- __vbaChkstk.MSVBVM60(?,00401766), ref: 00405FE9
- __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00401766), ref: 0040602E
- __vbaNew2.MSVBVM60(00403710,00409430,000000FF,?,?,?,?,00401766), ref: 0040604D
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403700,00000014), ref: 004060AF
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403720,00000068), ref: 00406108
- __vbaFreeObj.MSVBVM60(00000000,?,00403720,00000068), ref: 0040612D
- __vbaEnd.MSVBVM60(00000000,?,00403720,00000068), ref: 00406144
- __vbaNew2.MSVBVM60(00403710,00409430), ref: 00406163
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403700,00000014), ref: 004061C5
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403720,00000050), ref: 0040621B
- __vbaStrCat.MSVBVM60(\config.xml,?), ref: 00406237
- __vbaStrMove.MSVBVM60(\config.xml,?), ref: 00406241
- __vbaHresultCheckObj.MSVBVM60(00000000,?,004033A8,000006F8), ref: 0040627E
- __vbaFreeStrList.MSVBVM60(00000003,?,?,000000FF), ref: 004062A0
- __vbaFreeObj.MSVBVM60(?,?,?,00401766), ref: 004062AB
- __vbaVarDup.MSVBVM60 ref: 004062D4
- #666.MSVBVM60(?,?), ref: 004062E1
- __vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406320
- __vbaVarCat.MSVBVM60(?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406334
- __vbaStrVarVal.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040633E
- __vbaFreeStr.MSVBVM60(00000000,?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?), ref: 00406353
- __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,00000000,?,00000000,?,00000008,00000000,?,00000008,?), ref: 00406370
- __vbaEnd.MSVBVM60(?,?,?,?,?,?,?,?,00401766), ref: 0040638C
- __vbaVarDup.MSVBVM60 ref: 004063B5
- #666.MSVBVM60(?,?), ref: 004063C2
- __vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406401
- __vbaVarCat.MSVBVM60(?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406415
- __vbaStrVarMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040641B
- __vbaStrMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406425
- __vbaStrMove.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040643A
- __vbaFreeStr.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406442
- __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,?,00000000,?,00000008,00000000,?,00000008,?), ref: 0040645F
- __vbaVarDup.MSVBVM60 ref: 0040648B
- #666.MSVBVM60(?,?), ref: 00406498
- __vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?), ref: 004064D7
- __vbaVarCat.MSVBVM60(?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 004064EB
- __vbaStrVarMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 004064F1
- __vbaStrMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 004064FB
- Part of subcall function 004080C7: __vbaChkstk.MSVBVM60(?,00401766), ref: 004080E3
- Part of subcall function 004080C7: __vbaOnError.MSVBVM60(000000FF,?,?,?,?,00401766), ref: 00408113
- Part of subcall function 004080C7: #648.MSVBVM60(0000000A), ref: 00408131
- Part of subcall function 004080C7: __vbaFreeVar.MSVBVM60(0000000A), ref: 0040813F
- Part of subcall function 004080C7: __vbaI2I4.MSVBVM60(?,0000000A), ref: 00408153
- Part of subcall function 004080C7: __vbaFileOpen.MSVBVM60(00000120,000000FF,00000000,?,0000000A), ref: 00408160
- Part of subcall function 004080C7: __vbaI2I4.MSVBVM60(00000120,000000FF,00000000,?,0000000A), ref: 0040816F
- Part of subcall function 004080C7: #570.MSVBVM60(00000000,00000120,000000FF,00000000,?,0000000A), ref: 00408175
- Part of subcall function 004080C7: __vbaI2I4.MSVBVM60(00000000,00000120,000000FF,00000000,?,0000000A), ref: 00408188
- Part of subcall function 004080C7: #570.MSVBVM60(00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 0040818E
- Part of subcall function 004080C7: #526.MSVBVM60(0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 00408198
- Part of subcall function 004080C7: __vbaStrVarMove.MSVBVM60(0000000A,0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081A1
- Part of subcall function 004080C7: __vbaStrMove.MSVBVM60(0000000A,0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081AB
- Part of subcall function 004080C7: __vbaFreeVar.MSVBVM60(0000000A,0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081B3
- Part of subcall function 004080C7: __vbaI2I4.MSVBVM60(0000000A,0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081C2
- Part of subcall function 004080C7: __vbaGet3.MSVBVM60(00000000,?,00000000,0000000A,0000000A,00000000,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081CE
- Part of subcall function 004080C7: __vbaI2I4.MSVBVM60(00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081DD
- Part of subcall function 004080C7: __vbaFileClose.MSVBVM60(00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081E3
- Part of subcall function 004080C7: __vbaStrCopy.MSVBVM60(00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 004081F5
- Part of subcall function 004080C7: __vbaFreeStr.MSVBVM60(00408225,00000000,00000000,00000120,000000FF,00000000,?,0000000A), ref: 0040821F
- __vbaStrMove.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040650E
- __vbaFreeStr.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406516
- __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,?,00000000,?,00000008,00000000,?,00000008,?), ref: 00406533
- __vbaInStr.MSVBVM60(00000000,searchbin.org,00000001), ref: 00406551
- __vbaInStr.MSVBVM60(00000000,searchbin.org,00000001,00000000,searchbin.org,00000001), ref: 00406574
- __vbaInStr.MSVBVM60(00000000,consented_to_sync,?,00000001,00000000,searchbin.org,00000001,00000000,searchbin.org,00000001), ref: 00406587
- __vbaFreeStr.MSVBVM60 ref: 004065AE
- __vbaFreeStr.MSVBVM60 ref: 004065DF
- __vbaEnd.MSVBVM60 ref: 004065EB
- __vbaNew2.MSVBVM60(00403710,00409430,00000000,consented_to_sync,?,00000001,00000000,searchbin.org,00000001,00000000,searchbin.org,00000001), ref: 0040662B
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403700,00000014), ref: 0040668D
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403720,00000050), ref: 004066E3
- __vbaStrCat.MSVBVM60(\config.xml,?), ref: 004066FF
- #529.MSVBVM60(00000008,\config.xml,?), ref: 00406712
- __vbaFreeStr.MSVBVM60(00000008,\config.xml,?), ref: 0040671A
- __vbaFreeObj.MSVBVM60(00000008,\config.xml,?), ref: 00406722
- __vbaFreeVar.MSVBVM60(00000008,\config.xml,?), ref: 0040672A
- __vbaStrI4.MSVBVM60(?,<no>,00000008,\config.xml,?), ref: 00406741
- __vbaStrMove.MSVBVM60(?,<no>,00000008,\config.xml,?), ref: 0040674B
- __vbaStrCat.MSVBVM60(00000000,?,<no>,00000008,\config.xml,?), ref: 00406751
- __vbaStrMove.MSVBVM60(00000000,?,<no>,00000008,\config.xml,?), ref: 0040675B
- __vbaStrCat.MSVBVM60(<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406766
- __vbaStrMove.MSVBVM60(<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406770
- __vbaStrCat.MSVBVM60(<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 0040677B
- __vbaStrMove.MSVBVM60(<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406785
- __vbaStrI4.MSVBVM60(?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406791
- __vbaStrMove.MSVBVM60(?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 0040679B
- __vbaStrCat.MSVBVM60(00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 004067A1
- __vbaStrMove.MSVBVM60(00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 004067AB
- __vbaStrCat.MSVBVM60(<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 004067B6
- __vbaStrMove.MSVBVM60(<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 004067C0
- __vbaStrCat.MSVBVM60(<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml), ref: 004067CB
- __vbaStrMove.MSVBVM60(<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml), ref: 004067D5
- __vbaStrI4.MSVBVM60(0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>), ref: 004067E1
- __vbaStrMove.MSVBVM60(0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>), ref: 004067EB
- __vbaStrCat.MSVBVM60(00000000,0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?), ref: 004067F1
- __vbaStrMove.MSVBVM60(00000000,0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000,00000000,?), ref: 004067FB
- __vbaStrCat.MSVBVM60(<\nos>,00000000,00000000,0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000), ref: 00406806
- __vbaStrMove.MSVBVM60(<\nos>,00000000,00000000,0000000A,00000000,<nos>,00000000,<\noc>,00000000,00000000,?,00000000,<noc>,00000000,<\no>,00000000), ref: 00406810
- __vbaHresultCheckObj.MSVBVM60(00000000,?,004033A8,00000700), ref: 00406849
- __vbaFreeStrList.MSVBVM60(0000000B,?,?,?,?,?,?,?,?,0000000A,?,?), ref: 0040688B
- __vbaEnd.MSVBVM60(?,?,00000000,consented_to_sync,?,00000001,00000000,searchbin.org,00000001,00000000,searchbin.org,00000001), ref: 0040689A
- __vbaVarDup.MSVBVM60 ref: 004068C8
- #666.MSVBVM60(?,?), ref: 004068D5
- __vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406914
- __vbaVarCat.MSVBVM60(?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406928
- __vbaStrVarMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040692E
- __vbaStrMove.MSVBVM60(00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406938
- __vbaStrMove.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 0040694D
- __vbaFreeStr.MSVBVM60(?,00000000,?,00000008,00000000,?,00000008,?,?,?,?,?,?,?,?,?), ref: 00406955
- __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,?,00000000,?,00000008,00000000,?,00000008,?), ref: 00406972
- __vbaInStr.MSVBVM60(00000000,searchbin.org,00000001,?,?,00000000,searchbin.org,00000001), ref: 00406990
- __vbaFreeStr.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 004069C9
- __vbaEnd.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 004069D5
- __vbaNew2.MSVBVM60(00403710,00409430,00000000,searchbin.org,00000001,?,?,00000000,searchbin.org,00000001), ref: 00406A10
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403700,00000014), ref: 00406A72
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403720,00000050), ref: 00406AC8
- __vbaStrCat.MSVBVM60(\config.xml,?), ref: 00406AE4
- #529.MSVBVM60(00000008,\config.xml,?), ref: 00406AF7
- __vbaFreeStr.MSVBVM60(00000008,\config.xml,?), ref: 00406AFF
- __vbaFreeObj.MSVBVM60(00000008,\config.xml,?), ref: 00406B07
- __vbaFreeVar.MSVBVM60(00000008,\config.xml,?), ref: 00406B0F
- __vbaStrI4.MSVBVM60(?,<no>,00000008,\config.xml,?), ref: 00406B26
- __vbaStrMove.MSVBVM60(?,<no>,00000008,\config.xml,?), ref: 00406B30
- __vbaStrCat.MSVBVM60(00000000,?,<no>,00000008,\config.xml,?), ref: 00406B36
- __vbaStrMove.MSVBVM60(00000000,?,<no>,00000008,\config.xml,?), ref: 00406B40
- __vbaStrCat.MSVBVM60(<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B4B
- __vbaStrMove.MSVBVM60(<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B55
- __vbaStrCat.MSVBVM60(<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B60
- __vbaStrMove.MSVBVM60(<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B6A
- __vbaStrI4.MSVBVM60(00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B76
- __vbaStrMove.MSVBVM60(00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B80
- __vbaStrCat.MSVBVM60(00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B86
- __vbaStrMove.MSVBVM60(00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B90
- __vbaStrCat.MSVBVM60(<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406B9B
- __vbaStrMove.MSVBVM60(<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml,?), ref: 00406BA5
- __vbaStrCat.MSVBVM60(<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml), ref: 00406BB0
- __vbaStrMove.MSVBVM60(<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>,00000008,\config.xml), ref: 00406BBA
- __vbaStrI4.MSVBVM60(?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>), ref: 00406BC6
- __vbaStrMove.MSVBVM60(?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?,<no>), ref: 00406BD0
- __vbaStrCat.MSVBVM60(00000000,?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?), ref: 00406BD6
- __vbaStrMove.MSVBVM60(00000000,?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000,00000000,?), ref: 00406BE0
- __vbaStrCat.MSVBVM60(<\nos>,00000000,00000000,?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000), ref: 00406BEB
- __vbaStrMove.MSVBVM60(<\nos>,00000000,00000000,?,00000000,<nos>,00000000,<\noc>,00000000,00000000,00000004,00000000,<noc>,00000000,<\no>,00000000), ref: 00406BF5
- __vbaHresultCheckObj.MSVBVM60(00000000,?,004033A8,00000700), ref: 00406C2E
- __vbaFreeStrList.MSVBVM60(0000000B,?,?,?,?,?,?,00000004,?,?,?,?), ref: 00406C70
- __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000,searchbin.org,00000001,?,?,00000000,searchbin.org), ref: 00406CB3
- __vbaEnd.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000,searchbin.org,00000001,?,?,00000000,searchbin.org), ref: 00406CBF
- __vbaStrCopy.MSVBVM60(00000000,searchbin.org,00000001,?,?,00000000,searchbin.org,00000001), ref: 00406CD8
- __vbaFreeStr.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 00406D07
- __vbaEnd.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 00406D1E
- __vbaFreeStr.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 00406D54
- __vbaEnd.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 00406D60
- __vbaNew2.MSVBVM60(00403710,00409430,?,?,00000000,searchbin.org,00000001), ref: 00406D9B
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403700,00000014), ref: 00406DFD
- __vbaHresultCheckObj.MSVBVM60(00000000,?,00403720,00000050), ref: 00406E53
- __vbaStrCat.MSVBVM60(\config.xml,?), ref: 00406E6F
- #529.MSVBVM60(00000008,\config.xml,?), ref: 00406E82
- __vbaFreeStr.MSVBVM60(00000008,\config.xml,?), ref: 00406E8A
- __vbaFreeObj.MSVBVM60(00000008,\config.xml,?), ref: 00406E92
- __vbaFreeVar.MSVBVM60(00000008,\config.xml,?), ref: 00406E9A
- __vbaStrI4.MSVBVM60(00000002,<no>,00000008,\config.xml,?), ref: 00406EB1
- __vbaStrMove.MSVBVM60(00000002,<no>,00000008,\config.xml,?), ref: 00406EBB
- __vbaStrCat.MSVBVM60(00000000,00000002,<no>,00000008,\config.xml,?), ref: 00406EC1
- __vbaStrMove.MSVBVM60(00000000,00000002,<no>,00000008,\config.xml,?), ref: 00406ECB
- __vbaStrCat.MSVBVM60(<\no>,00000000,00000000,00000002,<no>,00000008,\config.xml,?), ref: 00406ED6
- __vbaFreeStr.MSVBVM60(004071A5), ref: 0040719F
- __vbaErrorOverflow.MSVBVM60(?,?,00000000,searchbin.org,00000001), ref: 004071C4
- __vbaInStr.MSVBVM60(00000000,?,?,?), ref: 0040721C
- __vbaLenBstr.MSVBVM60(?,00000000,?,?,?), ref: 00407229
- __vbaInStr.MSVBVM60(00000000,?,?,00000000,?,00000000,?,?,?), ref: 00407242
- #631.MSVBVM60(?,?,00000003,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00407262
- __vbaStrMove.MSVBVM60(?,?,00000003,00000000,?,?,00000000,?,00000000,?,?,?), ref: 0040726C
- __vbaFreeVar.MSVBVM60(?,?,00000003,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00407274
|
Edit tour
09j4wHYrHs.exe (PID: 6764 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node