3 2 250 s 12/31/11, 04:53:23 UTC Timeout 1.75.3394 $Revision: 3603 $ Dec 30 2011 23:19:18

true true false false false false false false false false false true true true true false false false false false true false false true false true false 6

2 1 Primary Analysis Subject dec8ffd4ea9f368ad11e43dd2e1e58e2.amada dec8ffd4ea.exe C:\dec8ffd4ea.exe "C:\dec8ffd4ea.exe" dead 0 dec8ffd4ea9f368ad11e43dd2e1e58e2 7248ea64341dacf1d14ef68c17ce8a10bf131e4b 141312 3 2 Started by dec8ffd4ea.exe olne.exe C:\Documents and Settings\Administrator\Application Data\Yldyl\olne.exe "C:\Documents and Settings\Administrator\Application Data\Yldyl\olne.exe" dead 0 8ed8abfaee8bd928a03d56b563f76f59 249133273ae1a3d3cfb725c571975ee829cbb5b7 141312 4 3 olne.exe wrote to the virtual memory of this process Explorer.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\Explorer.EXE alive 0 12896823fb95bfb3dc9b46bcaedc9923 9d2bf84874abc5b6e9a2744b7865c193c08d362f 1033728 5 3 olne.exe wrote to the virtual memory of this process ctfmon.exe C:\WINDOWS\system32\ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" alive 0 5f1d5f88303d4a4dbc8e5f97ba967cc3 99cb7370f16773c8e2d0c86fe805ec638ab126e9 15360 6 3 olne.exe wrote to the virtual memory of this process msmsgs.exe C:\Program Files\Messenger\msmsgs.exe "C:\Program Files\Messenger\msmsgs.exe" /background alive 0 3e930c641079443d4de036167a69caa2 ac40479e28fb680aff76e41fa14ebe18b3392629 1695232 7 3 olne.exe wrote to the virtual memory of this process reader_sl.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" alive 0 54c88bfbd055621e2306534f445c0c8d 960a171e826c077187fe634103874644327a6110 40048 8 4 Explorer.EXE wrote to the virtual memory of this process wscntfy.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wscntfy.exe alive 0 f92e1076c42fcd6db3d72d8cfe9816d5 549f0a01848375d03159fc74171ed97790fa9650 13824 9 3 olne.exe wrote to the virtual memory of this process kxuckd.exe C:\Program Files\Common Files\kxuckd.exe "C:\Program Files\Common Files\kxuckd.exe" alive 0 ed22e108cca63fab4ad592f04b117289 a11b96e200594f19b8e67af04797b61267710fec 327901 UPX All_Versions SN:1634 10 3 olne.exe wrote to the virtual memory of this process drlwszvxbeo.exe C:\Program Files\Common Files\drlwszvxbeo.exe "C:\Program Files\Common Files\drlwszvxbeo.exe" alive 0 ec95a4d3adc866c53bfafc3ba177d905 78d7358cebb7681ba22b1ec453eb98308eadd619 1256684 ... 11 2 Started by dec8ffd4ea.exe cmd.exe cmd.exe alive 0