Analysis Date2014-04-22 00:13:50
MD5bf6024d3f9524abaab2a107e555e7504
SHA1013e01f8a035fd271212e0db163c9c24d5f1deeb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d71eb81868453c55db33d3c3df831123 sha1: 7bc6a49015466aaac555500aee1733ee56453ed0 size: 118784
Section.rdata md5: 8ed4222ba2724be0060d20ffec08c8b7 sha1: d4f8085b9b4ebfc9e7217daff2931640408fecec size: 32768
Section.data md5: 27139a67b565a4a6bbee04be45bc1715 sha1: 57d324531d0fa294ee2a6300c04e5d230bb3b3fe size: 8192
Section.rsrc md5: 003d7da016fea5cb24b18c7c99b8a798 sha1: bc4d89e65f59021f661dc36f135e413cc820722b size: 16384
Sectionwo8rmgiz md5: 99f66bb94ac40a5c04b116eea61d71d2 sha1: 40178af7e6e7bf83acb09d7633a43c474d24b200 size: 286600
Sectiontva0zrhi md5: 330b50e28e760e068787ac7edcb6a196 sha1: f56562d821c50a700ea250811552837337695493 size: 8192
Timestamp2008-10-02 07:29:00
VersionLegalCopyright: Copyright (C) 2006
InternalName:
FileVersion: 1, 0, 0, 2
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName:
SpecialBuild:
ProductVersion: 1, 0, 0, 2
FileDescription:
OriginalFilename:
PackerUPX v0.80 - v0.84
PEhash39728f1a73ed1be04f2b246bbc4e33a36f7b1b32
IMPhashd60693076a3c4b23f91f6a6ad6268ea4
AVavgDownloader.Agent.AOEI
AVclamavTrojan.Downloader-58362
AVmcafeegeneric!bg.hrk
AVaviraTR/Dropper.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\hycg\hycg\lld ➝
4-21\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Netbios
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock URLhttp://kr.yahoo.com
Winsock URLhttp://config.kwsearchguide.com/global_xml.php?ovt=
Winsock URLhttp://log.kwsearchguide.com/log-bin/alive.php?ovt=
Winsock URLhttp://config.kwsearchguide.com/xmlup/url_info_xml.php?ovt=
Winsock URLhttp://log.kwsearchguide.com/log-bin/statics.php?maddr=&ipaddr=192.168.1.2&ovt=&verno=&action=load

Network Details:

DNSany-rc.a01.yahoodns.net
Type: A
98.139.102.145
DNSkr.yahoo.com
Type: A
DNSlog.kwsearchguide.com
Type: A
DNSconfig.kwsearchguide.com
Type: A
HTTP GEThttp://kr.yahoo.com/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 98.139.102.145:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a206b72 2e796168 6f6f2e63   Host: kr.yahoo.c
0x00000020 (00032)   6f6d0d0a 0d0a                         om....


Strings
723
+%
..
.
........
.. ! ........
()'&%$#"
*+,-/.,+*
0
18
.(l
.
"
\
.....
......
....
..
........
.......! .$%&'()*+-./01234<;:98765#
.
.
......
.........
 
MN$=
.
..
*KJ8
.
2
..
&.
79
Q."
 2
'>
3..;-.
,H
R9:Z.0
B
-.F..-
8Wd/
D
.
*EY34
4
..+
+
-%[
JP5
.$
9
(X<>V
.:
#
.
2&
-,#
+
;>
/9
(
"
)
.;.7;."
0
Z
[
0
 
 .+)-
..
+
.R
.
@$
-
.'
.
R/
8.A
!W-
5
?.
I
R
1\
7.<.3K..
(Q.
[
.4L
'6:
\.
P.
85
*Q
P
$M.
9
.
?6..W
,
-
:
%.:@
.
.
.
"6
041204b0
 1.0
1, 0, 0, 2
CLSID:
cmd_1
Comments
CompanyName
Copyright (C) 2005
Copyright (C) 2006
D27CDB6E-AE6D-11CF-96B8-444553540000
EMBED
FileDescription
FileVersion
.GIF
hidden
InternalName
LegalCopyright
LegalTrademarks
OBJECT
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
.swf
Translation
VarFileInfo
VS_VERSION_INFO
(0[0|0
0123456789ABCDEF
0]1n1,2"3B3
0$1v2{2<3G3
%02x%02x%02x%02x%02x%02x
&0A0O0
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
0H0^1u1
0H1H2d2
??0Init@ios_base@std@@QAE@XZ
??0ios_base@std@@IAE@XZ
0j182G2
0K0V0t0
 0l0w0
??0_Lockit@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0_Winit@std@@QAE@XZ
0x%08lx
0Xh<2D
1-1>1d1
1_1:2D2Y2
1*1f1s2
1%242G2
1 262f3
1!323I3
1)3q3}4
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
&1d1p1{2
??1exception@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1ostrstream@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??1type_info@@UAE@XZ
1W223M3
??1_Winit@std@@QAE@XZ
203D3p4
21UZ'n(W
2(2b2x2
2,2G2j3v3
2:2j2u2
22WA^?
2\3d4t4"525s5S6p6L7
243F3~3
282v2{2
2k3K4o4u4
>2>L>[>
2L3l3q3
;2<[<x<
2X3$4b4~4
324C4T4
3$313}3
343O3T3j3
3#4@4 5A5m5
3~4/5j5t5.8n8O9
3*505A5L5
3&5^5x5
3A3Q3`3r4
3p4e5z5
3Q4b5t5
4?4R4Q6
4'5,5)6;6:7n7
4`5)6c6u6L8 9&9
4&5>6f6
4"5A6[6?7
4,5B5Q5
4,5J5q5;6
4.5M5z5
4_6/7:7H7h7
4$g6_b
4$^_h$
4$^h'^
4$^haD
4$haN%R^
4$hcZ"
4$h /E
4$^hk/?
4$^hLQ9
4$^Rh]
4$Who$E
<$=5=`=
;%<5<}<
506d6d7
516<6K6
5"6g6m6
586G6s6
595$6{6@7
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
5F6t6z6
>*>5>M?
6(778e9;:w;
6/7?7N7q8
6;7e7j7
6)7T7O8
6hV2o?
<6=I=/>
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
747>7S7g7
758Q8~8
7'7N7n7
7^7z7p8
7`8~8`9
7.8E8U8
7:8Y8c8O9
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@
??_7out_of_range@std@@6B@
7R:]:p:
??_7runtime_error@std@@6B@
8$8:8V8s8
899`9q9
8|9&:[:g:t:
8%9H;];m;
89:>:i:
8:9O9U9_9
=8>a>q>
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_8?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
8G9^9s9
8n8"9.959<9o9
8nYh8hB
8S8{8)9q9
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
=8=Y=q=
90_0{0
9-939t9
9?9D9q9
9B9g9{9
9':::I:
9_:{:$;L;8<L<
9L:%;`=I?
9O:c:+;y;
9`:`<%=[=p=
9R9`9l9
,$.%A@
accept
_acmdln
_adjust_fdiv
ADVAPI32.dll
<A|E<F
%AFFILDATA
=A>g>	?
Agent%.2d
<a href="%CLICKURL" target="_blank" class=titleA>%TITLE</a><br><a href="%CLICKURL" target="_blank" class=titleB>%DESCRIPTION</a><br><a href="%CLICKURL" target="_blank" class=titleC>%SITEHOST</a><p style="margin-top:6px">
>A>i>H?j?
:A;I;x;
&&amp;
'&apos;
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
AppendMenuA
AS</>@;
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
a.titleA:active  {font-family: "
a.titleA:hover  {font-family: "
a.titleA:link {font-family: "
a.titleA:visited  {font-family: "
a.titleB:active  {font-family: "
a.titleB:hover  {font-family: "
a.titleB:link {font-family: "
a.titleB:visited  {font-family: "
a.titleC:active  {font-family: "
a.titleC:hover  {font-family: "
a.titleC:link {font-family: "
a.titleC:visited  {font-family: "
a.titleD:active  {font-family: "Arial";	font-size: 7pt; color:#AFAFAF; line-height: 140%; text-decoration: none; }
a.titleD:hover  {font-family: "Arial";	font-size: 7pt; color:#AFAFAF; line-height: 140%; text-decoration: none; }
a.titleD:link {font-family: "Arial";	font-size: 7pt; color:#AFAFAF; line-height: 140%; text-decoration: none; } 
a.titleD:visited  {font-family: "Arial";	font-size: 7pt; color:#AFAFAF; line-height: 140%; text-decoration: none; }
autorun
.?AV_com_error@@
.?AVexception@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
bandtitle
barmode
barstat
Behw(^
</body>
BODY {
<body topmargin=0 leftmargin=0 oncontextmenu="return false" ondragstart="return false" onselectstart="return false" style="width:100%; overflow-x:hidden;overflow-y:scroll"  >
 ; border:1px solid #D6D6D6}
<b>%s</b>
</B></TD>
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
 cannot be Correctly Decrypted!
<![CDATA[
#CDATA
CDoubleBuffering::GetData(): Illegal iDataLen!
CDoubleBuffering: Illegal Construction Data!
CDoubleBuffering: m_iSize should be Even Number!
CDoubleBuffering: Referenced File not Opened or in Bad State!
CharNextA
CharUpperA
CIEEvents
?clear@ios_base@std@@QAEXH_N@Z
ClickUrl
%CLICKURL
%CLIENTID
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
CloseHandle
CLSID\%s\InprocServer32
<#=c=n=
CoCreateInstance
CoInitialize
	color: #000000;
comerce
#COMMENT
Config%.2d
_controlfp
<!-- //copyright end -->
<!-- copyright start -->
CoUninitialize
COverture
C%	q1 %d
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
;;;C<S<
__CxxFrameHandler
_CxxThrowException
cycleterm
D$4RPShDcB
D$4SPSSSSSSV
D$8j<P
@.data
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
delete
DeleteFileA
description
%DESCRIPTION
D$$h8hB
]DhTqY
DispatchMessageA
;dIuWht
D$,j<P
D$lh hB
__dllonexit
DllRegisterServer
DllUnregisterServer
;D<M<C=
DocumentComplete
", "Dotum", "AppleGothic", "Helvetica", "san serif";
", "Dotum","AppleGothic", "Helvetica", "san serif"; color: #000000; font-size:8pt; text-decoration: none; line-height : 130%;}
", "Dotum","AppleGothic", "Helvetica", "san serif"; color: #1425D0; font-size:8pt;font-weight:bold; text-decoration: underline; line-height : 130%;}
", "Dotum","AppleGothic", "Helvetica", "san serif"; color: #208A3F; font-size:8pt; text-decoration: none; line-height : 130%;}
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt; color:#000000; line-height: 140%; text-decoration: none; }
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt; color:#000000; line-height: 140%; text-decoration: none; } 
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt; color:#208A3F; line-height: 140%; text-decoration: none; }
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt; color:#208A3F; line-height: 140%; text-decoration: none; } 
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt;font-weight:bold; color:#1425D0; line-height: 140%; text-decoration: underline; }
", "Dotum","AppleGothic", "Helvetica", "san serif";	font-size: 8pt;font-weight:bold; color:#1425D0; line-height: 140%; text-decoration: underline; } 
DPhw E
DrawIcon
D$@SPVW
D$(SUV
>^>#?-?d?v?
:-:@:d;z;
Element must be closed.
EnableWindow
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
eso0hJ
_except_handler3
except_kw
execute
executetype
explanation
extract
=<>F>1?
fclose
Ffile:
FileCrypt ERROR: Cannot open File 
FileCrypt ERROR: Encryption/Decryption Object not Initialized!
FileCrypt ERROR: File 
FileCrypt ERROR: Illegal Operation Mode!
FileCrypt ERROR: Illegal Padding Mode!
FileCrypt ERROR: in CSHA::AddData(), Data Length should be > 0!
FileCrypt ERROR: in CSHA::FinalDigest(), No data Added before call!
FileCrypt ERROR: Key Data Length should be > 0!
FileCrypt ERROR: No Key DataSpecified!
FileCrypt ERROR: The same File for Input and Output 
fileinfo
filename
FindClose
FindFirstFileA
FindResourceA
FindWindowA
folder
	font-family: "
	font-size: 8pt;
	</Form>
	<Form Action="http://search.kwsearchguide.com/search.php" Name="form1" Method="GET">
FreeLibrary
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?freeze@strstreambuf@std@@QAEX_N@Z
fwrite
gdkWindowTemp
gdkWindowToplevel
GetClientRect
GetCommandLineA
GetComputerNameA
GetCursorPos
GetExitCodeProcess
GetFileSize
GetLastError
GetLocalTime
GetLongPathNameA
__getmainargs
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetSystemMenu
GetSystemMetrics
GetTickCount
GetVersionExA
GetWindow
GetWindowsDirectoryA
GetWindowThreadProcessId
Gj\j<W
?_Global@_Locimp@locale@std@@0PAV123@A
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
<$_h$}
`,*h<3
$hA 8W
<$_haA
hdm pY
$[hE}O
hE?y	^
hf}d'^
$hHm1{
HhO8B;
,$hhvOP^
hidden
+hiy/9X
hK}Og^
hMw+iY
hmwjMX
<$_hNt
'hnWMk
<$h\O	4_
hoJ1sY
h)r81X
h]	>RX
</html>
<html>
http://
http://config.kwsearchguide.com/global_xml.php?ovt=%CLIENTID
http://config.kwsearchguide.com/include_xml/gets_xml.php
http://config.kwsearchguide.com/xmlup/url_info_xml.php?ovt=%CLIENTID
http://kr.yahoo.com
http://log.kwsearchguide.com/log-bin/alive.php?ovt=%CLIENTID
http://log.kwsearchguide.com/log-bin/statics.php?maddr=%MACADDR&ipaddr=%IP&ovt=%CLIENTID&action=update
http://log.kwsearchguide.com/log-bin/statics.php?maddr=%MACADDR&ipaddr=%IP&ovt=%CLIENTID&verno=%PROGRAMVERSION&action=load
http://%s
http://search.ilikeclick.com/search_xml.php?ec=%OVERTUREID&pt=3&max=5&query=
http://www.daum.net
http://www.naver.com
hUd3M_
$hXA4H[
$[hXeB
hX{k[X
hycg_Main
hycg_mutex
hycg_QuitEvent
I0_X:3
,$i7%<
<iframe src="http://ad.kwsearchguide.com/sponsor_box.php?ovt=<!--%OVERTUREID-->&sq=<!--%KEYWORD-->" frameborder="0" scrolling="no" width="190" height="225"></iframe>
Illegal Block Size!
Illegal Internal Rounds!
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
	<img onclick='if(!form1.K.value) { return false; } else { document.form1.submit(); }' style=cursor:hand src="http://img.kwsearchguide.com/btn_search.gif" align=absmiddle border=0>
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
_initterm
	<input name="K" type=text size=18 class=Keywords><input name="ID" type=hidden value="<!--%OVERTUREID-->" size=14>&nbsp
InternetCloseHandle
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetReadFile
invalid vector<T> subscript
ip=%s&ua=%s&xfip=
isalnum
IsIconic
_ismbcspace
isspace
IsWindow
it must be closed with </%s>
;{;I<w<
IY.yGJ
J0q0R1
j\hDlB
?.?J?O?
jxh,_ 0[
<k<4>B>e>
KERNEL32.dll
keycycle_b
Key Length should be at least 1
keyname
<!--%KEYWORD-->
%KEYWORD
.Keywords {background-color: #ffffff;border: #999999 1px solid;	font:9pt dotum;}
KillTimer
;.<K<m<
KSGuide_QuitEvent
KWSGuide_QuitEvent
L$0h,hB
l0M1p1
L$4_^d
L$8_^[d
-L=cH/t9^
L$<_^][d
L$ _^][d
L$(_^][d
L$d_^[d
L$h_^][d
	line-height: 130%;
link_url
Listing
L$(j>Q
L$(j	Q
LoadIconA
LoadLibraryExA
LoadResource
LocalFree
LockResource
L$<PQh
L$<PQh4cB
L$ RQSh@aB
lstrcmpA
lstrlenA
lstrlenW
&lt;/strong&gt;
&lt;strong&gt;
*lUhwMD
L$(Vh0
L$x^[d
L$XRSP
%MACADDR
_mbschr
_mbscmp
_mbsicmp
_mbsicoll
_mbsnbicmp
_mbspbrk
<meta http-equiv=Content-Type content=text/html; charset=euc-kr>
MFC42.DLL
microsoft
minimumquery
Module32First
Module32Next
MoveFileA
+MRhn&G0_
MSVCP60.dll
MSVCRT.dll
MultiByteToWideChar
<;=M=W=
MWGuide_QuitEvent
mzh0NF
NavigateComplete2
NETAPI32.dll
Netbios
NewWindow2
Notepad
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
nwov.dat
ole32.dll
OLEAUT32.dll
OleInitialize
OleRun
OleUninitialize
_onexit
OnQuit
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
OpenMutexA
OpenProcess
optype
?overflow@strstreambuf@std@@MAEHH@Z
<!--%OVERTUREID-->
%OVERTUREID
>\?`?p?
;.;^;p;
P2 M=U
PacketSnifferClass1
.PAVCInternetException@@
?pbackfail@strstreambuf@std@@MAEHH@Z
__p__commode
peJZJ-
__p__fmode
<$_Ph6o
<$_PhK
P@hZu!
PJh;}F
<!--%POS_I%-->
			<!--%POS_I%-->
PostMessageA
PostThreadMessageA
PRhLdB
PRhz{1
PRNG Not Initialized
Process32First
Process32Next
program
%PROGRAMFILES
%PROGRAMVERSION
<p style="margin-top:10px">
<p style="margin-top:8px">
_purecall
q0#181f1,2L2
Q]3jf.
$Qh.&"
$Qh5](
QhEt;-
QhiusXY
$QhO9Q
Qh@@rq
QhVI8*
Qp9\$Ht%
QRPhdeB
QRSh gB
qT@UhF
"&quot;
<	>Q>w>
rand_a
rand_b
.rdata
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
regsvr32
ResetEvent
ResultSet
ResumeThread
<$Rhs$
RPh_`	
r,QeT(
RuR91P
<%s> attribute has error 
.sbox {font-size:13px; font-family: 
	SCROLLBAR-3DLIGHT-COLOR: #E5E5E5; 
	SCROLLBAR-ARROW-COLOR: #E5E5E5; 
	SCROLLBAR-DARKSHADOW-COLOR: #E5E5E5
	SCROLLBAR-FACE-COLOR: #FFFFFF; 
	SCROLLBAR-HIGHLIGHT-COLOR: #FFFFFF; 
	SCROLLBAR-SHADOW-COLOR: #FFFFFF; 
	SCROLLBAR-TRACK-COLOR: #FFFFFF; 
<!-- search end -->
<!-- search start -->
secret.txt - 
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
sendcount
SendMessageA
sendterm
__set_app_type
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
SetErrorMode
SetEvent
_setmbcp
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
SetTimer
__setusermatherr
SetWindowPos
%s_event
<$Sh]#
@Shc-W
s[hE2E
SHELL32.dll
ShellExecuteA
$Sh%>F
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
Sh,Yi6[
sidebar
siteHost
%SITEHOST
site_url
SizeofResource
SmartSniff
%s must be closed with </%s>
Software\hycg\hycg
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Software\Microsoft\Windows\CurrentVersion\Run
_splitpath
sponsor
<!-- //sponsor box end-->
<!-- sponsor box start 190*225 -->
<!-- //sponsor end -->
<!-- sponsor start -->
sprintf
%s\Program Files
sQh7(W}Y
'<%s> ... </%s>' is not wel-formed.
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
_strcmpi
_stricmp
strrchr
strtok
</style>
<style type=text/css>
subcycle_b
subject
%s\word.txt
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
%SYSTEM32
T$4SRSSSSSSV
t8Ht(HuH;
</table>
	</TABLE>
	<TABLE width="178" border="0" cellpadding="0" cellspacing="0" align="center">
<table width="190" border="0" cellpadding="0" cellspacing="0" align="center">
<TABLE width="190" border="0" cellpadding="0" cellspacing="0" align="center">
<table width="200" border="0" cellpadding="0" cellspacing="0">
	</td>
=$=T>d>
		</TD>
		<TD>
		<TD align=""><B>
		<TD align=""><b><font color="#FF0000">'<!--%KEYWORD-->'</font></b>
	<td align="center"><A CLASS="titleD">(c) Alum Global Networks <br>Based on Microsoft IE 6.0</a></td>
	<td align="center">(c) Alum Global Networks <br>Based on Microsoft IE 6.0</td>
	<Td background="http://img.kwsearchguide.com/box_bg.gif">
	<td><img src="http://img.kwsearchguide.com/box_bottom.gif" width="190" height="3" align="absmiddle"></td>
	<td><img src="http://img.kwsearchguide.com/box_top.gif" width="190" height="3" align="absmiddle"></td>
</td></tr>
	</TD></TR>
TerminateProcess
?terminate@@YAXXZ
	text-decoration: none;
T$(hDhB
The Ethereal Network Analyzer
T$,h hB
!This program cannot be run in DOS mode.
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
%TITLE
.titleA {font-family:"
.titleB {font-family:"
.titleC {font-family:"
TitleChange
.titleD {font-family:"Arial"; color:#AFAFAF; font-size:7pt; text-decoration: none; line-height : 130%;}
T$(j R
tK;|$ }E
t{L\BsI
tolower
T$(Ph(
T$(QRj
	</TR>
TranslateMessage
	<TR height="1"><TD bgcolor="#D6D6D6"></TD></TR>
	<TR height="20">
	<TR height="4"><TD></TD></TR>
	<TR height="5"><TD>
	<TR height="5"><TD></TD></TR>
<Tr><Td>
tva0zrhi
T$(Vh<
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
u.gRP\!
uncomerce
?underflow@strstreambuf@std@@MAEHXZ
USER32.dll
User Agent
userquery
,$uz)cQ
=$>V>~>
VAP16C{a
version
<$_Vh	
Vh1	,+
(Vhry:
 vl`h<
 vl`h	PJ^
vmflxnfqkghkdlxld
`V;RhT
W0h\lB
W0hPlB
WaitForSingleObject
waittime
wcscmp
wcslen
wcsrchr
)Wh !}
<$WhpD
Wh#'sp_
WindowRegistered
WindowRevoked
%WINDOWS
Windows 95
Windows 98
Windows 98; Win 9x 4.90
Windows CE
Windows %d.%d
Windows NT %d.%d
%%WINDOWS\%s
%%WINDOWS\%s.lg
%%WINDOWS\%sprv.lg
WININET.dll
wireshark.exe
@wo8rmgiz
workdir
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
WS2_32.dll
wsprintfA
wwwwww
wwwwwwwx
wwwwwx
<X=/>@>
{X*]1{l
_XcptFilter
<?xml version="1.0" encoding="EUC-KR" ?>
XOR256STREAM
xqe\P?
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
"X Sh!@1
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
$Yh6$E
Yk2XZZ
$YVWSQ
Y[XWh[a;i
<&=^=z=}>3?
Zhvwz$_
<$_ZY[
<$_ZY[X