3 2 255 s 08/12/11, 21:43:54 UTC Timeout 1.75.3394 $Revision: 3603 $ Feb 24 2011 16:24:07

true true false true false false false false false false false false false true true false false false false false false true false false true false false 2

2 1 Primary Analysis Subject ca8845e1b387d1c023b8a71c9b2ac0d4.zeustracker ca8845e1b3.exe C:\ca8845e1b3.exe "C:\ca8845e1b3.exe" alive 0 ca8845e1b387d1c023b8a71c9b2ac0d4 71500569edda2fd3b6cd35bd7a7e73782dcf384c 89088 3 2 ca8845e1b3.exe wrote to the virtual memory of this process winlogon.exe \??\C:\WINDOWS\system32\winlogon.exe winlogon.exe alive 0 4 3 winlogon.exe wrote to the virtual memory of this process svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch alive 0 27c6d03bcdb8cfeb96b716f3d8be3e18 49083ae3725a0488e0a8fbbe1335c745f70c4667 14336 5 4 svchost.exe wrote to the virtual memory of this process System System alive 0 6 4 svchost.exe wrote to the virtual memory of this process smss.exe \SystemRoot\System32\smss.exe \SystemRoot\System32\smss.exe alive 0 7 4 svchost.exe wrote to the virtual memory of this process services.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\services.exe alive 0 0e776ed5f7cc9f94299e70461b7b8185 cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf 108544 8 4 svchost.exe wrote to the virtual memory of this process lsass.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\lsass.exe alive 0 bf2466b3e18e970d8a976fb95fc1ca85 de5a73cbb5f51f64c53fb4277ef2c23e70db123f 13312