONOCHROME_PAGE_COUNT1', N'[tr_tr]Monochrome Page Count Unit');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_READ_ME', N'LisezMoi');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_DIFFERENCE', N'Diferencia');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_INPUT_TRAY_EMPTY', N'Einzugsfach leer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_TO_RECEIVE_EMAIL', N'[hu_hu]To receive E-Mail alerts, the E-Mail settings need to be configured.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_MMDDYY_HHMMSS', N'[tr_tr]MM/DD/YY HH:MM:SS');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (22, N'SDE_SNMP_V3', N'SNMP v3');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_DUPLEX_PERCENTAGE', N'Porcentaje a 2 caras');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_REGISTRATION_TRANSFERRED', N'[tr_tr]Registration Transferred');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_MICROSOFT_VXD_API', N'Microsoft VxD API');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_REGISTER_TRAPS_SELECTED', N'Traps registreren voor geselecteerde fabrikanten');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_FMTSTR_VERSION_FMTSTR', N'Er is een nieuwe versie van {0} beschikbaar als upgrade. Het systeem heeft niet genoeg geheugen om de nieuwe versie uit te voeren. Verhoog het systeemgeheugen naar {1} MB om de upgrade succesvol uit te voeren.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_GO', N'Ir');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SNMP_V3', N'SNMP v3');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_WMI', N'WMI');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_DOT_MATRIX_24', N'Matrice di punti 24 ');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_XDA_DISABLED', N'[tr_tr]XDA has been disabled!');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_IPV4_ADDRESS', N'IPv4-adres');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_XAM_DATA_EXPORTED1', N'Los datos del Xerox Services Manager se exportaron mediante el servicio de Web.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_PAGESUSER', N'Pages/Utilisateur');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_SERVER_NOT_LISTENING', N'[hu_hu]Server is not listening on the specified port.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_TOTAL_BLACK_FMTSTR', N'Toplam Siyah: {0} Birimler: {1}');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_PRIVATE', N'Prywatny');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_PRINTING', N'Imprimindo');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_FROM_EMAIL_ADDRESS_XDA', N'From Email Address');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_LEASE_END_DATE', N'Lease End Date');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_NOT_AVAILABLE', N'Not Available');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_STATUS_PRINTERS_LIST', N'[tr_tr]The status of printers in the list is read on a regular basis.');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PLEASE_TRY_ENTER1', N'Please try to enter the Exchange Server address.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_PRODUCT_ID', N'ID de produit');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_NOT_REGISTERED1', N'No registrado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_TOTAL_PRINTERS1', N'Total de impressoras');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_LARGE_IMPRESSIONS', N'Grote afdrukken');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_CURRENT_VERSION1', N'[hu_hu]Current Version');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_WORKSTATION_REQUESTED_CONFIGURATION', N'Von Workstation angeforderte Konfiguration:');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_NOT_SPECIFIED', N'Non specificato');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_BLACK_COLOR_LEVEL4', N'Schwarz und Farbe Stufe 1-Drucke (Einheiten)');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_DONE_XDA', N'[tr_tr]Done');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_DOCUMENT_NAME', N'Dokumentname');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_ACTIVE_DIRECTORY_COULD', N'De actieve directory kon niet worden gecontacteerd. ');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_UNEXPECTED_ERROR_OCCURRED1_XDA', N'ER IS EEN ONVERWACHTE FOUT OPGETREDEN');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_COMMUNITY_NAME', N'Nazwa lokalna');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_GRAPHIC_DOCUMENT', N'Grafisch document');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_SNMP_V2', N'[hu_hu]SNMP V2');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_LEGAL_85_X', N'Legal (8,5 inch x 14 inch)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_IPX_ADDRESSES', N'Indirizzi IPX');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_UNABLE_TURN_OFF1', N'Impossibile disattivare %AMR_SVC_NAME% per {0}. Conferma al server di comunicazione Xerox non riuscita.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_LOADINSCOPEASSETS_FAILED_WHILE', N'LoadInscopeAssets mislukt bij het ophalen van gegevens.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_EMAIL_ADDRESSES', N'E-mailadressen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_CANNOT_COMMUNICATE_SERVER', N'Impossibile comunicare con il server.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_COMMUNITY_NAMES_MUST', N'[tr_tr]Community names must have at least one member.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ENABLE_DISABLE_DISPLAYING', N'Abilita o disabilita visualizzazione dei popup');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_WAITING', N'Bekliyor');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_CURRENT_XDA', N'Aktualny');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_RACK_MOUNT_CHASSIS', N'[tr_tr]Rack Mount Chassis');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_GRAPHIC_DOCUMENT', N'Graphic Document');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_EXTRA_LONG_IMPRESSIONS', N'Impressioni Extra long');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_DISCOVERY_METHOD', N'Discovery-Methode');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_REGISTERED_BILLING_SERVICE1', N'[hu_hu]Registered, Service Enabled');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PRINTER_CONDITIONS_ANNOUNCE1', N'Printer conditions that announce warnings such as Low Toner, Missing Consumables, etc.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_HOURS2', N'Uren');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_HOURLY', N'Hourly');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_FOR_PARTNERS', N'[hu_hu]For Partners');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_SCAN_INTERNET_FAX', N'Escanear al fax de Internet');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_ION_DEPOSITION', N'Ion Deposition');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ENVELOPE', N'Busta');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_STATUS_AGE', N'Czas statusu');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_BEING_TESTED', N'Em teste');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CLICK_CONTINUE_AGAIN', N'Klik opnieuw op Doorgaan om te proberen de printer toe te voegen via IPP.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_DUPLEX_PAGE_COUNT', N'2-zijdige paginatelling');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_BUSY', N'Ocupada');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SITE_IDENTITY', N'ID sito');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_WINDOWS_NT_401', N'Windows NT 4.0 Workstation');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_FUNCTION_USED_DETERMINE', N'[tr_tr]The function used to determine the target computer operating system failed. The computer could be offline or it could have denied access to %PRODUCTNAME%.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_COMMENTS_OPTIONAL_BUT', N'[tr_tr]Comments are optional but should be enclosed in double quotes.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_STATIC', N'Statique');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_DO_WANT_CONTINUE1', N'Wilt u doorgaan met zoeken?');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_IMPORT', N'Importuj');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_CPU_PROCESSORS', N'CPU-Prozessoren');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_PRINTER_CONDITIONS_ANNOUNCE1', N'Conditions de l''imprimante qui annoncent des avertissements comme Fin de toner, Manque de consommables, etc.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ADD_EIP_APPLICATIONS1', N'[tr_tr]Add EIP Applications');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_STAPLE', N'Pinzatura');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_FUSER_OVERTEMP', N'Temperatura excessiva do fusor');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_GROUP', N'Grupo');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CUSTPROP_14', N'[tr_tr]Custom property 14');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_COMPUTER_PING_FAILED', N'[tr_tr]Computer ping failed.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_DEFINITION_WHICH_ALERTS', N'La definizione degli avvertimenti come errore o come attenzione viene usata per colorare l''icona dello stato.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_CUSTPROP_110', N'Campo personalizzato 1');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_OUTPUT_TRAY_MISSING', N'Falta la bandeja de salida');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_CHINESE', N'[hu_hu]Chinese');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_MULTIPLE_VALUES_CAN', N'(Multiple addresses are separated by semi colons)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_NEGOTIATE', N'Negociar');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PURGEUPLOADED', N'Purge all uploaded diagnostic files');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_STACK', N'Pile');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_WINDOWS', N'Windows');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_NO_SERVICES_DETECTED', N'[hu_hu]No services detected for this device.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_DO_WANT_STOP1', N'Wollen Sie die Synchronisierung wirklich abbrechen?');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_IPV4_RANGE', N'Zakres IPv4');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_NO_EIP_APPLICATIONS3', N'There are no EIP applications to remove from the selected printer(s).');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_DESCRIPTION1', N'Description:');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_PHONE_NUMBER', N'[tr_tr]Phone Number');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SPACESAVING', N'[tr_tr]Space-Saving');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_SPECIFIED_PRINTER_PREVIOUSLY', N'The specified printer was previously found.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_USER_GUIDE', N'Gebruikershandleiding');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_CLOUD_FLEET_MGMT', N'Cloud Fleet Mgt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_NOT_COMPATIBLE_TARGET', N'[tr_tr]NOT COMPATIBLE: The target printer does not support the %PRODUCTNAME% required MIB-II (RFC 1213) ''ifPhysAddress'' object. Please ensure that the latest available firmware is installed on the target printer');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_INSCOPE_PRINTER_LIST', N'In-scope printer list is empty.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COLLECT_TRAPS_30', N'Raccogli trap per 30 secondi prima di interrogare il dispositivo');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CUSTPROP_15', N'Propiedad personalizada 15');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_IP_SOURCE', N'IP-Quelle');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_BLACK_COPIED_IMPRESSIONS', N'[tr_tr]Black Copied Impressions');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_CONTACT_US', N'Contact Us');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (8, N'SDE_PRINTER_CONTROL_LANGUAGE', N'PCL (HP)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_RAW_TCP_PORT', N'Porta Raw TCP');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_DEVICE_ALREADY_EXISTS1', N'El dispositivo ya existe en el sistema:');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PROCEED', N'Proceed');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_SERVER_STATUS_UNKNOWN', N'Server Status Unknown');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_SCANNER_FEED_ROLLER1', N'Scanner-Zufuhrrolle ersetzen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_LARGE_MONOCHROME_COPY', N'[tr_tr]Large Monochrome Copy Count');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_MICROSOFT_POWERPOINT_PRESENTATION', N'Presentazione di Microsoft PowerPoint');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_COULD_NOT_CONNECT', N'[hu_hu]Could not connect with the server.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_SCAN_SERVER_FAX', N'Escanear al fax del servidor');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_END_IP_ADDRESS', N'Adresse IP de fin');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_APPLICATION_DISABLED_CUSTOMER1', N'Este aplicativo foi desabilitado, pois o cliente foi desabilitado.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_ENTER', N'Entrer une valeur.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CUSTOMER_NAME', N'[tr_tr]Customer Name');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_X_COORDINATE', N'X Coordinate');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_HEBREW', N'Ebraico');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_QUEUE_NAME2', N'Naam wachtrij');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SOME_POP3_SETTINGS', N'Alcune impostazioni POP3 non sono presenti.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_ISO_10180COMPLIANT_STANDARD', N'ISO 10180-compliant Standard Page Description Language interpreter');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_CYAN', N'Cyan');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_ALL_PRINTERS', N'Alle printers');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_WMI', N'WMI');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_SHARE_NAME', N'Nome compartilhado');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_COLOR_EXTRA_LONG', N'[hu_hu]Color Extra Long Sheets');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_TCP_TRANSPORT', N'Trasporto TCP');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_UNMANAGED_NETWORK_PRINTERS', N'Rapporto Stampanti di rete non gestite');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_RESTORE_DEFAULTS', N'Standaardwaarden herstellen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_TONER_LEVEL_50PCTLOW1', N'[tr_tr]Toner level: 50% Low Magenta');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PPA_XDAPE_SWITCH', N'PPA to XDAPE switch not completed.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_MAXIMUM_NUMBER_GROUPS', N'The maximum number of groups has been reached. In order to create a group you need to delete another group.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_MAGENTA_TONER', N'Toner Magenta');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COMMIT_FAILED', N'Conferma non riuscita.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_SERVICE_NOT_ENABLED', N'Service not enabled');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_WINDOWS_NT_402', N'Windows NT 4.0 Workstation o Server');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (21, N'SDE_DNS1', N'DNS');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (9, N'SDE_BLANKS', N'zz}v');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_SELECTED_CSV_FILE', N'[hu_hu]Selected CSV File is not in correct format');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COLOR_LARGE_IMPRESSIONS30', N'Impressioni grandi a colori trasmesse');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_FEET', N'[hu_hu]Feet');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_NETWORK_PRINTER_ALLIANCE', N'Network Printer Alliance Protocol (NPAP)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_COMPUTER_PING_FAILED', N'Esecuzione ping computer non riuscita.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_GRAPHIC_DOCUMENT', N'[hu_hu]Graphic Document');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_SCANNER_ICON', N'Ikona skanera');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_PORT_MONITOR_NAME', N'Name des Anschluss-Monitors');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (22, N'SDE_MULTICAST_RADIUS', N'Multicast Radius');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_OPERATING_SYSTEM_NOT_XDA', N'This operating system is not supported. Please refer to the readme file for more information');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_COPY_TO_SENDER', N'Copiar al remitente');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_STOP_DISCOVERY', N'Discovery stoppen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_JOB_SUBMISSION_TIME', N'Ora invio lavoro');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_AUTHENTICATION_SERVER_OPTIONAL', N'[tr_tr]Authentication Server (Optional)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_MINUTE', N'Minuto');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_TONER_LEVEL_10PCTLOW3', N'[tr_tr]Toner level: 10% Low Black');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_REGISTERED_BILLING_SERVICE', N'Registrado, sin servicios activados');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_SYSTEM_DOES_NOT', N'[hu_hu]Your system does not have enough memory to support this application. Please see the user''s guide pre-installation requirements.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_TYPE_SETTER', N'[tr_tr]Type Setter');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_ACTIVE_DIRECTORY_DEAD1', N'Verlopen invoeringen in actieve directory');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_POLISH', N'Polski');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_ANALOG_FAX_SENT', N'Telling analoge faxverzendingen');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_CHECK_UPDATES', N'Comprobar si hay actualizaciones');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SERVICE_LEVEL', N'Livello di assistenza');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_TCPIP_ENABLED', N'TCP/IP ativado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_MICROSOFT_NETWORKING', N'Microsoft Networking');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ILLEGAL_IP_MASK', N'Indirizzo IP per Mask illegale.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (8, N'SDE_TIME', N'Bf;R');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_COPIED_LARGE_SHEETS4', N'Folhas grandes copiadas (unidades)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_MIXED_OBJECT_DOCUMENT', N'Mixed Object Document Content-interpreter');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_FAILED_WRITE_TEMPLATE1', N'Failed to write template pool server information on printer.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_CONFIGURE_EIP_APPS', N'[tr_tr]Configure EIP Apps');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_EXPORT_FAILED', N'Export mislukt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_REGISTERED', N'Registrado');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_EXCLUDE_DATA_ELEMENTS', N'Excluir elementos de datos (por razones de seguridad)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_ELECTROPHOTOGRAPHIC_LASER', N'Laser elettrofotografico');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_AVERAGE_COVERAGE_CYAN', N'[hu_hu]Average Coverage - Cyan');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_PUBLISHER', N'Publisher');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_XEROX_COMMUNICATION_SERVER', N'Serveur de communication Xerox');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_ABOUT_3', N'Info');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_UNKNOWN1', N'Se desconoce');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_A5', N'A5 (148mm x 210mm)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_DNS', N'DNS');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (8, N'SDE_MBSEC', N'Mb/sec');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_UPDATE_SCHEDULE_JA', N'Programma aggiorn.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_PROXY_TEST_PASSED', N'[tr_tr]Proxy test passed.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_ERROR_CODE', N'[tr_tr]Error Code');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CLOUDDM_INSTALLATION_FAILED', N'Installatie mislukt');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_EMBEDDED_FAX_IMAGES2', N'Imagens de fax embutido recebidas');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_POWER_USAGE_SUMMARY', N'[hu_hu]Power Usage Summary');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_FUJI_XEROX_METER25', N'Medidor 1 Fuji Xerox transmitido');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (5, N'SDE_B5_ISO', N'Enveloppe B5 (176mm x 250mm)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_DIRECT_PRINTER_MANUAL', N'Direct Printer Manual Feed Required');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_XEROX', N'Xerox');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_XEROX_ASSET_NUMBER', N'Assetnummer Xerox');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_FUJI_XEROX_METER', N'Fuji Xerox Meter 1');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_ALTERNATE_DNS_SERVER1', N'Servidor DNS 2 alternativo');
Source: DbCreate.exe, 00000017.00000002.2561819399.000001D5B8E64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_FILE_UPLOADED_SUCCESSFULLY', N'[hu_hu]File uploaded successfully');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_PRINT_SERVER_NAME', N'Naam afdrukserver');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_OPERATION_CENTER', N'Operation Center');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_IS_EXACTLY', N'Es exactamente');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_UNINSTALL1', N'desinstalar');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_LINEMATRIX_PRINTER_INTERPRETER', N'Interpreter drukarki Line/Matrix');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (10, N'SDE_1_2', N'#1 & #2');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_BINDERY_FILE_SERVER2', N'[hu_hu]Bindery File Server 3');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SCANNER_ICON', N'Icona Scanner');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CANON_PRINT_SYSTEMS', N'Canon Print Systems Language-interpreter');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (18, N'SDE_SMTP_SECURITY_NEEDED', N'[tr_tr]SMTP Security (needed by some SMTP Servers)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_PRINTER_ENTRY_NOT', N'Nie znaleziono wpisu drukarki w pliku tcpmon.ini.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_SYSTEM_NAME', N'Nome sistema');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_SEARCH_SCHEDULE', N'Zoekschema');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_2_SIDED_SHEETS7', N'2-seitige Bogen (Einheiten)');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_CATEGORY', N'Category');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_WINDOWS_NOT_CONFIGURED', N'Windows is niet geconfigureerd voor IPv6');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (3, N'SDE_STATUS_HISTORY_REPORT', N'Status-Protokollbericht');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (7, N'SDE_MANUFACTURER4', N'Fabricante');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_PUBLISHER_GUID', N'Publisher GUID');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_COULD_NOT_INITIALIZE', N'Could not initialize site with the configured Xerox Services Manager');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (2, N'SDE_SNMP_GET_COMMUNITY1', N'The SNMP GET community name is invalid, the device did respond to the SNMP SET (or READ/WRITE) community name.');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (6, N'SDE_DAYS1', N'Giorni');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_IS_EXACTLY', N'Is exact');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (20, N'SDE_NEC_PAGE_PRINTER', N'[hu_hu]NEC Page printer interpreter');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_PRINTER_STATUS1', N'Estado de la impresora');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (4, N'SDE_LEASE_COVERAGE_DETAILS', N'Detalles de cobertura del alquiler');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A4002000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (17, N'SDE_DIE_CUTTER', N'Wzornik');
Source: DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7A64000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B8464000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [LouserzationString] (LanguageID, LouserzedStringEnum, LouserzedString) VALUES (11, N'SDE_CHARGEBACK_CODE_NOT', N'Chargebackcode niet gevonden.');

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

File read: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe "C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe"
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe"
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe" /L1033 /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe /prereqcheck /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe "C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 398AEE39D053096B8B7CCBB4A051E035
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI387B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6830312 2 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteInitialize
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI48B8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6834390 8 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteBegin
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI55F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6837765 14 CustomAction!CustomActionsShared.ExecuteSequence.SilentExecuteValidations
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6852843 20 CustomAction!CustomActionsShared.ExecuteSequence.InstallExecuteSeq
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe "C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DBCreate.exe" SQLCE
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe" /L1033 /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe /prereqcheck /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe "C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 398AEE39D053096B8B7CCBB4A051E035
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI387B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6830312 2 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteInitialize
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI48B8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6834390 8 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteBegin
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI55F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6837765 14 CustomAction!CustomActionsShared.ExecuteSequence.SilentExecuteValidations
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6852843 20 CustomAction!CustomActionsShared.ExecuteSequence.InstallExecuteSeq
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe "C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DBCreate.exe" SQLCE

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Section loaded: propsys.dll

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Window detected: &Cancel&Next >License agreementSQL Server SelectionDatabase ServerSQL Database CreationDestination FolderDatabase OptionsReady To InstallInstallation ProgressSetup Complete&View ReadmeLicense agreementPlease read the following license agreement carefully.I &do not accept the terms in the license agreementI &accept the terms in the license agreementXerox CorporationSoftware End-User License Agreement (EULA)1.WHEN USED IN THIS EULA XEROX MEANS XEROX CORPORATION. YOU MEANS THE INDIVIDUAL OR LEGAL ENTITY ACQUIRING THE SOFTWARE. Please read this EULA carefully before downloading installing or using the Licensed Software. BY DOWNLOADING INSTALLING OR USING THE LICENSED SOFTWARE YOU ARE AGREEING TO BE LEGALLY BOUND BY THE TERMS OF THIS EULA GOVERNING THE USE OF THE LICENSED software. If you do not agree to the terms of this EULA downloading installation and use of the Licensed Software are strictly prohibited.2.Licensed Software. This EULA applies to the following software products (as they are issued as of the date of this EULA) and any subsequent upgrades supplements add-ons and substitute releases thereof: Xerox Device Manager (XDM) Xerox Device Agent (XDA) and the XDA family of software products CentreWare Web (CWW) Xerox Workplace Cloud Agent (XWCA) when provided with XDA and to any other software products provided with this EULA each a Licensed Software.3.Xerox Tools. The Xerox Tools are certain software-based components documentation and methodology-based components hosted by Xerox and used to provide print services to customers. No rights are granted to you under this EULA with respect to the hosted Xerox Tools. The Licensed Software interacts with the Xerox Tools as set forth in Paragraph 6 below.4.License Grant. Xerox grants You a non-exclusive non-transferable license to install the Licensed Software on a host computer or server and to use the Licensed Software provided to you (a) if you have a contract for print services with Xerox or a Xerox-authorized service provider (Contract) to use XDM or XDA for the purpose of receiving print services during the term of the Contract; or (b) if you downloaded CWW from an authorized Xerox website to use CWW in accordance with the terms set forth on the authorized Xerox website or the accompanying user manual or documentation. If the Licensed Software includes software developed by a third party such third party shall be considered a third party beneficiary of Your obligations under this EULA. The readme and notice files may include third party flow down terms and conditions which are a part of this EULA. This EULA incorporates by reference and makes a part hereof any readme or notice files accompanying the Licensed Software. Title to the Licensed Software and all copies shall at all times reside exclusively with Xerox and/or its licensor(s). 5.Licensed Software Updates. Xerox may provide or otherwise make available updates bug fixes feature enhancements or improvem
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Window detected: &Cancel&Next >License agreementSQL Server SelectionDatabase ServerSQL Database CreationDestination FolderDatabase OptionsReady To InstallInstallation ProgressSetup Complete&View ReadmeLicense agreementPlease read the following license agreement carefully.I &do not accept the terms in the license agreementI &accept the terms in the license agreementXerox CorporationSoftware End-User License Agreement (EULA)1.WHEN USED IN THIS EULA XEROX MEANS XEROX CORPORATION. YOU MEANS THE INDIVIDUAL OR LEGAL ENTITY ACQUIRING THE SOFTWARE. Please read this EULA carefully before downloading installing or using the Licensed Software. BY DOWNLOADING INSTALLING OR USING THE LICENSED SOFTWARE YOU ARE AGREEING TO BE LEGALLY BOUND BY THE TERMS OF THIS EULA GOVERNING THE USE OF THE LICENSED software. If you do not agree to the terms of this EULA downloading installation and use of the Licensed Software are strictly prohibited.2.Licensed Software. This EULA applies to the following software products (as they are issued as of the date of this EULA) and any subsequent upgrades supplements add-ons and substitute releases thereof: Xerox Device Manager (XDM) Xerox Device Agent (XDA) and the XDA family of software products CentreWare Web (CWW) Xerox Workplace Cloud Agent (XWCA) when provided with XDA and to any other software products provided with this EULA each a Licensed Software.3.Xerox Tools. The Xerox Tools are certain software-based components documentation and methodology-based components hosted by Xerox and used to provide print services to customers. No rights are granted to you under this EULA with respect to the hosted Xerox Tools. The Licensed Software interacts with the Xerox Tools as set forth in Paragraph 6 below.4.License Grant. Xerox grants You a non-exclusive non-transferable license to install the Licensed Software on a host computer or server and to use the Licensed Software provided to you (a) if you have a contract for print services with Xerox or a Xerox-authorized service provider (Contract) to use XDM or XDA for the purpose of receiving print services during the term of the Contract; or (b) if you downloaded CWW from an authorized Xerox website to use CWW in accordance with the terms set forth on the authorized Xerox website or the accompanying user manual or documentation. If the Licensed Software includes software developed by a third party such third party shall be considered a third party beneficiary of Your obligations under this EULA. The readme and notice files may include third party flow down terms and conditions which are a part of this EULA. This EULA incorporates by reference and makes a part hereof any readme or notice files accompanying the Licensed Software. Title to the Licensed Software and all copies shall at all times reside exclusively with Xerox and/or its licensor(s). 5.Licensed Software Updates. Xerox may provide or otherwise make available updates bug fixes feature enhancements or improvem

Uses Microsoft Silverlight

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

PE / OLE file has a valid certificate

Source: XDA_CDS v6.8.54_SE.exe

Static PE information: certificate valid

Uses new MSVCR Dlls

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe

File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\msvcr90.dll

Jump to behavior

Binary contains paths to debug symbols

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.PDB source: dbVersionDetect.exe, 0000000F.00000002.1892522532.00000000007E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Web.Administration.pdb source: rundll32.exe, 00000013.00000003.1937540569.0000000004C60000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.1943162223.000000000325E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000014.00000003.1977139019.000000000327C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000015.00000003.2011135049.000000000319C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2162785269.00000000029DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Controller\bin\Release\Merged.Controller.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\MasterRepo\DSC\Device.SmartClient\ZPrototypes\dbVersionDetect\dbVersionDetect\obj\x86\Debug\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000000.1889093552.0000000000012000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: mscorlib.pdb source: dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Release\Bootstrapper.pdb& source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598044610.0000000000CCA000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\agent\_work\1\s\DSC\Device.SmartClient\Installer\INSTALLERS\XDASIXFOUR\Release\Bootstrapper.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598044610.0000000000CCA000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: b77a5c561934e089\mscorlib.pdb source: dbVersionDetect.exe, 0000000F.00000002.1892522532.000000000082F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xml9 source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlSTLIST. source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xml8 source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1892522532.00000000007E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ProductVersion%Init file copying =bin\Infrastructure.Library.dllEbin\Old_Infrastructure.Library.dll=bin\Infrastructure.Library.pdbEbin\Old_Infrastructure.Library.pdb?Infrastructure.Library_5435.dll?Infrastructure.Library_5435.pdb?Infrastructure.Library_5447.dll?Infrastructure.Library_5447.pdbEDM Error Patch Files move failed: ?Unable to stop Service / Shell -DM Error ReplaceDlls: +Starting XDA service ]The xda.service status is currently set to {0}QStarting XDA service fails source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlSTa source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sqlceqp40.pdb source: DbCreate.exe, DbCreate.exe, 00000017.00000002.2804693445.000001D5BF954000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Xerox\DSC Packager\Util\DownloadManager452\DownloadManager\Output\DownloadManager.pdb source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: XEROXS~1.PDBXerox.SmartClientExportUtility.pdbgle.dllXMLMicrosoft.Rest.ClientRuntime.Azure.xmlST` source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m@C:\Windows\dbVersionDetect.pdb source: dbVersionDetect.exe, 0000000F.00000002.1891229583.00000000001A8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: XEROXX~1.PDBXerox.XDAMonitorService.pdb source: DbCreate.exe, 00000017.00000002.2797736517.000001D5BF7C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.000000000304B000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002738000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\agents\_work\6\s\Xerox.Installer.Platform\bin\Release\Merged\Xerox.Installer.Platform.pdb source: rundll32.exe, 00000013.00000003.1937540569.0000000004C60000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: DotNetZip-zsgczx5e.tmp.12.dr, LoaderSQLCe.cs	.Net Code: Init System.Reflection.Assembly.Load(byte[])
Source: DotNetZip-zsgczx5e.tmp.12.dr, LoaderSQLCe.cs	.Net Code: Init System.Reflection.Assembly.Load(byte[])
Source: DotNetZip-zsgczx5e.tmp.12.dr, LoaderSQLCe.cs	.Net Code: Init
Source: DotNetZip-zsgczx5e.tmp.12.dr, LoaderSQLCe.cs	.Net Code: ExecuteReaderCommand

PE file contains an invalid checksum

Source: DotNetZip-f0wwtvlh.tmp.12.dr	Static PE information: real checksum: 0x5f825 should be: 0x5f120
Source: DotNetZip-zsgczx5e.tmp.12.dr	Static PE information: real checksum: 0x0 should be: 0xc161
Source: DotNetZip-k2hbywmz.tmp.12.dr	Static PE information: real checksum: 0x12519 should be: 0x12da9
Source: DotNetZip-1tvdvqva.tmp.12.dr	Static PE information: real checksum: 0x53934 should be: 0x580ce
Source: DotNetZip-j5r5ej54.tmp.12.dr	Static PE information: real checksum: 0x9c961 should be: 0xa9853
Source: DotNetZip-epzoghya.tmp.12.dr	Static PE information: real checksum: 0x1a46a should be: 0x1cc45

PE file contains sections with non-standard names

Source: DotNetZip-epzoghya.tmp.12.dr	Static PE information: section name: PAGELK
Source: DotNetZip-pmx3nkns.tmp.12.dr	Static PE information: section name: PAGELK
Source: DotNetZip-f0wwtvlh.tmp.12.dr	Static PE information: section name: PAGELK
Source: DotNetZip-3bs3rbix.tmp.12.dr	Static PE information: section name: PAGELK

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Code function: 0_2_006A3076 push 00000000h; retf	0_2_006A3078
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Code function: 11_2_00007FFEC83759A4 push es; ret	11_2_00007FFEC83759AF
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_51E372EB push rax; ret	23_2_51E372F1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_51E3739B push rax; ret	23_2_51E373A1
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_00007FFEC8344563 push ds; retf	23_2_00007FFEC8344564
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_00007FFEC8345A6D push 8B485E40h; iretd	23_2_00007FFEC8345A72
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Code function: 23_2_00007FFEC8344708 push ebp; retf	23_2_00007FFEC8344718

Source: DotNetZip-nhkoeko1.tmp.12.dr

Static PE information: section name: .text entropy: 6.922045894978299

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob

Creates processes with suspicious names

Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	File created: \xerox device agent partner edition (xda pe) v6.8.54.exe
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	File created: \xerox device agent partner edition (xda pe) v6.8.54.exe
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	File created: \xerox device agent partner edition (xda pe) v6.8.54.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	File created: \xerox device agent partner edition (xda pe) v6.8.54.exe	Jump to behavior

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Wizard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxCPrnClone2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcecompact40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Data.Conversion.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\HtmlAgilityPack.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\AgentUtilities.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcese40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text.Unicode.Scsu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.DTS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxDiscoveryConst.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.Unity.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.XrxDiscovery.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.Factory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinGrid.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Security35.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-q5xs0dya.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\DotNetLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-epzoghya.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe	File created: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcp90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtUtilities35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-uy335h0z.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXPAREMOTEINSTALLERLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.WebBrowser.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI387B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.WebProxyService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Shared.v8.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-nhkoeko1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI48B8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-f0wwtvlh.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxy35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\Interop.IWshRuntimeLibrary.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90D1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Address.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.Meters.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.GenericClient.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\IWSLicenseChecker.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Blob.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Caching.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.SqlCeClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXGETCONFIGLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Identity.Dsc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceme35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcDesCrypt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\CWWLibDb.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-1tvdvqva.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CALaw.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\stdole.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-k3tcwu20.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SmartClientExportUtility.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ProxyAuthValidator.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Spatial.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcecompact40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceme40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Rest.ClientRuntime.Azure.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMDOCS.EFIUtil.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Ipp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.NetFwPublicTypeLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Workspaces.OutlookBar.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Data.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-15clpdrb.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.XDAMonitorService.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\msvcr100.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SchedulerDB.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.mshtml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcm90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.AssemblyLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.ModelCapabilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.ApplicationEntitlement.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Infra.ThreadModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.LexmarkWebServices.Utility.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Module.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcese40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DotNetServiced.dll	Jump to dropped file
Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	File created: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXSETCONFIGLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtClient35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcInstallPrinterst3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XdaConfigTool.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Rest.ClientRuntime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Caching.Cryptography.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.DeviceStatus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.SecurityProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\LogCopier.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.ContstantsLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-bc3j0yvu.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceer40EN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtClientInterfaces35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxyInterfaces35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.IProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\msvcr100.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceqp40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.Synchronization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Entity.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Protocol.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDALogCollator.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxScheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\DirectPrinterDiscoveryHelper.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.CompositeUI.WinForms.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Discovery.CommunicationProtocol.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.ObjectBuilder2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcDos.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XLMClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.Venafi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.FeatureLicensing.Lib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\microsoft.web.services.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxWmiNetAPI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Data.SqlCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceer35EN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.Misc.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceca40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.CompositeUI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\ShortcutXDA.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceqp40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\SNMPSupport.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-j5r5ej54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcecompact35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Services.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Layout.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcecompact40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Web.Services3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCNETPARAMIPIPXLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxyCdp35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Utilities.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceer40EN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xda.Shell.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceqp35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.OData.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.Services.Client.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.EIP.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.CWWLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Utilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.CREOACCOUNTINGSERVICELib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxFxSdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\AxInterop.SHDocVw.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\RulesEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xda.Service.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Xerox.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceer40EN.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcInstallPrinterst3.64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceca35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text.Ascii.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Discovery.CommunicationProtocol.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-c2a3eezk.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcPaRemoteInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DMFeatureToggle.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMDOCS.CREOUTIL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-k2hbywmz.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI55F9.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XPATypeDefLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.ScheduledTasks.CommandHandler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcNetParamIPIPX.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\MSIConfig.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcese40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxDesCrypt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Data.SqlServerCe.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxcDos.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.SqlClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Data.SqlServerCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcp90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinTabControl.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\UnitTestInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Settings.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceca40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.Unity.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Synchronization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Exceptions35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.KeyVault.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-400bjbqb.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Interface.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Process.ADFF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.WindowsAzure.Storage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceme40.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-zsgczx5e.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\System.Data.SqlServerCe35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-3bs3rbix.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.VistaDbClient.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCINSTALLPRINTERST3Lib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\BrandingTask.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SDI.XDM.Utils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcese35.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\System.Data.SqlServerCe.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text35.Core35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.Edm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Repackager.Utilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceme40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SDI.TypeDefLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-pmx3nkns.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.FeatureToggle.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XLMAUClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Business.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceca40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxSnmpCollection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Process.DDFF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcm90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\DocumentFormat.OpenXml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceqp40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.MSNDES.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Printers.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI387B.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI48B8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90D1.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90D1.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI55F9.tmp	Jump to dropped file

Creates install or setup log file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\CDS\XDA_CDS\bin\xda.service.InstallLog

Creates license or readme file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\ReadMe.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\CDS\XDA_CDS\data\ReadMeData.txt

Boot Survival

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Xerox DM (Device Management)

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Stores large binary data to the registry

Source: C:\Windows\System32\msiexec.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CCBBF9E1485AF63CE47ABF8E9E648C2504FC319D Blob

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Memory allocated: 21D2CCE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Memory allocated: 21D467C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Memory allocated: 3430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Memory allocated: 1D280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Memory allocated: 33A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Memory allocated: 1CFA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Memory allocated: 790000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Memory allocated: 2400000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Memory allocated: 4400000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Memory allocated: 1D5A5450000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Memory allocated: 1D5BEE50000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599668	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599557	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599445	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599333	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599207	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599080	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598968	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598858	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598735	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598623	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598512	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598289	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598178	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598053	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597925	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597702	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597368	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597256	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597128	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597016	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596904	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596792	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596680	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596568	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596440	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596328	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596216	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596104	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595993	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595881	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595756	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595631	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595503	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595391	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595279	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595168	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595056	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594944	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594832	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594720	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594592	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Window / User API: threadDelayed 9783			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Window / User API: threadDelayed 1077			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Wizard.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxCPrnClone2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcecompact40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Memory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\AgentUtilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\HtmlAgilityPack.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcese40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text.Unicode.Scsu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.DTS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxDiscoveryConst.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.Unity.Configuration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.XrxDiscovery.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.Factory.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinGrid.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Security35.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-q5xs0dya.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\DotNetLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-epzoghya.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcp90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtUtilities35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-uy335h0z.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXPAREMOTEINSTALLERLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.WebBrowser.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.WebProxyService.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Shared.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-nhkoeko1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-f0wwtvlh.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxy35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\Interop.IWshRuntimeLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Address.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.Meters.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.GenericClient.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\IWSLicenseChecker.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Blob.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.SqlCeClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Caching.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Threading.Tasks.Dataflow.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXGETCONFIGLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Identity.Dsc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceme35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcDesCrypt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\CWWLibDb.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CALaw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-1tvdvqva.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\stdole.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SmartClientExportUtility.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-k3tcwu20.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ProxyAuthValidator.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Spatial.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Web.Administration.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcecompact40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceme40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Rest.ClientRuntime.Azure.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMDOCS.EFIUtil.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Ipp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.NetFwPublicTypeLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Workspaces.OutlookBar.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Data.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-15clpdrb.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.XDAMonitorService.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\msvcr100.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SchedulerDB.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.mshtml.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcm90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.AssemblyLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.ModelCapabilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Infra.ThreadModel.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.ApplicationEntitlement.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.LexmarkWebServices.Utility.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Module.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcese40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DotNetServiced.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXSETCONFIGLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtClient35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcInstallPrinterst3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hans\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XdaConfigTool.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Caching.Cryptography.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Rest.ClientRuntime.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Discovery.DeviceStatus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.SecurityProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\LogCopier.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.ContstantsLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-bc3j0yvu.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceer40EN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtClientInterfaces35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.IProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxyInterfaces35.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceqp40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Entity.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.Synchronization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Protocol.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDALogCollator.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxScheduler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\DirectPrinterDiscoveryHelper.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.CompositeUI.WinForms.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Discovery.CommunicationProtocol.Entities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.ObjectBuilder2.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcDos.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XLMClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.Venafi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.FeatureLicensing.Lib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\microsoft.web.services.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxWmiNetAPI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Data.SqlCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceer35EN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.Misc.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceca40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.CompositeUI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\ShortcutXDA.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\it\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceqp40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\SNMPSupport.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-j5r5ej54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Services.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcecompact35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Layout.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcecompact40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Web.Services3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCNETPARAMIPIPXLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Mdt.MdtServiceProxyCdp35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Net.Utilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceer40EN.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.OData.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xda.Shell.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceqp35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.Services.Client.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.CWWLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.EIP.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\zh-Hant\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Utilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.CREOACCOUNTINGSERVICELib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxFxSdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\AxInterop.SHDocVw.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp-\CustomAction.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\RulesEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xda.Service.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Xerox.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceer40EN.64.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcInstallPrinterst3.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text.Ascii.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceca35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI48B8.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Discovery.CommunicationProtocol.Http.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-c2a3eezk.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DMFeatureToggle.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcPaRemoteInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMDOCS.CREOUTIL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-k2hbywmz.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XPATypeDefLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.ScheduledTasks.CommandHandler.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxcNetParamIPIPX.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\MSIConfig.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlcese40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Logging.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Data.SqlServerCe.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxDesCrypt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxcDos.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.SqlClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Data.SqlServerCe.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinTabControl.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\fr\Microsoft.Data.Edm.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\UnitTestInterface.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcp90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.v8.3.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Settings.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceca40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ko\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.Unity.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Synchronization.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Exceptions35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.KeyVault.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Interface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-400bjbqb.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Data.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Process.ADFF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.WindowsAzure.Storage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceme40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\System.Data.SqlServerCe35.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-3bs3rbix.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.CWW.DiscoveryDb.Data.VistaDbClient.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI387B.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\de\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\BrandingTask.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCINSTALLPRINTERST3Lib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SDI.XDM.Utils.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ja\Microsoft.Data.Services.Client.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlcese35.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\System.Data.SqlServerCe.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.Text35.Core35.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.Edm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Repackager.Utilities.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceme40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.SDI.TypeDefLib.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.FeatureToggle.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\DotNetZip-pmx3nkns.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XLMAUClient.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.Business.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\sqlceca40.64.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XrxSnmpCollection.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\XDMExpress.Process.DDFF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT\msvcr90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\ru\System.Spatial.resources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.VC90.CRT.64\msvcm90.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\es\Microsoft.Data.OData.resources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI55F9.tmp-\InstallerResources.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90D1.tmp-\Xerox.Installer.Platform.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\DocumentFormat.OpenXml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\sqlceqp40.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xerox.DM.CertManagement.Provider.MSNDES.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CDS\XDA_CDS\bin\Modules.Printers.dll	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe

API coverage: 5.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599889s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599780s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599668s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599557s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599445s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599333s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599207s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -599080s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598968s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598858s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598735s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598623s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598512s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598400s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598289s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598178s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -598053s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597813s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597702s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597590s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597368s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597256s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597128s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -597016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596904s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596792s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596680s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596568s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596440s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596216s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -596104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595993s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595881s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595756s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595631s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595503s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595391s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595279s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595168s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -595056s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -594944s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -594832s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -594720s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe TID: 5388	Thread sleep time: -594592s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe TID: 3736	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe TID: 5320	Thread sleep time: -53850s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe TID: 4448	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe TID: 4348	Thread sleep time: -922337203685477s >= -30000s

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599889	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599668	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599557	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599445	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599333	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599207	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 599080	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598968	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598858	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598735	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598623	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598512	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598289	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598178	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 598053	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597925	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597702	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597590	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597368	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597256	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597128	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 597016	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596904	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596792	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596680	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596568	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596440	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596328	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596216	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 596104	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595993	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595881	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595756	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595631	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595503	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595391	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595279	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595168	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 595056	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594944	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594832	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594720	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Thread delayed: delay time: 594592	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	File opened: C:\Users\user\AppData\Local\Temp\

Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1648256128.00000000006D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: XDA_CDS v6.8.54_SE.exe, 00000000.00000000.1181115172.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: =HgFSV
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1644804906.0000021D48A00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46ECF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}c
Source: XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Enables debug privileges

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Process created: C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe "C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe" /L1033 /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe "C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe "C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DBCreate.exe" SQLCE

Source: Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, rundll32.exe, 00000013.00000003.1937540569.0000000004CA4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Shell_TrayWnd

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI387B.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI387B.tmp-\CustomAction.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI387B.tmp-\Xerox.Installer.Platform.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI48B8.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI48B8.tmp-\CustomAction.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI48B8.tmp-\Xerox.Installer.Platform.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI55F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI55F9.tmp-\CustomAction.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI55F9.tmp-\Xerox.Installer.Platform.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90D1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90D1.tmp-\CustomAction.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90D1.tmp-\Xerox.Installer.Platform.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90D1.tmp-\InstallerResources.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCDiscovery.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\bin\Xda.Service.exe VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation
Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	Queries volume information: C:\Program Files (x86)\CDS\XDA_CDS\data\DSCMain.sdf VolumeInformation

Source: C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe

Code function: 23_2_51EF6844 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

23_2_51EF6844

Source: C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Windows\System32\msiexec.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CCBBF9E1485AF63CE47ABF8E9E648C2504FC319D Blob

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	Windows Management Instrumentation	1 Windows Service	1 Windows Service	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	12 Process Injection	1 Modify Registry	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	31 Virtualization/Sandbox Evasion	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Install Root Certificate	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	14 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Software Packing	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 File Deletion	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\Interop.IWshRuntimeLibrary.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\ShortcutXDA.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\BrandingTask.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\msvcr90.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT\msvcr90.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Xerox.Security.Cryptography.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceca40.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcecompact40.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceer40EN.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceme40.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlceqp40.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\sqlcese40.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\AgentUtilities.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\AxInterop.SHDocVw.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\BouncyCastle.Crypto.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\CWWLibDb.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.64.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\ChilkatDotNet4.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\DirectPrinterDiscoveryHelper.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\DocumentFormat.OpenXml.dll	3%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\DotNetLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\HtmlAgilityPack.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\ICSharpCode.SharpZipLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\IWSLicenseChecker.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Shared.v8.3.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.Misc.v8.3.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinGrid.v8.3.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.UltraWinTabControl.v8.3.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infragistics2.Win.v8.3.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.EIP.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Interface.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Layout.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.ScheduledTasks.CommandHandler.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.Synchronization.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Library.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Infrastructure.Module.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.CREOACCOUNTINGSERVICELib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.DTS.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.NetFwPublicTypeLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXGETCONFIGLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XEROXSETCONFIGLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCINSTALLPRINTERST3Lib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXCNETPARAMIPIPXLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XRXPAREMOTEINSTALLERLib.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxDesCrypt.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Interop.XrxcDos.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\LogCopier.exe	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\MSIConfig.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.KeyVault.Core.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Blob.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Azure.Storage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\CDS\XDA_CDS\bin\Microsoft.Data.Edm.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://opensource.org/licenses/MIT).	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-jones.html	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
transactions-services.idns-ext.xerox.com	13.14.0.17	true	true		unknown
transactions.services.xerox.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-455b-8874-10a3a6ff206e	true	unknown
https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-43fe-93a0-af3015e8a46c	true	unknown
https://transactions.services.xerox.com/	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.xerox.com/about-xerox/privacy-policy	Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://www.fontbureau.com/designersG	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
HTTPS://TRANSACTIONS.SERVICES.XEROX.COM	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-4	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E860000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.fontbureau.com/designers/?	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://transactions.services.xerox.com/XeroxAutoUpdate/	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://transactions.services.xerox.com/XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-4	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.xerox.com/	DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp, DbCreate.exe, 00000017.00000002.2561819399.000001D5B7064000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.tiro.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://tempuri.org/UpdateDownloadCounter	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://www.fontbureau.com/designers	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	XDA_CDS v6.8.54.exe, 00000001.00000002.1638900974.0000021D46EE9000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp, DbCreate.exe, 00000017.00000002.2797736517.000001D5BF760000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://office.services.xerox.com/XeroxServicesManager/	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.chilkatsoft.com/	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://www.sajatypeworks.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://tempuri.org/checkForUpdate	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
https://transactions.services.xerox.com/XeroxAutoUpdate	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EB0C000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://tempuri.org/TU	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://transactions.services.xerox.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDC2000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://tempuri.org/TestLog	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
https://transactions.services	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://transactions-services.idns-ext.xerox.comH	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.galapagosdesign.com/DPlease	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/CheckForOfferingChange	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
https://dcs.support.xerox.comString	rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://office.services.xerox.com/GDOSupport	Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://vyaskn.tripod.com	DbCreate.exe, 00000017.00000000.2192905308.000001D5A3602000.00000002.00000001.01000000.00000025.sdmp	false		unknown
http://www.fonts.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://opensource.org/licenses/MIT).	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.support.xerox.com/support/smart-esolutions/support	Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://www.zhongyicts.com.cn	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000B.00000002.1772398910.0000000005347000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.icsharpcode.net/OpenSource/SharpZipLib/).	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://www.sakkal.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://transactions.services.xerox.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://transactions.services.xerox.com/XeroxAP	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.apache.org/licenses/LICENSE-2.0	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.fontbureau.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDF3000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
https://transactions.services.xerox.com/p	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false	URL Reputation: safe	unknown
http://www.w3.or	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://transactions.services.xerox.com/X	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E7C1000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://transactions-services.idns-ext.xerox.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDC2000.00000004.00000800.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EBBF000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.xerox.com/String	rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.carterandcone.coml	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.xerox.comT	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://www.fontbureau.com/designers/cabarga.htmlN	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.xerox.com/about-	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://www.xerox.com/about-xero	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://tempuri.org/GetLatestDSCBrandingInfo	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://www.founder.com.cn/cn	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://transactions.services.xerox.com/xeroxautoupdateString	rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54_SE.exe, 00000000.00000002.1650818475.0000000002690000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E858000.00000004.00000800.00020000.00000000.sdmp, Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false	URL Reputation: safe	unknown
http://www.bouncycastle.org).	Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe, 0000000A.00000000.1598093959.0000000003055000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 0000000B.00000000.1679541432.0000000002742000.00000002.00000001.01000000.0000000F.sdmp	false		unknown
http://schemas.xmlsoap.org/wsdl/	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2E8B6000.00000004.00000800.00020000.00000000.sdmp, dbVersionDetect.exe, 0000000F.00000002.1895473062.0000000002401000.00000004.00000800.00020000.00000000.sdmp, DbCreate.exe, 00000017.00000002.2437447722.000001D5A6E51000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/T	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://localhost:1767/XLMAUWebSite/XLMAUWebService.asmx	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://www.fontbureau.com/designers8	XDA_CDS v6.8.54.exe, 00000001.00000002.1642334288.0000021D483E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://home.lcatterton.com	XDA_CDS v6.8.54.exe, 00000001.00000002.1627949029.0000021D2EDF3000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://tempuri.org/GetLatestDSCBrandingInfoTestPage	XDA_CDS v6.8.54_SE.exe, 00000000.00000003.1182537096.0000000002ADC000.00000004.00000020.00020000.00000000.sdmp, XDA_CDS v6.8.54.exe, 00000001.00000000.1184318523.0000021D2C8D2000.00000002.00000001.01000000.00000005.sdmp	false		unknown
http://test.support.xerox.com/String	rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.xerox.comString	rundll32.exe, 00000016.00000003.2175414540.0000000006FD4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000016.00000003.2175414540.0000000006FAF000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.14.0.17	transactions-services.idns-ext.xerox.com	United States		22390	XEROX-WBUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529182
Start date and time:	2024-10-08 18:05:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	XDA_CDS v6.8.54_SE.exe
Detection:	MAL
Classification:	mal48.evad.winEXE@26/460@1/1
EGA Information:	Successful, ratio: 12.5%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target DbCreate.exe, PID 3252 because it is empty
Execution Graph export aborted for target Setup.exe, PID 2868 because it is empty
Execution Graph export aborted for target XDA_CDS v6.8.54.exe, PID 6528 because it is empty
Execution Graph export aborted for target XDA_CDS v6.8.54_SE.exe, PID 6464 because there are no executed function
Execution Graph export aborted for target rundll32.exe, PID 2424 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 3840 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 6056 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: XDA_CDS v6.8.54_SE.exe

Simulations

Behavior and APIs

Time	Type	Description
12:05:56	API Interceptor	319x Sleep call for process: XDA_CDS v6.8.54.exe modified
12:07:27	API Interceptor	696x Sleep call for process: Setup.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
13.14.0.17	XDA_Xerox UK v6.8.54_SE.exe	Get hash	malicious	Unknown	Browse
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
transactions-services.idns-ext.xerox.com	XDA_Xerox UK v6.8.54_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse	13.14.0.17

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
XEROX-WBUS	novo.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	13.14.193.227
	GyFcTadTZv.elf	Get hash	malicious	Mirai	Browse	13.15.135.3
	XDA_Xerox UK v6.8.54_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	XDA_Xerox UK v5.4.118_SE.exe.exe	Get hash	malicious	Unknown	Browse	13.14.0.17
	teste.arm.elf	Get hash	malicious	Gafgyt, Mirai, Moobot, Okiru	Browse	13.14.115.44
	5klOcqqL2D.elf	Get hash	malicious	Mirai	Browse	13.15.183.139
	cOADrrPFLT.elf	Get hash	malicious	Mirai	Browse	13.15.135.0

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Y1ZqkGzvKm.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.14.0.17
	Y1ZqkGzvKm.exe	Get hash	malicious	VIP Keylogger	Browse	13.14.0.17
	E_receipt.vbs	Get hash	malicious	Unknown	Browse	13.14.0.17
	EY10AIvC8B.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.14.0.17
	EY10AIvC8B.exe	Get hash	malicious	VIP Keylogger	Browse	13.14.0.17
	92ZZIUHzPQ.exe	Get hash	malicious	AgentTesla	Browse	13.14.0.17
	JBybSK0HzG.exe	Get hash	malicious	AgentTesla	Browse	13.14.0.17
	05NN8zSK04.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.14.0.17
	OYIZolitxJ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.14.0.17
	cvRkgDx2mc.exe	Get hash	malicious	AgentTesla	Browse	13.14.0.17

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\msvcr90.dll	https://www.fedex.com/toolbox/ToolboxSetup_3149_20231212.msi	Get hash	malicious	PureCrypter	Browse
	kcaUpdate.exe	Get hash	malicious	PureLog Stealer	Browse
	kcaUpdate.exe	Get hash	malicious	PureLog Stealer	Browse
	Xiaomi_PC_Suite_3.2.1.3111.exe	Get hash	malicious	Unknown	Browse
	maws_nara_setup.exe	Get hash	malicious	Unknown	Browse
	https://downloads.intelligentediting.com/PerfectIt/Latest/PerUserRelease	Get hash	malicious	Unknown	Browse
	EtinelLabelerForSuppliers_wersja_1_1_5.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	54059
Entropy (8bit):	5.786532589661608
Encrypted:	false
SSDEEP:	768:CGvStXtXtXtXtXtXtXtfAQl8pcKp+46uj788:CEascy
MD5:	20DF83D818AAFAB33722D79A7A54EE9D
SHA1:	637A637605900C9720FEC3CCF3B836ABE0548403
SHA-256:	E0BF1E35756B19BA12AE020A57867EC2A5C4713DD372193C497A0601CD8CDB6F
SHA-512:	5B81AB3EBDE657A11BE7E57DEAA3CF88457D6CC4C76FB7D352A80C9E053836D841D0D082F20298B8A1272D231104864A9A6C9DA984BF34504183C4796D561A0A
Malicious:	false
Preview:	...@IXOS.@.....@.`HY.@.....@.....@.....@.....@.....@......&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}3.Xerox Device Agent Partner Edition (XDA PE) v6.8.54..tmp2BD9.tmp.@.....@6....@.....@......appicon.ico..&.{CED43277-424C-4888-9A61-25A992AC427A}.....@.....@.....@.....@.......@.....@.....@.......@....3.Xerox Device Agent Partner Edition (XDA PE) v6.8.54......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{095CE09F-3F39-4C23-AC3D-49B9F9EB6A84}&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}.@......&.{0639354A-C532-4708-A87D-699B07F792FC}&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}.@......&.{83355ECD-194E-4F63-BFC8-6ADCEA2D9C37}&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}.@......&.{A163DDE9-B9DF-426E-933C-13A9A9B50572}&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}.@......&.{09BFC0E0-1794-49B7-AB70-58B70D9538D4}&.{2B1A8AE0-5F3D-47BC-9A48-4476E731ED44}.@......&.{94F0D1DE-D626-4C73-B7E2-0ED8E4533F93}&.{2B1A8AE0-5F3D-47B

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	data
Category:	dropped
Size (bytes):	3866624
Entropy (8bit):	4.378146415730776
Encrypted:	false
SSDEEP:	24576:W2fdM8DwwR4MZgr2BoTnZBp53eDQLvNW9zYvwpTYteiqRF6:Jp4MZE2Bor7reD+sx3iqRF6
MD5:	C572A6422F5B7E4D430AB83ED7AE79A6
SHA1:	C56A377C572824161076A3AC09EB784B213B053E
SHA-256:	E1724F233F033DEDFC3E442D5E4C2D37F0DD5A18E09FE84DA8D4EF0E6BC7AF2E
SHA-512:	C0559D3F1CF59B9F18E0BE3D6ADC51762B7E21038D875250AFAA3E90864CD094356095ECC2F23F370EACC3228E3890110781F6EEC485C76385A980E477CF844E
Malicious:	false
Preview:	&.>.....0.........=.................................."..............J......%....................................................................................................................................................................................................................................................................................................................................................................................................................................................m.......i.........&..&...&......&..........G.......Q...............6...................................................................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe
File Type:	HTML document, ASCII text, with very long lines (429), with CRLF line terminators
Category:	modified
Size (bytes):	1854
Entropy (8bit):	5.631969184702573
Encrypted:	false
SSDEEP:	24:ib0h/Z8ppfjMdL6luuohXo9sXaH4tYqKnMQOEMvbXw1QJ0IC3wpwWPAB/:aw/ZEhWGlu149sKH2AD/kX4J3wpwUE/
MD5:	369B3414311801D6C6DF4F07F9D7967F
SHA1:	9A0E84F9AB301138E6ED0242974651D1B79F7208
SHA-256:	ED596245A244ABC9C8C5DD86092A4B81C62A873882C28A2D5A32C3F2B75EC215
SHA-512:	338146C9291A77E952B60EEE798C4CF26B668B8860BB8F1BA8A915C6679D3A611F2C0EA1FFD441582E598B19C075D1C38C3A9A9E2D9EB7C19FCA2E3415F8E132
Malicious:	false
Preview:	<style>...baselog { font-family: Courier; font-size: 8pt }...error { color: #FF0000; font-family: Courier; font-size: 8pt; font-weight: bold }..</style>....<H4>..START OF LOG<BR>..Tuesday, 8 October 2024 12:06:59<BR>..Assembly.FullName = dbVersionDetect, Version=1.0.0.3, Culture=neutral, PublicKeyToken=null<BR>..Assembly.FullName = C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe<BR>..OSVersion: 6.2.9200.0<BR>..CommandLine: "C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE<BR>..CurrentDirectory: C:\Users\user\AppData\Local\Temp\DSC<BR>...net Version: 4.0.30319.42000<BR>..Stack Trace<BR>.. at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)<BR> at System.Environment.get_StackTrace()<BR> at XIN.Log.CreateLogFile()<BR> at XIN.Log.InititializeLogSettings()<BR> at XIN.Log.output(String pvString, String pvTag, Boolean pvParagraph)<BR> at XIN.Log.Output(String pvString)<BR> at dbVersionDetect

Process:	C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	31429
Entropy (8bit):	5.6318867599096105
Encrypted:	false
SSDEEP:	192:t9wNQGSimhpOY782XZbxpz0nOZzjHo5RloqwyRduBJ9WQ91:tueGZYY2XZbxRnzjkRWq/RduL9D91
MD5:	4D33CD019A3CDA2E78CB37E8C2E9BBA2
SHA1:	E330793219191CBB45DDCDB4F0841F6A2A79219B
SHA-256:	A58718C32DAD2EBBF03575CA7FF0646D03C0663984E934CF5E0B47CBFBAEA782
SHA-512:	F2BDD0F092F23E294A31389079AE48399CC98081E99DF18E8CF3CD44B6862D8A921F588D9E897B35EB4A9E8AB6B1D6D4892D0F5383593D8B87EFFD6EA81B93F2
Malicious:	false
Preview:	<!DOCTYPE html>..<html lang="en" xmlns="http://www.w3.org/1999/xhtml">..<head>..<style>..a:visited { color:#0000FF }..</style>..</head>..<body>..<span id="log">..<b><h2>Xerox Device Agent Partner Edition (XDA PE) v6.8.54 Installer Logging</h2></b>..<span style="BACKGROUND-COLOR: #ffaaff"><b>Bootstrapper</b> [10/08/2024 12:06:32.513]: [IMPORTANT] Bootstrapper Logging Started: Tuesday October 08 13:57:09 2024</span></br>..<b>Bootstrapper</b> [10/08/2024 12:06:32.513]: </br>..<span style="BACKGROUND-COLOR: #aaffff"><b>Bootstrapper</b> [10/08/2024 12:06:32.513]: <a id="10820241210325135285">Bootstrapper Start</a></span></br>..<b>Bootstrapper</b> [10/08/2024 12:06:32.529]: Detected language culture ID: 2057</br>..<b>Bootstrapper</b> [10/08/2024 12:06:32.529]: Create Temp Directory: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75</br>..<b>Bootstrapper</b> [10/08/2024 12:06:32.529]: Found 4 args</br>..<b>Bootstrapper</b> [10/08/2024 12:06:32.529]: Command line specified

Process:	C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	9155
Entropy (8bit):	5.40006073703823
Encrypted:	false
SSDEEP:	96:6eK206Xs0A0V04cV0t0v2RG1XZY199jojlclY0p/YUvg4EEjLwwz1zd/3AgWMAJb:u1kEegEh/3JWMej+OFkY
MD5:	4CC50BE643292B4F28ABF9EF0135621B
SHA1:	147C361B4545A06E431145B137516CE93F7CD01A
SHA-256:	97F911841091353BB1476B1B84431D9DA217056BE3174B5A3AC03917BFAEE263
SHA-512:	A31B1CBDCBEE0F6AB12A9485EDDA49066FF250CF27F785A766BF19F8F61E8FCFFC2B1DCBB1C177F4E1E7BB4A5B866AD025CBEBE9C144CFB255D21E7118223F07
Malicious:	false
Preview:	[Important][10/08/2024 12:06:32.513][Bootstrapper]Bootstrapper Logging Started: Tuesday October 08 13:57:09 2024..[Standard][10/08/2024 12:06:32.513][Bootstrapper]..[Header][10/08/2024 12:06:32.513][Bootstrapper]Bootstrapper Start..[Standard][10/08/2024 12:06:32.529][Bootstrapper]Detected language culture ID: 2057..[Standard][10/08/2024 12:06:32.529][Bootstrapper]Create Temp Directory: C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75..[Standard][10/08/2024 12:06:32.529][Bootstrapper]Found 4 args..[Standard][10/08/2024 12:06:32.529][Bootstrapper]Command line specified language code: 1033..[Standard][10/08/2024 12:06:32.545][Bootstrapper]Condition: VER_MAJORVERSION\|6\|VER_EQUAL..[Standard][10/08/2024 12:06:32.545][Bootstrapper]Condition passed..[Standard][10/08/2024 12:06:32.545][Bootstrapper]Condition: VER_MINORVERSION\|3\|VER_GREATER_EQUAL..[Error][10/08/2024 12:06:32.545][Bootstrapper]Error on condition: VER_MINORVERSION\|3\|VER_GREATER_EQUAL..[Standard][10/08/2024 12:

Process:	C:\Users\user\AppData\Local\Temp\DSC\XDA_CDS v6.8.54.exe
File Type:	Zip archive data, at least v4.5 to extract, compression method=deflate
Category:	dropped
Size (bytes):	47280
Entropy (8bit):	7.994627964352525
Encrypted:	true
SSDEEP:	768:Qcg7To5OBX3Ki9UbmURisHwb5EMKfMcgHMKkRKQYEwW:QNoQBX3Ki9mmURijbCMKfMc+kRKXnW
MD5:	637832BAE09FEE41BEF9EE72D12A73BC
SHA1:	B48FA4438B1BE78DF776D39C43EBFEE20CEF76F7
SHA-256:	195D090F1F503BA7D56ED347061A1103F448CCC4B6C1474187590C4EBB83E514
SHA-512:	96DFAB49D8D2C79478F73259ADAC906CFC422CB32C0DF7835ED489B29310618F3170B256005E11D0674799DC3C27ECDD132159DC4C8A704C4571762C6ADC7111
Malicious:	false
Preview:	PK..-.....t..XL...............logo.png.....&.......$.......z.TS.wh.Cl...((..z.M.pU..$.)..:...."H..)R.i.t.U...H............o.w.:..2{...=s.16.f.......:....rfRY..Hz..G.^..:.^...........P.v6...g./.@...!..(.?7.......a.pAa..(GgwE.Z}...T..4.3.PG99..`P...f....,....V.#1pCa..~n..^r~..?.......$X.E..y....1X..A..E`P....XZV.^.A..%+....a.0.....&+........i:..A.._..j..',.CNT...W.W\..q.......E.p(......{...A...8{`.....=..........?l..Z'....y..D.D.&D"......99.!.rE...^$Z.?..Nh,...._....?L@............V......=P..Q^ho....C...\|...:.e.Ec..h.-e..L`....,x...........4H.".d58TL..7......$..b.rbb."5@#.......r.2....3H;...K.D.9.1nv$.....Q.....?.(..vEcH........@N...k.@.j(BH-"..H9....=.%....p..IKHBe`..Pqi.....q.@.....Fx.[......x#.3ik.....o.?9.8{.....?..<.*.:....9;.w+B..Z.............r..........k.A.:...o.I.$....C.?.(.....M$ ...o."U..1.;..0$....-...^.j...e.f..M.?.8.l..~.q...\3.G.'.%...J.%...\|o..G"?e.6.8P.J.0q.Qh%.j.o...;..#.^.....0f(UR.o)q.C..d^...X.{.:7..."P..%N......q...~..\|G.i.v

Process:	C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	938448
Entropy (8bit):	6.5797604066931985
Encrypted:	false
SSDEEP:	12288:107IkECIYtjSm1MOm1M8W3cfcEm1Mxm1Mpm1M+cH8oG7bzFqxaZjeftXqmMz3/D:/8PK2t99tcH8F7XYq4Kj/D
MD5:	F58898CE6418ADC6C7B52E6EB409A2DD
SHA1:	24BD6EC751C00D94CD05DFCB99D2F9D9CBCAF472
SHA-256:	6F66D4F6BAF599DCC56DA7C3654EF786915FDB493B5E271A82EFBD84B29515F5
SHA-512:	91C5F25C7E5D78A5B0832660FE260BD280FAF761CE0215BF15A2044F33A3714008ACC885431E04EE8D0F1A7B4A0FF6C9A5E3B5EFE203397FC13F5D54490C595B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8nf.................j.............. ........@.. ...............................b....`.....................................L.......w............H.............................................................................. ..H............text....i... ...j.................. ..`.rsrc...w............l..............@..@.reloc...............F..............@..B................H.......L...6...........L................................................0..\........s....}.....s....}.....s....}.....s....}.....s\|...}.....s....}.....~....}......}.....~....}.....s....}......}.....(.........(......(....&.(.......(.......(.......(.......}.....{....(....o.......}.....(.......{....ot...}......{....(......{...........s....o......{...........s....o......{.....o............r...p.o....rG..p.o....(.....(7...&..............y../.*.....0/._........s......(....o......rc..p.(.

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.383404584745519
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	XDA_CDS v6.8.54_SE.exe
File size:	890'856 bytes
MD5:	5f0a52b6484cd9d70421a3ac1389f220
SHA1:	ca4d8c695752c63639b063239014bda6b332ace7
SHA256:	9b70be65faaa9818825e0b89cfa38a9fed843babb2970c901237a22a38f485c8
SHA512:	78a71655ff107cb7fb73f26b92394ea975543bac6975e545a621b9adcf164e2d3f6329c7b48f588765c6a1016d3e8d28637b0beb3b205fdcdc33c7372327e471
SSDEEP:	24576:qg8o5u6iUNTOeV+u4x2D4Y/tMhrlSUoDxBN+nEQY:qg8tEkLLI1a5JoDIC
TLSH:	3F15E121F55A54BACD460030196EFF36D438AE94AB3729F3B7D2EB7964B19E03936301
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i,..-M..-M..-M..VQ../M...Q..7M...R..TM...n..$M..-M...M...R..vM...K..,M..Rich-M..........PE..L...O..T.................@...0.....

Entrypoint:	0x43856f
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x5414FF4F [Sun Sep 14 02:37:03 2014 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f9191999f04e31f7466aaea3877ba7eb

Signature Valid:	true
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	01/03/2023 19:00:00 01/03/2026 18:59:59
Subject Chain	CN=Xerox Corporation, O=Xerox Corporation, S=Connecticut, C=US
Version:	3
Thumbprint MD5:	1C4E061F08D4812D987F7DFAB6D900D1
Thumbprint SHA-1:	88F8339F7EC5CAAC2E49CFFDEA81BA41DD89C5D2
Thumbprint SHA-256:	B80464F54D3ECD43DA4218551E181FDB6FB5DAC935985EB1F326850F0981C6FB
Serial:	251F42B6AA40300E2BA1BB07F740183F

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4dea8	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x67000	0xdb0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xd8e18	0x9d0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x45000	0x210	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x433ea	0x44000	8b0885096e88f3e741fbf944241184a4	False	0.4642800723805147	data	6.566584447857163	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x45000	0x9a30	0xa000	5c21f6063c9cb47572ee6ec3fe9e289b	False	0.422412109375	data	5.051987762333825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4f000	0x17758	0x14000	7f1d9fdfe08420ad3c66bdbb68052066	False	0.35579833984375	data	4.4376401212980845	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x67000	0xdde0	0xe000	42bbc46c4874914c6b907366d1070ebc	False	0.6094273158482143	data	6.631330814310625	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x67460	0x135c	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.8407990314769975
RT_ICON	0x687c0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.30060975609756097
RT_ICON	0x68e28	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.4260752688172043
RT_ICON	0x69110	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.5304054054054054
RT_ICON	0x69238	0x2034	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.9870208636584182
RT_ICON	0x6b270	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.32116204690831557
RT_ICON	0x6c118	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.4187725631768953
RT_ICON	0x6c9c0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.4956647398843931
RT_ICON	0x6cf28	0x392d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9765662362505978
RT_ICON	0x70858	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.21628630705394192
RT_ICON	0x72e00	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3107410881801126
RT_ICON	0x73ea8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.4671985815602837
RT_DIALOG	0x74310	0x250	data	English	United States	0.5456081081081081
RT_DIALOG	0x74560	0x154	data	English	United States	0.6176470588235294
RT_DIALOG	0x746b8	0x94	data	English	United States	0.7162162162162162
RT_DIALOG	0x74750	0xd8	data	English	United States	0.6342592592592593
RT_STRING	0x74828	0x56	data	English	United States	0.7209302325581395
RT_ACCELERATOR	0x74880	0x10	data	English	United States	1.25
RT_GROUP_ICON	0x74890	0xae	data	English	United States	0.603448275862069
RT_VERSION	0x74940	0x4a0	data	English	United States	0.36824324324324326

DLL	Import
KERNEL32.dll	GetCurrentDirectoryW, GetCurrentDirectoryA, WaitForSingleObject, GetFileAttributesA, GetOEMCP, GetComputerNameW, GetTickCount, GetACP, GetStringTypeW, GetStringTypeA, LoadLibraryA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetCPInfo, CreateProcessA, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, FlushFileBuffers, IsBadWritePtr, VirtualAlloc, SetStdHandle, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetProcAddress, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, WideCharToMultiByte, HeapFree, HeapSize, GetLastError, SetFileTime, LocalFileTimeToFileTime, GetFullPathNameW, GetFullPathNameA, GetTempPathW, GetTempPathA, GetModuleFileNameW, DeleteFileW, DeleteFileA, SetFilePointer, GetFileAttributesW, CreateDirectoryW, SetCurrentDirectoryW, SetCurrentDirectoryA, SetFileAttributesW, RemoveDirectoryW, CreateDirectoryA, SetFileAttributesA, GetExitCodeProcess, CreateFileA, Sleep, GetLocalTime, GetEnvironmentStrings, FreeEnvironmentStringsW, FormatMessageA, GetModuleFileNameA, CloseHandle, SetEndOfFile, ReadFile, WriteFile, GetFileSize, FileTimeToSystemTime, SystemTimeToFileTime, GetCurrentProcess, TerminateProcess, GetVersionExA, CreateFileW, GetCurrentThreadId, RtlUnwind, ExitProcess, HeapReAlloc, HeapAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, GetTimeZoneInformation
USER32.dll	GetMessageA, RegisterClassExW, PostMessageA, SetTimer, GetDlgItemTextA, LoadStringA, DefWindowProcA, DestroyWindow, BeginPaint, EndPaint, GetDlgItemTextW, SetWindowTextW, MoveWindow, SetDlgItemTextW, EnableWindow, SetDlgItemTextA, EndDialog, PostQuitMessage, MessageBoxW, GetDesktopWindow, GetWindowRect, CopyRect, OffsetRect, SetWindowPos, CreateWindowExW, DialogBoxParamW, LoadCursorA, LoadStringW, TranslateMessage, DispatchMessageA, MessageBoxA, SendMessageA, GetDlgItem
SHELL32.dll	ShellExecuteExW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc
ADVAPI32.dll	CryptReleaseContext, CryptGenRandom, GetUserNameA, CryptAcquireContextA

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 18:05:55.810580969 CEST	1.1.1.1	192.168.2.16	0x1ed	No error (0)	transactions.services.xerox.com	transactions-services.idns-ext.xerox.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 18:05:55.810580969 CEST	1.1.1.1	192.168.2.16	0x1ed	No error (0)	transactions-services.idns-ext.xerox.com		13.14.0.17	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-08 16:05:56 UTC	81	OUT	GET / HTTP/1.1 Host: transactions.services.xerox.com Connection: Keep-Alive
2024-10-08 16:05:56 UTC	285	IN	HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Mon, 25 Apr 2022 09:17:49 GMT Accept-Ranges: bytes ETag: "a6312f558558d81:0" Server: X-Powered-By: X-ASPNET-VERSION: X-AspNetMvc-Version: Date: Tue, 08 Oct 2024 16:05:48 GMT Connection: close Content-Length: 703
2024-10-08 16:05:56 UTC	703	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 49 49 53 20 57 69 6e 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>IIS Wind

Timestamp	Bytes transferred	Direction	Data
2024-10-08 16:05:57 UTC	138	OUT	GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=1bb4b441-967b-455b-8874-10a3a6ff206e HTTP/1.1 Host: transactions.services.xerox.com
2024-10-08 16:05:57 UTC	271	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 43673552 Content-Type: text/html Server: X-AspNet-Version: content-disposition: attachment; filename=test.exe X-Powered-By: X-AspNetMvc-Version: Date: Tue, 08 Oct 2024 16:05:50 GMT Connection: close
2024-10-08 16:05:57 UTC	16113	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 05 29 83 fb 41 48 ed a8 41 48 ed a8 41 48 ed a8 f5 d4 1c a8 4c 48 ed a8 f5 d4 1e a8 da 48 ed a8 f5 d4 1f a8 5c 48 ed a8 7a 16 ee a9 56 48 ed a8 7a 16 e8 a9 7a 48 ed a8 7a 16 e9 a9 63 48 ed a8 9c b7 26 a8 50 48 ed a8 41 48 ec a8 8d 48 ed a8 d6 16 e4 a9 50 48 ed a8 d3 16 12 a8 40 48 ed a8 41 48 7a a8 43 48 ed a8 d6 16 ef a9 40 48 ed a8 52 69 63 68 41 48 ed a8 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$)AHAHAHLHH\HzVHzzHzcH&PHAHHPH@HAHzCH@HRichAH
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 3b c7 76 24 83 f9 08 72 04 8b 06 eb 02 8b c6 ff 75 10 2b f8 8b ce d1 ff 57 56 ff 75 08 e8 4d 04 00 00 5f 5e 5d c2 0c 00 8b 4e 10 3b 4d 08 0f 82 a3 00 00 00 8b c1 53 8b 5d 10 f7 d0 3b c3 0f 86 9d 00 00 00 85 db 0f 84 82 00 00 00 8d 04 19 8b ce 6a 00 50 89 45 0c e8 b3 dc ff ff 84 c0 74 6e 8b 46 14 83 f8 08 72 07 8b 0e 89 4d 10 eb 03 89 75 10 83 f8 08 72 04 8b 16 eb 02 8b d6 8b 46 10 8b 4d 08 2b c1 74 1c 03 c0 50 8b 45 10 8d 04 48 50 8d 04 19 8d 04 42 50 e8 92 58 01 00 8b 4d 08 83 c4 0c 83 7e 14 08 72 04 8b 16 eb 02 8b d6 85 db 74 11 8d 04 1b 50 8d 04 4a 57 50 e8 9e 63 01 00 83 c4 0c ff 75 0c 8b ce e8 c1 dc ff ff 5b 5f 8b c6 5e 5d c2 0c 00 68 9c 63 44 00 e8 45 28 01 00 68 8c 63 44 00 e8 1b 28 01 00 cc cc cc cc 55 8b ec 56 57 8b 7d 08 8b f1 85 ff 74 48 8b 4e Data Ascii: ;v$ru+WVuM_^]N;MS];jPEtnFrMurFM+tPEHPBPXM~rtPJWPcu[_^]hcDE(hcD(UVW}tHN
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: ff 0f 43 85 d4 f7 ff ff 66 83 3c 48 2e 75 0e 6a 01 51 8d 8d d4 f7 ff ff e8 a2 9d ff ff 83 7f 58 69 8d 8d 8c f7 ff ff c7 85 3c f5 ff ff 21 27 00 00 0f 94 c3 c6 45 fc 0b e8 c2 94 ff ff 8b 47 58 83 f8 06 74 09 83 f8 6a 0f 85 b8 00 00 00 68 34 6d 44 00 8d 8d 8c f7 ff ff be b0 58 41 00 e8 bc 95 ff ff 8d 95 8c f7 ff ff c6 45 fc 11 8d 8d bc f7 ff ff e8 77 22 00 00 50 8d 8d d4 f7 ff ff e8 cb 93 ff ff 8b 85 d0 f7 ff ff 83 f8 08 72 13 40 8d 8d bc f7 ff ff 50 ff b5 bc f7 ff ff e8 0d 9c ff ff 8b 85 e4 f7 ff ff 85 c0 74 3a 8d 48 ff 3b c1 77 0a 68 9c 63 44 00 e8 69 e8 00 00 83 bd e8 f7 ff ff 08 8d 85 d4 f7 ff ff 0f 43 85 d4 f7 ff ff 66 83 3c 48 2e 75 0e 6a 01 51 8d 8d d4 f7 ff ff e8 d9 9c ff ff 83 7f 58 6a 8d 8d 8c f7 ff ff c7 85 3c f5 ff ff 22 27 00 00 0f 94 c3 c6 45 Data Ascii: Cf<H.ujQXi<!'EGXtjh4mDXAEw"Pr@Pt:H;whcDiCf<H.ujQXj<"'E
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 3d 00 10 00 00 0f 82 86 00 00 00 f6 45 d8 1f 74 5c e8 0a 0e 01 00 8d 45 d8 8a 00 88 45 d7 0f b6 f0 eb d0 83 7d ec 10 8d 45 d8 8b 4d d8 8b 75 e8 0f 43 c1 8b 55 d0 2b f2 03 f0 85 f6 7e 1f 90 ff 77 4c 0f be 44 16 ff 4e 50 e8 99 4b 01 00 83 c4 08 85 f6 7e 05 8b 55 d0 eb e5 8b 4d d8 0f b6 75 d7 eb 90 68 8c 63 44 00 e8 99 a8 00 00 8b 41 fc 3b c1 72 05 e8 a7 0d 01 00 2b c8 83 f9 04 73 05 e8 9b 0d 01 00 83 f9 23 76 05 e8 91 0d 01 00 8b c8 51 e8 ce ba 00 00 83 c4 04 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b 4d f0 33 cd e8 5f ba 00 00 8b e5 5d c3 cc cc cc cc cc cc cc 56 8b f1 8b 46 1c 8b 08 85 c9 74 10 8b 46 2c 8b 00 03 c1 3b c8 73 05 0f b6 01 5e c3 8b 06 8b ce 57 ff 50 1c 8b f8 83 ff ff 75 05 5f 0b c0 5e c3 8b 06 8b ce 57 ff 50 10 8b c7 5f 5e c3 cc cc cc Data Ascii: =Et\EE}EMuCU+~wLDNPK~UMuhcDA;r+s#vQMdY_^[M3_]VFtF,;s^WPu_^WP_^
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc e9 1b 0a 00 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b f1 57 8b 7d 08 c7 06 00 00 00 00 c7 46 04 00 00 00 00 c7 46 08 00 00 00 00 85 ff 74 33 81 ff ff ff ff 7f 77 33 57 e8 20 23 ff ff 89 06 8d 14 3f 89 46 04 8b 06 03 c2 89 46 08 85 ff 74 0f 8b cf 33 c0 8b 3e d1 e9 f3 ab 13 c9 66 f3 ab 01 56 04 5f 8b c6 5e 5d c2 04 00 68 ac 7a 44 00 e8 80 68 00 00 cc cc cc cc cc cc cc cc cc 55 8b ec 51 ff 75 08 83 c1 18 c7 45 fc 00 00 00 00 e8 ba 0a 00 00 8b 45 08 8b e5 5d c2 04 00 cc 55 8b ec 6a ff 68 36 8a 43 00 64 a1 00 00 00 00 50 56 57 a1 70 e0 44 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f9 8b 47 98 8d 4f b0 8b 40 04 c7 44 38 98 24 7b 44 00 8b 47 98 8b 50 04 8d 42 98 89 44 3a 94 c7 47 b0 d4 7a 44 00 e8 b0 09 00 00 Data Ascii: ]UVW}FFt3w3W #?FFt3>fV_^]hzDhUQuEE]Ujh6CdPVWpD3PEdGO@D8${DGPBD:GzD
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 74 10 8a 4f 01 88 48 01 c6 40 02 00 8b c6 5f 5e 5d c3 c0 e1 03 f6 d1 80 e1 20 80 c9 58 88 48 01 c6 40 02 00 8b c6 5f 5e 5d c3 cc cc cc cc cc 55 8b ec 6a ff 68 fc 96 43 00 64 a1 00 00 00 00 50 83 ec 58 a1 70 e0 44 00 33 c5 89 45 f0 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 8b 4d 24 8b 45 0c 8b 75 18 8b 7d 20 89 45 9c 89 75 a0 89 7d a8 89 4d bc 85 c9 74 11 8a 07 3c 2b 74 04 3c 2d 75 07 bb 01 00 00 00 eb 02 33 db 8b 46 14 25 00 30 00 00 3d 00 30 00 00 74 07 ba 38 7d 44 00 eb 22 8d 43 02 ba 3c 7d 44 00 3b c1 77 16 80 3c 1f 30 75 10 8a 4c 1f 01 80 f9 78 74 05 80 f9 58 75 02 8b d8 52 57 e8 b7 d3 00 00 89 45 a4 b8 2e 00 00 00 66 89 45 b8 e8 ec d3 00 00 8b 00 8a 00 88 45 b8 8d 45 b8 50 57 e8 95 d3 00 00 83 c4 10 8b f8 8d 45 ac 8b ce 50 e8 75 9a ff ff 50 c7 45 fc 00 Data Ascii: tOH@_^] XH@_^]UjhCdPXpD3ESVWPEdM$Eu} Eu}Mt<+t<-u3F%0=0t8}D"C<}D;w<0uLxtXuRWE.fEEEPWEPuPE
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 5d c3 55 8b ec f6 45 08 01 56 8b f1 c7 06 7c d6 43 00 74 0a 6a 0c 56 e8 08 fb ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 5d e9 04 fb ff ff e9 32 fb ff ff 53 56 57 6a 00 68 a0 0f 00 00 68 b4 f3 44 00 e8 72 46 00 00 83 c4 0c 68 2c b2 43 00 ff 15 c0 a1 43 00 8b f0 85 f6 0f 84 8c 00 00 00 68 6c b4 43 00 56 ff 15 20 a2 43 00 68 bc b4 43 00 56 8b d8 ff 15 20 a2 43 00 68 a0 b4 43 00 56 8b f8 ff 15 20 a2 43 00 8b f0 85 db 74 37 85 ff 74 33 85 f6 74 2f 83 25 d0 f3 44 00 00 8b cb 68 cc f3 44 00 e8 c7 01 00 00 ff d3 57 e8 43 00 00 00 56 a3 d4 f3 44 00 e8 38 00 00 00 59 59 a3 d8 f3 44 00 eb 16 33 c0 50 50 6a 01 50 ff 15 08 a2 43 00 a3 d0 f3 44 00 85 c0 74 11 68 01 8c 41 00 e8 09 ff ff ff 59 5f 5e 33 c0 5b c3 6a 07 e8 42 06 00 00 cc 55 8b ec a1 70 e0 44 00 83 e0 1f 6a Data Ascii: ]UEV\|CtjVYY^]U]2SVWjhhDrFh,CChlCV ChCV ChCV Ct7t3t/%DhDWCVD8YYD3PPjPCDthAY_^3[jBUpDj
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: b6 42 f7 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 28 f4 ff ff 0f b6 4e f8 0f b6 42 f8 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 02 f4 ff ff 8b 46 f9 3b 42 f9 0f 84 81 00 00 00 0f b6 f8 0f b6 42 f9 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 d5 f3 ff ff 0f b6 7e fa 0f b6 42 fa 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 b3 f3 ff ff 0f b6 7e fb 0f b6 42 fb 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 91 f3 ff ff 0f b6 4e fc 0f b6 42 fc 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6b f3 ff ff 0f b6 7e fd 0f b6 42 fd 2b f8 74 16 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff 85 c9 0f 85 49 f3 ff ff 0f b6 42 Data Ascii: B+t3M(NB+t3E3F;BB+t3M~B+t3M~B+t3MNB+t3E3k~B+t3MIB
2024-10-08 16:05:57 UTC	271	IN	Data Raw: ff ff 5d c2 04 00 8b ff 55 8b ec 83 01 fe 66 8b 45 08 8b 09 66 85 c0 74 15 66 39 01 74 10 e8 ad 0c 00 00 c7 00 16 00 00 00 e8 e2 cd ff ff 5d c2 04 00 83 39 00 75 13 e8 94 0c 00 00 c7 00 16 00 00 00 e8 c9 cd ff ff 32 c0 c3 b0 01 c3 8b ff 55 8b ec 51 6a 01 6a 0a 51 51 8b c4 6a 00 ff 75 08 50 e8 5e 22 00 00 83 c4 0c 6a 00 e8 89 f8 ff ff 83 c4 14 8b e5 5d c3 8b ff 55 8b ec 51 6a 01 6a 0a 51 51 8b c4 6a 00 ff 75 08 50 e8 34 22 00 00 83 c4 0c 6a 00 e8 37 f6 ff ff 83 c4 14 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 52 d8 ff ff 8d 45 f4 50 6a 04 ff 75 08 e8 5f f5 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 1a d8 ff ff 8d 45 f4 50 6a 02 ff 75 08 e8 27 f5 ff ff 83 c4 0c 80 7d Data Ascii: ]UfEftf9t]9u2UQjjQQjuP^"j]UQjjQQjuP4"j7]UuMREPju_}tMP]UuMEPju'}
2024-10-08 16:05:57 UTC	16384	IN	Data Raw: 5d c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 e2 d7 ff ff 8d 45 f4 50 6a 01 ff 75 08 e8 ef f4 ff ff 83 c4 0c 80 7d fc 00 74 0a 8b 4d f0 83 a1 50 03 00 00 fd 8b e5 5d c3 8b ff 55 8b ec a1 68 fa 44 00 85 c0 74 0e 6a 00 ff 75 08 e8 40 ff ff ff 59 59 5d c3 8b 4d 08 a1 f0 e1 44 00 0f b7 04 48 83 e0 04 5d c3 8b ff 55 8b ec a1 68 fa 44 00 85 c0 74 0e 6a 00 ff 75 08 e8 4b ff ff ff 59 59 5d c3 8b 4d 08 a1 f0 e1 44 00 0f b7 04 48 83 e0 02 5d c3 8b ff 55 8b ec a1 68 fa 44 00 85 c0 74 0e 6a 00 ff 75 08 e8 56 ff ff ff 59 59 5d c3 8b 4d 08 a1 f0 e1 44 00 0f b7 04 48 83 e0 01 5d c3 8b ff 55 8b ec 51 51 56 8b 75 08 85 f6 75 14 e8 ec 0a 00 00 c7 00 16 00 00 00 e8 21 cc ff ff 33 c0 eb 57 83 7d 0c 01 75 f6 83 65 f8 00 8d 45 f8 83 65 fc 00 53 50 e8 f2 82 00 00 8b 4d f8 Data Ascii: ]UuMEPju}tMP]UhDtju@YY]MDH]UhDtjuKYY]MDH]UhDtjuVYY]MDH]UQQVuu!3W}ueEeSPM

Timestamp	Bytes transferred	Direction	Data
2024-10-08 16:06:29 UTC	138	OUT	GET /XeroxAutoUpdate/DownloadFile.aspx?DownLoadID=11c27bc5-ae02-43fe-93a0-af3015e8a46c HTTP/1.1 Host: transactions.services.xerox.com
2024-10-08 16:06:29 UTC	268	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 47280 Content-Type: text/html Server: X-AspNet-Version: content-disposition: attachment; filename=test.exe X-Powered-By: X-AspNetMvc-Version: Date: Tue, 08 Oct 2024 16:06:22 GMT Connection: close
2024-10-08 16:06:29 UTC	16116	IN	Data Raw: 50 4b 03 04 2d 00 00 00 08 00 74 a7 cf 58 4c 9b 18 d6 ff ff ff ff ff ff ff ff 08 00 14 00 6c 6f 67 6f 2e 70 6e 67 01 00 10 00 f1 26 00 00 00 00 00 00 a7 24 00 00 00 00 00 00 9d 7a 07 54 53 db b3 77 68 a1 43 6c f4 12 82 28 28 01 12 7a ef 4d ba 70 55 9a 94 24 14 29 81 10 3a 84 00 d2 a4 89 22 48 ef 88 0d 29 52 04 69 82 74 09 55 ba a1 0a 2a 48 ef ed 0b f7 7f ef fd be f7 d6 f7 fe 6f bd 77 d6 3a e7 ec 32 7b f6 cc 9e d9 bf 3d 73 d6 89 31 36 d4 66 a4 e3 a0 03 00 00 8c ba 3a 1a b7 01 00 72 66 52 59 81 06 48 7a ce 9a 99 47 93 5e b4 1e 3a e6 5e 00 00 fd a5 f3 9b 0c 90 9e c9 06 00 50 fe 76 36 bb 87 bd 67 a0 2f 87 40 bb 89 d8 21 d1 f6 28 11 3f 37 0f c0 f9 a5 a0 ec e7 61 87 70 41 61 c1 f6 28 47 67 77 45 c8 5a 7d 13 04 ec 8c 54 84 dc 95 34 10 33 f0 50 47 39 39 eb 04 60 Data Ascii: PK-tXLlogo.png&$zTSwhCl((zMpU$):"H)RitU*How:2{=s16f:rfRYHzG^:^Pv6g/@!(?7apAa(GgwEZ}T43PG99`
2024-10-08 16:06:29 UTC	16384	IN	Data Raw: 39 31 40 87 22 94 5c cd a7 fd 29 5f d7 0f ab 65 d0 5d 3e d7 0e 6a f9 6e 2c 6e 6e 63 63 78 d0 64 41 45 2b 02 f0 1c 55 76 22 e6 af 01 7f 1b f0 23 c1 b2 d3 f2 c2 84 38 ce a0 7a 9c 42 37 99 5f aa 5f 6d 7f f2 75 42 8b d9 a1 a7 18 15 57 38 d4 b2 01 e8 19 e5 0d ff 64 9c 15 88 59 64 20 17 d2 4c 02 d3 bf 53 b8 7a 0b cc 14 a1 52 b2 8f a1 f4 3c 7f 3d 5e 3f e5 4b 2c f7 31 0b 45 85 03 05 c8 62 a7 38 f7 e8 ca 67 a8 a0 88 38 bb b2 14 eb 1f c8 63 bd 38 17 2d 8c b1 c8 c8 70 53 3c 57 20 92 a9 a0 f2 a8 d4 4c 6e fc 37 d9 a0 fe 3b 70 f8 1e d4 1d 18 c5 81 d9 2e 9a 07 c7 9e cb 5d df 90 b3 9d f6 02 58 76 35 dd b5 df 6d 94 9f ab a3 25 49 8d 4f 81 fc fa b6 3e 38 5d 92 c2 7d b3 21 55 e1 c2 19 ef 09 e3 d9 54 1d b1 85 b3 7f d7 f3 63 56 b9 70 df 06 ca 0c e4 60 0e 26 7b d8 af 84 68 71 Data Ascii: 91@"\)_e]>jn,nnccxdAE+Uv"#8zB7__muBW8dYd LSzR<=^?K,1Eb8g8c8-pS<W Ln7;p.]Xv5m%IO>8]}!UTcVp`&{hq
2024-10-08 16:06:29 UTC	14780	IN	Data Raw: 8d 73 48 65 a5 1e 1e 35 0c ce ec 03 90 2d c0 e0 71 0e 0e dc 7a de cc a4 63 d7 59 c9 a9 82 f2 3b 7f b7 05 0f a2 e6 04 c6 ee 45 08 f0 9a eb ec 62 e5 a0 b0 aa 50 32 62 1e 19 2d a6 30 e4 dc eb 07 8b fb 22 3a a8 34 5a a4 26 22 c6 31 d6 6b 34 a0 ca 25 eb b8 95 1d 8b 89 26 bd 56 47 73 4c 45 f5 bc ad 1c 3e fd 26 0e ec 64 1c 25 12 11 f3 96 4c 5c 9f be 74 94 dc 71 07 aa d3 37 62 7f 02 0c 23 e9 9a 07 f1 0e e0 be 70 4b 7c 46 18 19 42 ec 80 11 2f cf 5a 9c a3 a5 50 15 73 15 3e 89 ff ff 8b 7b cf 48 0f 11 c6 35 f1 e7 8f d6 fd d0 27 3b 49 49 0a 47 5e 41 64 22 ca 81 95 fc 7f 4e 01 16 c5 49 f7 6b d1 c0 98 76 9b d8 cf 81 d0 25 b0 0a ec 51 4a fc 77 c0 02 7d f4 8e 06 c3 6c 38 c0 00 d6 54 4e 76 c8 ae 20 4b 9e 34 22 ed e0 3d ac 79 76 a2 b8 ac 48 3b ce b9 8a d4 94 43 2f a2 22 ed Data Ascii: sHe5-qzcY;EbP2b-0":4Z&"1k4%&VGsLE>&d%L\tq7b#pK\|FB/ZPs>{H5';IIG^Ad"NIkv%QJw}l8TNv K4"=yvH;C/"

Target ID:	0
Start time:	12:05:48
Start date:	08/10/2024
Path:	C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\XDA_CDS v6.8.54_SE.exe"
Imagebase:	0x400000
File size:	890'856 bytes
MD5 hash:	5F0A52B6484CD9D70421A3AC1389F220
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	12:06:29
Start date:	08/10/2024
Path:	C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\DSC\Xerox Device Agent Partner Edition (XDA PE) v6.8.54.exe" /L1033 /v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false
Imagebase:	0xc90000
File size:	43'673'552 bytes
MD5 hash:	FBCAE8A69E9363EAEECE61DBF97D066D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report XDA_CDS v6.8.54_SE.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\6834c4.rbs

C:\Program Files (x86)\CDS\XDA_CDS\Images\logo.png

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\Interop.IWshRuntimeLibrary.dll

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\ServiceRecoveryCommand.txt

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\ShortcutXDA.exe

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\ApplyBranding-XDAPE.sql

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\BrandingTask.exe

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe.config

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\Microsoft.VC90.CRT.manifest

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT.64\msvcr90.dll

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Microsoft.VC90.CRT\msvcr90.dll

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\SetDatabaseOptions.sql

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.64.dll

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\System.Data.SqlServerCe.dll

C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\Xerox.Security.Cryptography.dll

Windows Analysis Report
XDA_CDS v6.8.54_SE.exe

Target ID:	11
Start time:	12:06:38
Start date:	08/10/2024
Path:	C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe
Wow64 process (32bit):	false
Commandline:	/prereqcheck /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped
Imagebase:	0x400000
File size:	43'009'536 bytes
MD5 hash:	740220BE9C7EB7266701109C1A762F66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	12
Start time:	12:06:48
Start date:	08/10/2024
Path:	C:\Users\user\AppData\Local\Temp\C62BCD12-CEDF-448E-ACEE-31D7748E3F75\Setup.exe
Wow64 process (32bit):	false
Commandline:	/v"XMLLocation=\"C:\Users\user\AppData\Local\Temp\DSC\xrs.val\"" SKIPLC=false /L1033 LOG="C:\ProgramData\Xerox\InstallLogs\Xerox_XDA_6.8.54_08_10_2024_1728410229.txt" /bootstrapped
Imagebase:	0x370000
File size:	43'009'536 bytes
MD5 hash:	740220BE9C7EB7266701109C1A762F66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	15
Start time:	12:06:58
Start date:	08/10/2024
Path:	C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\bfcc5xtj.2w0\lq2brwcq.eam\dbVersionDetect.exe" SQLCE
Imagebase:	0x10000
File size:	34'816 bytes
MD5 hash:	1120ED381A9D0F6E818E3C8762501CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	16
Start time:	12:06:59
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	17
Start time:	12:07:02
Start date:	08/10/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff709b10000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	18
Start time:	12:07:03
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 398AEE39D053096B8B7CCBB4A051E035
Imagebase:	0xd40000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	20
Start time:	12:07:07
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSI48B8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6834390 8 CustomAction!CustomActionsShared.ExecuteSequence.ExecuteBegin
Imagebase:	0x2a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	21
Start time:	12:07:11
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSI55F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6837765 14 CustomAction!CustomActionsShared.ExecuteSequence.SilentExecuteValidations
Imagebase:	0x2a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	22
Start time:	12:07:26
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSI90D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6852843 20 CustomAction!CustomActionsShared.ExecuteSequence.InstallExecuteSeq
Imagebase:	0x2a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	23
Start time:	12:07:29
Start date:	08/10/2024
Path:	C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DbCreate.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\CDS\XDA_CDS\InstallerSupport\database\DBCreate.exe" SQLCE
Imagebase:	0x1d5a3600000
File size:	28'395'520 bytes
MD5 hash:	ADE887FAF60C4EAB240D15A4A40BAAF0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true