Hi, I'm using zeusscan2 module against a zeus infected memory dump, i'm able to get the rc4 keys and xor keys as mentioned in this link " http://mnin.blogspot.in/2011/09/abstract-memory-analysis-zeus.html"...… have also downloaded the zeus config file, that this sample tried to download, knowing this information, is it possible to decrypt the config file, if yes, how can i decrypt the config file or what are the steps to decrypt the config file?....and i think the zeuscan plugin is really awesome (Thanks Michael for writing such a great plugin, its really useful?).. Thanks,