Spawning `c:\test\foo.exe foo.exe`... Instrumenting... sub_4c04: Loaded handler at "C:\\test\\__handlers__\\foo.exe\\sub_4c04.js" sub_4e70: Loaded handler at "C:\\test\\__handlers__\\foo.exe\\sub_4e70.js" sub_4fac: Loaded handler at "C:\\test\\__handlers__\\foo.exe\\sub_4fac.js" sub_4c48: Loaded handler at "C:\\test\\__handlers__\\foo.exe\\sub_4c48.js" Started tracing 4 functions. Press Ctrl+C to stop. [LStrAsg/sub_4c04]"Jan" [LStrAsg/sub_4c04]"January" [LStrAsg/sub_4c04]"Feb" [LStrAsg/sub_4c04]"February" [LStrAsg/sub_4c04]"Mar" [LStrAsg/sub_4c04]"March" [LStrAsg/sub_4c04]"Apr" [LStrAsg/sub_4c04]"April" [LStrAsg/sub_4c04]"May" [LStrAsg/sub_4c04]"May" [LStrAsg/sub_4c04]"Jun" [LStrAsg/sub_4c04]"June" [LStrAsg/sub_4c04]"Jul" [LStrAsg/sub_4c04]"July" [LStrAsg/sub_4c04]"Aug" [LStrAsg/sub_4c04]"August" [LStrAsg/sub_4c04]"Sep" [LStrAsg/sub_4c04]"September" [LStrAsg/sub_4c04]"Oct" [LStrAsg/sub_4c04]"October" [LStrAsg/sub_4c04]"Nov" [LStrAsg/sub_4c04]"November" [LStrAsg/sub_4c04]"Dec" [LStrAsg/sub_4c04]"December" [LStrAsg/sub_4c04]"Sun" [LStrAsg/sub_4c04]"Sunday" [LStrAsg/sub_4c04]"Mon" [LStrAsg/sub_4c04]"Monday" [LStrAsg/sub_4c04]"Tue" [LStrAsg/sub_4c04]"Tuesday" [LStrAsg/sub_4c04]"Wed" [LStrAsg/sub_4c04]"Wednesday" [LStrAsg/sub_4c04]"Thu" [LStrAsg/sub_4c04]"Thursday" [LStrAsg/sub_4c04]"Fri" [LStrAsg/sub_4c04]"Friday" [LStrAsg/sub_4c04]"Sat" [LStrAsg/sub_4c04]"Saturday" [LStrAsg/sub_4c04]"$" [LStrAsg/sub_4c04]"M/d/yyyy" [LStrAsg/sub_4c04]"M/d/yyyy" [LStrAsg/sub_4c04]"dddd, MMMM d, yyyy" [LStrAsg/sub_4c04]"dddd, MMMM d, yyyy" [LStrAsg/sub_4c04]"AM" [LStrAsg/sub_4c04]"PM" [LStrLAsg/sub_4c48]"h" [LStrLAsg/sub_4c48]" AMPM" [LStrAsg/sub_4c04]"h:mm AMPM" [LStrAsg/sub_4c04]"h:mm:ss AMPM" [LStrAsg/sub_4c04]"Delphi00001FA0" [LStrAsg/sub_4c04]"ControlOfs004000000000173C" [LStrAsg/sub_4c04]"1bSiin33Cnh0N4rD2rG5he" [LStrAsg/sub_4c04]"http://" [LStrAsg/sub_4c04]"https://" [LStrAsg/sub_4c04]"Content-Type: application/x-www-form-urlencoded" [LStrAsg/sub_4c04]"Accept-Encoding: gzip" [LStrAsg/sub_4c04]"URL" [LStrAsg/sub_4c04]"CIS" [LStrAsg/sub_4c04]"CAB" [LStrAsg/sub_4c04]"$foo.exe$" [LStrAsg/sub_4c04]"$foo.exe$" [LStrAsg/sub_4c04]"\\\\.\\pipe\\" {'type': 'error', 'description': "Error: can't decode byte 0xa8 in position 0", 'stack': "Error: can't decode byte 0xa8 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"\\\\.\\pipe\\_Default_foo" [LStrAsg/sub_4c04]"\\\\.\\pipe\\_Default_foo" [LStrAsg/sub_4c04]"Form1" [LStrAsg/sub_4c04]"Form1" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblFormTitle" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"pnlMain" [LStrAsg/sub_4c04]"PageControl1" [LStrAsg/sub_4c04]"TabSheet3" [LStrAsg/sub_4c04]"TabSheet1" [LStrAsg/sub_4c04]"pnlWelcome" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblWelcome" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label11" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label14" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label15" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"BtnWelcomeNext" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Panel3" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"wmf" [LStrAsg/sub_4c04]"Metafiles" [LStrAsg/sub_4c04]"emf" [LStrAsg/sub_4c04]"Enhanced Metafiles" [LStrAsg/sub_4c04]"ico" [LStrAsg/sub_4c04]"Icons" [LStrAsg/sub_4c04]"bmp" [LStrAsg/sub_4c04]"Bitmaps" [LStrAsg/sub_4c04]"imgLeftBanner" [LStrAsg/sub_4c04]"TabSheet2" [LStrAsg/sub_4c04]"pnlLicense" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Bevel1" [LStrAsg/sub_4c04]"Panel5" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label1" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblLicenceTop" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnLicenseBack" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnLicenseAgree" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Image2" [LStrAsg/sub_4c04]"True" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel6" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label2" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel8" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel9" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblLicenseBottom" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel7" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"reLicense" [LStrAsg/sub_4c04]"TabSheet3" [LStrAsg/sub_4c04]"pnlSelectDir" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Bevel4" [LStrAsg/sub_4c04]"Panel12" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label10" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblFolderTop" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image3" [LStrAsg/sub_4c04]"True" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnSelectDirBack" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnSelectDirInstall" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Panel13" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblFolderMid" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel14" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel15" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel17" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel10" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel22" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnBrows" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"ebDir" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Panel16" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"cbStartMenu" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"cbCreatequickLaunch" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"cbCreateDesktopIcon" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"CheckBox1" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Panel19" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel23" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel1" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel2" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblAvail" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblRequired" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"TabSheet4" [LStrAsg/sub_4c04]"pnlBabylon" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel30" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image9" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnBabylonAccept" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnBabylonBack" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"Panel31" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image10" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label23" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label20" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label24" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"lblLicenseLink" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel32" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel33" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"cbInstallBabylon" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel34" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label19" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"TabSheet5" [LStrAsg/sub_4c04]"pnlDownload" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel20" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label12" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label13" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image4" [LStrAsg/sub_4c04]"True" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Panel18" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"imgDownloadScreen" [LStrAsg/sub_4c04]"prbDownload" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"ProgressBar3" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"TabSheet6" [LStrAsg/sub_4c04]"pnlSweetIM" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label3" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image1" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label4" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label5" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label6" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label8" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label9" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label16" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label17" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image5" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnSweetIMAccept" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnSweetIMBack" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label21" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label22" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label25" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnSweetIMSkip" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label18" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label26" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image6" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label27" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label7" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"cbSweetIMHM" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"cbSweetIMSR" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"TabSheet7" [LStrAsg/sub_4c04]"pnlFaceMoods" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"Image7" [LStrAsg/sub_4c04]"True" [LStrCmp/sub_4fac]"TBitmap" "TBitmap" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label28" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"btnFMSkip" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnFMBack" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"btnFMAccept" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label29" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label30" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label31" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]"True" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label32" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label33" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]" " [LStrAsg/sub_4c04]"Label34" [LStrAsg/sub_4c04]"False" [LStrAsg/sub_4c04]"tmrDownload" [LStrAsg/sub_4c04]"tmrOverall" [LStrLAsg/sub_4c48]"TabSheet3" [LStrAsg/sub_4c04]"0I1C1F1G0S1F2Y1C1R1P0C0S" [LStrAsg/sub_4c04]"IRVER=3.09" [LStrAsg/sub_4c04]"INST_NAME=FLVP \r\nDN_DATE=20100611 \r\nCC_SRC=SE \r\nNT_SRC=M \r\nAD_TYP= \r\nREF_DM= \r\nCHNL= \r\nCDATA=download " [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrAsg/sub_4c04]"NT_SRC=M " [LStrAsg/sub_4c04]"AD_TYP= " [LStrAsg/sub_4c04]"REF_DM= " [LStrAsg/sub_4c04]"CHNL= " [LStrAsg/sub_4c04]"CDATA=download " [LStrLAsg/sub_4c48]"inst_name" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "inst_name" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrLAsg/sub_4c48]"FLVP" [LStrCmp/sub_4fac]"YTDN" "FLVP" [LStrCmp/sub_4fac]"VDDN" "FLVP" [LStrCmp/sub_4fac]"Y2MP3" "FLVP" [LStrCmp/sub_4fac]"EMULEEX" "FLVP" [LStrCmp/sub_4fac]"PDFC" "FLVP" [LStrCmp/sub_4fac]"VLCA" "FLVP" [LStrCmp/sub_4fac]"FLVP" "FLVP" [LStrAsg/sub_4c04]"FLVP" [LStrAsg/sub_4c04]"Flash FLV Player" [LStrAsg/sub_4c04]"Flash Player" [LStrAsg/sub_4c04]"Flash Player" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"vlccfg.exe" [LStrAsg/sub_4c04]"/i /a:flv;" [LStrAsg/sub_4c04]"vlc.exe" [LStrLAsg/sub_4c48]"dn_date" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "dn_date" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "dn_date" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrAsg/sub_4c04]"&DN_DATE=20100611" [LStrLAsg/sub_4c48]"cc_src" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "cc_src" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "cc_src" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "cc_src" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrAsg/sub_4c04]"&CC_SRC=SE" [LStrLAsg/sub_4c48]"nt_src" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "nt_src" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "nt_src" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "nt_src" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"nt_src" "nt_src" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrAsg/sub_4c04]"&NT_SRC=M" [LStrLAsg/sub_4c48]"ad_typ" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "ad_typ" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "ad_typ" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "ad_typ" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"nt_src" "ad_typ" [LStrAsg/sub_4c04]"AD_TYP= " [LStrLAsg/sub_4c48]"AD_TYP= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ad_typ" "ad_typ" [LStrAsg/sub_4c04]"AD_TYP= " [LStrLAsg/sub_4c48]"AD_TYP= " [LStrLAsg/sub_4c48]"=" [LStrLAsg/sub_4c48]"cdata" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "cdata" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "cdata" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "cdata" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"nt_src" "cdata" [LStrAsg/sub_4c04]"AD_TYP= " [LStrLAsg/sub_4c48]"AD_TYP= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ad_typ" "cdata" [LStrAsg/sub_4c04]"REF_DM= " [LStrLAsg/sub_4c48]"REF_DM= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ref_dm" "cdata" [LStrAsg/sub_4c04]"CHNL= " [LStrLAsg/sub_4c48]"CHNL= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"chnl" "cdata" [LStrAsg/sub_4c04]"CDATA=download " [LStrLAsg/sub_4c48]"CDATA=DOWNLOAD " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cdata" "cdata" [LStrAsg/sub_4c04]"CDATA=download " [LStrLAsg/sub_4c48]"CDATA=DOWNLOAD " [LStrLAsg/sub_4c48]"=" [LStrAsg/sub_4c04]"&CDATA=download" [LStrLAsg/sub_4c48]"ref_dm" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "ref_dm" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "ref_dm" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "ref_dm" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"nt_src" "ref_dm" [LStrAsg/sub_4c04]"AD_TYP= " [LStrLAsg/sub_4c48]"AD_TYP= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ad_typ" "ref_dm" [LStrAsg/sub_4c04]"REF_DM= " [LStrLAsg/sub_4c48]"REF_DM= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ref_dm" "ref_dm" [LStrAsg/sub_4c04]"REF_DM= " [LStrLAsg/sub_4c48]"REF_DM= " [LStrLAsg/sub_4c48]"=" [LStrLAsg/sub_4c48]"chnl" [LStrAsg/sub_4c04]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"INST_NAME=FLVP " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"inst_name" "chnl" [LStrAsg/sub_4c04]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"DN_DATE=20100611 " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"dn_date" "chnl" [LStrAsg/sub_4c04]"CC_SRC=SE " [LStrLAsg/sub_4c48]"CC_SRC=SE " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"cc_src" "chnl" [LStrAsg/sub_4c04]"NT_SRC=M " [LStrLAsg/sub_4c48]"NT_SRC=M " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"nt_src" "chnl" [LStrAsg/sub_4c04]"AD_TYP= " [LStrLAsg/sub_4c48]"AD_TYP= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ad_typ" "chnl" [LStrAsg/sub_4c04]"REF_DM= " [LStrLAsg/sub_4c48]"REF_DM= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"ref_dm" "chnl" [LStrAsg/sub_4c04]"CHNL= " [LStrLAsg/sub_4c48]"CHNL= " [LStrLAsg/sub_4c48]"=" [LStrCmp/sub_4fac]"chnl" "chnl" [LStrAsg/sub_4c04]"CHNL= " [LStrLAsg/sub_4c48]"CHNL= " [LStrLAsg/sub_4c48]"=" [LStrAsg/sub_4c04]"1M2Z2Z1EzxtEtE2X1RtF1L2W1C1L2Z1P2W1P1StF1R1F1HtE2X1B1R1C1L1E2ZtE2X1P1C1R1M1P1R1JtF1E1B1R" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"Software" [LStrAsg/sub_4c04]"Software" [LStrLAsg/sub_4c48]"Software" [LStrAsg/sub_4c04]"Software" [LStrCat/sub_4e70]"P" "\\" [LStrAsg/sub_4c04]"Software\\" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrCmp/sub_4fac]"1527253296" "1527253296" [LStrLAsg/sub_4c48]"Software\\Clients\\StartMenuInternet" [LStrAsg/sub_4c04]"Software\\Clients\\StartMenuInternet" [LStrLAsg/sub_4c48]"Software\\Clients\\StartMenuInternet" [LStrLAsg/sub_4c48]"Software\\Clients\\StartMenuInternet" [LStrAsg/sub_4c04]"Software\\Clients\\StartMenuInternet" [LStrLAsg/sub_4c48]"Software\\Clients\\StartMenuInternet" [LStrLAsg/sub_4c48]"iexplore.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\sihost.exe" [LStrLAsg/sub_4c48]"sihost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "sihost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "svchost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"iexplore.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\ctfmon.exe" [LStrLAsg/sub_4c48]"ctfmon.exe" [LStrCmp/sub_4fac]"iexplore.exe" "ctfmon.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\explorer.exe" [LStrLAsg/sub_4c48]"explorer.exe" [LStrCmp/sub_4fac]"iexplore.exe" "explorer.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe" [LStrLAsg/sub_4c48]"startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\systemapps\\microsoft.windows.search_cw5n1h2txyewy\\searchapp.exe" [LStrLAsg/sub_4c48]"searchapp.exe" [LStrCmp/sub_4fac]"iexplore.exe" "searchapp.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\securityhealthsystray.exe" [LStrLAsg/sub_4c48]"securityhealthsystray.exe" [LStrCmp/sub_4fac]"iexplore.exe" "securityhealthsystray.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\program files\\vmware\\vmware tools\\vmtoolsd.exe" [LStrLAsg/sub_4c48]"vmtoolsd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "vmtoolsd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" [LStrLAsg/sub_4c48]"shellexperiencehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "shellexperiencehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\oobe\\useroobebroker.exe" [LStrLAsg/sub_4c48]"useroobebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "useroobebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\applicationframehost.exe" [LStrLAsg/sub_4c48]"applicationframehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "applicationframehost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\systemapps\\microsoftwindows.client.cbs_cw5n1h2txyewy\\inputapp\\textinputhost.exe" [LStrLAsg/sub_4c48]"textinputhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "textinputhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\tc\\totalcmd64.exe" [LStrLAsg/sub_4c48]"totalcmd64.exe" [LStrCmp/sub_4fac]"iexplore.exe" "totalcmd64.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "conhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"iexplore.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvshnotify.exe" [LStrLAsg/sub_4c48]"appvshnotify.exe" [LStrCmp/sub_4fac]"iexplore.exe" "appvshnotify.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "dllhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\ph\\processhacker.exe" [LStrLAsg/sub_4c48]"processhacker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "processhacker.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "cmd.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "conhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "svchost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\program files\\common files\\microsoft shared\\ink\\tabtip.exe" [LStrLAsg/sub_4c48]"tabtip.exe" [LStrCmp/sub_4fac]"iexplore.exe" "tabtip.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\helppane.exe" [LStrLAsg/sub_4c48]"helppane.exe" [LStrCmp/sub_4fac]"iexplore.exe" "helppane.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "dllhost.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\python\\scripts\\frida-trace.exe" [LStrLAsg/sub_4c48]"frida-trace.exe" [LStrCmp/sub_4fac]"iexplore.exe" "frida-trace.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\python\\python.exe" [LStrLAsg/sub_4c48]"python.exe" [LStrCmp/sub_4fac]"iexplore.exe" "python.exe" [LStrCmp/sub_4fac]"iexplore.exe" "c:\\test\\foo.exe" [LStrLAsg/sub_4c48]"foo.exe" [LStrCmp/sub_4fac]"iexplore.exe" "foo.exe" [LStrCmp/sub_4fac]"IEXPLORE.EXE" "IEXPLORE.EXE" [LStrLAsg/sub_4c48]"skype.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\sihost.exe" [LStrLAsg/sub_4c48]"sihost.exe" [LStrCmp/sub_4fac]"skype.exe" "sihost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"skype.exe" "svchost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"skype.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\ctfmon.exe" [LStrLAsg/sub_4c48]"ctfmon.exe" [LStrCmp/sub_4fac]"skype.exe" "ctfmon.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\explorer.exe" [LStrLAsg/sub_4c48]"explorer.exe" [LStrCmp/sub_4fac]"skype.exe" "explorer.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe" [LStrLAsg/sub_4c48]"startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"skype.exe" "startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\systemapps\\microsoft.windows.search_cw5n1h2txyewy\\searchapp.exe" [LStrLAsg/sub_4c48]"searchapp.exe" [LStrCmp/sub_4fac]"skype.exe" "searchapp.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\securityhealthsystray.exe" [LStrLAsg/sub_4c48]"securityhealthsystray.exe" [LStrCmp/sub_4fac]"skype.exe" "securityhealthsystray.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\program files\\vmware\\vmware tools\\vmtoolsd.exe" [LStrLAsg/sub_4c48]"vmtoolsd.exe" [LStrCmp/sub_4fac]"skype.exe" "vmtoolsd.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" [LStrLAsg/sub_4c48]"shellexperiencehost.exe" [LStrCmp/sub_4fac]"skype.exe" "shellexperiencehost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\oobe\\useroobebroker.exe" [LStrLAsg/sub_4c48]"useroobebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "useroobebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\applicationframehost.exe" [LStrLAsg/sub_4c48]"applicationframehost.exe" [LStrCmp/sub_4fac]"skype.exe" "applicationframehost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\systemapps\\microsoftwindows.client.cbs_cw5n1h2txyewy\\inputapp\\textinputhost.exe" [LStrLAsg/sub_4c48]"textinputhost.exe" [LStrCmp/sub_4fac]"skype.exe" "textinputhost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\tc\\totalcmd64.exe" [LStrLAsg/sub_4c48]"totalcmd64.exe" [LStrCmp/sub_4fac]"skype.exe" "totalcmd64.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"skype.exe" "conhost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"skype.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvshnotify.exe" [LStrLAsg/sub_4c48]"appvshnotify.exe" [LStrCmp/sub_4fac]"skype.exe" "appvshnotify.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"skype.exe" "dllhost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\ph\\processhacker.exe" [LStrLAsg/sub_4c48]"processhacker.exe" [LStrCmp/sub_4fac]"skype.exe" "processhacker.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "cmd.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"skype.exe" "conhost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"skype.exe" "svchost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\program files\\common files\\microsoft shared\\ink\\tabtip.exe" [LStrLAsg/sub_4c48]"tabtip.exe" [LStrCmp/sub_4fac]"skype.exe" "tabtip.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\helppane.exe" [LStrLAsg/sub_4c48]"helppane.exe" [LStrCmp/sub_4fac]"skype.exe" "helppane.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"skype.exe" "dllhost.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\python\\scripts\\frida-trace.exe" [LStrLAsg/sub_4c48]"frida-trace.exe" [LStrCmp/sub_4fac]"skype.exe" "frida-trace.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\python\\python.exe" [LStrLAsg/sub_4c48]"python.exe" [LStrCmp/sub_4fac]"skype.exe" "python.exe" [LStrCmp/sub_4fac]"skype.exe" "c:\\test\\foo.exe" [LStrLAsg/sub_4c48]"foo.exe" [LStrCmp/sub_4fac]"skype.exe" "foo.exe" [LStrLAsg/sub_4c48]"firefox.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\sihost.exe" [LStrLAsg/sub_4c48]"sihost.exe" [LStrCmp/sub_4fac]"firefox.exe" "sihost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"firefox.exe" "svchost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"firefox.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\ctfmon.exe" [LStrLAsg/sub_4c48]"ctfmon.exe" [LStrCmp/sub_4fac]"firefox.exe" "ctfmon.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\explorer.exe" [LStrLAsg/sub_4c48]"explorer.exe" [LStrCmp/sub_4fac]"firefox.exe" "explorer.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe" [LStrLAsg/sub_4c48]"startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\systemapps\\microsoft.windows.search_cw5n1h2txyewy\\searchapp.exe" [LStrLAsg/sub_4c48]"searchapp.exe" [LStrCmp/sub_4fac]"firefox.exe" "searchapp.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\securityhealthsystray.exe" [LStrLAsg/sub_4c48]"securityhealthsystray.exe" [LStrCmp/sub_4fac]"firefox.exe" "securityhealthsystray.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\program files\\vmware\\vmware tools\\vmtoolsd.exe" [LStrLAsg/sub_4c48]"vmtoolsd.exe" [LStrCmp/sub_4fac]"firefox.exe" "vmtoolsd.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" [LStrLAsg/sub_4c48]"shellexperiencehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "shellexperiencehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\oobe\\useroobebroker.exe" [LStrLAsg/sub_4c48]"useroobebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "useroobebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\applicationframehost.exe" [LStrLAsg/sub_4c48]"applicationframehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "applicationframehost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\systemapps\\microsoftwindows.client.cbs_cw5n1h2txyewy\\inputapp\\textinputhost.exe" [LStrLAsg/sub_4c48]"textinputhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "textinputhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\tc\\totalcmd64.exe" [LStrLAsg/sub_4c48]"totalcmd64.exe" [LStrCmp/sub_4fac]"firefox.exe" "totalcmd64.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "conhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"firefox.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvshnotify.exe" [LStrLAsg/sub_4c48]"appvshnotify.exe" [LStrCmp/sub_4fac]"firefox.exe" "appvshnotify.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "dllhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\ph\\processhacker.exe" [LStrLAsg/sub_4c48]"processhacker.exe" [LStrCmp/sub_4fac]"firefox.exe" "processhacker.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "cmd.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "conhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"firefox.exe" "svchost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\program files\\common files\\microsoft shared\\ink\\tabtip.exe" [LStrLAsg/sub_4c48]"tabtip.exe" [LStrCmp/sub_4fac]"firefox.exe" "tabtip.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\helppane.exe" [LStrLAsg/sub_4c48]"helppane.exe" [LStrCmp/sub_4fac]"firefox.exe" "helppane.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "dllhost.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\python\\scripts\\frida-trace.exe" [LStrLAsg/sub_4c48]"frida-trace.exe" [LStrCmp/sub_4fac]"firefox.exe" "frida-trace.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\python\\python.exe" [LStrLAsg/sub_4c48]"python.exe" [LStrCmp/sub_4fac]"firefox.exe" "python.exe" [LStrCmp/sub_4fac]"firefox.exe" "c:\\test\\foo.exe" [LStrLAsg/sub_4c48]"foo.exe" [LStrCmp/sub_4fac]"firefox.exe" "foo.exe" [LStrLAsg/sub_4c48]"outlook.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\sihost.exe" [LStrLAsg/sub_4c48]"sihost.exe" [LStrCmp/sub_4fac]"outlook.exe" "sihost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"outlook.exe" "svchost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"outlook.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\ctfmon.exe" [LStrLAsg/sub_4c48]"ctfmon.exe" [LStrCmp/sub_4fac]"outlook.exe" "ctfmon.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\explorer.exe" [LStrLAsg/sub_4c48]"explorer.exe" [LStrCmp/sub_4fac]"outlook.exe" "explorer.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe" [LStrLAsg/sub_4c48]"startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\systemapps\\microsoft.windows.search_cw5n1h2txyewy\\searchapp.exe" [LStrLAsg/sub_4c48]"searchapp.exe" [LStrCmp/sub_4fac]"outlook.exe" "searchapp.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\securityhealthsystray.exe" [LStrLAsg/sub_4c48]"securityhealthsystray.exe" [LStrCmp/sub_4fac]"outlook.exe" "securityhealthsystray.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\program files\\vmware\\vmware tools\\vmtoolsd.exe" [LStrLAsg/sub_4c48]"vmtoolsd.exe" [LStrCmp/sub_4fac]"outlook.exe" "vmtoolsd.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" [LStrLAsg/sub_4c48]"shellexperiencehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "shellexperiencehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\oobe\\useroobebroker.exe" [LStrLAsg/sub_4c48]"useroobebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "useroobebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\applicationframehost.exe" [LStrLAsg/sub_4c48]"applicationframehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "applicationframehost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\systemapps\\microsoftwindows.client.cbs_cw5n1h2txyewy\\inputapp\\textinputhost.exe" [LStrLAsg/sub_4c48]"textinputhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "textinputhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\tc\\totalcmd64.exe" [LStrLAsg/sub_4c48]"totalcmd64.exe" [LStrCmp/sub_4fac]"outlook.exe" "totalcmd64.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "conhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"outlook.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvshnotify.exe" [LStrLAsg/sub_4c48]"appvshnotify.exe" [LStrCmp/sub_4fac]"outlook.exe" "appvshnotify.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "dllhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\ph\\processhacker.exe" [LStrLAsg/sub_4c48]"processhacker.exe" [LStrCmp/sub_4fac]"outlook.exe" "processhacker.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "cmd.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "conhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"outlook.exe" "svchost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\program files\\common files\\microsoft shared\\ink\\tabtip.exe" [LStrLAsg/sub_4c48]"tabtip.exe" [LStrCmp/sub_4fac]"outlook.exe" "tabtip.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\helppane.exe" [LStrLAsg/sub_4c48]"helppane.exe" [LStrCmp/sub_4fac]"outlook.exe" "helppane.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "dllhost.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\python\\scripts\\frida-trace.exe" [LStrLAsg/sub_4c48]"frida-trace.exe" [LStrCmp/sub_4fac]"outlook.exe" "frida-trace.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\python\\python.exe" [LStrLAsg/sub_4c48]"python.exe" [LStrCmp/sub_4fac]"outlook.exe" "python.exe" [LStrCmp/sub_4fac]"outlook.exe" "c:\\test\\foo.exe" [LStrLAsg/sub_4c48]"foo.exe" [LStrCmp/sub_4fac]"outlook.exe" "foo.exe" [LStrLAsg/sub_4c48]"chrome.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\sihost.exe" [LStrLAsg/sub_4c48]"sihost.exe" [LStrCmp/sub_4fac]"chrome.exe" "sihost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"chrome.exe" "svchost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"chrome.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\ctfmon.exe" [LStrLAsg/sub_4c48]"ctfmon.exe" [LStrCmp/sub_4fac]"chrome.exe" "ctfmon.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\explorer.exe" [LStrLAsg/sub_4c48]"explorer.exe" [LStrCmp/sub_4fac]"chrome.exe" "explorer.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe" [LStrLAsg/sub_4c48]"startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "startmenuexperiencehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\systemapps\\microsoft.windows.search_cw5n1h2txyewy\\searchapp.exe" [LStrLAsg/sub_4c48]"searchapp.exe" [LStrCmp/sub_4fac]"chrome.exe" "searchapp.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\securityhealthsystray.exe" [LStrLAsg/sub_4c48]"securityhealthsystray.exe" [LStrCmp/sub_4fac]"chrome.exe" "securityhealthsystray.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\program files\\vmware\\vmware tools\\vmtoolsd.exe" [LStrLAsg/sub_4c48]"vmtoolsd.exe" [LStrCmp/sub_4fac]"chrome.exe" "vmtoolsd.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" [LStrLAsg/sub_4c48]"shellexperiencehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "shellexperiencehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\oobe\\useroobebroker.exe" [LStrLAsg/sub_4c48]"useroobebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "useroobebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\runtimebroker.exe" [LStrLAsg/sub_4c48]"runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "runtimebroker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\applicationframehost.exe" [LStrLAsg/sub_4c48]"applicationframehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "applicationframehost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\systemapps\\microsoftwindows.client.cbs_cw5n1h2txyewy\\inputapp\\textinputhost.exe" [LStrLAsg/sub_4c48]"textinputhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "textinputhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\tc\\totalcmd64.exe" [LStrLAsg/sub_4c48]"totalcmd64.exe" [LStrCmp/sub_4fac]"chrome.exe" "totalcmd64.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "conhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\taskhostw.exe" [LStrLAsg/sub_4c48]"taskhostw.exe" [LStrCmp/sub_4fac]"chrome.exe" "taskhostw.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvshnotify.exe" [LStrLAsg/sub_4c48]"appvshnotify.exe" [LStrCmp/sub_4fac]"chrome.exe" "appvshnotify.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "dllhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\ph\\processhacker.exe" [LStrLAsg/sub_4c48]"processhacker.exe" [LStrCmp/sub_4fac]"chrome.exe" "processhacker.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\cmd.exe" [LStrLAsg/sub_4c48]"cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "cmd.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\conhost.exe" [LStrLAsg/sub_4c48]"conhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "conhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\svchost.exe" [LStrLAsg/sub_4c48]"svchost.exe" [LStrCmp/sub_4fac]"chrome.exe" "svchost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\program files\\common files\\microsoft shared\\ink\\tabtip.exe" [LStrLAsg/sub_4c48]"tabtip.exe" [LStrCmp/sub_4fac]"chrome.exe" "tabtip.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\helppane.exe" [LStrLAsg/sub_4c48]"helppane.exe" [LStrCmp/sub_4fac]"chrome.exe" "helppane.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\windows\\system32\\dllhost.exe" [LStrLAsg/sub_4c48]"dllhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "dllhost.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\python\\scripts\\frida-trace.exe" [LStrLAsg/sub_4c48]"frida-trace.exe" [LStrCmp/sub_4fac]"chrome.exe" "frida-trace.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\python\\python.exe" [LStrLAsg/sub_4c48]"python.exe" [LStrCmp/sub_4fac]"chrome.exe" "python.exe" [LStrCmp/sub_4fac]"chrome.exe" "c:\\test\\foo.exe" [LStrLAsg/sub_4c48]"foo.exe" [LStrCmp/sub_4fac]"chrome.exe" "foo.exe" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrAsg/sub_4c04]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\SOFTWARE\\AOL\\AIM\\6" [LStrAsg/sub_4c04]"\\SOFTWARE\\AOL\\AIM\\6" [LStrLAsg/sub_4c48]"\\SOFTWARE\\AOL\\AIM\\6" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows Live\\Messenger\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows Live\\Messenger\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows Live\\Messenger\\" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Microsoft\\MSNMessenger\\" [LStrAsg/sub_4c04]"\\SOFTWARE\\Microsoft\\MSNMessenger\\" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Microsoft\\MSNMessenger\\" [LStrLAsg/sub_4c48]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\763626625_IronSourceCS.CIS" [LStrAsg/sub_4c04]"45057616" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"." [LStrCmp/sub_4fac]".CIS" ".CIS" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"BBN_13054" [LStrLAsg/sub_4c48]"Software\\Microsoft\\Internet Explorer\\Main" [LStrAsg/sub_4c04]"Software\\Microsoft\\Internet Explorer\\Main" [LStrLAsg/sub_4c48]"Software\\Microsoft\\Internet Explorer\\Main" [LStrLAsg/sub_4c48]"go.microsoft.com" [LStrLAsg/sub_4c48]"GO.MICROSOFT.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"GO.MICROSOFT" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"microsoft.com" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\1998269946.cfg" [LStrAsg/sub_4c04]"c" [LStrLAsg/sub_4c48]"HTTP://USDNLD.DTDAY.COM/VLC-8.0.5.CIS\tC:\\USERS\\<>\\APPDATA\\LOCAL\\TEMP\\IS799009782\\763565571_IRONSOURCECS.CIS" [LStrLAsg/sub_4c48]"\t" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrCmp/sub_4fac]"http://usdnld.dtday.com/vlc-8.0.5.CIS" "http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrLAsg/sub_4c48]"HTTP://USDNLD.DTDAY.COM/VLC-8.0.5.CIS\tC:\\USERS\\<>\\APPDATA\\LOCAL\\TEMP\\IS799009782\\763565571_IRONSOURCECS.CIS" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [LStrLAsg/sub_4c48]"\t" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [LStrLAsg/sub_4c48]"www.bing.com" [LStrLAsg/sub_4c48]"WWW.BING.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\1998269946.cfg" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS\tC:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\763626625_IronSourceCS.CIS" [LStrLAsg/sub_4c48]"1M2Z2Z1EzxtEtE2Y1B1Q1G1I1QtF1Q2Z1Q1T2UtF1R1F1HtE2X1I1RtGzztFtDtFyDtF0C0I0SZQ0Czx1Y0U1B1P1C1B1Y0N1T2Z1T1B1M1T1Y0A1E1E0D1T2Z1T1Y0L1F1R1T1I1Y0T1P1H1E1Y1L1ByBzyzytDtDzyyBzztB1YyByCtAyCtByCyCtByD1V0I1C1F1G0S1F2Y1C1R1P0C0StF0C0I0S" [LStrLAsg/sub_4c48]"WWW.BING" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"bing.com" [LStrLAsg/sub_4c48]"Software\\SweetIM" [LStrAsg/sub_4c04]"Software\\SweetIM" [LStrLAsg/sub_4c48]"Software\\SweetIM" [LStrLAsg/sub_4c48]"Software\\SweetIM" [LStrAsg/sub_4c04]"Software\\SweetIM" [LStrLAsg/sub_4c48]"Software\\SweetIM" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrAsg/sub_4c04]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrLAsg/sub_4c48]"\\SOFTWARE\\Babylon\\Babylon Client\\DefaultSettings" [LStrLAsg/sub_4c48]"rr" [LStrAsg/sub_4c04]"rr" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrLAsg/sub_4c48]"FOO.EXE" [LStrLAsg/sub_4c48]"RR:" [LStrAsg/sub_4c04]"/" [LStrCmp/sub_4fac]"foo.exe" "/rr" [LStrCmp/sub_4fac]"foo.exe" "rr" [LStrAsg/sub_4c04]"AC=" [LStrCmp/sub_4fac]"192.168.59.2" "0.0.0.0" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" {'type': 'error', 'description': "Error: can't decode byte 0x00 in position 0", 'stack': "Error: can't decode byte 0x00 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"00" {'type': 'error', 'description': "Error: can't decode byte 0xba in position 2", 'stack': "Error: can't decode byte 0xba in position 2\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} {'type': 'error', 'description': "Error: can't decode byte 0x98 in position 0", 'stack': "Error: can't decode byte 0x98 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} {'type': 'error', 'description': "Error: can't decode byte 0x98 in position 0", 'stack': "Error: can't decode byte 0x98 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} {'type': 'error', 'description': "Error: can't decode byte 0x98 in position 0", 'stack': "Error: can't decode byte 0x98 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} {'type': 'error', 'description': "Error: can't decode byte 0x98 in position 0", 'stack': "Error: can't decode byte 0x98 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"000C29B7C622" [LStrAsg/sub_4c04]"000C29B7C622" [LStrCmp/sub_4fac]"000C29B7C622" "000000000000" [LStrCmp/sub_4fac]"000C29B7C622" "FFFFFFFFFFFF" [LStrCmp/sub_4fac]"000C29B7C622" "005345000000" [LStrAsg/sub_4c04]"000C29B7C622" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrAsg/sub_4c04]"UID=000C29B7C622&WV=6.3" [LStrAsg/sub_4c04]"http://vc.iwriteweb.com/vscript/vercheck.psc?pcrc=1446340354" [LStrAsg/sub_4c04]"1" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrAsg/sub_4c04]"usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" {'type': 'error', 'description': "Error: can't decode byte 0xe1 in position 1", 'stack': "Error: can't decode byte 0xe1 in position 1\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"POST" {'type': 'error', 'description': "Error: can't decode byte 0x00 in position 37", 'stack': "Error: can't decode byte 0x00 in position 37\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"Accept: */*\r\nHost: vc.iwriteweb.com\r\n" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\763626710_IronSourceCS.CIS" [LStrCmp/sub_4fac]"45057616" "45057712" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"." [LStrCmp/sub_4fac]".CIS" ".CIS" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\1830191082.cfg" [LStrLAsg/sub_4c48]"HTTP://USDNLD.DTDAY.COM/BUNDLE\\BABYLON8_13054.CIS\tC:\\USERS\\<>\\APPDATA\\LOCAL\\TEMP\\IS799009782\\763565617_IRONSOURCECS.CIS" [LStrLAsg/sub_4c48]"\t" [LStrAsg/sub_4c04]"45057712" [LStrAsg/sub_4c04]"AC=" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrCmp/sub_4fac]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" "http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrLAsg/sub_4c48]"HTTP://USDNLD.DTDAY.COM/BUNDLE\\BABYLON8_13054.CIS\tC:\\USERS\\<>\\APPDATA\\LOCAL\\TEMP\\IS799009782\\763565617_IRONSOURCECS.CIS" [LStrLAsg/sub_4c48]"\t" [LStrAsg/sub_4c04]"000C29B7C622" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\1830191082.cfg" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis\tC:\\Users\\<>\\AppData\\Local\\Temp\\is799009782\\763626710_IronSourceCS.CIS" [LStrLAsg/sub_4c48]"1M2Z2Z1EzxtEtE2Y1B1Q1G1I1QtF1Q2Z1Q1T2UtF1R1F1HtE0B2Y1G1Q1I1P1Y0B1T1S2U1I1F1Gzz1VtCtAtDyDyEtF1R1L1BZQ0Czx1Y0U1B1P1C1B1Y0N1T2Z1T1B1M1T1Y0A1E1E0D1T2Z1T1Y0L1F1R1T1I1Y0T1P1H1E1Y1L1ByBzyzytDtDzyyBzztB1YyByCtAyCtByCyBtCtD1V0I1C1F1G0S1F2Y1C1R1P0C0StF0C0I0S" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrAsg/sub_4c04]"UID=000C29B7C622&WV=6.3" [LStrAsg/sub_4c04]"http://vc.iwriteweb.com/vscript/vercheck.psc?pcrc=2089279958" [LStrAsg/sub_4c04]"1" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"Welcome" [LStrAsg/sub_4c04]"License" [LStrAsg/sub_4c04]"SelectDir" [LStrAsg/sub_4c04]"Babylon" [LStrAsg/sub_4c04]"Download" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"SweetIM" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" {'type': 'error', 'description': "Error: can't decode byte 0xe2 in position 1", 'stack': "Error: can't decode byte 0xe2 in position 1\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"FaceMoods" [LStrAsg/sub_4c04]"POST" [LStrAsg/sub_4c04]"Flash FLV Player" [LStrCmp/sub_4fac]"Setup Wizard" "Flash FLV Player Setup" {'type': 'error', 'description': "Error: can't decode byte 0x00 in position 37", 'stack': "Error: can't decode byte 0x00 in position 37\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1}[LStrCmp/sub_4fac]"foo" "Flash FLV Player Setup" [LStrAsg/sub_4c04]"Accept: */*\r\nHost: vc.iwriteweb.com\r\n" [LStrLAsg/sub_4c48]"Welcome to the $SOFT_NAME Setup Wizard" [LStrAsg/sub_4c04]"Welcome to the Flash FLV Player" [LStrCmp/sub_4fac]"Welcome to the $SOFT_NAME Setup Wizard" "Welcome to the Flash FLV Player Setup Wizard" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows\\CurrentVersion" [LStrAsg/sub_4c04]"C:\\Program Files (x86)\\Flash Player\\" [LStrCmp/sub_4fac]"ebDir" "C:\\Program Files (x86)\\Flash Player\\" [LStrAsg/sub_4c04]"5.90" [LStrAsg/sub_4c04]"Space required: " [LStrCmp/sub_4fac]" Space required:" "Space required: 5.90MB" [LStrAsg/sub_4c04]"56.18" [LStrAsg/sub_4c04]"Space available: " [LStrCmp/sub_4fac]" Space available:" "Space available: 56.18GB" [LStrAsg/sub_4c04]"Welcome" [LStrAsg/sub_4c04]"License" [LStrAsg/sub_4c04]"SelectDir" [LStrAsg/sub_4c04]"Babylon" [LStrAsg/sub_4c04]"Download" [LStrAsg/sub_4c04]"SweetIM" [LStrAsg/sub_4c04]"FaceMoods" [LStrLAsg/sub_4c48]"dir" [LStrAsg/sub_4c04]"dir" [LStrLAsg/sub_4c48]"FOO.EXE" [LStrLAsg/sub_4c48]"DIR:" [LStrAsg/sub_4c04]"/" [LStrCmp/sub_4fac]"foo.exe" "/dir" [LStrCmp/sub_4fac]"foo.exe" "dir" [LStrAsg/sub_4c04]"pnlWelcome" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/Bundle\\Babylon8_13054.cis" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrAsg/sub_4c04]"http://usdnld.dtday.com/vlc-8.0.5.CIS" [LStrAsg/sub_4c04]"Range: bytes=0-102399" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"99" "\r\n" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrAsg/sub_4c04]"FLVP" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrAsg/sub_4c04]"FLVP" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]" /RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1BtTtL2VzzyCtK1Y0F1I1T1B1MtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB " [LStrLAsg/sub_4c48]" /RR /DIR:0CZX1Y0P1C1F1N1C1T1HTT0F1L1I1P1BTTTL2VZZYCTK1Y0F1I1T1B1MTT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB " [LStrLAsg/sub_4c48]" /BNDL:" [LStrLAsg/sub_4c48]"BBN_13054 /EB " [LStrLAsg/sub_4c48]" " [LStrCmp/sub_4fac]"BBN_13054" "BBN_13054" [LStrAsg/sub_4c04]"/RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1BtTtL2VzzyCtK1Y0F1I1T1B1MtT0P1I1T2U1P1C1Y /BNDL:BBN_13054" [LStrAsg/sub_4c04]"/RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1BtTtL2VzzyCtK1Y0F1I1T1B1MtT0P1I1T2U1P1C1Y /BNDL:BBN_13054" [LStrLAsg/sub_4c48]"/RR /DIR:0Czx1Y0P1C1F1N1C1T1HtT0F1L1I1P1BtTtL2VzzyCtK1Y0F1I1T1B1MtT0P1I1T2U1P1C1Y /BNDL:BBN_13054 /EB" [LStrLAsg/sub_4c48]"C:\\Users\\<>\\AppData\\Local\\Temp\\Reinstal\\" [LStrAsg/sub_4c04]"C:\\Users\\<>\\AppData\\Local\\Temp\\Reinstal\\" [LStrAsg/sub_4c04]"Continue Flash Player Installation" [LStrLAsg/sub_4c48]"C:\\USERS\\<>\\APPDATA\\LOCAL\\TEMP\\REINSTAL\\FOO.EXE" [LStrLAsg/sub_4c48]"\\" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"Software" [LStrAsg/sub_4c04]"Software" [LStrLAsg/sub_4c48]"Software" [LStrAsg/sub_4c04]"Software" [LStrAsg/sub_4c04]"Software\\" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrAsg/sub_4c04]"FLVP" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrLAsg/sub_4c48]"usdnld.dtday.com" [LStrLAsg/sub_4c48]"USDNLD.DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrLAsg/sub_4c48]"USDNLD.DTDAY" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"dtday.com" [LStrLAsg/sub_4c48]"dtday.com" [LStrLAsg/sub_4c48]"DTDAY.COM" [LStrLAsg/sub_4c48]"." [LStrAsg/sub_4c04]"Software\\" [LStrAsg/sub_4c04]"FLVP" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"Software\\Dtday" [LStrLAsg/sub_4c48]"Software\\Dtday" [LStrAsg/sub_4c04]"IRVER=3.09&DN_DATE=20100611&CC_SRC=SE&NT_SRC=M&CDATA=download&IM=&IMUCnt=-1&BRW=IEXPLORE.EXE&IEDef=1&IEHome=microsoft.com&HasLM=1&IERun=0&SKRun=0&FFRun=0&OLRun=0&CHRun=0&RName=c%3A%5Ctest%5Cfoo.exe&Lang=English&DSrPrv=bing.com&ABTST=&PG=pnlWelcome" [LStrAsg/sub_4c04]"BBN_13054" [LStrAsg/sub_4c04]"IRVER=3.09&DN_DATE=20100611&CC_SRC=SE&NT_SRC=M&CDATA=download&IM=&IMUCnt=-1&BRW=IEXPLORE.EXE&IEDef=1&IEHome=microsoft.com&HasLM=1&IERun=0&SKRun=0&FFRun=0&OLRun=0&CHRun=0&RName=c%3A%5Ctest%5Cfoo.exe&Lang=English&DSrPrv=bing.com&ABTST=&PG=pnlWelcome" [LStrAsg/sub_4c04]"IRVER=3.09&DN_DATE=20100611&CC_SRC=SE&NT_SRC=M&CDATA=download&IM=&IMUCnt=-1&BRW=IEXPLORE.EXE&IEDef=1&IEHome=microsoft.com&HasLM=1&IERun=0&SKRun=0&FFRun=0&OLRun=0&CHRun=0&RName=c%3A%5Ctest%5Cfoo.exe&Lang=English&DSrPrv=bing.com&ABTST=&PG=pnlWelcome" [LStrAsg/sub_4c04]"FLVP" [LStrAsg/sub_4c04]"IRVER=3.09&DN_DATE=20100611&CC_SRC=SE&NT_SRC=M&CDATA=download&IM=&IMUCnt=-1&BRW=IEXPLORE.EXE&IEDef=1&IEHome=microsoft.com&HasLM=1&IERun=0&SKRun=0&FFRun=0&OLRun=0&CHRun=0&RName=c%3A%5Ctest%5Cfoo.exe&Lang=English&DSrPrv=bing.com&ABTST=&PG=pnlWelcome" [LStrAsg/sub_4c04]"45057616" [LStrAsg/sub_4c04]"45057712" [LStrAsg/sub_4c04]"45057616" [LStrCmp/sub_4fac]"BBN_13054" "BBN_13054" [LStrLAsg/sub_4c48]"FLVP" [LStrCmp/sub_4fac]"FLVP" "BBN_13054" [LStrLAsg/sub_4c48]"BBN_13054" [LStrAsg/sub_4c04]"AC=" [LStrAsg/sub_4c04]"000C29B7C622" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrAsg/sub_4c04]"UID=000C29B7C622&WV=6.3" {'type': 'error', 'description': "Error: can't decode byte 0xc0 in position 0", 'stack': "Error: can't decode byte 0xc0 in position 0\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1}[LStrAsg/sub_4c04]"POST" {'type': 'error', 'description': "Error: can't decode byte 0x00 in position 37", 'stack': "Error: can't decode byte 0x00 in position 37\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"Accept: */*\r\nHost: vc.iwriteweb.com\r\n" [LStrAsg/sub_4c04]"AC=" [LStrAsg/sub_4c04]"000C29B7C622" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrAsg/sub_4c04]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"\\Software\\Microsoft\\Windows NT\\CurrentVersion\\" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrLAsg/sub_4c48]"6.3" [LStrAsg/sub_4c04]"6.3" [LStrAsg/sub_4c04]"UID=000C29B7C622&WV=6.3" {'type': 'error', 'description': "Error: can't decode byte 0xe1 in position 1", 'stack': "Error: can't decode byte 0xe1 in position 1\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"POST" {'type': 'error', 'description': "Error: can't decode byte 0x00 in position 36", 'stack': "Error: can't decode byte 0x00 in position 36\n at (frida/runtime/core.js:138)\n at onEnter (:10)\n at call (native)\n at invokeNativeHandler (agent.ts:308)\n at onEnter (agent.ts:273)", 'fileName': 'frida/runtime/core.js', 'lineNumber': 138, 'columnNumber': 1} [LStrAsg/sub_4c04]"Accept: */*\r\nHost: vc.iwriteweb.com\r\n" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrCmp/sub_4fac]"usdnld.dtday.com" "usdnld.dtday.com" [LStrAsg/sub_4c04]"45057712" [LStrCmp/sub_4fac]"45057712" "45057616" [LStrCmp/sub_4fac]"45057616" "45057616" [LStrCmp/sub_4fac]"45057616" "45057616" [LStrCmp/sub_4fac]"45057616" "45057712" [LStrCmp/sub_4fac]"45057712" "45057712" [LStrCmp/sub_4fac]"45057712" "45057712" [LStrAsg/sub_4c04]"Welcome" [LStrAsg/sub_4c04]"License" [LStrAsg/sub_4c04]"SelectDir" [LStrAsg/sub_4c04]"Babylon" [LStrAsg/sub_4c04]"Download" [LStrAsg/sub_4c04]"SweetIM" [LStrAsg/sub_4c04]"FaceMoods" [LStrCmp/sub_4fac]"_|PIPETERMINTE|_" "_|PIPETERMINTE|_" Process terminated