Hi,<br><br>I&#39;m using zeusscan2 module against a zeus infected memory dump, i&#39;m able to get the rc4 keys and xor keys as mentioned in this link &quot;<a href="http://mnin.blogspot.in/2011/09/abstract-memory-analysis-zeus.html">http://mnin.blogspot.in/2011/09/abstract-memory-analysis-zeus.html</a>&quot;.......i have also downloaded the zeus config file, that this sample tried to download, knowing this information, is it possible to decrypt the config file, if yes,  how can i decrypt the config file or what are the steps to decrypt the config file?....and i think the zeuscan plugin is really awesome (Thanks Michael for writing such a great plugin, its really useful?)..<br>
<br><br>Thanks,<br>