date/time         : 2017-05-22, 18:51:32, 767ms
computer name     : WUHAN-PC
user name         : wuhan <admin>
registered owner  : Microsoft / Microsoft
operating system  : Windows NT New x64 Service Pack 1 build 7601
system language   : Chinese (Simplified)
system up time    : 10 hours 43 minutes
program up time   : 31 seconds
processors        : 4x Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
physical memory   : 3652/8092 MB (free/total)
free disk space   : (C:) 56.04 GB
display mode      : 1920x1080, 32 bit
process id        : $28dc
allocated memory  : 43.44 MB
executable        : Bookmark.exe
exec. date/time   : 2008-12-02 23:47
version           : 1.7.6.7
compiled with     : Delphi 7
madExcept version : 3.0h
callstack crc     : $2543e747, $eb734443, $8e1e3716
exception number  : 1
exception class   : ERegistryException
exception message : Failed to set data for 'URL ProtocoL'.

main thread ($2a24):
0048dbf1 +059 Bookmark.exe Registry          TRegistry.PutData
0048daa5 +021 Bookmark.exe Registry          TRegistry.WriteString
004feb7c +098 Bookmark.exe GUITool  1051 +12 RegisterPxbel
0062846b +517 Bookmark.exe MainForm  708 +86 TBkMainForm.FormCreate
004c8f25 +031 Bookmark.exe Forms             TCustomForm.DoCreate
004c8c05 +011 Bookmark.exe Forms             TCustomForm.AfterConstruction
00403e37 +007 Bookmark.exe System            @AfterConstruction
004c8bdc +174 Bookmark.exe Forms             TCustomForm.Create
75a04b69 +142 kernel32.dll                   RegQueryValueExA
004d03c9 +031 Bookmark.exe Forms             TApplication.CreateForm
00641cd0 +468 Bookmark.exe Bookmark  180 +84 initialization
75a03368 +010 kernel32.dll                   BaseThreadInitThunk

thread $10d4:
75a03368 +10 kernel32.dll  BaseThreadInitThunk

thread $10d8:
75a03368 +10 kernel32.dll  BaseThreadInitThunk

thread $2a34:
75a03368 +10 kernel32.dll  BaseThreadInitThunk

thread $2634:
755a3d36 +5f KERNELBASE.dll           SleepEx
755a4607 +0a KERNELBASE.dll           Sleep
0044e60d +0d Bookmark.exe   madExcept CallThreadProcSafe
0044e677 +37 Bookmark.exe   madExcept ThreadExceptFrame
75a03368 +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($2a24) at:
76beda6e +00 ole32.dll

thread $195c (TWorkerThread):
755a15c8 +92 KERNELBASE.dll                      WaitForSingleObjectEx
75a0118f +3e kernel32.dll                        WaitForSingleObjectEx
75a01143 +0d kernel32.dll                        WaitForSingleObject
00541f27 +17 Bookmark.exe   VirtualTrees 5128 +3 TWorkerThread.Execute
0044e72b +2b Bookmark.exe   madExcept            HookedTThreadExecute
0046fe64 +34 Bookmark.exe   Classes              ThreadProc
0040492c +28 Bookmark.exe   System               ThreadWrapper
0044e60d +0d Bookmark.exe   madExcept            CallThreadProcSafe
0044e677 +37 Bookmark.exe   madExcept            ThreadExceptFrame
75a03368 +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($2a24) at:
00541e6e +16 Bookmark.exe   VirtualTrees 5091 +1 TWorkerThread.Create

thread $20ec:
75a03368 +10 kernel32.dll  BaseThreadInitThunk

thread $2650:
75a03368 +10 kernel32.dll  BaseThreadInitThunk

thread $1a78 (TProcessMonitor): <priority:15>
006189bb +23 Bookmark.exe ProcessMonitor 54 +6 TProcessMonitor.Execute
0044e72b +2b Bookmark.exe madExcept            HookedTThreadExecute
0046fe64 +34 Bookmark.exe Classes              ThreadProc
0040492c +28 Bookmark.exe System               ThreadWrapper
0044e60d +0d Bookmark.exe madExcept            CallThreadProcSafe
0044e677 +37 Bookmark.exe madExcept            ThreadExceptFrame
75a03368 +10 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($2a24) at:
0061894f +1b Bookmark.exe ProcessMonitor 29 +1 TProcessMonitor.Create

modules:
00400000 Bookmark.exe      1.7.6.7            C:\Users\wuhan\Desktop\ذ\Power Favorites
037c0000 LIBEAY32.dll                         C:\Users\wuhan\Desktop\ذ\Power Favorites
10000000 ssleay32.dll                         C:\Users\wuhan\Desktop\ذ\Power Favorites
60900000 sqlite3.dll                          C:\Users\wuhan\Desktop\ذ\Power Favorites
64130000 tiptsf.dll        6.1.7601.18984     C:\Program Files (x86)\Common Files\microsoft shared\ink
64350000 ntshrui.dll       6.1.7601.17514     C:\Windows\system32
64610000 EhStorShell.dll   6.1.7600.16385     C:\Windows\system32
66900000 WindowsCodecs.dll 6.1.7601.23418     C:\Windows\system32
6c7c0000 ieframe.dll       8.0.7601.18934     C:\Windows\SysWOW64
6d7f0000 msxml3.dll        8.110.7601.23648   C:\Windows\System32
6ebb0000 msimg32.dll       6.1.7600.16385     C:\Windows\system32
6ef90000 cscapi.dll        6.1.7601.17514     C:\Windows\system32
711f0000 propsys.dll       7.0.7601.17514     C:\Windows\system32
712f0000 comctl32.dll      6.10.7601.18837    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
71630000 uxtheme.dll       6.1.7600.16385     C:\Windows\system32
716d0000 slc.dll           6.1.7600.16385     C:\Windows\system32
718d0000 bcrypt.dll        6.1.7601.23677     C:\Windows\System32
718f0000 OLEACC.dll        7.0.0.0            C:\Windows\SysWOW64
71cc0000 apphelp.dll       6.1.7601.17514     C:\Windows\system32
72730000 wsock32.dll       6.1.7600.16385     C:\Windows\system32
73030000 olepro32.dll      6.1.7601.17514     C:\Windows\system32
73cb0000 RpcRtRemote.dll   6.1.7601.17514     C:\Windows\system32
73fa0000 mpr.dll           6.1.7600.16385     C:\Windows\system32
745f0000 rsaenh.dll        6.1.7600.16385     C:\Windows\system32
746c0000 CRYPTSP.dll       6.1.7600.16385     C:\Windows\system32
749a0000 ntmarta.dll       6.1.7600.16385     C:\Windows\system32
74b40000 srvcli.dll        6.1.7601.17514     C:\Windows\system32
74ce0000 profapi.dll       6.1.7600.16385     C:\Windows\system32
74e50000 version.dll       6.1.7600.16385     C:\Windows\system32
74f20000 CRYPTBASE.dll     6.1.7601.23677     C:\Windows\syswow64
74f30000 SspiCli.dll       6.1.7601.23677     C:\Windows\syswow64
74f90000 SHLWAPI.dll       6.1.7601.17514     C:\Windows\syswow64
74ff0000 CFGMGR32.dll      6.1.7601.17514     C:\Windows\syswow64
75160000 RPCRT4.dll        6.1.7601.23677     C:\Windows\syswow64
75370000 comdlg32.dll      6.1.7601.17514     C:\Windows\syswow64
75590000 KERNELBASE.dll    6.1.7601.23677     C:\Windows\syswow64
755e0000 DEVOBJ.dll        6.1.7600.16385     C:\Windows\syswow64
75600000 oleaut32.dll      6.1.7601.23569     C:\Windows\syswow64
75720000 MSCTF.dll         6.1.7601.23572     C:\Windows\syswow64
75910000 USP10.dll         1.626.7601.23688   C:\Windows\syswow64
759b0000 winmm.dll         6.1.7601.17514     C:\Windows\syswow64
759f0000 kernel32.dll      6.1.7601.23677     C:\Windows\syswow64
75b30000 GDI32.dll         6.1.7601.23688     C:\Windows\syswow64
75bc0000 msvcrt.dll        7.0.7601.17744     C:\Windows\syswow64
75ca0000 imm32.dll         6.1.7601.17514     C:\Windows\syswow64
75d00000 sechost.dll       6.1.7600.16385     C:\Windows\SysWOW64
75d20000 LPK.dll           6.1.7601.23587     C:\Windows\syswow64
75d30000 shell32.dll       6.1.7601.18952     C:\Windows\syswow64
76a10000 WLDAP32.dll       6.1.7601.17514     C:\Windows\syswow64
76a60000 WS2_32.dll        6.1.7601.23451     C:\Windows\syswow64
76aa0000 dwmapi.dll        6.1.7600.16385     C:\Windows\syswow64
76ac0000 user32.dll        6.1.7601.23528     C:\Windows\syswow64
76bc0000 ole32.dll         6.1.7601.19131     C:\Windows\syswow64
76d50000 ADVAPI32.dll      6.1.7601.23677     C:\Windows\syswow64
76e10000 SETUPAPI.dll      6.1.7601.17514     C:\Windows\syswow64
76fb0000 PSAPI.DLL         6.1.7600.16385     C:\Windows\syswow64
76fc0000 iertutil.dll      8.0.7601.18934     C:\Windows\syswow64
772d0000 NSI.dll           6.1.7600.16385     C:\Windows\syswow64
772f0000 CLBCatQ.DLL       2001.12.8530.16385 C:\Windows\syswow64
778c0000 ntdll.dll         6.1.7601.23677     C:\Windows\SysWOW64

processes:
0000 Idle                         0
0004 System                       0
0148 smss.exe                     0
01fc csrss.exe                    0
0230 wininit.exe                  0
024c csrss.exe                    1
0278 winlogon.exe                 1
02a8 services.exe                 0
02b4 lsass.exe                    0
02bc lsm.exe                      0
0318 svchost.exe                  0
03a0 QQPCRTP.exe                  0
0198 svchost.exe                  0
0434 svchost.exe                  0
045c svchost.exe                  0
047c svchost.exe                  0
04e8 svchost.exe                  0
0574 ZhuDongFangYu.exe            0
05a8 svchost.exe                  0
0694 spoolsv.exe                  0
06b4 svchost.exe                  0
07cc taskhost.exe                 1 normal
07ec AppleMobileDeviceService.exe 0
04a8 dwm.exe                      1 high
07c8 explorer.exe                 1 normal
0818 mDNSResponder.exe            0
0864 svchost.exe                  0
0184 iTunesHelper.exe             1 normal
0b80 360sd.exe                    1 normal
0b88 QQPCTray.exe                 1 normal D:\guanjia\QQPCMgr\12.3.18483.221
0c6c iPodService.exe              0
0e8c DingTalk.exe                 1 normal D:\DingDing\main\current
0548 360tray.exe                  1 normal C:\Program Files (x86)\360\360Safe\safemon
0e5c GoogleUpdate.exe             1 idle   C:\Users\wuhan\AppData\Local\Google\Update
0cd0 svchost.exe                  0
107c unsecapp.exe                 1 normal
10bc WmiPrvSE.exe                 0
115c DingTalkHelper.exe           1 normal D:\DingDing\main\current
131c 360rp.exe                    1 normal
1480 SearchIndexer.exe            0
18a8 svchost.exe                  0
1b1c gidot typesetter.exe         1 normal D:\soft\pbzsgt_downcc\pbzsgt\Ű
0d00 flashfxp.exe                 1 normal D:\soft\FlashFXPliehuo\FlashFXP
08e8 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
0200 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
19f0 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
1a04 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
07b0 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
0ef8 chrome.exe                   1 idle   C:\Users\wuhan\AppData\Local\Google\Chrome\Application
1b84 chrome.exe                   1 normal C:\Users\wuhan\AppData\Local\Google\Chrome\Application
1388 360mobilemgr.exe             1 normal C:\Program Files (x86)\360\360Safe\mobilemgr
17c8 360MobileLink.exe            1 normal C:\Program Files (x86)\360\360Safe\mobilemgr
1cb8 360bdoctor.exe               1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application\8.1.1.254
1f9c 360se.exe                    1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application
1534 360se.exe                    1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application
1d4c wdswfsafe.exe                1 normal C:\Program Files (x86)\360\360Safe\safemon
16f0 360se.exe                    1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application
1ff4 360se.exe                    1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application
136c 360se.exe                    1 normal C:\Users\wuhan\AppData\Roaming\360se6\Application
1e40 GoogleUpdate.exe             1 normal C:\Users\wuhan\AppData\Local\Google\Update
21d0 SogouCloud.exe               1 normal C:\Program Files (x86)\sogoupinyin\7.0.0.9604
1fd0 chrome.exe                   1 idle   C:\Users\wuhan\AppData\Local\Google\Chrome\Application
26ec BaiduNetdisk.exe             1 normal F:\BaiduNetdisk
27f4 taskhost.exe                 1 normal
2ad4 ͼȡ.exe             1 normal D:
2698 SearchProtocolHost.exe       0
13e4 SearchFilterHost.exe         0 idle
0870 WmiPrvSE.exe                 0
28dc Bookmark.exe                 1 normal C:\Users\wuhan\Desktop\ذ\Power Favorites
299c dllhost.exe                  1 normal

hardware:
+ Computer
  - ACPI x64-based PC
+ Disk drives
  - WDC WD10EZEX-21M2NA0 ATA Device
+ Display adapters
  - Intel(R) HD Graphics 4600 (driver 10.18.10.3262)
+ Human Interface Devices
  - HID-compliant device
  - USB 豸
  - USB 豸
  - USB 豸
  -  HID ׼û豸
  -  HID ׼û豸
+ IDE ATA/ATAPI controllers
  - ATA Channel 2
  - ׼ AHCI 1.0  ATA 
+ Keyboards
  - HID Keyboard Device
+ Mice and other pointing devices
  - HID-compliant mouse
+ Monitors
  - ͨü弴ü
+ Network adapters
  - Realtek PCIe GBE Family Controller (driver 7.89.716.2014)
+ Ports (COM & LPT)
  - ӡ˿ (LPT1)
  - ͨŶ˿ (COM1)
+ Processors
  - Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
  - Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
  - Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
  - Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
+ Sound, video and game controllers
  - Realtek High Definition Audio (driver 6.0.1.7195)
  - Ӣض(R) ʾƵ (driver 6.16.0.3182)
+ System devices
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fixed Feature Button
  - ACPI Power Button
  - ACPI Thermal Zone
  - ACPI Thermal Zone
  - Direct memory access controller
  - High Definition Audio 
  - High Definition Audio 
  - High precision event timer
  - Intel(R) 8 Series/C220 Series PCI Express Root Port #1 - 8C10 (driver 10.1.1.11)
  - Intel(R) 8 Series/C220 Series PCI Express Root Port #3 - 8C14 (driver 10.1.1.11)
  - Intel(R) 8 Series/C220 Series PCI Express Root Port #4 - 8C16 (driver 10.1.1.11)
  - Intel(R) 8 Series/C220 Series SMBus Controller - 8C22 (driver 10.1.1.11)
  - Intel(R) 82801 PCI Bridge - 244E
  - Intel(R) 82802 Firmware Hub Device
  - Intel(R) B85 LPC Controller - 8C50 (driver 10.1.1.11)
  - Intel(R) Management Engine Interface  (driver 9.0.0.1287)
  - Microsoft ACPI-Compliant System
  - Microsoft System Management BIOS Driver
  - Microsoft ö
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Numeric data processor
  - PCI standard host CPU bridge
  - PCI  (driver 2.5.3.34)
  - Plug and Play Software Device Enumerator
  - Printer Port Logical Interface
  - Programmable interrupt controller
  - Remote Desktop Device Redirector Bus
  - System board
  - System CMOS/real time clock
  - System timer
  - Terminal Server Keyboard Driver
  - Terminal Server Mouse Driver
  - UMBus Enumerator
  - UMBus Root Bus Enumerator
  - Volume Manager
  - ö
  - ļΪ
+ Universal Serial Bus controllers
  - Generic USB Hub
  - Generic USB Hub
  - Standard Enhanced PCI to USB Host Controller
  - Standard Enhanced PCI to USB Host Controller
  - USB Composite Device
  - USB Root Hub
  - USB Root Hub
  - Ӣض(R) USB 3.0  (driver 2.5.3.34)
  - Ӣض(R) USB 3.0 չ (driver 2.5.3.34)

cpu registers:
eax = 007b0578
ebx = 007b4108
ecx = 00000000
edx = 0048dbf6
esi = 00000001
edi = 004fec14
eip = 0048dbf6
esp = 0018fc60
ebp = 0018fca8

stack dump:
0018fc60  f6 db 48 00 de fa ed 0e - 01 00 00 00 07 00 00 00  ..H.............
0018fc70  74 fc 18 00 f6 db 48 00 - 78 05 7b 00 08 41 7b 00  t.....H.x.{..A{.
0018fc80  01 00 00 00 14 ec 4f 00 - a8 fc 18 00 90 fc 18 00  ......O.........
0018fc90  14 ec 4f 00 00 00 00 00 - 08 41 7b 00 14 ec 4f 00  ..O......A{...O.
0018fca0  0b d7 48 00 5d 4e 40 00 - dc fc 18 00 aa da 48 00  ..H.]N@.......H.
0018fcb0  01 00 00 00 01 00 00 00 - 8c 60 62 00 70 20 78 00  .........`b.p.x.
0018fcc0  08 41 7b 00 81 eb 4f 00 - e4 fc 18 00 38 42 40 00  .A{...O.....8B@.
0018fcd0  dc fc 18 00 a0 36 79 00 - 00 00 00 00 68 fd 18 00  .....6y.....h...
0018fce0  70 84 62 00 70 fd 18 00 - 38 42 40 00 68 fd 18 00  p.b.p...8B@.h...
0018fcf0  8c 60 62 00 70 20 78 00 - ac 21 79 00 00 00 00 00  .`b.p.x..!y.....
0018fd00  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd10  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd20  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd30  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd40  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd50  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fd60  ac 21 79 00 ac 21 79 00 - 8c fd 18 00 2b 8f 4c 00  .!y..!y.....+.L.
0018fd70  a8 fd 18 00 58 40 40 00 - 8c fd 18 00 8c 60 62 00  ....X@@......`b.
0018fd80  70 20 78 00 ac 21 79 00 - ac 21 79 00 d0 fe 18 00  p.x..!y..!y.....
0018fd90  0b 8c 4c 00 70 20 78 00 - ac 21 79 00 3a 3e 40 00  ..L.p.x..!y.:>@.

disassembling:
[...]
004feb6c        mov     eax, ebx
004feb6e        call    -$710ef ($48da84)      ; Registry.TRegistry.WriteString
004feb73 1051   xor     ecx, ecx
004feb75        mov     edx, $4fec14           ; 'URL ProtocoL'
004feb7a        mov     eax, ebx
004feb7c      > call    -$710fd ($48da84)      ; Registry.TRegistry.WriteString
004feb81        xor     eax, eax
004feb83        pop     edx
004feb84        pop     ecx
004feb85        pop     ecx
004feb86        mov     fs:[eax], edx
[...]

