3.4
中危
56 个模型检测该样本为恶意!
重新分析
更多

0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e

0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe

分析耗时

270s

最近分析

388天前

文件大小

455.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM GRAFTOR
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Vitro 20190911 18.4.3895.0
Baidu Win32.Worm.Autorun.s 20190318 1.0.0.2
CrowdStrike None 20190702 1.0
Kingsoft Win32.Virut.xj.36864 20190911 2013.8.14.323
McAfee W32/Autorun.worm.br 20190911 6.0.6.653
Tencent None 20190911 1.0.0.1
静态指标
观察到命令行控制台输出 (44 个事件)
Time & API Arguments Status Return Repeated
1727545348.093375
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545348.1875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545353.062375
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545353.171125
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545358.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545358.140875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545363.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545363.156875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545368.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545368.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545373.062375
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545373.140875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545378.10975
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545378.14025
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545383.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545383.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545388.07875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545388.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545393.078375
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545393.140875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545398.07875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545398.156875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545403.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545403.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545408.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545408.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545413.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545413.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545418.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545418.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545423.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545423.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545428.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545428.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545433.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545433.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545438.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545438.140875
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545443.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545443.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545448.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545448.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545453.06275
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
1727545453.12525
WriteConsoleW
console_handle: 0x00000007
buffer: 操作成功完成。
success 1 0
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报) (3 个事件)
section CODE
section DATA
section BSS
一个或多个进程崩溃 (6 个事件)
Time & API Arguments Status Return Repeated
1727545341.484125
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584084
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584084
registers.edi: 0
stacktrace: 
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f294 @ 0x45f294
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f3a8 @ 0x45f3a8
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f4ba @ 0x45f4ba
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x2bcfa @ 0x42bcfa
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x53314 @ 0x453314
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545341.484125
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584134
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584134
registers.edi: 20970044
stacktrace: 
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f2c6 @ 0x45f2c6
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f3a8 @ 0x45f3a8
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x5f4ba @ 0x45f4ba
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x2bcfa @ 0x42bcfa
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x53314 @ 0x453314
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545348.29625
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584084
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584084
registers.edi: 0
stacktrace: 
lsass+0x5f294 @ 0x45f294
lsass+0x5f3a8 @ 0x45f3a8
lsass+0x5f4ba @ 0x45f4ba
lsass+0x2bcfa @ 0x42bcfa
lsass+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
lsass+0x53314 @ 0x453314
lsass+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545348.29625
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584134
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584134
registers.edi: 20970044
stacktrace: 
lsass+0x5f2c6 @ 0x45f2c6
lsass+0x5f3a8 @ 0x45f3a8
lsass+0x5f4ba @ 0x45f4ba
lsass+0x2bcfa @ 0x42bcfa
lsass+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
lsass+0x53314 @ 0x453314
lsass+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545355.65625
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584084
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584084
registers.edi: 0
stacktrace: 
lsass+0x5f294 @ 0x45f294
lsass+0x5f3a8 @ 0x45f3a8
lsass+0x5f819 @ 0x45f819
lsass+0x2bcfa @ 0x42bcfa
lsass+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
lsass+0x53314 @ 0x453314
lsass+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545355.65625
__exception__
exception.address: 0x76e8b727
exception.instruction: leave
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.exception_code: 0xeedfade
registers.eax: 20969892
registers.ecx: 7
registers.edx: 0
registers.ebx: 4584134
registers.esp: 20969892
registers.ebp: 20969972
registers.esi: 4584134
registers.edi: 20970044
stacktrace: 
lsass+0x5f2c6 @ 0x45f2c6
lsass+0x5f3a8 @ 0x45f3a8
lsass+0x5f819 @ 0x45f819
lsass+0x2bcfa @ 0x42bcfa
lsass+0x1ef4e @ 0x41ef4e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x767462fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76746d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x767477c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76747bca
lsass+0x53314 @ 0x453314
lsass+0x61a13 @ 0x461a13
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
行为判定
动态指标
分配可读-可写-可执行内存(通常用于自解压) (3 个事件)
Time & API Arguments Status Return Repeated
1727545338.421125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x002e0000
region_size: 4096
allocation_type: 4096 (MEM_COMMIT)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1848
success 0 0
1727545342.28125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x002e0000
region_size: 4096
allocation_type: 4096 (MEM_COMMIT)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1640
success 0 0
1727545348.843375
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x003e0000
region_size: 4096
allocation_type: 4096 (MEM_COMMIT)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2568
success 0 0
创建 autorun.inf 文件 (1 个事件)
file C:\autorun.inf
在文件系统上创建可执行文件 (3 个事件)
file C:\RECYCLER\autoplay.exe
file C:\Users\Administrator\LSASS.exe
file C:\Windows\LSASS.exe
投放一个二进制文件并执行它 (2 个事件)
file C:\Windows\LSASS.exe
file C:\Users\Administrator\LSASS.exe
一个进程创建了一个隐藏窗口 (2 个事件)
Time & API Arguments Status Return Repeated
1727545342.078125
ShellExecuteExW
filepath: C:\Windows\LSASS.exe
filepath_r: C:\Windows\LSASS.exe
parameters:
show_type: 0
success 1 0
1727545348.64025
ShellExecuteExW
filepath: C:\Users\Administrator\LSASS.exe
filepath_r: C:\Users\Administrator\LSASS.exe
parameters:
show_type: 0
success 1 0
搜索运行中的进程,可能用于识别沙箱规避、代码注入或内存转储的进程 (34 个事件)
重复搜索未找到的进程,您可能希望在分析期间运行一个网络浏览器 (50 out of 61 个事件)
Time & API Arguments Status Return Repeated
1727545338.640125
Process32NextW
snapshot_handle: 0x000001d0
process_name: 0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe
process_identifier: 1848
failed 0 0
1727545340.625125
Process32NextW
snapshot_handle: 0x000001c8
process_name: 0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe
process_identifier: 1848
failed 0 0
1727545342.42125
Process32NextW
snapshot_handle: 0x000001b8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545344.42125
Process32NextW
snapshot_handle: 0x000001b0
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545346.42125
Process32NextW
snapshot_handle: 0x000001b8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545348.65625
Process32NextW
snapshot_handle: 0x0000026c
process_name: LSASS.exe
process_identifier: 2568
failed 0 0
1727545350.42125
Process32NextW
snapshot_handle: 0x0000027c
process_name: LSASS.exe
process_identifier: 2568
failed 0 0
1727545352.98425
Process32NextW
snapshot_handle: 0x0000026c
process_name: conhost.exe
process_identifier: 1436
failed 0 0
1727545354.42125
Process32NextW
snapshot_handle: 0x0000027c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545356.42125
Process32NextW
snapshot_handle: 0x0000026c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545358.42125
Process32NextW
snapshot_handle: 0x0000027c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545360.42125
Process32NextW
snapshot_handle: 0x0000026c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545362.93725
Process32NextW
snapshot_handle: 0x0000027c
process_name: conhost.exe
process_identifier: 2028
failed 0 0
1727545364.42125
Process32NextW
snapshot_handle: 0x0000026c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545366.42125
Process32NextW
snapshot_handle: 0x0000027c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545368.42125
Process32NextW
snapshot_handle: 0x0000026c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545370.42125
Process32NextW
snapshot_handle: 0x0000027c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545372.95325
Process32NextW
snapshot_handle: 0x000002cc
process_name: conhost.exe
process_identifier: 1692
failed 0 0
1727545374.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545376.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545378.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545380.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545382.93725
Process32NextW
snapshot_handle: 0x000002c8
process_name: conhost.exe
process_identifier: 600
failed 0 0
1727545384.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545386.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545388.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545390.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545392.93725
Process32NextW
snapshot_handle: 0x000002cc
process_name: conhost.exe
process_identifier: 1992
failed 0 0
1727545394.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545396.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545398.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545400.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545402.93725
Process32NextW
snapshot_handle: 0x000002c8
process_name: conhost.exe
process_identifier: 2684
failed 0 0
1727545404.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545406.42125
Process32NextW
snapshot_handle: 0x000002c8
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545408.42125
Process32NextW
snapshot_handle: 0x000002cc
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545410.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545412.93725
Process32NextW
snapshot_handle: 0x00000174
process_name: conhost.exe
process_identifier: 2328
failed 0 0
1727545414.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545416.42125
Process32NextW
snapshot_handle: 0x00000174
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545418.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545420.42125
Process32NextW
snapshot_handle: 0x00000174
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545422.92125
Process32NextW
snapshot_handle: 0x0000016c
process_name: conhost.exe
process_identifier: 2208
failed 0 0
1727545424.42125
Process32NextW
snapshot_handle: 0x00000174
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545426.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545428.42125
Process32NextW
snapshot_handle: 0x00000174
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545430.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545432.93725
Process32NextW
snapshot_handle: 0x00000174
process_name: conhost.exe
process_identifier: 2608
failed 0 0
1727545434.42125
Process32NextW
snapshot_handle: 0x0000016c
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
1727545436.42125
Process32NextW
snapshot_handle: 0x00000174
process_name: LSASS.exe
process_identifier: 1640
failed 0 0
使用 Windows 工具进行基本 Windows 功能 (2 个事件)
cmdline REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
cmdline REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
在 Windows 启动时自我安装以实现自动运行 (44 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SysUtils reg_value C:\Windows\LSASS.exe
创建一个命名为常见系统进程的进程 (4 个事件)
Time & API Arguments Status Return Repeated
1727545342.078125
CreateProcessInternalW
command_line: "C:\Windows\LSASS.exe"
inherit_handles: 0
current_directory: C:\Users\Administrator\AppData\Local\Temp
filepath: C:\Windows\LSASS.exe
filepath_r: C:\Windows\LSASS.exe
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_identifier: 1640
thread_identifier: 3052
process_handle: 0x00000368
thread_handle: 0x00000310
track: 1
success 1 0
1727545342.078125
ShellExecuteExW
filepath: C:\Windows\LSASS.exe
filepath_r: C:\Windows\LSASS.exe
parameters:
show_type: 0
success 1 0
1727545348.64025
CreateProcessInternalW
command_line: "C:\Users\Administrator\LSASS.exe"
inherit_handles: 0
current_directory: C:\Users\Administrator\AppData\Local\Temp
filepath: C:\Users\Administrator\LSASS.exe
filepath_r: C:\Users\Administrator\LSASS.exe
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_identifier: 2568
thread_identifier: 2804
process_handle: 0x000003bc
thread_handle: 0x00000364
track: 1
success 1 0
1727545348.64025
ShellExecuteExW
filepath: C:\Users\Administrator\LSASS.exe
filepath_r: C:\Users\Administrator\LSASS.exe
parameters:
show_type: 0
success 1 0
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意 (50 out of 56 个事件)
ALYac Gen:Variant.Graftor.30852
APEX Malicious
AVG Win32:Vitro
Acronis suspicious
Ad-Aware Gen:Variant.Graftor.30852
AhnLab-V3 Trojan/Win32.AutoRun.C65764
Antiy-AVL Worm/Win32.AutoRun
Arcabit Trojan.Graftor.D7884
Avast Win32:Vitro
Avira DR/Patched.Ren.Gen
Baidu Win32.Worm.Autorun.s
BitDefender Gen:Variant.Graftor.30852
CAT-QuickHeal Worm.Autorun.RE8
CMC Worm.Win32.AutoRun!O
ClamAV Win.Worm.Autorun-314
Comodo Worm.Win32.AutoRun.~GE@g6hun
Cybereason malicious.573502
Cylance Unsafe
Cyren W32/A-175eddb1!Eldorado
DrWeb Win32.HLLW.Autoruner.4628
ESET-NOD32 a variant of Win32/AutoRun.Delf.DE
Emsisoft Gen:Variant.Graftor.30852 (B)
Endgame malicious (high confidence)
F-Prot W32/A-175eddb1!Eldorado
F-Secure Dropper.DR/Patched.Ren.Gen
FireEye Generic.mg.2849763573502715
Fortinet W32/AutoRun.QGG!worm
GData Gen:Variant.Graftor.30852
Ikarus Worm.Win32.AutoRun
Invincea heuristic
Jiangmin Worm/AutoRun.meh
K7AntiVirus P2PWorm ( 000630621 )
K7GW P2PWorm ( 000630621 )
Kaspersky HEUR:Trojan.Win32.Generic
Kingsoft Win32.Virut.xj.36864
Lionic Worm.Win32.AutoRun.l7uS
MAX malware (ai score=82)
McAfee W32/Autorun.worm.br
McAfee-GW-Edition BehavesLike.Win32.Autorun.gh
MicroWorld-eScan Gen:Variant.Graftor.30852
Microsoft Worm:Win32/Autorun.RE
NANO-Antivirus Trojan.Win32.AutoRun.cjluq
Panda Generic Malware
Qihoo-360 HEUR/QVM05.1.CEF5.Malware.Gen
Rising Worm.Autorun!1.9D28 (CLASSIC)
SentinelOne DFI - Malicious PE
Sophos Mal/SillyFDC-A
Symantec W32.SillyFDC
TrendMicro TROJ_AGENT_048811.TOMB
TrendMicro-HouseCall TROJ_AGENT_048811.TOMB
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

fe6557c26e201b123f031fe9a7cf17d5

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x00060c00 0x00060c00 6.549442538753438
DATA 0x00062000 0x00001908 0x00001a00 5.171707914648749
BSS 0x00064000 0x00001f1d 0x00000000 0.0
.idata 0x00066000 0x000024d6 0x00002600 4.837746693028745
.tls 0x00069000 0x00000010 0x00000000 0.0
.rdata 0x0006a000 0x00000018 0x00000200 0.2005819074398449
.reloc 0x0006b000 0x00006c34 0x00006e00 6.664014777057342
.rsrc 0x00072000 0x0000ac00 0x00005c00 4.209148240053598

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x00073210 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00074578 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00074660 0x000002e8 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_DIALOG 0x00074948 0x00000052 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0007708c 0x000002c4 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00077684 0x000003fe LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00077684 0x000003fe LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x00077684 0x000003fe LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x00077afc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00077b10 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library kernel32.dll:
0x466164 VirtualFree
0x466168 VirtualAlloc
0x46616c LocalFree
0x466170 LocalAlloc
0x466174 GetTickCount
0x46617c GetVersion
0x466180 GetCurrentThreadId
0x46618c VirtualQuery
0x466190 WideCharToMultiByte
0x466194 MultiByteToWideChar
0x466198 lstrlenA
0x46619c lstrcpynA
0x4661a0 LoadLibraryExA
0x4661a4 GetThreadLocale
0x4661a8 GetStartupInfoA
0x4661ac GetProcAddress
0x4661b0 GetModuleHandleA
0x4661b4 GetModuleFileNameA
0x4661b8 GetLocaleInfoA
0x4661bc GetLastError
0x4661c0 GetCommandLineA
0x4661c4 FreeLibrary
0x4661c8 FindFirstFileA
0x4661cc FindClose
0x4661d0 CreateDirectoryA
0x4661d4 ExitProcess
0x4661d8 WriteFile
0x4661e0 SetFilePointer
0x4661e4 SetEndOfFile
0x4661e8 RtlUnwind
0x4661ec ReadFile
0x4661f0 RaiseException
0x4661f4 GetStdHandle
0x4661f8 GetFileSize
0x4661fc GetFileType
0x466200 CreateFileA
0x466204 CloseHandle
Library user32.dll:
0x46620c GetKeyboardType
0x466210 LoadStringA
0x466214 MessageBoxA
0x466218 CharNextA
Library advapi32.dll:
0x466220 RegQueryValueExA
0x466224 RegOpenKeyExA
0x466228 RegCloseKey
Library oleaut32.dll:
0x466230 SysFreeString
0x466234 SysReAllocStringLen
0x466238 SysAllocStringLen
Library kernel32.dll:
0x466240 TlsSetValue
0x466244 TlsGetValue
0x466248 LocalAlloc
0x46624c GetModuleHandleA
Library advapi32.dll:
0x466254 RegQueryValueExA
0x466258 RegOpenKeyExA
0x46625c RegCloseKey
Library kernel32.dll:
0x466264 lstrcpyA
0x466268 WriteFile
0x46626c WinExec
0x466270 WaitForSingleObject
0x466274 VirtualQuery
0x466278 VirtualAlloc
0x46627c Sleep
0x466280 SizeofResource
0x466284 SetThreadLocale
0x466288 SetFilePointer
0x46628c SetFileAttributesA
0x466290 SetEvent
0x466294 SetErrorMode
0x466298 SetEndOfFile
0x46629c ResetEvent
0x4662a0 ReadFile
0x4662a4 MultiByteToWideChar
0x4662a8 MulDiv
0x4662ac LockResource
0x4662b0 LoadResource
0x4662b4 LoadLibraryA
0x4662c0 GlobalUnlock
0x4662c4 GlobalSize
0x4662c8 GlobalReAlloc
0x4662cc GlobalHandle
0x4662d0 GlobalLock
0x4662d4 GlobalFree
0x4662d8 GlobalFindAtomA
0x4662dc GlobalDeleteAtom
0x4662e0 GlobalAlloc
0x4662e4 GlobalAddAtomA
0x4662ec GetVersionExA
0x4662f0 GetVersion
0x4662f4 GetUserDefaultLCID
0x4662f8 GetTickCount
0x4662fc GetThreadLocale
0x466300 GetSystemInfo
0x466304 GetStringTypeExA
0x466308 GetStdHandle
0x46630c GetProcAddress
0x466310 GetModuleHandleA
0x466314 GetModuleFileNameA
0x466318 GetLocaleInfoA
0x46631c GetLocalTime
0x466320 GetLastError
0x466324 GetFullPathNameA
0x466328 GetFileAttributesA
0x46632c GetDriveTypeA
0x466330 GetDiskFreeSpaceA
0x466334 GetDateFormatA
0x466338 GetCurrentThreadId
0x46633c GetCurrentProcessId
0x466340 GetComputerNameA
0x466344 GetCPInfo
0x466348 GetACP
0x46634c FreeResource
0x466350 InterlockedExchange
0x466354 FreeLibrary
0x466358 FormatMessageA
0x46635c FindResourceA
0x466360 FindFirstFileA
0x466364 FindClose
0x466374 EnumCalendarInfoA
0x46637c DeleteFileA
0x466384 CreateThread
0x466388 CreateFileA
0x46638c CreateEventA
0x466390 CompareStringA
0x466394 CloseHandle
Library version.dll:
0x46639c VerQueryValueA
0x4663a4 GetFileVersionInfoA
Library gdi32.dll:
0x4663ac UnrealizeObject
0x4663b0 StretchBlt
0x4663b4 SetWindowOrgEx
0x4663b8 SetWinMetaFileBits
0x4663bc SetViewportOrgEx
0x4663c0 SetTextColor
0x4663c4 SetStretchBltMode
0x4663c8 SetROP2
0x4663cc SetPixel
0x4663d0 SetMapMode
0x4663d4 SetEnhMetaFileBits
0x4663d8 SetDIBColorTable
0x4663dc SetBrushOrgEx
0x4663e0 SetBkMode
0x4663e4 SetBkColor
0x4663e8 SelectPalette
0x4663ec SelectObject
0x4663f0 SaveDC
0x4663f4 RestoreDC
0x4663f8 RectVisible
0x4663fc RealizePalette
0x466400 PlayEnhMetaFile
0x466404 PatBlt
0x466408 MoveToEx
0x46640c MaskBlt
0x466410 LineTo
0x466414 LPtoDP
0x466418 IntersectClipRect
0x46641c GetWindowOrgEx
0x466420 GetWinMetaFileBits
0x466424 GetTextMetricsA
0x466430 GetStockObject
0x466434 GetPixel
0x466438 GetPaletteEntries
0x46643c GetObjectA
0x46644c GetEnhMetaFileBits
0x466450 GetDeviceCaps
0x466454 GetDIBits
0x466458 GetDIBColorTable
0x46645c GetDCOrgEx
0x466464 GetClipBox
0x466468 GetBrushOrgEx
0x46646c GetBitmapBits
0x466470 ExcludeClipRect
0x466474 DeleteObject
0x466478 DeleteEnhMetaFile
0x46647c DeleteDC
0x466480 CreateSolidBrush
0x466484 CreatePenIndirect
0x466488 CreatePalette
0x466490 CreateFontIndirectA
0x466494 CreateEnhMetaFileA
0x466498 CreateDIBitmap
0x46649c CreateDIBSection
0x4664a0 CreateCompatibleDC
0x4664a8 CreateBrushIndirect
0x4664ac CreateBitmap
0x4664b0 CopyEnhMetaFileA
0x4664b4 CloseEnhMetaFile
0x4664b8 BitBlt
Library user32.dll:
0x4664c0 CreateWindowExA
0x4664c4 WindowFromPoint
0x4664c8 WinHelpA
0x4664cc WaitMessage
0x4664d0 UpdateWindow
0x4664d4 UnregisterClassA
0x4664d8 UnhookWindowsHookEx
0x4664dc TranslateMessage
0x4664e4 TrackPopupMenu
0x4664ec ShowWindow
0x4664f0 ShowScrollBar
0x4664f4 ShowOwnedPopups
0x4664f8 ShowCursor
0x4664fc SetWindowsHookExA
0x466500 SetWindowPos
0x466504 SetWindowPlacement
0x466508 SetWindowLongA
0x46650c SetTimer
0x466510 SetScrollRange
0x466514 SetScrollPos
0x466518 SetScrollInfo
0x46651c SetRect
0x466520 SetPropA
0x466524 SetParent
0x466528 SetMenuItemInfoA
0x46652c SetMenu
0x466530 SetForegroundWindow
0x466534 SetFocus
0x466538 SetCursor
0x46653c SetClassLongA
0x466540 SetCapture
0x466544 SetActiveWindow
0x466548 SendMessageA
0x46654c ScrollWindow
0x466550 ScreenToClient
0x466554 RemovePropA
0x466558 RemoveMenu
0x46655c ReleaseDC
0x466560 ReleaseCapture
0x46656c RegisterClassA
0x466570 RedrawWindow
0x466574 PtInRect
0x466578 PostQuitMessage
0x46657c PostMessageA
0x466580 PeekMessageA
0x466584 OffsetRect
0x466588 OemToCharA
0x46658c MessageBoxA
0x466590 MapWindowPoints
0x466594 MapVirtualKeyA
0x466598 LoadStringA
0x46659c LoadKeyboardLayoutA
0x4665a0 LoadIconA
0x4665a4 LoadCursorA
0x4665a8 LoadBitmapA
0x4665ac KillTimer
0x4665b0 IsZoomed
0x4665b4 IsWindowVisible
0x4665b8 IsWindowEnabled
0x4665bc IsWindow
0x4665c0 IsRectEmpty
0x4665c4 IsIconic
0x4665c8 IsDialogMessageA
0x4665cc IsChild
0x4665d0 InvalidateRect
0x4665d4 IntersectRect
0x4665d8 InsertMenuItemA
0x4665dc InsertMenuA
0x4665e0 InflateRect
0x4665e8 GetWindowTextA
0x4665ec GetWindowRect
0x4665f0 GetWindowPlacement
0x4665f4 GetWindowLongA
0x4665f8 GetWindowDC
0x4665fc GetTopWindow
0x466600 GetSystemMetrics
0x466604 GetSystemMenu
0x466608 GetSysColorBrush
0x46660c GetSysColor
0x466610 GetSubMenu
0x466614 GetScrollRange
0x466618 GetScrollPos
0x46661c GetScrollInfo
0x466620 GetPropA
0x466624 GetParent
0x466628 GetWindow
0x46662c GetMessageTime
0x466630 GetMenuStringA
0x466634 GetMenuState
0x466638 GetMenuItemInfoA
0x46663c GetMenuItemID
0x466640 GetMenuItemCount
0x466644 GetMenu
0x466648 GetLastActivePopup
0x46664c GetKeyboardState
0x466654 GetKeyboardLayout
0x466658 GetKeyState
0x46665c GetKeyNameTextA
0x466660 GetIconInfo
0x466664 GetForegroundWindow
0x466668 GetFocus
0x46666c GetDesktopWindow
0x466670 GetDCEx
0x466674 GetDC
0x466678 GetCursorPos
0x46667c GetCursor
0x466680 GetClipboardData
0x466684 GetClientRect
0x466688 GetClassNameA
0x46668c GetClassInfoA
0x466690 GetCapture
0x466694 GetActiveWindow
0x466698 FrameRect
0x46669c FindWindowA
0x4666a0 FillRect
0x4666a4 EqualRect
0x4666a8 EnumWindows
0x4666ac EnumThreadWindows
0x4666b0 EndPaint
0x4666b4 EnableWindow
0x4666b8 EnableScrollBar
0x4666bc EnableMenuItem
0x4666c0 DrawTextA
0x4666c4 DrawMenuBar
0x4666c8 DrawIconEx
0x4666cc DrawIcon
0x4666d0 DrawFrameControl
0x4666d4 DrawEdge
0x4666d8 DispatchMessageA
0x4666dc DestroyWindow
0x4666e0 DestroyMenu
0x4666e4 DestroyIcon
0x4666e8 DestroyCursor
0x4666ec DeleteMenu
0x4666f0 DefWindowProcA
0x4666f4 DefMDIChildProcA
0x4666f8 DefFrameProcA
0x4666fc CreatePopupMenu
0x466700 CreateMenu
0x466704 CreateIcon
0x466708 ClientToScreen
0x46670c CheckMenuItem
0x466710 CallWindowProcA
0x466714 CallNextHookEx
0x466718 BeginPaint
0x46671c CharNextA
0x466720 CharLowerBuffA
0x466724 CharLowerA
0x466728 CharToOemA
0x46672c AdjustWindowRectEx
Library kernel32.dll:
0x466738 Sleep
Library oleaut32.dll:
0x466740 SafeArrayPtrOfIndex
0x466744 SafeArrayGetUBound
0x466748 SafeArrayGetLBound
0x46674c SafeArrayCreate
0x466750 VariantChangeType
0x466754 VariantCopy
0x466758 VariantClear
0x46675c VariantInit
Library ole32.dll:
0x466768 IsAccelerator
0x46676c OleDraw
0x466774 CoTaskMemFree
0x466778 ProgIDFromCLSID
0x46677c StringFromCLSID
0x466780 CoCreateInstance
0x466784 CoGetClassObject
0x466788 CoUninitialize
0x46678c CoInitialize
0x466790 IsEqualGUID
Library oleaut32.dll:
0x466798 GetErrorInfo
0x46679c GetActiveObject
0x4667a0 SysFreeString
Library comctl32.dll:
0x4667b0 ImageList_Write
0x4667b4 ImageList_Read
0x4667c4 ImageList_DragMove
0x4667c8 ImageList_DragLeave
0x4667cc ImageList_DragEnter
0x4667d0 ImageList_EndDrag
0x4667d4 ImageList_BeginDrag
0x4667d8 ImageList_Remove
0x4667dc ImageList_DrawEx
0x4667e0 ImageList_Draw
0x4667f0 ImageList_Add
0x4667f8 ImageList_Destroy
0x4667fc ImageList_Create
Library shell32.dll:
0x466804 ShellExecuteA
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
Boolean
Integer
Cardinal
WordBool
String
WideString
Variant@
OleVariantD
TObjectP
TObjectD
System
IInterface
System
IDispatchl
System
TInterfacedObject%
Z]_^[SVWU
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
SVWUEF
YZ]_^[
_^[U3Uh
d2d"hEF
]US=EF
d2d"=M@F
P43$FF
u3ZYYd
#_^[SVWU
SVW<$L$
]_^[USVW
3UhD#@
d1d!=M@F
2E3ZYYd
E_^[YY]
UQSVW3EF
d1d!=M@F
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=M@F
}3ZYYd
E_^[Y]
SVWQL$
_^SVWU
< v;"u
3C<"u1S(
>3Q<"u8S
< w]_^[
Ht Ht.g
6CHuv=L
3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
9uDJt
1^[^8u
t< x< v#u
t<@ < v#u
RPCHPt$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~KxI[)G
Y12_^[
PRQYZXt5x
YXYX_^
@~d@PQ@
YXYX
t#PRZXu
1<$fD$
<$1fD$
(OXYt
S1VWSP111S
12_^[FX[)
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RB~QC/j\
Cv)/&D
dEJzEb
9;5S]=];Z T7aZ%]g']
R`%uYnb
uM3UhE?@
EP^3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
]U3UhA@
_^[YY]SV
_^[RQS|
PRQQTj
ZPR=, F
t7=0 F
v)=, F
YZXtpH
S1VWUd
SPRQT$(j
9t7H;Ou
Ku]_^[
YZXtm1d
SPRQT$(H
[|$(r(
t'=0 F
ZTUWVSPRTj
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
USVW8FF
3UhFK@
USVW@FF
d2d";~
YP'v_^[]
aS1WV<
Ou^_[S1WV<
Ou^_[SVW F
tWf= BF
SVWU8FF
^v]_^[
XRHLZX
PQ-ZXSVW
ISVWRP1L
JUZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
X;_^[
K)QFY[
9trtQtTFW)w
9uAJt
ff9u!
Mu]_^[
USVW1\$
USVW1\$
E|. tD$
|.$t(D.<Xt
USVWME]
3mEE;Et
u5];}}
MO|"GE
SVWUEEEhd@
E8\u8Ex
PhPPttVPDS
VEPPEP
E_^[]kernel32.dll
GetLongPathNameA
ot"EPh
t"EPEPj
Software\Borland\Locales
Software\Borland\Delphi\Locales
SV5@ F
USVWE@ F
t93Uhg@
d0d ]ES
u_^[YY]
UQE3Uhh@
d2d"E@
t3ZYYd
USVMU3
;ur;ur
USVMUE}
2Ftl;u
r@EE^[]
SV3Uhsl@
d0d 3t^
Uo3ZYYd
d0d t]
|PE'@PjPE
U3ZYYd
Ej^[Y]
SV3Uhgm@
d0d EE3ZYYd
U3Uh2n@
33ZYYd
EG[]U3Uhn@
-$3ZYYd
U3Uhp@
odSelected
odGrayed
odDisabled
odChecked
odFocused
odDefault
odHotLight
odInactive
odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windowsq@
TOwnerDrawState
QRPPPP
UQSVWM
PE PE$PE(PEPWVc_^[Y]$
UQSVWMU
PE PE$PEPWVj
_^[Y]
UQSVWEh}@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
U3UhM~@
U3Uhm@
Exception4@
EHeapException@
EOutOfMemory@
EInOutErrorD@
EExternal@
EExternalException@
EIntErrorT@
EDivByZero@
ERangeError
EIntOverflow@
EMathError@
EInvalidOp
EZeroDivideh@
EOverflow@
EUnderflow
EInvalidPointert@
EInvalidCast@
EConvertError,@
EAccessViolation@
EPrivilege@
EStackOverflow@@
EControlC@
EVariantError@
EAssertionFailed@
EAbstractError@
EIntfCastError
EOSError@
ESafecallException|@
SysUtils@
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer@
f[SVWVW
BFKu_^[
BFKu_^[
@_^VWS
9t*^ar
PwPoPj
_^[SVWU
| v;}
N|7 vU+A
RV1N0:r
uYZ))v
UV 1P1
UQSVWE
NuE_^[Y]
$Z_^[SVWQj
$Z_^[USV
EVEPEPSQEEU^[YY]
P:Pht4PU
u%EPP4EPEPEP
90~(\>t
3URURURURP
EUE3RPEUM
E3RPEUjM
1FW)^_
1t!F<ar
1t!F<ar
)t[^_
D$ D$$
33(_^[S
9t<%t^]E<-u
ZYuG1<*t"<0r=<9w9i
uSPE]X[_^[[]
t't#PWE
t't#IPE
EXPEPE
UWVSEFF
INFNAN
M[YCVut
N^$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)]
+ES][}
00fJu2}
< tN11
EEBN11
[^_]USj
sMf<sGf<sAf
LUSVWfE
E_^[YY]
EEMf`8V
f;\Fwb
E_^[YY]
USVMUE]
}EPEf|f}
fMfEfkEdf
fLNfMfMf;Mr
fMf)M@
EZY^[]
f@fEE@
$3ZYYd
E3Uh5@
U;YU`YE
t%HtIHtm
UYU,YE
UYU2Y}
U>YUY}
UqYuND@
Du2UVYE
t_^[USVWMUE
_^[YY]
)D>$,Dt
SVWUQ3
$Z]_^[
d0d 3fE
pE3E=FF
t"t:Rf}EEfEfEfEfE6f}EEfEfEfEfE
f}EEfEfEfEfE}
;~5fd/\}
fEfEfEfE
fEfEfEfE
|TEPFF
Pt*EPFF
&uEPfMfUE3ZYYd
Z_^[UQSVWM]
U3QQQQQQSVW3Uh@
d0d SE
JCDHyYU
JC8HVYU
JE*YU C
u3ZYYd
tC<PGF
SV3Uh@
t,C<lGF
E.^[Y]
V3Uh/@
d0d EP
V&Ph @
+3ZYYd
U3QQQQQSVW3Uh
U\CL;~
PPBu#h
E"E~_^[]
L$Hd7F
g`D$DPD$HP
PD$L PD$PPj
PD$LPj
d0d EPU
t3ZYYd
d0d EPUlEU
_^[YY]
TErrorRec
TExceptRec
]]3UhH@
E9E1k{_^[]
t<HtHU
r3t7G=
SV3E3Uh@
X3ZYYd
UE3Uh@
d0d Ew%
TatPD$
U3UhF@
d0d EEs}EEPE
tsUE3Uh)@
d0d EPSEPERP
t#EPEPhX@
E3ZYYd
EUu3ZYYd
E3|muE[]
SV3=PGF
SVW3~E};
_^[USVWMU}E
;u|;uu#;]}
~7=PGF
J6K;\$
$YZ^[SV
$~F|;~
$YZ^[S
SVWU3}P}Z
+G]_^[
SVWU=PGF
]_^[SVWU3
YZ]_^[
u^[SVW
_^[US3
X 3ZYYd
UQSVW}
u_^[Y]
U>Y_^[]
IuS3Uh{@
d0d i=PGF
JE3u?EP@
uuuh @
"r8k[]
m/d/yy
mmmm d, yyyy
:mm:ss
US3E3Uh@
k3ZYYd
Epi[]S
kernel32.dll
GetDiskFreeSpaceExA
SVWUKe
fEE2E$
Y]SVWUQ
$(Z]_^[
;w$t|o(
Z]_^[SQ
u 3C$C
;F$t=u9$F
C 1l;C$t4C
SVW3Uh7@
d0d t9E
E^|d_^[Y]
d0d }3Uh@
d0d oP.E3ZYYd
d3ZYYd
EP;cE[]
U3Uh!@
ef3ZYYd
d0d -GF
Zfed*3ZYYd
S3Uhz@
Ed9^[Y]
Ed][Y]
S3UhR@
E'da][Y]
Ec\[Y]
S3Uh*@
EOc\[Y]
US3E3Uh@
j33ZYYd
E]b[[Y]
Xj33ZYYd
Ea'[[Y]
i33ZYYd
EyaZ[Y]
Y]oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType@
TCustomVariantTypeD@
Variants
EVariantInvalidOpErrort@
EVariantTypeCastError@
EVariantOverflowError<@
EVariantInvalidArgError@
EVariantBadVarTypeError
EVariantBadIndexErrorh@
EVariantArrayLockedError@
EVariantArrayCreateError@
EVariantNotImplError@
EVariantOutOfMemoryError@
EVariantUnexpectedErrorh@
EVariantDispatchErrorUj
d0d U6F
R3ZYYd
EWPY]USV3
MMM3Uhc@
lQ3ZYYd
:WPP^[]Uj
d0d U6F
Q3ZYYd
EVOY]USV3
MMM3UhS@
|P3ZYYd
JV`O^[]Uj
d0d UT6F
I P3ZYYd
IuS3Uh@
t?Htbk
XNsU 5F
^5NPl8F
HM3ZYYd
d0d U4F
L3ZYYd
EcRKY]S
KuUKLYt*P
UEYuP_^[]SVQf3f
KuUK#YtLP
SP_^[]
VS.Z_^[
EPp3Uh
E93E_^[]
d0d E"6
ERD[Y]
d0d E.
E_KD[Y]
d0d E.<
E/eMD[Y]
u+5EUIEU
N8@E[]
E3ZYYd
_^[USVWE3Uh
d2d"Ef
"P;Xt
"P;Xt
"P;Xt
^"P;Xt
P;Xt
P;Xt
{ P;Xt
X P;Xt
w3EUE@
Y3E7E@
E3ZYYd
3E<E_^[YY]
FUQSVWEEf
t(.3}=l#F
d0d EF
3;_^[Y]
UQSVWEEf
t(.3t=l#F
13ZYYd
A3";_^[Y]
UQSVWEE
K3z]f[
H3):_^[Y]
UQSVWEE
]3e]f[
/3ZYYd
o3P9_^[Y]UQSVWEE
/3ZYYd
3h8_^[Y]S
UU3Uhj
EUP?EU9
EEUaEPj
CI5EU[]US
EU3ZYYd
E4EU[]
USVWE3Uh@
d2d"Ef
3EU-EEU
EEU3ZYYd
1EU_^[]
UU3Uh/
9EU{uf
ER6ER=/E[]
E3ZYYd
UU3Uh-
u8BEU(4EUt
ET1ET8*E[]S
]3ZYYd
E)E[]SVWf
FUSVWEE
EE]eE@
E3Em]NEh
d0d E-]3ZYYd
3E%E_^[]
UUU3Uh $A
uWaEUY-EU
uGEU?-EU(t
EEEEf
*Ea1#E[]
EPEP7F
EEEEE[]
EP3Uh1%A
]3ZYYd
E"E[]SVWf
UU3Uh)A
u/9EU'EU
EPEP7F
2EEEEm[]
EPV3Uh*A
}3ZYYd
m[]SVWf
$ <$3C
n<$%e<$
U3QQQQSV
d0d ,&Pj
r!EU^U)'&E
Q!EU>^U
MM3Uh0A
d0d EP
EPEU1&E
'U 3ZYYd
^[]USV
tQEPT3Uh1A
3RPE:^U
<$EbqU
<$E?qU
3RPE[U
^[]USV3
M3Uh7A
d0d EP
3Uhy7A
VEU?E
3ZYYd
EP3Uh7A
d0d Uf
tdEP]3Uh8A
3Uh">A
<$E~lU
<$EFjU
<$E#jUm
3RPETU
d>UtU:
EPg3Uh>A
U(*3ZYYd
t6M)x=l#F
@t6B(m=l#F
_^[SVf
SV3UhsCA
d0d Ey
UC3ZYYd
SV3UhCA
d0d E9
U3ZYYd
3Uh&DA
Z_^[f8
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
3Uh6HA
String
Array
ByRef
VariantsUSV$HF
`)3Uh)IA
YKu3ZYYd
Z_^[USVWU
_^[YY]
UQSVWEP
UUEh(HF
'3UhJA
d2d"Ef@
t~h(HF
d0d $HF
E3ZYYd
'E_^[Y]USVW3
MUE3UhLA
%3UhLA
d0d $HF
|PF3$HF
GNu3ZYYd
&3ZYYd
U3UhMA
uHh(HF
W3ZYYd
0]U3Uh-NA
d0d - HF
%3ZYYd
U3UhEOA
SVWt;1
uKu_^[SW:?
SVW3UhRA
d0d EJ
[E[~[USVW3
EU3ZYYd
_^[]USVW^
wz$+UA
$EU;fE
<$EU_^[YY]
U3Uh.WA
tagMULTI_QI
IPersistl
ActiveX
IPersistStreamdWA
ActiveX
tagEXCEPINFO
IOleObjectl
ActiveX
IOleWindowl
ActiveX
IOleInPlaceActiveObject4XA
ActiveX
IOleInPlaceObject4XA
ActiveX
IOleControll
ActiveX
IPersistStreamInitWA
ActiveX
IConnectionPointl
ActiveX
IPerPropertyBrowsingl
ActiveX
IPicturel
ActiveX
U3UhZA
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classesp[A
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes[A
TShiftState
THelpContext
THelpType
htKeyword
htContext
Classes0\A
TShortCut
TNotifyEvent
Sender
TObject
EStreamError@
EFileStreamError@
EFCreateError]A
EFOpenError,^A
EFilerError^A
EReadError^A
EWriteError4_A
EClassNotFound_A
EResNotFound@
EListErrorD`A
EBitsError`A
EStringListError@
EComponentErrorXaA
EOutOfResourcesaA
EInvalidOperation
TListxbA
TThreadListbA
TBits$cA
TPersistentPcA
TPersistent$cA
Classes
TInterfacedPersistentPdA
TInterfacedPersistent
Classes
IStringsAdapterl
Classes
TStringseA
TStrings
Classes
TStringItem
TStringListfA
TStringList0fA
Classes
TStreamgA
THandleStream0hA
TFileStreamhA
TCustomMemoryStream iA
TMemoryStreamiA
TResourceStream
TStreamAdapterkA
TClassFinder@
TFilerplA
TReader
EThread
TComponentName mA
IDesignerNotifyl
Classes
YEkOAQmA
TComponentnA
TComponentHnA
Classes
TBasicActionLink@
TBasicAction@
TBasicAction(pA
Classes
TIdentMapEntry
TRegGroup
TRegGroups@
SVWUT$
YZ]_^[
UQSVWM]
E_^[Y]
UQSVWt
$u%CNuE
3Z]_^[
$Z]_^[
M3UhtA
d0d 9ESU
E^[]SV
QHKu_^[
N| F3G
ENuZ]_^[
K|%C3E
Z]_^[SVWUQ
K|%C3E
Z]_^[U33UhwA
;Q3ZYYd
USVWMUEUEE}
UDYUEE@
H|z@EE
KuEMu_^[]
$Z]_^[
K|C3G
Ku]_^[
@ E`HF
N|3F3`HF
N|+F3`HF
GNu3ZYYd
USVWU3E`HF
s3Uh{A
K|)C3G
#FKu3ZYYd
E_^[YY]
U3Uh0|A
d0d ]E
L3ZYYd
EI[]UQS
E3ZYYd
1E[Y]SV
t3ZYYd
3Uhb}A
F3ZYYd
#Q[]US
P3Uh}A
3UhZ~A
d0d `HF
+YE[Y]
TIntConstUt
UQSVW3E\HF
E%Ku3ZYYd
%E_^[Y]
UQSVWUu
Nu3_^[Y]
USVWMu
E_^[YY]
SVW3=dHF
[UQSVW
E3UhTA
FKu_^[
d0d 3;5mA
UUELHF
d0d Ef@
d0d UEZYE}
V3ZYYd
n43ZYYd
cDYZ^[
d0d UU
Eu^[Y]S
d0d E@
UE|3ZYYd
d0d Ex
B3ZYYd
EE3UhA
d0d E@
SVWUQ;s
PRQB6YZXSVWQ
M>,3ZYYd
M3UhYA
fTt3fEUf9}
E Z_^[]
$Z[UQSEE@
R 3UhA
S`]_^[
MUE3Uh
d0d E&
EZ8W<CNu3ZYYd
Q@3ZYYd
E[^[Y]
USUEEPhA
Strings
MMUE3UhA
;u;N|0F3
SVW3Uh|A
E7_^[Y]
E3UhdA
d0d E3UhBA
S$3ZYYd
Eq3ZYYd
9O_^[]
MMMUE3Uh
uN|2FE
EuN|XFE
]ENu3ZYYd
MU3UhtA
ENuE3ZYYd
?E_^[]
MMMU3UhKA
H|g@EE
E}EU@t%EPI
EMuE3ZYYd
ZE.hE^[]
FKu]_^[UQSVWMM
S$_^[Y]
Ql3ZYYd
d0d ED3UhA
Q,3ZYYd
E3ZYYd
E3UhaA
d0d ;tdE3UhDA
Sd3ZYYd
Eo3ZYYd
R_^[YY]
SdZ]_^[
MUE3UhLA
d0d E+
E3Uh'A
t3ZYYd
Qx3ZYYd
SV3UhA
SV3UhA
Q,3ZYYd
E,^[Y]
E3UhHA
d0d E3Uh+A
u3ZYYd
E1k[YY]
MUE3Uh
d0d E*A
K|C3M
3F F$3F(F,
$Z]_^[
SVWUL$
Sd^[USVW
_^[USVMUE]uE
]CN;};u~
UE|];]|^[]
USVfME]EE
EUEU^[YY]
USVWE}
EE)E3UhA
d0d =E;U
u3ZYYd
EU_^[]
E3UhPA
E3ZYYd
cE[YY]
EUEUYY]
d0d fuiU
}HUEEE
_">3ZYYd
3]_^[USVWt
U3E3UhA
UQSVWM
Y_^[Y]
1USVWt
TPropFixup@
TPropIntfFixupUSVt
SVWU3w
SV3UhA
d0d Et.C
d0d 3Etg[
u}3ZYYd
E_^[YY]
USVWLHF
d2d"hHF
zE3UhUA
d2d"3k
|3ZYYd
FKu3ZYYd
;3ZYYd
USVWUE=hHF
Ku3ZYYd
r$_^[YY]
UQSVWE=hHF
.kKu3ZYYd
_^[Y]S
DYZ[Sb
Cp^^[]
$Z[SVW
C<S8|$
USVWhHF
6Ku3ZYYd
_^[]USVW3
UE3Uh#A
d0d E@0
@E3E@0
UsE@0u5xt*E@0o
q3ZYYd
C0GNuC0
3C0_^[
SVWUL$
K|)CD$
Ku;-bA
S3UhKA
E.h[Y]UQSVU
R 3UhA
d0d |uLEB
Classes@
@@4{FKu^[]
RYLCNu_^[]
UQSVWUfEE
@N|AF3
@<fEf#G
CNu_^[Y]
USVW3UhA
S,3ZYYd
USVW3UhLA
r_^[]USVW3UhA
RB,3ZYYd
MMMUE3Uh9A
d0d MUE
d0d EE}
d0d UEYEfH
E@,MUfE
t,E@4U
}2UEYE@4U1
UEzYE@4U
"8UrYt
G3ZYYd
UB03UhA
E{3ZYYd
[Y]USVW
E@,EE@(EfQUB,3UhA
d0d f2Ex(u
EUP,EUP(-_^[]S
t t6DT$
a3YSVW
)3ZYYd
MUE3UhA
d0d 3UhQA
d2d"UE
.uEpP+
E?;|iE
EPpE3E
UYEECkE
|URpet
EPpE03ZYYd
UoY3ZYYd
R_^[YY]
U3QQQQ3UhA
d0d UE
@S3ZYYd
IuMSMUE3UhKA
d0d Ex
UEuMUEc
E<$UEQ
UvY3ZYYd
\"FS}E
!t_^[]
MMUE3UhA
d0d 3UhrA
d0d MUE
P,EUEl
UBt3Uh
d0d EUP
sUB43UhA
d0d EP
E@4tE@
u/E@4X
EKu3ZYYd
E@4vrE3
P4y3ZYYd
E@tNry3UhCA
-3ZYYd
{zz3ZYYd
EqHzz3ZYYd
y3ZYYd
xE_^[]USVW3
d0d 3UhaA
iyy3ZYYd
E~%x_^[YY]
$hZ^[USV3
M3ZYYd
w^[YY]
SV3UhA
d0d `,
E|E| v^[]Q
d0d U}
u3ZYYd
E|u[Y]
G[]UQS
UE3Uh?A
uYwEmU
]Y_UYV
Y3ZYYd
E:ztsYY]
d0d UX=3ZYYd
Ey*s[Y]USV3
MM3Uh,A
d0d t*MU
tW3ZYYd
qyr^[]
d0d Ey3Es
r3ZYYd
ExqE_^[]
SVWfxB
_^[SVQ
CdS`<$
UU3UhA
iE3UhtA
ERPEEP
E3UhOA
d0d UENU
EERPE$EP
MEUE8tt
hdo3ZYYd
EgEg?o3ZYYd
0U3QQQQQQQS
d0d %EY
UEUWhmUEUlhVEb<
g@UEYU'*ERPf
(n3ZYYd
E+$EzEs
<$| <$
$qZ_^[Uj
SV3UhA
93ZYYd
PSSTHF
3EhlHF
d0d EPhL$F
E!hlHF
d0d 3Uh:A
j3ZYYd
_3ZYYd
i3ZYYd
hE_^[]
HdZ^[@
GNu_^[
K}Z]_^[
UQSVW3EF t
S _^[]
K|"C3G
EKu3Z]_^[
Hntot-
u"4$D$
GMuZ]_^[
[V\[U]
^[SVW[
h[_^[3
3G0_^[
;CDt:CPp
R0_^[]
@PySVWUGPp
CNu]_^[
Y^[USVWU
33ZYYd
33ZYYd
"^_^[]
33ZYYd
]_^[YY]
33ZYYd
<]_^[]
d0d 3EE
EE$;E3UhA
\3ZYYd
EPSEPE
#\3ZYYd
Y3ZYYd
Y[3ZYYd
zYE_^[]
d0d t9C
3C 3C$C,
USVW\HF
8gQFKu3ZYYd
:Q_^[]
USVWHF
TPUtilWindow
PjSD[]
SVjVHVh$w@
w3ZYYd
U3Uh1A
d0d -XHF
TColor
EInvalidGraphicA
EInvalidGraphicOperation@
TFontPitch
fpDefault
fpVariable
fpFixed
Graphics A
TFontName0A
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
GraphicsA
TFontStyles
TPenStyle
psSolid
psDash
psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy
pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask
pmNotMask
pmNotXor
GraphicsA
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
GraphicsA
TGraphicsObjectA
TGraphicsObjectA
Graphics
IChangeNotifierl
Graphics
TFontA
TFontpA
Graphics
CharsetA
Color<
Height
Pitch<
Style@
Graphics
Style<
WidthA
TBrush
TBrushA
Graphics
ColorA
Style@
TCanvasA
TCanvasA
Graphics
Brush<
CopyModeA
TGraphic@
TGraphic4A
Graphics
TPicture@
TPictureA
Graphics
TMetafileCanvas`
TMetafileCanvas4
Graphics
TSharedImage@
TMetafileImage
TMetafile
TMetafile
Graphics
TBitmapImage@
TBitmapP
TBitmap
Graphics
TIconImage
Graphics
TResourceManager@
P YE3Uhx
d2d"E@
t!Ef;p
v!EEUR
E!;AE^[YY]UUE}
EEE3Uh
d1d!EH
PmE ]USVWM
EE;3Uh
E3ZYYd
@_^[YY]
UQSVWEE3Uh
E3ZYYd
E?_^[Y]
UQSVEE_3Uh{
d2d"EX
u3ZYYd
8?^[Y]
USV3EHF
-3ZYYd
>^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
Pikj3$F
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Tj<Vet|
^[SV53
d0d ]}3Uh
63ZYYd
EE3Uh)
%3ZYYd
E5[Y]V;P
UUU3Uh
d0d Ex
E3E3E3E
EPIaUB
Default
<T$,D$
d0d ]}3Uhz
EO913ZYYd
1UE+t[YY]
A3ZYYd
d0d Ex
EEP<]UB
)txE3UhP
d0d ]3Uh3
E.3ZYYd
Eyc.UErq[YY]
EE"3Uh
-[Y]VW&F
d2d"Ex
RdE63EE@
EEPYUB
$G8P?X
UQSVWM
TCPhHF
Vi2Pa4PC
$YZ^[SV
UQShHF
S3UhtB
d0d {P
IT?(E[Y]
C8P,ThHF
RKPhHF
VW<$L$
$0YZ_^
PSU_^[
PVHUHF
YZ^[SVQ
C4S0[Sfx*
C,S([S
d0d U,5F
!$3ZYYd
E*#Y]US33Uhx$B
)3ZYYd
*;#[]S
L[USVW}
OE3Uh%B
d0d EPj
EPEPOEbj
3UhQ%B
d0d EPEPEPOE}
tdEPEPP
EPEPPh
EPEPEPj
SEPhPt
VEPZP3ZYYd
EP$OEP
O!E_^[]
USVWMUu
POE3Uh&B
PE PE$PE(PE,PEPEPW
O3ZYYd
P.OEEP
MqE3Uh(B
d0d VSE$P}MPEEPEPNEj
PE$PNEj
EPE$PN}
jEPEPNE
EP[Nh
PE PE$PVSj
PE(PE,PEPEPWmNhF
EPE(PE,PEPEPWHNEPW
NEPWM}
EPEPMEPL3ZYYd
EPEPMEPUL
E_^[](
<$?O~&
YZ_^[U
UEEPIUMIx3Efx
%NE3Uh*B
d0d jhEPAK
SEPJ3ZYYd
#ME3Uhb+B
d2d"jhEP?J
"IWSJD$
WSaJS;I
SHIt)<$
EPEPG}E3Uh>-B
GE3Uh-B
USVWE3
_^[YY]U
SVWMUE]
EE^E3Uh1B
d2d"UME0V
;3Uh/B
E3ZYYd
cE}O~L
+;]|&U
']E3Uh1B
d0d EP
EPDEPj
EE\E3Uhx1B
DVEPEP
DEPCEPCVWEPEPE
}3ZYYd
C ;C$s
T_^[USV
YAE3Uh3B
WEPBEEPtBj
E3ZYYd
EPEP]BEP,A
D3Uh5B
MUEU3E3E3E3E3Uh5B
d2d"EXEEXEEXEEXE
EP ?EP
_^[]SVt
USUEEP
E3Uh/8B
E3ZYYd
E_^[]3
@!UQVj
mE3Uh8B
QT3ZYYd
QT^UQVh
:mE3Uh
QX3ZYYd
QX^L9B
TFileFormat
TFileFormatsList@
U3QQQQSVt
]_^[USVW3
]MU3Uh;B
H3ZYYd
MU3Uhv<B
Ku33ZYYd
TClipboardFormatsSVt
%FE3Uh=B
F3ZYYd
_^[YY]
L^[SVW
UQSVW3EtI
C$S []
M3Uh?BB
PHE3UhAB
Q03ZYYd
^[]USUEEPh8AB
EPhPBB
3UhTDB
_^[YY]
G3E3UhkFB
d2d"E@X?
EPE0kdE@Xs
EP*0Pj
0kdPExX
EP/kdE@X
EP/kdPExX
PEPE@XO
~#ShFB
E3ZYYd
Htj3C(t
P(S(@,C,
R$3tjV;P-,P-
]_^[SVW
C 3TjdP+kD$TdPD$PPC
[SVW3C(tix
P*P+*S(B
3TjdPf*kD$PdPD$LPC
SVWXUd
YW} EMFt
+ECE^(3UhLB
d0d UEd
WEPEP){
UhSVWMUU
EYE^(3Uh_NB
d0d UME8W
F(fUfP
U+PE&C
U+P(&C
3E3E3E
EPEP({
EPEPP({
UE^T_^[]
d0d E@,E3UhNB
d0d UHEUE,OB
E3ZYYd
EUP,3ZYYd
P~%C(@
T$ +T$
T$$+T$
p ?TjdRW%D$LPkD$XdPV#
?TjdRg$D$HPkD$TdPV"
|$( EMFt
C(@ F C(
Z_^[USV
tZEE3Uh$SB
d0d EPEPC(@
P^"UMP3ZYYd
UE^[YY]
PQ fEh
P: fEE
c$E3UhoTB
d0d EPj
P!EEE3UhOTB
d0d EPj
OUMO3ZYYd
UEnd3ZYYd
%D^[]U
P E+EF
TBitmapCanvasUB
TBitmapCanvasUB
Graphics
2E3UhVB
d0d E@
/EEt33UhbVB
d0d E0
E#QM}u3ZYYd
UQSVE}
Ku3ZYYd
1^[Y]SVWt
_^[UQSEEx
d2d"E@\t
03ZYYd
UQSVEExX
E3UhXB
d0d E@X
E@X@(@
E@X@(p
P\E@X@(p
E4U4'F
//3ZYYd
E3UhZB
d0d PSj
0^[]@(
u<fP&f
UhSVWMUE3EE
xPjTEP
E3Uh*aB
E3Uh4^B
@ 3+Pj
@ ;Eu>E
@ 3+Pj
EAEPEP
/E3Uh`B
d0d 3Uh`B
d0d 3E3
E3Uh~`B
d0d EPEP]
53ZYYd
jEPEP}
=3ZYYd
PjTEPS
SV3tF3
3E3E3UhcB
jBEPEPj
E3UhWcB
EPEPEPj
E_^[]SVWt
d0d t;F(hE@(aF(UB(F!UB!F4UB4F8UB8#E3
3E3E3UheB
d0d ;5HF
EEPC,PM
0EEPC(@pPj
PTli|[
RP;C(Vp
|TC(@pPV33
t"jPE@
t8EPE@
EPEPEPE@
3E3E3UhyhB
PF PEPj
E@ PF PF
F(^4F0
A(@ 3+
R HP3Y}
UEE@(x
@l+6EP
U3UhkB
d0d E3
E@(PlE
QT3ZYYd
^[SVWUo(
EPjTSJ
E3UhnB
d0d EX
UBl3ZYYd
d2d"E@(UEB(3ZYYd
_^[YY]
UTSVWUE3E3E3E
EEE3UhsB
d2d"3UhsB
3RPUE3f
}(u-fC
UE2C 3
PE3Uh+sB
3E/E3UhrB
3UhgrB
j3ZYYd
L3ZYYd
[j3UhrB
E03ZYYd
dPjTEP
@$E3ZYYd
i3ZYYd
EdPEPEPM
)/f<$BMt
<E3Uh3uB
d0d EPj
o3ZYYd
T]_^[SVW
s(;~ t8VW
w(F0fx
:tN!VW
3fD$$fD$&fD$
E3UhwB
d0d EPFpPj
U3ZYYd
BMF(hlt8
D$*o}p
tOE0D$
fT$"fP
fT$$fD$&
fD$(T$
T$*(U,MD(,
^3E3EEPC,P~
3Uh*|B
d0d C(@
G(F(G(F(
^[USVW^({
E3ZYYd
'E3Uh4B
d0d Ep
E#EC(EC(_^[Y]
"^[U4F
jZS>HF
SVWjHHF
lr oSVbN<B
TPatternManagerSVt
EE3UhiB
d0d E@
ETJE_^[YY]
E3Uh[B
R PEPE
E3ZYYd
EoE_^[]UE^EEEE
A3ZYYd
U3Uh1B
TObjectListB
TOrderedList@
TStackSVt
UQSVWM
E"3UhB
d0d 33
uv= IF
tMu1=,IF
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
EPVSEP^[]
MonitorFromWindow
MonitorFromPoint
udt`>(r[j
j0tH3F
GetMonitorInfo
DISPLAY
udt`>(r[j
j0tH3F
GetMonitorInfoA
DISPLAY
udt`>(r[j
j0tH3F
GetMonitorInfoW
DISPLAY
EteEPV
twEPEPEPEPEPEP
t6WEPEP
WEPEPu
PEPVhB
EnumDisplayMonitors
USER32.DLL
U3Uh]B
IHelpSelectorl
HelpIntfs
IHelpSysteml
HelpIntfs
ICustomHelpViewerl
HelpIntfs
IExtendedHelpViewer
HelpIntfs
ISpecialWinHelpViewerXB
HelpIntfs
IHelpManagerl
HelpIntfs
EHelpSystemException@
THelpViewerNode
THelpManagerhFF
d0d =8IF
UE33ZYYd
[YY]US
Oy:SVWt
SVWM3Uh
Oy:SVW
R(FKu_^[
U3Uh"B
8E3UhB
H|D@EE
E0V<EMu
SVWU3Uh
S@3ZYYd
Oy:USVW3
UE3Uh=B
d0d 3E3t
K|'C3E@
u+EvEE
K|~C3E@
H|/@EE
ME8W<EMu
Q EE3ZYYd
EDE<v_^[]
]]]MU3Uh?B
mK|fCE
EMU8W8t EUPB
EKu3ZYYd
EVt_^[]
U3UhCB
)_K|XC3
GKu3ZYYd
ERp_^[]
Oy:UQSU
UQSVWM
EO3UhUB
E$^_^[Y]
Ku_^[SV
a3ZYYd
S35DIF
Sm5\IF
SL5`IF
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
U3Uh)B
TSynchroObjectB
TCriticalSection@
d0d =@JF
PM3<JF
]UQS<JF
E3ZYYd
NXE[Y]
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
U3Uh|B
u!=@JF
U3UhAB
U3UhyB
U3Uh!B
U3UhYB
TCommonDialogdB
TCommonDialogB
Dialogs
Ctl3D[A
HelpContextD\A
OnCloseD\A
OnShowSVt
PWC4PF
UQSVWE3Uh
Q03ZYYd
E3UhGB
d0d EP
@4Ph7F
d0d E'F
E3ZYYd
@4Ph7F
CLSH[SfxR
Cancel
Ignore
NoToAll
YesToAll
D$$D$(
bD$,D$0
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
u+f='F
l3ZYYd
TTimerB
TTimer`B
ExtCtrls
Enabled|
IntervalD\A
OnTimerSVt
+^[UQSVW
u?3UhB
d0d Ef
PVE@4P
SV3UhB
C4Pvs0t@{@
'3ZYYd
C<S8[hFF
U3Uh,B
Delphi Picture
Delphi Component
U3UhYB
U3Uh0B
J3ZYYd
F3ZYYd
U3UhXB
MAPI32.DLL
Pv3ZYYd
U3UhUB
TConversionB
TConversionFormat
comctl32.dll
TThemeServices'
Theme manager 2001, 2002 Mike Lischke
ClSh[SVW3
PEPEPVU
PEPEPVUP6F
USVMUE
PEPEP@7F
 !"#$%
EPEPEP
E3Uh{B
d2d"Vu
^txjE{
7jjEPxEPEPU+
UQ3ZYYd
P8x_^[]
~3ZYYd
TTextLayout
tlCenter
tlBottom
StdCtrlsB
TCustomLabel@
TCustomLabelB
StdCtrls
TLabeldB
TLabelB
StdCtrls'
AlignZA
Alignment<B
Anchors
AutoSizeZA
BiDiModeB
CaptionA
ColorB
Constraints
DragCursorB
DragKind(B
DragMode
Enabled(
FocusControlA
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint +D
PopupMenu
ShowAccelChar
ShowHint
TransparentB
Layout
Visible
WordWrapD\A
OnClickB
OnContextPopupD\A
OnDblClickB
OnDragDrop
OnDragOver4B
OnEndDock4B
OnEndDragB
OnMouseDown
OnMouseMoveB
OnMouseUpD\A
OnMouseEnterD\A
OnMouseLeaveB
OnStartDockB
OnStartDragSVt
SVW3Uh
8VWEwPEyP`
GPjjWs`
8VWEwPEyyP`
%VWE[wPERyP`
Ektm_^[Y]
QDT$ 8C
f<E<*F
fCg0_^[SV
SVW3UhB
E|pi_^[Y]
[U3UhyB
THintAction<B
THintActionB
StdActns
TWinHelpViewer@
SVW3UhUB
d0d lu
Ul3ZYYd
Hl^e_^[YY]
Efkd^[Y]
SVW3UhB
Q83ZYYd
d_^[YY]
S3UhGB
PX3ZYYd
Vjlc[YY]
MMM3UhLB
!dEPuE
UiE,nPh
P[3ZYYd
Qigb^[]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
SVW3UhDB
E5hoa_^[Y]
M3UhJB
P[3ZYYd
7gE/gi`^[]
JumpID("","%s")
]M3UhB
Ef__^[YY]
SVW3Uh\B
P>3ZYYd
fW__^[Y]
SVWMU}
C3ZYYd
Fe\^_^[]
MS_WINHELP
#32770
Eh3UhB
E3ZYYd
VW<$D$
SV3UhB
Eb[^[Y]
W^[U3UhB
{3ZYYd
x3ZYYd
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls@
TDragObject
TDragObjectB
Controls
TBaseDragControlObjectB
TBaseDragControlObjectxB
Controls
TDragControlObjectB
TDragControlObjectEx@
TDragDockObjectB
TDragDockObjectXB
Controls
TDragDockObjectExB
TControlCanvasB
TControlCanvasB
Controls
TControlActionLinkB
TMouseButton
mbLeft
mbRight
mbMiddle
Controls,B
TDragMode
dmManual
dmAutomatic
ControlshB
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls@
TDragKind
dkDrag
dkDock
ControlsB
TCaptionB
TAnchorKind
akLeft
akRight
akBottom
Controls@
TAnchors
TConstraintSize
TSizeConstraints@
TSizeConstraintsB
Controls
MaxHeightPB
MaxWidthPB
MinHeightPB
MinWidth@
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
MinHeight
Integer
MaxWidth
Integer
MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControlB
TControlpB
Controls
Width<
Height
Cursor
Hint[A
HelpType
HelpKeyword[A
HelpContext
TWinControlActionLink
TImeName(
TBorderWidth
IDockManagerl
Controls
$5%&'/
,3489:<
TWinControl,
TWinControl
Controls
TGraphicControlH
TGraphicControl
Controls
TCustomControl
TCustomControl
Controls
THintWindow$
THintWindow
Controls
TDockZone
TDockTreed
TMouse
UQS]H*F
P'nH*F
PS#mZ[3Z[
SVQ3tITSkt>-e;
$u4(KF
QRPh7F
Vl^[3^[
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
TSiteListSVW
Pcgu[]
r_^[YY]
SVWQ3C
J H J$H$J(H(J,H,
xSg[U]
tPHt8wUC
hEP<KF
)A1=0KF
I5_^[]
UQSVWE3UhF
4_^[Y]
O.3`KF
;.3`KF
F8C8^[
UQVWME
F8ff-_^Y]
C8f@-3
S$_^[]
^[Y]SV-
PTSTPXSXPlSlVpD{D^Vp\{\^P@C@
_^[UVWE
F8f+_^]
^[SVW<$
PVCDPb
u EPVvaw
;B0t'E0
PUPUEPh
Pf()4KF
(t)4KF
EPEPEP_t
E_^[]UE
USVW}U3E=XKF
P&_thU
t uuEPK_t
3EE_^[]
tN=XKF
MMM=PKF
tOTVJ]tDV;
$u:$KF
7P\Wf;
t%V4KF
SVW34KF
;B8t=4KF
SVW=PKF
u&=TKF
3.=4KF
P8f"\I
XXu$4KF
BT=4KF
knu*|$
3F(F,t
YZ_^[USVWM
d2d"3E
uKUf= =0KF
Uf=0KF
UEUPDUPH(M33MUM
EUPDUPHuVHEx8
GHMMEUPLUPPEpDx\M
E3ZYYd
~!30KF
J%%_^[]
USV4KF
tR=PKF
d2d"4KF
3Uhn&C
d2d"4KF
UUYt)=PKF
PT30KF
~3ZYYd
EPEP`KF
E!3ZYYd
YZ]_^[
SVWTSMj
+PSNYZ_^[
`E3Uh(C
d0d E@
H|l@EE
UE\EEt?3Uh(C
D3ZYYd
2EMu3ZYYd
_E3UhR)C
d0d E@
|YEUEA\EE.t33Uh*)C
d0d E
M}u3ZYYd
^[UQSEExX
EP`E@X
QHUB\UY3ZYYd
EP\EER
^^C\PC`PO3C\[
SV;sXt
sX^[SV
t%Jt?Jt[v;N
MM3Uh,C
rU1"3ZYYd
%s (%s)
S3UhC-C
PdXa%t
@tC8\0C
3GlGt|
@0SV;s0t
Qh^[SVWU
PWVDVYDt
R|jWVmDVD$
YZ]_^[
S3C[P*F
SVWfKT
6fcT{0
u$;~|u
GLPGHPODW@
Z_^[USVW
tr;s@u
;CLtX3
SVFHPFLPND
SVFHPFLP
SVRFLPND
SVFHPRND
ULEfHT
;tDt E
M3Uh9C
d0d {0
YZ_^[SVW
YZ_^[SV
t@=4KF
f;u!}EEE
$PWF@P
$PWFDP8D$
$PWFHP8D$
FLPp8+D$
$PWFDPX8D$
$PW^hP7
^USVW3
MU3Uh<C
d0d GP t;G
_^[YY]SVW<$
QDCH+D$
$PCL+D$
_^[SV;s0t=;u
:_Wt+f
d0d UE
m3ZYYd
3]USV3
M3Uh&BC
d0d {0
CDPC@PV~4CLPCHPj
V33ZYYd
P+C~NN
t8CP@t2U
tWE@0e
tHUE }
E@0@P@u
PEPE@0b
PWeSVW
^USEExW
P3E3UhDC
d1d!URD
KLQE@@
KHQRPEPg1E@0MU?
EPE@0a
ue30KF
t8T2L$
umC8]C8?|$
Q,@CDPC
STRSDR|
]_^[UVf^]
VEPEPM
x}E_^[]
EP.E3UhGJC
d0d F@PEP~,EhI
SEu++P}W
PEP(,hI
PE+PEP
SE+E+PE+PVEP+hI
E+E+PSWVEP+EPEP+3ZYYd
0l_^[]
SDC@$E
EEEs0t
EEEPEP
E3Uh;MC
PTEUPXEWxDu
,EPMUf;3ZYYd
E*xE_^[]
t24PD$
P33D#L$
Z_^[USf
SVWPtR
C<S8E[]
Ht*gFdt
GFdG~dC
USUEEPh
EPh SC
IsControl
R<@@;
~/UOEPEPfF
fu_^[YY]
@|SVWU3
fYZ^[UQSMf
f;u~CtP
C0PpCZ
YZ_^[V8F
SVW<$3
+BLPEPK
Ur_^[]
ULY0E@
[YY]Uj
3Uh2^C
k_^[YY]SV
SVW3Uh
+3ZYYd
Ey_^[Y]
UQSVE3
Iu^[Y]
t$,D$,\$
l$0D$0\$
|$4D$4\$$D$
PHRPLRHDP@
Q,]_^[
SVW<$f2
U3Uh|dC
E3Uh<fC
!]K|0C3E
E& FKu
FKu3ZYYd
E)w^[]
ER3ZYYd
UQSM33
1R@;P@
[Y]USVW}
E@@EE@DEE@HEE@LEE@0
MEX0SLCH
3UhMiC
d0d EPEPMUE
E=E@@EE@DEEPEPEPE
@PEPME
d0d EPEPMUE
E@H;Eu
EU+PLE
SEU+PLE
EU+PLE
:_[upt$
H|B@EE
@EEE]E
MfYEMu_^[]
UVMUEE
oE3Uh7nC
YU3YEf?3ZYYd
d0d UE
3=USVWE
E3UhoC
d0d E?EE,
U+WH+W@[FKuEX
K|C3j
YFKu3ZYYd
USVWUEE}
EE3UhpC
d2d"EH
Ef3ZYYd
f8COu_^[]
3C0^[SVW
$K|!C3
GKuZ]_^[
C<3C@hFF
MEgUCL#3ZYYd
_^[]U@SV3
@3UhewC
us{@tj^
LPEPEP
{f5H*F
Fd#3Fd1
C4PC P
UQSVWE
@X t!E
K|,C3E
:GauOFKu
K|,C3E
E_^[Y]
USUEUE
DesignSize
UQEEfHT
3Uh-zC
c3ZYYd
Ef`TE3
FKu3_^[
GNu_^[
USVWEExW
:EtREU
Et3ZYYd
Y_^[YY]
UQSVWE3Uh
d0d 3Uh}C
d0d ]C<S83ZYYd
QDEPtJC
USVMU3E}
KuE^[]
;{u$~0
,;=,KF
SVWUE][
O|TG3E
u+@P@t%PD
PHRPDR@@PSE}
KHSDC@QD$
PUNtVFTt
KDS@CLPCHPj
KHSDJC@HID$
CL@PD$
KHASDC@D$
]_^[USVWfKT
vCLPCHPj
V`33Ej
tICLPCHPj
WEPEPVMUE+EPE+EPj
H|5@EE
PDRH@EMu
EPVfcT
QDEPWEWj
d0d EP
EPEPaEP8EP?_^[]SV
SVW=>t'{0
fxDfuMTj
f{xft\
@0P~?;t
SVW3UhOC
d0d 8F
E*d_^[Y]Uj
d0d 8F
USVWfU
UQSVWM
f]_^[Y]
$Z_^[SVW
_^[YY]
SVW`~"K
OKu_^[
R3ZYYd
E%C_^[Y]
USVWUEEx
2E&3UhBC
d2d"E@
@8MUfpE
PXRUHTUP8E|
RXE;uNE@WE3UhC
Ef~3ZYYd
E^[YY]
Z[SVWUQ
Z[SVWUQ
Z]_^[SV
USVWEE
EN|tF3
RPtPCR
GNuE_^[YY]
tREfx
P+u8zu/h7F
Q^[SVW
SVWfKT
tUt&h7F
@8`P$h7F
@<:PfQ^[
VfB^SV
SUu*T{3
YZ]_^[SH0t
fu@[0u
YZ]_^[SVWF
USVW;s@u
PXs@{DE
SVWUL$
$K| C3
$fvGKuYZ]_^[
EE3UhC
E;tIE@
t4VSE
SVWUL$
PN|lF3
PLRPHRPD
]_^[Vp0t
SVX0t-t
PW#2$t2O|$G3
R|FOu_^[S
-N|dF3
ENu]_^[
^[SVV*P^[
CLPCHPj
Pf^[;l
CLB<_^[
O|9GD$
OuYZ]_^[
USVWME3E
d0d UEf
;]u3ZYYd
USVUEE2K|!C3
FKu^[YY]
USVWFtx
S8_^[]
SVWMUx
FHU+U+
EVLM+M+
d1d!3E3E3E3E3E3E3E3E
EPEPMU8C[,
E+E+CH+EE}
U+U+SL+UU}
VtL_^[
QH^[USVWMUEE
UPHRPLRHD+MP@+
ENu3ZYYd
AHM+M+M
ALM+M+M
E_^[]SVW
USVWUEEe
EPE3UhC
d2d"EPEP`EPE|Pj
EPEhPj
0EPEPEP3EPEPEPEPEP"u
PPEPDu}
PEPEP*EPEPEPEPEPyu
EPEPEPEp
dPEPEP>3ZYYd
*f3UhgC
h3UhDC
3ho3ZYYd
d0d UE
U3UhMC
PEPjU_E
[fPM3ZYYd
V3UhSC
4{3ZYYd
J`^YY]
E@LPE@HPEPEPjEP
d}z=D*F
PjdEBP
R|3ZYYd
UQSVWM]
UMEPS{EPS
P)E3Uh\C
EPYEPj
^EPEPj
EP;3ZYYd
EPW[]USVW
t&sx{pE
UQSVWM3
FtPNpVxnE
USVWM3
t9;wlt4;
UEPEPGlP
ClP3Cl[SVW
3YZ_^[
^[SVfKT
ofcT^[
3z^ 3ZYYd
_^[SVW
USV3EC
tCEX83UhC
E3ZYYd
u^[]USVWEE@
EQUiYt E@
;Bdt*E@
;Bh|3E@
d0d EcK|C3j
FKuE@d3ZYYd
J8H0J<H4E@
V0P8V4P<3F0F4Vd:
@lHlxl
U@dYEYY]
3USVWM
}+}E+EEC
pEEPEP
E3EX+F
ECdbHuj{dEG
R|_^[]
UQSVWU
VhFdbFhE
FH3F@FD
^dVh$C
^dVh$C
P_Y_^[]USVWE
+C@MnuuU
_^[]USMUE3EE3
%E@d]t
UE@dIYE[]
MUE3Uh\C
d0d EPdE
E3Uh?C
}O|UGE
EOvEOuEPh
EXdVE;Eu
0E;E}(
Etq3ZYYd
xWq_^[]
@F_^[]
CE3Uh~C
REE3UhaC
EH3UhDC
u[U]_M
)EE+CD
)ECHU+U+
)ECLU+U+
{3ZYYd
EGon3ZYYd
E$FRn3ZYYd
Ef5n_^[]USVW
{C@ECDECHSLUU
4P_^[]
RY5e[]
3Fdd^[]
t$;C8u
U3QQQQSVW
d0d u;U
hUX+uM
8EPU7F
;u*Fdx
;Fdu;VhzFd6FhFd;c~d3G
Fb3ZYYd
dpzi_^[]
_^[SVQ
Z^[USEEs3UhC
d0d EqEUE
Eng[YY]
MU3UhC
d0d UE
RUB|YC
RUhY3ZYYd
Em,g^[YY]USVW3
MUE3UhC
d0d EPp
__E3Uh|C
d0d E@
K|-C3E@
EYFKu3ZYYd
E^7fEPh
UE@d34Yh+F
Ele_^[]
tv>uIE
@;Xdt>Xt3E
t#;^dt
VL^[SVW<$
CXPC\P
[3C`[S
+QRPCXP'VCXPM
@D;~-{
RvY_^[]USVU
*YE^[YY]USVW
t`UWRUMRE;E
_^[]USV
UQSVWw
!PUZ++W$;U}
PBt7+G$;E}
"_^[Y]USV
R|At=MVDF@
BP_^[]
_EUPPUPTUYE!
vNEEEEf{
uF4V0{
)EE+FD
)EFHU+U+
)EFLU+U+
)EUQUC
]C4S03ZYYd
EaZ_^[]
gt!PN{
"E3Uh*C
d0d =hKF
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
US3EE3Uh8C
d0d EP
%`PKf KF
EIZEAZ{S[]
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
Y3ZYYd
R]U3UhzC
L3ZYYd
TContainedAction@
TContainedActionC
ActnList
CategoryC
TCustomActionList\C
TCustomActionListC
ActnList
TShortCutList|C
TShortCutListC
ActnList
TCustomActionC
TCustomActionC
ActnList
TActionLinkSVqI
|1S\z0W
CXLSC\t
fcFu2h7F
Fu2h7F
^[Y]SVWF
USVUEE@0X
K|#C3E@0@
FKu^[YY]
XDY_^[
u*;~8u
3F\^[SVWf{B
CDS@C0p
R0GNuC
GNu3Z]_^[SQ
R4CHGHCLGLC8G8C<G<
_^[SVWQ
$SdLPtDCPp
N|'F3CP@
R0Z_^[
d2d"E:Xi
O|)G3E@P@
EXiExl
tRE@\O|@G3E@\;]t%
ClU;Blu
R03ZYYd
7D_^[Y]
$:Cjt_C\t
N|'F3CP@
R0Z_^[
SxnNtMCPx
R0]_^[
$;Ctt?CPp
N|'F3CP@
R0Z_^[
$S|MtDCPp
N|'F3CP@
R0Z_^[
N|'F3CP@
R0Z_^[
N|(F3CP@
QpGNuf
R0Z_^[
O|0G3EP@
R0]_^[
$Z]_^[
TChangeLink|
TImageIndex
TCustomImageList@
TCustomImageList
ImgList
GL.63GLGTt
CDCH
EhC<[Y]
d0d EXPE@0PE@4PEP=i
R,33UeEP]Z
n;E@Tt
P&}3C<fr5^[
d0d s8VV3CA
PC0PC4P|C<u!Ux7F
V;CD=t
E@,:^[Y]
VE3UhC
UE3Uh&
d0d E?M
EhPE@<P
|E3ZYYd
E?293ZYYd
E"2p9Ef
d0d ;|!U5F
V|Pn{fs33ZYYd
Ev?8^[Y]
8PC<Pz
PCHPPj
PEP~Phzb
Q4CTWY@
C0PEPK433`EPCT*YZP
PEPPyE
C0PEPM
EPC0PC4PE
EPC0PC4PE
PV=c_^[]
SX@SXCS]
S0_^[]
USVWUEE@0PEPEH433
QE3Uh<
d0d EP0E
Q4EP4E
jQE3Uh
EdEP0E
Q4EP4E
Q@EPwN||F3
;ulEVEU
PSEPxwEVEU
PSEPIwMUECNu3ZYYd
EF-43ZYYd
E)-w43ZYYd
Z4_^[]
XFACAFCCCV@
C0PC4PQPvDP
FACAFCCCV@
FBCBFHCH
C0PC4PPuPZu
SV3Uhd
d0d t9
R ;C0|
R,;C4}!U5F
f33ZYYd
9O2^[Y]V:V@t
V@f,^S
33>[[SVWUCX
8CLt"x
CLlof,EOuf{b
CdS`]_^[
CL$o;u
FOu]_^[
W)E3Uh`
0)E3UhC
E3ZYYd
E")p03ZYYd
)S0E_^[]
USUEUE`EP
@<PUrY
Bitmap
PKE3Uh
JEEP4E
Q@EP0E
E]EP4E
Q@EP0E
Q4E@0PEPEH433WE
R UJ0H
R,UJ4N
E@0PEPEH4EP0
_WEPEOPEOUY
E@0PEPEH4EP0
WEPEaOPEXOUYG
MUE]MCN
A-3ZYYd
E%$-3ZYYd
USVUEj
d0d Et
E&3ZYYd
$E3UhR
E2UE/j
d0d Et
E0$~+3ZYYd
d0d =KF
*3ZYYd
E[")_^[Y]
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuErrorXD
TMenuBreak
mbNone
mbBreak
mbBarBreak
Menus@
TMenuChangeEvent
Sender
TObject
Source
TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
Menus!D
TMenuAutoFlag
Menus!D
TMenuActionLink"D
TMenuItemp#D
TMenuItem"D
Action
AutoCheck@!D
AutoHotkeys@!D
AutoLineReductionL
BitmapTD
Caption
Checked@
SubMenuImages
Default
EnabledT
GroupIndex[A
HelpContext
ImageIndex
RadioItem,\A
ShortCut
VisibleD\A
OnClickD
OnDrawItemX D
OnAdvancedDrawItem D
OnMeasureItem@
TMenud'D
TMenu&D
Items@
TMainMenu8(D
TMainMenu'D
AutoHotkeys!D
AutoLineReduction
AutoMergeZA
BiDiMode@
Images
OwnerDraw
ParentBiDiModeD
OnChange)D
TPopupAlignment
paLeft
paRight
paCenter
Menus)D
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
Menusl*D
TMenuAnimation
TPopupMenu$+D
TPopupMenu*D
Alignment!D
AutoHotkeys!D
AutoLineReduction
AutoPopupZA
BiDiMode[A
HelpContext@
Imagesh*D
MenuAnimation
OwnerDraw
ParentBiDiMode)D
TrackButtonD
OnChangeD\A
OnPopupt-D
TPopupList-D
TMenuItemStack$
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
UQUfE3}
Y]USfEj
SVfE3Uh0D
d0d ]3
002 UE3
n"_^[USVW3
UEE!3UhK2D
d0d 33E
u3ZYYd
_^[YY]
W[USVM
:Bw$EU
E^[]USVWME3E3E33t
@?E;u~
@?EE:Ew
EEUEMUYE
@?:Ev}
F4P>F\
FD'FxfFPft
]]M3Uh
d0d {>
u$uh ;D
UfC`uE
EC0,;D
CPE3E3E3EE
CPPVjWs>3ZYYd
RR4e3]
USEEXpt%
EEPh0;D
M2[YY]
d0d U!E
u*Ch;t#t
^[SVWUE
Q<]_^[
N|@F3;,$}
:X?s&T5F
X?ENuZ]_^[S
ShortCutText
3Uh0@D
d0d j
EPErP<8
PEP7jjE
PExPj73ZYYd
SVW3UhID
@j;|+E
B3UhDD
j3ZYYd
+Q;}JE
+Q;}JE
@%P/%E
@fX`ftUE
@3ZYYd
/_^[Y]
SVW3UhRD
@Q;|+E
B3UhMD
^3ZYYd
+Q;}NE
+Q;}JE
@fX`ft^E
M3ZYYd
t?EPMU
tBEPfE
UY_^[]
]MU3Uh^VD
&EG0xVD
3fw`ft
EW043f
PMU=E+E
Q<^[SVW
P?:S?u
GNu_^[SVW
:^8tB^8~dt'F
FPPPt
:^9tg^98F
Q<7~dt'F
:^?t1~dt
Q<;P@t
Cdt4m}
UQSVEE'K|
FKu^[Y]
:]:tJt:}d
t4EdO|%G3
Q<]_^[
TC\M|.C\;h
C\4+@?:F?v
C\"+P?N?
C\|+^d
Q<]_^[
C\|)3Gd3
t-t"@@;
CD3CDO{D
R@FKu_^[
S:S=tS={8
XtSS9ST
S@^S0TS>
*_^[SVW
@Y8W<CNu
]]MU3UhcD
MMU3UhhD
3E3E3E3E3E3UhHhD
E"ptXUEeYuJ
E8WdFM
E:EU'UEbYtL8F
SpFOuM
mu?EPEp
EUE3EL
b3ZYYd
E5E-E%E
k3ZYYd
COuIK|$
$YZ]_^[
[UQSVWt
_^[Y]SV
[UQSVWE
SP;t+E
2N|$F3E
E_^[Y]
xTZ]_^[
F4Y_^[
f;Bt,E
tz3UhIoD
E_^[YY]
3UhvpD
3UhKpD
d0d UE3YE3ZYYd
t3ZYYd
D$0D$$D$(P
USVEEP
E3`SE+Ph
;]r^[]
R4*Yx<
tcE@0EURAU3UhrD
EUPAYY]
O^[SfxR
USVfsD
SVfU3UhiuD
MEPES0
33ZYYd
EEH|w@E3h
uFMu}}
}yEH|q@E3h
_^[]UQSVW
@4P<:P\t
UQSVWU
U_^[Y]
@4R493
H4Ih;J4u
0V8C8t
EUSVWE
Nu3_^[]
UQSVWE3Uh
K|tC3}
GKuh7F
eE3Uh}D
E3Uh}}D
P63ZYYd
P&E3Uh~D
=E3Uh~D
d0d EPE3Uh~D
d0d UE
S83ZYYd
E3ZYYd
FXF\F4
@0F8Fa
S`f,P3Chf
WVUC4PYZ]_^[SVWUG
CNu]_^[
S0_^[]
CS<&uO8F
;~^[SVWU
C;}]_^[
SV3UhED
d0d UEPUEZ
Xn^[YY]
U3UhLD
:3ZYYd
TScrollBarInc
TScrollBarStyle
ssRegular
ssFlat
ssHotTrack
FormsD
TControlScrollBarD
TControlScrollBarD
ButtonSizeA
ColorD
Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
ThumbSize
Tracking
Visible@
TWindowState
wsNormal
wsMinimized
wsMaximized
Forms(D
TScrollingWinControl<D
TScrollingWinControl(D
HorzScrollBarD
VertScrollBarD
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms D
IDesignerHook
IOleForml
TFormStyle
fsNormal
fsMDIChild
fsMDIForm
fsStayOnTop
Forms@
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
Forms$D
TBorderIcons
TPosition
poDesigned
poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
TDefaultMonitor
dmDesktop
dmPrimary
dmMainForm
dmActiveForm
Forms,D
TPrintScale
poNone
poProportional
poPrintToFit
FormstD
TCloseAction
caNone
caHide
caFree
caMinimize
Forms@
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomFormD
TCustomForm$D
TForm(D
TForm(D
FormsU
Action(
ActiveControl,B
AlphaBlendT
AlphaBlendValue<B
Anchors
AutoScroll
AutoSizeZA
BiDiMode D
BorderIconsD
BorderStyle$
BorderWidthB
Caption<
ClientHeight<
ClientWidthA
TransparentColorA
TransparentColorValueB
Constraints
UseDockManager
DefaultMonitor
DockSiteB
DragKind(B
DragMode
Enabled
ParentFontA
FormStyle<
Height
HelpFileD
HorzScrollBar
KeyPreview4(D
OldCreateOrderl#D
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch +D
PopupMenu8D
Position(D
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBufferD
VertScrollBar
Visible<
WidthD
WindowStatel#D
WindowMenuD\A
OnActivateB
OnCanResizeD\A
OnClickD
OnCloseD
OnCloseQuery<B
OnConstrainedResizeB
OnContextPopupD\A
OnCreateD\A
OnDblClickD\A
OnDestroyD\A
OnDeactivateB
OnDockDropB
OnDockOverB
OnDragDrop
OnDragOver4B
OnEndDock@B
OnGetSiteInfoD\A
OnHide|D
OnHelp|B
OnKeyDownB
OnKeyPress|B
OnKeyUpB
OnMouseDown
OnMouseMoveB
OnMouseUpB
OnMouseWheelTB
OnMouseWheelDownTB
OnMouseWheelUpD\A
OnPaintD\A
OnResize@D
OnShortCutD\A
OnShowB
OnStartDockB
OnUnDock
TCustomDockForm
TCustomDockForm
PixelsPerInchD
TMonitor@
TScreenHD
TScreenD
THintInfo@
TApplicationLD
TApplication
t %PjVSj7j
t6St,St"
d0d 3UhD
E3ZYYd
[3ZYYd
E_^[]SVt,
;X0t@SQt6S?t,jS
@t:GNu
d0d UEPE
^[]USVWt
USVEEX
to3E3EE@
K|:C3Ex
+X_^[]USMUEjE@
USVWUEEx
EEH<EUEE
33E3E3
+R8/Ef@
tft-ft;JEP
t%ft6ftG
SV;S$t6u
SV;S0t6u
^[]USVWMUEu
EU+WH+W@
N|F3j
&3ZYYd
93ZYYd
/ ]_^[
SVWU;t}C
]_^[SVW
d0d E3ZYYd
E3UhAD
UE>3ZYYd
d0d 8F
P3ZYYd
d0d E4
!UE3ZYYd
UQSVWEEf
tI3Uh=D
d0d ]U
_^[Y]UQSVWEEf
tA3UhD
d0d ]U
`_^[Y]
_^[SVWU
UQSVEE
d2d"E3
;B@t/E\
@@PEph6PP
PixelsPerInch
TextHeight
IgnoreFontProperty
t2qWVqP
V?j~PxPH
Pj_PYPV
H|6@EE
EMu_^[YY]
RX#v;t
SVWUL$
y}3ZYYd
E(b|Y]
C0;t%;t!u
S,_^[]
ME3UhQD
d0d E@
PRE3Uh4D
d0d EP
EREPE@
y3ZYYd
EP}E3Uh
LE3UhXD
d0d EP>E3Uh;D
d0d UE
S83ZYYd
EQEPEP
xx3ZYYd
q[x3ZYYd
K|!C3E
FKu3^[]
QDEPE@
t2EPET
HPEPE@
uBEPET
P+MUEgEEEEM
UUE]3ZYYd
P;IuUY]SVW
LFOuZ_^[
d2d"Ex`
t1E@0u
Ql3ZYYd
_^[SVW;
b_^[S3/
GFKu_^[
FKu3_^[
$Z]_^[
PX]_^[
M3Uh>D
d0d tpKF
H|a@E3
R4PlP_
E;tum_^[]
PBPT^[
uzCHPkLU
uzCHPkLU
CHPCLPL$
]_^[SVWQ
F(Z_^[
PD$ PD
MDICLIENT
ULSVW3
EB EEPj
Ljc_^[]
SVW3Uh(D
d0d ;
tptE;t c;u
u0f]u!U(8F
fN]3ZYYd
EQib_^[Y]
UQSVWU3
PlE@T
UfBT3Uh
d2d"KF
@x;tTt*
;EuEp0t%
5h3ZYYd
f#PTEfPT_
;ADti/
P\]_^[
333UhzD
d0d E8
63UhWD
d0d EP
Ef'W3ZYYd
35\\3ZYYd
49\^[Y]
SVWUT$
$rM|;ED$
PNu)fD
f#CTfCT0T
uf~PuUj
SVW3UhD
UFXUKF
E] W_^[Y]
tIwP\t
fcO^[fz
US3t.E
MU3UhED
EPMU_M33g|U
UF|YEM33
MDEQE(
E4YnR^[]
B PB$PJ
UvYUEUh
UVYUEHHF
UCYUEHLF
Sf||fF
ME3UhD
d0d E@
d2d"E@
d0d Ef"J3ZYYd
@U+BLy5
3URHRURLR
t(^HE+XHy
^@FLU+BLy
3URHRURLR
@Dp>U+BLy5
3URHRURLR
E@HURL
[{EcEj
d0d EfF3ZYYd
u{;u!E
E}Pg~S}
EePw~3ZYYd
J3ZYYd
QJ_^[YY]S
d0d FhU
USVWE3UhD
UEfBE,
zI_^[YY]
RPu!U(8F
E+NeG[Y]
UE3Uh@
d0d Q&ExW
jvPyLyKF
@|3[KF
f@DfE3
d2d"E(3Uh`
EePxE3
EPRxEu;t
3E3ZYYd
EaSE3ZYYd
EPwE,F
Di3ZYYd
D3ZYYd
E9KsDE^[]UQSVWEE
pN|CF3
PYGNu_^[Y]
t1F48TH|$@3H
@4.Tx>
R@GNuU/Y_^[]
UQSVWEE
t]EnN|NF3
GNu3_^[Y]
UQSVWEE
t]EmN|NF3
GNu3_^[Y]
K|-C3E
FKu3^[]
USVUEE
EE^[]USVW}
]MU3UhO
d0d HunEC4AE3EEvGPEmI
EY*4EZG~'
{3ZYYd
E*Dd=^[]S
hO|&G3
hYf7EOu
]_^[USVWu
_^[YY]
unPHnu]9~Rj
CEDPEF
Y1ED~'
U13ZYYd
EA:^[Y]
xSWp0GNu_^[S
ijZVfC@Vj
0ET0EP0EL0E00E40E|0EXt
F3EXbu0GNuEX0.
CPpt^[
Ch;Ctt
Cd;Cpt
hE`$-F
SVW_\t3C
mgW`;t
Rd_^[SVW
d0d Ex4
`-UB4E8;Pj@qeH
EPg^uO
=3ZYYd
EX43ZYYd
6:p3[]
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
SVf5KF
SVWUf;sDtsfsDfuZTbt$
Wc2];u.fPj
ePWj Wd
ZPdCHYZ]_^[
d0d =KF
EPj<j
j)dt4KPG^
;3ZYYd
t$t+:RD;PD
C@ECDEj=
t.t4GE
EVEPMU
+uE)ECH;u
SL;Ut~3
DE+CLU
@)0'+E
_^[]USVWEE
@@[:Eu E
uaC[:EuYC
9kEOuE
YEOu_^[YY]
UMUEUYtg
Y3ZYYd
ZEf3Uh
E 3ZYYd
USVW=KF
d0d KF
a,_^[]
Pd]3KF
3WV|\t
TApplication
MAINICON
PXF0PU~L
FLFF@t
6C@$w@
PUu:hFF
C@PjC0P
C0PbWC
PjC0PgWj
SS3ZYYd
E**$[]
XD;PHu
3sx;P`u
^[USVW]
;B0uGjS
PZT4$jV]T
^_P<UNu
SV3Uh&E
d0d f:
E' ^[Y]
@@0PCP[]
USVWUE3Uh".E
d2d"E3
K|2C3E
E@0POt
E@0P-PUY
SEVOUB
yP9NE@
#KU;B0
UY3ZYYd
_^[YY]
vcltest3.dll
RegisterAutomation
C0PK{D
tNCDZwPJt<j@j
sDFHPFDPF@PCD5wPC0P
C0P6K{D
t)CDvP+Jt
C0P<KCDt
C0t+P+Ht;s0t
@_^[SVW3sDt:/
FuV.GDt
-jUdG;
]_^[SVWU3
u.{Dt#sPCGt
$Z]_^[
SVWQ3j
WNHW@D
FOu_^[]
UQSVWM
3Uhv4E
8W,3ZYYd
Tq~D_^[Y]
UQSVWEE
t E@D+
w3Uh]5E
d0d E3ZYYd
t3ZYYd
E@0P6F
EE;Et`E(
EPEP5F
EPE@0PzBj
E@0P"D3WmEklEEt
d1d!SWVE@0PBE3ZYYd
E;Et8j
E@0PCEymEPBEk
M3Uhk8E
d0d EV
Y3ZYYd
SVWUL$
tFot;<
t7n0FDt
]_^[Uj
SVW3UhH:E
33ZYYd
SVW3Uh:E
33ZYYd
mt,jPW>t
GNu_^[SVWT<
;{HtK{H
YZ_^[USVW3
MME3Uh
d0d E^
UEUUKF
d0d Ef
Ew3ZYYd
>3ZYYd
K|C3j
FKu_^[
=PjC0P
E3Uh9>E
d0d Ef=
@@0PO;
@@0P{<
UQSVWEEx0
P#gPu:u
GNuU3&Y_^[Y]
FLT)W~L
SVWUT$
;^`u0T$
FX^`D$
$ ]_^[
dP9^[S
EEPh6P6
d2d"MUE^E
EKE3UhBE
EtwEfx
EE}EE)E3ZYYd
U3UhCE
u3ZYYd
E^[YY]
UpSVW3
]3UhjGE
@`EEEEE
Q@3E3E
P1E+EPE+EPEP4xU
@`pt:tE
QpEPEP
EPEPEP3
)E)ExU
xPd|PhxU
xPl|Pp
_^[]SVWKF
Ht nD;t
YZ]_^[
User32.dll
SetLayeredWindowAttributes
U3UhsIE
63ZYYd
TaskbarCreated
EOleErrorJE
EOleSysError@
EOleException
Apartment
Neutral
SVQTSr
3UhLOE
d0d =-F
EVW\OE
EPEP#t2E<
_^[YY]
t`hHQE
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
U3QQQQQQQQSV3UhRE
d0d 3EE
VSEUEPEUEPEPEUM
%(3ZYYd
SVWMEE
d0d 3E3UhUE
u3ZYYd
u3ZYYd
stYY]USVWMUE]3eE@
EPEPVSj
Ke_^[]
^ryUSV]
E^[]Uj
SVM3UhXE
23ZYYd
eREPQREZYu
1PPPPPE
U3Uhv[E
sK:<WE
U3Uh%\E
TVariantArray
OleServer@
TConnectKind
ckRunningOrNew
ckNewInstance
ckRunningInstance
ckRemote
ckAttachToInterface
OleServer@
TServerEventDispatch@
TOleServer@
TOleServer^E
OleServer
AutoConnecth\E
ConnectKind
RemoteMachineNamet
USVW3E3Uh
3EEHEEx
~5]}+|ZG
COu/]}+|%G
~B]}+|tG
BCOu<]}+|2G
33ZYYd
R0F0@8
R@F8F8Pu
F8F0H8
IuQSV3UhNdE
UC0EEE
EPU 8F
C0Pfqu$
S03ZYYd
WE+e^[]
U3UhdE
U3UhIeE
TCustomAdapter@
TAdapterNotifier@
TFontAdapter@
TPictureAdapter4iE
TOleGraphiciE
TOleGraphic4iE
AxCtrls
SV3UhjE
d0d U=E
E3UhVkE
d0d UEU
EGE?][YY]
SV3UhkE
d0d UE
E3UhlE
_^[USVWE
3Uh[mE
33ZYYd
_^[US3
E3UhdoE
d0d Ex
3Uh7oE
d0d EP
E}m5oE
EUEXE@
E.|3ZYYd
FU3QQQQQE3Uh
d0d Ex
d0d EUR
QUEEPEP
PH3ZYYd
MM3UhYrE
E0EDE(Z^[]
SV3UhrE
_^[UEE@
E3UhsE
d0d E(UR
USVUEEx
E3UhetE
d0d E@
XE3UhuuE
d0d E@
E3UhIuE
d0d E@
C(V(^[
3Uh>wE
jEPWEWYE
VEPW!AV
jEPW3ZYYd
EGu_^[]SQ
SVW<$j
d0d U4F
E3ZYYd
3UhNyE
d0d U4F
DEX3ZYYd
d0d jj
PES( zE
c3ZYYd
S3UhozE
d0d U4F
#E73ZYYd
S3UhzE
d0d U4F
E3ZYYd
tTh\{E
olepro32.dll
OleCreatePropertyFrame
OleCreateFontIndirect
OleCreatePictureIndirect
OleLoadPicture
EE3Uh[|E
E:X^[Y]
U3Uh|E
P3ZYYd
TEventDispatch
TOleControl E
TOleControlE
OleCtrls
d2d"UJ
SV3UhE
d0d EUEE
U-3ZYYd
EE^[YY]
3_^[]$
UQSVWt
_^[SV%
SVWE3Uh$E
d0d E
d0d 3UhE
d0d EPE
*3ZYYd
U3QQQQQE3UhE
d0d E@
tyEPhE
P`ZY3ZYYd
FUSVW3
d0d EQ
t93UhE
d0d E&Pj
!p3ZYYd
_^[YY]S
USVW3Uh
e3ZYYd
_^[]SV
i_^[Y]
ControlData
CLGNuCL3CL_^[
@9u11-Py0
d0d bf
EPVh-F
UV3ZYYd
kA_^[]Uj
SVW3Uh
U3ZYYd
Ei_^[]SVW
_^[SVQ
]^[UdSVW
3E3Uh+E
u3ZYYd
K u_^[]
USVWMEE
d0d SVu^
UEU^[3ZYYd
GKu]_^[
EEt3UhE
P53UhE
YEx_^[Y]
VMZEPj
SVW3UhFE
d0d ES
Wm_^[YY]
E3UhXE
d0d EPE
E=[_^[YY]
]MUE3UhJE
d0d EH
d0d ED
;Eu4ED
UaMUE_CNu3ZYYd
EKi_^[]USVW
d0d u-F
USVWfE
pE3Uh`E
EPS_^[]
SVW3Uh
d0d EPM
_^[]USVWE
hfEht
UhEUEf3C
ggEt6Nt
NuGWEPMUEf
WEPMUEfs3ZYYd
Ht5S{Y
^[USVWEE
d0d 3UhE
P73UhE
E3ZYYd
2_^[YY]
QDD$@PVj
d0d EHp
UQEEQE
Eu3ZYYd
U3QQQQQE3UhE
d0d E!E
E3ZYYd
D$ TD$
@@PEPh
@@PEPy=
VWKDS@
33oEPE
U3QQQQQQQQSVW] u
8_^[]$
U3QQQQSVW3UhE
d0d 3UhfE
Qd3ZYYd
Rh3ZYYd
@ha3ZYYd
^3ZYYd
33ZYYd
E9N_^[]
M3ZYYd
U3UhPE
d0d -$LF
P3ZYYd
IHTMLElementCollection
MSHTML
IWebBrowser
SHDocVw
IWebBrowserApp
SHDocVw
IWebBrowser2
SHDocVw
CoShellWindowsUj
U3UhUE
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
U3UhiE
TIEDownloadBeginEvent
Sender
TObject
TIEDownloadCompleteEvent
Sender
TObject
TIETitleChangeEvent
Sender
TObject
WideString
TIEBeforeNavigate2Event
Sender
TObject
IDispatch
OleVariant
OleVariant
TargetFrameName
OleVariant
PostData
OleVariant
Headers
OleVariant
Cancel
WordBool
TIENavigateComplete2Event
Sender
TObject
IDispatch
OleVariant
TIEDocumentCompleteEvent
Sender
TObject
IDispatch
OleVariant
TIEOnQuitEvent
Sender
TObject
TIEEventsE
TIEEventsHE
IEEvents
WebObj
ConnectedE
DownloadBeginE
DownloadComplete E
TitleChangehE
BeforeNavigate2DE
NavigateComplete2E
DocumentComplete
OnQuitU
30C<PW|t
USV33Uh6E
K}^[]$
lV~<E
E#3UhE
KC8wPC<PEP
-pPC8P
CLUSC0
E/3ZYYd
UQSVWEExL
t`3UhE
d0d E@4PE@8P
_^[Y]USVWE
P3UhVE
d2d"fxZ
C\SX3ZYYd
d2d"fxb
CdS`3ZYYd
d2d"fxj
ClSh3ZYYd
P3UhAE
d2d"fxr
RU RU$R
CtSp3ZYYd
d2d"fxz
C|Sx3ZYYd
P3Uh/E
d0d 3ZYYd
ESDLError
vaCenter
vaBottom
taLeftJustify
taRightJustify
taCenter
bfSimple
bfStretch
bfTile
bbNone
bbFrame
bbFaces
csSystem
ftNoFigs
ftTime
ftDateTime
ftUserText
ylNone
ylYYYY
doMMDDYY
doDDMMYY
doYYMMDD
dtNone
dtOnePerChart
dtOnePerDay
dtAllTicks
ssFlying
fsNone
fsSimple
fsLowered
fsRaised
fsEmbossed
fsEngraved
tfHHMMSS
tfHHhMM
tfAMPM
dirUpward
dirDownward
dirLeftward
dirRightward
lgUnknown
lgEnglish
lgGerman
lgFrench
lgSpanish
msNormal
msFirstCorner
msRectDraw
msFinished
maNone
maPanHoriz
maPanVert
maRubberBand
maZoom
maZoomWind
maZoomWindPos
maZoomDrag
maDragCrossH
maDragLabel
maRotate
maRotAndZoom
maRotXOnly
maRotZOnly
zsNormal
zsDrawWin
chHoriz
chVert
chBoth
tlsimple
tlUnderline
tlShadow
tlamNone
tlamXOnly
tlamYOnly
tlamBoth
fsBold
fsItalic
fsUnderline
fsStrikeOut
TBytes
SDL_sdlbase
colors
shadowofs
transparent
visible
alignment
attachmode
caption
/custtextlbl
U3UhAE
numcols
numrows
/strarray
numentries
/assocarray
3UQSVWEE
ED8GNu3ZYYd
lBw_^[Y]U3UhE
e3ZYYd
ESDLCpuIdError
Floating Point Unit
V86 Mode Extensions
Debug Extensions - I/O breakpoints supported
Page Size Extensions (4 MB pages supported)
Time Stamp Counter and RDTSC instruction are available
Model Specific Registers
Physical Address Extensions (36-bit address, 2MB pages)
Machine Check Exception supported
Compare Exchange Eight Byte instruction available
Local APIC present (multiprocessor operation support)
Fast system calls (AMD only)
Fast system calls
Memory Type Range Registers
Page Global Enable
Machine Check Architecture
Conditional MOVe instructions
Page Attribute Table
36 bit Page Size Extensions
Processor Serial Number
Cache Flush
reserved
Debug Trace Store
ACPI support
MultiMedia Extensions
FXSAVE and FXRSTOR instructions
SSE instructions
SSE2 (WNI) instructions
self snoop
Automatic clock control
IA64 instructions
3DNow! instructions available
Uz3ZYYd
xCq_^[]
IuSVW3Uh
zE+zPEz|ZE
zPEY|Z}
EYyEyPE{Zbuh(E
+|3ZYYd
vo_^[]
U3QQQQSV
d0d (vE
EwUx3ZYYd
o3O|;}#;v
n3#=NF
Cannot acquire CPU information (CPUID not supported)
CPUID: execution level not supported
UUU3Uh(E
t`sUEyUvUEdUnvUEOUYv
s3ZYYd
Unknown
UU3UhtE
d0d rM
tmE3RP
mt>E3RPU
uE3RPU
r3ZYYd
)r?k[]USV3
d0d qM
tVUEbUltUEMUWtUE8UBtUE#U-t
\q3ZYYd
fq|j^[]U3QQQQS3UhSE
p3ZYYd
Jp`i[]
unknown
z3ZYYd
copy_timer
kill_timer
reg_timer
int_timer
Label1
Label2
Label3
FormCreate
copy_timerTimer
MessageReceiver
kill_timerTimer
reg_timerTimer
DLIEEDocumentComplete
UPIEEDocumentComplete
RGIEEDocumentComplete
int_timerTimer
Button1Click
TForm1
TForm1
IuSVWUEE$q3UhE
d0d E8
PEU]uuuuEP
EMrPEP
PtbEPEU{sUXs
d0d EP
EPEPEPEPEUrEPEP
3ZYYd
w3ZYYd
`d3ZYYd
ebout:blank
iexplore
SVWEE/n3UhXE
d0d Eii3FEU\2=kUE
Ui3ZYYd
Ei[b_^[]
EE|3UhyE
d0d EPEP
PE3E]uuuu
yZuuuu
_3ZYYd
8g1g~?
ifCNu3ZYYd
`_^[YY]
SVWEEWk3UhIE
d0d EfEIi
|.E\0/t"\t
EOhUEMeiNu
Uf3ZYYd
Tfj__^[]
USVWMUE3UhE
d0d E111
^\`_^[]
U3QQQQSVW3UhaE
0t;|EUT
Ue3ZYYd
<eR^_^[]
U3UhUE
d2d"3Uh#E
d2d"URURMUUEuhlE
UEuhlE
UEuhlE
g3ZYYd
d^3ZYYd
Hd^]_^[]
segment
IuQSVWE3Uh
P }EDE
}RP3;T$
Px}3juVEPEPEPEP3
?`jPEP
tm3>XZF
3>3RP8NF
,P?=3ZYYd
=jE_EyEyX_^[]
ABCD!@#$JDLGIWIWAAAAAAAA
On%userprofile%
%COMPUTERNAME%
%ALLUSERSPROFILE%
\Start Menu\Programs\Startup
http://my-page-001.blogspot.com/
http://abcd-0-reg.freehostia.com/REG.HTML
http://my-page-000.blogspot.com/
d0d E E
K|sC]E
+|4BUU4
ECMu3ZYYd
Ep]V_^[]
$#@!DCBA
PHuETSVWUEEaEa3UhE
=UTq=3UhlE
d0d 7F
TB6EPSMTC>6E;Eu
TG>63ZYYd
RV3UhE
>p63ZYYd
aRV3UhE
d0d =>63ZYYd
/RVV3ZYYd
[TE_^[]
`E_3UhE
E\EPE_
IuSVW3UhE
d2d"=ZF
U\EV^Ph,E
0[uh<E
^fA25F
^MA25F
^4A25F
:[23ZYYd
hZE|uUE
xYEh[P~|3ZF
A3ZYYd
UN_^[]
:\autorun.inf
\LSASS.exe
[autorun]
open=RECYCLER\autoplay.exe
shell\open=open
shell\open\Command=RECYCLER\autoplay.exe
shell\open\Default=1
shell\explore=explore
shell\explore\Command=RECYCLER\autoplay.exe
:\RECYCLER
:\RECYCLER\autoplay.exe
USVW3E3Uh;E
d0d ES3Uh
d0d NF
N3ZYYd
E>SxLE_^[YY]SV33
SVW3UhSE
"E>WPj
Ou3ZYYd
E&R`K_^[Y]U3QQQQ3Uh
U3.uhE
QUEVPwj
U3.uhE
UEUVPkw3ZYYd
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "
REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "
:3ZYYd
OH[YY]
\REG.txt
EUb]EUKu3ZYYd
UQSVWE
d0d ;|(
;}3ZYYd
I_^[Y]
USVW3E
$EEz}3Uh
\.3EEE
/'3ZYYd
GM3EEE
8PET3Uh{
8/'3ZYYd
DG3ZYYd
LEE_^[]
\time.txt
`MNUQ"
IuMSVW
d0d 3Uh
E(EPERPE
eEjKE~ePE3
@uuuuE
?uuuuEFePEP
P GfEP
P,9fUE
MeEQPEP
fUESME
e3ZYYd
EdPE3??uuuup
#?|xtplddPEP
P eelP
P,TeUE
edheLh
`cPP3o>\XTP@0
G>LHD@<cPEP
P,xd`E
c8&PPEP
P(;d8EK5ZF
NLEZ$M#uhT
K,(&"K
C3(jbP
P(bEIUE
N(!E?GFK
UIKPhl
+J`KPht
!3ZYYd
A3ZYYd
[a3ZYYd
<@3ZYYd
E8L<_@
+P`_dmLhZElk_p
OEM_E1LE!EE5_E
DE^E^E^=_^[]
_version
_block
_file_name
_file_data
-s -s1
IuMSVW3Uh
E.}3Uh
EEPE~JPE@LP
UUXQGt
EJ]PE@LP
PHH^UE
E\PE37uuuuE
k7uuuuEP
\EyIPEP
P(]UEDEW;
d0d 5F
A8h<3Uh
d0d 5F
87<3ZYYd
@73Uh4
d0d E@LP
z\3ZYYd
7;;3ZYYd
E AE HE
@E@EZEZEZEZ9u_^[]
\time.txt
newversion
IuQMSVW3UhR
d0d 3Uh
FPE@LP
YPE@LP
AyFPEP
P$<Y!XP32
P$XgWP31gy
2|tVPEP
P`W3ZYYd
pVP`3-1lhd`P
1\XTPLFVPEP
P GWLP
P,6WpE
GVHBPEP
>Djt#@
?1f53Uh
d0d E@LP
U3ZYYd
1053ZYYd
:HXALaTP
Dp@Tt5T|
s9EcSE?9ESSEKSECSa2_^[]
\REG.txt
`73ZYYd
d0d 3ZYYd
Runtime error at 00000000
0123456789ABCDEF
MS Sans Serif
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
oleaut32.dll
GetErrorInfo
GetActiveObject
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
ShellExecuteA
0(0<0T0h0|00000000
1$1(1,1014181<1@1L1Y1l111111
2 2<2D2H2L2P2T2X2\2`2d2~22222222222222222
3&3.363>3F3N3V3^3f3n3v3~33333333333333
4"4*424:4B4J4S4t4|4443666?7R77
8M8888;9:::::
;;5;;;I;\;f;l;z;;;;;;;;;;;;
<"<,<8<C<T<Z<b<l<<<<<<<
=F=\====
? ?S?Y?r?{????????
00800000R1X1h1q11111
2B2l22222222222
3,323:3d3j3|33333333
4:4B4H4N4444444E5P5Y5_5o5x55555555
88888;;;
<'<u<====>>>&?8?????
r00012<2M2V20474H4T4445
66L8T8`89z:::: ;;;
< <8<I<U<>>>
?!?7?N?c??
444L4Z4n4444444+5X5a555555Q6666
7'7Y7`777
888A8W8^888+:S:Z:r:::::
;g;z;;;;;;;;;;;t<|<<<<<<
=!=/=J=_=i=n======2>;>a>n>??
5%5?555G7Q7\7l7s777
8/8M8V8b8i89;f<<
=3=Z==%>G>S>Z>d>n>>>>>>>>>>>>>>
?2?G?X?b?j?r?z??????
0!020>0C0H0O0V0`0w000000
1 11111111
2&2.262>2F2N2V2^2f2n2v2~22222222222222222
3&3.363>3F3N3V3^3f3n3v3~33333333333333333
4&4.464>4F4N4V4^4f4n4v4~44444444444444444
5&5.565>5F5N5V5^5f5n5v5~55555555555555555
6&6.666>6F6N6V6^6f6n6v6~66666666666666666
7&7.767>7F7N7V7^7f7n7v7~77777777777777777
8&8.868>8F8N8V8^8f8n8v8~88888888888888888
9&9.969>9F9N9V9^9f9n9v9~99999999999999999
:&:.:6:>:F:N:V:^:f:n:v:~:::::::::::::::::
;&;.;6;>;F;N;V;^;f;n;v;~;;;B<
='=3==
>">/>;>H>Z>`>h>p>x>>>>>>>>>>>>>>>>>
? ?(?0?8?@?H?P?X?`?h?p?x?????????????????
0 0(00080@0H0P0X0`0h0p0x00000000000000000
1 1(10181@1O1[1h1z111111111111111
2 2$2(2,202D2d2l2p2t2x2|22222222222222222
3 3$3(3,3034383<3@3P3p3x3|3333333333333333333
4(4044484<4@4D4H4L4P4`444444444444444444444
545<5@5D5H5L5P5T5X5\5l555555555555555555
6<6D6H6L6P6T6X6\6`6d6t6666666666666666
7(7H7P7T7X7\7`7d7h7l7p7777777777777
8 8$8(8@8`8h8l8p8t8x8|8888888888888888
9 9$9(9,9094989<9L9l9t9x9|999999999999999999
:(:0:4:8:<:@:D:H:L:P:d:::::::::::::::::::
;8;@;D;H;L;P;T;X;\;`;x;;;;;;;;;;;
<l<p<t<x<|<<<<<<<<<<<<<<<<@=`=========
3%303=3B3L3\3g3t3y3
4!484D4444
;';2;<<<<<<<<<<<<<<<<<<==z>
E0q0y00000%1@1D1H1L1P12334y5536u77777W88s9
;{<b===
000000000000000
2m22222-3B3W394M444
535D5\5555
6;6O6`6p6666#7788999D:::::5;:;H;k;;K<g<<<<<<3=K=]=u===
>.>>>>
??6?H?
2K2P2j2222
3+3G3f3x33333
4"4]4}44
5D5]5j55555
7 7J7[7d7
8#8m888829a99*:::::
;%;8;P;o;w;;;;
<<3<<<.=`=z==E>W>>>>
???t?????????
0!0'0.04090?0D0J0Q0W0b0j0s0
000000000000
1%10151R1Z1b1111
292z22222T3s333D444
5-5S5g55
8%818J8T8^8p888888888888+9I9f9x999
:,:5:P:c:v:
::::::
;#;7;E;Y;w;;;;;;
<"<7<?<\<i<*=@=x=
======
>*>5>;>C>H>
022*3n3
33333333333
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4444444444444444444444444444
5 5$5,50585<5D5H5P5T5\5`5h5l5t5x55555555555555555555555
6 6(6,64686@6D6L6P6X6\6d6h6p6t6|666666666666666
7'7-777=7G7R7\7g7q7|7777777777777
838?8G8Q8\8d8i888888*9`9m9999
:8:E:n::::
;L;;;;
="=*=a=o=t=
==================
>>$>/>5>:>E>K>P>[>a>f>q>w>|>>>>>>>>>>>>>>>>>>
?!?'?,?7?=?B?M?
o0{000000000
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|11111111111
2(2H2P2T2X2\2`2d2h2l2p2222222222222
3 3$3(3,3034383T3t3|3333333333333333333
4<4D4H4L4P4T4X4\4`4d4444444444444
5 5$5(5,50545P5p5x5|555555555555555555
6<6D6H6L6P6T6X6\6`6d666666+7:7Q7y77777
8*8A8i8w8888Q9`99999999
:(:?:N:b:q:::::U;z;;;;;
11@2Y2s2222
343Y3333
444444
5!5%5)5-5155595=5A5M56
7f7777
888888888888888888888888
99::::::::::::::::
===3>:>P>T>X>\>`>d>h>u>>'?.?E?I?M?Q?U?Y?c??
0"0&0*0.02060:0G000
1111U2222D3c3g3k3o3s3w3{3
3333333333333333P45555555555555555555555B677
8\8888F9J9N9R9V9Z9^9b9f9j9n9r9v9z9~99999999999
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;;;;;<<
=\====P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>
-0105090=0A0E0I0M0Q0U0Y0]0a0e0i0m0q0u0y0}000111111111111
2"2&2622\33
5$55555555555555555555555
6o7s7w7{7
7777777777777777778
:Z:s::
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;t;;;
<%<A<\<|<
=!=%=)=-=1=5=9===A=E=I=M=Q=U=Y=]=a=e=p===
>><>[>>
?C?^?t??
0#0<00000
1\111111111111
2!2%2)2-212C2[2q4u4y4}44444444444444444446
717l77777(8S8888
9"9&9*9.92969:9>9B9F9J9N9R9V9Z9l99;;;;;;;;;;;;;;;;;;;;;;=I>b>>>A???
90G0?3f3333
4A5,7K7c7{77
8&888888
999R:_:z::::y;;;;;;
<?<N<[<f<y<<<<<
='=3===C=M=X=b=l=~==================
>(>8>@>H>P>X>`>h>p>x>>>>>>>>>>>>>>>>>
?'?3?@?R?
0n222333
4N4444444
5'5+5/53575;5566
7)7:7@7Y7d7r7777777
848D8h888888
9,9P9f9999999
:&:.:6:>:F:N:V:^:f:
:::::::
;l;};;;;;
<,<D<i<p<<<<<<<<<<<<<<<<
=,=L=T=X=\=`=d=h=l=p=t=============
> >$>(>8>X>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>
? ?$?(?,?0?D?d?l?p?t?x?|?????????????????
0 0$0(0,0004080<0@0P0p0x0|0000000000000000000
1,14181<1@1D1H1L1P1T1h11111111111111111
2 2,2L2T2X2\2`2d2h2l2p2t2222222222222222
3 3$3(3,363:3L3]3a33333333333333
4 4.4L4g4k4|444444444444444
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|66666666666666666666666
7$7(7,7074787<7@7D7H7L7P7T7X7\7`7l7777777777777777777
8 8$8(8,8084888<8@8D8H8X8x88888888888888888888
9 9$9(9,9094989<9P9p9x9|999999999999999::::::::::::::::::
; ;$;(;,;0;4;8;<;@;D;H;L;P;d;;;;;;;;;;;;;;;;;;;
<$<0<D<L<P<T<X<\<`<d<h<l<p<t<x<|<<<<<<<<<<<<<<<<<<<
=1===========
>$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>>>>>>>>>>>>>>>>>>>
?;?\?|??????????????????????
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0t000000`111111111111111111111
3!303d4444;6R6Y6
77777k9
:(:9:D:W:::::P;];;;;;
<#<D<Q<^<s<x<<<<<<
='=4=A=S=X=s==========
>!>,>9>K>P>h>>>>>>>>>>>
*040>0G0W0f0p0000000
1(1G1w11^2l222
3%3?3o333244444A558666k777*8g8888>9E9W:
;/;s;z;;;1<L<<p==H>^>>>>
0k00 1F1o11152R2222
4g4415555*6@6666677T777
8?8g8y8888S9z999
:;:p::Q;;;<q<<<<=
>>>???
152<2222`3g33333z44
5#5C566
7f9z999g::::n;u;;
< <$<(<,<0<4<8<<<@<D<R<Z<p<<<<<<<<<<<<==
>b>>V?c?n?}?????
H0z000000
1 111111
2,2=2[2b2u3334444)5E555
8>8o88
99t::S;;~<6=z===#>E>>
?/?j?}??
0o0U11111111132A2O2]2z33354v4}44444
553676Z6^66
7A7v77
8-8q888888888888
9 9:$;;;;
>">>>>>
000~111222222222
33#3'3+3/3337324X4|44
5T55556
7$747A7777
8B8_888888
9"9&9*9.92969:9>9B9F9J9w:~::c<<<<<<<<
=B=^=e=====
>Z>_>>>>>?
C001;1g2m2}222233Z4a4447X::+;;
<~==B>>>
?!?g??????
0$0)02080M0[0a0l000000
141N1X1b1l1{1111111111
22,2<2D2L2T2\2d2l2t2|22222222222222222
3$3,343<3D3L3T3\3d3l3t3|33333333333333333
4$4,444<4D4L4T4\4d4l4t4|44444444444444
545<5@5D5H5L5P5T5X5\5p5555555555555
6,6H6a66666
7/777P8`8l8p8x8|8888888888888888
9$90949@9D9L9P9T9X9\9`9d9h9l9p9t9x999999999999
::#:':>:B:F:^:b:f:}::::::::::::::::::
;;#;';?;G;^;b;f;~;;;;;;;;;;;;;;;;;;
<!<%<)<A<E<I<d<t<<<<<<<<<<<<<<<<<<<<<<
=5===T=\==========
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>
?.?<?@?H?L?X?\?d?h?l?p?t?x?|???????????????
0 0$0(0,0004080<0@0D0H0\0q0u00000000000000
1 1$1(1,10141H1X1h1p1t1x1|1111111111111111111111111111111
2(2H2P2T2X2\2`2d2h2l2p2t222222222222222222222222
3 3$3(3,3034383<3@3L3Y3]3p333333333333333333
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x444444444444444
7U777718n888888
9==???
1'1?1P1111
2`2~22
3&3333555
6'6?6P6m6666
7^7k7777k8p8888
9&9C99999N:[:::x;;;;;;;;"<<<'===
>)>K>>>0?=?e?j????
#0Y0000000q111H22
3"3<3T3e3q3}333333J4h44
5A55D666
7J7789::
;#;;;R;<
T00C1h111b33I4455q66m7}777
8"8T8f8888
9H9a9i9t999999999999999
:":/:=:F:S:a:j:w:::::;;~;;;
<i<<<<<<<<<<<<<
=+=<===
>(>2>7>I?a?y??
00N111222:3C3Q3
6U6{677
:";;c<<M=O>>>>>
20"112
333?4_44P5`5p5x5|555555555555555555
6:6U6{66666677
8>8887:]:;
<'>\>j>>?
p00001|2I3z333i4{444
5w55?66777R8899x;;
>7>D>p>u>%?3??
00;1V1t11:2w22
<<+==O>>>>L?\?
1$131Q1111111111
2 2$2(2,20242822\333444
535?5J5T5^5m5w555555555555
6.6:6F6W6g6q6|6666666666666666
77,7>7D7d7l7p7t7x7|7777777777777777777777
848<8@8D8H8L8P8T8X8\8`8d8h8.999999
:&:.:B:J:R:Z:b:j:r:z::::::::::::
;%;2;:;@;L;R;k;;;;;;;;
<n<v<|<<<<<
="========1>9>?>K>S>>>>
??'?c?n???????
70B0b0000000
11111111111
2#2'2?2K2X2j2
22222222
333X3q33333
4,44484<4@4D4H4L4P4T4p4|444444444444g5k5o5s5w5{5
55555555555555
6 6$6(666>6T6\6d6l6666666
7$707777
8&8Y8n8888899
;I;;;;;U<<<
=(>l>>>>>?(?????
0#0,0z000H1g2s2{22222222222
3)3B3]3j333333333333333
4'40454:4H4Q4V4[4i4r4w4|444444444444
6$666D6d6l6p6t6x6|66666666666666666666777777
8!8-8:8A8H8O8V8]8d8k8r8y88888888888888888888
9!9(9/969=9D9K9R9Y9`9g9n9u9|99999999999
: :%:2:7:D:I:V:[:h:m:z:
:::::::::::::::
;!;.;3;@;E;R;W;d;i;v;{;;;;;;;;;;;;;;;
<*</<<<A<N<S<`<e<r<w<<<<<<<<<<<<<<<
=&=+=8=L=Q=
1!1;1G1O1]1e1w11111111111
2#2/2<2N2[2g2t2222222222
3.3;3G3T3f3s3
33333333333333333333
4 4$4(4,4<4@4D4H4L4`4s4w4444415555
666666
7)7(82878A8H8h8}88888888888
9$9(90949<9@9H9L9T9X9`9d9l9p9
99999999999
:$:0:4:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:::::::::::::
;P;;;1<p<
=$=,=4=<=D=L=T=\=d=l=t=|=================
>$>,>4><>D>L>T>\>d>l>x>|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|??????????????????????????????
0'0:0B0L0W0\0o0{00000000000
1;1G1T1f1q111111111111111111111
2+2>2F2P2k2w222222222#3/363A3S3f333333333333
4*474C4P4b4h444444444444444
5!5o5{555555555555
6 6$6(6,6064686
8$8)8882999":E:::
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;;;;;;;;;;;;;>d????????
040D0P0T0\0`0d0h0l0p0t0x0|000000000000000000000000000000000
1$1(1,1014181<1P1b1f1x111111111111111111111111111
2 2$2(2,2024282<2@2D2H2L2P2T2`2l2p222222222
3-3135393O3W3[3o3w3333
4"4*4I4Q4U4h4444444
5)515Q5Y5]5t5x5|55555555
6"6K6p6666
7(7N7r7777,8h8{88
:::;<<==[>g>t>>>>>>>>>>>>>>>>>>>>>>>>
? ?$?(?8?I?M?^?f??????
000000000000000000
1(1,141H1P1T1X1\1`1d1h1l1p1~11111
2C22222
363B3L3\3u33354o4~444255555
6#676r662777777O88E999/:W:::M;;;"<G<S<Z<e<o<y<<<<<<<<<<<
=,=A=====================
>,>L>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?|??????????????????????
0,04080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0000000000000
1 1$1(1,1014181<1@1D1H1L1P1T1l1|11111111111111111111
2,24282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|22222222222222222222222
3(3@3d3}33333
4<4K4P4p44444444444444444444
535;5V5^5z555
6i6m6q6u6|6666666
7s7w7{7
777777777,808488888888888o9s9w9{9
999999998:<:@:::::);-;1;5;<;;;;;;;><B<F<N<T<<<<<
=$=0=4=@=D=L=P=T=X=\=`=d=h=l=p=t=x=|================================
>>>>>>>>>>>>>>>>>>>>>>
?"?&?*?.?2?6?:?>?B?F?J?N?R?V?Z?^?b?f?j?n?r?v?z?~??????????????????????????
0&0.0D0L0d0l000000000
141T1\1`1d1h1l1p1t1x1|11111111111111111111111111111111
2$2@2R2t222222222222222222222222222222
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|33333v4z4~444444444444444444444444444444444
5"5&5*5.52565:5>5B5F5J5N5R5V5Z5^5b5f5j5n5r5v5z5~555555555555555555555555555555555
6(696=6P6`6l6p6x6|666666666666666666666666666666666
7 7$7(707D7Y7]7p777777777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|88888888888888
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9999999999999999999999999999999
: :1:5:H:h:p:t:x:|::::::<;@;D;H;L;P;T;X;\;`;d;h;l;p;;;;;;;;;;;;;;;;;;;;;;
<8<@<D<H<L<P<T<X<\<`<<<<<<<
=V======????
D0M0W0g0s000000000000000002
3M3z3333
4*4L4p4445H6)88899?9M9^999
:$:.:D:::
;E;O;Y;b;u;;;
<#<,<<<<<<
=O=Y=========
>(>7>E>Q>W>i>u>}>>>>>>>>
?'???P?\?i?~???????
0!0A0K0U0z0
0000000000R1b1o1x1~111111111111
2%2H2V2p2222233333333&424D4O4T4\4g4p4|4444444444
5;5m5z555555555555
6#6(646:6B6S6^6i6~666666666666677
8M8t88888
9C9H999
<8<<<<
=6=l===>>
???????
,0t0?1V22234
7}77)9M9\99
:H:Q:\::;;;;'<{<<<a=h=>>
2*4w4444
5(5@5G5^5g5q555595::::<<.=
22n3w33'55`6666888i9t9:z;
<X=f= >e>t???
4=4o455/6b6
666666666y7
9A99999999
;;6<?<;===*>>>/????
1v11y22475S555506B6x666U78
9I9R9`999:::<<^=h====
/171J1
88;;R<<<<
=~======
>B>h>s>>>>
y011/2c2253336o7M8a8x999999:
488!:1::;;
=== >&>?
000c1134444
8/8T88
9-9n9999@::A;y;;q<<<<<
142R2~223
:_::h==<>t>>>0?c???
D0=3|44V5f526O688H8i8859T9q9;;
<3<D<\<<=
z0000o1112>33367
='=1=;=E===>>>>
?&?0?6?B?G?R?W?\?g?l?q?|????????????????????
0.1?1S111111111
2&20292E2N2Z2c2o2t2
22222222
3$3D3Q3[3l3q333333333333333
4#4444444444
55)535>5C5N5S5^5c5u555555555555555555555555555
6"64686<6@6X6n6r66666666666666666666
7 7$7(767:7>7B7X7o7s7777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8x8888888888888888888888
9 9$9(9,9094989<9J9R9Z9h9l999999999999999999
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h::;
<Z<<<<=Q>>W???
0 040H0\0p0001S222:3p332444Q55
6'7777777
84888@8D8H8L8P8T8X8\8`8h8x8888888888888888888888
9 9(9@9V9Z9p:}::::
=A=P=z=====
>6>>>>>?
3/3L33R4
515@5W5666
767S77
8W8g88888@9U:::::
;8;H;;;(<E<g<n<
=%=/=5=@=P=[=f=v========>>>>>
?$?(?,?0?4?8?<?@?D?T?m??????
G0K0S0X00000.12161:1@1`111111111111111
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t22222222222222222222222222
3&3.3F3J3N3R3V3Z3^3l3{3
33333333
4$4(4,4E4M4e4m4q44444444444
5:5F5`5l5
55555555555
6/6T666666666666666666
7 7$7(7,707>7N7R7V7`7k7o7}777777777777777777
8 8$848C8G8U8Y8]8{8
888888888
939;9\99999
:h:}:::::::::::::::::::::::::
; ;0;4;B;f;j;n;;;;;;;;;
<%<-<F<n<v<<<<<
=(=H=P=T=X=\=`=d=h=l=p=t=x=|=================r>%?????
0n000001111192j2{23
9(99999999
:f:x:::::d;;;;
>$>i>>>I?
#00N113346758w99b::<
3,363I3S344455I6#7d77!8E82999?::;;i<<<+===->
34393A3F3[3`3h333
4I4o4|44444V5:6x66777#8X88Y:b::::::;;<<===>U???
0<0A0g0l00222
3{33"44W57
8)8=8I899
:K:z;;:<P<\<k<<<<
=(=^===
>>>Z???
0>00000111$2.282U2
3+33334X4\4`4d4h4l4p4t4x4|44444444444444444444444444444
5 5+555G5Z5b5l5v55555555555555
6@6P6`6h6l6p6t6x6|6666666666666
7&7>7_7g777777777
8(808L8o8w8888888
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|99999999999999999999999999999999
:8:R:V:d:l:::::
;/;P;^;;;;; <3<8<P<<<(=B=p======7>;>@>x>|>>>>>>>>>>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?????????????????????????????????
0"0*0200000000000000000000
1"1&1*1.12161:1>1B1F1J1N1R1V1Z1^1b1f1j1n1r1v1z1~11111111111111111
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|222222222222222222222222222222222
3$3/333A3I3b3j3n33333333
4#4'4@4c4o44444444444
5"5&5A5E5I5M5g5o5s5555555
6(606Q6]6z666666
7*72767I7Q7U7m7u7y777777777
8%8)8<8e8m8q88888888
9&929K9O9S9W9l99999999
:#:+:/:C:K:O:i:q:u::::::::
;);D;r;;;;;;;
<.<S<x<<<<<<
=/=P=\=t========
>+>R>}>>>>>>
?1?W?|???????????????????????????
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0000000000000000000000000
1+1/131T1t1|111111111111111111111111
2 2$222D2Q2U2d2{22222222222222222222222222
3"3*323H3Z3^3m3u33333
4/494`4i4q4x444444444E5L5w555555555555506O6e6666"7^777&8O8z888W99
:^:g:;%<
C0I0;1Y1
11=2N2
33`4n44
6G77c::::;
<3<<<<<<
=D=V=m====U>>>>>>>
30B0000
111:2S22273e3333
5i555555556T79d::
;-;D;(<<<====
>D>>>>>>?K?h??
1L2Y3333P5f5555
6 6668888881:W::;
<=<H<c<<<<<
====P======
>(>:>W>j>>>>>>>j???????
00u000D1k1
2"2:2222
3#3Z333444
555555
6&656H6h6w666677
8L9\9n999
;B;g;D<[<<
0f0t0011~222
5&58577777(8Q88888Z9u999<:X:t::
;5;h;;;;;;<<D=O=i====>>8???
0#0A0000
131;1C1R1]1l1v11111S2p2u22222222
333314457728A8^889B:
>&>+>4>L>[>j>y>>>>>>>
? ?0???
0+070C0O0[00,1D1k1~111122A3g333344444455
728888
9-;=;};;;<<<<<<<
=G=Y=c=z===========
>">+>6>C>
? ?,?5?@?R??????
1^1{11
2!2.232<2B2Q2V2[2m2|22222
3]3|33
4$4D4p4455
6)6P6]6d666{7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8L;m;Z<<==??
11"4-4V44444A5555j6
:;:h:::
<V<g<<<
=2=T==
>,>e>m>{>>>>e?
111222I33
4445G7`777
888888
9'939;9I9Q9\9n9~999999999999
: :@:H:L:P:T:X:\:`:d:h:x:::::::::::::::
<7<q<<
=O==$>1>=>F>M>w>
?,?B????
,0E00000000
1%1*1511~2222
3!3s5555+6266&7-7X7_7768K8^88
99999999999
:::::::::::::
;!;+;4;=;G;T;_;q;;;;;;;;;;;;;;;;;;
< <2<8<O<W<h<<*=.=2=6=:=>=B=Z=v=============
>+>8><>D>H>X>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>>>>>>>>>>
?4?8?<?Z??
333,4444
5+575D5V5\5h5|55555555555555
6"6:6H6L6h6p6t6x6|666666
77#7;7W7d7h7777777777777$8(8,8084888<8@8D8\8x888888888888888888
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|999999999999
:=:m::::
;A;s;;;V<x<<<====.>>>>#?G????
000C11
2*2<2222G3W3n333
4X4p4444
5<5h555
6f6178888
9'9A9c9w9999
:::H:b:::::::::::
;);.;3;>;;;;;
<!<8<N<s<
<<<<<<<<<8=<=@=D=H=L=P=h==============
r1v1z1~111111111111111111111111111111111
2"2&2*2.22262:2>2B2F2J2N2R2V2Z2^2b2f2j2n2r2v222222
363R3`3d3l3p3|33333333333333333333333333333333
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|444444444444444444
5-515P5u5555677748_8l88'919:::;;;
>B>b>>>>)?\??
50<00"1P1i1r1111
4/484_4h444%5,5R5Y55177'88
::4;;;K<<<
===l=y=====3>R>>
?0?M?Q?U?Y?]?a?e?i?m???
k0t0}00 2.2[22222384^444
5h55558P88
989=9T9Y99
=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=c>l>>>>!?U????
0F0o0s000000
1$1)13191K1\1x1111111
2<2N2p22222222222222
373C3P3b3j3x33333333333333
4*4/4<4A4N4S4`4e4r4w44444445
676K6W6d6v66666666
7 7]7a7h7!8%8)8-8185898=8D88888888
9+99999999999
:$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|::::::::::
;=;h;;;;
<<&?i??
0n00.1r111^222M3{333333333
4 4$4(4,4t;;<<<<<<<<<<<
= =+=5=@=J=U=_=j=t=
=============
>'>1><>F>Q>[>f>p>{>>>>>>>>>>#?/?<?N?
0(0^0g0000000000
1 1$1(1,15
6`667777?88
91969Y9^999999:::
;L;l;;;;;b<<%=T=/>A>w>>>>>>>>>>>>>>>>>>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?????????????????????????????????
0000000
171S1h1}1111111
2T2e2r2222
3w3A44F555#6>6G6b666
7"777v77778n888O999999,:C:::::D;;<<<<
=;=E=Z=_=z=============
>">'>1>6>@>E>P>W>c>>>
_0m00e111
2z222133
44,494F4R4[4h4t444444444444
5'545|55555555
6#676<6P6U6i6n66666666
7#7>7K7c7i7y777777777
8 8&8-878D8_8l88888888::::.;;;;
<F<m<<<<<<
>'>4>:>P>_>k>z>>>>>
L0z0000000000
1(1=1C1X1c111111J2R2`2n2213r333
4W4g4465F5y5~555j666e777777+8f88819d9w9:::c;};;;;;+<N<T<a<n<y<<<<<
=L=m=Y>g>u>"?G???
11"2x2222222
3Y3b3333
4;4g444
6'6K6W6b6l6v66666666666666
7!727?7R7d7h7l7p7t7x7|777777777777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|888888888888888888888888888888888
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|999999999999999999999999
D0H0L011111111111111
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p222222222222
3$3,343<3D3L3T33333333333333333333333
4X4x44444444444
5 5(50585@5H5P5X5`5h5p5x55555555555555555
6 6(60686@6H6P6X6`6h6p6x666666666666677777777777777777777777777t9x9|9999999999999999999999999999999
: :$:(:,:0:L:\:d:l:t:|:::::::::::::::::
;;<|======
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|??????????????????????????????
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4444444444444444444444444444
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555555555555555555555
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|666666666666666666666666666666666
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|777777777777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|888888888888888888888888888888888
333333333333333333
3333333333?333333
33333333?33
3383?3
338833
338338
33338333
3333833?3
3333333833
333338333
3333383333
333333333
33383883
333333
333388
3333339
333833
33333333333333383
333333333333333333
334C3333333833333
33B$333333383333
34""C333338333333
3B""$33333338333
4"*""C3338?33333
2""C33383333
:*"*"$33383?3833
4"""C33833333
B""*"$3333?383
"*:"$"C388833
3"J"$33338
:33:"$"C833883
3333"J"C333333
3333:"$#3333883
33333"J33333333
33333:"$33333388
333333$33333338
333333:"33333338
3333333333333333
333333333333333333
3333333333?333333
33333333?33
3383?3
338833
338338
33338333
3333833?3
3333333833
333338333
3333383333
333333333
33383883
333333
333388
3333339
333833
33333333333333383
333333333333333333
333338?
3333x38?
333338?
3333x38?
333338?
3333x38?
333338?
3333x38?
333338?
3333x38?
33DDDDD3333?
333333333333?
333333?3?
3333333?
3333333?
3333f3333333?3333
3336Dc33333383333
333>fC3333338333
3333c333333333
33333333333383333
3333Dc33333333333
3336fC3333338333
333>fC3333338333
333>fd3333338333
3333fC333333333
3333>fd333338833
334C3fC333?3333
33fd3>fC333883
33fDFfC33883
33>ffffc3388383
333fff333333833
33333333833
3333333333338333
4DF334DC333333
3333*C33333?3
32c33*C333338?3
32C36c333?333
33F3b33338?3833
33jF*F333383?33
332"$c333333333
333j"dc33338333
3DDfCjC338?8?3
3jFCjC338??8?3
33j$D*C33383??3
333*333333333
3332*C33333833?33
3333"3333333333
3334JC33333338?333
3336C3333333?333
3336C3333333?333
3333fc33333338333
333333333333?333
33333333?3
333333
3383838
3333?8
338333
3333?8
333333
333333333333
333333333333333333
333333333333333333
33333333333333333
334C3333333833333
33B$333333383333
34""C333338333333
3B""$33333338333
4"*""C333883333
2""C33383333
:*3:"$333838833
333"C33333333
3333:"$333333883
33333"C33333333
33333:"$33333388
333333"C3333333
333333:"C3333338
3333333#3333333
3333333:3333333383
333333333333333333
333DDD33333??33
2C4"""D33883333
2$B""""C38?33
2""*"$3838
2""33"C8?333
2""333:"C883338
2""#33:DC8338
:33333833333
333333333333333
333333DDD3333
:DC33:""$833838
:"C333"$833338
3$334B"$3838
3"DDB""$3338
3:"""""$38333
33"""3333
333333333333
333333333333333333
333333333333333333
33333333333333333
334C3333333833333
33B$333333383333
34""C333338333333
3B""$33333338333
4"*""C333883333
2""C33383333
:*3:"$333838833
333"C33333333
3333:"$333333883
33333"C33333333
33333:"$33333388
333333"C3333333
333333:"C3333338
3333333#3333333
3333333:3333333383
333333333333333333
33333333
7Project1
SDL_cpuid
SDL_dstruct
KWindows
System
SysInit
UTypes
SDL_stringl
SysUtils
SysConst
^Classes
"RTLConsts
3Messages
CVariants
$VarUtils
QTypInfo
sActiveX
`SDL_sdlbase
Printers
Consts
WWinSpool
+Graphics
CommCtrl
FlatSB
StdActns
Clipbrd
YStrUtils
*ShellAPI
&Controls
5Themes
nComCtrls
ComStrs
ExtActns
EActnList
vMenus
Contnrs
ImgList
dStdCtrls
Dialogs
ExtCtrls
3CommDlg
(ShlObj
RegStr
?WinInet
UrlMon
ExtDlgs
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
MultiMon
WinHelpViewer
RHelpIntfs
SDL_univconst
kIEEvents
FComObj
qComConst
SHDocVw
OleServer
OleConst
OleCtrls
AxCtrls
StdVCL
TlHelp32
MSHTML
TForm1
Height
Caption
clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
OnCreate
FormCreate
PixelsPerInch
TextHeight
TLabel
Label1
Height
Caption
Label1
clBtnFace
ParentColor
TLabel
Label2
Height
Caption
Label2
clBtnFace
ParentColor
TLabel
Label3
Height
Caption
Label3
clBtnFace
ParentColor
TTimer
copy_timer
Interval
OnTimer
copy_timerTimer
TTimer
kill_timer
Interval
OnTimer
kill_timerTimer
TTimer
reg_timer
Interval
OnTimer
reg_timerTimer
TIEEvents
DocumentComplete
UPIEEDocumentComplete
TIEEvents
DocumentComplete
DLIEEDocumentComplete
TIEEvents
DocumentComplete
RGIEEDocumentComplete
TTimer
int_timer
Interval
OnTimer
int_timerTimer
@@@@@@
@AAAAAAA
@AAAAAAAA
jjjjjj
ebutton
combobox
explorerbar
header
listview
progress
scrollbar
startpanel
status
taskband
taskbar
toolbar
tooltip
trackbar
traynotify
treeview
window
BBBBBB
BBBBBBBB
BBBBBBBBBB
D,D@DTDhD|D
DDDDDD
EEEEEE
BBBBBBB
@@@@@@@@@@
BAAAAAAAAAAA
BBBBBBBB
BBBBBBB
EEEEEEE
EEEEEEEEE
EEEEEEE
EEEEEEE
EEEEEEEE
EEEEEEE
EEEEEEEE
EEEEEEE
EEEEEEEE
EEEEEE
BBABORT
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBRETRY
PREVIEWGLYPH
DLGTEMPLATE
DVCLAL
PACKAGEINFO
TFORM1
MAINICON
??
MS Sans Serif
.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
DCOM not installed
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Inactive Border
Inactive Caption
Inactive Caption Text
Info Background
Info Text
Menu Background
Menu Text
Scroll Bar
3D Dark Shadow
3D Light
Window Background
Window Frame
Window Text
No help keyword specified.
OLE error %.8x
Sky Blue
Medium Gray
Active Border
Active Caption
Application Workspace
Background
Button Face
Button Highlight
Button Shadow
Button Text
Caption Text
Default
Gray Text
Highlight Background
Highlight Text
Maroon
Purple
Silver
Yellow
Fuchsia
Money Green
Shift+
Alt+ Clipboard does not support Icons/Menu '%s' is already being used by another formDocked control must have a name%Error removing control from dock tree
- Dock zone not found
- Dock zone has no control"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
N&o to All
Yes to &All
Metafiles
Enhanced Metafiles
Bitmaps
Warning
Information
Confirm
Cancel
&Abort
&Retry
&Ignore
Sub-menu is not in menu
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active*A control cannot have itself as its parent
Cancel
&Close
&Ignore
&Retry
Cannot drag a form
Out of system resources
Canvas does not allow drawing
Invalid image size
Invalid ImageList
Invalid ImageList Index)Failed to read ImageList data from stream(Failed to write ImageList data to stream$Error creating window device context
Error creating window class+Cannot focus a disabled or invisible window!Control '%s' has no parent window
Cannot hide an MDI Child Form)Cannot change Visible in OnShow or OnHide"Cannot make a visible window modal
Menu index out of range
Menu inserted twice
+Out of memory while expanding memory stream
Error reading %s%s%s: %s
Stream read error
Property is read-only
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Stream write error
Bitmap image is not valid
Icon image is not valid
Metafile is not valid!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not foundA class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid property path
Invalid property value List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
January
February
August
September
October
November
December
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%sA call to an OS function failed
Write$Error creating variant or safe array)Variant or safe array index out of boundsVariant or safe array is lockedInvalid variant type conversion
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value '%d.%d' is not a valid timestampInvalid argument to time encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operation

Process Tree

  • 0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe (1848) "C:\Users\Administrator\AppData\Local\Temp\0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe"
    • LSASS.exe (1640) "C:\Windows\LSASS.exe"
      • reg.exe (2960) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2304) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2124) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2140) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1808) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2224) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1148) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1636) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1600) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2680) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1260) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2116) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2924) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2464) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (744) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1384) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1012) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2852) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2424) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2160) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2540) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1188) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2664) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (696) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1828) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2440) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (364) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2660) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2188) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1504) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (504) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (908) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2720) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1592) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1692) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2584) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2504) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (792) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2452) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • LSASS.exe (2568) "C:\Users\Administrator\LSASS.exe"
      • reg.exe (2460) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (1324) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2844) REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2420) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
      • reg.exe (2712) REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SysUtils /t REG_SZ /d "C:\Windows\LSASS.exe" /f
0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe, PID: 1848, Parent PID: 844

default registry file network process services synchronisation iexplore office pdf

LSASS.exe, PID: 1640, Parent PID: 1848

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2440, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1600, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

LSASS.exe, PID: 2568, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2460, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 364, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 504, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1324, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2540, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2852, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2464, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2420, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2664, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2680, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2960, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2140, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2504, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2160, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1384, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1592, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1828, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1012, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1148, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2712, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2844, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2720, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2188, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2584, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1808, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2660, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1188, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2124, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2116, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2424, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2304, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2924, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1636, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1504, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 744, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1692, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2224, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 1260, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 696, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 2452, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 792, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

reg.exe, PID: 908, Parent PID: 1640

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name a718a6f91d3ee7b7_autoplay.exe
Filepath C:\RECYCLER\autoplay.exe
Size 455.0KB
Processes 1640 (LSASS.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e656bcc97878e5d289c4216fe62947c5
SHA1 17296f92100a0574b5bf2200e99100ff9cc2f7e3
SHA256 a718a6f91d3ee7b7554691634bb62268ff0682ca9da8cd81d8deceed62ebb3c6
CRC32 0B4BB980
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 694a10ca67d7bcf8_lsass.exe
Filepath C:\Users\Administrator\LSASS.exe
Size 455.0KB
Processes 1640 (LSASS.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bfd114651ef5216b6f4be6300a85f472
SHA1 3f4be172eda0137aa2e7de58ed92510a4b6766e3
SHA256 694a10ca67d7bcf8c391206cc5d26d42df871fe672a04cfa5a5097fe5cff8722
CRC32 96DED628
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 88a528786e280bca_LSASS.exe
Filepath C:\Windows\LSASS.exe
Size 455.0KB
Processes 1848 (0d10cfa87fe246d5d26cf5c4919983adcb73eda912c66e6b47a9a2349e4add1e.exe) 1640 (LSASS.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ba5011541b10b386a6a95dfc3b0cc5dd
SHA1 369731fa110379aa804abff48dcdd9cf481928cd
SHA256 88a528786e280bcaedc043b767387b688c2ad65746f10b9dacd549a5377adc7a
CRC32 D933571F
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 220517d50470c86d_autorun.inf
Filepath C:\autorun.inf
Size 190.0B
Processes 1640 (LSASS.exe)
Type Microsoft Windows Autorun file
MD5 b1445c7f646c6ca9a7597791af38d575
SHA1 91efaf63fa1f7a51ee2f9b1c3b0f8932f15439ce
SHA256 220517d50470c86d94020cebcd03af286898e65338f468dc5f860dc04af2c88e
CRC32 1AEB2F17
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.