3 2 242 s 02/04/11, 18:07:05 UTC Timeout 1.74.3362 $Revision: 3393 $ Jan 31 2011 10:28:23

true true false false false false false false false false false true true true true false false false false false false false false true true true false 5

2 1 Primary Analysis Subject 2a45f45d0d6e828ae10629d60645fd75.zeustracker 2a45f45d0d.exe C:\2a45f45d0d.exe "C:\2a45f45d0d.exe" dead 0 2a45f45d0d6e828ae10629d60645fd75 1e75bce7ab51f0b2b4175c3336241af5a3389762 143872 UPX All_Versions SN:1634 3 2 Started by 2a45f45d0d.exe xeogr.exe C:\Documents and Settings\Administrator\Application Data\Imugk\xeogr.exe "C:\Documents and Settings\Administrator\Application Data\Imugk\xeogr.exe" dead 0 7674aab7e5cd238ef8a12079b90e29bf cdd69a84463cddddb682b2776ccf0ec86b4888f4 143872 UPX All_Versions SN:1634 4 3 xeogr.exe wrote to the virtual memory of this process wscntfy.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wscntfy.exe alive 0 f92e1076c42fcd6db3d72d8cfe9816d5 549f0a01848375d03159fc74171ed97790fa9650 13824 5 3 xeogr.exe wrote to the virtual memory of this process Explorer.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\Explorer.EXE alive 0 12896823fb95bfb3dc9b46bcaedc9923 9d2bf84874abc5b6e9a2744b7865c193c08d362f 1033728 6 3 xeogr.exe wrote to the virtual memory of this process ctfmon.exe C:\WINDOWS\system32\ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" alive 0 5f1d5f88303d4a4dbc8e5f97ba967cc3 99cb7370f16773c8e2d0c86fe805ec638ab126e9 15360 7 3 xeogr.exe wrote to the virtual memory of this process msmsgs.exe C:\Program Files\Messenger\msmsgs.exe "C:\Program Files\Messenger\msmsgs.exe" /background alive 0 3e930c641079443d4de036167a69caa2 ac40479e28fb680aff76e41fa14ebe18b3392629 1695232 8 3 xeogr.exe wrote to the virtual memory of this process cmd.exe C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" alive 0 6d778e0f95447e6546553eeea709d03c 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1 389120 9 3 xeogr.exe wrote to the virtual memory of this process stimulator.exe c:\stimulator.exe "c:\stimulator.exe" alive 0 ............. 10 3 xeogr.exe wrote to the virtual memory of this process popupKiller.exe c:\popupKiller.exe "c:\popupKiller.exe" alive 0 11 2 Started by 2a45f45d0d.exe cmd.exe C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp02e96728.bat" dead 1