Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'InfinancialsExcelAddin2.1.exe'

malicious

Threat Score: 85/100 AV Detection: Marked as clean Labeled as: Trojan.WisdomEyes.16070401

InfinancialsExcelAddin2.1.exe

This report is generated from a file or URL submitted to this webservice on March 19th 2018 11:46:37 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v8.00 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Remote Access: Reads terminal service related keys (often RDP related)
Persistence: Spawns a lot of processes
Writes data to a remote process
Fingerprint: Reads the active computer name

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 4
External Systems
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  1/66 Antivirus vendors marked sample as malicious (1% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Contains ability to start/interact with device drivers
  
  details
  
  DeviceIoControl@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  8/10
Installation/Persistance
- Writes data to a remote process
  
  details
  
  "Engine.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388)
  "Engine.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388)
  "Engine.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\cacls.exe" (Handle: 388)
  
  source
  
  API Call
  
  relevance
  
  6/10
Unusual Characteristics
- Spawns a lot of processes
 
 details
 
 Spawned process "<Input Sample>" (Show Process)
 Spawned process "Engine.exe" with commandline "/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process)
 Spawned process "EXCEL.EXE" with commandline "/dde" (Show Process)
 Spawned process "IfEngine.exe" with commandline ", ,True" (Show Process)
 
 source
 
 Monitored Target
 
 relevance
 
 8/10

Suspicious Indicators 26
Anti-Detection/Stealthyness
- Contains ability to open/control a service
  
  details
  
  ControlService@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
  OpenServiceA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  8/10
- Process deletes itself
  
  details
  
  "%TEMP%\SETUP_7713\Engine.exe" deletes itself
  
  source
  
  API Call
  
  relevance
  
  10/10
- Queries process information
  
  details
  
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51728342
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51730361
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51732177
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51734082
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51735885
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51737180
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51737659
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51738157
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51738634
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51739114
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51739590
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51740118
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51740597
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51741069
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51741543
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51742060
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51742564
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743031
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743508
  "Engine.exe" queried SystemProcessInformation at 00018430-00003716-00000105-51743976
  
  source
  
  API Call
  
  relevance
  
  4/10
Anti-Reverse Engineering
- Looks up many procedures within the same disassembly stream (often used to hide usage)
  
  details
  
  Found 23 calls to GetProcAddress@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  Found 16 calls to GetProcAddress@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  Found 16 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  Found 23 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  Found 47 calls to GetProcAddress@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
Environment Awareness
- Contains ability to query CPU information
  
  details
  
  cpuid (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Reads the active computer name
  
  details
  
  "Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "cacls.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "IfEngine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
General
- Contains ability to find and load resources of a specific module
  
  details
  
  FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  FindResourceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Reads configuration files
  
  details
  
  "Engine.exe" read file "%WINDIR%\win.ini"
  
  source
  
  API Call
  
  relevance
  
  4/10
Installation/Persistance
- Creates new processes
 
 details
 
 "<Input Sample>" is creating a new process (Name: "\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF", Handle: 240)
 "Engine.exe" is creating a new process (Name: "%TEMP%\SETUP_7713\00008#IfEngine.exe.00002", Handle: 388)
 
 source
 
 API Call
 
 relevance
 
 8/10
- Drops executable files
 
 details
 
 "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
 "00010#Infront.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
 "00021#vcruntime140.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
 "00018#Newtonsoft.Json.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
 "00013#libcurld.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
 "00009#IfProtocol.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
 "00012#InfrontDS.DLL" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
 "00003#dotNet4.6.2.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
 "IfEngine.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
 "00008#IfEngine.exe" has type "PE32 executable (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
 "InfinancialsExcelAddin2_17708.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
 "Engine.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
 
 source
 
 Binary File
 
 relevance
 
 10/10
Network Related
- Found potential IP address in binary/memory
  
  details
  
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5"
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-in"
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.com"
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0"
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0FONT_NAME=Tahoma"
  Heuristic match: "SetupType=CustomGroupNames=|Main Group|UserData=||||Version=1.0ComposerVersion=12.0.0.5PROG_NAME=Infront Analytics Excel Add-inCOMPANY_URL=https://www.infrontanalytics.comCHAR_SET=0FONT_NAME=TahomaFONT_SIZE=8"
  "12.0.0.5"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
Remote Access Related
- Contains indicators of bot communication commands
 
 details
 
 "IIS-Cmd=>" (Indicator: "cmd=")
 
 source
 
 File/Memory
 
 relevance
 
 10/10
- Reads terminal service related keys (often RDP related)
 
 details
 
 "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
 "Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
 
 source
 
 Registry Access
 
 relevance
 
 10/10
Spyware/Information Retrieval
- Contains ability to enumerate processes/modules/threads
  
  details
  
  CreateToolhelp32Snapshot@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
System Destruction
- Marks file for deletion
  
  details
  
  "%TEMP%\SETUP_7713\Engine.exe" marked "%APPDATA%\Microsoft\Office\Recent\EfFull.LNK" for deletion
  
  source
  
  API Call
  
  relevance
  
  10/10
- Opens file with deletion access rights
  
  details
  
  "Engine.exe" opened "%TEMP%\SETUP_7713\00000#api-ms-win-crt-runtime-l1-1-0.dll" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00003#dotNet4.6.2.exe" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00004#EfAlias.xml" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00005#EfDictionary.csv" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00006#EfPoids.xml" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00007#FieldWizard.xml" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00008#IfEngine.exe" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00008#IfEngine.exe.00002" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00009#IfProtocol.exe" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00010#Infront.dll" with delete access
  "Engine.exe" opened "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\00011#infront_mapping_feed.txt" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\CVR581D.tmp" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Microsoft\Schemas\MS Excel_restart.xml" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Office\Recent\EfFull.LNK" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Infinancials 2.0\XLArad82F46.tmp" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\262696-Infi.xls" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Local\Temp\AD7C3000" with delete access
  "EXCEL.EXE" opened "C:\Users\%USERNAME%\AppData\Roaming\Infinancials 2.0\ENGINE\CD - schkK0Etic_262696_90425.xml" with delete access
  
  source
  
  API Call
  
  relevance
  
  7/10
System Security
- Modifies the access control lists of files
  
  details
  
  Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
  Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
  Process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
Unusual Characteristics
- CRC value set in PE header does not match actual value
 
 details
 
 "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" claimed CRC 333740 while the actual is CRC 16355846
 "00021#vcruntime140.dll" claimed CRC 96123 while the actual is CRC 130404
 "00018#Newtonsoft.Json.dll" claimed CRC 675292 while the actual is CRC 96123
 "00009#IfProtocol.exe" claimed CRC 64787 while the actual is CRC 342812
 "00003#dotNet4.6.2.exe" claimed CRC 1452455 while the actual is CRC 2089584
 "IfEngine.exe" claimed CRC 6359054 while the actual is CRC 1452455
 "00008#IfEngine.exe" claimed CRC 6359054 while the actual is CRC 5239212
 
 source
 
 Static Parser
 
 relevance
 
 10/10
- Imports suspicious APIs
 
 details
 
 RegOpenKeyExA
 GetUserNameA
 RegCloseKey
 LookupAccountNameA
 GetFileAttributesA
 GetDriveTypeA
 GetTempPathA
 WriteFile
 DeviceIoControl
 CopyFileA
 GetModuleFileNameA
 LoadLibraryExA
 UnhandledExceptionFilter
 TerminateProcess
 GetTickCount
 GetVersionExA
 LoadLibraryA
 GetStartupInfoA
 GetFileSize
 OpenProcess
 CreateDirectoryA
 DeleteFileA
 GetProcAddress
 FindFirstFileA
 GetComputerNameA
 FindNextFileA
 CreateFileA
 WinExec
 GetCommandLineA
 GetModuleHandleA
 CreateProcessA
 Sleep
 VirtualAlloc
 ShellExecuteA
 FindWindowA
 GetWindowThreadProcessId
 InternetConnectA
 HttpSendRequestA
 GetModuleFileNameW
 LoadLibraryExW
 GetModuleHandleW
 CryptEncrypt
 IsDebuggerPresent
 GetTickCount64
 SleepEx
 accept
 WSAStartup
 connect
 recv
 send
 listen
 closesocket
 socket
 bind
 recvfrom
 sendto
 SetSecurityDescriptorDacl
 RegCreateKeyExA
 RegCreateKeyA
 RegEnumKeyExA
 CreateFileMappingA
 GetFileAttributesW
 OutputDebugStringW
 OutputDebugStringA
 CreateThread
 GetModuleHandleExW
 ExitThread
 GetStartupInfoW
 CreateDirectoryW
 DeleteFileW
 FindFirstFileExA
 GetTempFileNameA
 CreateFileW
 GetCommandLineW
 MapViewOfFile
 InternetOpenUrlA
 InternetReadFile
 InternetCloseHandle
 FtpOpenFileA
 InternetOpenA
 WSASend
 WSASocketW
 GetDriveTypeW
 LoadLibraryW
 GetComputerNameW
 FindNextFileW
 FindFirstFileW
 CreateProcessW
 
 source
 
 Static Parser
 
 relevance
 
 1/10
- Installs hooks/patches the running process
 
 details
 
 "<Input Sample>" wrote bytes "9498ab7651c1ab76efb2b176ee9cab7675dcad769097ab761099ab7600000000013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c77707f3b7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x70CC1000" (part of module "MSLS31.DLL")
 "Engine.exe" wrote bytes "0857d0750478d9750000000051c1ab769498ab76ee9cab7675dcad76273ead76efb2b1760000000046ce3c77013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x73621000" (part of module "SHFOLDER.DLL")
 "Engine.exe" wrote bytes "9498ab7651c1ab76efb2b176ee9cab7675dcad769097ab761099ab7600000000013d3d7738ed3d77cfcd3c7731233c77de2f3d77c4ca3c7780bb3c77aa6e3d779fbb3c77707f3b7792bb3c7746ba3c770abf3c7700000000" to virtual address "0x70CC1000" (part of module "MSLS31.DLL")
 "EXCEL.EXE" wrote bytes "ba2c2bfc04b98b7bee62ffe1" to virtual address "0x04FBBBDE"
 "EXCEL.EXE" wrote bytes "e9603385f2" to virtual address "0x75684731" ("SysAllocStringByteLen@OLEAUT32.DLL")
 "EXCEL.EXE" wrote bytes "b811110000663d33c0ba9ce1b00568dcf5ee62c3" to virtual address "0x004DA5CC"
 "EXCEL.EXE" wrote bytes "b834000000663d33c0babc9d450068dcf5ee62c3" to virtual address "0x004DA58C"
 "EXCEL.EXE" wrote bytes "5bb8cd2d" to virtual address "0x6A42CA70" (part of module "GFX.DLL")
 "EXCEL.EXE" wrote bytes "e9239987f2" to virtual address "0x75685DEE" ("VariantChangeType@OLEAUT32.DLL")
 "EXCEL.EXE" wrote bytes "b800000000663d33c0ba7c9d450068dcf5ee62c3" to virtual address "0x004DA5AC"
 "EXCEL.EXE" wrote bytes "e99e48acf0" to virtual address "0x773D3D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
 "EXCEL.EXE" wrote bytes "ba94d8fb04b98b7bee62ffe1" to virtual address "0x04FBBC06"
 "EXCEL.EXE" wrote bytes "e9f1c42d" to virtual address "0x2FC64354" (part of module "EXCEL.EXE")
 "EXCEL.EXE" wrote bytes "e99a5484f2" to virtual address "0x75683E59" ("SysFreeString@OLEAUT32.DLL")
 "EXCEL.EXE" wrote bytes "ba68e9b005b98b7bee62ffe1" to virtual address "0x05B2765A"
 "EXCEL.EXE" wrote bytes "bad0ccfa04b98b7bee62ffe1" to virtual address "0x04FBBBF2"
 "EXCEL.EXE" wrote bytes "ba50cbfa04b98b7bee62ffe1" to virtual address "0x04FBBBB6"
 "EXCEL.EXE" wrote bytes "ba4c76bf05b98b7bee62ffe1" to virtual address "0x05B276AA"
 "EXCEL.EXE" wrote bytes "e9365585f2" to virtual address "0x75683EAE" ("VariantClear@OLEAUT32.DLL")
 "EXCEL.EXE" wrote bytes "c4ca3c7780bb3c77aa6e3d779fbb3c7708bb3c7746ce3c7761383d77de2f3d77d0d93c770000000017790f774f910f777f6f0f77f4f70f7711f70f77f2830f77857e0f7700000000" to virtual address "0x73651000" (part of module "MSIMG32.DLL")
 
 source
 
 Hook Detection
 
 relevance
 
 10/10
- Reads information about supported languages
 
 details
 
 "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
 "Engine.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
 "cacls.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000401")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000040D")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000041E")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000042A")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000439")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000420")
 "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000429")
 
 source
 
 Registry Access
 
 relevance
 
 3/10
- Timestamp in PE header is very old or in the future
 
 details
 
 "00018#Newtonsoft.Json.dll" claims program is from Fri Jun 10 13:14:05 2061
 
 source
 
 Static Parser
 
 relevance
 
 10/10
Hiding 4 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 35
Anti-Detection/Stealthyness
- Queries kernel debugger information
  
  details
  
  "EXCEL.EXE" at 00021443-00001496-00000105-60956270
  
  source
  
  API Call
  
  relevance
  
  6/10
Anti-Reverse Engineering
- PE file contains zero-size sections
  
  details
  
  Raw size of "BSS" is zero
  Raw size of ".tls" is zero
  
  source
  
  Static Parser
  
  relevance
  
  10/10
Environment Awareness
- Contains ability to query machine time
  
  details
  
  GetLocalTime@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetLocalTime@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetLocalTime@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  GetLocalTime@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query the machine version
  
  details
  
  GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetVersionExA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  GetVersion@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  GetVersionExA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Contains ability to query volume size
  
  details
  
  GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetDiskFreeSpaceA@KERNEL32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  GetDiskFreeSpaceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  GetDiskFreeSpaceA@KERNEL32.DLL from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  3/10
- Makes a code branch decision directly after an API that is environment aware
  
  details
  
  Found API call GetVersionExA@KERNEL32.DLL (Target: "InfinancialsExcelAddin2.1.exe"; Stream UID: "00017640-00002380-10409-294-00418380")
  which is directly followed by "cmp dword ptr [004376E4h], 06h" and "jc 0041843Dh". See related instructions: "...+39 mov dword ptr [004376E0h], 00000094h+49 push 004376E0h+54 call 00406B7Ch ;GetVersionExA+59 cmp dword ptr [004376E4h], 06h+66 jc 0041843Dh" ... from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
  Found API call GetVersionExA@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-1717-004326C0")
  which is directly followed by "cmp dword ptr [004FABD8h], 06h" and "jc 0043277Dh". See related instructions: "...+39 mov dword ptr [004FABD4h], 00000094h+49 push 004FABD4h+54 call 00407424h ;GetVersionExA+59 cmp dword ptr [004FABD8h], 06h+66 jc 0043277Dh" ... from Engine.exe (PID: 3716) (Show Stream)
  Found API call GetVersion@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-1990-0049BE68")
  which is directly followed by "cmp ax, 0005h" and "jc 0049BEECh". See related instructions: "...+72 xor edx, edx+74 push ebp+75 push 0049C083h+80 push dword ptr fs:[edx]+83 mov dword ptr fs:[edx], esp+86 xor eax, eax+88 mov dword ptr [ebp-1Ch], eax+91 xor ebx, ebx+93 call 0040741Ch ;GetVersion+98 and eax, 000000FFh+103 cmp ax, 0005h+107 jc 0049BEECh" ... from Engine.exe (PID: 3716) (Show Stream)
  Found API call GetDiskFreeSpaceExA@KERNEL32.DLL (Target: "Engine.exe"; Stream UID: "00018430-00003716-26945-2196-004393E4")
  which is directly followed by "cmp eax, 01h" and "jne 004394A7h". See related instructions: "...+127 push 00000000h+129 lea eax, dword ptr [ebp-18h]+132 push eax+133 lea eax, dword ptr [ebp-20h]+136 push eax+137 push ebx+138 mov eax, dword ptr [004FDC28h]+143 mov eax, dword ptr [eax]+145 call eax ;GetDiskFreeSpaceExA+147 cmp eax, 01h+150 sbb eax, eax+152 inc eax+153 test al, al+155 jne 004394A7h" ... from Engine.exe (PID: 3716) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Queries volume information
  
  details
  
  "EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61610838
  "EXCEL.EXE" queries volume information of "%APPDATA%\Infinancials 2.0\XLA\EfFull.xla" at 00021443-00001496-0000010C-61613844
  "EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61716512
  "EXCEL.EXE" queries volume information of "%APPDATA%\Infinancials 2.0\XLA\EfFull.xla" at 00021443-00001496-0000010C-61716668
  
  source
  
  API Call
  
  relevance
  
  2/10
- Queries volume information of an entire harddrive
  
  details
  
  "EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61610838
  "EXCEL.EXE" queries volume information of "C:\" at 00021443-00001496-0000010C-61716512
  
  source
  
  API Call
  
  relevance
  
  8/10
- Reads the cryptographic machine GUID
  
  details
  
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
- Reads the registry for installed applications
  
  details
  
  "Engine.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
  "Engine.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE"; Key: ""; Value: "00000000010000005000000043003A005C00500052004F004700520041007E0031005C004D004900430052004F0053007E0033005C004F0066006600690063006500310034005C0045005800430045004C002E004500580045000000")
  "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IFENGINE.EXE")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\IFENGINE.EXE")
  "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE")
  "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADDRESSBOOK")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER NPAPI")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AUTOITV3")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONNECTION MANAGER")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIRECTDRAWEX")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DXM_RUNTIME")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FONTCORE")
  "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE40")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
General
- Contains PDB pathways
 
 details
 
 "F:\binaries\Intermediate\vbextras\vbpowerpacks.vbproj__268534120\objr\x86\Microsoft.VisualBasic.PowerPacks.Vs.pdb"
 "C:\repos\cs\Infront\Infront\Infront\obj\Release\Infront.pdb"
 "vcruntime140.i386.pdb"
 
 source
 
 File/Memory
 
 relevance
 
 1/10
- Creates a writable file in a temporary directory
 
 details
 
 "<Input Sample>" created file "%TEMP%\SETUP_7713\Engine.exe"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Setup.txt"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Addin2.1TestVersion.qsp"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Modern_Setup.bmp"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Modern_Icon.bmp"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Bulgarian.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Czech.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Danish.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Dutch(Flemish).lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Dutch(Standard).lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Finnish.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\French.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\German.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Greek.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Hebrew.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Hungarian.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Italian.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Russian.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Spanish.lng"
 "<Input Sample>" created file "C:\Users\%USERNAME%\AppData\Local\Temp\SETUP_7713\Swedish.lng"
 
 source
 
 API Call
 
 relevance
 
 1/10
- Creates mutants
 
 details
 
 "\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-58022"
 "\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-58022"
 "\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
 "\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
 "\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
 "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
 "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
 "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
 "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
 "\Sessions\1\BaseNamedObjects\KYIMEShareCachedData.MutexObject.XQkHi6y"
 "\Sessions\1\BaseNamedObjects\KYTransactionServer.MutexObject.XQkHi6y"
 "KYTransactionServer.MutexObject.XQkHi6y"
 "Global\552FFA80-3393-423d-8671-7BA046BB5906"
 "KYIMEShareCachedData.MutexObject.XQkHi6y"
 "Local\ZonesLockedCacheCounterMutex"
 "Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
 "Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
 "Local\ZonesCounterMutex"
 "Local\10MU_ACBPIDS_S-1-5-5-0-58022"
 "Local\ZoneAttributeCacheCounterMutex"
 
 source
 
 Created Mutant
 
 relevance
 
 3/10
- Drops files marked as clean
 
 details
 
 Antivirus vendors marked dropped file "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"), Antivirus vendors marked dropped file "00021#vcruntime140.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "00018#Newtonsoft.Json.dll" as clean (type is "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows")
 
 source
 
 Binary File
 
 relevance
 
 10/10
- Loads rich edit control libraries
 
 details
 
 "<Input Sample>" loaded module "%WINDIR%\System32\riched32.dll" at 73660000
 "<Input Sample>" loaded module "%WINDIR%\System32\riched20.dll" at 6A670000
 "Engine.exe" loaded module "%WINDIR%\System32\riched32.dll" at 73660000
 "Engine.exe" loaded module "%WINDIR%\System32\riched20.dll" at 6A670000
 "EXCEL.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 63190000
 
 source
 
 Loaded Module
- Loads the .NET runtime environment
 
 details
 
 "IfEngine.exe" loaded module "%WINDIR%\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll" at 62580000
 "IfEngine.exe" loaded module "%WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll" at 61A20000
 
 source
 
 Loaded Module
- Process launched with changed environment
 
 details
 
 Process "EXCEL.EXE" (Show Process) was launched with new environment variables: "MEOW="%PROGRAMFILES%\Microsoft Office\Office14\""
 Process "IfEngine.exe" (Show Process) was launched with new environment variables: "WecVersionForRosebud.5D8="4""
 
 source
 
 Monitored Target
 
 relevance
 
 10/10
- Scanning for window names
 
 details
 
 "<Input Sample>" searching for class ".QDebug."
 "<Input Sample>" searching for class ".AutoUpdate.X_UpdateInfinancialsExcelAddin2"
 "<Input Sample>" searching for class "C:\InfinancialsExcelAddin2.1.exe"
 "Engine.exe" searching for class ".QDebug."
 
 source
 
 API Call
 
 relevance
 
 10/10
- Sets a windows hook
 
 details
 
 "EXCEL.EXE" sets a windows hook with filter "WH_KEYBOARD" for thread ID 2156
 
 source
 
 API Call
 
 relevance
 
 10/10
- Spawns new processes
 
 details
 
 Spawned process "Engine.exe" with commandline "/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F" (Show Process)
 Spawned process "cacls.exe" with commandline ""%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F" (Show Process)
 Spawned process "EXCEL.EXE" with commandline "/dde" (Show Process)
 Spawned process "IfEngine.exe" with commandline ", ,True" (Show Process)
 
 source
 
 Monitored Target
 
 relevance
 
 3/10
- The input sample is signed with a certificate
 
 details
 
 The input sample is signed with a certificate issued by "CN=thawte Primary Root CA, OU="c 2006 thawte
 Inc. - For authorized use only", OU=Certification Services Division, O="thawte
 Inc.", C=US" (SHA1: D0:0C:FD:BF:46:C9:8A:83:8B:C1:0D:C4:E0:97:AE:01:52:C4:61:BC; see report for more information)
 The input sample is signed with a certificate issued by "CN=thawte SHA256 Code Signing CA, O="thawte
 Inc.", C=US" (SHA1: AA:CC:9C:16:AB:E0:6E:56:41:3C:6D:FE:1E:FD:FF:0E:48:4F:DB:29; see report for more information)
 
 source
 
 Certificate Data
 
 relevance
 
 10/10
- The input sample is signed with a valid certificate
 
 details
 
 The entire certificate chain of the input sample was validated successfully.
 
 source
 
 Certificate Data
 
 relevance
 
 10/10
Installation/Persistance
- Connects to LPC ports
 
 details
 
 "<Input Sample>" connecting to "\ThemeApiPort"
 "Engine.exe" connecting to "\ThemeApiPort"
 "EXCEL.EXE" connecting to "\ThemeApiPort"
 "IfEngine.exe" connecting to "\ThemeApiPort"
 
 source
 
 API Call
 
 relevance
 
 1/10
- Contains ability to lookup the windows account name
 
 details
 
 LookupAccountNameA@ADVAPI32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
 GetUserNameA@ADVAPI32.DLL from InfinancialsExcelAddin2.1.exe (PID: 2380) (Show Stream)
 GetUserNameA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
 LookupAccountNameA@ADVAPI32.DLL from Engine.exe (PID: 3716) (Show Stream)
 
 source
 
 Hybrid Analysis Technology
 
 relevance
 
 5/10
- Dropped files
 
 details
 
 "00028#Switch_Addin.vbs" has type "ASCII text with CRLF line terminators"
 "00090#Ratios_QR.xls" has type "Composite Document File V2 Document Little Endian O%WINDIR%\Version 10.0 Code page: 1252 Title: Ratios_QR Subject: 1.010 Author: Jse Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 11 13:46:38 2009 Create Time/Date: Tue Jul 7 13:18:23 2009 Last Saved Time/Date: Wed Sep 27 09:49:48 2017 Security: 0"
 "00042#fundamentals_factset_insurance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_insurance Subject: 1.001 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:43:05 2009 Create Time/Date: Wed Aug 13 10:29:53 2003 Last Saved Time/Date: Wed Sep 27 09:37:39 2017 Security: 0"
 "00055#fundamentals_wvb_interim_5yr_banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_wvb_interim_banks Subject: 1.001 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 10:23:10 2009 Create Time/Date: Fri Apr 27 21:18:26 2007 Last Saved Time/Date: Wed Sep 27 09:37:21 2017 Security: 0"
 "00083#market_rebased.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: market_rebased Subject: 1.011 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 18 15:24:43 2009 Create Time/Date: Tue Aug 26 09:40:02 2008 Last Saved Time/Date: Wed Sep 27 09:49:01 2017 Security: 0"
 "00084#market_rebased_pr.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: market_rebased_pr Subject: 1.011 Author: FBO Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Fri Sep 18 15:24:43 2009 Create Time/Date: Tue Aug 26 09:40:02 2008 Last Saved Time/Date: Wed Sep 27 09:49:03 2017 Security: 0"
 "00056#fundamentals_wvb_interim_5yr_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Jul 7 10:47:58 2014 Last Saved Time/Date: Wed Sep 27 09:37:23 2017 Security: 0"
 "estimates.xls" has type "Composite Document File V2 Document Can't read SAT"
 "00053#fundamentals_wvb_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Jul 7 10:47:58 2014 Last Saved Time/Date: Wed Sep 27 09:37:17 2017 Security: 0"
 "00040#fundamentals_factset_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_industrials Subject: 1.001 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:40:05 2009 Create Time/Date: Tue Aug 12 17:35:46 2003 Last Saved Time/Date: Wed Sep 27 09:37:37 2017 Security: 0"
 "00044#fundamentals_factset_interim_finance.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_reuters_interim_industrials Subject: 1.001 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 09:47:46 2009 Create Time/Date: Wed Sep 1 14:25:06 2004 Last Saved Time/Date: Wed Sep 27 09:37:43 2017 Security: 0"
 "00061#fundamentals_wvb_interim_Industrials.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: fundamentals_wvb_interim_Industrials Subject: 1.006 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Dec 15 10:28:37 2009 Create Time/Date: Wed Aug 24 11:19:28 2005 Last Saved Time/Date: Wed Sep 27 09:37:31 2017 Security: 0"
 "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly for MS Windows"
 "00027#Run Vbs.cmd" has type "ASCII text with CRLF line terminators"
 "00086#Stock_Market_History.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Author: AMD Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Mon Dec 10 14:10:42 2012 Last Saved Time/Date: Wed Sep 27 09:47:14 2017 Security: 0"
 "00038#estimates_jcf_Ins.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: estimates_jcf_Ins Subject: 1.008 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Jun 30 09:26:00 2009 Create Time/Date: Tue Jul 12 10:27:29 2005 Last Saved Time/Date: Wed Sep 27 09:15:31 2017 Security: 0"
 "00010#Infront.dll" has type "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly for MS Windows"
 "00021#vcruntime140.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
 "00071#Historic_Trading_Multiples_QR_5yr_Banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: Historic_Trading_Multiples_QR_Banks Subject: 1.006 Author: infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Create Time/Date: Tue Mar 15 17:07:58 2005 Last Saved Time/Date: Wed Sep 27 09:42:47 2017 Security: 0"
 "00037#estimates_jcf_Banks.xls" has type "Composite Document File V2 Document Little Endian Os: Windows Version 10.0 Code page: 1252 Title: estimates_jcf_Banks Subject: 1.008 Author: Infinancials Last Saved By: Gary Hacoun Name of Creating Application: Microsoft Excel Last Printed: Tue Jun 30 09:26:00 2009 Create Time/Date: Tue Jul 12 10:27:29 2005 Last Saved Time/Date: Wed Sep 27 09:14:39 2017 Security: 0"
 
 source
 
 Binary File
 
 relevance
 
 3/10
- Found a string that may be used as part of an injection method
 
 details
 
 "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
 
 source
 
 File/Memory
 
 relevance
 
 4/10
- Monitors specific registry key for changes
 
 details
 
 "EXCEL.EXE" monitors "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" (Filter: 15; Subtree: 1)
 "EXCEL.EXE" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder" (Filter: 4; Subtree: 0)
 "EXCEL.EXE" monitors "\REGISTRY\USER\S-1-5-21-4162757579-3804539371-4239455898-1000\Software\Microsoft\Office\14.0\Excel\Place MRU" (Filter: 4; Subtree: 0)
 "EXCEL.EXE" monitors "\REGISTRY\USER\S-1-5-21-4162757579-3804539371-4239455898-1000\Software\Microsoft\Office\14.0\Excel\File MRU" (Filter: 4; Subtree: 0)
 
 source
 
 API Call
 
 relevance
 
 4/10
- Opens the MountPointManager (often used to detect additional infection locations)
 
 details
 
 "EXCEL.EXE" opened "\Device\MountPointManager"
 
 source
 
 API Call
 
 relevance
 
 5/10
- Touches files in the Windows directory
 
 details
 
 "<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
 "<Input Sample>" touched file "C:\Windows\Fonts\StaticCache.dat"
 "<Input Sample>" touched file "C:\Windows\System32\en-US\user32.dll.mui"
 "<Input Sample>" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
 "<Input Sample>" touched file "C:\Windows\AppPatch\sysmain.sdb"
 "Engine.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
 "Engine.exe" touched file "C:\Windows\Fonts\StaticCache.dat"
 "Engine.exe" touched file "C:\Windows\System32\en-US\user32.dll.mui"
 "Engine.exe" touched file "C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui"
 "Engine.exe" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
 "Engine.exe" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
 "Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
 "Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
 "Engine.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
 "EXCEL.EXE" touched file "C:\Windows\AppPatch\sysmain.sdb"
 "EXCEL.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
 "EXCEL.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
 "EXCEL.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll"
 
 source
 
 API Call
 
 relevance
 
 7/10
Network Related
- Found potential URL in binary/memory
 
 details
 
 Pattern match: "http://www.infinancials.com/add-in/release|UpdateInfinancialsExcelAddin2.info|UpdateInfinancialsExcelAddin2.exe|kwxexgjhkstsuhssketsukvfvjkvvuuwshvctbuvjukekevhjskdvchb|0|"
 Heuristic match: "n0g6O.Lc"
 Heuristic match: "mgn]]R[Wof.kZ"
 Heuristic match: "44[Cs4t.PN"
 Heuristic match: "cJRtGYGY.kY"
 Heuristic match: "~nK%<2!5#.aD"
 Pattern match: "http://t2.symcb.com0"
 Pattern match: "http://t1.symcb.com/ThawtePCA.crl0"
 Pattern match: "http://tl.symcb.com/tl.crl0"
 Pattern match: "https://www.thawte.com/cps0/"
 Pattern match: "https://www.thawte.com/repository0W"
 Pattern match: "http://tl.symcd.com0&"
 Pattern match: "http://tl.symcb.com/tl.crt0"
 Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEHGgtzaV3bGvwjsrmhjuVMs%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: t2.symcb.com"
 Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFBjxN%2BWY73bfUnSOp7HDKJ%2Fbx0wQUV4abVLi%2BpimK5PbC4hMYiYXN3LcCEGSXEE%2FtF8ThqEI29tzroFY%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: tl.symcd.com"
 Pattern match: "https://www.infrontanalytics.com"
 
 source
 
 File/Memory
 
 relevance
 
 10/10
System Security
- Hooks API calls
 
 details
 
 "SysAllocStringByteLen@OLEAUT32.DLL" in "EXCEL.EXE"
 "VariantChangeType@OLEAUT32.DLL" in "EXCEL.EXE"
 "SysFreeString@OLEAUT32.DLL" in "EXCEL.EXE"
 "VariantClear@OLEAUT32.DLL" in "EXCEL.EXE"
 "OleLoadFromStream@OLE32.DLL" in "EXCEL.EXE"
 
 source
 
 Hook Detection
 
 relevance
 
 10/10
- Opens the Kernel Security Device Driver (KsecDD) of Windows
 
 details
 
 "<Input Sample>" opened "\Device\KsecDD"
 "Engine.exe" opened "\Device\KsecDD"
 "EXCEL.EXE" opened "\Device\KsecDD"
 "IfEngine.exe" opened "\Device\KsecDD"
 
 source
 
 API Call
 
 relevance
 
 10/10
- Queries sensitive IE security settings
 
 details
 
 "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
 
 source
 
 Registry Access
 
 relevance
 
 8/10
Unusual Characteristics
- Found Delphi 4 - Delphi 2006 artifact
  
  details
  
  "InfinancialsExcelAddin2.1.exe.bin" has a PE timestamp using the buggy magic timestamp 0x2A425E19.
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Matched Compiler/Packer signature
  
  details
  
  "InfinancialsExcelAddin2.1.exe.bin" was detected as "BobSoft Mini Delphi -> BoB / BobSoft"
  "00016#Microsoft.VisualBasic.PowerPacks.Vs.dll" was detected as "Microsoft visual C# / Basic .NET"
  "00010#Infront.dll" was detected as "Microsoft visual C# / Basic .NET"
  "00021#vcruntime140.dll" was detected as "Borland Delphi 3.0 (???)"
  "00018#Newtonsoft.Json.dll" was detected as "Morphine v1.2 (DLL)"
  "00013#libcurld.dll" was detected as "Borland Delphi 3.0 (???)"
  "00009#IfProtocol.exe" was detected as "Microsoft visual C# v7.0 / Basic .NET"
  "00012#InfrontDS.DLL" was detected as "Borland Delphi 3.0 (???)"
  "00003#dotNet4.6.2.exe" was detected as "VC8 -> Microsoft Corporation"
  
  source
  
  Static Parser
  
  relevance
  
  10/10

File Details

All Details:

InfinancialsExcelAddin2.1.exe

Filename: InfinancialsExcelAddin2.1.exe
Size: 16MiB (16354832 bytes)
Type: peexe executable
Description: PE32 executable (GUI) Intel 80386, for MS Windows
Architecture
: WINDOWS
SHA256
: b5ee0c25cb5647b5139ea47954666f6ae4c7ed3c69a2d76fa204f305b4fca7ee
MD5
: 7fa2b659b31792c9c075aad645dbf8d0
SHA1
: 8dd67ae18fe7691b3ec1c580b2a89dec3b1e9054
ssdeep
: 393216:7T4ZgnrPvrK+1esoX72MGn3Min0j6sT7RLd8NRfqMUb6ud:AZaB4/L2MGn8i0OsfThd
imphash
: 2f45afee24007023355d72f427440a0b
authentihash
: 4a64f9d81b5ce43fb4803e82136e15525368aacec48859c32a3f6f9fd3a653fe
Compiler/Packer
: BobSoft Mini Delphi -> BoB / BobSoft
PDB Pathway

Resources

Language
: NEUTRAL
Icon

Visualization

Input File (PortEx)

Version Info

LegalCopyright: Copyright Infront Analytics
ProductName: Infront Analytics Excel Add-in
LegalTrademarks: Infront Analytics
Comments: -
CompanyName: Infront Analytics
Translation: 0x0409 0x04e4

Classification (TrID)

48.9% (.EXE) InstallShield setup
16.6% (.EXE) Win32 Executable Delphi generic
14.8% (.SCR) Windows Screen Saver
7.4% (.DLL) Win32 Dynamic Link Library (generic)
5.1% (.EXE) Win32 Executable (generic)

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5	Characteristics
Name CODE Entropy 6.50475134426 Virtual Address 0x1000 Virtual Size 0x35294 Raw Size 0x35400 MD5 b4554624a701afea944e9946051e209f	CODE	6.50475134426	0x1000	0x35294	0x35400	b4554624a701afea944e9946051e209f	-
Name DATA Entropy 3.29624990068 Virtual Address 0x37000 Virtual Size 0x21d4 Raw Size 0x2200 MD5 98da4b706ed09a693a1c817a5004e6b6	DATA	3.29624990068	0x37000	0x21d4	0x2200	98da4b706ed09a693a1c817a5004e6b6	-
Name BSS Entropy 0 Virtual Address 0x3a000 Virtual Size 0xc9d Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	BSS	0	0x3a000	0xc9d	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .idata Entropy 4.84963266284 Virtual Address 0x3b000 Virtual Size 0x154e Raw Size 0x1600 MD5 468a1e1372e02f349c9e20efa32c0196	.idata	4.84963266284	0x3b000	0x154e	0x1600	468a1e1372e02f349c9e20efa32c0196	-
Name .tls Entropy 0 Virtual Address 0x3d000 Virtual Size 0xc Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.tls	0	0x3d000	0xc	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .rdata Entropy 0.20448815744 Virtual Address 0x3e000 Virtual Size 0x18 Raw Size 0x200 MD5 0f37a8f980e2e68c947c1102fd27ff2f	.rdata	0.20448815744	0x3e000	0x18	0x200	0f37a8f980e2e68c947c1102fd27ff2f	-
Name .reloc Entropy 6.69798920082 Virtual Address 0x3f000 Virtual Size 0x3294 Raw Size 0x3400 MD5 e54c780f77f4525dbc2dad5237733225	.reloc	6.69798920082	0x3f000	0x3294	0x3400	e54c780f77f4525dbc2dad5237733225	-
Name .rsrc Entropy 4.9139177337 Virtual Address 0x43000 Virtual Size 0x3538 Raw Size 0x3600 MD5 aac002cde13ee2c80e8351205f138048	.rsrc	4.9139177337	0x43000	0x3538	0x3600	aac002cde13ee2c80e8351205f138048	-

File Resources

Details	Name	RVA	Size	Type	Language
Name RT_ICON RVA 0x43378 Size 0x10a8 Type dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4278605676, next used block 4278605676 Language Neutral	RT_ICON	0x43378	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4278605676, next used block 4278605676	Neutral
Name RT_ICON RVA 0x44420 Size 0x2e8 Type data Language Hebrew	RT_ICON	0x44420	0x2e8	data	Hebrew
Name RT_STRING RVA 0x44708 Size 0x200 Type data Language Neutral	RT_STRING	0x44708	0x200	data	Neutral
Name RT_STRING RVA 0x44908 Size 0x1ac Type data Language Neutral	RT_STRING	0x44908	0x1ac	data	Neutral
Name RT_STRING RVA 0x44ab4 Size 0xec Type data Language Neutral	RT_STRING	0x44ab4	0xec	data	Neutral
Name RT_STRING RVA 0x44ba0 Size 0x1e4 Type data Language Neutral	RT_STRING	0x44ba0	0x1e4	data	Neutral
Name RT_STRING RVA 0x44d84 Size 0x3f4 Type data Language Neutral	RT_STRING	0x44d84	0x3f4	data	Neutral
Name RT_STRING RVA 0x45178 Size 0x340 Type data Language Neutral	RT_STRING	0x45178	0x340	data	Neutral
Name RT_STRING RVA 0x454b8 Size 0x2c0 Type data Language Neutral	RT_STRING	0x454b8	0x2c0	data	Neutral
Name RT_RCDATA RVA 0x45778 Size 0x10 Type Sendmail frozen configuration Language Neutral	RT_RCDATA	0x45778	0x10	Sendmail frozen configuration	Neutral
Name RT_RCDATA RVA 0x45788 Size 0x230 Type data Language Neutral	RT_RCDATA	0x45788	0x230	data	Neutral
Name RT_GROUP_ICON RVA 0x459b8 Size 0x14 Type MS Windows icon resource - 1 icon, 32x32, 16 colors Language Hebrew	RT_GROUP_ICON	0x459b8	0x14	MS Windows icon resource - 1 icon, 32x32, 16 colors	Hebrew
Name RT_VERSION RVA 0x459cc Size 0x258 Type data Language Neutral	RT_VERSION	0x459cc	0x258	data	Neutral
Name RT_VERSION RVA 0x45c24 Size 0x37c Type data Language Hebrew	RT_VERSION	0x45c24	0x37c	data	Hebrew
Name RT_MANIFEST RVA 0x45fa0 Size 0x595 Type XML 1.0 document, ASCII text, with CRLF line terminators Language English	RT_MANIFEST	0x45fa0	0x595	XML 1.0 document, ASCII text, with CRLF line terminators	English

File Imports

GetUserNameA

LookupAccountNameA

RegCloseKey

RegOpenKeyExA

RegQueryValueExA

InitCommonControls

CreateFontA

CreatePen

CreateSolidBrush

DeleteObject

GetDeviceCaps

GetTextExtentPoint32A

GetTextMetricsA

LineTo

MoveToEx

SelectObject

CloseHandle

CompareStringA

CopyFileA

CreateDirectoryA

CreateEventA

CreateFileA

CreatePipe

CreateProcessA

DeleteCriticalSection

DeleteFileA

DeviceIoControl

DosDateTimeToFileTime

EnterCriticalSection

EnumCalendarInfoA

ExitProcess

FileTimeToDosDateTime

FileTimeToLocalFileTime

FindClose

FindFirstFileA

FindNextFileA

FormatMessageA

FreeLibrary

GetACP

GetCommandLineA

GetComputerNameA

GetCPInfo

GetCurrentProcess

GetCurrentProcessId

GetCurrentThreadId

GetDateFormatA

GetDiskFreeSpaceA

GetDriveTypeA

GetEnvironmentVariableA

GetExitCodeProcess

GetFileAttributesA

GetFileSize

GetFileType

GetFullPathNameA

GetLastError

GetLocaleInfoA

GetLocalTime

GetModuleFileNameA

GetModuleHandleA

GetPrivateProfileStringA

GetProcAddress

GetShortPathNameA

GetStartupInfoA

GetStdHandle

GetStringTypeExA

GetSystemDirectoryA

GetTempPathA

GetThreadLocale

GetTickCount

GetVersion

GetVersionExA

GetWindowsDirectoryA

GlobalAddAtomA

GlobalDeleteAtom

GlobalFindAtomA

InitializeCriticalSection

InterlockedDecrement

InterlockedIncrement

IsDBCSLeadByte

IsValidLocale

LeaveCriticalSection

LoadLibraryA

LoadLibraryExA

LocalAlloc

LocalFileTimeToFileTime

LocalFree

lstrcpynA

lstrlenA

MoveFileA

MulDiv

MultiByteToWideChar

OpenProcess

PeekNamedPipe

QueryPerformanceCounter

QueryPerformanceFrequency

RaiseException

ReadFile

RemoveDirectoryA

ResetEvent

RtlUnwind

SetCommTimeouts

SetCurrentDirectoryA

SetEndOfFile

SetErrorMode

SetEvent

SetFileAttributesA

SetFilePointer

SetFileTime

Sleep

TerminateProcess

TlsGetValue

TlsSetValue

UnhandledExceptionFilter

VirtualAlloc

VirtualFree

VirtualQuery

WaitForSingleObject

WideCharToMultiByte

WinExec

WriteFile

WritePrivateProfileStringA

SafeArrayCreate

SafeArrayGetLBound

SafeArrayGetUBound

SafeArrayPtrOfIndex

SysAllocStringLen

SysFreeString

SysReAllocStringLen

VariantChangeType

VariantClear

VariantCopy

VariantInit

ShellExecuteA

BeginPaint

CharNextA

CharToOemA

CreateWindowExA

DefWindowProcA

DispatchMessageA

DrawIcon

EnableMenuItem

EnableWindow

EndPaint

EnumWindows

FillRect

FindWindowA

GetActiveWindow

GetClassNameA

GetClientRect

GetDC

GetDesktopWindow

GetFocus

GetKeyboardType

GetMessageA

GetSysColor

GetSystemMenu

GetSystemMetrics

GetWindow

GetWindowLongA

GetWindowRect

GetWindowTextA

GetWindowThreadProcessId

IsWindowVisible

KillTimer

LoadCursorA

LoadIconA

LoadStringA

MessageBoxA

OemToCharA

PeekMessageA

PostMessageA

PostQuitMessage

RegisterClassA

RegisterWindowMessageA

ReleaseDC

SendMessageA

SetActiveWindow

SetFocus

SetTimer

SetWindowLongA

SetWindowPos

ShowWindow

SystemParametersInfoA

TranslateMessage

UnregisterClassA

GetFileVersionInfoA

GetFileVersionInfoSizeA

VerQueryValueA

HttpOpenRequestA

HttpSendRequestA

InternetConnectA

InternetGetLastResponseInfoA

InternetSetOptionA

File Certificates

Certificate chain was successfully validated.

Download Certificate File (Unknown)

Owner	Issuer	Validity	Hashes (MD5, SHA1)
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US	CN=thawte Primary Root CA, OU="c 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Serial: 71a0b73695ddb1afc23b2b9a18ee54cb	12/10/2013 01:00:00 12/10/2023 00:59:59	87:19:53:A9:8D:41:50:C3:3C:69:A0:C5:AE:9A:68:C6 D0:0C:FD:BF:46:C9:8A:83:8B:C1:0D:C4:E0:97:AE:01:52:C4:61:BC
CN=Infinancials, O=Infinancials, L=Paris, ST=Paris, C=FR	CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US Serial: 6497104fed17c4e1a84236f6dceba056	08/29/2017 01:00:00 09/08/2019 00:59:59	EC:88:E9:68:90:AB:F1:8F:D4:B3:90:61:2B:9E:2B:29 AA:CC:9C:16:AB:E0:6E:56:41:3C:6D:FE:1E:FD:FF:0E:48:4F:DB:29

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 7 processes in total (System Resource Monitor).

InfinancialsExcelAddin2.1.exe (PID: 2380) 1/66
- Engine.exe /TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe" (PID: 3716) Hash Seen Before
  - cacls.exe "%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F (PID: 3676)
  - cacls.exe "%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F (PID: 3740)
  - cacls.exe "%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F (PID: 3632)
  - EXCEL.EXE /dde (PID: 1496) Hash Seen Before
    - IfEngine.exe , ,True (PID: 2700) Hash Seen Before

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

Download All Memory Strings (16KiB)

! (<DRIVE>)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!"#$%&'()*+,-./0123456789:;<=?>@ABCDEFGHIJKLMNOP

Unicode based on Dropped File (00021#vcruntime140.dll.926278664)

!$94/-?+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!'DHeN\0?

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!0hqEmdm%'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!6?R7q|!5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!6?R7q|m

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!8(jXPVrbF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!@x[@x;~5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!a8J.[T3l

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!C^UQQxuQvg

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!Cs"~gr2X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!DataRepeaterEventUserDeletedItems

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

!DataRepeaterPropItemHeaderVisible

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

!e@5,3rO

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!EaKxxkF(

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!f]+X8wulI8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!g[#dLzhL{,fL>B&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!gq1L^Dg'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!http://t1.symcb.com/ThawtePCA.crl0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!https://www.thawte.com/repository0W

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!oa:#&/|-

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!ot^4JdK

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!Q~Fq1uO@P

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!ShapeEventContextMenuStripChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

!SimpleShapeEventClientSizeChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

!U#_z{S_+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!weGDEFB50

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!xQ x1B0nC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!zK3DQXS{

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

!}LXsQZkW

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"%APPDATA%\Infinancials 2.0"

Unicode based on Runtime Data (Engine.exe )

"%APPDATA%\Infinancials 2.0" /T /E /C /G Everyone:F

Ansi based on Process Commandline (cacls.exe)

"%APPDATA%\Infinancials 2.0\Engine\logo_xl-ConvertImage.ico",

Unicode based on Runtime Data (Engine.exe )

"%APPDATA%\Infinancials 2.0\English.lng" /E /C /G Everyone:F

Ansi based on Process Commandline (cacls.exe)

"%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe"

Unicode based on Runtime Data (Engine.exe )

"%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /E /C /G Everyone:F

Ansi based on Process Commandline (cacls.exe)

"%APPDATA%\Infinancials 2.0\InfinancialsExcelAddin2_17708.exe" /silent

Unicode based on Runtime Data (Engine.exe )

"(RCx(RCE

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

",{p&:EX*b

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"2/5?riB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"3#3ql66M

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"50y!;U-

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"72~y~cnQ?wT

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"\,P\sbXQ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"]^PVPahLf

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"a7SdgDv&dgD

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"agTdCD6$d

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"asInvoker"

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00401000.00000040.mdmp)

"avzka0Yo

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"C:\InfinancialsExcelAddin2.1.exe"

Unicode based on Runtime Data (Engine.exe )

"DataRepeaterEventDataMemberChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

"DataRepeaterEventDataSourceChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

"DataRepeaterEventUserDeletingItems

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

"DataRepeaterPropDisplayedItemCount

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

"DataRepeaterPropIsCurrentItemDirty

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

"fG<*wVDi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"GsjI:fFsh

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"i?jy|UR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"kf4!kg4$k

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"m-ibn^`e

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"mHYqm}Zn

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"n^*)T}hXF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"o+UlACgp/

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"requireAdministrator"

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00401000.00000040.mdmp)

"RTLConsts

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"t%u3T:$!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"w_?=vjc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

"xSls:2Zx*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#/bcd0z}M

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#0Ejd_Qn

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#2yDs2edK2}\'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#6>>#;65+1!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#7'}ANnNINV1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#<DISK_NUM>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#[rDw75f`

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#`$9(gPv}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#DataRepeaterEventLayoutStyleChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

#DataRepeaterEventVirtualModeChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

#DataRepeaterPropAllowUserToAddItems

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

#dLzhL{,fL>B&qM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#E'{4Z[t3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#GkiW.fIQ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#H(+>S|zGs

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#H]Kju|qm

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#IWBzE%=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#jcccccce

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#js`s`s`e

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#l!#[6QQ8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#Strings

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

#u u"u!u#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#WgRW8*&'!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#z#z#z#: : : : : : : : : : : : : : :

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

#z50%jYV

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$ a)ap44v

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$!$SH"HbH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$)1f`bRbzb<:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$*ky/`DUY

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$1g}C&K:$y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$2~gTlM`G

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$4YBOI(GB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$8cfd0f27-b504-4ab9-80cd-4dc52d2003b2

Ansi based on Dropped File (00010#Infront.dll.919218294)

$<(^+K]}V

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$]v@~Iu#bAg

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$dI$,-y&J$,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$Error creating variant or safe array)Variant or safe array index out of bounds

Unicode based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$iH]xCXTO3c

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$jJ,>e<)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$K`$zI:Y$_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$lRHXaHXQH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$mT0&[Uj

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$o1t%yhfg

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$QdTjxU>F

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$R8oV3%f3;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$SimpleShapePropBackgroundImageLayout

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

$TMultiReadExclusiveWriteSynchronizer

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$U{^!}b!}Ql

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$VarUtils

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$XR,-,],N

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$y$cIrqeO:f

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

$|Cxv*VNE

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%&DbB$&TbB%&Lb

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%,a:=9bt

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%,QWSj+*7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%.(=h 4qU

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%1E35Ws4#1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%4[Bs$4WB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%6QwM4;$

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%7ETT]%w,b

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%8&>(Be_L

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%: : : : : : : : : : : : : : : : : : k

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%;Csg-k^\

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%=yIOxte!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%@Ig;X[7:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%\||G:5!k

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%A`@l<26

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%APPDATA%\Infinancials 2.0\ENGINE

Unicode based on Runtime Data (EXCEL.EXE )

%APPDATA%\Infinancials 2.0\XLA

Unicode based on Runtime Data (Engine.exe )

%APPDATA%\Infinancials 2.0\XLA\EfFull.xla

Unicode based on Runtime Data (Engine.exe )

%CwM&ok&o[&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%d.%d.%d.%d

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%d/%d BytesArr

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%gyNYf33O\

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%i!&P=8sL

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%k>C03.T0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%kEB)=:i (|r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%M}rX4?~

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%O2,y>ai{

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%PROGRAMFILES%\Microsoft Office\Office14\EXCEL.EXE

Unicode based on Runtime Data (EXCEL.EXE )

%QK|~2o%QL

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%R5"h.d))

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%s - %s KB/Sec

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%s (%s, line %d)

Unicode based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%s%s%s%s%s

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%s.Seek not implemented$Operation not allowed on sorted list

Unicode based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%s_%d_%d.BAT

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00401000.00000040.mdmp)

%SwR-B_p|O

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

%TEMP%\VBE

Unicode based on Runtime Data (EXCEL.EXE )

%TEMP%\VBE\MSForms.exd

Unicode based on Runtime Data (EXCEL.EXE )

%XXIX)XiX

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&"d"d!P=d

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&"e e"e!MB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&#n.Qz=<ge

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&#U U"U!U#MA

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&%fp<0{'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&'ck0gy@"

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&'ck0gyH`Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&'ck0gyQ"

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&)Ud73"ji

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&4*7C_W>F

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&4Gnw8nw:n=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&4Gnw8nw:nu

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&4r{1iC-%V

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&7'qV~-&t!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&87*V\mxEm

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&87*V\mxEmxNlx

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&: : : : : : : : : : : : : : : :

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&;.7joqLr

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&;v%{{q_]

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&_oi=67O

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&bIFXv`'Hg!/

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&CCOYKWUU\E]

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&cPKL[fnr

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&DataRepeaterEventSelectionColorChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

&DataRepeaterPropAllowUserToDeleteItems

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

&enCnpc/;;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&i_2SScLX|;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&jv-"EM'r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&kHK~a>;4S

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&oarJ1 5+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&SimpleShapeEventBackgroundImageChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

&vpfF),Lf

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

&ZF6hF6rF6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'!=%F8E2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'#8NyN&kj

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'%9 t)si6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'1%ZH3/hM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'2216HF6I

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'5j"_l}z1*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'7=.5{b..

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'8;0&P2r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

':_T]TCTST

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'[K [K![K

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

']mufZn"c

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'^Z~l95kgU

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'_O?8p]j

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'BFX,oH`xJ23=N

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'c`i]jHFmi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'DataRepeaterPropFirstDisplayedItemIndex

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

'K)EXEkbV

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'Microsoft.VisualBasic.PowerPacks.Vs.dll

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

'nl{_I{%A

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'SimpleShapePropDefaultFillGradientColor

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

'thawte Primary Root SHA1 OCSP Responder0

Ansi based on PCAP Processing (network.pcap)

'uT'Y'3;i

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'VXmpImpF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

'xS~wqCSU

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

( >j_ ^4XIb^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

("%-5(eP*)%

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

("`,GTpVP{

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(-nH*][\Z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(5FHK}WJ=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(6U72ubusdF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(6xa6xa6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(<DRIVE>)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(=J^.=~-}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(\4gWt@"b$

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(a:Ph'|n-8>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

Unicode based on Dropped File (Engine.exe.3781612541)

(DataRepeaterEventCurrentItemIndexChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

(Default)

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

(EE,( *""(

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(i26GIO<2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(KJjXjT|TB*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-7g:<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-7g:<}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-7W:<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-7W:<=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-7W:<}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;f:<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;f:<=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;f:<}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;V:<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;V:<=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-;V:<}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:=-FW:<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m:g@-e:f

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(m;=}'==@OGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(NOz$xx+(K(

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(PX^{B&su

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(X_/E3a\4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

(~~Juw9.i

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

) Method:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)#g\i^g.2?#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)$(drBpVQ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)*(:JTHt4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)*qdY{oI`

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)1.1)52i:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)8p(~J+$RP=!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)?tF 2%W3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)@QkB%(D

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)^N#%B2)w;M

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)aGZ0n`NN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)b3<d@)Nr

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)CD-Kn*p$L5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)CD-zn*p$L5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)DataRepeaterEventItemHeaderVisibleChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

)F:\\dd\\tools\\devdiv\\FinalPublicKey.snk

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

)gVnv=UM3N

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)Lv,EI%%y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)wnb~babQb1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)z62b1fDu

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

)}hL)@i<6h|

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

* *6.9%VN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*#,}yT,#,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*$.l3={%}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*$lUHXuHXMHX<$luH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*%3XIs'|

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*%s*%s*%s*

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00401000.00000040.mdmp)

*)b]A6e=3^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*** RegASM ***

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

**<)>:!*Q3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*+=fXD3~_y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*5"2|)ksY

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*9.6%-,(|PJpJj

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*;4n9W^1M

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*;RV3FHVH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*E?fDEL'r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*l/#"=puOn

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*lRsokpUv

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*Microsoft.VisualBasic.PowerPacks.LineShape.Microsoft.VisualBasic.PowerPacks.LineShape.bmp

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

*Microsoft.VisualBasic.PowerPacks.OvalShape.Microsoft.VisualBasic.PowerPacks.OvalShape.bmp

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

*oeiQA~eaqi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*Q\Ap$:=p

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*ShellAPI

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

*Ud#D6"d#DB-+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+ iT iT{\

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+*SZ^&L-/cZ^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+-=uhzbFFr*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+1#35)"sGmmDf

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+68g68g68

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+;#Y>AIz"

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+d.aSzz\Q

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+DataRepeaterEventAllowUserToAddItemsChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

+EXYM]U}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+f%h'Bz9y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+HfsqSF`x'ab

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+I1>l]oll

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+JvZlqZ8&f

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+OU_O&%Cq=U&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+r8!~Jd0<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+ShapePropAccessibleDefaultActionDescription

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

+VbA\>a6X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+VSi0,YF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+W92|rz$N

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+x Qcztq#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+y$y$y$: :

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+yuv|gzB:0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+{Sm"l"l"

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

+{SmClClC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

, DISK #<DISK_NUM>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,&vTtva~ZQzVBZz

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,'ym]JB;j'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,*-*#:ETVTNT^TAt*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,,e`rVVFV

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,,wX40XX60

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,6|i6|i6|

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,7iXn+,wS

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,7iXnb,7X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,7jXnd,7X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,7mXnj,7X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,<ellipsis>

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

,]=+R=[WK

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,^#ronC>bm

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,A;@W_ZTrI

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,E&A:7U#DDDH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,f8wT,S9[

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,j``8:?e@

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,Mzqd&Gkatf

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,PropertyDescriptionStr_PrintForm_PrintAction

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

,SimpleShapeEventBackgroundImageLayoutChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

,T?w$=e4W

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,thawte SHA256 Code Signing CA OCSP Responder0

Ansi based on PCAP Processing (network.pcap)

,wa,wa,wQc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,we,we,wUc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,wf,wf,wVc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,wi,wi,wYc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,wn,wn,w^c

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,X:olg+;[

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,XR0K0+0k0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

,}8P$k!=G

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

- 0(8$4,<"

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

- wm_Destroy -

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

- wm_Quit -

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-!lIaK[Z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-"#^1sI"NlK

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-") P3p+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-"X"ea@+w!pi6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-$-xL!iAaI

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-'7>79=9#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-+)cTjt`W

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-,0l!k5wL

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

--- Error downloading file

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

--- File Not Found !

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

------ FindClassName=

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

-------------- JustDownloadInfoFile ---------------

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-43JHrNHS$

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-6;D~))zM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-8ii@Bt9ht

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> Windows 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> </application> </compatibility></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-@xI@x)|Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-CA3,+@3-

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-cS^%W-O/s2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-E-3*<ZhU

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-f+Ii/^.Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-IXHpHxphH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

-Microsoft.VisualBasic.PowerPacks.DataRepeater1Microsoft.VisualBasic.PowerPacks.DataRepeater.bmp

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

-PropertyDescriptionStr_PrintForm_DocumentName

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

.#gvA6?6X

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.,{x'q]X>2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.-*;<:^n

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. CloseMainWindow() - End

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. CloseMainWindow() - Start

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. DestroyMainWindow() - End

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. DestroyMainWindow() - Start

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. PostMessage(WM_DESTROY)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. ReStartAutoUpdateExe() - End

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. ReStartAutoUpdateExe() - Start

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.. WinExec -

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

...Varmista ett

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

./=nX6'+6Db

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.60Xl6Sy0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.;A{}T5>4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.Jatketaanko asennusta?Size: <SIZE> MB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.?-~a9. >1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.?AV__non_rtti_object@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVbad_alloc@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVbad_cast@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVbad_exception@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVbad_typeid@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVcharNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVDNameNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVDNameStatusNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVexception@std@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVpairNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVpcharNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVpDNameNode@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?AVtype_info@@

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.?{J^p@l

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.[9`]P%|R

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.[|nW[gfqYW

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.^?9uz~Su

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.AutoUpdate.

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.AutoUpdate.X_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.AutoUpdate.X_UpdateInfinancialsExcelAddin2

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

.c]X^RM_zz

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.DataRepeaterEventAllowUserToDeleteItemsChanged

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

.E/'=.B>K^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.JPzQ7-Jp

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.lCk?#}"G

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.mAq0Tkl\

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.original

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.PropertyDescriptionStr_PrintForm_PrintFileName

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

.q1qwk|&F~

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.Q_DebugMsg.

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.qoL/:O!/

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.rdata$sxdata

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.rdata$vtableC

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.rdata$zzzdbg

Ansi based on Dropped File (00021#vcruntime140.dll.926278664)

.SDialog_Class_Name.

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.VisualBasic

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

.zlZ"~?tZ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

.~4b& l^Di

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/"vt44`Ks

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/$,&,,(*.)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/&-?SWg.-2\L

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/)="=6".1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/,!,.,>8"&>!"84!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/3I~9X<"5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/3uZk@DS4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/6<o6<o6<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/:#:#:#: : : : : : : : : : : : : : : :

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/[,[*[.[![%[-+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/[|By)Rk0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/^PQT^SQL

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/_ZZ=99 /WAIT=10 /TRANSIENT=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/AutoUpdateProg

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/iL?*?h{Ic

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/jkbkbkbe

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/jmp/!CEG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/jsbsbsbe

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/kd;/+FW/kfO/+y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/Microsoft.VisualBasic.PowerPacks.RectangleShape3Microsoft.VisualBasic.PowerPacks.RectangleShape.bmp

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

/OriginalInfoFile="

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/OriginExe

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/OriginExe=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/OriginExe="

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/SLangId

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe , 00017640-00002380.00000002.24131.0043E000.00000002.mdmp)

/SpanCdLvl=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/SpanCdLvl=2 /SpanDiskFName1="

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/SpanDiskFName1=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/T/[yGYcW

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/TH_ID=_3240 /OriginExe="C:\InfinancialsExcelAddin2.1.exe"

Ansi based on Process Commandline (Engine.exe)

/TRANSIENT=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/TRANSIENTx=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/Uninstall Engine

Unicode based on Dropped File (Engine.exe.3781612541)

/Z Z(Z$Z,zH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

/ï¿½ï¿½ï¿½ï¿½ï¿½

Ansi based on Runtime Data (EXCEL.EXE )

/ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½/ï¿½ï¿½

Ansi based on Runtime Data (EXCEL.EXE )

0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0 0$0(0,0004080H0h0p0t0x0|0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0 0(00080@0H0P0X0`0h0p0x0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0 020<0I0[0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0 Xl6W^C8o.

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0!!8d,:J&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0!050S0u0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0"mQDZaDZQDZqDZID

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0$0D0P0T0X0\0`0d0h0l0x0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0&1+1z1;2I2X2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0&[[![M [

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0&[G![] [Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0&[K![E [

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0&[K![U [

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0,YY<wA';

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0.0;0G0T0f0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0/040<0N0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0/1:1G1T1i1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

00000#api-ms-win-crt-runtime-l1-1-0.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00000#api-ms-win-crt-runtime-l1-1-0.dll.00002

Unicode based on Runtime Data (Engine.exe )

00001#Infront_RTD.xlsx

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00002#Infront_RTD2.xlsx

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00003#dotNet4.6.2.exe

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00003#dotNet4.6.2.exe.00002

Unicode based on Runtime Data (Engine.exe )

00004#EfAlias.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00004#EfAlias.xml.00002

Unicode based on Runtime Data (Engine.exe )

00004109210000000000000000F01FEC

Unicode based on Runtime Data (EXCEL.EXE )

00005#EfDictionary.csv

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00005#EfDictionary.csv.00002

Unicode based on Runtime Data (Engine.exe )

00006#EfPoids.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00006#EfPoids.xml.00002

Unicode based on Runtime Data (Engine.exe )

00007#FieldWizard.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00007#FieldWizard.xml.00002

Unicode based on Runtime Data (Engine.exe )

00008#IfEngine.exe

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00008#IfEngine.exe.00002

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00008#IfEngine.exe.00003

Unicode based on Runtime Data (Engine.exe )

00009#IfProtocol.exe

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00009#IfProtocol.exe.00002

Unicode based on Runtime Data (Engine.exe )

00010#Infront.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00010#Infront.dll.00002

Unicode based on Runtime Data (Engine.exe )

00011#infront_mapping_feed.txt

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00011#infront_mapping_feed.txt.00002

Unicode based on Runtime Data (Engine.exe )

00012#InfrontDS.DLL

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00013#libcurld.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00014#logo_xl-ConvertImage.ico

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00015#logoie9.ico

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00016#Microsoft.VisualBasic.PowerPacks.Vs.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00017#ModelLibrary.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00018#Newtonsoft.Json.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00019#Newtonsoft.Json.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00020#Ontrade.tlb

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00021#vcruntime140.dll

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00022#Clean_Reg.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00023#CloseExcelEngine.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00024#Del_Reg.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00025#Disable_Lauch.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00026#Restart_Engine.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00027#Run Vbs.cmd

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00028#Switch_Addin.vbs

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00029#Update_Addin.xml

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00030#EfFull.2.10057.xla

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00031#EfFull.xla

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00032#EfRibbon.xlam

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00033#EfRibbon2.xlam

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00034#LogoInfin.png

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00035#PushModelMap.txt

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00036#estimates.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00036#estimates.xls.00002

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00037#estimates_jcf_Banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00038#estimates_jcf_Ins.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00039#fundamentals_factset_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00040#fundamentals_factset_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00041#fundamentals_factset_industrials.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00042#fundamentals_factset_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00043#fundamentals_factset_interim_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00044#fundamentals_factset_interim_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00045#fundamentals_factset_interim_industrials.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00046#fundamentals_factset_interim_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00047#fundamentals_wvb_5yr.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00048#fundamentals_wvb_5yr_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00049#fundamentals_wvb_5yr_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00050#fundamentals_wvb_5yr_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00051#fundamentals_wvb_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00052#fundamentals_wvb_cfpremium.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00053#fundamentals_wvb_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00054#fundamentals_wvb_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00055#fundamentals_wvb_interim_5yr_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00056#fundamentals_wvb_interim_5yr_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00057#fundamentals_wvb_interim_5yr_Industrials.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00058#fundamentals_wvb_interim_5yr_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00059#fundamentals_wvb_interim_banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00060#fundamentals_wvb_interim_finance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00061#fundamentals_wvb_interim_Industrials.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00062#fundamentals_wvb_interim_insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00063#GPRV_bnk.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00064#GPRV_Full_Report.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00065#GPRV_ind.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00066#Chart_Multiples_Quarterly.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00067#Chart_Multiples_Quarterly_List.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00068#Histo_Forward_Multiples_at_date.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00069#Historic_Trading_Multiples_QR.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00070#Historic_Trading_Multiples_QR_5yr.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00071#Historic_Trading_Multiples_QR_5yr_Banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00072#Historic_Trading_Multiples_QR_5yr_Insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00073#Historic_Trading_Multiples_QR_Banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00074#Historic_Trading_Multiples_QR_Insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00075#Trading_Multiples_QR.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00076#Trading_Multiples_QR.xlsm

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00077#Trading_Multiples_QR_Banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00078#Trading_Multiples_QR_Insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00079#BetaCalculator.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00080#BetaCalculator_T-Statistics.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00081#market.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00082#Market_Cap_History.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00083#market_rebased.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00084#market_rebased_pr.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00085#Multi_Beta_Calculator_Weekly.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00086#Stock_Market_History.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00087#Stock_Performance_Model.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00088#Volatility.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00089#Volatility_Calculator.xlsm

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00090#Ratios_QR.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00091#Ratios_QR.xlsm

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00092#Ratios_QR_Banks.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

00093#Ratios_QR_Insurance.xls

Unicode based on Runtime Data (InfinancialsExcelAddin2.1.exe )

01)1-1115191=1A1E1I1M1Q1U1Y1]1a1e1i1m1q1u1y1}1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0123456789ABCDEF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0333:L333<afeR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

060G0Y0k0x0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

080X0`0d0h0l0p0t0x0|0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0?0c0o0|0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0?e$8Qf:.V

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0[:tH+cOD

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0____?0_0__'__''

Ansi based on Image Processing (screen_4.png)

0_D,,,t,.

Ansi based on Image Processing (screen_4.png)

0a0q0)0E0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0DlFSBW0;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0F`ZEL!dk

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0SJ50SJ0SJ-0SJ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0Sp!4\p1Kx

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0swd14f#FC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0T0_0s0x0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0Z\pFy)b8v

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

0~!HHF%nI

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1 1$1(1,1014181<1@1X1x1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1 1(10181@1H1P1X1`1h1p1x1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1!3#+'+6%

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1#151S1_1f1p1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1$1)161;1H1M1Z1_1l1q1~1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1$1,1014181<1@1D1H1L1l1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1&_G!k] k] k

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1&_W![C [C [

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1'131:1D1N1X1b1l1v1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1,7V,7V,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

11.0.50727.1

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

12*9%61!#>6!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

12.0.0.5

Unicode based on Dropped File (Engine.exe.3781612541)

131210000000Z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

13181E1Z1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

132K2]2u2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

14.11.25508.2 built by: VCTOOLSD15ULDR

Unicode based on Dropped File (00021#vcruntime140.dll.926278664)

140514201017Z

Ansi based on PCAP Processing (network.pcap)

161213000000Z

Ansi based on PCAP Processing (network.pcap)

16M (24 bit)

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

17/05/2014 01:49:59

Unicode based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

170829000000Z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

17N6G^+0]

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

180204000000Z

Ansi based on PCAP Processing (network.pcap)

180505235959Z071503

Ansi based on PCAP Processing (network.pcap)

181@1D1H1L1P1T1X1\1`1z1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

190907235959Z0[1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

193e3m3u3}3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1:JjaC}YX]

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1=/X[e!pU|H

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1=BNaiM.Wz

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1[][0h0B;[

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1`_RvvbN6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1B2G2i2n2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1B2O2j2p2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1CB"w3uL`7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1D#00VaRe

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1e7ZdMc'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1JJ[:FKiK

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1kIfINXkdE

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1XURYV.iqR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1Z*-A)h|u1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1ZB#@b1RDa

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

1~-(N.ar2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2t2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2 2%22272D2I2V2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2 2&2.2X2^2p2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2 2(20282@2H2P2X2`2o2{2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2"2*222:2B2J2R2Z2b2j2r2z2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2#2'2+2/23272;2N2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2#2(232D2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2#weO!3=#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2$20242<2@2D2H2L2P2T2X2\2`2d2h2r2v2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2%"{AADnAFzn1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2&4)WpBM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2'333:3L3^3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2'b,LW8d-z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2'j#`#`#`e~

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2'jGbGbGbe~

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2'zQ,yYXxQ,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2(2;2G2Q2X2b2i2s2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2,51J|^4h

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2-'C,-7lYN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2.%757;7K

Ansi based on Dropped File (Engine.exe.3781612541)

2.%cN$"Wo"r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2/0}'7oMR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2008R2.64

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2012R2.64

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

20180317063537Z

Ansi based on PCAP Processing (network.pcap)

20180317063537Z0s0q0I0

Ansi based on PCAP Processing (network.pcap)

20180318161242Z

Ansi based on PCAP Processing (network.pcap)

20180318161242Z0s0q0I0

Ansi based on PCAP Processing (network.pcap)

20180324063537Z0

Ansi based on PCAP Processing (network.pcap)

20180325161242Z0

Ansi based on PCAP Processing (network.pcap)

211231235959Z0V1

Ansi based on PCAP Processing (network.pcap)

23.363<3B3t3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

231209235959Z0L1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

23897.23390.64.36291

Unicode based on Runtime Data (Engine.exe )

252=2B2b2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

256 (8 bit)

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

262696-Infi.xls

Unicode based on Runtime Data (EXCEL.EXE )

282X2`2d2h2l2p2t2x2|2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2=,\rO*kND

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2[4G4W4O4_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2[UQyue^YA%

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2[yu^iUna^~u

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2](A7Fk-A

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2BcvpRFhLg,:)_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2g&hYw~|Kf

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2L*6Ns`&9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2N,w1;7N,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2no:n+'4Gno:no9n}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2P8sZUyuy}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2T4_4t4~4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2tyf8DdXA

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

2zS(krIK

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3!4&4;4I4^4l4q4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3"!".,,!,"F

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3".9%zDBRl

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3$3)383q3{3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3&3.363>3G3h3p3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3&383X3`3d3h3l3p3t3x3|3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3(3R3Z3h3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3(n-j}YxchsC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3,7U,7U,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3.0.04131.06

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

3.42484<4A4H4N4V4a4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3.>-!1!6+k

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

32K (15 bit)

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

3321-3705

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

34,414S4X4z4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

343<3G3s3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

38u@PLJ4Q

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

394D4M4S4c4l4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3[ojcbij`

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3A0\3Q0Lc&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3C4]4b4z4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3cJEQUQ]5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3d9Cv3d5C63d1Ct

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3f2%RH;no

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3IF=DaiMRC8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3I{"8cJ7r

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3j/(jXe+l'j

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3K*$y>-mT1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3K4gZ"%*&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3Lc+Lw;LW?0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3Messages

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3Microsoft.VisualBasic.PowerPacks.Printing.PrintForm7Microsoft.VisualBasic.PowerPacks.Printing.PrintForm.bmp

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

3Microsoft.VisualBasic.PowerPacks.Shape+TagConverter

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

3Mp ^t{S

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3o:F.}8oz

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3qM"s-Fy3M

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3X38BFX+x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3Z_1PujUc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

3}wHSz4;a

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4 4$4(4,4044484<4@4D4H4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4 4$4(4,4044484H4h4p4t4x4|4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4!444D4N4a4q4{4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4$!ZSnoI

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4&97;:A@LKMKQPRP

Unicode based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

4&W0\3C0%

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4'434=4C4M4X4b4l4~4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4'53.ae6b

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4(484@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4)4L4Y4q4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4+&d*4?\5v

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4,4),49,4E

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4,7P,7P,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4.0 Client

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

4.5A5G5X5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4.weOot<Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4.weOow<Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4/494@4T4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4/5;5H5Z5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4/c8Se-\K

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

440513202154Z

Ansi based on PCAP Processing (network.pcap)

44484<4@4D4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

44[Cs4t.PN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

44]C344SC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

44BC#54JC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

45X85XP9P

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4=4L4\4w4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4=4T4j4y4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4^94Fo@ML

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4^;4F-Z,z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4^t4^t4^l

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4bE6M\!2IN$?

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4BNC$L.ENG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4CLaf6Az]8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4DOm{c[%D

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4E4Qt;G^g

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4G+0v)G+p

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4j/(jXRHQ{

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4JV}>Lc!=g|

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4LlLD-!e-n

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4MRZ'j,R;8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4QE(Z.,U -

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4R;n)}stR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4SJVA~aq#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4w*h(=,3,;,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4Y^#,/VX^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

4~Qi<4h|)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5 5(5,5054585<5@5D5H5X5x5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5"5G5Q5[5c5i5w5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5$5,5T5X5\5`5d5h5l5p5t5x5|5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5%cr~A^QVA

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5&5.565>5F5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5'%rHa1Ii1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5(585@5H5P5X5`5h5p5x5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5)6-6165696=6A6E6I6M6Q6U6Y6]6a6e6i6m6q6u6y6}6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5*5@5L5l5y5~5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5,7V,7V,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5,RHDmDM<jJ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5-555=5E5M5U5j5x5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

505P5X5\5`5d5h5l5p5t5x5|5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

51Kx%,^D

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

538F6C892AD540068154C6670774E980

Unicode based on Runtime Data (EXCEL.EXE )

54FCc54NC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

54XCC44TC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

557=7B7Y7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5646U6`6k6v6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5696@6G6o6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

57%[;crrM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

585G5V5r5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5<JIjlnRR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5@oK/n/MH

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5^4~I4~I4~9B

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5Ah6 d/MN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5G6S8_8l8~8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5gv:~1WoW

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5H6P6U6Z6d6j6t6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5jTb\OFk

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5jV:<}5f=-?

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5O7(H^mLtC\1v

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5Tbh8Fmrfq:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5u%[E [E![E [

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5v0v0v0v0v0v0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

5|zAnRqIq

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6 6%626G6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6 6+6=6N6[6g6t6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6!6*6D6y6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6#7(7f7t7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6$7H7`7m7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6&6.676C6I6Q6Z6f6k6t6}6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6'666M6\6s6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6'686T6l6}6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6(6064686<6@6D6H6L6P6d6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6/imIkGZ{

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

64<tE$=6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

64K (16 bit)

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

64w_|*76!

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

67&7>7C7h7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

67+777>7H7R7i7z7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

686@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

68X;X<<mE]

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-===EOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-===IOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-===KOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-===MOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}@OGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}AOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}DOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}EOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}FOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}GOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}HOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}IOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}LOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6=-==}NOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6>6N6Y6_6g6l6<8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6>MR?}8{d

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6[#zJ>j|UR

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6\E%5o[8Qi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6]?56wDckU4

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6a#a<aXc&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6B6G6p6u6

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6ce$zae8c

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6d9;$Yvj

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6g`!+DMF\3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6j7(jXe,l'j

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6j7)jXe,l'j

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6J7R7W7\7f7l7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6jw(jXe+l'j

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6O18x?< ~

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6v5Y *-~z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6ZisoLr=iGL*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6}-==}MOGi

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

6~jm8G|ai1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7 7$7(7,7b7q7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7 TKx@>MG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7!p h~fjQ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7"7(7<7L7`7p7|7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7"777D7d7O9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7$d8B>!!#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7%'/=/3'=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7)8E8M8R8d8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7)VXmP~Vx

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7*7/7<7A7N7S7`7e7r7w7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7*7I7Z7t7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7,7S,7S,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7.858=8H8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7/\}N;u=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

737kxna^nQF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

747<7@7D7H7L7P7T7X7\7l7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

768R8V8Z8^8b8f8j8n8r8v8z8~8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7:8D8Z8r8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7>8[8h8|8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7>[5>;i|v

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7]@tH'% |

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7_;0_;4_;2_;6_;1_;5_;3_;7_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7_{0_{4_{2_{6_{1_{5_{3_{7_

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7Cve1*%Gb~5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7emxZ|LNJ^

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7h+mO~ MW

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7J7S7]7c7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7K)"9;cH#e

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7k/1dJSq\Y1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7L8X8`8t8y8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7P,T/!u=h_gw

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7R]8{fqeq}

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7R^Sr,pNJn

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7s';sfrNv

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7S[x0r3al

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7t%?f~%?f

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7U^=hAb6$

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7v<mk}(]V

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7y|3n<:]2i*i@N

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

7{A+-y6-9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8 %]JIwwww7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8 828$9u9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8"8.848>8E8P8c8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8#949K9e9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8$8)888H8\8o8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8%: : : : : : : : : : : : : : : : : : : : :

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8&808B8R8_8k8x8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8(909?9Y9`9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8(x4f5UCM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8+808M8R8e8j8}8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8+8<8F8N8V8^8f8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8,888F8X8f8x8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8.)!+8ijBRj0

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8.8C8%999

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8.8H8a8n8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

809<9D9X9]9j9z9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

819%*%n@\bJ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

84Nk_\S[^;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

88ThhaAEsl

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8<8D8H8L8P8T8X8\8`8d8x8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8?oo82ozdJ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8]~Z|`9.">

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8e@^,L`b+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8e|2X~(fC

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8I~gG`I:b

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8PZleczG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8SPS$Rcv5

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8uh'WDouG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8UL}IT2uY

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8XE1N->#<nJ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

8Z8b8g8l8v8|8

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9 9$9(9,9094989<9@9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9!979U9k9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9!:>:M:d:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9"9'9,939:9D9[9g9t9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9#:;:S:y:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9$969=9K9W9d9v9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9%6&<(<(!,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9&989F9X9f9x9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9,x"TXm3bX5*

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9-#N&S>4sZF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9-929P9U9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

90*:$"<>,$<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

909P9X9\9`9d9h9l9p9t9x9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

96M4Pz^Ow-

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9;9[9o9{9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9<=fPSu57%qB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9bss][DD3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9i2KsoPLU

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9JbXMW3XM

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9jYA.REn#z

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9kvvi~~hY

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

9p$:/UWF#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: :$:(:,:0:D:d:l:p:t:x:|:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: :+:1:6:A:G:L:W:]:b:m:s:x:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <SIZE>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <SIZE> MB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <T> <SPACE_AVAIL>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <T> <SPACE_AVAIL> MB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <T> <SPACE_REQ>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

: <T> <SPACE_REQ> MB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:$:8:=:J:Z:k:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:$;K;S;[;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:%:C:p:}:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:&:.:6:>:F:N:V:^:f:n:v:~:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:';;;L;\;r;~;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:'HUVxV{H%

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:(!5>uPJFf,`

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:(:::O:X:^:c:s:y:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:(:>:P:t:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:):/:=:P:Z:`:n:t:|:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:);.;=;L;l;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:*:<:J:\:j:|:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:+OA8F.t7(n&

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:/;X;g;{;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:1:8:h:y:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:4Nk_\S[^;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:8;C;T;Y;k;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:\Rc*0DINY

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:^8~SjM)_[

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:ahnN?D\'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:C;O;W;a;g;q;{;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:C|muU^}S

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:F23.^BJ/

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:h-2/Fiif9

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:O;\;i;v;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:Occurs when the value of the VirtualMode property changes.@

Ansi based on Dropped File (00016#Microsoft.VisualBasic.PowerPacks.Vs.dll.815192354)

:t,m07+Lv

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:UO'OOhOc

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:vsHfJMM:

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

:{mO>=}GOGio

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

; ;$;(;,;0;4;8;<;@;X;x;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

; ;,;7;H;N;V;`;w;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;!;%;);-;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;!;.;>;O;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;";);2;I;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;"w_\|7<,eL

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;#;(;3;9;>;I;O;T;_;e;j;u;{;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;$;6;D;X;f;~;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;&;.;6;>;F;N;V;^;f;n;v;~;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;';7;@;I;U;`;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;(<{*3re\

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;(S#]Ol;1

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;(w[uucP7P

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;)MgWmpWmp

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;*<D<I<]<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;*o<wT>iG

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;+&m<|Wxni

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;0,7S,7S,7

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;1Yt'S+3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;4Nk_\S[^;

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;;~%uWBwB

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;<9+;%#=7-%=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;[edt!U;"#

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;^(H2{]Hs

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;_,[y'1_,

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;BYBq4xxch>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;D<P<X<l<q<~<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;dy>]*F"}E6E

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;g<'y.HM)'

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;GclUM4^K

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;GclUN4>L

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;hg)CG_Z`zZ

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;jkakakae

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;MDV"wiH""+}*2

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

;UFm5QZLF

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

< &ROeH=%H=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<|<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<!>!$!)vPB|JT\F=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<"<><C<_<d<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<$<6<F<L<l<t<x<|<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<%!?f1/!!R

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<&<.<6<><F<N<V<^<f<n<v<~<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<(6x`6x`6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<)6xb6xb6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<*6xd6xd6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<*t"<0r=<9w9i

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<+6xf6xf6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<+=0=8=b=s=|=1>;>

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<,6xh6xh6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<-6xj6xj6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<.6xl6xl6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<.=H=M=a=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

</6xn6xn6x

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

</<5<B<z<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

QSetup

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<0+9{p|bN

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<0<8<<<@<D<H<L<P<T<X<h<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<29%5-=#3

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<2=F=N=d=|=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<4_aJ7.hAo_Y

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<715`)G~D%P

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<8<E<R<c<|<

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<:yja}}Qh,+

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<=(=N=X=c=o=

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<=_<-_w*]t

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<?>DLL File Not Found!

Ansi based on Hybrid Analysis (Engine.exe , 00018430-00003716.00000001.21928.00400000.00000002.mdmp)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="Borland.Delphi.XPApplication" processorArchitecture="x86" version="7.0.2.99" type="win32" /> <description> Windows Shell </description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> Windows Vista -

Ansi based on Memory/File Scan (InfinancialsExcelAddin2.1.exe.bin)

<^Sr~[m_K