Edit tour

Windows Analysis Report
LinxOptimizer.exe

Overview

General Information

Sample name:	LinxOptimizer.exe
Analysis ID:	1582866
MD5:	8de3961e2e21466a030c1f9b0189efae
SHA1:	fc08c828a66bb55daaa9143ccaec923be2fd5406
SHA256:	b1bcdb28eb4f820d178142cabe58537f6e01a890087ff6207f1ef3026c621d11
Tags:	exeuser-aachum
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Potential thread-based time evasion detected

Query firmware table information (likely to detect VMs)

Tries to detect debuggers (CloseHandle check)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Tries to harvest and steal browser information (history, passwords, etc)

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

LinxOptimizer.exe (PID: 7040 cmdline: "C:\Users\user\Desktop\LinxOptimizer.exe" MD5: 8DE3961E2E21466A030C1F9B0189EFAE)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2190228861.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2537836955.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2850327793.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2245914077.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2298878312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2210247415.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2203490622.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2185206105.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2189793312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2181742732.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2940481873.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2183594561.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2179475660.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2239321935.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2180684612.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2311728606.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2487801807.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2585903348.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2319469067.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2310648987.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2243812649.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2165053637.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2207225316.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2178458432.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2318797859.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2309581995.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2537030298.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2175225526.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2246605059.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2187397564.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2213312002.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2295402927.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2191758008.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4573314180.000001AE90D0E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2188896280.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2323600596.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: LinxOptimizer.exe PID: 7040	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.LinxOptimizer.exe.1ae909b81d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:22:15.900466+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	49709	172.67.75.163	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: LinxOptimizer.exe

ReversingLabs: Detection: 56%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: LinxOptimizer.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_000001AE909378E0 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_000001AE909378E0

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.6:49709 version: TLS 1.2

Source: LinxOptimizer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: 9.pdBl source: LinxOptimizer.exe

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_000001AE9089F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,Concurrency::details::WorkQueue::IsStructuredEmpty,

0_2_000001AE9089F46A

Source: Joe Sandbox View

IP Address: 172.67.75.163 172.67.75.163

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49709 -> 172.67.75.163:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000003.2260338602.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2487801807.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844057412.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2295402927.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2181742732.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239890715.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2318797859.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2188896280.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2482479874.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2325384597.000001AE90C0D000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239321935.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2346398164.000001AE90C0C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2178458432.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2850327793.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246837794.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2183802708.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165053637.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: LinxOptimizer.exe, 00000000.00000003.2487801807.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2295402927.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2181742732.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2318797859.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239321935.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2178458432.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2850327793.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165053637.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2189793312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537030298.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2210247415.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2310648987.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2585903348.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2213312002.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2298878312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2323600596.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2191758008.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246605059.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4573141265.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/%7
Source: LinxOptimizer.exe, 00000000.00000003.2260338602.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844057412.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239890715.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2188896280.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2482479874.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2325384597.000001AE90C0D000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2346398164.000001AE90C0C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246837794.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2183802708.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2335647976.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2317587604.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2243812649.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2263120363.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2175225526.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2180684612.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2249899897.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2299584453.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2420033656.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2351342630.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2292332307.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Ph
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: LinxOptimizer.exe, 00000000.00000003.2487801807.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2295402927.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2181742732.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2318797859.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239321935.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2178458432.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2850327793.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165053637.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2189793312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537030298.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2210247415.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2310648987.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2585903348.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2213312002.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2298878312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2323600596.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2191758008.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246605059.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4573141265.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/~7
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.6:49709 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: LinxOptimizer.exe

Static PE information: section name: .8U!

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5246D94	0_2_00007FF6C5246D94
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C52428BC	0_2_00007FF6C52428BC
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C525A920	0_2_00007FF6C525A920
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C524A110	0_2_00007FF6C524A110
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C525F7B4	0_2_00007FF6C525F7B4
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C555CF70	0_2_00007FF6C555CF70
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5233F78	0_2_00007FF6C5233F78
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5248028	0_2_00007FF6C5248028
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5264150	0_2_00007FF6C5264150
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5237993	0_2_00007FF6C5237993
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C526C1D0	0_2_00007FF6C526C1D0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C52381B7	0_2_00007FF6C52381B7
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C526ACE4	0_2_00007FF6C526ACE4
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE90961170	0_2_000001AE90961170
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE9088BA30	0_2_000001AE9088BA30
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909E1F06	0_2_000001AE909E1F06
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909E1F16	0_2_000001AE909E1F16
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909ECAD2	0_2_000001AE909ECAD2
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909E4EE1	0_2_000001AE909E4EE1
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE90A63144	0_2_000001AE90A63144

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_000001AE9097CCC0 CreateToolhelp32Snapshot,Process32NextW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Process32NextW,

0_2_000001AE9097CCC0

Source: C:\Users\user\Desktop\LinxOptimizer.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\WKK3EW20.htm

Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LinxOptimizer.exe, 00000000.00000002.4573431089.000001AE90E5B000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2166991978.000001AE90E45000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: LinxOptimizer.exe

ReversingLabs: Detection: 56%

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: LinxOptimizer.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: LinxOptimizer.exe

Static file information: File size 5041152 > 1048576

Source: LinxOptimizer.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x2a5000
Source: LinxOptimizer.exe	Static PE information: Raw size of .TF1 is bigger than: 0x100000 < 0x129c00

Source: LinxOptimizer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: 9.pdBl source: LinxOptimizer.exe

Source: initial sample

Static PE information: section where entry point is pointing to: .nvf

Source: LinxOptimizer.exe	Static PE information: section name: .TF1
Source: LinxOptimizer.exe	Static PE information: section name: .8U!
Source: LinxOptimizer.exe	Static PE information: section name: .nvf

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C562F65F push rax; iretd	0_2_00007FF6C562F66F
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF6C5606E36 push rax; ret	0_2_00007FF6C5606E52
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE9089CE9C push eax; retn 0001h	0_2_000001AE9089CE9D
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE908B4B10 push es; ret	0_2_000001AE908B4B1F
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909EBCA4 push eax; retf	0_2_000001AE909EBCA9
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909E6327 pushad ; retf 001Ah	0_2_000001AE909E6333
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909E85FC push esp; retf	0_2_000001AE909E8601
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909EAB9E push es; retf	0_2_000001AE909EABA5
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_000001AE909EABEE push ds; iretd	0_2_000001AE909EABF3

Source: LinxOptimizer.exe	Static PE information: section name: .TF1 entropy: 7.513835445667574
Source: LinxOptimizer.exe	Static PE information: section name: .nvf entropy: 7.8186428425242775

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Memory written: PID: 7040 base: 7FFDB459000D value: E9 BB CB EC FF			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Memory written: PID: 7040 base: 7FFDB445CBC0 value: E9 5A 34 13 00			Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Malware Analysis System Evasion

Potential thread-based time evasion detected

Source: Initial file

Signature Results: Thread-based counter

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	System information queried: FirmwareTableInformation			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\LinxOptimizer.exe

RDTSC instruction interceptor: First address: 7FF6C565F64A second address: 7FF6C565F654 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [esp+30h], 00000258h 0x0000000a rdtsc

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Special instruction interceptor: First address: 7FF6C56F5E14 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Special instruction interceptor: First address: 7FF6C56F5E5B instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\Desktop\LinxOptimizer.exe

File opened / queried: VBoxMiniRdrDN

Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Window / User API: threadDelayed 5642			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Window / User API: foregroundWindowGot 1664			Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\LinxOptimizer.exe

0_2_000001AE9089F46A

Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware ToolsNOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/LoadLibraryA
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: LinxOptimizer.exe, 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: Kernel32.dllKernel32.dll\\.\VBoxMiniRdrDN
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: LinxOptimizer.exe, 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: \\.\VBoxMiniRdrDN
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: LinxOptimizer.exe, 00000000.00000003.2175225526.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2298878312.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2187397564.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2183594561.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246605059.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2188896280.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4571519588.000001AE907B9000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2585903348.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537030298.000001AE90CC3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: LinxOptimizer.exe, 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: LinxOptimizer.exe, 00000000.00000002.4573764135.000001AE9109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect debuggers (CloseHandle check)

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Handle closed: DEADC0DE

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF6C5679D99	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF6C5678FCB	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF6C5665E33	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF6C568F5CF	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF6C5685F16	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF6C56A499E	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF6C56A69B3	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQueryInformationProcess: Direct from: 0x7FF6C56ECAAA	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQueryInformationProcess: Direct from: 0x7FF6C5690EAD	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF6C56E6625	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF6C56AF839	Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: LinxOptimizer.exe	String found in binary or memory: Electrum
Source: LinxOptimizer.exe	String found in binary or memory: \ElectronCash\wallets
Source: LinxOptimizer.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: LinxOptimizer.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: LinxOptimizer.exe	String found in binary or memory: \Ethereum\keystore
Source: LinxOptimizer.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: LinxOptimizer.exe	String found in binary or memory: Ethereum
Source: LinxOptimizer.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: LinxOptimizer.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Source: Yara match	File source: 0.2.LinxOptimizer.exe.1ae909b81d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2190228861.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2537836955.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2850327793.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2245914077.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2298878312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2210247415.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2203490622.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2185206105.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2189793312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2181742732.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2940481873.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2183594561.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2179475660.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2239321935.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2180684612.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2311728606.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2487801807.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2585903348.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2319469067.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2310648987.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2243812649.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2165053637.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2207225316.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2178458432.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2318797859.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2309581995.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2537030298.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2175225526.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2246605059.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2187397564.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2213312002.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2295402927.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2191758008.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4573314180.000001AE90D0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2188896280.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2323600596.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LinxOptimizer.exe PID: 7040, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Credential API Hooking	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	22 Virtualization/Sandbox Evasion	1 Credential API Hooking	621 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Abuse Elevation Control Mechanism	Security Account Manager	22 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	31 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LinxOptimizer.exe	57%	ReversingLabs	Win64.Adware.RedCap
LinxOptimizer.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	172.67.75.163	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://https://https/:://websocketpp.processorGeneric	LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	false	high
https://ac.ecosia.org/autocomplete?q=	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/chrome_newtab	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/ac/?q=	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	LinxOptimizer.exe	false	high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.myip.com/Russia	LinxOptimizer.exe, 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp	false	high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	LinxOptimizer.exe	false	high
https://api.myip.com/~7	LinxOptimizer.exe, 00000000.00000003.2487801807.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2295402927.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2181742732.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2318797859.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239321935.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2178458432.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2850327793.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165053637.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2189793312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537030298.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2210247415.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2310648987.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2585903348.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2213312002.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2298878312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2323600596.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2191758008.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246605059.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4573141265.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.myip.com/Ph	LinxOptimizer.exe, 00000000.00000003.2260338602.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844057412.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239890715.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2188896280.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2482479874.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2325384597.000001AE90C0D000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2346398164.000001AE90C0C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246837794.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2183802708.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2335647976.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2317587604.000001AE90C12000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2243812649.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2263120363.000001AE90C16000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2175225526.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2180684612.000001AE90C07000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2249899897.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2299584453.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2420033656.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2351342630.000001AE90C11000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2292332307.000001AE90C08000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FAB000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165175087.000001AE91022000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2844116936.000001AE90FFA000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2349764596.000001AE90FD8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.myip.com/%7	LinxOptimizer.exe, 00000000.00000003.2487801807.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2295402927.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2181742732.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2318797859.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2239321935.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2178458432.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2850327793.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537836955.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2165053637.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2189793312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2190228861.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2537030298.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2210247415.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2310648987.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2585903348.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2213312002.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2298878312.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2323600596.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2191758008.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.2246605059.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4573141265.000001AE90CA2000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.75.163	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582866
Start date and time:	2024-12-31 17:21:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	LinxOptimizer.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: LinxOptimizer.exe

Simulations

Behavior and APIs

Time	Type	Description
11:22:50	API Interceptor	15062064x Sleep call for process: LinxOptimizer.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.75.163	http://keynstrings.com/qdop/shriejeapd-xtre-czoyj-wux-182-n-ql72-dn6/?c=fg228vRhwgeAXmTlARVFPNkYQLEru1SQGolYq6DI2QO81BQyaFaUvmsyEbo4THF&dx6ywq7xi--6pmvnh36bm-q6ly=LedZebpban&f5W%2bAIcMkGZ9Lp3h7Da%2bJcuQl1mIISCF0%2bsnvlLl1C7JZwlOpPadnHGgzJCg9kkRnhKcM0BjIT2Bh9Pj1vF476j%3d%1d&url=htths%2a%0v%0wfr-tr.fazeboak.bon%2fUrbanZoccer%7c	Get hash	malicious	GRQ Scam	Browse	trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=ee27fca9-b066-4ae9-9cbc-def0df49be21&aff_sub5=cm3l19374

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	LightSpoofer.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Solara-Roblox-Executor-v3.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Delta.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Active_Setup.exe	Get hash	malicious	LummaC	Browse	104.21.52.90
	setup.msi	Get hash	malicious	Unknown	Browse	188.114.97.3
	NL Hybrid.exe	Get hash	malicious	Titanium Proxy, PureLog Stealer	Browse	104.21.24.64
	over.ps1	Get hash	malicious	Vidar	Browse	172.64.41.3
	NL Hybrid.exe	Get hash	malicious	Titanium Proxy, PureLog Stealer	Browse	172.67.217.81
	http://trezorbridge.org/	Get hash	malicious	Unknown	Browse	104.16.79.73
	http://knoxoms.com	Get hash	malicious	Unknown	Browse	188.114.97.3
	EdYEXasNiR.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	setup.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	over.ps1	Get hash	malicious	Vidar	Browse	172.67.75.163
	MatAugust.exe	Get hash	malicious	Vidar	Browse	172.67.75.163
	DypA6KbLrn.lnk	Get hash	malicious	Unknown	Browse	172.67.75.163
	IOnqEVA4Dz.lnk	Get hash	malicious	Unknown	Browse	172.67.75.163
	HngJMpDqxP.lnk	Get hash	malicious	Unknown	Browse	172.67.75.163
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	GYede3Gwn0.lnk	Get hash	malicious	Unknown	Browse	172.67.75.163
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	172.67.75.163
	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.67.75.163

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.180168047883267
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LinxOptimizer.exe
File size:	5'041'152 bytes
MD5:	8de3961e2e21466a030c1f9b0189efae
SHA1:	fc08c828a66bb55daaa9143ccaec923be2fd5406
SHA256:	b1bcdb28eb4f820d178142cabe58537f6e01a890087ff6207f1ef3026c621d11
SHA512:	8fe4affa616f7438bd3c3d4e59f799a731c42181653688c255deae6af0720e88974aebbf644020e826cbf7c7503872ec444d14a84adc261f6d9e4b1c7f4d78cf
SSDEEP:	49152:bnVsLGKnzads3ULmmC+YrTudh6ZKhxUM9nJmWh4QP8Cfvn3hVVntdNxF947rHz6U:BsqeAjZ3xFyfUpiWfJOg/yZ0S
TLSH:	A3368CF49E93CDC0EDD7DEF68711E593842BAFE38949694E0259A00798D23FAC8B3541
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....gqg.........."....)......+.....z!J........@.............................@M...........`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x1404a217a
Entrypoint Section:	.nvf
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x677167CB [Sun Dec 29 15:16:27 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72580ba63cb613cbe6fa975818c06da5

Entrypoint Preview

Instruction
inc ecx
push ebp
pushfd
dec ecx
mov ebp, 8BAAC8A8h
pop ds
mov edi, 80418886h
std
adc ecx, dword ptr [edi]
test dh, dh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x47b390	0x190	.nvf
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4d3000	0x1d5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x4cd0e0	0x4ad0	.nvf
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4d2000	0x8ac	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x5d300	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4ccfa0	0x140	.nvf
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x434000	0x158	.8U!
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4b26a	0x4b400	64972deed7f40a641ebe13dd4baae619	False	0.5808989566029901	data	6.570905073015865	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4d000	0x13f7e	0x14000	e596645a22ff27c3ad969d5a8ce2f153	False	0.47454833984375	data	5.637168829636885	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x61000	0x2a5310	0x2a5000	5da31537583b5e947d4551f403a598a9	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x307000	0x2130	0x2200	313f6de18704f2c3134155b1403b9f38	False	0.9047564338235294	data	7.5915635395718875	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.TF1	0x30a000	0x129bda	0x129c00	8732472664730def08dbd9cb0197dca6	False	0.8395100296494542	data	7.513835445667574	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.8U!	0x434000	0xc30	0xe00	0f31c594d4694c8ff510536ed01eb963	False	0.03794642857142857	data	0.24942344076942588	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.nvf	0x435000	0x9cbb0	0x9cc00	e3cdae890385e691553b8adab1f6db1d	False	0.9179002192982456	data	7.8186428425242775	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x4d2000	0x8ac	0xa00	c258dfe67e6568e3bc9a6de66b621477	False	0.42890625	data	5.0807329600824795	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x4d3000	0x1d5	0x200	b7c8788f9fea26d32cc5c13af28523ce	False	0.5234375	data	4.7113407225994175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4d3058	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
d3d9.dll	Direct3DCreate9
KERNEL32.dll	QueryPerformanceFrequency
USER32.dll	UnregisterClassA
ADVAPI32.dll	RegOpenKeyExA
SHELL32.dll	SHBrowseForFolderA
ole32.dll	CoTaskMemFree
IMM32.dll	ImmSetCompositionWindow
MSVCP140.dll	_Cnd_do_broadcast_at_thread_exit
VCRUNTIME140_1.dll	__CxxFrameHandler4
VCRUNTIME140.dll	memset
api-ms-win-crt-stdio-l1-1-0.dll	__stdio_common_vsprintf
api-ms-win-crt-utility-l1-1-0.dll	qsort
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-runtime-l1-1-0.dll	_set_app_type
api-ms-win-crt-math-l1-1-0.dll	ceilf
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
KERNEL32.dll	GetSystemTimeAsFileTime
KERNEL32.dll	HeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-31T17:22:15.900466+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	49709	172.67.75.163	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:22:15.026173115 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.026211977 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.026274920 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.041817904 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.041829109 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.683548927 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.683649063 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.745636940 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.745661974 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.745963097 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.746020079 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.748128891 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.795331001 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.900465012 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.900558949 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.900563002 CET	443	49709	172.67.75.163	192.168.2.6
Dec 31, 2024 17:22:15.900791883 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.905051947 CET	49709	443	192.168.2.6	172.67.75.163
Dec 31, 2024 17:22:15.905075073 CET	443	49709	172.67.75.163	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:22:14.725435972 CET	54420	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:22:14.734982967 CET	53	54420	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 17:22:14.725435972 CET	192.168.2.6	1.1.1.1	0x39fb	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 17:22:14.734982967 CET	1.1.1.1	192.168.2.6	0x39fb	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:22:14.734982967 CET	1.1.1.1	192.168.2.6	0x39fb	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:22:14.734982967 CET	1.1.1.1	192.168.2.6	0x39fb	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	172.67.75.163	443	7040	C:\Users\user\Desktop\LinxOptimizer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:22:15 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-31 16:22:15 UTC	778	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:22:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=psFYKtJY5RdNKNISUPBoSw06noGVXav%2FxaB0TgTGxZoKA2ATPb89myvKLS1sE%2Bf3Gn0gae1kEAhhKRQZvnjriZ66pE1eAKcmQsuCjTGMOrDg2hQs1pohPDdYEQ8piw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9b7cbcfdc351-EWR server-timing: cfL4;desc="?proto=TCP&rtt=27594&min_rtt=24582&rtt_var=15243&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=820&delivery_rate=59978&cwnd=184&unsent_bytes=0&cid=b69708422eb8ec3d&ts=274&x=0"
2024-12-31 16:22:15 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.189","country":"United States","cc":"US"}
2024-12-31 16:22:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:22:11
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\LinxOptimizer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\LinxOptimizer.exe"
Imagebase:	0x7ff6c5230000
File size:	5'041'152 bytes
MD5 hash:	8DE3961E2E21466A030C1F9B0189EFAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2190228861.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2537836955.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2850327793.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2245914077.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2298878312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2210247415.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2203490622.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2185206105.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2189793312.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2181742732.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2940481873.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2183594561.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2179475660.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2239321935.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2180684612.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2311728606.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2487801807.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2585903348.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2319469067.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2310648987.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2243812649.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2165053637.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2207225316.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2178458432.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2318797859.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2309581995.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2537030298.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2175225526.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2246605059.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2187397564.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2213312002.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2295402927.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2191758008.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4573314180.000001AE90D0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2188896280.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2323600596.000001AE90D08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	32.8%
Total number of Nodes:	64
Total number of Limit Nodes:	10

Executed Functions

Function 000001AE9089F46A Relevance: 9.6, APIs: 6, Instructions: 647
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9089F47B
FindFirstFileA.KERNEL32 ref: 000001AE9089F48B

Part of subcall function 000001AE90875180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90875217

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: 6f06d4fb7fb9634510e7d1b69254e57db32836cf64a9c78c2536c5ed3cad936d
Instruction ID: 1df20a96cbfb77a90752997397807f15e17d8e01a8afa2eecadf5952014c2efa
Opcode Fuzzy Hash: 6f06d4fb7fb9634510e7d1b69254e57db32836cf64a9c78c2536c5ed3cad936d
Instruction Fuzzy Hash: 28321E30319B488AE7B5EB24C455BEFB7E1FBD9314F80491EE48AC3596DE3099848B43

Function 000001AE9097CCC0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000001AE9097CCED
Process32NextW.KERNEL32 ref: 000001AE9097CD6F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9097CDDC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9097CE15
Process32NextW.KERNEL32 ref: 000001AE9097CEBE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: f63d23b7a5a9eebf7845e4a51ecc0b31b6b393b132448888189f3fb706003855
Instruction ID: cb5c0cba1725d88b1bddbd2dab828e760282aa7c11e45f94de049e0e691693f2
Opcode Fuzzy Hash: f63d23b7a5a9eebf7845e4a51ecc0b31b6b393b132448888189f3fb706003855
Instruction Fuzzy Hash: 8D51EC31219B488BE776EB24C455BDBBBE5FBD9314F804A2DE08AC3195DE309945CB43

Function 000001AE909378E0 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE90937976
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE909379F4
CryptUnprotectData.CRYPT32 ref: 000001AE90937A4D

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 7b882953fe9df108f13d9987c8a05e9320e5209162f2221fd3acf0f77e76b0d9
Instruction ID: d4f65ac2f0e9722c5339c52af389bf69a664ddbdc73193b026915182f01767c0
Opcode Fuzzy Hash: 7b882953fe9df108f13d9987c8a05e9320e5209162f2221fd3acf0f77e76b0d9
Instruction Fuzzy Hash: B251BC70619B888FE3B4EB18C455BABBBE1FB99305F90492DD48DC3261DB709884CB43

Function 000001AE90876FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001AE9087A110: char_traits.LIBCPMTD ref: 000001AE9087A13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000001AE9087754F
CreateToolhelp32Snapshot.KERNEL32 ref: 000001AE908775C4
Process32FirstW.KERNEL32 ref: 000001AE9087764B
Process32NextW.KERNEL32 ref: 000001AE908777AB

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: 12bfb29d8b8dcec290ed159d6ab2d08bc79dcee497acb6809e7e91a603c2d6b4
Instruction ID: 024e2251b4218cb77af71a1f803862bd7cbf728c479ba0b11c6f52bac95d94a8
Opcode Fuzzy Hash: 12bfb29d8b8dcec290ed159d6ab2d08bc79dcee497acb6809e7e91a603c2d6b4
Instruction Fuzzy Hash: 49325F32319A484BE766EB34C4667EBB6E2FBD9314FD0093AA04AC3596ED309945C743

Function 000001AE909588A0 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE90958940

Part of subcall function 000001AE908A6C20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908A6C4B
Part of subcall function 000001AE908A6C20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908A6C5A

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE909589A6
CreateFileA.KERNEL32 ref: 000001AE909589D2

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: 0ae8024baaa766cd197798155ce4ee5724fb4a9c45c7472654707a893e66243b
Instruction ID: 2c496886a3ef4a03ae02b590b232548b662c10e20bb9302852fd5ced001c210e
Opcode Fuzzy Hash: 0ae8024baaa766cd197798155ce4ee5724fb4a9c45c7472654707a893e66243b
Instruction Fuzzy Hash: 4581ED30319B488FE7A4EB68C855BDAB6E1FBDA324F804A5DE099C32D5DE359845C703

Function 000001AE90874740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087477E

Part of subcall function 000001AE908753C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908753DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908747BB

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 665a32c13c0b49db2116b619edb56a28b66b9d278386548617deb68b4130b138
Instruction ID: beae8ba5db3c00eecde3e1b89463e367478725962d017d8ed04b3c8e99f42f7c
Opcode Fuzzy Hash: 665a32c13c0b49db2116b619edb56a28b66b9d278386548617deb68b4130b138
Instruction Fuzzy Hash: 4131DD30629B889FD7A5EF18C455B9BBBE1FB96344F80492DF089C26A1DBB09445CB43

Function 000001AE90958EC0 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90958F06
CreateFileA.KERNEL32 ref: 000001AE90958F35
ReadFile.KERNEL32 ref: 000001AE90958F64

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 135c78123e35fc6e45328cfd7f00359e23adc6fbfee635afc358ff07fb0c43c5
Instruction ID: cf4dc151fd2b26c9a715d607fbd3012ad0ebcb12f2406335765f1b195c501905
Opcode Fuzzy Hash: 135c78123e35fc6e45328cfd7f00359e23adc6fbfee635afc358ff07fb0c43c5
Instruction Fuzzy Hash: D121A070658B888FDB94EF2CC499B9ABBE0FB99305F50491DF489C32A0DB75D8448B42

Function 000001AE90958E20 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90958E47
CreateFileA.KERNEL32 ref: 000001AE90958E76
ReadFile.KERNEL32 ref: 000001AE90958E9E

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: cbf31e9e43ef24d401aa9ebfd5dc835ceea8740c73187fa1e0666766275b045d
Instruction ID: a7090254b5b56957db0d612601a1451a6f53e99e712538f7a89c673fa208ce4e
Opcode Fuzzy Hash: cbf31e9e43ef24d401aa9ebfd5dc835ceea8740c73187fa1e0666766275b045d
Instruction Fuzzy Hash: 6701D374618B488FD744EF28C45971ABBE1FB9A305F50491DF48AC33A0DB79D9458B82

Function 000001AE90958D40 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90958D60
CreateFileA.KERNEL32 ref: 000001AE90958D8F

Part of subcall function 000001AE9087A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087A18D

Part of subcall function 000001AE909588A0: type_info::_name_internal_method.LIBCMTD ref: 000001AE90958940
Part of subcall function 000001AE909588A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE909589A6
Part of subcall function 000001AE909588A0: CreateFileA.KERNEL32 ref: 000001AE909589D2

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 7eb2e44000b88989e7faf6c439c2abbc87136d08060327d0dd8c2bfe1037f010
Instruction ID: 04c1419ad6e1cce59604bc08e8919e49f4babd360e271c4f6ec668b11918cc21
Opcode Fuzzy Hash: 7eb2e44000b88989e7faf6c439c2abbc87136d08060327d0dd8c2bfe1037f010
Instruction Fuzzy Hash: 6C111E70618B488FE794EF28C44979BBBE0FBD9345F80492DE08DC3251DB79D8458B02

Function 000001AE90999E2C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001AE90999E5C

Part of subcall function 000001AE9099A8E0: std::bad_alloc::bad_alloc.LIBCMTD ref: 000001AE9099A8E9

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 63a19ba538b4a23dd5a957463ac287b99a1bce866babca04c0085706e7035a0b
Instruction ID: ddbd2e123f9897210f102f83f9877bf45e57159a1b86f1ccaf7aae3c89b2dec2
Opcode Fuzzy Hash: 63a19ba538b4a23dd5a957463ac287b99a1bce866babca04c0085706e7035a0b
Instruction Fuzzy Hash: E9016234713B094AFA98E3BD44C53EA29D4E7CE3A9FD40414D436C62D2E9148C814153

Non-executed Functions

Function 00007FF6C5237993 Relevance: 44.4, APIs: 5, Strings: 20, Instructions: 630COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5237C09

Strings

HoveredId: 0x%08X, xrefs: 00007FF6C523839C
g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF6C5237F76
HZ0, xrefs: 00007FF6C52386E0
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF6C5238664
g.Font->IsLoaded(), xrefs: 00007FF6C5237AC7
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF6C5237C02
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF6C5237DDC
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5237F6F, 00007FF6C52386D2
Size > 0, xrefs: 00007FF6C523829E
333?, xrefs: 00007FF6C5238383
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF6C52383DA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C523841D
gfff, xrefs: 00007FF6C5238726
Debug##Default, xrefs: 00007FF6C52386AE
Right, xrefs: 00007FF6C52383BF
Left, xrefs: 00007FF6C52383B4
Middle, xrefs: 00007FF6C52383CA
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF6C52386D9
Press ESC to abort picking., xrefs: 00007FF6C52383A8
i >= 0 && i < Size, xrefs: 00007FF6C5237996, 00007FF6C52379A0, 00007FF6C5237A98, 00007FF6C52380F8, 00007FF6C5238129, 00007FF6C5238156

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Debug##Default$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$HZ0
API String ID: 1992661772-996952123
Opcode ID: 64a4f021df9ee282e3369c403594119d7452af2c57d31cb3a4d096dbd935843c
Instruction ID: 005cfbfc7b651760a11a598f9b335258e7f9516cdcc91b1b12785e13f629643f
Opcode Fuzzy Hash: 64a4f021df9ee282e3369c403594119d7452af2c57d31cb3a4d096dbd935843c
Instruction Fuzzy Hash: 4E62AFB2A0969285EB10CF25DD885F833E9EB54F8AF094536DE8D9B295DF3CE941C700

Function 00007FF6C52381B7 Relevance: 33.6, APIs: 4, Strings: 15, Instructions: 321COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C52383A3
_scwprintf.LIBCMT ref: 00007FF6C52383AF
_scwprintf.LIBCMT ref: 00007FF6C52383E1

Strings

HoveredId: 0x%08X, xrefs: 00007FF6C523839C
HZ0, xrefs: 00007FF6C52386E0
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF6C5238664
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52386D2
Size > 0, xrefs: 00007FF6C523829E
333?, xrefs: 00007FF6C5238383
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF6C52383DA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C523841D
gfff, xrefs: 00007FF6C5238726
Debug##Default, xrefs: 00007FF6C52386AE
Right, xrefs: 00007FF6C52383BF
Left, xrefs: 00007FF6C52383B4
Middle, xrefs: 00007FF6C52383CA
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF6C52386D9
Press ESC to abort picking., xrefs: 00007FF6C52383A8

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Debug##Default$HoveredId: 0x%08X$Left$Middle$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$gfff$HZ0
API String ID: 1992661772-2340452264
Opcode ID: 28f0c5d8cd80e6bd7ac2083b32893b99a33dfd65c1fc6e470a4a4ff939506e06
Instruction ID: b6ee966aaf6ed1484c21cafa089da993178b610cec6d6879f1ff2afa51792703
Opcode Fuzzy Hash: 28f0c5d8cd80e6bd7ac2083b32893b99a33dfd65c1fc6e470a4a4ff939506e06
Instruction Fuzzy Hash: C5E1DD76A0968286EB11CF34DE446F937E9EF44F4AF494136DA8D8B299DF3CE9418700

Function 00007FF6C5248028 Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 604COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C52481B4

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52482AA, 00007FF6C52485E8, 00007FF6C5248692, 00007FF6C52486A0, 00007FF6C52487B7
g.NavWindow != 0, xrefs: 00007FF6C52487BE
g.NavActivateDownId == g.NavActivateId, xrefs: 00007FF6C52485EF
g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu, xrefs: 00007FF6C52482B1
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C524803A
[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s", xrefs: 00007FF6C52481A6
g.NavMoveDir == ImGuiDir_None, xrefs: 00007FF6C5248699

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
API String ID: 1992661772-623865633
Opcode ID: cb9ed82fc9b47de449d25b7efb618351d06568a0d4a691fab262a38574d637a5
Instruction ID: 794fde70a0144a2258a4b22539829bda273affc9465af814dd6ee274112cf12a
Opcode Fuzzy Hash: cb9ed82fc9b47de449d25b7efb618351d06568a0d4a691fab262a38574d637a5
Instruction Fuzzy Hash: 1F52AD32E286C28AE7658F358E402BD6BE1EF45F49F084235DE98A72D5CF7C6C918711

Function 00007FF6C52428BC Relevance: 14.2, Strings: 11, Instructions: 434COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6C5242B5D, 00007FF6C5242BE3
Processed, xrefs: 00007FF6C5242DC1
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52428BF, 00007FF6C5242A23, 00007FF6C5242B0B, 00007FF6C5242CD2
n >= 0 && n < BITCOUNT, xrefs: 00007FF6C5242B64, 00007FF6C5242BEA
0 && "Unknown event!", xrefs: 00007FF6C5242CD9
it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size, xrefs: 00007FF6C5242E9A
key != ImGuiKey_None, xrefs: 00007FF6C5242B12
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C52428C3, 00007FF6C524295E, 00007FF6C5242D43, 00007FF6C5242D9F, 00007FF6C5242E93
Remaining, xrefs: 00007FF6C5242DB6
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6C5242A2A
i >= 0 && i < Size, xrefs: 00007FF6C5242965, 00007FF6C5242D4A, 00007FF6C5242DA6, 00007FF6C5242DAD

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
API String ID: 0-1923509833
Opcode ID: 94d8c02619b1f43e863a89000c64672c1ec5e1d37c124f703946981c275162cd
Instruction ID: 5a13c6e4b95a10a852d49d08f48f33560711831144cfd761baac0b68343c2c61
Opcode Fuzzy Hash: 94d8c02619b1f43e863a89000c64672c1ec5e1d37c124f703946981c275162cd
Instruction Fuzzy Hash: B112DE62B0C28696EB29CF269E803B9B7E0EB55B45F444136DACDC7696DF2CE815C700

Function 00007FF6C525F7B4 Relevance: 13.1, Strings: 10, Instructions: 573COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6C525F98C
dst_tmp == g.DrawChannelsTempMergeBuffer.Data + g.DrawChannelsTempMergeBuffer.Size, xrefs: 00007FF6C5260078, 00007FF6C526007F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6C525F824, 00007FF6C525FAE6, 00007FF6C525FCE4, 00007FF6C525FEAE, 00007FF6C5260071
channel->_CmdBuffer.Size == 1 && merge_clip_rect.Contains(ImRect(channel->_CmdBuffer[0].ClipRect)), xrefs: 00007FF6C525FEB5
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C525F9E3, 00007FF6C525FB3A, 00007FF6C525FE5D, 00007FF6C525FEEB, 00007FF6C525FF82, 00007FF6C526000A
has_freeze_v == false || table->Bg2DrawChannelUnfrozen != TABLE_DRAW_CHANNEL_BG2_FROZEN, xrefs: 00007FF6C525FCEB
splitter->_Current == 0, xrefs: 00007FF6C525F82B
channel_no < max_draw_channels, xrefs: 00007FF6C525FAED, 00007FF6C525FAF4
p >= Data && p < DataEnd, xrefs: 00007FF6C525F993
i >= 0 && i < Size, xrefs: 00007FF6C525F9EA, 00007FF6C525FB41, 00007FF6C525FE64, 00007FF6C525FEF2, 00007FF6C525FF89, 00007FF6C5260011

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$channel->_CmdBuffer.Size == 1 && merge_clip_rect.Contains(ImRect(channel->_CmdBuffer[0].ClipRect))$channel_no < max_draw_channels$dst_tmp == g.DrawChannelsTempMergeBuffer.Data + g.DrawChannelsTempMergeBuffer.Size$has_freeze_v == false || table->Bg2DrawChannelUnfrozen != TABLE_DRAW_CHANNEL_BG2_FROZEN$i >= 0 && i < Size$p >= Data && p < DataEnd$splitter->_Current == 0
API String ID: 0-2041159019
Opcode ID: ce3d47eb722867ab4fdd3467235e3440ecfbce77bd952037027ef7bf749597f5
Instruction ID: 1df8f05dc1f17481efe141743b058bf449a9d4898b49195ca0feb596b7c93382
Opcode Fuzzy Hash: ce3d47eb722867ab4fdd3467235e3440ecfbce77bd952037027ef7bf749597f5
Instruction Fuzzy Hash: B742D2B3A1868286E720CF19DE446B977A1FB44B45F858135EBCD97699DF3CE940CB00

Function 00007FF6C524A110 Relevance: 5.5, Strings: 4, Instructions: 507COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C524A46A
###NavUpdateWindowing, xrefs: 00007FF6C524A1B6
shared_mods != 0, xrefs: 00007FF6C524A471
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C524A11C

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ###NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$shared_mods != 0
API String ID: 0-2089645622
Opcode ID: 1fa44f40fc416125087c2eddba157f6e4d4f0f38c75f46f06a34fae35c124ea1
Instruction ID: 5ce6e9370461524859fa7e54d9f754413ee7c35a1ce72acfcb9763b86706e3a3
Opcode Fuzzy Hash: 1fa44f40fc416125087c2eddba157f6e4d4f0f38c75f46f06a34fae35c124ea1
Instruction Fuzzy Hash: 0832B432A0878696E719CF318E402B977D2FF55B45F484635DB99A7292DF3CBCA4C600

Function 00007FF6C5264150 Relevance: 5.4, Strings: 4, Instructions: 395COMMON

Download Yara Rule

Strings

idx == 0 || idx == 1, xrefs: 00007FF6C5264465, 00007FF6C526448C, 00007FF6C5264493
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5264166, 00007FF6C526445E, 00007FF6C5264485
ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF6C5264351
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C526434A

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
API String ID: 0-3128625980
Opcode ID: f88cfc5c6f88ebac17ce6f9df436674be593c5120554861d910221a45ef2a117
Instruction ID: 0fa3e231707222b6334811f52d80ed2913890ebf34c29f7e8fe5ed6811e09acc
Opcode Fuzzy Hash: f88cfc5c6f88ebac17ce6f9df436674be593c5120554861d910221a45ef2a117
Instruction Fuzzy Hash: 9102E823D1878985E302CB3799815B9B790EF6E785F289732F9C8B2565DF2CB5D08B40

Function 00007FF6C555CF70 Relevance: 5.1, Strings: 4, Instructions: 140COMMONLIBRARYCODE

Download Yara Rule

Strings

<program name unknown>, xrefs: 00007FF6C555D03D
..., xrefs: 00007FF6C555D096
Microsoft Visual C++ Runtime Library, xrefs: 00007FF6C555D123
Runtime Error!Program: , xrefs: 00007FF6C555CFF2

Memory Dump Source

Source File: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 0-4022980321
Opcode ID: 9163930c4815ab97010e57349c5e5f983574fa91b9c4d705f536e90c947d99d8
Instruction ID: 61973d3ff28b718f91116291cc3872d1d3e407aaf6a36065fa138ca4b66b56ef
Opcode Fuzzy Hash: 9163930c4815ab97010e57349c5e5f983574fa91b9c4d705f536e90c947d99d8
Instruction Fuzzy Hash: CF51D36AB1864341FB24DF21AD557BA3351AF54B86FC08136DECDC3AD5DE3CE9058600

Function 00007FF6C5233F78 Relevance: 3.2, Strings: 2, Instructions: 702COMMON

Download Yara Rule

Strings

imgui.ini, xrefs: 00007FF6C5234001
imgui_log.txt, xrefs: 00007FF6C523400C

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: imgui.ini$imgui_log.txt
API String ID: 0-3179804127
Opcode ID: 99ab9e69c25ee5b6727e12e112d3b6f2a9825b54dd1acdb5185b4d1924ab46eb
Instruction ID: a27e4184ff2921d1358e0357dc69f6d73fdc7093c34bbe50d663edde263071bd
Opcode Fuzzy Hash: 99ab9e69c25ee5b6727e12e112d3b6f2a9825b54dd1acdb5185b4d1924ab46eb
Instruction Fuzzy Hash: 54929C73505BC18AD300CF35A9882DA37E8F754F48F184A39DE884BA59DF7581A5E738

Function 00007FF6C5246D94 Relevance: 2.8, Strings: 2, Instructions: 278COMMON

Download Yara Rule

Strings

(window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF6C5246E4F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5246E48

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3836044477
Opcode ID: a2e1ba845a913b91f744072b29c494a5da5a543439328a215dbe798e5ef37de6
Instruction ID: 70e71d2fa897fda9af94a1084f052ebdde0ddae4dee2f4b41ba21535b1d4c08f
Opcode Fuzzy Hash: a2e1ba845a913b91f744072b29c494a5da5a543439328a215dbe798e5ef37de6
Instruction Fuzzy Hash: B1D1E823D0868D81F2225E378E424B963D09F7EB86F1D9732EDEDB65A1DF1C79868500

Function 00007FF6C525A920 Relevance: 2.6, Strings: 2, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6C525A987
text_end != 0, xrefs: 00007FF6C525A98E

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: 5f1155efc39f1994c0c5f7f04cc76e3cfd0e5fce027adba706490788056ba6b8
Instruction ID: 11d09165fd5a7798f3644e8e01fc61bad6a7c203b5d3dd2f202b30c88cad5c3e
Opcode Fuzzy Hash: 5f1155efc39f1994c0c5f7f04cc76e3cfd0e5fce027adba706490788056ba6b8
Instruction Fuzzy Hash: EF41CB11A0479945E5218E269E412BE73E5EF5EF42F998733D9C967358DF3CED814300

Function 000001AE9088BA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 000001AE9088BE43

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: bcb17d8d400926057e83aaaeb7f7231d8109da3b1dfb280db4b182d68f4caad7
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 6712E0302197448FD358DF28C4A0AABBBE2FBCD318F504A6DE58AD7765D634E941CB42

Function 000001AE90961170 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 000001AE909614F8

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4f4b649e6971ae701866a1483a7cb624743e75dcd4f8d76c1a19725971219106
Instruction ID: b255ae673cf939e9f38ac1235fec038449f12c785c7ca2ebadc78e4703020502
Opcode Fuzzy Hash: 4f4b649e6971ae701866a1483a7cb624743e75dcd4f8d76c1a19725971219106
Instruction Fuzzy Hash: F9E1FA7421CB888FE7A4DF18C458BAAB7E1FBD9305F54491DE48AC32A0DB74D885CB46

Function 000001AE90A63144 Relevance: 1.2, Instructions: 1207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE909E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE909E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae909e1000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0885fae3c7579f9a47d9d3861daae36a8dabc462c5fdba923d8d213e7f44b7
Instruction ID: a8454c68bdf6fea83e62c8a022d766f4a7e2fc3f0721576be31a2ff709ca4ec7
Opcode Fuzzy Hash: 8a0885fae3c7579f9a47d9d3861daae36a8dabc462c5fdba923d8d213e7f44b7
Instruction Fuzzy Hash: 2992BF6794E7E25FE3138A7468AA6E2BFA06F17234B4D02DBD0C50A093D14D539AC7D3

Function 000001AE909ECAD2 Relevance: .9, Instructions: 883COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE909E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE909E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae909e1000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8265708f2888ff87f0775d50d43babe3ae693213f5bc7ee42f03f46001857dbf
Instruction ID: 1110e7d5718f62cf9abbcef72f9e1d32772ee2cc2de3db2d5d2826703704a46f
Opcode Fuzzy Hash: 8265708f2888ff87f0775d50d43babe3ae693213f5bc7ee42f03f46001857dbf
Instruction Fuzzy Hash: 3562596640F3C15EE7138B345C966D13FB26E0726875F4ACAC4C0AF467E1895A5EC3E2

Function 000001AE909E1F06 Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE909E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE909E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae909e1000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a113c54109b24b6f1cf3f726530c155ecf784348ef7fac1103746a4cfb27c0
Instruction ID: 2515917eb2ecc35ca58d5a9d42deff34a53b6142f01adc9c16d4e45c99fb67e0
Opcode Fuzzy Hash: 21a113c54109b24b6f1cf3f726530c155ecf784348ef7fac1103746a4cfb27c0
Instruction Fuzzy Hash: 76E13A6554F7D22FE3138B305CAAAE3BFA95A4722475D06DFF0C1560A7D188436AC3E2

Function 000001AE909E1F16 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE909E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE909E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae909e1000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba867744ff4fd98c8eaa95a43b2f0a9ae32f474087df929941bb31c6c253914
Instruction ID: aff3090a0acd11bceea24ce34d0bf6b8dd766561e2ac931d03fcfcddfd25c69e
Opcode Fuzzy Hash: fba867744ff4fd98c8eaa95a43b2f0a9ae32f474087df929941bb31c6c253914
Instruction Fuzzy Hash: 7AD1386154F7E22FE3138A305CAAAE3BFA95A4722475D06DFF0C156097D188437AC3E2

Function 00007FF6C526ACE4 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa41add36660ed8c0ff03fccc90489969f541e24ab34b9860f6a90a8f2a6a0d8
Instruction ID: af5006eceba7d5f72590fd0d7ddb2fb3305dd37e56c8497161fe798f1ccd8e5d
Opcode Fuzzy Hash: fa41add36660ed8c0ff03fccc90489969f541e24ab34b9860f6a90a8f2a6a0d8
Instruction Fuzzy Hash: 0612D233A087859AE715CE369E402BDB7E0FF59B45F144235EF88A66A5DF3CA8548B00

Function 00007FF6C526C1D0 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d7e00bc51bdca3ed7c3d93614970ff7a2aa5e4b1324c4676fdd30202780959a
Instruction ID: d90ac468b72e47b8881d56509ab1ab758f38371d49992e424d6b20b9995efb4c
Opcode Fuzzy Hash: 1d7e00bc51bdca3ed7c3d93614970ff7a2aa5e4b1324c4676fdd30202780959a
Instruction Fuzzy Hash: 25E1C02290C3828AE779AE219E407BA67E0EF65B56F045434DEDAE3695CF3CEC44C740

Function 000001AE909E4EE1 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE909E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE909E1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae909e1000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0543efbfb33db8a17b318fb5de0b89631516868748a322d4c600116136921f4b
Instruction ID: 255a1b940522c583c1ccde8ee2e4535e1a5ef1d564614071f76ef118977c4f97
Opcode Fuzzy Hash: 0543efbfb33db8a17b318fb5de0b89631516868748a322d4c600116136921f4b
Instruction Fuzzy Hash: 4651892105E3C19FE7538B3888657913FA4AF27691B1E4ADBD4C0CF0A7D6189A1DC763

Function 000001AE90874850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE90875360: _WChar_traits.LIBCPMTD ref: 000001AE9087538D

Part of subcall function 000001AE90874AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90874AD0
Part of subcall function 000001AE90874AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE90874B2F
Part of subcall function 000001AE90874AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90874B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908748B8

Strings

M, xrefs: 000001AE908748F1
a, xrefs: 000001AE90874928
a, xrefs: 000001AE908748F6
c, xrefs: 000001AE90874905
a, xrefs: 000001AE90874932
K, xrefs: 000001AE9087490F
B, xrefs: 000001AE9087493C
, xrefs: 000001AE9087491E
o, xrefs: 000001AE90874946
g, xrefs: 000001AE908748FB
KDBM, xrefs: 000001AE908749A9
e, xrefs: 000001AE90874914
t, xrefs: 000001AE9087492D
l, xrefs: 000001AE90874941
, xrefs: 000001AE90874937
D, xrefs: 000001AE90874923
b, xrefs: 000001AE9087494B
y, xrefs: 000001AE90874919
, xrefs: 000001AE9087490A
i, xrefs: 000001AE90874900

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: 09cd6937a05f5666fc77b1652b4d718441387c8c9edceb0127b60103c2ca14ba
Instruction ID: 3c22f06fc97d9817dcbbc7cafd1e5d8a655b12aa2c48998c72f3df35fdcdc5ff
Opcode Fuzzy Hash: 09cd6937a05f5666fc77b1652b4d718441387c8c9edceb0127b60103c2ca14ba
Instruction Fuzzy Hash: EB61E83060CB848FE761EB68C449B9ABBE1FBA5304F44492DE0C9C7261DBB5D489CB53

Function 00007FF6C5243E6C Relevance: 33.3, APIs: 8, Strings: 11, Instructions: 82COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5243EC5
_scwprintf.LIBCMT ref: 00007FF6C5243ED1
_scwprintf.LIBCMT ref: 00007FF6C5243EDD
_scwprintf.LIBCMT ref: 00007FF6C5243EE9
_scwprintf.LIBCMT ref: 00007FF6C5243EFA
_scwprintf.LIBCMT ref: 00007FF6C5243F44
_scwprintf.LIBCMT ref: 00007FF6C5243FA4
_scwprintf.LIBCMT ref: 00007FF6C5243FE2

Strings

(Hold CTRL to: use, xrefs: 00007FF6C5243EF3
Set io.ConfigDebugHighlightIdConflicts=false to disable this warning in non-programmers builds., xrefs: 00007FF6C5243EE2
Open FAQ->About ID Stack System, xrefs: 00007FF6C5243F59
Programmer error: %d visible items with conflicting ID!, xrefs: 00007FF6C5243EBE
Empty label e.g. Button("") == same ID as parent widget/node. Use Button("##xx") instead!, xrefs: 00007FF6C5243ED6
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage, xrefs: 00007FF6C5243F75
(Hold CTRL to:, xrefs: 00007FF6C5243F9D
Item Picker, xrefs: 00007FF6C5243F0F
to break in item call-stack, or, xrefs: 00007FF6C5243F3D
Enable Asserts, xrefs: 00007FF6C5243FB9
Code should use PushID()/PopID() in loops, or append "##xx" to same-label identifiers!, xrefs: 00007FF6C5243ECA

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: (Hold CTRL to:$(Hold CTRL to: use$Code should use PushID()/PopID() in loops, or append "##xx" to same-label identifiers!$Empty label e.g. Button("") == same ID as parent widget/node. Use Button("##xx") instead!$Enable Asserts$Item Picker$Open FAQ->About ID Stack System$Programmer error: %d visible items with conflicting ID!$Set io.ConfigDebugHighlightIdConflicts=false to disable this warning in non-programmers builds.$https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage$to break in item call-stack, or
API String ID: 1992661772-3893620544
Opcode ID: d0ada21afa6d4f7a026e338f2be8b9b83a15e7939d0d2cdd6208c46ced50ef59
Instruction ID: 39555d1e7a6ac8149adc876b068c36b02d24d68309c73fa16ff4210dc56ddd54
Opcode Fuzzy Hash: d0ada21afa6d4f7a026e338f2be8b9b83a15e7939d0d2cdd6208c46ced50ef59
Instruction Fuzzy Hash: ED415A21D0C64340EA11EF61AE822F823E0AF64F46F984532E9CDE61D6DF6CBC958641

Function 00007FF6C5242700 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 102COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C524275C
_scwprintf.LIBCMT ref: 00007FF6C52427A4
_scwprintf.LIBCMT ref: 00007FF6C52427F1
_scwprintf.LIBCMT ref: 00007FF6C524285D
_scwprintf.LIBCMT ref: 00007FF6C5242883
_scwprintf.LIBCMT ref: 00007FF6C52428A7

Strings

Down, xrefs: 00007FF6C52427CC, 00007FF6C5242833
[io] %s: AppFocused %d, xrefs: 00007FF6C524289D
[io] %s: MouseButton %d %s (%s), xrefs: 00007FF6C52427E7
[io] %s: Text: %c (U+%08X), xrefs: 00007FF6C5242876
[io] %s: Key "%s" %s, xrefs: 00007FF6C5242850
[io] %s: MouseWheel (%.3f, %.3f) (%s), xrefs: 00007FF6C5242815
[io] %s: MousePos (%.1f, %.1f) (%s), xrefs: 00007FF6C524277B
[io] %s: MousePos (-FLT_MAX, -FLT_MAX), xrefs: 00007FF6C5242755

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: Down$[io] %s: AppFocused %d$[io] %s: Key "%s" %s$[io] %s: MouseButton %d %s (%s)$[io] %s: MousePos (%.1f, %.1f) (%s)$[io] %s: MousePos (-FLT_MAX, -FLT_MAX)$[io] %s: MouseWheel (%.3f, %.3f) (%s)$[io] %s: Text: %c (U+%08X)
API String ID: 1992661772-49713677
Opcode ID: d4fc9998e595c80daea983f67f60f0370e18e8cd9f2f05348557a89df4483797
Instruction ID: 3bb24148f617c91217354fd1407b382ca4edcb89d7bd27d21bbe17b132b9538c
Opcode Fuzzy Hash: d4fc9998e595c80daea983f67f60f0370e18e8cd9f2f05348557a89df4483797
Instruction Fuzzy Hash: E2516D6191C68282EA658F139E4417DA7D0AF95F52F488232DADD936E58F2CEC51CB01

Function 00007FF6C5248A74 Relevance: 21.5, APIs: 3, Strings: 9, Instructions: 466COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5248B61
_scwprintf.LIBCMT ref: 00007FF6C5248DC0
_scwprintf.LIBCMT ref: 00007FF6C5248F27

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5248B14, 00007FF6C5248B37, 00007FF6C524924C
!scoring_rect.IsInverted(), xrefs: 00007FF6C5249253
g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None, xrefs: 00007FF6C5248B1B
[nav] NavMoveRequest: clamp NavRectRel for gamepad move, xrefs: 00007FF6C5248F20
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5248A83
[nav] NavInitRequest: from move, window "%s", layer=%d, xrefs: 00007FF6C5248DB9
g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded, xrefs: 00007FF6C5248B3E
[nav] NavMoveRequestForward %d, xrefs: 00007FF6C5248B5A
<NULL>, xrefs: 00007FF6C5248DAB

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
API String ID: 1992661772-2911039152
Opcode ID: 573db6a8dee1b70cf41e83b5be9286c0761142fc06585d0ed8ceb04fde17817e
Instruction ID: 8ae8d6c85005f17ff5ea66f7e2d1fdc146e1e0595cb432d63a0f9290dac8dedf
Opcode Fuzzy Hash: 573db6a8dee1b70cf41e83b5be9286c0761142fc06585d0ed8ceb04fde17817e
Instruction Fuzzy Hash: 1032D833D2868A46E3129F368E412F973D0EF69B95F188731EEC8661E5DF3C79919600

Function 00007FF6C52410BC Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 169COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C52411C8
_scwprintf.LIBCMT ref: 00007FF6C5241230
_scwprintf.LIBCMT ref: 00007FF6C52412EB
_scwprintf.LIBCMT ref: 00007FF6C5241333

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5241102, 00007FF6C5241127, 00007FF6C524114F
ImIsPowerOfTwo(flags & ImGuiInputFlags_RouteTypeMask_), xrefs: 00007FF6C5241109
SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> filtered as potential char input, xrefs: 00007FF6C5241223
SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> score %d, xrefs: 00007FF6C52412E1
--> granting current route, xrefs: 00007FF6C524132C
SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> always, no register, xrefs: 00007FF6C52411BB
flags & ImGuiInputFlags_RouteGlobal, xrefs: 00007FF6C5241156
owner_id != ((ImGuiID)0) && owner_id != ((ImGuiID)-1), xrefs: 00007FF6C524112E

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: --> granting current route$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImIsPowerOfTwo(flags & ImGuiInputFlags_RouteTypeMask_)$SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> always, no register$SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> filtered as potential char input$SetShortcutRouting(%s, flags=%04X, owner_id=0x%08X) -> score %d$flags & ImGuiInputFlags_RouteGlobal$owner_id != ((ImGuiID)0) && owner_id != ((ImGuiID)-1)
API String ID: 1992661772-941165894
Opcode ID: f3cf040e1faf9ee6c19908c6d3baaaea96a4e13748745c0e60f6290ee138b028
Instruction ID: 88f231c8bb9998d1286de1a11c65fbef3cf698ea98ad455777849d89dac32872
Opcode Fuzzy Hash: f3cf040e1faf9ee6c19908c6d3baaaea96a4e13748745c0e60f6290ee138b028
Instruction Fuzzy Hash: 78719821B0869257FB68CE26CE842B876D1AF45F82F444139DA8EC76D2CF2CEC41E740

Function 000001AE908F6B40 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908F6D7D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6DFA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6E13
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908F6E53
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6EB2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6ECB
_Min_value.LIBCPMTD ref: 000001AE908F6F02
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6F1E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F6F37
_Max_value.LIBCPMTD ref: 000001AE908F6F6E
_Min_value.LIBCPMTD ref: 000001AE908F6F8B

Part of subcall function 000001AE908FF2E0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908FF305

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 1bcb6240d8531b9dfedb7aa02be155cd3d36212a07f8065a2ef0f99518df7b9b
Instruction ID: 12d1ee06dfbfd13a06f5f407675aef7cc4bf79101fed8468d56e72aec7d9b07b
Opcode Fuzzy Hash: 1bcb6240d8531b9dfedb7aa02be155cd3d36212a07f8065a2ef0f99518df7b9b
Instruction Fuzzy Hash: D402EC71218B888FD7B5EB28C484BDBB7E1FBA9314F80091ED58DC3691DA749585CB43

Function 000001AE908F7190 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908F73CD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F744A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F7463
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908F74A3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F7502
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F751B
_Min_value.LIBCPMTD ref: 000001AE908F7552
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F756E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908F7587
_Max_value.LIBCPMTD ref: 000001AE908F75BE
_Min_value.LIBCPMTD ref: 000001AE908F75DB

Part of subcall function 000001AE908FF330: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908FF355

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 63956e359cea07a82421af4a37f48f701467fc80a20827156209f532ca5ab0f4
Instruction ID: 14913f04d2c969df5c7a6c550aeac0f1336b1583613ecd4b9949eb353271fef1
Opcode Fuzzy Hash: 63956e359cea07a82421af4a37f48f701467fc80a20827156209f532ca5ab0f4
Instruction Fuzzy Hash: 0902DB71218B888FE7B5EB28C444BDBB7E1FBA9314F80091ED58DC3691DA749585CB43

Function 000001AE908E2BB0 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908E2C02

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908E2C56
std::make_error_code.LIBCPMTD ref: 000001AE908E2C91

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 8ec9e0c1920ea014a416094f19b8de65f9c11dfdff15eb113697e77d768fb33e
Instruction ID: 4f6719b817ff2490cabe311abb161dddc5bb576e2a432aa219be60f19f1a4033
Opcode Fuzzy Hash: 8ec9e0c1920ea014a416094f19b8de65f9c11dfdff15eb113697e77d768fb33e
Instruction Fuzzy Hash: A7611D303197598BE264E719C851BEBBAF1BF863A8FD00458F695C69E2DA24DC41D603

Function 00007FF6C524BF24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF6C524BF84
_cwprintf_s_l.LIBCMT ref: 00007FF6C524BF92

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C524BFEB
Size > 0, xrefs: 00007FF6C524C0C5
old_size >= 0 && new_size >= old_size && new_size >= EndOffset, xrefs: 00007FF6C524BFF2
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C524C0BE
[%05d] , xrefs: 00007FF6C524BF8B
[%s] [%05d] , xrefs: 00007FF6C524BF7A

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d] $old_size >= 0 && new_size >= old_size && new_size >= EndOffset
API String ID: 2941638530-3442575901
Opcode ID: 65b1363942ab2a33078689e14f00c20e51f1177ebc7bd29d972d38fba2b402a4
Instruction ID: bae2194f07a6c6002d79fbe81b621f64a4ac1160e90ebb19f1ec29de1dc656e6
Opcode Fuzzy Hash: 65b1363942ab2a33078689e14f00c20e51f1177ebc7bd29d972d38fba2b402a4
Instruction Fuzzy Hash: 0951B072B0879291EA10DF09EE446B977E4FB04F82F855036EA9C97685EF7DE941C700

Function 00007FF6C5243CF4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5243D1A
_scwprintf.LIBCMT ref: 00007FF6C5243D4F
_scwprintf.LIBCMT ref: 00007FF6C5243DA9
_scwprintf.LIBCMT ref: 00007FF6C5243E28

Strings

[imgui-error] In window '%s': %s, xrefs: 00007FF6C5243D48
(and more errors), xrefs: 00007FF6C5243E21
In window '%s': %s, xrefs: 00007FF6C5243D9F
[imgui-error] (current settings: Assert=%d, Log=%d, Tooltip=%d), xrefs: 00007FF6C5243D09

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: (and more errors)$In window '%s': %s$[imgui-error] (current settings: Assert=%d, Log=%d, Tooltip=%d)$[imgui-error] In window '%s': %s
API String ID: 1992661772-291058919
Opcode ID: 87514116b4f9c055983ec810983be7be0c417e8d6e433f7013e43edc737efc2a
Instruction ID: 315e74d8342ed3b5e15d944e9bb5ebd0b8c6db80dbe3d05f1bef6bf899a40bab
Opcode Fuzzy Hash: 87514116b4f9c055983ec810983be7be0c417e8d6e433f7013e43edc737efc2a
Instruction Fuzzy Hash: A3418232A0D68296E6298F229E443B967D0AF55F42F088531DACD976D6CF2CF891DB00

Function 000001AE908BA9F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908BAAF5
shared_ptr.LIBCMTD ref: 000001AE908BAB63

Strings

d, xrefs: 000001AE908BAAFC

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 38e21e1145ab6f92f3ecb0f8d906339b88a9136e65512346a4b4e6c4d11de38b
Instruction ID: 48e76e4e7ad9d4492c5922ad5e38e5be28b4d5fcba5b1ab14237489dee977015
Opcode Fuzzy Hash: 38e21e1145ab6f92f3ecb0f8d906339b88a9136e65512346a4b4e6c4d11de38b
Instruction Fuzzy Hash: 68914530319B949FD7A4EB28C054BABBBE1FF99314F94495DF08AC3662DA349845CB03

Function 000001AE908BAD00 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908BAE05
shared_ptr.LIBCMTD ref: 000001AE908BAE73

Strings

d, xrefs: 000001AE908BAE0C

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: b9d32de8fa3d5cc7a6c72efd2033482f1cd6dc7ad9fc93f1d2ea3e1fff5d3cd4
Instruction ID: 48e25cae60cac70037f484896d5bf56500a2edff41530086e6073518d2ff8c61
Opcode Fuzzy Hash: b9d32de8fa3d5cc7a6c72efd2033482f1cd6dc7ad9fc93f1d2ea3e1fff5d3cd4
Instruction Fuzzy Hash: 56915530319B849FD7A4EB28C054BABBBE1FF99354F84495DF08AC3662DA349944CB03

Function 000001AE908BA6E0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908BA7E7
shared_ptr.LIBCMTD ref: 000001AE908BA855

Strings

d, xrefs: 000001AE908BA7EE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: d15551ef352780555c2ea6bbbdc47b6b4da13a0ef2cbee25cbb5e0fcc51e2eb4
Instruction ID: 0ae68ac66bcd9156e2c8ce1c22dbc046e5f46c7c9c1ca9fc678aaa73b4fdbda1
Opcode Fuzzy Hash: d15551ef352780555c2ea6bbbdc47b6b4da13a0ef2cbee25cbb5e0fcc51e2eb4
Instruction Fuzzy Hash: ED9132303197949FE7A4EB28C0547ABBBE1EF9A354F44095DF0CAC3662DA349944CB03

Function 00007FF6C5239020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5239119

Strings

[io] Calling Platform_SetImeDataFn(): WantVisible: %d, InputPos (%.2f,%.2f), xrefs: 00007FF6C52390FA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C523904E, 00007FF6C5239083, 00007FF6C52392FA
..., xrefs: 00007FF6C5239228
g.WithinFrameScope && "Forgot to call ImGui::NewFrame()?", xrefs: 00007FF6C523908A
g.Windows.Size == g.WindowsTempSortBuffer.Size, xrefs: 00007FF6C5239301
g.Initialized, xrefs: 00007FF6C5239055

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: ...$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[io] Calling Platform_SetImeDataFn(): WantVisible: %d, InputPos (%.2f,%.2f)$g.Initialized$g.Windows.Size == g.WindowsTempSortBuffer.Size$g.WithinFrameScope && "Forgot to call ImGui::NewFrame()?"
API String ID: 1992661772-1859298919
Opcode ID: 060b472aa06481790f39947663f7c135ef60e497f69f7d8b1af8de47b26fe6ba
Instruction ID: 3f8e39fbc21ccd9c38ca8c51c748b236e0b2f0aeef66fc6b5aa85add26604ad5
Opcode Fuzzy Hash: 060b472aa06481790f39947663f7c135ef60e497f69f7d8b1af8de47b26fe6ba
Instruction Fuzzy Hash: E6A16032A0868285EB11DF25CE441F937E5EB46F8AF484175DA9D9B69ACF3CE850C720

Function 000001AE908C1060 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE9087A110: char_traits.LIBCPMTD ref: 000001AE9087A13D

type_info::_name_internal_method.LIBCMTD ref: 000001AE908C10D6
type_info::_name_internal_method.LIBCMTD ref: 000001AE908C10F5
type_info::_name_internal_method.LIBCMTD ref: 000001AE908C1186
type_info::_name_internal_method.LIBCMTD ref: 000001AE908C11E1
type_info::_name_internal_method.LIBCMTD ref: 000001AE908C1233

Strings

', xrefs: 000001AE908C110D
, xrefs: 000001AE908C10A8

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 37bc1918225271d6d2c502ee6e2251174aad6824fb8f963c116eb69f90c6ea40
Instruction ID: a538ffe4668eb50bd64bf177fda55c222747b04507d6c28c7513d4cac11f500a
Opcode Fuzzy Hash: 37bc1918225271d6d2c502ee6e2251174aad6824fb8f963c116eb69f90c6ea40
Instruction Fuzzy Hash: 15512031219B888FE7A1EB14C495BDBBBE5FBDA314F804919E089C21A2DF349545CB43

Function 00007FF6C5239AA8 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF6C5239BB5
__swprintf_l.LIBCMT ref: 00007FF6C5239BC7

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5239AE9
id != 0, xrefs: 00007FF6C5239AF0
##Child, xrefs: 00007FF6C5239C18
%s/%08X, xrefs: 00007FF6C5239BBC
%s/%s_%08X, xrefs: 00007FF6C5239BA9

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: __swprintf_l
String ID: ##Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
API String ID: 1488884202-1414757225
Opcode ID: 2e49532d6322da19ac7ab4ba72c2dcd9fef6d890dad21c58122ed534d240c532
Instruction ID: eaa26795f65c2063a4fb63e34dbbd2a6e538a6493546f06663889401e0b85b45
Opcode Fuzzy Hash: 2e49532d6322da19ac7ab4ba72c2dcd9fef6d890dad21c58122ed534d240c532
Instruction Fuzzy Hash: D351BF3390868186E710DF369E400E963E5FF89F85F484236EE8957665DF3CE852DB40

Function 00007FF6C5237B6F Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 222COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5237C09

Strings

g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF6C5237F76
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5237F6F
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF6C5237C02
i >= 0 && i < Size, xrefs: 00007FF6C52380F8, 00007FF6C5238129, 00007FF6C5238156
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF6C5237DDC

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$g.MovingWindow && g.MovingWindow->RootWindow$g.WindowsFocusOrder.Size <= g.Windows.Size$i >= 0 && i < Size
API String ID: 1992661772-3397096726
Opcode ID: 8829b98ccd2e5f4955c43833e96d3ff3787e9c068e07bde7f39486688245f4d6
Instruction ID: d436cb77a5fe42594de1f0b93356adca32abd3d35ba73d3276df24ddd310ffc6
Opcode Fuzzy Hash: 8829b98ccd2e5f4955c43833e96d3ff3787e9c068e07bde7f39486688245f4d6
Instruction Fuzzy Hash: 53C182B290439289D711DF26ED889E833ECFB14B8DF094539DE8897691DF3CA994CB10

Function 00007FF6C5236404 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C523644F
_scwprintf.LIBCMT ref: 00007FF6C52364BF

Strings

g.ActiveIdSource != ImGuiInputSource_None, xrefs: 00007FF6C5236547
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5236540
SetActiveID() cancel MovingWindow, xrefs: 00007FF6C5236448
SetActiveID() old:0x%08X (window "%s") -> new:0x%08X (window "%s"), xrefs: 00007FF6C52364B8

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$SetActiveID() cancel MovingWindow$SetActiveID() old:0x%08X (window "%s") -> new:0x%08X (window "%s")$g.ActiveIdSource != ImGuiInputSource_None
API String ID: 1992661772-3636884292
Opcode ID: de0cae73e33d125ef181cdebf606c75e1b3c9a3b433cfa8ee5f6d7e421fa028d
Instruction ID: 0e2498adc95bda0b6487847529c6108cb52351720e611a27ecbf43ef6b5aa336
Opcode Fuzzy Hash: de0cae73e33d125ef181cdebf606c75e1b3c9a3b433cfa8ee5f6d7e421fa028d
Instruction Fuzzy Hash: 1D415B32A0878285E721CF25D9447E936E8EB44F9AF184039DF898B699DF7CE941C720

Function 00007FF6C523EBCC Relevance: 10.1, Strings: 8, Instructions: 144COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C523EC30, 00007FF6C523ECAA, 00007FF6C523ED0C
Size > 0, xrefs: 00007FF6C523EC5A, 00007FF6C523EDB8, 00007FF6C523EDF5, 00007FF6C523EE24
(g.WithinEndChild) && "Must call EndChild() and not End()!", xrefs: 00007FF6C523ECB1
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C523EC53, 00007FF6C523EDB1, 00007FF6C523EDEE, 00007FF6C523EE1D
Calling End() too many times!, xrefs: 00007FF6C523EC09
Must call EndChild() and not End()!, xrefs: 00007FF6C523EC8B
window->DrawList == 0, xrefs: 00007FF6C523ED13
(g.CurrentWindowStack.Size > 1) && "Calling End() too many times!", xrefs: 00007FF6C523EC37

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (g.CurrentWindowStack.Size > 1) && "Calling End() too many times!"$(g.WithinEndChild) && "Must call EndChild() and not End()!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Calling End() too many times!$Must call EndChild() and not End()!$Size > 0$window->DrawList == 0
API String ID: 0-2412769501
Opcode ID: 501d88fcd93a7bd2c08c82310b472f0cee8aea3a74eae12dcaedb5cbe4fdb3b4
Instruction ID: c907309d5bebca8cd90516fd3ca09c07cf96f006c77684e1d5c8a8c92f47c880
Opcode Fuzzy Hash: 501d88fcd93a7bd2c08c82310b472f0cee8aea3a74eae12dcaedb5cbe4fdb3b4
Instruction Fuzzy Hash: 4A713B32A08A8285F721DF24DE411F927E8EB50F86F494536EB8D87696DF2CE984C351

Function 000001AE908AFD60 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908AFE31

Part of subcall function 000001AE908B04F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908B04FE

Part of subcall function 000001AE908B32F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908B3303

bool_.LIBCPMTD ref: 000001AE908AFF43
shared_ptr.LIBCMTD ref: 000001AE908AFF50
UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908AFFF3
bool_.LIBCPMTD ref: 000001AE908B00DB
shared_ptr.LIBCMTD ref: 000001AE908B00E8

Part of subcall function 000001AE908B3220: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908B322E
Part of subcall function 000001AE908B3220: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908B3264

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 3eba9882c9bba142c269e39a38bb62c6cc58e1174b8cb602d1c281a7c81d27e7
Instruction ID: 49d351ff9f7e032ecd0bb9d69278289edc0c5e40a18c9c38debaf63f9d77b938
Opcode Fuzzy Hash: 3eba9882c9bba142c269e39a38bb62c6cc58e1174b8cb602d1c281a7c81d27e7
Instruction Fuzzy Hash: 2FF1EE30319B849FE7B5EB18C455BEBBBE0FF9A315F804919E089C75A2DA709944CB43

Function 000001AE908DE220 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908DE243
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908DE257
std::make_error_code.LIBCPMTD ref: 000001AE908DE270
std::make_error_code.LIBCPMTD ref: 000001AE908DE2D2
std::make_error_code.LIBCPMTD ref: 000001AE908DE4A0

Part of subcall function 000001AE90886020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000001AE9088602E

std::make_error_code.LIBCPMTD ref: 000001AE908DE357

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 648204d8796b0456c5041645c104bce2b2d368ee5bb78d51d9d0d7f5fe03f98a
Instruction ID: 6e3bcf53065f8ed039af8c6d8d3377fea189b6b52d0607e4b8413c5e029b4ec5
Opcode Fuzzy Hash: 648204d8796b0456c5041645c104bce2b2d368ee5bb78d51d9d0d7f5fe03f98a
Instruction Fuzzy Hash: BFF1DC303197949FE6B4EB28C455BEBBBE1FB96314F804959E08AC3A92DE349845C743

Function 000001AE908ABD00 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908ABD46
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001AE908ABD69
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001AE908ABD8F
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001AE908ABE02
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001AE908ABE28
List.LIBCMTD ref: 000001AE908ABE34

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: dc63ee7da590cd9a2421b7607cfa7165f07dc81bb3ce9fa7acd0f85075bc953f
Instruction ID: 691c74a5cf0a13503b29e93546abfc32211d75e4a43f0c72f90d77d0b01355e8
Opcode Fuzzy Hash: dc63ee7da590cd9a2421b7607cfa7165f07dc81bb3ce9fa7acd0f85075bc953f
Instruction Fuzzy Hash: B5413C30319B485FDAA4EB24C455BDBBBE1FBDA314F80492DE089C3A92DE749944C743

Function 000001AE908F1BD0 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1BFE

Part of subcall function 000001AE908C7840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908C7858

type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1C20

Part of subcall function 000001AE908F0ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908F0EE8

type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1C42
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1C64
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1C86
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1CA8

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: 67cdfe9bdbd874be6511afb420a5d2b4f8d2346f8b9e30989472aad3a908a350
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: 66319D30719B988FD7A4EF28C45979ABBE1FB9A314F90495DA18DC3652DA309881CB43

Function 00007FF6C52319AC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5231AC6

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52319EB, 00007FF6C5231A11
Ctx != 0, xrefs: 00007FF6C52319F2
mouse_button >= 0 && mouse_button < ImGuiMouseButton_COUNT, xrefs: 00007FF6C5231A18
[io] Super+Left Click aliased into Right Click, xrefs: 00007FF6C5231ABF

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0$[io] Super+Left Click aliased into Right Click$mouse_button >= 0 && mouse_button < ImGuiMouseButton_COUNT
API String ID: 1992661772-2767816988
Opcode ID: 44df65e0b7a673b2f33f3df045adb4720774b1cf21080d106291b753e99dba05
Instruction ID: 99bad08f910adf578ca3782596153bb51540aac85f331e460f176afae7a1908f
Opcode Fuzzy Hash: 44df65e0b7a673b2f33f3df045adb4720774b1cf21080d106291b753e99dba05
Instruction Fuzzy Hash: EF419F62A0C7C285E7618F259E402B96BE4EB45F82F080035EADD87799DF3CED11CB10

Function 00007FF6C5247C28 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5247CCE

Strings

[nav] NavInitRequest: from NavInitWindow(), init_for_nav=%d, window="%s", layer=%d, xrefs: 00007FF6C5247CBF
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5247C5D, 00007FF6C5247D41
g.NavWindow != 0, xrefs: 00007FF6C5247D48, 00007FF6C5247D4F
window == g.NavWindow, xrefs: 00007FF6C5247C64, 00007FF6C5247C6B

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from NavInitWindow(), init_for_nav=%d, window="%s", layer=%d$g.NavWindow != 0$window == g.NavWindow
API String ID: 1992661772-3051114554
Opcode ID: 03737c7a8e712c8907cc3751ab6bae8f301dbd3d10173ab26332044b5d201480
Instruction ID: dc9c761bc1e68fa14508b6a562ee6e35195ced1996d3e0d78999533e75cf1bee
Opcode Fuzzy Hash: 03737c7a8e712c8907cc3751ab6bae8f301dbd3d10173ab26332044b5d201480
Instruction Fuzzy Hash: 41414F32A1868296E7258F21EE407BE67E0FB44B46F480035DBE957695CF7CF896CB01

Function 00007FF6C5246A64 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5246AA6

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5246B02
g.NavWindow != 0, xrefs: 00007FF6C5246B09
[focus] SetNavWindow("%s"), xrefs: 00007FF6C5246A9F
<NULL>, xrefs: 00007FF6C5246A98

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: <NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[focus] SetNavWindow("%s")$g.NavWindow != 0
API String ID: 1992661772-1150601597
Opcode ID: 8835959305bb8748a863ed71613dbabd65792e3b80c9606215657381e04a6ed5
Instruction ID: 213c6d08ba7630416863e5a1c02b4c07ab3d95d381808aed0fa97a792d6467a2
Opcode Fuzzy Hash: 8835959305bb8748a863ed71613dbabd65792e3b80c9606215657381e04a6ed5
Instruction Fuzzy Hash: 7D119022A08AC295EB108F15DE407F927D0AB40F99F689175DEED8B6D5DF6CEC448300

Function 000001AE908C60C0 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908C62C7

Part of subcall function 000001AE9089AB90: std::error_condition::error_condition.LIBCPMTD ref: 000001AE9089ABAE

Part of subcall function 000001AE908A5770: _Func_class.LIBCONCRTD ref: 000001AE908A5783

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908C62FA
std::make_error_code.LIBCPMTD ref: 000001AE908C6345

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 44cba59cad6e6780b7330a5251a4022cc13292a5642e4b9283b07efd5546a608
Instruction ID: 5cc4c6b7d87e4046c8e15c9eca5cc05c7c8d66e30e18db86943b8350a9f9d63a
Opcode Fuzzy Hash: 44cba59cad6e6780b7330a5251a4022cc13292a5642e4b9283b07efd5546a608
Instruction Fuzzy Hash: 01F15D3031AB489FE7B5EB28C455BEBB6D1FBD5314F804969E04EC3A92DE3899458703

Function 000001AE908C28E0 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908C2965
std::make_error_code.LIBCPMTD ref: 000001AE908C29B0
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908C2AA4
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001AE908C2D53

Part of subcall function 000001AE908CF840: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908CF86B

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001AE908C2E2E

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 7276691ce44bb159d207125626d756ecb9696e90fa2b459645b29a43bd81d226
Instruction ID: 7e53afd0484818891f9ec843d49499c4af6225ac2198677957175e85d1481e06
Opcode Fuzzy Hash: 7276691ce44bb159d207125626d756ecb9696e90fa2b459645b29a43bd81d226
Instruction Fuzzy Hash: 5AF1FC30319B889FE7B5EB28C455BDBB7E1FB99314F80092AA08DC3691DE349585CB43

Function 000001AE908B1570 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e49ce6d8b0af74962f0c5e317f09bfd79de9c4806dcff04e0bb5a57e71a8ad9
Instruction ID: 2f194a3f8cceaf038e3243186e7afce6c5b39d2cc0fa81c011f343b1893e8cd4
Opcode Fuzzy Hash: 0e49ce6d8b0af74962f0c5e317f09bfd79de9c4806dcff04e0bb5a57e71a8ad9
Instruction Fuzzy Hash: 85B1C130218B888FDBA4EF18C095F9AB7E5FBA9354F90495DE08ED7651DB70D881CB42

Function 000001AE908A5B00 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001AE908A5BA3
fpos.LIBCPMTD ref: 000001AE908A5D2E
fpos.LIBCPMTD ref: 000001AE908A5D69
fpos.LIBCPMTD ref: 000001AE908A5DDC

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: fe1bd0d6e9f2e15ad540e8fe2edb285bc6fcd10d5c351c6f3bc703fdde1d497a
Instruction ID: bdfbdf6bc522608560427f90c1286d31b5374e679366770ec00fabb52e76db3e
Opcode Fuzzy Hash: fe1bd0d6e9f2e15ad540e8fe2edb285bc6fcd10d5c351c6f3bc703fdde1d497a
Instruction Fuzzy Hash: E6B1CC30319B489FD7B4DB18C4587ABBBE1FB99365F944919E48AC7A90D734D884CB03

Function 000001AE908E9B50 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908E9B91

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908E9C34
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908E9D36
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908E9D5A

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: db830612614fa449fbf8a2290d03dab55f69eeb659f72aeea5838419a52f05bd
Instruction ID: c9a10e309edb2877f5c427345dedb0656fa0485758fc9cd87539f7d21e880134
Opcode Fuzzy Hash: db830612614fa449fbf8a2290d03dab55f69eeb659f72aeea5838419a52f05bd
Instruction Fuzzy Hash: BEA12E31319B494BE7B5EB14C441BEFBBE0FB96324F800919E58AC25E2DE74D9458783

Function 00007FF6C5233A04 Relevance: 7.7, Strings: 6, Instructions: 249COMMON

Download Yara Rule

Strings

index >= 0, xrefs: 00007FF6C5233B12
PackIdMouseCursors != -1, xrefs: 00007FF6C5233AE6
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6C5233ADF
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5233B0B, 00007FF6C5233B2D
i >= 0 && i < Size, xrefs: 00007FF6C5233B34
##Foreground, xrefs: 00007FF6C5233C92

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ##Foreground$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$PackIdMouseCursors != -1$i >= 0 && i < Size$index >= 0
API String ID: 0-1778269986
Opcode ID: f32f19c0899150569e4e38bf99726b042215e51f6f611f1c29275b6bc4d1af8e
Instruction ID: a074d333f81f95890c9727723490cdc0527b8e46ff110d9eae7bf4acb668e19d
Opcode Fuzzy Hash: f32f19c0899150569e4e38bf99726b042215e51f6f611f1c29275b6bc4d1af8e
Instruction Fuzzy Hash: 26C1E133914B8895E301CF36E9410A8B3A0FF6A785F189722EE8C63665DF38E595DB00

Function 000001AE908DF400 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908DF442

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908DF513

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 8bc390d30a7f1d8aafd21f3278c3c1041af784d4880d4acc69fbacb09d269c18
Instruction ID: 211a407687275b1a368568d8e1371ea49b5bcfce9ebaf64047922ecae7f62b58
Opcode Fuzzy Hash: 8bc390d30a7f1d8aafd21f3278c3c1041af784d4880d4acc69fbacb09d269c18
Instruction Fuzzy Hash: 5E912D31319B888BE375EB24C451BEBBBE1FBD5314F804A1DE48AC65A6DE309944CB43

Function 000001AE908D7049 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 000001AE908D7092
Mailbox.LIBCMTD ref: 000001AE908D70CA
Mailbox.LIBCMTD ref: 000001AE908D7135
Mailbox.LIBCMTD ref: 000001AE908D7166
Mailbox.LIBCMTD ref: 000001AE908D7190

Part of subcall function 000001AE9089BC30: Mailbox.LIBCMTD ref: 000001AE9089BC7E

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: c1b4378940830f1effdd1e619e523ef3b2297a0c5ada4de89c673b07b333cb85
Instruction ID: 535266bce46fbde2f9157b39229c751d4dea68bef7b08ffc9292120e1a86f911
Opcode Fuzzy Hash: c1b4378940830f1effdd1e619e523ef3b2297a0c5ada4de89c673b07b333cb85
Instruction Fuzzy Hash: A661413120CB888FD765EA18C454BEBBBE1FBA9315F440A1EE48AD3691DE70D984C743

Function 000001AE908926B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 000001AE908926D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE90892767

Part of subcall function 000001AE90890B80: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90890BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908927FE
std::error_condition::error_condition.LIBCPMTD ref: 000001AE9089286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908928DC

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: 605bb16c649ec46b312a0aff6a36ce338a0e7affe64a80df00e5f54f56155300
Instruction ID: 09937992dec166a73350c2680f5042dd9e14ea4c70a85685be15e80f082042a1
Opcode Fuzzy Hash: 605bb16c649ec46b312a0aff6a36ce338a0e7affe64a80df00e5f54f56155300
Instruction Fuzzy Hash: 48610634719B488FD7A4EB28C485BDABBE1FB99324F808959E09DC3691DB74D845CB03

Function 000001AE9090A780 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE9090A7A8

Part of subcall function 000001AE9090C2E0: shared_ptr.LIBCPMTD ref: 000001AE9090C301

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001AE9090A827
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9090A886
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9090A89D
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001AE9090A946

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 947681d9ab8599cb23ccaaab35e50ca17ffc568cb3c4781aaf54affa6d8a08d0
Instruction ID: 55f8f539f093a1ab6763c06f745ae5bb91e189eec7e2e752fa38914d1a59da10
Opcode Fuzzy Hash: 947681d9ab8599cb23ccaaab35e50ca17ffc568cb3c4781aaf54affa6d8a08d0
Instruction Fuzzy Hash: 6B61E870619B488FE7A4EB68C445B9BBBE0FB99354F50491EE48DC3261DB30D885CB43

Function 000001AE9090AC40 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE9090AC68

Part of subcall function 000001AE9090C1E0: shared_ptr.LIBCPMTD ref: 000001AE9090C201

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001AE9090ACE7
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9090AD46
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9090AD5D
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001AE9090AE06

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: a2da2556daea37b612cee8ceb37a5ad9edb5a7a8362c419b22eb5f256d4dc801
Instruction ID: 49d88f995201be1a21e632ca05081222119e6054f2bfdf0d9ff2d51411266528
Opcode Fuzzy Hash: a2da2556daea37b612cee8ceb37a5ad9edb5a7a8362c419b22eb5f256d4dc801
Instruction Fuzzy Hash: BE61E870619B488FE7A0EB68C445B9BBBE0FB99315F50491EE48DC3261DB30D885CB43

Function 00007FF6C5263E5C Relevance: 7.7, Strings: 6, Instructions: 175COMMON

Download Yara Rule

Strings

idx == 0 || idx == 1, xrefs: 00007FF6C5263F1F, 00007FF6C526400C, 00007FF6C5264025, 00007FF6C5264052, 00007FF6C526406B, 00007FF6C5264096, 00007FF6C52640E8, 00007FF6C52640F2
scrollbar_size > 0.0f, xrefs: 00007FF6C5263F50
#SCROLLX, xrefs: 00007FF6C5263EBC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5263ED5
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C5263F49
#SCROLLY, xrefs: 00007FF6C5263E83

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: #SCROLLX$#SCROLLY$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$idx == 0 || idx == 1$scrollbar_size > 0.0f
API String ID: 0-3683736980
Opcode ID: e482744c061713fa4ae5ba8402faee15b7b3353bbb9d7b5424784623e9435186
Instruction ID: bc927c7ecc9f506baaa360da3cd93cc4f92ff60f1a77ba1b366d5eb90bf63ba8
Opcode Fuzzy Hash: e482744c061713fa4ae5ba8402faee15b7b3353bbb9d7b5424784623e9435186
Instruction Fuzzy Hash: 8A814422A14B8495E712CF26ED456F973A1FF5AB85F084331EE8CA3661CF39A991C700

Function 000001AE908E0100 Relevance: 7.7, APIs: 5, Instructions: 171COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908E0123
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908E0137
std::make_error_code.LIBCPMTD ref: 000001AE908E0150
std::make_error_code.LIBCPMTD ref: 000001AE908E01A3

Part of subcall function 000001AE90886020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000001AE9088602E

std::make_error_code.LIBCPMTD ref: 000001AE908E0207

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 7a6e3a8a4096c77738c4bf48af523395d9bddc510b464b5c0c2692e72954208b
Instruction ID: 70a98bff3ff61e0388815917cdf18948b977c81d7d7d5f6d5c5ebbc6584caa39
Opcode Fuzzy Hash: 7a6e3a8a4096c77738c4bf48af523395d9bddc510b464b5c0c2692e72954208b
Instruction Fuzzy Hash: 69519E3031AB449BE2B4EB18C855BDBBAD1FBD5314F904959E08EC7AA2DE349845CB03

Function 000001AE908E0ED0 Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908E0F05

Part of subcall function 000001AE908E4440: type_info::_name_internal_method.LIBCMTD ref: 000001AE908E4458

std::make_error_code.LIBCPMTD ref: 000001AE908E0F1E

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908E0F47
std::make_error_code.LIBCPMTD ref: 000001AE908E0F60

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: e288d37d0697112a2d51f993761bbd4d54a24d06f27eb0f41e135379a7e73d09
Instruction ID: 23854da7fa0fc9a381f0aed85d551c8ec3de38293d661fd5460b057d89cef881
Opcode Fuzzy Hash: e288d37d0697112a2d51f993761bbd4d54a24d06f27eb0f41e135379a7e73d09
Instruction Fuzzy Hash: 27513230329B848BE775EB24C451BEBBBD1BBD6318F804A19E499C65D2DB34D944C743

Function 00007FF6C526CE04 Relevance: 7.6, Strings: 6, Instructions: 104COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF6C526CF0B, 00007FF6C526CF3A
(tab_bar != 0) && "Mismatched BeginTabBar()/EndTabBar()!", xrefs: 00007FF6C526CE61
Mismatched BeginTabBar()/EndTabBar()!, xrefs: 00007FF6C526CE40
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C526CF04, 00007FF6C526CF12, 00007FF6C526CF33, 00007FF6C526CF85
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C526CE5A
i >= 0 && i < Size, xrefs: 00007FF6C526CF8C

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (tab_bar != 0) && "Mismatched BeginTabBar()/EndTabBar()!"$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Mismatched BeginTabBar()/EndTabBar()!$Size > 0$i >= 0 && i < Size
API String ID: 0-2829467659
Opcode ID: 6b8ad1d41fb615cee62a69b6d00e4c730401f3bc139cb9460d11d495df6f6857
Instruction ID: 593888d2c3d6d49edd261516087bf8c641b9878b69804787901e8aefaf8140da
Opcode Fuzzy Hash: 6b8ad1d41fb615cee62a69b6d00e4c730401f3bc139cb9460d11d495df6f6857
Instruction Fuzzy Hash: FD51AE32A08782AAE725DF65EE402A873A0FF68B85F444132D79CD7596DF2CF964C740

Function 00007FF6C5232C10 Relevance: 7.6, Strings: 6, Instructions: 96COMMON

Download Yara Rule

Strings

(0) && "Calling PopStyleVar() too many times!", xrefs: 00007FF6C5232D0C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5232C9D
Size > 0, xrefs: 00007FF6C5232D37, 00007FF6C5232DAC
Calling PushStyleVar() variant with wrong type!, xrefs: 00007FF6C5232C87
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5232D30, 00007FF6C5232DA5
(0) && "Calling PushStyleVar() variant with wrong type!", xrefs: 00007FF6C5232CA4, 00007FF6C5232CA5

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopStyleVar() too many times!"$(0) && "Calling PushStyleVar() variant with wrong type!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Calling PushStyleVar() variant with wrong type!$Size > 0
API String ID: 0-3100939511
Opcode ID: 95fcdcdc69cf5b9de5876902ad2cea4cd9f064f99d1992c3cebca37e82c58093
Instruction ID: c39a017eb21ae888eaa2432fbe1ace1f46bc68185bf4eb421e0000fd79439151
Opcode Fuzzy Hash: 95fcdcdc69cf5b9de5876902ad2cea4cd9f064f99d1992c3cebca37e82c58093
Instruction Fuzzy Hash: C741A076A086829AE710DF14EE401AD73E0FB85F85F458531DA8D972AADF3CED41CB40

Function 000001AE908DFE90 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908DFEB7

Part of subcall function 000001AE908E4440: type_info::_name_internal_method.LIBCMTD ref: 000001AE908E4458

std::make_error_code.LIBCPMTD ref: 000001AE908DFECD

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908DFEF0
std::make_error_code.LIBCPMTD ref: 000001AE908DFF06

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 63a70a45f75d598f3e0a3577ec78f9d775881292d50549872d87eded24c7d1ab
Instruction ID: 80f6257a8876f1056ae02299deb0b828d0c5363b164ed4e5e287519ead214266
Opcode Fuzzy Hash: 63a70a45f75d598f3e0a3577ec78f9d775881292d50549872d87eded24c7d1ab
Instruction Fuzzy Hash: 48212130319B488BE665EB24C451BEBBBE1FBC5358F804919F049C76A6DE34D941D783

Function 000001AE908F1E10 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1E3E

Part of subcall function 000001AE908F0ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908F0EE8

type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1E60
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1E82
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1EA4
type_info::_name_internal_method.LIBCMTD ref: 000001AE908F1EC6

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: e59c135130fb3c4f5a6b16ec54fc5067b77a1350e8337f3372cb6d45bc6f8d9c
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: EA21A830719B888FD7A4FF28C45979ABBE1FB99314F80495DE08DC3652DA3098858B43

Function 000001AE908BC100 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908BC12E

Part of subcall function 000001AE908C7840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908C7858

type_info::_name_internal_method.LIBCMTD ref: 000001AE908BC150
type_info::_name_internal_method.LIBCMTD ref: 000001AE908BC172
type_info::_name_internal_method.LIBCMTD ref: 000001AE908BC194
type_info::_name_internal_method.LIBCMTD ref: 000001AE908BC1B6

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction ID: eab75bd481bd15c67ea945a9ebd711ad3c69d23da78d1ed0a06dedf57a2c72af
Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction Fuzzy Hash: 9321A830719B888FD7E4FF28C45979ABBE1FB99314F80496DE08DC3652DA3098858B47

Function 000001AE908D9690 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908D96BA
shared_ptr.LIBCMTD ref: 000001AE908D96CE

Part of subcall function 000001AE908E1D30: shared_ptr.LIBCMTD ref: 000001AE908E1D3E

allocator.LIBCPMTD ref: 000001AE908D96E2
shared_ptr.LIBCMTD ref: 000001AE908D96F4
allocator.LIBCPMTD ref: 000001AE908D9708

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction ID: 46b06b0d14e48b33cf8d2394d20b0744bed44e6e12b7d5202de43a2923d844af
Opcode Fuzzy Hash: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction Fuzzy Hash: 3711FE30618B484FD7A4EB28C4457EBBBE1FBD9364F804A1DE48DC3662DA30D9458B83

Function 000001AE9087E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE9087E53C
type_info::_name_internal_method.LIBCMTD ref: 000001AE9087E5F2
type_info::_name_internal_method.LIBCMTD ref: 000001AE9087E6BA

Part of subcall function 000001AE9087A110: char_traits.LIBCPMTD ref: 000001AE9087A13D

Strings

, xrefs: 000001AE9087E734

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: 5b8815007eec9d2fc278b9dc9d08a32769fd764c1a476b578cf45ba5309400a6
Instruction ID: e37e181baba05168638afd2cc32e4ea08742321d0af0905a842c06c2f3120f48
Opcode Fuzzy Hash: 5b8815007eec9d2fc278b9dc9d08a32769fd764c1a476b578cf45ba5309400a6
Instruction Fuzzy Hash: 97C1EE31319B488BE7B5EB24C496BDBBBE1FB99314F900A2DE08AC3595DE34D5448B43

Function 000001AE908C34C8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908C38EF
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908C395B
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908C39B5

Strings

e, xrefs: 000001AE908C35AC

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: b924e1a642c36f152f6b504590bfa565702d9d26cd134fc3f3a5abca82a7f906
Instruction ID: ed8152fe6b1a730d237f20ea6404d05cefb9e62418cffd6fa4430f8d0716d08e
Opcode Fuzzy Hash: b924e1a642c36f152f6b504590bfa565702d9d26cd134fc3f3a5abca82a7f906
Instruction Fuzzy Hash: F8610030719B588FEBA4EB68C445B9A7BF0FB9A314F90091DE149C7661D774D882DB03

Function 000001AE9088C5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 000001AE9088C660
_Subatomic.LIBCONCRTD ref: 000001AE9088C6FC

Strings

d, xrefs: 000001AE9088C630

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction ID: 9795ede38623aaf7fc68af1294a60b85d8b3cb25265e4dbeaad0ea0dac3668f0
Opcode Fuzzy Hash: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction Fuzzy Hash: 85412030319B488FD7A4EF28C44D7ABBBE2FB99355F40495EE48AD3660DA74D9408B03

Function 000001AE90874AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90874AD0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE90874B2F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90874B41

Strings

, xrefs: 000001AE90874B85

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 991905282-3916222277
Opcode ID: e3dc7a3dc38e938f7d3de40854a2f6867c3f50b7cfbad81a37091e8419198f94
Instruction ID: 55f30bc470865f79dad3737dff56144eb92270280180cc244bc6ef5aba15282c
Opcode Fuzzy Hash: e3dc7a3dc38e938f7d3de40854a2f6867c3f50b7cfbad81a37091e8419198f94
Instruction Fuzzy Hash: 4741E830219B448FE3A5EF28C49679BBBE0FB85355FD0592DF099C26A1CB709845CB43

Function 00007FF6C524609C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C52461EA

Strings

[popup] CloseCurrentPopup %d -> %d, xrefs: 00007FF6C52461DE
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C52460DC, 00007FF6C524610C, 00007FF6C524614B, 00007FF6C524617E
i >= 0 && i < Size, xrefs: 00007FF6C52460E3, 00007FF6C5246113, 00007FF6C5246152, 00007FF6C5246185

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$[popup] CloseCurrentPopup %d -> %d$i >= 0 && i < Size
API String ID: 1992661772-2508444311
Opcode ID: ff10c1af45c046d3c569bb23420d5439a97b5350bd07816399e689946282bcaa
Instruction ID: 5fbf78b85cb79ef846f4c1a7ccfbfca5669010bcc88f60134540d7a096ede681
Opcode Fuzzy Hash: ff10c1af45c046d3c569bb23420d5439a97b5350bd07816399e689946282bcaa
Instruction Fuzzy Hash: 6A417D32B08A8299EB10DF25DE54AEC27A1EB50F86F494035DE8C8B396DF7DF8458750

Function 000001AE908E2AF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908E2B47

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908E2B72
std::make_error_code.LIBCPMTD ref: 000001AE908E2B8E

Strings

}, xrefs: 000001AE908E2B36

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: 1437fc56f20eb242452f3dab8bee66e0f454c9a6f6438df6a3d9d76061fc3a80
Instruction ID: a1395e70cc496bd6fb22691c31d60755f33c3b5a2d5c9fd64f3d39c2be026b89
Opcode Fuzzy Hash: 1437fc56f20eb242452f3dab8bee66e0f454c9a6f6438df6a3d9d76061fc3a80
Instruction Fuzzy Hash: BA21FC303197448BE364EB18C45079BFFE1FBC63A8F904969E595D29A1C674C9818743

Function 00007FF6C523537C Relevance: 6.6, Strings: 5, Instructions: 365COMMON

Download Yara Rule

Strings

Forgot to shutdown Renderer backend?, xrefs: 00007FF6C52353E3
(g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?", xrefs: 00007FF6C52353CD
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52353C6, 00007FF6C5235402
(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?", xrefs: 00007FF6C5235409
Forgot to shutdown Platform backend?, xrefs: 00007FF6C52353A7

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
API String ID: 0-2716422499
Opcode ID: 4bb38d18c6ba05e6f6bf5e7c973c50fe022058a8d0040cbec2a115ea6835f8d3
Instruction ID: 747725fcf141f023ec69dfd6d12adcf7993573d7beb2f823433f4cfbc8ef7751
Opcode Fuzzy Hash: 4bb38d18c6ba05e6f6bf5e7c973c50fe022058a8d0040cbec2a115ea6835f8d3
Instruction Fuzzy Hash: 05020836A0968181EB14DF61EE945F823E9EF40F46F580935DE8D9B64ACF3CE990D720

Function 000001AE90937B30 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE9087A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087A18D

Part of subcall function 000001AE9087A110: char_traits.LIBCPMTD ref: 000001AE9087A13D

type_info::_name_internal_method.LIBCMTD ref: 000001AE90937BA4

Part of subcall function 000001AE909588A0: type_info::_name_internal_method.LIBCMTD ref: 000001AE90958940
Part of subcall function 000001AE909588A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE909589A6
Part of subcall function 000001AE909588A0: CreateFileA.KERNEL32 ref: 000001AE909589D2

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE90937C74

Part of subcall function 000001AE90875180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90875217

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 1a6d43370d743c0741790246eda51870718d100c5d1125f62a037d8daaab8b3e
Instruction ID: 2b070c2984475d0035f6fe27c1e39a52b6f1d643b8abf3e9147a2fbde85c9ee6
Opcode Fuzzy Hash: 1a6d43370d743c0741790246eda51870718d100c5d1125f62a037d8daaab8b3e
Instruction Fuzzy Hash: FB023231219B488AE366EB24C455BEFB7E1FBD6314FC0496EE08AC35A6DE305945CB43

Function 00007FF6C52393C4 Relevance: 6.5, Strings: 5, Instructions: 206COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52393F5, 00007FF6C52396A2
##Background, xrefs: 00007FF6C52394C9
draw_data->CmdLists.Size == draw_data->CmdListsCount, xrefs: 00007FF6C52396A9
g.Initialized, xrefs: 00007FF6C52393FC
##Foreground, xrefs: 00007FF6C523966D

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ##Background$##Foreground$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$draw_data->CmdLists.Size == draw_data->CmdListsCount$g.Initialized
API String ID: 0-3610610894
Opcode ID: f8e094b5cd7d023ed94c7485feb7eb3f3a635a236a3a8d4c958e04c5bfc23ff7
Instruction ID: ab54e57dc385653f3640840494c2005a8fcac6b81f3a4e019b7617c05f9ceb5d
Opcode Fuzzy Hash: f8e094b5cd7d023ed94c7485feb7eb3f3a635a236a3a8d4c958e04c5bfc23ff7
Instruction Fuzzy Hash: A5A17E32A08A8296EB54DF25DE402A923E5FB45B89F484131DB8D87656CF3DEC65D340

Function 000001AE908D3AA0 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908D3AF1

Part of subcall function 000001AE908A2A20: _Ptr_base.LIBCMTD ref: 000001AE908A2A33

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 9563075afa9850e746f4311326fd3820ab702563374c33d9578d30c472824271
Instruction ID: 5690854bf1ac3dfbf285190a44466d27b7ca7e01dabf2ea75a112f8ee27b57ca
Opcode Fuzzy Hash: 9563075afa9850e746f4311326fd3820ab702563374c33d9578d30c472824271
Instruction Fuzzy Hash: 5DF10031319B888FE7B5EB18C455BDBB7E1FB99314F80092AA48EC3691DE749944CB43

Function 00007FF6C526DFE8 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

##<, xrefs: 00007FF6C526E0EE
##>, xrefs: 00007FF6C526E153
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C526E1DF, 00007FF6C526E247
i >= 0 && i < Size, xrefs: 00007FF6C526E24E
it >= Data && it < Data + Size, xrefs: 00007FF6C526E1E6

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ##<$##>$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 0-4200858200
Opcode ID: cc4df670a106dca8b7e5a53fc48513dbaf74ac859a5ac655d493e6668f32d7c6
Instruction ID: dfa2b5eb6e88d82bc14af64cfb8c6d2951b175933e6fef4aba3ff742db3dafa2
Opcode Fuzzy Hash: cc4df670a106dca8b7e5a53fc48513dbaf74ac859a5ac655d493e6668f32d7c6
Instruction Fuzzy Hash: 5581E532A14B8996E7118F369D412E973A0FF69B45F099331DF88A7261EF38F991C740

Function 00007FF6C5256F28 Relevance: 6.4, Strings: 5, Instructions: 129COMMON

Download Yara Rule

Strings

draw_list->VtxBuffer.Size == 0 || draw_list->_VtxWritePtr == draw_list->VtxBuffer.Data + draw_list->VtxBuffer.Size, xrefs: 00007FF6C5256F99
draw_list->_VtxCurrentIdx < (1 << 16) && "Too many vertices in ImDrawList using 16-bit indices. Read comment above", xrefs: 00007FF6C525700F
draw_list->IdxBuffer.Size == 0 || draw_list->_IdxWritePtr == draw_list->IdxBuffer.Data + draw_list->IdxBuffer.Size, xrefs: 00007FF6C5256FC7
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6C5256F74
(int)draw_list->_VtxCurrentIdx == draw_list->VtxBuffer.Size, xrefs: 00007FF6C5256FF0

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (int)draw_list->_VtxCurrentIdx == draw_list->VtxBuffer.Size$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$draw_list->IdxBuffer.Size == 0 || draw_list->_IdxWritePtr == draw_list->IdxBuffer.Data + draw_list->IdxBuffer.Size$draw_list->VtxBuffer.Size == 0 || draw_list->_VtxWritePtr == draw_list->VtxBuffer.Data + draw_list->VtxBuffer.Size$draw_list->_VtxCurrentIdx < (1 << 16) && "Too many vertices in ImDrawList using 16-bit indices. Read comment above"
API String ID: 0-1275842224
Opcode ID: eca81ea47123ba10d9be45be0c0397fbb6796533723fc3da923abe90957ab94f
Instruction ID: ba68e20b2f08480334d8851b0086892a58d84cbfd9983efcb74f940b089b63be
Opcode Fuzzy Hash: eca81ea47123ba10d9be45be0c0397fbb6796533723fc3da923abe90957ab94f
Instruction Fuzzy Hash: 32516672A09A5286EB64CF15CA9033C33E1FB44F86F844136DA8D87698DF3DE896C740

Function 000001AE908C5A30 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908C5AB7
std::make_error_code.LIBCPMTD ref: 000001AE908C5B32
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001AE908C5CBC

Part of subcall function 000001AE908CFA10: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908CFA6D
Part of subcall function 000001AE908CFA10: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908CFA84

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001AE908C5E4B

Part of subcall function 000001AE908A6D60: char_traits.LIBCPMTD ref: 000001AE908A6D80

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: 7a3ea08e90fceb27cd6e1fd845cb093568d6f95d03eb69ff7c426182bf7209eb
Instruction ID: 6e8355f43c3dd2e747c0aaee18fdc578c20e7a61bb0e54b2e3a6b32cc3190b50
Opcode Fuzzy Hash: 7a3ea08e90fceb27cd6e1fd845cb093568d6f95d03eb69ff7c426182bf7209eb
Instruction Fuzzy Hash: 3AC1EE31619B4C8FE7B5EB28C455BDBB7E1FB99310F80092EA48EC3691DE7499448B43

Function 000001AE90882C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90882CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90882E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90882E78

Part of subcall function 000001AE9087B170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087B17E
Part of subcall function 000001AE9087B170: _Max_value.LIBCPMTD ref: 000001AE9087B1A3
Part of subcall function 000001AE9087B170: _Min_value.LIBCPMTD ref: 000001AE9087B1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE90882FB7

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 82596cad36d2d3fb0aaf4ff23d60118829d448ca129abdec30145eb3f5113f40
Instruction ID: 6d7d50d69e695afef75d2d75d8ce0660c1e01cd27abe09b465cdb45c36e63471
Opcode Fuzzy Hash: 82596cad36d2d3fb0aaf4ff23d60118829d448ca129abdec30145eb3f5113f40
Instruction Fuzzy Hash: 94D1CB3031DB888FD7A5EB28C455BABBBE1FBE9355F40095DA08DC3665DA70D9808B43

Function 00007FF6C5261E40 Relevance: 6.3, Strings: 5, Instructions: 93COMMON

Download Yara Rule

Strings

column_index < columns->Columns.Size, xrefs: 00007FF6C5261EB3
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6C5261E86, 00007FF6C5261EAC, 00007FF6C5261EAD, 00007FF6C5261EBA
columns != 0, xrefs: 00007FF6C5261E8D
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5261F39
i >= 0 && i < Size, xrefs: 00007FF6C5261F40

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column_index < columns->Columns.Size$columns != 0$i >= 0 && i < Size
API String ID: 0-189766664
Opcode ID: 8c5e591d22de82f4b1474302149dc75b34124f2c38ea7d9895bed747992c6a4d
Instruction ID: 13be2291f0080e65282064edd72794a30ec5e400eefecc7fbaf8862b2b045831
Opcode Fuzzy Hash: 8c5e591d22de82f4b1474302149dc75b34124f2c38ea7d9895bed747992c6a4d
Instruction Fuzzy Hash: 50419332A08B8585E7118F35DD411A977A0FF59F46F188732DA88A7265EF3DF981C740

Function 00007FF6C5249F0C Relevance: 6.3, Strings: 5, Instructions: 76COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5249F3C, 00007FF6C5249F89
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5249F62, 00007FF6C524A023
g.WindowsFocusOrder[order] == window, xrefs: 00007FF6C5249F90
window->RootWindow == window, xrefs: 00007FF6C5249F43
i >= 0 && i < Size, xrefs: 00007FF6C5249F69, 00007FF6C524A02A

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$g.WindowsFocusOrder[order] == window$i >= 0 && i < Size$window->RootWindow == window
API String ID: 0-3228787351
Opcode ID: 75847f4d2513d03bfcb9e51b16b86ccbe27d85c2696400dbcf6f8ec8b51fae33
Instruction ID: 4d3ba33b4a9ae3400ba9cbf002df2f58e3cdc15d6a2595ff20bce5c5c7fdbfc0
Opcode Fuzzy Hash: 75847f4d2513d03bfcb9e51b16b86ccbe27d85c2696400dbcf6f8ec8b51fae33
Instruction Fuzzy Hash: 5531C062B0CA4295EB14DF05EE816B827E1FB40F82F841135EACD87695DF2DED95C704

Function 000001AE90893390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001AE9089352B
std::error_condition::error_condition.LIBCPMTD ref: 000001AE90893551

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: f45159876a3413d581667927f9ab218c6284b520071aa6869e707fb677832e16
Instruction ID: cb7829eb280a8d6a8cfbcb62b9492fb19c35d9c85d9d8d6cde45781ae79e67b2
Opcode Fuzzy Hash: f45159876a3413d581667927f9ab218c6284b520071aa6869e707fb677832e16
Instruction Fuzzy Hash: 8FC10830319B488FD7A5EB28C451BDBBBE1FB99314F90092DE49AC36A1DA70D841DB43

Function 00007FF6C52408E4 Relevance: 6.3, Strings: 5, Instructions: 72COMMON

Download Yara Rule

Strings

Shift+, xrefs: 00007FF6C5240952
%s%s%s%s%s, xrefs: 00007FF6C5240967
Super+, xrefs: 00007FF6C5240947
Ctrl+, xrefs: 00007FF6C524099D
Alt+, xrefs: 00007FF6C5240973

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: %s%s%s%s%s$Alt+$Ctrl+$Shift+$Super+
API String ID: 0-2491121921
Opcode ID: 0aadcdb9b6e93cf6e9822f628d9a421b7db2433bd8362f3a4f6d22275edc28dc
Instruction ID: 04609264c611896303d8211bf2d09904ce3951ba06e01bc0b07db8512e4e847d
Opcode Fuzzy Hash: 0aadcdb9b6e93cf6e9822f628d9a421b7db2433bd8362f3a4f6d22275edc28dc
Instruction Fuzzy Hash: 6621A075A08B8584F7648F11EE801A9A2D5EB84F91F44023ADEDD8BB95CF3CE956C304

Function 00007FF6C5241598 Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6C5241666
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52415CE, 00007FF6C5241613, 00007FF6C5241621
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF6C52415D5
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6C524166D
(flags & ~ImGuiInputFlags_SupportedByIsMouseClicked) == 0, xrefs: 00007FF6C524161A

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ~ImGuiInputFlags_SupportedByIsMouseClicked) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT
API String ID: 0-529116099
Opcode ID: 6ac5b04f134d016fa2dd19d78d708d863a87f6b13dc80325572ef840e2b00fb8
Instruction ID: 76c079cc283d906a52d8452b5bac6420dd1f0be7025b0bb4090feae9ceb6ff6c
Opcode Fuzzy Hash: 6ac5b04f134d016fa2dd19d78d708d863a87f6b13dc80325572ef840e2b00fb8
Instruction Fuzzy Hash: 4A31C622A0864692E7119F25DE402B873E0EF18F86F494231DEDC672A5DF2DFD56C700

Function 00007FF6C523FAF0 Relevance: 6.3, Strings: 5, Instructions: 56COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C523FB2E
Size > 0, xrefs: 00007FF6C523FB73, 00007FF6C523FB9B
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C523FB6C, 00007FF6C523FB94
(0) && "Calling EndDisabled() too many times!", xrefs: 00007FF6C523FB35
Calling EndDisabled() too many times!, xrefs: 00007FF6C523FB14

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (0) && "Calling EndDisabled() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Calling EndDisabled() too many times!$Size > 0
API String ID: 0-2021065837
Opcode ID: 0ba39c31abb4fd9f882d6348fed1e6ea5fa6312ced22e5fd7e06c1d815f31941
Instruction ID: 922d9b8283d5453602235b44f596ec1e928880866de2b7274988b5f56eee7a46
Opcode Fuzzy Hash: 0ba39c31abb4fd9f882d6348fed1e6ea5fa6312ced22e5fd7e06c1d815f31941
Instruction Fuzzy Hash: 6B217172A1868293EB20DF15ED504F823A5FB48F86F494036EE8C8725ADF2CE841C750

Function 000001AE908E1510 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001AE908E1704

Part of subcall function 000001AE908B5240: char_traits.LIBCPMTD ref: 000001AE908B5261

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001AE908E1761

Part of subcall function 000001AE908EA290: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001AE908EA2B2

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: ec30224dc15fbc8032a18291e9deb5e54881b33702301bb23d23c2ac266fbc41
Instruction ID: 2cec2d0915a89ea6b778b30759285c50800b63ec7f88222fddf1b6435404597e
Opcode Fuzzy Hash: ec30224dc15fbc8032a18291e9deb5e54881b33702301bb23d23c2ac266fbc41
Instruction Fuzzy Hash: EDC1AA70619B888FE7B4EB18C495BDBB7E1FBA9314F40491E908DC3651DB34A484CB43

Function 00007FF6C5240268 Relevance: 6.3, Strings: 5, Instructions: 48COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52402A8
Size > 0, xrefs: 00007FF6C52402D1, 00007FF6C5240300
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C52402CA, 00007FF6C52402F9
(0) && "Calling PopFocusScope() too many times!", xrefs: 00007FF6C52402AF
Calling PopFocusScope() too many times!, xrefs: 00007FF6C524028E

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopFocusScope() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Calling PopFocusScope() too many times!$Size > 0
API String ID: 0-83603731
Opcode ID: 3bac647e1c0a413c1a6408ab7fcab4488d22e711686f1e4bd7cc35bbb2208e5c
Instruction ID: 9af835ec6e4c02a51ee1cf470baee76c4d576c99d4717f5d88082d1c7bc6a794
Opcode Fuzzy Hash: 3bac647e1c0a413c1a6408ab7fcab4488d22e711686f1e4bd7cc35bbb2208e5c
Instruction Fuzzy Hash: 29216F32B18A8392EB18DF25DE804BC6BA1FB44B81F844035DADC8B296DF6CED55C700

Function 00007FF6C5243860 Relevance: 6.3, Strings: 5, Instructions: 44COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C524389F, 00007FF6C52438D0
Missing EndChild(), xrefs: 00007FF6C5243889
(0) && "Missing End()", xrefs: 00007FF6C52438D7, 00007FF6C52438DE
(0) && "Missing EndChild()", xrefs: 00007FF6C52438A6
Missing End(), xrefs: 00007FF6C52438BA

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (0) && "Missing End()"$(0) && "Missing EndChild()"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Missing End()$Missing EndChild()
API String ID: 0-4077693712
Opcode ID: 2f3e7e55cd7451d71e7baa3dedad7e84c7d5a77b85c836537ed7f22e8e804f72
Instruction ID: 78133aa2f9c0dd486e5264bd41043abd8bc84dd6a8a868c6a0897c02aaad5f35
Opcode Fuzzy Hash: 2f3e7e55cd7451d71e7baa3dedad7e84c7d5a77b85c836537ed7f22e8e804f72
Instruction Fuzzy Hash: E0116A22A1C51391FA10EF51EE410B863E0AF64F82F904432E9CD87196DF2DED89C701

Function 00007FF6C52426A8 Relevance: 6.3, Strings: 5, Instructions: 20COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52426E0
Pen, xrefs: 00007FF6C52426C9
((int)(sizeof(mouse_source_names) / sizeof(*(mouse_source_names)))) == ImGuiMouseSource_COUNT && source >= 0 && source < ImGuiMous, xrefs: 00007FF6C52426E7
TouchScreen, xrefs: 00007FF6C52426BD
Mouse, xrefs: 00007FF6C52426AE

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ((int)(sizeof(mouse_source_names) / sizeof(*(mouse_source_names)))) == ImGuiMouseSource_COUNT && source >= 0 && source < ImGuiMous$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Mouse$Pen$TouchScreen
API String ID: 0-658767308
Opcode ID: 7ed72fad48149632101c84ada9bfa71be99aeeb2a9221209185508bef7c83f6a
Instruction ID: 89db2ff822d04a8378bf1a9a59dacf31f23a1f64f1e2f578ae34a46e44787c1a
Opcode Fuzzy Hash: 7ed72fad48149632101c84ada9bfa71be99aeeb2a9221209185508bef7c83f6a
Instruction Fuzzy Hash: 2FF0A962A18B4680EB10DF40FD804A9A3E4FB08B92F800132DDCC83324EF3CEA60C701

Function 000001AE908E2660 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001AE908E2683
std::make_error_code.LIBCPMTD ref: 000001AE908E269C

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908E26DB

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 1197b50259cd651c9b6da576e883620b1d42da3b8eb02a60d5fb3576ea9858b0
Instruction ID: da2ee450616af8a3de0e029cf9a0f19f9e5304bef000f22e4cf3a9e09e390398
Opcode Fuzzy Hash: 1197b50259cd651c9b6da576e883620b1d42da3b8eb02a60d5fb3576ea9858b0
Instruction Fuzzy Hash: A5B1A930319B848FD6B5EB28C455BDBBBE1FBD9314F804959E48EC7692DA309845CB43

Function 000001AE908AC0C0 Relevance: 6.3, APIs: 4, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff8cae9e5e31fc2d3f093a035b7e1b66494f063e1d3bcbc0dba5857b41c99fa
Instruction ID: 4258acc7909ed1b65438ad0c51c64cea797b4cdbabef2ecf8065f5ae1ac77c00
Opcode Fuzzy Hash: 4ff8cae9e5e31fc2d3f093a035b7e1b66494f063e1d3bcbc0dba5857b41c99fa
Instruction Fuzzy Hash: B091E130218B488FDBA4EF18C095F9AB7E5FBE9314F90495DE04EC7662DA70E945CB42

Function 000001AE908DDE50 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001AE908DDE8D

Part of subcall function 000001AE90888FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001AE90888FFE

std::make_error_code.LIBCPMTD ref: 000001AE908DDEDC

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 316640ba4620b1868b043f14b8bbfe2bdf537fee0c99a8942832639a75162651
Instruction ID: b8a35449b5fc5f936bd6f8a101da65d31bd360d0d4ed9e244ec1ea38856d2113
Opcode Fuzzy Hash: 316640ba4620b1868b043f14b8bbfe2bdf537fee0c99a8942832639a75162651
Instruction Fuzzy Hash: 58812330319B848BE3B5EB18C451BEFBBE1FB95314F90492DE08AC79A1DA749845C743

Function 000001AE908EB440 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908EB4DB
type_info::_name_internal_method.LIBCMTD ref: 000001AE908EB602

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 311635369dba7a2c4c55ab289ad81b385d07f4bf4434da9164d88dc3e7919d85
Instruction ID: 7726e3c3f4ed754bd54023cb31fd0645350884671bbae5cabfa8f7acabc20d42
Opcode Fuzzy Hash: 311635369dba7a2c4c55ab289ad81b385d07f4bf4434da9164d88dc3e7919d85
Instruction Fuzzy Hash: F771A73035DB488BE6B5EB28C495BEBBBE5FB99314FC00919E48DC36A1DA74D8418743

Function 000001AE908EB7B0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908EB84B
type_info::_name_internal_method.LIBCMTD ref: 000001AE908EB972

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 376f370d1ce6c6e5a538bf90c30fa90ed811b227eefe87f28aee0aebd5c382d5
Instruction ID: 1903db529cec4bce95ef14d7d2ec06050717306813b12bca80301d858cf40bb5
Opcode Fuzzy Hash: 376f370d1ce6c6e5a538bf90c30fa90ed811b227eefe87f28aee0aebd5c382d5
Instruction Fuzzy Hash: AE71EA30319B889FE6B1FB18C495BEBBBE5FB99314F804819E089C3692DE34D9458743

Function 000001AE908A58A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001AE908A593A
fpos.LIBCPMTD ref: 000001AE908A5A03
fpos.LIBCPMTD ref: 000001AE908A5A52
fpos.LIBCPMTD ref: 000001AE908A5AEF

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 3ddead0fb258ff1e267deb5699af4adb0322be805e248e2aac325a3832c2bf49
Instruction ID: c8b95b4f59fae0e1ee8250743641aaf48e07e8ecaaa03b833162eff465b66cef
Opcode Fuzzy Hash: 3ddead0fb258ff1e267deb5699af4adb0322be805e248e2aac325a3832c2bf49
Instruction Fuzzy Hash: 3681FA3071CB589FE7A4DB28C495B6BBBE0FB99355F94491DE499C3AA0C674D880CB03

Function 000001AE90888290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE9087A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087A18D

type_info::_name_internal_method.LIBCMTD ref: 000001AE908883B2
type_info::_name_internal_method.LIBCMTD ref: 000001AE908883CD
type_info::_name_internal_method.LIBCMTD ref: 000001AE9088840F
type_info::_name_internal_method.LIBCMTD ref: 000001AE9088842A

Part of subcall function 000001AE9087A110: char_traits.LIBCPMTD ref: 000001AE9087A13D

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
String ID:
API String ID: 1744367693-0
Opcode ID: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction ID: 450fe785d0bf7487c17e812ae0cf9db120233009d19f36644859d782346d0e36
Opcode Fuzzy Hash: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction Fuzzy Hash: 23512E31219B848BE3B1EB14C445BEBBBE1FB99318F804A1DE489C76A1DB74D945CB43

Function 000001AE908AC3B0 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 000001AE908AC484
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001AE908AC494
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001AE908AC4A5

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
String ID:
API String ID: 714649587-0
Opcode ID: 5488cc04d8f2d7fbd2759ee350adb1f9c5fb344bf4786a2901479604c81c8665
Instruction ID: df28c2d94f7af5eeb1a833ba6727d2bf90db3e2e2786934b6363be7c5c126db1
Opcode Fuzzy Hash: 5488cc04d8f2d7fbd2759ee350adb1f9c5fb344bf4786a2901479604c81c8665
Instruction Fuzzy Hash: E041EF30219F489FEBA4EB18C455BABBBE1FB99354F90091DF089C7661CA34D841CB47

Function 000001AE9094E6E0 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE9094E8E0: _Byte_length.LIBCPMTD ref: 000001AE9094E94E

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE9094E765
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE9094E78E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE9094E7C5
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE9094E7EE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: 81c2d3f1868dcef153101e2a0f55093425f05ac4cd24b82f06e7e43b528eae26
Instruction ID: 84e74ed19bc580364734dda8cc056d5ef687806754052b54ebcfda00cd10a641
Opcode Fuzzy Hash: 81c2d3f1868dcef153101e2a0f55093425f05ac4cd24b82f06e7e43b528eae26
Instruction Fuzzy Hash: 5541F130219B488FE765FB18C455BEBBBE0FB99355F90491EE089C3261DE709984CB43

Function 000001AE908BB2D0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908BB2FB

Part of subcall function 000001AE908C7840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908C7858

type_info::_name_internal_method.LIBCMTD ref: 000001AE908BB31A
type_info::_name_internal_method.LIBCMTD ref: 000001AE908BB339
type_info::_name_internal_method.LIBCMTD ref: 000001AE908BB358

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: 0a51eeaaff9b58f3aa0dfab8ad7309c5034b38425634bbb1971ce118e5c0cabe
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: EB11DE30719B844FD7A4EF28C44579BBBE1FBD9344F90496DE189C3661DA30D8818B47

Function 000001AE908CF200 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908CF22B

Part of subcall function 000001AE908C7840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908C7858

type_info::_name_internal_method.LIBCMTD ref: 000001AE908CF24A
type_info::_name_internal_method.LIBCMTD ref: 000001AE908CF269
type_info::_name_internal_method.LIBCMTD ref: 000001AE908CF288

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: ad1c24e83c34d01b517af29e86ef4e6906174557882255207294e51c89041c70
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 0E11DB30719B888FE7A4EF28C44579BBBE1FBD9354F90495DE189C3661DA30D8818B43

Function 000001AE908FD600 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001AE908FD62B

Part of subcall function 000001AE908C7840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908C7858

type_info::_name_internal_method.LIBCMTD ref: 000001AE908FD64A

Part of subcall function 000001AE908F0ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001AE908F0EE8

type_info::_name_internal_method.LIBCMTD ref: 000001AE908FD669
type_info::_name_internal_method.LIBCMTD ref: 000001AE908FD688

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: 5e1beb6cf8e92567b2ad992dbf58659f9610ff27a0d7443e113028a27d09c62b
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: C611EA30719B888FE7A4EB28C48579BBBE1FBD9344F90495DE189C3661DA30D8818B43

Function 000001AE908B3550 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 000001AE908B3563
_Func_class.LIBCONCRTD ref: 000001AE908B35BD

Part of subcall function 000001AE908A99D0: _Func_class.LIBCONCRTD ref: 000001AE908A99DE
Part of subcall function 000001AE908A99D0: _Func_class.LIBCONCRTD ref: 000001AE908A9A3C

_Func_class.LIBCONCRTD ref: 000001AE908B35E1
_Func_class.LIBCONCRTD ref: 000001AE908B35ED

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: 5154047b2d9e8737bfd31cddfe93da41acea6d1fd08d6477c11fd092522253b0
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: 8311F130319B489FD694FB1CC4557AB7BE1FB9A359F800919F489C3AB2DA21DC418703

Function 000001AE908CF060 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908CF0AA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908CF0BE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: 2357c892a39fdd409074a41cdb744f11d5af9f54764f62e83d68ae321b3d9e0f
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: ED010C30335B598BE3E4DB29C4657AA69E2F785718FD40918E04AD2AD2CBB589408703

Function 000001AE908CF100 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908CF14A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908CF15E

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 217d7e035c3b57543a290b345b0f52b72dca87ae9c7c2ebe1b8578b690d27daf
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: 2801DE70335B598EE3E5EB29C4557ABB9E2F785318FD40819F446D2A92C7B5C4448703

Function 000001AE90873D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 000001AE90875360: _WChar_traits.LIBCPMTD ref: 000001AE9087538D

Part of subcall function 000001AE90874740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087476C
Part of subcall function 000001AE90874740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE9087477E
Part of subcall function 000001AE90874740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001AE908747BB

Part of subcall function 000001AE90874850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE908748B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001AE9087412A

Strings

, xrefs: 000001AE908741B1
X, xrefs: 000001AE90873EE3

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: a757dbef87dfb30b01267c4a16f99c6c95e5acd87679aa1afa54b60f120e79d0
Instruction ID: aca28541a01dd23a20c2841388443a513f523283549cc09b8b671fab374bd8ef
Opcode Fuzzy Hash: a757dbef87dfb30b01267c4a16f99c6c95e5acd87679aa1afa54b60f120e79d0
Instruction Fuzzy Hash: DDD1B770618B888FD7B5EB28C4997DBB7E1FB99305F50492EA48DC3261DB7098858B43

Function 000001AE908D5700 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 000001AE908D57D6
", xrefs: 000001AE908D58EE

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: cc595092e32016d91173b12e2c9e65e9e8196bad8f99b68bd600d2a6a17a99da
Instruction ID: 6f8a7692f3567310b873fe70ec3839bb3ad118bbcece29a30e45feb43433f76d
Opcode Fuzzy Hash: cc595092e32016d91173b12e2c9e65e9e8196bad8f99b68bd600d2a6a17a99da
Instruction Fuzzy Hash: 29710C3121DB489AD7A5EB14C491FDBBBE1FB95358F900A19F08AC35A1DA30D545CB83

Function 000001AE90894B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001AE90894CEA

Part of subcall function 000001AE908901A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 000001AE908901BD

Strings

@, xrefs: 000001AE90894BED
@, xrefs: 000001AE90894B66

Memory Dump Source

Source File: 00000000.00000002.4572287951.000001AE90870000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001AE90870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ae90870000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction ID: c75f9d6ea0494835531a7bcf9ec75d39d2defa4e5cd4f6f5331bacf3a2f9ab2b
Opcode Fuzzy Hash: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction Fuzzy Hash: C551C47070A7448FE7B4EB18C444B9BBBE0FB9A328F50192DE19AC3690D771D8448B47

Function 00007FF6C523BDCC Relevance: 5.3, Strings: 4, Instructions: 325COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C523BE36
window->BeginCount == 0, xrefs: 00007FF6C523BE3D
0, xrefs: 00007FF6C523C117
@, xrefs: 00007FF6C523BF3A

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: 0$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$window->BeginCount == 0
API String ID: 0-2946187744
Opcode ID: 1d7827395ea8721bbda602f1833b2588fb8edf06f151e72642a14fb106519346
Instruction ID: 292f5087d59d0ebdfd0065f4ccf7b4a2600771885df46f886efba3f73820a6c1
Opcode Fuzzy Hash: 1d7827395ea8721bbda602f1833b2588fb8edf06f151e72642a14fb106519346
Instruction Fuzzy Hash: 43F1A233A147899AE312CF3689412B873A0FF6D749F189721EB8877565DF28B4A5D700

Function 00007FF6C5241F20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6C5241F90

Strings

[io] LockWheelingWindow() "%s", xrefs: 00007FF6C5241F89
NULL, xrefs: 00007FF6C5241F82

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID: _scwprintf
String ID: NULL$[io] LockWheelingWindow() "%s"
API String ID: 1992661772-295439587
Opcode ID: 051b7d7d38f4266eb834796a9d71d5fb61b8e7feb5e2861d5f8bd27085a4489f
Instruction ID: 6aa62cd312bf96f8679060e4c1ac98e786f7d3e46caf66986897b96fbce5ed92
Opcode Fuzzy Hash: 051b7d7d38f4266eb834796a9d71d5fb61b8e7feb5e2861d5f8bd27085a4489f
Instruction Fuzzy Hash: C311BF33808B8289E745CF35DE410B873A0EF44FD6F588331DA9C499AADF2CA9559710

Function 00007FF6C5245218 Relevance: 5.3, Strings: 4, Instructions: 255COMMON

Download Yara Rule

Strings

(flags & ImGuiScrollFlags_MaskX_) == 0 || ImIsPowerOfTwo(flags & ImGuiScrollFlags_MaskX_), xrefs: 00007FF6C52452DC
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52452D5, 00007FF6C52452FD
@, xrefs: 00007FF6C52453DB
(flags & ImGuiScrollFlags_MaskY_) == 0 || ImIsPowerOfTwo(flags & ImGuiScrollFlags_MaskY_), xrefs: 00007FF6C5245304

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ImGuiScrollFlags_MaskX_) == 0 || ImIsPowerOfTwo(flags & ImGuiScrollFlags_MaskX_)$(flags & ImGuiScrollFlags_MaskY_) == 0 || ImIsPowerOfTwo(flags & ImGuiScrollFlags_MaskY_)$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3261057084
Opcode ID: beac84565b3d882bff5005bfdd856a3c91e7363311a86f3e809b11f48e8ee3d7
Instruction ID: df8d4c85c47f9c776dd71ffa5d7f8c6b999c9eab68315d0b0d1537a041714f06
Opcode Fuzzy Hash: beac84565b3d882bff5005bfdd856a3c91e7363311a86f3e809b11f48e8ee3d7
Instruction Fuzzy Hash: F1C10932A0868945E366CF379E4137977E0AF59B86F18C732DEC9761A3DF2DB8448600

Function 00007FF6C5246708 Relevance: 5.2, Strings: 4, Instructions: 190COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C524675B, 00007FF6C52468AB, 00007FF6C5246A22
g.CurrentWindow == window, xrefs: 00007FF6C5246762, 00007FF6C52468B2
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5246789
i >= 0 && i < Size, xrefs: 00007FF6C5246790

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$g.CurrentWindow == window$i >= 0 && i < Size
API String ID: 0-2393873408
Opcode ID: 2de36e7a789fa2ae197e7c558f70d65ddaa0e7d5165f14f63ee75947ef41efc4
Instruction ID: e00ea3b7cfe8740bd17f477f88e895402a1392890fef78bb9459a3f7c470453a
Opcode Fuzzy Hash: 2de36e7a789fa2ae197e7c558f70d65ddaa0e7d5165f14f63ee75947ef41efc4
Instruction Fuzzy Hash: 80A1D233E24B8589E311CF769D811EC77A0FF29B49F189322EE48765A5DF28B495D700

Function 00007FF6C524DDE8 Relevance: 5.2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

Strings

width % c->align == 0, xrefs: 00007FF6C524DE51
C:\Users\55yar\Desktop\imgui-master\imstb_rectpack.h, xrefs: 00007FF6C524DE4A, 00007FF6C524DF97, 00007FF6C524DFD4
node->next->x > xpos && node->x <= xpos, xrefs: 00007FF6C524DFDB, 00007FF6C524DFE2
xpos >= 0, xrefs: 00007FF6C524DF9E

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_rectpack.h$node->next->x > xpos && node->x <= xpos$width % c->align == 0$xpos >= 0
API String ID: 0-595384423
Opcode ID: fa738ceecaf3c7f405f83189ba2d0569a214ef11d3b8fe70357e9956b6b1592f
Instruction ID: e6c54541a7819f718e55d47073e9455aca8ec0f1cd49055c81d14790133d332d
Opcode Fuzzy Hash: fa738ceecaf3c7f405f83189ba2d0569a214ef11d3b8fe70357e9956b6b1592f
Instruction Fuzzy Hash: 80816F32A186968AE760CF05ED4066DB7A4FB85F81F959036EACD83B45DF3CE845CB01

Function 00007FF6C5264C44 Relevance: 5.2, Strings: 4, Instructions: 160COMMON

Download Yara Rule

Strings

--------------------------------, xrefs: 00007FF6C5264EDB
thickness > 0.0f, xrefs: 00007FF6C5264CDE
ImIsPowerOfTwo(flags & (ImGuiSeparatorFlags_Horizontal | ImGuiSeparatorFlags_Vertical)), xrefs: 00007FF6C5264CBA
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C5264CB3, 00007FF6C5264CC1, 00007FF6C5264CD7

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: --------------------------------$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImIsPowerOfTwo(flags & (ImGuiSeparatorFlags_Horizontal | ImGuiSeparatorFlags_Vertical))$thickness > 0.0f
API String ID: 0-3029266753
Opcode ID: 056015420ddfba5b77a24d30f518b063df07b8e17a0173762de24fc04a551dc7
Instruction ID: 8bcf0a133f6b80df6d5e7e21848e7fad917a601600b336b86c9190a178b3140c
Opcode Fuzzy Hash: 056015420ddfba5b77a24d30f518b063df07b8e17a0173762de24fc04a551dc7
Instruction Fuzzy Hash: A181B032914B8699E311DF36CD417F873A0EF58B49F089332DE88A75A9DF2CA955C740

Function 00007FF6C5237D55 Relevance: 5.1, Strings: 4, Instructions: 146COMMON

Download Yara Rule

Strings

g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF6C5237F76
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5237F6F
i >= 0 && i < Size, xrefs: 00007FF6C52380F8, 00007FF6C5238129, 00007FF6C5238156
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF6C5237DDC

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.MovingWindow && g.MovingWindow->RootWindow$g.WindowsFocusOrder.Size <= g.Windows.Size$i >= 0 && i < Size
API String ID: 0-2393943600
Opcode ID: d3512b8435f56e1a83eadb3c3b092739c3daa8c9c6df2d79a571510386fde450
Instruction ID: 6d4aed62de4ac0d2dffddf5dc9f3375f83d32f122f5043600a5ac3f262de4ba9
Opcode Fuzzy Hash: d3512b8435f56e1a83eadb3c3b092739c3daa8c9c6df2d79a571510386fde450
Instruction Fuzzy Hash: 4E71D57290979285E711DF26DE884F833E8EF19F89F454635DE88A7291DF3CA985C700

Function 00007FF6C5238ADC Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5238C28
Size > 0, xrefs: 00007FF6C5238BDD, 00007FF6C5238C4E
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5238BD6, 00007FF6C5238C47
cmd.ElemCount == 6, xrefs: 00007FF6C5238C2F

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$cmd.ElemCount == 6
API String ID: 0-3084103157
Opcode ID: e7b02b8b23df37b2b582b32b3755a29cdd7cbb1096feef396f30b4b7d3f52f5d
Instruction ID: d3c2b4c4ddbebd6b1264fd4bf70cbbeb3b81c92737914f34d55154f79131d332
Opcode Fuzzy Hash: e7b02b8b23df37b2b582b32b3755a29cdd7cbb1096feef396f30b4b7d3f52f5d
Instruction Fuzzy Hash: 8151C522A08A8599E711DF3ADD412FC73B0EF59B49F449331EE89672A5DF3D9982C700

Function 00007FF6C5240DB8 Relevance: 5.1, Strings: 4, Instructions: 102COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C5240E3D
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5240E78, 00007FF6C5240EF0
IsNamedKey(key), xrefs: 00007FF6C5240E44
i >= 0 && i < Size, xrefs: 00007FF6C5240E7F, 00007FF6C5240EF7, 00007FF6C5240EFE

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKey(key)$i >= 0 && i < Size
API String ID: 0-438473942
Opcode ID: f5a7d4c54dc592e4be65cf79b06e27434043e39b273384db6e2ef9b04d653194
Instruction ID: 53bee0219b997e2c771441d79b5dc7b48fec7d9bf448c77b3e42873a3af46757
Opcode Fuzzy Hash: f5a7d4c54dc592e4be65cf79b06e27434043e39b273384db6e2ef9b04d653194
Instruction Fuzzy Hash: 2741C162B0874282EB20CF15ED402B9B3E0FB44F96F454136EADD8B295DF3CE9918700

Function 00007FF6C52662F8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C52663EA
pos <= text_len, xrefs: 00007FF6C5266340, 00007FF6C5266347
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C5266339
i >= 0 && i < Size, xrefs: 00007FF6C52663F1

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$i >= 0 && i < Size$pos <= text_len
API String ID: 0-3124524525
Opcode ID: 5448d5a0e1eaed0d77d7db8bfabfee1b78097fcc276c0b5147b7709dab554e9d
Instruction ID: 2869ee07e1a825740733bc79dad15789db286ec8ec5f261b3514767f486d6026
Opcode Fuzzy Hash: 5448d5a0e1eaed0d77d7db8bfabfee1b78097fcc276c0b5147b7709dab554e9d
Instruction Fuzzy Hash: E031D032A087459AEB18CF18EE8067C37A1EB84F85F464035DA8D87686DE3DE956C380

Function 00007FF6C524DCD8 Relevance: 5.1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

Strings

node->next->x > x0, xrefs: 00007FF6C524DD2D
C:\Users\55yar\Desktop\imgui-master\imstb_rectpack.h, xrefs: 00007FF6C524DCF7
first->x <= x0, xrefs: 00007FF6C524DD0F
node->x <= x0, xrefs: 00007FF6C524DD47

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_rectpack.h$first->x <= x0$node->next->x > x0$node->x <= x0
API String ID: 0-3287728067
Opcode ID: 3e2aa0d36b4f677bda0f919c3b81f3fb77a4a3f5157f934080dd6030bd42408c
Instruction ID: b207b14e006f66bac35457ed06b618d7588455655880e54083a5d573c18f4749
Opcode Fuzzy Hash: 3e2aa0d36b4f677bda0f919c3b81f3fb77a4a3f5157f934080dd6030bd42408c
Instruction Fuzzy Hash: 3331BA73B0864186E7058F25EE504ACB7A2F784F85B948436DA8997B49CF3CED42C700

Function 00007FF6C5245990 Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52459C3
id == 0, xrefs: 00007FF6C52459CA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5245A1F, 00007FF6C5245A6C
i >= 0 && i < Size, xrefs: 00007FF6C5245A26, 00007FF6C5245A73

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size$id == 0
API String ID: 0-2347856535
Opcode ID: a76b91edc5920c1a4d1179835aada3f1814c39fd5f669c44e644c824664f4791
Instruction ID: 02a1c6e3333dc276839e0f40289ca6b8770ecd6b4fe10fa6918547b91618fecd
Opcode Fuzzy Hash: a76b91edc5920c1a4d1179835aada3f1814c39fd5f669c44e644c824664f4791
Instruction Fuzzy Hash: 6A319232B086669AEB108F15EE811BD27E1FB50F85F850432D9CDDB696DF7CE8428780

Function 00007FF6C5240814 Relevance: 5.1, Strings: 4, Instructions: 52COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C524085F
IsNamedKeyOrMod(key) && "Support for user key indices was dropped in favor of ImGuiKey. Please update backend and user code.", xrefs: 00007FF6C5240866
None, xrefs: 00007FF6C5240820
Unknown, xrefs: 00007FF6C52408C3

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$IsNamedKeyOrMod(key) && "Support for user key indices was dropped in favor of ImGuiKey. Please update backend and user code."$None$Unknown
API String ID: 0-1584183111
Opcode ID: ddba9d61567339419736c9d5c9bb0da439c26a23ffb27ad2aed1d599ce5d8840
Instruction ID: 759715ad4a1403e61059fe415fa1000e3ab9703f5c1ef8e2e16dad0dbe24ec98
Opcode Fuzzy Hash: ddba9d61567339419736c9d5c9bb0da439c26a23ffb27ad2aed1d599ce5d8840
Instruction Fuzzy Hash: 38112261E1860685FBB49E58DFC83B9A2E0EF54B43FA40132D9CDCA1D1CF5DACC58685

Function 00007FF6C523F980 Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C523F9DD
Size > 0, xrefs: 00007FF6C523F9BD
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C523F9B6
item_flags == g.ItemFlagsStack.back(), xrefs: 00007FF6C523F9E4

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$item_flags == g.ItemFlagsStack.back()
API String ID: 0-212035668
Opcode ID: 0e1811e140982bc76816b997cefe861caa0d44fb9ec6b9e4170ea076d0a4d286
Instruction ID: fff5a0b7f448896b08f7c784b99ff6197838e230dc85ee9f20bc32fbab9a1ec7
Opcode Fuzzy Hash: 0e1811e140982bc76816b997cefe861caa0d44fb9ec6b9e4170ea076d0a4d286
Instruction Fuzzy Hash: 8C119036A08A4299E720DF15FDC04E96BA0FB84B91F954032EADD87659DF7CD982C700

Function 00007FF6C524628C Relevance: 5.0, Strings: 4, Instructions: 42COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52462B3, 00007FF6C52462D6, 00007FF6C524630F
g.BeginPopupStack.Size > 0, xrefs: 00007FF6C52462DD
window->Flags & ImGuiWindowFlags_Popup, xrefs: 00007FF6C52462BA
g.WithinEndChild == false, xrefs: 00007FF6C5246316

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.BeginPopupStack.Size > 0$g.WithinEndChild == false$window->Flags & ImGuiWindowFlags_Popup
API String ID: 0-3328704759
Opcode ID: 4e785a29dbf73dbc75b67254c43197d2adcdd556fcb6357811a417f6ae6cd42c
Instruction ID: 4038afcf7b321d1c78902dd53835ecfdfed8486dde46aafdc290ae2747241cb9
Opcode Fuzzy Hash: 4e785a29dbf73dbc75b67254c43197d2adcdd556fcb6357811a417f6ae6cd42c
Instruction Fuzzy Hash: 37116D22A1C5C295F711DF20DE447F827E0EB45F89F484035DA8C8B59ACF6CE996C351

Function 00007FF6C5261C80 Relevance: 5.0, Strings: 4, Instructions: 42COMMON

Download Yara Rule

Strings

column_index < columns->Columns.Size, xrefs: 00007FF6C5261CC4
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6C5261CBD, 00007FF6C5261CCB
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5261CE0
i >= 0 && i < Size, xrefs: 00007FF6C5261CE7

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column_index < columns->Columns.Size$i >= 0 && i < Size
API String ID: 0-513248126
Opcode ID: 53b073b383e3eb48859218d6df48c6a9732515d88b6c442d5f77945d8c8cf27a
Instruction ID: 9ee943fc352d0647ecb0409e0c04a609b8d43e10558912e685dcb696fb00e4aa
Opcode Fuzzy Hash: 53b073b383e3eb48859218d6df48c6a9732515d88b6c442d5f77945d8c8cf27a
Instruction Fuzzy Hash: F1116D72A04B4AA6EB058F56EE9146863A0FF18F82B549135CA8CD3691DF2CF8A4C741

Function 00007FF6C52416B0 Relevance: 5.0, Strings: 4, Instructions: 35COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6C52416FE, 00007FF6C524170C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6C52416D4
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF6C52416DB, 00007FF6C52416E2
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6C5241705

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT
API String ID: 0-3749727450
Opcode ID: 734c151f4ffd659cf0b7d81b5b9607eab6036bd4dce885f72e24bb514d83befc
Instruction ID: 0d8bebc901e12490191cba798254d1daaaa5b6369060d48e968a8efa9897b4b3
Opcode Fuzzy Hash: 734c151f4ffd659cf0b7d81b5b9607eab6036bd4dce885f72e24bb514d83befc
Instruction Fuzzy Hash: F201A276F1868251E714CF51FE804BA33A0AB55BC2F895035EADC8B25AEF2CE956D700

Function 00007FF6C5265E10 Relevance: 5.0, Strings: 4, Instructions: 28COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C5265E4E
idx <= obj->TextLen, xrefs: 00007FF6C5265E32
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6C5265E2B
i >= 0 && i < Size, xrefs: 00007FF6C5265E55

Memory Dump Source

Source File: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$i >= 0 && i < Size$idx <= obj->TextLen
API String ID: 0-1683705317
Opcode ID: 0cc74d409ecbe44cab503f128e707ae0c307b5d3402c5efb2f910a15e5c02f64
Instruction ID: 6e968770dd0d20071df1e1b3ee61971f93dd83392094e10997eb57ce828f5b6a
Opcode Fuzzy Hash: 0cc74d409ecbe44cab503f128e707ae0c307b5d3402c5efb2f910a15e5c02f64
Instruction Fuzzy Hash: D0F0A43271874696EA24DF45EEC04B427A0FB08F85F948035DACC87666DE2CE952CB40

Function 00007FF6C55A960C Relevance: 5.0, Strings: 4, Instructions: 8COMMON

Download Yara Rule

Strings

j, xrefs: 00007FF6C55A965B
4, xrefs: 00007FF6C55A9668
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6C55A961D
i >= 0 && i < Size, xrefs: 00007FF6C55A960C

Memory Dump Source

Source File: 00000000.00000002.4576485821.00007FF6C5574000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6C5230000, based on PE: true

Associated: 00000000.00000002.4576119759.00007FF6C5230000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576145448.00007FF6C5231000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576195242.00007FF6C527D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576225983.00007FF6C5535000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576340562.00007FF6C5537000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576367443.00007FF6C553A000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576411564.00007FF6C556E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576436548.00007FF6C5570000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576461962.00007FF6C5571000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576573679.00007FF6C5664000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576598516.00007FF6C5665000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4576663787.00007FF6C5702000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6c5230000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: 4$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size$j
API String ID: 0-3831609794
Opcode ID: 4a3a4c8a0bf09d975208b8da74c92a94f32b0736f94d30c8713d09a6c04f6fa8
Instruction ID: 4c93bce338ade39b0bf2f73891dc6912f0655182905fd2eb8449cac834708871
Opcode Fuzzy Hash: 4a3a4c8a0bf09d975208b8da74c92a94f32b0736f94d30c8713d09a6c04f6fa8
Instruction Fuzzy Hash: 65C08CA600AC20A8C820AB04C8A04A83A70AF88F8CB644110AD49C6AAB5D6AD51492D4

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LinxOptimizer.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
LinxOptimizer.exe

Function 000001AE9089F46A Relevance: 9.6, APIs: 6, Instructions: 647
fileCOMMON

Function 000001AE9097CCC0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Function 000001AE909378E0 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Function 000001AE90876FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 000001AE909588A0 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Function 000001AE90874740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Function 000001AE90958EC0 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Function 000001AE90958E20 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Function 000001AE90958D40 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Function 000001AE90999E2C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE