Edit tour

Windows Analysis Report
LinxOptimizer.exe

Overview

General Information

Sample name:	LinxOptimizer.exe
Analysis ID:	1584527
MD5:	992bf6285fd2204edc5a6453520376dd
SHA1:	df7dfbd46edb4c5f44ca6e25dafe946d1d6e45d6
SHA256:	87e3d357c350b9031a8896439989367446d41535f9e5ea16825860705229d2e6
Tags:	exeuser-aachum
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contain functionality to detect virtual machines

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Potential thread-based time evasion detected

Query firmware table information (likely to detect VMs)

Tries to detect debuggers (CloseHandle check)

Tries to evade analysis by execution special instruction (VM detection)

Tries to harvest and steal browser information (history, passwords, etc)

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

LinxOptimizer.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\LinxOptimizer.exe" MD5: 992BF6285FD2204EDC5A6453520376DD)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: LinxOptimizer.exe PID: 7516	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.LinxOptimizer.exe.16fe52581d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T19:08:01.158717+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49730	172.67.75.163	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: LinxOptimizer.exe	Virustotal: Detection: 50%			Perma Link
Source: LinxOptimizer.exe	ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: LinxOptimizer.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_0000016FE51D78E0 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_0000016FE51D78E0

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: LinxOptimizer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_0000016FE513F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,Concurrency::details::WorkQueue::IsStructuredEmpty,

0_2_0000016FE513F46A

Source: Joe Sandbox View

IP Address: 172.67.75.163 172.67.75.163

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 172.67.75.163:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: LinxOptimizer.exe, 00000000.00000003.1730459881.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/#g
Source: LinxOptimizer.exe, 00000000.00000003.1748856453.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1761666268.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1860031213.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4106714954.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1744239211.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1805455640.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1850773627.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1830920524.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1802336194.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1744082971.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778158100.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1797400578.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1754571503.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1815391910.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1720986231.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1788160660.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725225680.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1773541687.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1751955307.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1730459881.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/A
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE6F6B000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE6F6B000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/epezent/implot
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/epezent/implotWidgets/Progress
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/releases
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/wiki
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imgui/wiki/Funding
Source: LinxOptimizer.exe	String found in binary or memory: https://github.com/ocornut/imguiHomepagehttps://github.com/ocornut/imgui/blob/master/docs/FAQ.mdFAQh
Source: LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714976491.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.microso
Source: LinxOptimizer.exe, 00000000.00000002.4108471202.0000016FE717A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE7147000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714976491.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4108424383.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714100510.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7122000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1844355928.0000016FE7155000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: LinxOptimizer.exe, 00000000.00000002.4108471202.0000016FE717A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE7147000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4108424383.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7122000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1844355928.0000016FE7155000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17er_id)gment_id)
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: LinxOptimizer.exe	String found in binary or memory: https://www.dearimgui.com/faq/
Source: LinxOptimizer.exe	String found in binary or memory: https://www.dearimgui.com/faq/Set
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: LinxOptimizer.exe

Static PE information: section name: .D(D

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_00007FF793A18803 NtSetInformationThread,

0_2_00007FF793A18803

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793504460	0_2_00007FF793504460
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79356A280	0_2_00007FF79356A280
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79350D310	0_2_00007FF79350D310
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793518767	0_2_00007FF793518767
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79355E740	0_2_00007FF79355E740
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79353F750	0_2_00007FF79353F750
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79351879A	0_2_00007FF79351879A
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79350D6D0	0_2_00007FF79350D6D0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF7935676A0	0_2_00007FF7935676A0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF7935525C0	0_2_00007FF7935525C0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79351FAD0	0_2_00007FF79351FAD0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793518971	0_2_00007FF793518971
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793517092	0_2_00007FF793517092
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79355C070	0_2_00007FF79355C070
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79355CF50	0_2_00007FF79355CF50
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79351EFC0	0_2_00007FF79351EFC0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79350EFD0	0_2_00007FF79350EFD0
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793517EFE	0_2_00007FF793517EFE
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79356AD40	0_2_00007FF79356AD40
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF793508DD2	0_2_00007FF793508DD2
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE512BA30	0_2_0000016FE512BA30
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5201170	0_2_0000016FE5201170
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5281F06	0_2_0000016FE5281F06
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5281F16	0_2_0000016FE5281F16
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE528CAD2	0_2_0000016FE528CAD2
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5303144	0_2_0000016FE5303144
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5284EE1	0_2_0000016FE5284EE1

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: String function: 00007FF793522470 appears 32 times

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: 0_2_0000016FE521CCC0 CreateToolhelp32Snapshot,Process32NextW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Process32NextW,

0_2_0000016FE521CCC0

Source: C:\Users\user\Desktop\LinxOptimizer.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OFFK2Q5A.htm

Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LinxOptimizer.exe, 00000000.00000003.1720515811.0000016FE7041000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: LinxOptimizer.exe	Virustotal: Detection: 50%
Source: LinxOptimizer.exe	ReversingLabs: Detection: 44%

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: LinxOptimizer.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: LinxOptimizer.exe

Static file information: File size 5363200 > 1048576

Source: LinxOptimizer.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x2a5000
Source: LinxOptimizer.exe	Static PE information: Raw size of .D(D is bigger than: 0x100000 < 0x115000

Source: LinxOptimizer.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: initial sample

Static PE information: section where entry point is pointing to: .1bG

Source: LinxOptimizer.exe	Static PE information: section name: .D(D
Source: LinxOptimizer.exe	Static PE information: section name: .K19
Source: LinxOptimizer.exe	Static PE information: section name: .1bG

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_00007FF79390356A push rsi; ret	0_2_00007FF7939035CD
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5154B10 push es; ret	0_2_0000016FE5154B1F
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE513CE9C push eax; retn 0001h	0_2_0000016FE513CE9D
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE5286327 pushad ; retf 001Ah	0_2_0000016FE5286333
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE528BCA4 push eax; retf	0_2_0000016FE528BCA9
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE52885FC push esp; retf	0_2_0000016FE5288601
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE528AB9E push es; retf	0_2_0000016FE528ABA5
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Code function: 0_2_0000016FE528ABEE push ds; iretd	0_2_0000016FE528ABF3

Source: LinxOptimizer.exe	Static PE information: section name: .D(D entropy: 7.535309321645379
Source: LinxOptimizer.exe	Static PE information: section name: .1bG entropy: 7.831326650494288

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Memory written: PID: 7516 base: 7FFE2237000D value: E9 BB CB EC FF			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Memory written: PID: 7516 base: 7FFE2223CBC0 value: E9 5A 34 13 00			Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Malware Analysis System Evasion

Contain functionality to detect virtual machines

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Code function: \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN

0_2_00007FF7935738F5

Potential thread-based time evasion detected

Source: Initial file

Signature Results: Thread-based counter

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\LinxOptimizer.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Special instruction interceptor: First address: 7FF793A11D4F instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Special instruction interceptor: First address: 7FF793A11D9B instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\Desktop\LinxOptimizer.exe

File opened / queried: VBoxMiniRdrDN

Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Window / User API: threadDelayed 5626			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Window / User API: foregroundWindowGot 1633			Jump to behavior

Source: C:\Users\user\Desktop\LinxOptimizer.exe

0_2_0000016FE513F46A

Source: LinxOptimizer.exe, 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware ToolsNOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/LoadLibraryA
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: LinxOptimizer.exe, 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: Kernel32.dllKernel32.dll\\.\VBoxMiniRdrDN
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: LinxOptimizer.exe, 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: LinxOptimizer.exe, LinxOptimizer.exe, 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: \\.\VBoxMiniRdrDN
Source: LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4106714954.0000016FE5048000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: LinxOptimizer.exe, 00000000.00000002.4106714954.0000016FE5087000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWG
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect debuggers (CloseHandle check)

Source: C:\Users\user\Desktop\LinxOptimizer.exe

Handle closed: DEADC0DE

Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtSetInformationThread: Direct from: 0x7FF7939EDA8A	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF7939B374F	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQueryInformationProcess: Direct from: 0x7FF793996138	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF79399073D	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF7939A7403	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF7939BBE29	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtSetInformationProcess: Direct from: 0x7FF7939A8532	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQueryInformationProcess: Direct from: 0x7FF7939AAB52	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF79399D508	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF7939D3789	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtProtectVirtualMemory: Direct from: 0x7FF793986E09	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQuerySystemInformation: Direct from: 0x7FF79398D3EE	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	NtQueryInformationProcess: Direct from: 0x7FF7939E350B	Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: LinxOptimizer.exe	String found in binary or memory: Electrum-LTC
Source: LinxOptimizer.exe	String found in binary or memory: ElectronCash
Source: LinxOptimizer.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: LinxOptimizer.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: LinxOptimizer.exe	String found in binary or memory: \Ethereum\keystore
Source: LinxOptimizer.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: LinxOptimizer.exe	String found in binary or memory: \Ethereum\keystore
Source: LinxOptimizer.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: LinxOptimizer.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\LinxOptimizer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Source: Yara match	File source: 0.2.LinxOptimizer.exe.16fe52581d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LinxOptimizer.exe PID: 7516, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Credential API Hooking	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	32 Virtualization/Sandbox Evasion	1 Credential API Hooking	621 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	32 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Abuse Elevation Control Mechanism	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	21 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LinxOptimizer.exe	50%	Virustotal		Browse
LinxOptimizer.exe	45%	ReversingLabs	Win64.Trojan.Generic
LinxOptimizer.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://support.microso	0%	Avira URL Cloud	safe
https://www.dearimgui.com/faq/Set	0%	Avira URL Cloud	safe
https://www.dearimgui.com/faq/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	172.67.75.163	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://https://https/:://websocketpp.processorGeneric	LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.microso	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714976491.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/ocornut/imguiHomepagehttps://github.com/ocornut/imgui/blob/master/docs/FAQ.mdFAQh	LinxOptimizer.exe	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui	LinxOptimizer.exe	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/epezent/implot	LinxOptimizer.exe	false		high
https://github.com/epezent/implotWidgets/Progress	LinxOptimizer.exe	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17er_id)gment_id)	LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/releases	LinxOptimizer.exe	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE6F6B000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	LinxOptimizer.exe, 00000000.00000002.4108471202.0000016FE717A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE7147000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714976491.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7045000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4108424383.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1719689435.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1739983401.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714100510.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE7026000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/Russia	LinxOptimizer.exe, 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	LinxOptimizer.exe	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	LinxOptimizer.exe, 00000000.00000002.4108471202.0000016FE717A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE7147000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4108424383.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/wiki/Funding	LinxOptimizer.exe	false		high
https://github.com/ocornut/imgui/wiki	LinxOptimizer.exe	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	LinxOptimizer.exe	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7122000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1844355928.0000016FE7155000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705819387.0000016FE6F6B000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/#g	LinxOptimizer.exe, 00000000.00000003.1720391567.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107390768.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1724639132.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1704588293.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1714860462.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725395995.0000016FE5571000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7122000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1844355928.0000016FE7155000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.dearimgui.com/faq/Set	LinxOptimizer.exe	false	Avira URL Cloud: safe	unknown
https://api.myip.com/A	LinxOptimizer.exe, 00000000.00000003.1748856453.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1761666268.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1860031213.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4106714954.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1744239211.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1805455640.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1850773627.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1830920524.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1802336194.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1744082971.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1778158100.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1797400578.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1754571503.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1815391910.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1720986231.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1788160660.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1725225680.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1773541687.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1751955307.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1730459881.0000016FE50EE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.dearimgui.com/faq/	LinxOptimizer.exe	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	LinxOptimizer.exe, 00000000.00000003.1778210256.0000016FE6FAC000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE7117000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000002.4107687544.0000016FE706A000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70B6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md	LinxOptimizer.exe	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	LinxOptimizer.exe, 00000000.00000003.1704691405.0000016FE709C000.00000004.00000020.00020000.00000000.sdmp, LinxOptimizer.exe, 00000000.00000003.1705119144.0000016FE70A0000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.75.163	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584527
Start date and time:	2025-01-05 19:07:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LinxOptimizer.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:08:35	API Interceptor	18235652x Sleep call for process: LinxOptimizer.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.75.163	http://keynstrings.com/qdop/shriejeapd-xtre-czoyj-wux-182-n-ql72-dn6/?c=fg228vRhwgeAXmTlARVFPNkYQLEru1SQGolYq6DI2QO81BQyaFaUvmsyEbo4THF&dx6ywq7xi--6pmvnh36bm-q6ly=LedZebpban&f5W%2bAIcMkGZ9Lp3h7Da%2bJcuQl1mIISCF0%2bsnvlLl1C7JZwlOpPadnHGgzJCg9kkRnhKcM0BjIT2Bh9Pj1vF476j%3d%1d&url=htths%2a%0v%0wfr-tr.fazeboak.bon%2fUrbanZoccer%7c	Get hash	malicious	GRQ Scam	Browse	trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=ee27fca9-b066-4ae9-9cbc-def0df49be21&aff_sub5=cm3l19374

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	LinxOptimizer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	LightSpoofer.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Script.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	104.21.80.1
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.64.1
	Set-up.exe	Get hash	malicious	LummaC	Browse	172.67.208.58
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	188.114.96.3
	'Set-up.exe	Get hash	malicious	LummaC	Browse	172.67.178.174
	setup.exe	Get hash	malicious	LummaC	Browse	172.67.163.221
	'Set-up.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.32.1
	Set-up.exe	Get hash	malicious	LummaC	Browse	104.21.21.63
	SET_UP.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	setup.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	drop1.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.75.163
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	K27Yg4V48M.exe	Get hash	malicious	LummaC	Browse	172.67.75.163
	IH5XqCdf06.exe	Get hash	malicious	LummaC	Browse	172.67.75.163
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse	172.67.75.163
	c2.hta	Get hash	malicious	Remcos	Browse	172.67.75.163
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.75.163
	J18zxRjOes.exe	Get hash	malicious	LummaC	Browse	172.67.75.163

Process:	C:\Users\user\Desktop\LinxOptimizer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.406851198109578
Encrypted:	false
SSDEEP:	3:YMb1gXME2OMfQxaNmGGL4:YMeX32uxaNmRL4
MD5:	720F698997A1D19594ED650E32E02974
SHA1:	A4F89E711434820EAA2250F0421904468ED9D13F
SHA-256:	0949A3EF0FE90F28780ADDE31202E2DC9C5FA57123355DF9C9FAA89A6EECCC04
SHA-512:	32D94C8297E64041F851F62D168A7AB8418ABEFB97B1AD0B33D2D801DDF204AF2228D29470AEF18F3A9309FF3E9A8C78CC657D7D5DFC40F70F27EE34100812FA
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.189","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.1215172706329
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LinxOptimizer.exe
File size:	5'363'200 bytes
MD5:	992bf6285fd2204edc5a6453520376dd
SHA1:	df7dfbd46edb4c5f44ca6e25dafe946d1d6e45d6
SHA256:	87e3d357c350b9031a8896439989367446d41535f9e5ea16825860705229d2e6
SHA512:	4a64284e2e75226f96f03a28b644895ae1eee7121e105c5dcceb444b3d7395fdb03911bdc527af15dd792fd07771b1d035299267055d13477a3f3018871cf390
SSDEEP:	49152:7F6rGXOZCohVndads3ULmmC+YrTudh6ZKhxUM9nJmWh4QP8Cfvn3hVVntdNx1D30:J+AjZ3xeYZoHfBOyeNLXv4qKWT
TLSH:	89468DF59E938DD4EDE3DDF69711F183D42BBFA28A58A94A0249900748E13F6C4B7B01
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....\|rg.........."....)..............K........@.............................0R...........`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1404bedf1
Entrypoint Section:	.1bG
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67727C1E [Mon Dec 30 10:55:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	4bd1b82dde320cb62968a01450950dbd

Entrypoint Preview

Instruction
call 00007F44E9163328h
add byte ptr [eax], al
add dword ptr [edx], ecx
add al, 00h
or dh, byte ptr [edx+06h]
add al, C0h
add dh, byte ptr [eax+29h]
jmp far 2BDEh : 83EC78C0h
inc ecx
stc
sub eax, 707A8F22h
enter 637Ch, 26h
imul edx, ecx, DA4F2A35h
loopne 00007F44E912DF5Ah
in al, FBh
dec esi
stosd
cdq
xor dword ptr [F0A24712h], ecx
dec eax
dec esp
or al, byte ptr [eax-7Dh]
or eax, esp
pushfd
aas
imul esi, esp, EF339BE1h
test eax, 530443F1h
jmp 00007F45066857AEh
jl 00007F44E912DE9Dh
imul ebx, dword ptr [ebx-0E9FB412h], F7h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x504558	0x190	.1bG
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x522000	0x1d5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x519300	0x6f3c	.1bG
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x521000	0x8a8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xbf500	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x5191c0	0x140	.1bG
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x483000	0x158	.K19
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7b726	0x7b800	4bc9ec2a0c2998022a65c8f5814386df	False	0.39136829453441296	data	5.800267736369102	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7d000	0x45450	0x45600	e25a2953d0db9e6c5f18f790acdf0815	False	0.26886261261261263	data	4.882803646359667	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xc3000	0x2a5320	0x2a5000	ba17cd6fdd593f8e1bef1f22e81366b0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x369000	0x459c	0x4600	6b01800794ad17bb092b61b9505779b8	False	0.9367745535714286	data	7.83630836491815	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.D(D	0x36e000	0x114f77	0x115000	48165fdce8a0c743822876c2f5c9628a	False	0.8343210599052346	data	7.535309321645379	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.K19	0x483000	0xc40	0xe00	3afbdf0e34730de79ababed777b4094a	False	0.03850446428571429	data	0.24855306814700295	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.1bG	0x484000	0x9c23c	0x9c400	2ef9dd19a1fff95e3fec447c672ff6c1	False	0.9035109375	data	7.831326650494288	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x521000	0x8a8	0xa00	6f6ed7d3bc0e733f246ab8a6686e7e53	False	0.39921875	data	5.077543846008899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x522000	0x1d5	0x200	76738064d71da74a819601b8bb3cff4a	False	0.5234375	data	4.704363013479242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x522058	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
d3d9.dll	Direct3DCreate9
KERNEL32.dll	QueryPerformanceFrequency
USER32.dll	UnregisterClassA
ADVAPI32.dll	RegOpenKeyExA
SHELL32.dll	SHBrowseForFolderA
ole32.dll	CoTaskMemFree
IMM32.dll	ImmSetCompositionWindow
MSVCP140.dll	_Cnd_do_broadcast_at_thread_exit
VCRUNTIME140_1.dll	__CxxFrameHandler4
VCRUNTIME140.dll	__current_exception_context
api-ms-win-crt-stdio-l1-1-0.dll	fclose
api-ms-win-crt-math-l1-1-0.dll	cosf
api-ms-win-crt-utility-l1-1-0.dll	qsort
api-ms-win-crt-string-l1-1-0.dll	strlen
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-runtime-l1-1-0.dll	_invalid_parameter_noinfo_noreturn
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
KERNEL32.dll	GetSystemTimeAsFileTime
KERNEL32.dll	HeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-05T19:08:01.158717+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49730	172.67.75.163	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 19:08:00.459597111 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:00.459652901 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:00.459742069 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:00.469059944 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:00.469077110 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:00.932238102 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:00.932311058 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.000844002 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.000870943 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:01.001180887 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:01.002183914 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.004626989 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.051353931 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:01.158746004 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:01.158842087 CET	443	49730	172.67.75.163	192.168.2.4
Jan 5, 2025 19:08:01.159071922 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.176588058 CET	49730	443	192.168.2.4	172.67.75.163
Jan 5, 2025 19:08:01.176615953 CET	443	49730	172.67.75.163	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 19:08:00.445995092 CET	55121	53	192.168.2.4	1.1.1.1
Jan 5, 2025 19:08:00.452791929 CET	53	55121	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 5, 2025 19:08:00.445995092 CET	192.168.2.4	1.1.1.1	0x9f49	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 5, 2025 19:08:00.452791929 CET	1.1.1.1	192.168.2.4	0x9f49	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false
Jan 5, 2025 19:08:00.452791929 CET	1.1.1.1	192.168.2.4	0x9f49	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false
Jan 5, 2025 19:08:00.452791929 CET	1.1.1.1	192.168.2.4	0x9f49	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	172.67.75.163	443	7516	C:\Users\user\Desktop\LinxOptimizer.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 18:08:01 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2025-01-05 18:08:01 UTC	780	IN	HTTP/1.1 200 OK Date: Sun, 05 Jan 2025 18:08:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtrMo3sPPqfUN3AMbTiYrYLmI0rGtwiWpUYm9nPS%2F8leiuwoXstx744DzktkE7eIizEPGHIwhpcaudoSoNELWeCw3SccqsTjrt6wijBA41%2Fy6DoouVqN2%2FBW6ott%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fd569469f267286-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1985&rtt_var=766&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=820&delivery_rate=1409266&cwnd=241&unsent_bytes=0&cid=66175d6ae06e78fe&ts=239&x=0"
2025-01-05 18:08:01 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.189","country":"United States","cc":"US"}
2025-01-05 18:08:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	13:07:57
Start date:	05/01/2025
Path:	C:\Users\user\Desktop\LinxOptimizer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\LinxOptimizer.exe"
Imagebase:	0x7ff793500000
File size:	5'363'200 bytes
MD5 hash:	992BF6285FD2204EDC5A6453520376DD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	85.3%
Signature Coverage:	30.7%
Total number of Nodes:	75
Total number of Limit Nodes:	11

Executed Functions

Function 0000016FE513F46A Relevance: 9.6, APIs: 6, Instructions: 647
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE513F47B
FindFirstFileA.KERNEL32 ref: 0000016FE513F48B

Part of subcall function 0000016FE5115180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5115217

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: 6f06d4fb7fb9634510e7d1b69254e57db32836cf64a9c78c2536c5ed3cad936d
Instruction ID: c417dbef261f7a350ab7398bec538e45ee35aeabe4aea249dab8fa20fd8374b3
Opcode Fuzzy Hash: 6f06d4fb7fb9634510e7d1b69254e57db32836cf64a9c78c2536c5ed3cad936d
Instruction Fuzzy Hash: F332E230118A888FE765EF64D859BDFB7E1FBD8300F51496EA08AC31A1EE3795458B42

Function 0000016FE521CCC0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0000016FE521CCED
Process32NextW.KERNEL32 ref: 0000016FE521CD6F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE521CDDC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE521CE15
Process32NextW.KERNEL32 ref: 0000016FE521CEBE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: f63d23b7a5a9eebf7845e4a51ecc0b31b6b393b132448888189f3fb706003855
Instruction ID: 5caec8276b6d7cd87db957b7d232b890d2abedc190198009de23c9e08e0dbe94
Opcode Fuzzy Hash: f63d23b7a5a9eebf7845e4a51ecc0b31b6b393b132448888189f3fb706003855
Instruction Fuzzy Hash: B8514230118B488BE765EF64D8497DBBBE1FBD4300F41092EA08AD31A1EF379902CB42

Function 0000016FE51D78E0 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51D7976
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51D79F4
CryptUnprotectData.CRYPT32 ref: 0000016FE51D7A4D

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: d38d86aac35fc610313a0d9c34c3ee6c10a6dc26637e9ed5cfff218a50dc8d19
Instruction ID: b8aec2f92022edeb3766fc114930818176f72af5b17d1e75c72a5576571fc1a4
Opcode Fuzzy Hash: d38d86aac35fc610313a0d9c34c3ee6c10a6dc26637e9ed5cfff218a50dc8d19
Instruction Fuzzy Hash: 3A511170518B888FE7A4EF68D4587EEBBE1FB98301F51492E908DC3261EB769445CB42

Function 00007FF793A18803 Relevance: 1.5, APIs: 1, Instructions: 7
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtSetInformationThread.NTDLL(00007FF793A12DC0), ref: 00007FF793A18808

Memory Dump Source

Source File: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: InformationThread
String ID:
API String ID: 4046476035-0
Opcode ID: 0373f4aa791310d6b3b280e05b21663c2f00150a3efc8cfb6166521d5dcee532
Instruction ID: 9d977b71c5f07c8c20ae0d2143b0e34acef068b65ef3303c3b0b2d708d64bc7c
Opcode Fuzzy Hash: 0373f4aa791310d6b3b280e05b21663c2f00150a3efc8cfb6166521d5dcee532
Instruction Fuzzy Hash: 91C04C52F09C11DCD3649BA6D40106D6770F744B84F448462DF1D23B24DF34D9529B90

Function 0000016FE5116FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000016FE511A110: char_traits.LIBCPMTD ref: 0000016FE511A13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 0000016FE511754F
CreateToolhelp32Snapshot.KERNEL32 ref: 0000016FE51175C4
Process32FirstW.KERNEL32 ref: 0000016FE511764B
Process32NextW.KERNEL32 ref: 0000016FE51177AB

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: 12bfb29d8b8dcec290ed159d6ab2d08bc79dcee497acb6809e7e91a603c2d6b4
Instruction ID: 6c615cd1787de9adda3060b3f3e2791b5223224aace61c523adea43acb2b6e45
Opcode Fuzzy Hash: 12bfb29d8b8dcec290ed159d6ab2d08bc79dcee497acb6809e7e91a603c2d6b4
Instruction Fuzzy Hash: D7324231218A484BEB55EF74D9597DBBAD1FB98300F8109BFA04AC32A2FD379946C741

Function 0000016FE51F88A0 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE51F8940

Part of subcall function 0000016FE5146C20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5146C4B
Part of subcall function 0000016FE5146C20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5146C5A

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F89A6
CreateFileA.KERNEL32 ref: 0000016FE51F89D2

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: 0ae8024baaa766cd197798155ce4ee5724fb4a9c45c7472654707a893e66243b
Instruction ID: b2e7333844b2424f1f6c8f01c9cafbf5449494e7de7400e1fe635a4c35c730bf
Opcode Fuzzy Hash: 0ae8024baaa766cd197798155ce4ee5724fb4a9c45c7472654707a893e66243b
Instruction Fuzzy Hash: 28814934219A488FE754EF68D858BDAB7E1FB95314F414A6DA04DC32E1EE3BD846C701

Function 0000016FE5114740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511477E

Part of subcall function 0000016FE51153C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51153DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51147BB

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 665a32c13c0b49db2116b619edb56a28b66b9d278386548617deb68b4130b138
Instruction ID: 14f92f86d6549b5edf2cdecee916043d49739b09a978fc365447ae4f0b97d7da
Opcode Fuzzy Hash: 665a32c13c0b49db2116b619edb56a28b66b9d278386548617deb68b4130b138
Instruction Fuzzy Hash: 2B31E3305287889FD794EF18D459B9AFBE1FB94300F81496EF089C32A1DF769445CB42

Function 0000016FE51F8EC0 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F8F06
CreateFileA.KERNEL32 ref: 0000016FE51F8F35
ReadFile.KERNEL32 ref: 0000016FE51F8F64

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 768a065226eff2f2f9541ab7b9ae00d02d8c84228eead1b4a103c683cee4dca8
Instruction ID: 01318275cb071d85cadf35ce637a0d74d62b01df38f2ceb7949f4b872e7a7949
Opcode Fuzzy Hash: 768a065226eff2f2f9541ab7b9ae00d02d8c84228eead1b4a103c683cee4dca8
Instruction Fuzzy Hash: D121F670658B488FDB94EF1CC488B9ABBE0FB99305F50496DF489C3260DB76D845CB42

Function 0000016FE51F8E20 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F8E47
CreateFileA.KERNEL32 ref: 0000016FE51F8E76
ReadFile.KERNEL32 ref: 0000016FE51F8E9E

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: cbf31e9e43ef24d401aa9ebfd5dc835ceea8740c73187fa1e0666766275b045d
Instruction ID: fb1b0bbe0ac4b063ce43643a33f87e206be558342de8f4e070932fcd5f0aa9c4
Opcode Fuzzy Hash: cbf31e9e43ef24d401aa9ebfd5dc835ceea8740c73187fa1e0666766275b045d
Instruction Fuzzy Hash: A1011370618B488FDB44EF28C85971ABBE1FB99305F50091DF08AC33A0DB7AD9458B82

Function 0000016FE51F8D40 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F8D60
CreateFileA.KERNEL32 ref: 0000016FE51F8D8F

Part of subcall function 0000016FE511A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511A18D

Part of subcall function 0000016FE51F88A0: type_info::_name_internal_method.LIBCMTD ref: 0000016FE51F8940
Part of subcall function 0000016FE51F88A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F89A6
Part of subcall function 0000016FE51F88A0: CreateFileA.KERNEL32 ref: 0000016FE51F89D2

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 7eb2e44000b88989e7faf6c439c2abbc87136d08060327d0dd8c2bfe1037f010
Instruction ID: b261fff508f8a50be10696a5ac4b5df14713afaac4f10aeb7d65428c97ad71b0
Opcode Fuzzy Hash: 7eb2e44000b88989e7faf6c439c2abbc87136d08060327d0dd8c2bfe1037f010
Instruction Fuzzy Hash: 7F111E70618B488FE794EF68D44C79ABBE1FBD9341F40492DA08DC3261DB7AC8458B42

Function 0000016FE5239E2C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000016FE5239E5C

Part of subcall function 0000016FE523A8E0: std::bad_alloc::bad_alloc.LIBCMTD ref: 0000016FE523A8E9

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 63a19ba538b4a23dd5a957463ac287b99a1bce866babca04c0085706e7035a0b
Instruction ID: 360525f37ba2a0daeba16b1d9874e5aeb644cd0b61c37331eed7b28203b66aac
Opcode Fuzzy Hash: 63a19ba538b4a23dd5a957463ac287b99a1bce866babca04c0085706e7035a0b
Instruction Fuzzy Hash: 1B01A93061190F4DFA987B756CCD3F829D4976A381F5604FE9416C61F2FA1BC88B9150

Function 00007FF793A15D0B Relevance: 1.3, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32(00007FF793A1846F,00007FF793A1510C), ref: 00007FF793A15D10

Memory Dump Source

Source File: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0e0a5ba88380e0d3e17e1fb64ff785e9c7c625f06afeb44d52b1ebacb787c24f
Instruction ID: 5c53d0fc7e84e97781daa43934229a378a6c5691a392d3d075a4ea7058968d51
Opcode Fuzzy Hash: 0e0a5ba88380e0d3e17e1fb64ff785e9c7c625f06afeb44d52b1ebacb787c24f
Instruction Fuzzy Hash: 0DE026226144619BE324FFB6D4A18FEA764E745F44F400135FB4D17F9BCE18E9059B10

Non-executed Functions

Function 00007FF7935525C0 Relevance: 29.6, Strings: 23, Instructions: 889COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF793552687
Too many PopItemWidth!, xrefs: 00007FF793553099
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF79355327B
table->RowPosY2 == inner_window->DC.CursorPos.y, xrefs: 00007FF7935527D9
(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!", xrefs: 00007FF7935530B2
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF793552601
inner_window == g.CurrentWindow, xrefs: 00007FF79355268E
outer_window == inner_window || outer_window == inner_window->ParentWindow, xrefs: 00007FF7935526C9
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7935527D2
(table->Flags & ImGuiTableFlags_ScrollX) == 0, xrefs: 00007FF793553282
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF793553558
Mismatching PushID/PopID!, xrefs: 00007FF793552FF0
table != 0 && "Only call EndTable() if BeginTable() returns true!", xrefs: 00007FF793552608
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7935526C2
Too many PopItemWidth!, xrefs: 00007FF79355306E
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF793553036
Mismatching PushID/PopID!, xrefs: 00007FF793553024
g.TablesTempDataStacked > 0, xrefs: 00007FF793553589
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF793553582
Only call EndTable() if BeginTable() returns true!, xrefs: 00007FF7935525EF
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7935530AB
g.CurrentWindow == outer_window && g.CurrentTable == table, xrefs: 00007FF79355355F
(inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!", xrefs: 00007FF79355303D, 00007FF793553044

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Mismatching PushID/PopID!$Mismatching PushID/PopID!$Only call EndTable() if BeginTable() returns true!$Too many PopItemWidth!$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
API String ID: 0-3063675848
Opcode ID: 9e593d317a6f8529f5b1efbc58be60eed85974ba0b36c2312362a70383de8a89
Instruction ID: 423dac4d2aff35202c5cf9d7f443d395d28d818ff46e831bc2f90c00551e333f
Opcode Fuzzy Hash: 9e593d317a6f8529f5b1efbc58be60eed85974ba0b36c2312362a70383de8a89
Instruction Fuzzy Hash: A2A2FF32518B8986D761DB36E48036AF7A4FBC8B84F448632EA8D67765DF2CE544CF10

Function 00007FF79350EFD0 Relevance: 23.6, APIs: 1, Strings: 12, Instructions: 827COMMON

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::IsPrepared.LIBCMTD ref: 00007FF79350F28F

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79350F2A1
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF79350FEDE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79350F8E3
g.Font->IsLoaded(), xrefs: 00007FF79350F2A8
Debug##Default, xrefs: 00007FF79350FEAD
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79350EFF6
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79350FED7
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF79350F544
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF79350EFFD
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF79350FE2F
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF79350F8EA
No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?, xrefs: 00007FF79350EFE4

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: Base::Concurrency::details::ContextInternalPrepared
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Debug##Default$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.WindowsFocusOrder.Size <= g.Windows.Size
API String ID: 1455501626-2822634265
Opcode ID: e8341e71e8f76f5ba5bd993a085733d28b6a961000a017c57300c884a0683516
Instruction ID: 3d97bfc1c306c5a65c391cfc99c0568fb484d4e4069f31bc51dacb9c3ae42beb
Opcode Fuzzy Hash: e8341e71e8f76f5ba5bd993a085733d28b6a961000a017c57300c884a0683516
Instruction Fuzzy Hash: 88A20C3650878986D770DB3AE0943AAB7A4FB8CB88F444236EA8D577A5DF3DD1418F10

Function 00007FF793517092 Relevance: 20.2, APIs: 1, Strings: 9, Instructions: 2675COMMON

Download Yara Rule

APIs

Concurrency::details::BoostedObject::IsScheduleGroupSegment.LIBCMTD ref: 00007FF793517352

Strings

parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow), xrefs: 00007FF793517429
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351A2FE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF793518637, 00007FF793518645
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF793519483
_`:, xrefs: 00007FF793517CD0
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351947C
parent_window && parent_window->Active, xrefs: 00007FF79351863E
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF79351A305
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF793517422

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: BoostedConcurrency::details::GroupObject::ScheduleSegment
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow)$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0$_`:
API String ID: 2971748953-1216530310
Opcode ID: 9edc25fe3c1c3e4044cd81e7b7f627d766cdcbe0b4afcbc274b03a30b98d999d
Instruction ID: 43edcee0387edb018ba73621949016ebfacf2d61c0f99df5d52121cc431182af
Opcode Fuzzy Hash: 9edc25fe3c1c3e4044cd81e7b7f627d766cdcbe0b4afcbc274b03a30b98d999d
Instruction Fuzzy Hash: 8B63FC32608BC586D761DB7AE4803AAB7B4FBC9B84F544136EB8C67769DF29D440CB10

Function 00007FF793517EFE Relevance: 9.2, Strings: 6, Instructions: 1712COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351A2FE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF793518637, 00007FF793518645
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF793519483
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351947C
parent_window && parent_window->Active, xrefs: 00007FF79351863E
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF79351A305

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-2440840298
Opcode ID: e1334a017ce5343644be810df8870f3617aaf49be10675896bd58b1dea8008db
Instruction ID: 2f18c3be8ab28a2885791dd39fc27d153e7ad9d45886e533268f4b90a213e10d
Opcode Fuzzy Hash: e1334a017ce5343644be810df8870f3617aaf49be10675896bd58b1dea8008db
Instruction Fuzzy Hash: 4B13FD32608BC586D761DB7AD4803AAF7B4FB89B84F544132EB8C677A9DF29D444CB10

Function 00007FF79355CF50 Relevance: 6.5, Strings: 5, Instructions: 215COMMON

Download Yara Rule

Strings

--------------------------------, xrefs: 00007FF79355D33F
thickness > 0.0f, xrefs: 00007FF79355CFDF
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79355CFD8
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79355CFAA
ImIsPowerOfTwo(flags & (ImGuiSeparatorFlags_Horizontal | ImGuiSeparatorFlags_Vertical)), xrefs: 00007FF79355CFB1

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: --------------------------------$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImIsPowerOfTwo(flags & (ImGuiSeparatorFlags_Horizontal | ImGuiSeparatorFlags_Vertical))$thickness > 0.0f
API String ID: 0-570495466
Opcode ID: d152970e801a56260b93f7d63876f709ddf4e2f7fd9421f33b548901528ed5c5
Instruction ID: a40623472e22414793dff3233f430ba9ffe25bea3a6f5c368570befa66700856
Opcode Fuzzy Hash: d152970e801a56260b93f7d63876f709ddf4e2f7fd9421f33b548901528ed5c5
Instruction Fuzzy Hash: C7B172329196C586D7A0EB36E4813AAF364FBC9740F449532FA8D676A5DF2CE044CF50

Function 00007FF79351879A Relevance: 6.4, Strings: 4, Instructions: 1374COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351A2FE
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF793519483
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351947C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF79351A305

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-3787196132
Opcode ID: c17ce1f28e9eefe6315d222065032312a9b0ef3a5e8056102cdac29bc7ed40e2
Instruction ID: bdd8c77981f5c1c95bcc91e3a5a87616c95efe2fb1f8d3da935ba506a2d1427e
Opcode Fuzzy Hash: c17ce1f28e9eefe6315d222065032312a9b0ef3a5e8056102cdac29bc7ed40e2
Instruction Fuzzy Hash: 0BF20C32608BC586D761DB36E4803AAB7B4FBCAB84F544132EB8D67769DF29D444CB10

Function 00007FF793518767 Relevance: 6.4, Strings: 4, Instructions: 1352COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351A2FE
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF793519483
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351947C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF79351A305

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-3787196132
Opcode ID: 3cf62f80b53d0a8df2882173fb4fb99d308628bddcafa83b4b70a12921fa1418
Instruction ID: fb61633dba445c5dff7090799d7853e2e19da3602c5dc612a4ed9b41a730d380
Opcode Fuzzy Hash: 3cf62f80b53d0a8df2882173fb4fb99d308628bddcafa83b4b70a12921fa1418
Instruction Fuzzy Hash: C2F2FD32608BC586D761DB36E4803AAB7B4FBCAB84F544132EB8D67769DF29D444CB10

Function 00007FF793518971 Relevance: 6.3, Strings: 4, Instructions: 1293COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351A2FE
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF793519483
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351947C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF79351A305

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-3787196132
Opcode ID: d1410115a819e0bac3c696b34b1e6188a5e23b70b74db51e7c20ca2a19d054ea
Instruction ID: eb2a9ada4565bbb0ea79d924094239d7eaf4b04b75adf66774b0ca087ab72927
Opcode Fuzzy Hash: d1410115a819e0bac3c696b34b1e6188a5e23b70b74db51e7c20ca2a19d054ea
Instruction Fuzzy Hash: 90F20E32608BC586D761DB3AD4803AAB7B4FBCAB84F544132EB8C67769DF29D444DB10

Function 00007FF79350D310 Relevance: 5.2, Strings: 4, Instructions: 238COMMON

Download Yara Rule

Strings

Invalid flags for IsItemHovered()!, xrefs: 00007FF79350D362
Invalid flags for IsItemHovered()!, xrefs: 00007FF79350D342
((flags & ~ImGuiHoveredFlags_AllowedMaskForIsItemHovered) == 0) && "Invalid flags for IsItemHovered()!", xrefs: 00007FF79350D37B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79350D374

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ((flags & ~ImGuiHoveredFlags_AllowedMaskForIsItemHovered) == 0) && "Invalid flags for IsItemHovered()!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Invalid flags for IsItemHovered()!$Invalid flags for IsItemHovered()!
API String ID: 0-1213426486
Opcode ID: fcc4f4fff15f1e830e50d85a9c628163979e1a60977b138261a081379e17ece7
Instruction ID: 7fe7d1c85266f33fbf9687161aabfcfb4e244bc4ea7a7937dfb844fd136df3a6
Opcode Fuzzy Hash: fcc4f4fff15f1e830e50d85a9c628163979e1a60977b138261a081379e17ece7
Instruction Fuzzy Hash: 54B13332A1878686E7E1AB36D44167AF7F4EB88784F444035EA4D9B794EF2DE540CB20

Function 00007FF79355E740 Relevance: 5.2, Strings: 4, Instructions: 205COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79355EABE
##Combo_%02d, xrefs: 00007FF79355E92E
ImIsPowerOfTwo(flags & ImGuiComboFlags_HeightMask_), xrefs: 00007FF79355E823
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79355E81C, 00007FF79355E82A

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: ##Combo_%02d$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImIsPowerOfTwo(flags & ImGuiComboFlags_HeightMask_)
API String ID: 0-1975790589
Opcode ID: af93c477e0b65c2da4c265cc18661c65c9c55801d85bc6179ec4fe33eee32985
Instruction ID: 86942488d4d58cc287b8e9f8214c767c5bebeaca011fc9a996a1567a45727d50
Opcode Fuzzy Hash: af93c477e0b65c2da4c265cc18661c65c9c55801d85bc6179ec4fe33eee32985
Instruction Fuzzy Hash: 18A1333290C68685E7B0EB35E4413BAF7A4FBC9740F948132E68C67A99DF2CE445DB50

Function 00007FF79356AD40 Relevance: 3.5, Strings: 2, Instructions: 992COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79356B2C5
tab->LastFrameVisible >= tab_bar->PrevFrameVisible, xrefs: 00007FF79356B2CC

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$tab->LastFrameVisible >= tab_bar->PrevFrameVisible
API String ID: 0-1329222593
Opcode ID: 40926254502ab6e22802fad17923a13c622223416391cf6412416086dfb30bcf
Instruction ID: c4c7bf2e64e33d0da996364fe880daa33326eb77f2d3a7b96053007a01cf0bae
Opcode Fuzzy Hash: 40926254502ab6e22802fad17923a13c622223416391cf6412416086dfb30bcf
Instruction Fuzzy Hash: AFC2FB32609AC5C6D771DB3AE0807AAF7A4FBC8744F544225EA8D677A9DB3DE4408F10

Function 00007FF79351FAD0 Relevance: 3.4, APIs: 2, Instructions: 399COMMON

Download Yara Rule

APIs

log.LIBCPMTD ref: 00007FF79351FEFC
log.LIBCPMTD ref: 00007FF79351FF2F

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14a93ff07b5083aeb9654bdce8045906376677f70eaf8df9d0086c0c132abb57
Instruction ID: 293c96e86a620972d6eedd109f650d160c680e83dcd6c8af746ce609256205d7
Opcode Fuzzy Hash: 14a93ff07b5083aeb9654bdce8045906376677f70eaf8df9d0086c0c132abb57
Instruction Fuzzy Hash: 0922733291D68986D6A1DB36E08136AF7A4FFCD784F444232EA8D677A5DF2CE1448F10

Function 00007FF79355C070 Relevance: 3.0, Strings: 2, Instructions: 459COMMON

Download Yara Rule

Strings

ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF79355C311
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79355C30A

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f
API String ID: 0-2700075243
Opcode ID: fe75c32427d26f03b653038bd3d72a06742954bdca09e9889ed1fb4dafb766ce
Instruction ID: 3d0be5ff4f307e877be1a39f577345dd62f61ec1b1e3b8f6c4e997dbcb656ba1
Opcode Fuzzy Hash: fe75c32427d26f03b653038bd3d72a06742954bdca09e9889ed1fb4dafb766ce
Instruction Fuzzy Hash: A642343691C6C58AD3A1DB37E4413AEF764FBD9740F548622E68872AA5DF3CE0849F10

Function 0000016FE512BA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 0000016FE512BE43

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: 2a41353c4ffb42ff1aabcdec2d5ef4edca00c913e396ae478adb3b6c6388124a
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 1D12E2742187448FD348DF28C490A6ABBE2FBCD308F514A6DF48AD7765D635E942CB42

Function 0000016FE5201170 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 0000016FE52014F8

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4f4b649e6971ae701866a1483a7cb624743e75dcd4f8d76c1a19725971219106
Instruction ID: 91e24a598a7cb3140ba592453bf92573ff3a926ec1a223f66baedce7ddb0f99c
Opcode Fuzzy Hash: 4f4b649e6971ae701866a1483a7cb624743e75dcd4f8d76c1a19725971219106
Instruction Fuzzy Hash: 0EE1227421CB888FE7A4DF18D8587AAB7E1FB99301F10492DE48EC3260DB75D885DB46

Function 00007FF7935738F5 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

\\.\VBoxMiniRdrDN, xrefs: 00007FF7935739AE, 00007FF7935739D4

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: \\.\VBoxMiniRdrDN
API String ID: 0-4073649278
Opcode ID: 18496cd3414624a4363cd905d38cdfd5fc381ea0f177d4c716773da30326c841
Instruction ID: 5702b4b820d8f31573368853c93eebc2b372e2c14190c6d3ae734cb628788db3
Opcode Fuzzy Hash: 18496cd3414624a4363cd905d38cdfd5fc381ea0f177d4c716773da30326c841
Instruction Fuzzy Hash: EF217F2151CFC289D2B1A73CA884519AB109796338F840364F2FE567F6CA1CD516CB26

Function 0000016FE5303144 Relevance: 1.2, Instructions: 1207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5281000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5281000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0885fae3c7579f9a47d9d3861daae36a8dabc462c5fdba923d8d213e7f44b7
Instruction ID: 340e7c98d620a25edb30d4dc95fa6730e8be52617e82338ddf3d5b8277803ce0
Opcode Fuzzy Hash: 8a0885fae3c7579f9a47d9d3861daae36a8dabc462c5fdba923d8d213e7f44b7
Instruction Fuzzy Hash: 7E92B25684E7E25FE31386746CAA6E2BF615F17234B4E06DFD0C40A0A3D14E539AC7D2

Function 0000016FE528CAD2 Relevance: .9, Instructions: 883COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5281000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5281000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8265708f2888ff87f0775d50d43babe3ae693213f5bc7ee42f03f46001857dbf
Instruction ID: e4859a1183b0d92e4a38098e3df074a4756c4ba885dd048ad08568570d5381c4
Opcode Fuzzy Hash: 8265708f2888ff87f0775d50d43babe3ae693213f5bc7ee42f03f46001857dbf
Instruction Fuzzy Hash: 7662686640E3C15EE7138B345C966C13F72AE0722975F4ADAC4C0AF477E2895A5EC3E2

Function 00007FF79353F750 Relevance: .8, Instructions: 828COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40cf6a80986d47cca11eb8583c884eaa38dff31262d0db577f047762a193fe89
Instruction ID: dbb284578e3463e87cd08f2e62a3e1ae3586b043ed2f97f33eef360225a9da54
Opcode Fuzzy Hash: 40cf6a80986d47cca11eb8583c884eaa38dff31262d0db577f047762a193fe89
Instruction Fuzzy Hash: 23928231A0898E86DAA4DB37E850266B335FB8C380F805A35DA4E776F4DF6CF5459B10

Function 00007FF7935676A0 Relevance: .6, Instructions: 582COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0e3b9a799d8f35ef6c415b6e057cf5b2b3e52d94c03f90f85b9ad64876a88d
Instruction ID: e527f484dd5074ebf41349446019e9f3f4f78b58c643b25fc84d8e4e6a44b61a
Opcode Fuzzy Hash: 8c0e3b9a799d8f35ef6c415b6e057cf5b2b3e52d94c03f90f85b9ad64876a88d
Instruction Fuzzy Hash: 0C62613250CBC586E7B1DB36E4407AAF7A4EB89744F444535EB88A3AA9DF6CE444CF10

Function 0000016FE5281F06 Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5281000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5281000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a113c54109b24b6f1cf3f726530c155ecf784348ef7fac1103746a4cfb27c0
Instruction ID: 79a359aed8f9950ef90b20548100891e179cca2f23e0341fc4b4f83f063d2ca0
Opcode Fuzzy Hash: 21a113c54109b24b6f1cf3f726530c155ecf784348ef7fac1103746a4cfb27c0
Instruction Fuzzy Hash: 52E13B5544F7D22FE3138B306CAAAE3BFA95E4722475D06DFF0C1560A7E149436AC3A2

Function 0000016FE5281F16 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5281000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5281000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba867744ff4fd98c8eaa95a43b2f0a9ae32f474087df929941bb31c6c253914
Instruction ID: 1a7c2876890679d4454dba3c717a36b9cffd84fe3eef0ea38e3ca126cf9f967a
Opcode Fuzzy Hash: fba867744ff4fd98c8eaa95a43b2f0a9ae32f474087df929941bb31c6c253914
Instruction Fuzzy Hash: AED14C5544F7E22FE3138B305CAAAE3BFA95A4722475D06DFF0C1560A7E149437AC3A2

Function 00007FF79351EFC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f694e979c1fbb37b9b90d249375b5474e38530de0379bf48d86ce2d6c2dbd2
Instruction ID: b7bfaa2e4ee13f346a95ae45b1fcf951120584cfd9b4d3a8633f8af7d931b8e6
Opcode Fuzzy Hash: 00f694e979c1fbb37b9b90d249375b5474e38530de0379bf48d86ce2d6c2dbd2
Instruction Fuzzy Hash: FA125F22508B8581D671DB26E09037AF7A0FBCDB98F544326EA8D677A9DF2DD181CF10

Function 00007FF79356A280 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e51911f78f60132d533be16976437209a2ada6d4f154c412b5980843af0faa5
Instruction ID: 26cd4b9c482e033c28529b36ae167ebeb2d2c950e8c6045f2efa359eb3ddb1d1
Opcode Fuzzy Hash: 7e51911f78f60132d533be16976437209a2ada6d4f154c412b5980843af0faa5
Instruction Fuzzy Hash: 1CF1C8325186C586D7A1EB37D4813AAF764EFD9780F449631EA8C636A5EF2CE084CF10

Function 00007FF793504460 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec41635b1a9caa260c9e8375264b8fdf58aeef0dac8047cfed4fc152b2c157ca
Instruction ID: 84f41a7ec2167d7ca91ce7fd499e2945afe7a0010a7ae6a86698b39ddd88ea8b
Opcode Fuzzy Hash: ec41635b1a9caa260c9e8375264b8fdf58aeef0dac8047cfed4fc152b2c157ca
Instruction Fuzzy Hash: 86022F36909BCA85DA60DB37E49036AB374FBC9B84F448632DA8C67775DF39E0448B11

Function 00007FF793508DD2 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4723c58c07230bba23d88fa1f46f7aadb8e0c8c97cb8ce8cddcc02c5fbd559
Instruction ID: 99cb17768459e7ae1579dea6102ec59fcd8ecc7427d7ea0c347e5bdab4122e5f
Opcode Fuzzy Hash: ad4723c58c07230bba23d88fa1f46f7aadb8e0c8c97cb8ce8cddcc02c5fbd559
Instruction Fuzzy Hash: 09D1FC32509BC985C6A1DB26E48039AF774FBC9780F508626EB8D63B69DF3DD0948F00

Function 00007FF79350D6D0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5feb88ce7c5ea2f33f54d5af5a25d192bebe0acdf38144a0f0f4cc9857dad1fe
Instruction ID: 57063bfac58d05a0893a61abd24b97b1cb3aafc5dfc98c4ccc29eb12b2b906e1
Opcode Fuzzy Hash: 5feb88ce7c5ea2f33f54d5af5a25d192bebe0acdf38144a0f0f4cc9857dad1fe
Instruction Fuzzy Hash: C2C101366087C186DBB09B36E4803BAB7F4EB8A784F544075DA8C5BB95EF2ED544CB10

Function 0000016FE5284EE1 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5281000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5281000_LinxOptimizer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0543efbfb33db8a17b318fb5de0b89631516868748a322d4c600116136921f4b
Instruction ID: e7f719ce98300decfd5a6c17274ac7c92c20178e1ca2193109efdead8d522d3e
Opcode Fuzzy Hash: 0543efbfb33db8a17b318fb5de0b89631516868748a322d4c600116136921f4b
Instruction Fuzzy Hash: 1A51892105E3C19FE7538B388865B913FB4AF27691B1E4ADBD4C0CF0A7D6189A1DC762

Function 0000016FE5114850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE5115360: _WChar_traits.LIBCPMTD ref: 0000016FE511538D

Part of subcall function 0000016FE5114AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5114AD0
Part of subcall function 0000016FE5114AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5114B2F
Part of subcall function 0000016FE5114AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5114B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51148B8

Strings

b, xrefs: 0000016FE511494B
a, xrefs: 0000016FE51148F6
D, xrefs: 0000016FE5114923
t, xrefs: 0000016FE511492D
M, xrefs: 0000016FE51148F1
y, xrefs: 0000016FE5114919
e, xrefs: 0000016FE5114914
c, xrefs: 0000016FE5114905
KDBM, xrefs: 0000016FE51149A9
o, xrefs: 0000016FE5114946
, xrefs: 0000016FE511490A
a, xrefs: 0000016FE5114928
l, xrefs: 0000016FE5114941
K, xrefs: 0000016FE511490F
B, xrefs: 0000016FE511493C
g, xrefs: 0000016FE51148FB
i, xrefs: 0000016FE5114900
a, xrefs: 0000016FE5114932
, xrefs: 0000016FE511491E
, xrefs: 0000016FE5114937

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: 09cd6937a05f5666fc77b1652b4d718441387c8c9edceb0127b60103c2ca14ba
Instruction ID: a5dcd7b3a6fde849c02752eea2914d945707f662373cac25dff978576dd82ead
Opcode Fuzzy Hash: 09cd6937a05f5666fc77b1652b4d718441387c8c9edceb0127b60103c2ca14ba
Instruction Fuzzy Hash: 3261E87050CB848FE760EB68D448B9ABBE1FBA5304F04496DE4C9C7261DBB9D489CB53

Function 0000016FE5196B40 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5196D7D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196DFA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196E13
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5196E53
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196EB2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196ECB
_Min_value.LIBCPMTD ref: 0000016FE5196F02
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196F1E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5196F37
_Max_value.LIBCPMTD ref: 0000016FE5196F6E
_Min_value.LIBCPMTD ref: 0000016FE5196F8B

Part of subcall function 0000016FE519F2E0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE519F305

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 1bcb6240d8531b9dfedb7aa02be155cd3d36212a07f8065a2ef0f99518df7b9b
Instruction ID: 7726f43c4759cd2f4c5b17fdd8bf4c70c8404c8f83cf96b36a4b0a73f5382567
Opcode Fuzzy Hash: 1bcb6240d8531b9dfedb7aa02be155cd3d36212a07f8065a2ef0f99518df7b9b
Instruction Fuzzy Hash: 4002F07011CB888FD7B5EF58D498BDAB7E0FB98304F41092E958DC3261EB769585CB42

Function 0000016FE5197190 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE51973CD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE519744A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5197463
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE51974A3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5197502
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE519751B
_Min_value.LIBCPMTD ref: 0000016FE5197552
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE519756E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5197587
_Max_value.LIBCPMTD ref: 0000016FE51975BE
_Min_value.LIBCPMTD ref: 0000016FE51975DB

Part of subcall function 0000016FE519F330: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE519F355

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 63956e359cea07a82421af4a37f48f701467fc80a20827156209f532ca5ab0f4
Instruction ID: 2eac97cb73ce3cb30e228df5f19ade6103b02a71463659a61b0afb36862657e2
Opcode Fuzzy Hash: 63956e359cea07a82421af4a37f48f701467fc80a20827156209f532ca5ab0f4
Instruction Fuzzy Hash: F3020F7011CB888FD7B5EF58D448BDAB7E1FBA8304F41092E958DC32A1EB769945CB42

Function 0000016FE5182BB0 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE5182C02

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE5182C56
std::make_error_code.LIBCPMTD ref: 0000016FE5182C91

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 8ec9e0c1920ea014a416094f19b8de65f9c11dfdff15eb113697e77d768fb33e
Instruction ID: 5f53d10be03bd2405b5c6278e0ebf1576f7262dffc5e1d1254cdff05f506617d
Opcode Fuzzy Hash: 8ec9e0c1920ea014a416094f19b8de65f9c11dfdff15eb113697e77d768fb33e
Instruction Fuzzy Hash: 6C611D342186554BE255DF99EC54BABBFE1BBC4380F41093CE495CA1F2EA6FDC43A602

Function 0000016FE515A9F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE515AAF5
shared_ptr.LIBCMTD ref: 0000016FE515AB63

Strings

d, xrefs: 0000016FE515AAFC

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 38e21e1145ab6f92f3ecb0f8d906339b88a9136e65512346a4b4e6c4d11de38b
Instruction ID: 810c6de561d18571c9b9a921c5cc5519bba16fdc2f1989ba49c59ef7ec1905c6
Opcode Fuzzy Hash: 38e21e1145ab6f92f3ecb0f8d906339b88a9136e65512346a4b4e6c4d11de38b
Instruction Fuzzy Hash: FA9146301187848FD794EF68D45879BBBE1FF99301F55496DB08AC3272EA379945CB02

Function 0000016FE515AD00 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE515AE05
shared_ptr.LIBCMTD ref: 0000016FE515AE73

Strings

d, xrefs: 0000016FE515AE0C

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: b9d32de8fa3d5cc7a6c72efd2033482f1cd6dc7ad9fc93f1d2ea3e1fff5d3cd4
Instruction ID: 071224cf4cd7ae3e61171ae2636f6928938f6c27dd762af83ecbe9f03501ffdb
Opcode Fuzzy Hash: b9d32de8fa3d5cc7a6c72efd2033482f1cd6dc7ad9fc93f1d2ea3e1fff5d3cd4
Instruction Fuzzy Hash: 689158301187848FD794EF68D458B9BBBE1FF99341F51496DB08AC3272DA3B9945CB02

Function 0000016FE515A6E0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE515A7E7
shared_ptr.LIBCMTD ref: 0000016FE515A855

Strings

d, xrefs: 0000016FE515A7EE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: d15551ef352780555c2ea6bbbdc47b6b4da13a0ef2cbee25cbb5e0fcc51e2eb4
Instruction ID: ba5f1f835a2a6db12c88cbb0864fdb19896c6b55bee3760ce928c8406d03436b
Opcode Fuzzy Hash: d15551ef352780555c2ea6bbbdc47b6b4da13a0ef2cbee25cbb5e0fcc51e2eb4
Instruction Fuzzy Hash: 3E9157701187848FE354EF68D45879BBBE1FF99341F55096DB08AC32B2EA3B9945CB02

Function 0000016FE5161060 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE511A110: char_traits.LIBCPMTD ref: 0000016FE511A13D

type_info::_name_internal_method.LIBCMTD ref: 0000016FE51610D6
type_info::_name_internal_method.LIBCMTD ref: 0000016FE51610F5
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5161186
type_info::_name_internal_method.LIBCMTD ref: 0000016FE51611E1
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5161233

Strings

, xrefs: 0000016FE51610A8
', xrefs: 0000016FE516110D

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 37bc1918225271d6d2c502ee6e2251174aad6824fb8f963c116eb69f90c6ea40
Instruction ID: 2009adca75e44e2411a7d80030219fb9f9724940cd2b5debdfc4fa4eff336810
Opcode Fuzzy Hash: 37bc1918225271d6d2c502ee6e2251174aad6824fb8f963c116eb69f90c6ea40
Instruction Fuzzy Hash: 84514231158B888FD760FF54D899BDABBE1FB98300F41496DA089C31A1EF7B9545C742

Function 0000016FE514FD60 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE514FE31

Part of subcall function 0000016FE51504F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51504FE

Part of subcall function 0000016FE51532F0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5153303

bool_.LIBCPMTD ref: 0000016FE514FF43
shared_ptr.LIBCMTD ref: 0000016FE514FF50
UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE514FFF3
bool_.LIBCPMTD ref: 0000016FE51500DB
shared_ptr.LIBCMTD ref: 0000016FE51500E8

Part of subcall function 0000016FE5153220: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE515322E
Part of subcall function 0000016FE5153220: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5153264

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 3eba9882c9bba142c269e39a38bb62c6cc58e1174b8cb602d1c281a7c81d27e7
Instruction ID: 03036923bc8469e8338d37ed2e91d6091b8455cf20e159b41663afd5d7d39a81
Opcode Fuzzy Hash: 3eba9882c9bba142c269e39a38bb62c6cc58e1174b8cb602d1c281a7c81d27e7
Instruction Fuzzy Hash: C3F1383011CA848FD7A1EF98D859BDBBBE0FF95301F41096DA089C72B1EA779945CB42

Function 0000016FE517E220 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE517E243
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE517E257
std::make_error_code.LIBCPMTD ref: 0000016FE517E270
std::make_error_code.LIBCPMTD ref: 0000016FE517E2D2
std::make_error_code.LIBCPMTD ref: 0000016FE517E4A0

Part of subcall function 0000016FE5126020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 0000016FE512602E

std::make_error_code.LIBCPMTD ref: 0000016FE517E357

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 648204d8796b0456c5041645c104bce2b2d368ee5bb78d51d9d0d7f5fe03f98a
Instruction ID: 00ddfe8cc07051d8a91eedd2b8397be80d9d801f18a6f386822c8b76feb23314
Opcode Fuzzy Hash: 648204d8796b0456c5041645c104bce2b2d368ee5bb78d51d9d0d7f5fe03f98a
Instruction Fuzzy Hash: 8CF1D03011C7844FE6A4EF68D855BDEBBE1FBD5300F51496DA089C32A2EE3B9845CB42

Function 0000016FE514BD00 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE514BD46
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0000016FE514BD69
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0000016FE514BD8F
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0000016FE514BE02
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0000016FE514BE28
List.LIBCMTD ref: 0000016FE514BE34

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: dc63ee7da590cd9a2421b7607cfa7165f07dc81bb3ce9fa7acd0f85075bc953f
Instruction ID: 09a1ad9825ae7c9a4ba1985d2a811d088fa2fb66c727f91f74479a2e634f3258
Opcode Fuzzy Hash: dc63ee7da590cd9a2421b7607cfa7165f07dc81bb3ce9fa7acd0f85075bc953f
Instruction Fuzzy Hash: D4415130118A484FDB94EF64E849BDABBD1FB94304F81592DA08DC31A2EE7BD946C742

Function 0000016FE5191BD0 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191BFE

Part of subcall function 0000016FE5167840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5167858

type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191C20

Part of subcall function 0000016FE5190ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5190EE8

type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191C42
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191C64
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191C86
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191CA8

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: 8899d97ed3bff15c6318b1ed2c81bb435c5b2686b7f780487ba95509677ec3b6
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: 6931E030618B888FD794FF68D44979EBBE2FBD9301F51496DA08DC3262DA769841CB42

Function 00007FF79356AAA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 131COMMON

Download Yara Rule

Strings

Mismatched BeginTabBar()/EndTabBar()!, xrefs: 00007FF79356AAF7
(tab_bar != 0) && "Mismatched BeginTabBar()/EndTabBar()!", xrefs: 00007FF79356AB2B
Mismatched BeginTabBar()/EndTabBar()!, xrefs: 00007FF79356AB12
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF79356AB24

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: (tab_bar != 0) && "Mismatched BeginTabBar()/EndTabBar()!"$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Mismatched BeginTabBar()/EndTabBar()!$Mismatched BeginTabBar()/EndTabBar()!
API String ID: 0-1599389173
Opcode ID: 4ab9353cdc96bd627d9a3d53670ede78463ac52f360b651a24efd3f96d58f05b
Instruction ID: 0413e28b4aa16f2a4a0aa593506483862942064eed2208a1ec57bbd3648e9fdc
Opcode Fuzzy Hash: 4ab9353cdc96bd627d9a3d53670ede78463ac52f360b651a24efd3f96d58f05b
Instruction Fuzzy Hash: 2F61347261CB8585DBB0EB36E44037ABBA4FB8DB98F440135EA8D977A5DF2CD1408B11

Function 00007FF79351B380 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::IsPrepared.LIBCMTD ref: 00007FF79351B3A2

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351B3E3
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79351B3B4
font->Scale > 0.0f, xrefs: 00007FF79351B3EA
font && font->IsLoaded(), xrefs: 00007FF79351B3BB

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: Base::Concurrency::details::ContextInternalPrepared
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$font && font->IsLoaded()$font->Scale > 0.0f
API String ID: 1455501626-2222725807
Opcode ID: c45375572df85d011ad8bd7a540964bd55a7802e439d5472fd86ba45785b9c36
Instruction ID: 3442b4810558d20bb52b2363e39e3a6b81ddfc9ca735c129acba653fcb3a92db
Opcode Fuzzy Hash: c45375572df85d011ad8bd7a540964bd55a7802e439d5472fd86ba45785b9c36
Instruction Fuzzy Hash: ED510E36918B8585D760DB2AE4802A9BBA4F7CCBA4F484236EE8C53774DF68D185CF10

Function 0000016FE51660C0 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE51662C7

Part of subcall function 0000016FE513AB90: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE513ABAE

Part of subcall function 0000016FE5145770: _Func_class.LIBCONCRTD ref: 0000016FE5145783

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE51662FA
std::make_error_code.LIBCPMTD ref: 0000016FE5166345

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 44cba59cad6e6780b7330a5251a4022cc13292a5642e4b9283b07efd5546a608
Instruction ID: 65080d17f8c65d6f34c627a09c6850bdec1c9f697c82d4d203836b23ec8c9a38
Opcode Fuzzy Hash: 44cba59cad6e6780b7330a5251a4022cc13292a5642e4b9283b07efd5546a608
Instruction Fuzzy Hash: 38F13030118B488FE7A4EF68D859BDAB7D1FBD4300F51497DA04AC32A2EE7F99468741

Function 0000016FE51628E0 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5162965
std::make_error_code.LIBCPMTD ref: 0000016FE51629B0
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5162AA4
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000016FE5162D53

Part of subcall function 0000016FE516F840: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE516F86B

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000016FE5162E2E

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 7276691ce44bb159d207125626d756ecb9696e90fa2b459645b29a43bd81d226
Instruction ID: e983c77776423f32e305936202d038b88e5430647410393b89633b5f40a54a95
Opcode Fuzzy Hash: 7276691ce44bb159d207125626d756ecb9696e90fa2b459645b29a43bd81d226
Instruction Fuzzy Hash: 21F10430118B488FE7B5EF68D859BDAB7E1FB94300F51097DA08DC32A1EE7A9585C742

Function 0000016FE5151570 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58e04220f0d70ea650cd60bab9b144715f01fe1cc38fa1fab4ccd83f41933ccf
Instruction ID: 7065e04063d00298fef855407506ce26ca4eda78733e8a51cd5c4fa9603e680a
Opcode Fuzzy Hash: 58e04220f0d70ea650cd60bab9b144715f01fe1cc38fa1fab4ccd83f41933ccf
Instruction Fuzzy Hash: 36B1FF30158B888FDBA4EF58C495F9AB7E1FB98344F50496DE08EC7261DB76D885CB02

Function 0000016FE5145B00 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 0000016FE5145BA3
fpos.LIBCPMTD ref: 0000016FE5145D2E
fpos.LIBCPMTD ref: 0000016FE5145D69
fpos.LIBCPMTD ref: 0000016FE5145DDC

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: fe1bd0d6e9f2e15ad540e8fe2edb285bc6fcd10d5c351c6f3bc703fdde1d497a
Instruction ID: f0634848b9f7ecfee38f2c95e17cc113d48bfc1d07faca35be583580eccca0b6
Opcode Fuzzy Hash: fe1bd0d6e9f2e15ad540e8fe2edb285bc6fcd10d5c351c6f3bc703fdde1d497a
Instruction Fuzzy Hash: 7DB1133021CB488FD7A4DF58D858BAABBE1FB99305F55592DE48AC32A0D73BD845C702

Function 0000016FE5189B50 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE5189B91

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE5189C34
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5189D36
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5189D5A

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: db830612614fa449fbf8a2290d03dab55f69eeb659f72aeea5838419a52f05bd
Instruction ID: 74976f55436b08681e352af4969a62e5cf889fe22ec23bcb3bcb7386b0493c18
Opcode Fuzzy Hash: db830612614fa449fbf8a2290d03dab55f69eeb659f72aeea5838419a52f05bd
Instruction Fuzzy Hash: 68A13431118A484BE7A5EF54E855BEFBBD0FB94340F410A3DA08AC61F2EE7BD9468741

Function 0000016FE517F400 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE517F442

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE517F513

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 8bc390d30a7f1d8aafd21f3278c3c1041af784d4880d4acc69fbacb09d269c18
Instruction ID: ae66662b50c8e72145a53fc791ee3a1de43fdeb44d636c602e7aa52a72453b4a
Opcode Fuzzy Hash: 8bc390d30a7f1d8aafd21f3278c3c1041af784d4880d4acc69fbacb09d269c18
Instruction Fuzzy Hash: A391343011C7888BE365EF64D855BDBBBE1FBD4340F41496EA08AC61B2EE379945CB42

Function 0000016FE5177049 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 0000016FE5177092
Mailbox.LIBCMTD ref: 0000016FE51770CA
Mailbox.LIBCMTD ref: 0000016FE5177135
Mailbox.LIBCMTD ref: 0000016FE5177166
Mailbox.LIBCMTD ref: 0000016FE5177190

Part of subcall function 0000016FE513BC30: Mailbox.LIBCMTD ref: 0000016FE513BC7E

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: c1b4378940830f1effdd1e619e523ef3b2297a0c5ada4de89c673b07b333cb85
Instruction ID: 0a9a99a0396a2437e67d0c99d9899202db52c0c9dc44abddc231b3be2029efb3
Opcode Fuzzy Hash: c1b4378940830f1effdd1e619e523ef3b2297a0c5ada4de89c673b07b333cb85
Instruction Fuzzy Hash: CB61793110CB8C8FD755EA58C454BEBBBD1FBA9301F41092EA4CAD32A1EE76D945C742

Function 0000016FE51326B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 0000016FE51326D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE5132767

Part of subcall function 0000016FE5130B80: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5130BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE51327FE
std::error_condition::error_condition.LIBCPMTD ref: 0000016FE513286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE51328DC

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: 605bb16c649ec46b312a0aff6a36ce338a0e7affe64a80df00e5f54f56155300
Instruction ID: f8eab68e2b4de9cf62122133587c3a36c6ee9047a8432b8079b12af6140bfc16
Opcode Fuzzy Hash: 605bb16c649ec46b312a0aff6a36ce338a0e7affe64a80df00e5f54f56155300
Instruction Fuzzy Hash: BC614234618B488FD7A4EF68D458BDABBE1FB98310F51496DE08DC32A1DB7AD445CB02

Function 0000016FE51AA780 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE51AA7A8

Part of subcall function 0000016FE51AC2E0: shared_ptr.LIBCPMTD ref: 0000016FE51AC301

__crt_scoped_stack_ptr.LIBCPMTD ref: 0000016FE51AA827
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51AA886
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51AA89D
__crt_scoped_stack_ptr.LIBCPMTD ref: 0000016FE51AA946

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 947681d9ab8599cb23ccaaab35e50ca17ffc568cb3c4781aaf54affa6d8a08d0
Instruction ID: 46cb57d132193e343b28ded9e0573f233db3deab3787b7015fa5f890eb144097
Opcode Fuzzy Hash: 947681d9ab8599cb23ccaaab35e50ca17ffc568cb3c4781aaf54affa6d8a08d0
Instruction Fuzzy Hash: E761F470518B488FD7A0EF68C859B9ABBE0FB98341F51492EE48DC3271DB36D485CB42

Function 0000016FE51AAC40 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE51AAC68

Part of subcall function 0000016FE51AC1E0: shared_ptr.LIBCPMTD ref: 0000016FE51AC201

__crt_scoped_stack_ptr.LIBCPMTD ref: 0000016FE51AACE7
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51AAD46
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51AAD5D
__crt_scoped_stack_ptr.LIBCPMTD ref: 0000016FE51AAE06

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: a2da2556daea37b612cee8ceb37a5ad9edb5a7a8362c419b22eb5f256d4dc801
Instruction ID: c352c1114b6d42a3dba53274b75ed238b50d517ebae0c2f7c2385d2a2d20f492
Opcode Fuzzy Hash: a2da2556daea37b612cee8ceb37a5ad9edb5a7a8362c419b22eb5f256d4dc801
Instruction Fuzzy Hash: 5061F470518B488FD7A0EF68D859B9ABBE0FBD8341F51492EE48DC3261DB36D485CB42

Function 0000016FE5180100 Relevance: 7.7, APIs: 5, Instructions: 171COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5180123
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5180137
std::make_error_code.LIBCPMTD ref: 0000016FE5180150
std::make_error_code.LIBCPMTD ref: 0000016FE51801A3

Part of subcall function 0000016FE5126020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 0000016FE512602E

std::make_error_code.LIBCPMTD ref: 0000016FE5180207

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 7a6e3a8a4096c77738c4bf48af523395d9bddc510b464b5c0c2692e72954208b
Instruction ID: 2bc4d4035eb3812054c966a5ae020bf6c5ac10998c3f849cc56978b2c0a7b530
Opcode Fuzzy Hash: 7a6e3a8a4096c77738c4bf48af523395d9bddc510b464b5c0c2692e72954208b
Instruction Fuzzy Hash: AB517030118A484BE2A4EF58DC59BDABBD1FBD4340F51596DA48DC71B2EE3B9846CB02

Function 0000016FE5180ED0 Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5180F05

Part of subcall function 0000016FE5184440: type_info::_name_internal_method.LIBCMTD ref: 0000016FE5184458

std::make_error_code.LIBCPMTD ref: 0000016FE5180F1E

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE5180F47
std::make_error_code.LIBCPMTD ref: 0000016FE5180F60

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: e288d37d0697112a2d51f993761bbd4d54a24d06f27eb0f41e135379a7e73d09
Instruction ID: d6e7d7c569aa9fac6572992312be6bbbc4b2f6a7bd8b5bac9106687812a3867e
Opcode Fuzzy Hash: e288d37d0697112a2d51f993761bbd4d54a24d06f27eb0f41e135379a7e73d09
Instruction Fuzzy Hash: 355163312187844BE765DFA4EC55BDB7BE1BB84304F414A2DA089C61E2EB3BD5069742

Function 0000016FE515C100 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE515C12E

Part of subcall function 0000016FE5167840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5167858

type_info::_name_internal_method.LIBCMTD ref: 0000016FE515C150
type_info::_name_internal_method.LIBCMTD ref: 0000016FE515C172
type_info::_name_internal_method.LIBCMTD ref: 0000016FE515C194
type_info::_name_internal_method.LIBCMTD ref: 0000016FE515C1B6

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction ID: d2cf6db3a31fb43b95d3e75d45f77a8ae664d24d1fa0c83804af11b39e0aa0d6
Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction Fuzzy Hash: D621D430518B848FD794FF68D85979EBBE1FBD8301F414D6DA08DC3262DA769841C742

Function 0000016FE517FE90 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE517FEB7

Part of subcall function 0000016FE5184440: type_info::_name_internal_method.LIBCMTD ref: 0000016FE5184458

std::make_error_code.LIBCPMTD ref: 0000016FE517FECD

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE517FEF0
std::make_error_code.LIBCPMTD ref: 0000016FE517FF06

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 63a70a45f75d598f3e0a3577ec78f9d775881292d50549872d87eded24c7d1ab
Instruction ID: 7cd5bbd42551d77b33f36add0440a547e95fa236db8a0764db370b576a1419eb
Opcode Fuzzy Hash: 63a70a45f75d598f3e0a3577ec78f9d775881292d50549872d87eded24c7d1ab
Instruction Fuzzy Hash: 01212130118B488BE745EFA8E855BDABBE1FBC4340F81456DB045C72B2EE2BD942D781

Function 0000016FE5191E10 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191E3E

Part of subcall function 0000016FE5190ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5190EE8

type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191E60
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191E82
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191EA4
type_info::_name_internal_method.LIBCMTD ref: 0000016FE5191EC6

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: abe61810ab18b882dab3bd8b646943f43c68b4106fbe426930fcb7013650c4b2
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: DE21C030518B888FD794FF68D85979EBBE1FBD8301F814D6DA08DC3262DA769841CB42

Function 0000016FE5179690 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE51796BA
shared_ptr.LIBCMTD ref: 0000016FE51796CE

Part of subcall function 0000016FE5181D30: shared_ptr.LIBCMTD ref: 0000016FE5181D3E

allocator.LIBCPMTD ref: 0000016FE51796E2
shared_ptr.LIBCMTD ref: 0000016FE51796F4
allocator.LIBCPMTD ref: 0000016FE5179708

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction ID: f039a2873ccb88af70cdd47572ff94a449da9cd180887c135260f1fdad5ea17c
Opcode Fuzzy Hash: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction Fuzzy Hash: FE114671518B884FD7A4EF58D8497DBBBE1FBD8300F414A2DA48CC3262EA369545CB82

Function 0000016FE511E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE511E53C
type_info::_name_internal_method.LIBCMTD ref: 0000016FE511E5F2
type_info::_name_internal_method.LIBCMTD ref: 0000016FE511E6BA

Part of subcall function 0000016FE511A110: char_traits.LIBCPMTD ref: 0000016FE511A13D

Strings

, xrefs: 0000016FE511E734

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: 5b8815007eec9d2fc278b9dc9d08a32769fd764c1a476b578cf45ba5309400a6
Instruction ID: 9bedb61e150389c6275011894c459a84dc541f3f444aaeb45c5f13336216e789
Opcode Fuzzy Hash: 5b8815007eec9d2fc278b9dc9d08a32769fd764c1a476b578cf45ba5309400a6
Instruction Fuzzy Hash: F4C12231118B488FDB65EF64D959BDBBBE1FB98310F410A6EA08AC31A1EE37D541C742

Function 0000016FE51634C8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51638EF
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE516395B
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51639B5

Strings

e, xrefs: 0000016FE51635AC

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: b924e1a642c36f152f6b504590bfa565702d9d26cd134fc3f3a5abca82a7f906
Instruction ID: 7d4c75d2fe1e84c7243bea1f29c343ab3d0bc0bd2c89d58596d00b15aaf43705
Opcode Fuzzy Hash: b924e1a642c36f152f6b504590bfa565702d9d26cd134fc3f3a5abca82a7f906
Instruction Fuzzy Hash: 5F61E030518A448FE794EFA8D849B9A7BE1FB98301F51192DE149C7271E77BD842CB42

Function 0000016FE512C5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 0000016FE512C660
_Subatomic.LIBCONCRTD ref: 0000016FE512C6FC

Strings

d, xrefs: 0000016FE512C630

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction ID: ff529b3c85fed39660f1e66d3d2f7b24b62ca35bd4660885be4c7f40bf7ca2aa
Opcode Fuzzy Hash: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction Fuzzy Hash: 18414570218B489FD754EF28C44D7AABBE2FBD9345F41492EB18AD3260D776D540CB42

Function 0000016FE5114AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5114AD0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE5114B2F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5114B41

Strings

, xrefs: 0000016FE5114B85

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 991905282-3916222277
Opcode ID: e3dc7a3dc38e938f7d3de40854a2f6867c3f50b7cfbad81a37091e8419198f94
Instruction ID: 166e0ef6594e2f1cd6a577a76daaa3c61d2d7eb2e23d00038cb1ac4ef3cfa4f7
Opcode Fuzzy Hash: e3dc7a3dc38e938f7d3de40854a2f6867c3f50b7cfbad81a37091e8419198f94
Instruction Fuzzy Hash: FC414F30118B448FE794EF68D99979ABBE0FBC4301F91496EB089C32B1DB769841CF02

Function 0000016FE5182AF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE5182B47

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE5182B72
std::make_error_code.LIBCPMTD ref: 0000016FE5182B8E

Strings

}, xrefs: 0000016FE5182B36

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: 1437fc56f20eb242452f3dab8bee66e0f454c9a6f6438df6a3d9d76061fc3a80
Instruction ID: 3eef7cc2ebeacf73ecd622439a3695e3dd38524c2fc7b1540039f4dfdb9be6f3
Opcode Fuzzy Hash: 1437fc56f20eb242452f3dab8bee66e0f454c9a6f6438df6a3d9d76061fc3a80
Instruction Fuzzy Hash: 9F214C301186848FE364DF98D88479ABFE0FBC5380F55093CF089C61B1E62BC9429702

Function 0000016FE51D7B30 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE511A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511A18D

Part of subcall function 0000016FE511A110: char_traits.LIBCPMTD ref: 0000016FE511A13D

type_info::_name_internal_method.LIBCMTD ref: 0000016FE51D7BA4

Part of subcall function 0000016FE51F88A0: type_info::_name_internal_method.LIBCMTD ref: 0000016FE51F8940
Part of subcall function 0000016FE51F88A0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51F89A6
Part of subcall function 0000016FE51F88A0: CreateFileA.KERNEL32 ref: 0000016FE51F89D2

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE51D7C74

Part of subcall function 0000016FE5115180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5115217

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 1a6d43370d743c0741790246eda51870718d100c5d1125f62a037d8daaab8b3e
Instruction ID: 4894aee3ae5049cbe3af7f7400db8b47286c1719d9701c01fe9f3cbe4b408b71
Opcode Fuzzy Hash: 1a6d43370d743c0741790246eda51870718d100c5d1125f62a037d8daaab8b3e
Instruction Fuzzy Hash: F9025531118A488AE765FF64D959BEFBBE0FB94300F51097EA04AC21B2FE375946CB41

Function 0000016FE5173AA0 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5173AF1

Part of subcall function 0000016FE5142A20: _Ptr_base.LIBCMTD ref: 0000016FE5142A33

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 9563075afa9850e746f4311326fd3820ab702563374c33d9578d30c472824271
Instruction ID: e1120e39873b067664ed19e99609f499721aa8969fbe1b2612970afe583845e5
Opcode Fuzzy Hash: 9563075afa9850e746f4311326fd3820ab702563374c33d9578d30c472824271
Instruction Fuzzy Hash: CCF13531118A8C4FE7B5EF58D8597DBB7E1FB98300F41092EA44EC32A1EE7A9545CB42

Function 0000016FE5165A30 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5165AB7
std::make_error_code.LIBCPMTD ref: 0000016FE5165B32
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000016FE5165CBC

Part of subcall function 0000016FE516FA10: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE516FA6D
Part of subcall function 0000016FE516FA10: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE516FA84

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000016FE5165E4B

Part of subcall function 0000016FE5146D60: char_traits.LIBCPMTD ref: 0000016FE5146D80

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: 7a3ea08e90fceb27cd6e1fd845cb093568d6f95d03eb69ff7c426182bf7209eb
Instruction ID: 08ea7fcf7e75c3b236ee7c3b63b11e39b22e37a580381716c5e1af0b347f9257
Opcode Fuzzy Hash: 7a3ea08e90fceb27cd6e1fd845cb093568d6f95d03eb69ff7c426182bf7209eb
Instruction Fuzzy Hash: 8BC12331118A4C8FE7A5EF58D859BDBB7D1FBD8300F41093E948EC32A1EE7A99458742

Function 0000016FE5122C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5122CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5122E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5122E78

Part of subcall function 0000016FE511B170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511B17E
Part of subcall function 0000016FE511B170: _Max_value.LIBCPMTD ref: 0000016FE511B1A3
Part of subcall function 0000016FE511B170: _Min_value.LIBCPMTD ref: 0000016FE511B1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE5122FB7

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 82596cad36d2d3fb0aaf4ff23d60118829d448ca129abdec30145eb3f5113f40
Instruction ID: efaee69c25dd9a14be62e0da77ea93bb2778d6c19b1b21d10cacc0df5206c218
Opcode Fuzzy Hash: 82596cad36d2d3fb0aaf4ff23d60118829d448ca129abdec30145eb3f5113f40
Instruction Fuzzy Hash: 1FD1C33021CB488FDB94EF5CD458BAABBE1FBD9341F41496EA08DC3261DA76D941CB42

Function 0000016FE5133390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 0000016FE513352B
std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5133551

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: f45159876a3413d581667927f9ab218c6284b520071aa6869e707fb677832e16
Instruction ID: 413b95441a754c3a5cbb0c0c78ac522ed8de99e75c9df3b3d05346c5e3ff3a1d
Opcode Fuzzy Hash: f45159876a3413d581667927f9ab218c6284b520071aa6869e707fb677832e16
Instruction Fuzzy Hash: 28C134301187488FE7A5EF58D855BDBBBE1FB98310F51092DA489C32A1EB77D942CB42

Function 0000016FE5181510 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000016FE5181704

Part of subcall function 0000016FE5155240: char_traits.LIBCPMTD ref: 0000016FE5155261

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000016FE5181761

Part of subcall function 0000016FE518A290: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000016FE518A2B2

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: ec30224dc15fbc8032a18291e9deb5e54881b33702301bb23d23c2ac266fbc41
Instruction ID: ef7044fb4e5d0c70e877195ec82827d3bd481a16ac9c2d15ed471123b71d78de
Opcode Fuzzy Hash: ec30224dc15fbc8032a18291e9deb5e54881b33702301bb23d23c2ac266fbc41
Instruction Fuzzy Hash: 3EC1BB7011CB888FE7B4EF58D499BDAB7E1FB98305F51492E908DC3261EE369485CB42

Function 0000016FE5182660 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000016FE5182683
std::make_error_code.LIBCPMTD ref: 0000016FE518269C

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE51826DB

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 1197b50259cd651c9b6da576e883620b1d42da3b8eb02a60d5fb3576ea9858b0
Instruction ID: 5d896146878e1f493f53cb8474bbb35e9ccecf5f2924d3eff6c0989acbff80f3
Opcode Fuzzy Hash: 1197b50259cd651c9b6da576e883620b1d42da3b8eb02a60d5fb3576ea9858b0
Instruction Fuzzy Hash: 51B1DF30118B848FD6B5EF58D859BDABBE1FBD4300F51496DA08DC72A2DA379846CB42

Function 0000016FE514C0C0 Relevance: 6.3, APIs: 4, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff8cae9e5e31fc2d3f093a035b7e1b66494f063e1d3bcbc0dba5857b41c99fa
Instruction ID: 6b9b643cef0fe5ed018401e246a766f154f7c953dce07a1b0f2b2d00a769cf98
Opcode Fuzzy Hash: 4ff8cae9e5e31fc2d3f093a035b7e1b66494f063e1d3bcbc0dba5857b41c99fa
Instruction Fuzzy Hash: 74910230118A488FDB94EF18C495F9AB7E1FBE9304F50595DA08EC7262DB76E941CB42

Function 0000016FE517DE50 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000016FE517DE8D

Part of subcall function 0000016FE5128FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5128FFE

std::make_error_code.LIBCPMTD ref: 0000016FE517DEDC

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 316640ba4620b1868b043f14b8bbfe2bdf537fee0c99a8942832639a75162651
Instruction ID: 6438ffba4963fcdc561adddeaaca5c306d1cfa32bcb2025e4b1195d2ce8d1858
Opcode Fuzzy Hash: 316640ba4620b1868b043f14b8bbfe2bdf537fee0c99a8942832639a75162651
Instruction Fuzzy Hash: 998127301186848FD3B5EF58D455BEEBBE1FBD5300F51497DA08AC31A2EA3B9885C742

Function 0000016FE51458A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 0000016FE514593A
fpos.LIBCPMTD ref: 0000016FE5145A03
fpos.LIBCPMTD ref: 0000016FE5145A52
fpos.LIBCPMTD ref: 0000016FE5145AEF

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 3ddead0fb258ff1e267deb5699af4adb0322be805e248e2aac325a3832c2bf49
Instruction ID: e9b136531aec207eac0b76d16520a8fe1bba2e1109c05cea4a49cc59c2a90630
Opcode Fuzzy Hash: 3ddead0fb258ff1e267deb5699af4adb0322be805e248e2aac325a3832c2bf49
Instruction Fuzzy Hash: 60811E3051CB448FE7A4DF68D899B6ABBE0FB98344F55192DB499C32B1D73AD841CB02

Function 0000016FE518B7B0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE518B84B
type_info::_name_internal_method.LIBCMTD ref: 0000016FE518B972

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 376f370d1ce6c6e5a538bf90c30fa90ed811b227eefe87f28aee0aebd5c382d5
Instruction ID: 8f2130ee304c769194b4a0b8d7081d1f272d2ee02b16bb9c50ebc21a36d4d68f
Opcode Fuzzy Hash: 376f370d1ce6c6e5a538bf90c30fa90ed811b227eefe87f28aee0aebd5c382d5
Instruction Fuzzy Hash: 80710230118A489FD7B1EF58D859BEAB7D1FB98300F41486DE08DC72A1EE3BD9468742

Function 0000016FE518B440 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE518B4DB
type_info::_name_internal_method.LIBCMTD ref: 0000016FE518B602

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 311635369dba7a2c4c55ab289ad81b385d07f4bf4434da9164d88dc3e7919d85
Instruction ID: 884bfe4bd2478f31c2e10b0f4c062bcef1f6d695b51be914417b15ef665a33d3
Opcode Fuzzy Hash: 311635369dba7a2c4c55ab289ad81b385d07f4bf4434da9164d88dc3e7919d85
Instruction Fuzzy Hash: 2671B33015C7488FD7B5EF68D8597DAB7E1FB98300F91092DA08DC72A1EA7BD8428741

Function 0000016FE5128290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE511A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511A18D

type_info::_name_internal_method.LIBCMTD ref: 0000016FE51283B2
type_info::_name_internal_method.LIBCMTD ref: 0000016FE51283CD
type_info::_name_internal_method.LIBCMTD ref: 0000016FE512840F
type_info::_name_internal_method.LIBCMTD ref: 0000016FE512842A

Part of subcall function 0000016FE511A110: char_traits.LIBCPMTD ref: 0000016FE511A13D

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
String ID:
API String ID: 1744367693-0
Opcode ID: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction ID: ea4505f2528f2daf0d6adf500c095978304e3c18d67770d43078ec4c61ee5f42
Opcode Fuzzy Hash: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction Fuzzy Hash: 5B5135341187848FD7A0EF54D844B9BBBE1FB94304F414A6DA089C71B1EB77D946C742

Function 0000016FE514C3B0 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 0000016FE514C484
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000016FE514C494
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0000016FE514C4A5

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
String ID:
API String ID: 714649587-0
Opcode ID: 5488cc04d8f2d7fbd2759ee350adb1f9c5fb344bf4786a2901479604c81c8665
Instruction ID: b0c8e71b65c97b99703fad1ea67bf111a48291e7cd34ea0bd0e856c849bed4c9
Opcode Fuzzy Hash: 5488cc04d8f2d7fbd2759ee350adb1f9c5fb344bf4786a2901479604c81c8665
Instruction Fuzzy Hash: A4411F30118E488FD794EF58C499BAABBE1FB98344F51092DF189C32B1DB36D842CB01

Function 0000016FE51EE6E0 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE51EE8E0: _Byte_length.LIBCPMTD ref: 0000016FE51EE94E

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51EE765
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51EE78E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51EE7C5
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51EE7EE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: 81c2d3f1868dcef153101e2a0f55093425f05ac4cd24b82f06e7e43b528eae26
Instruction ID: 16bbda1e5776d8b9756fafb01c634f564d47fd41f9c8786a9fa30dc84022fe94
Opcode Fuzzy Hash: 81c2d3f1868dcef153101e2a0f55093425f05ac4cd24b82f06e7e43b528eae26
Instruction Fuzzy Hash: B1412330118B488FE754EF68D859BEABBE0FB98341F51496EA089C3171EF369585CB42

Function 0000016FE519D600 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE519D62B

Part of subcall function 0000016FE5167840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5167858

type_info::_name_internal_method.LIBCMTD ref: 0000016FE519D64A

Part of subcall function 0000016FE5190ED0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5190EE8

type_info::_name_internal_method.LIBCMTD ref: 0000016FE519D669
type_info::_name_internal_method.LIBCMTD ref: 0000016FE519D688

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: 227d4bf0136b75189d929271738101aa9be064408fe127fc0884207cf8853d8d
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: 3611CE30518B848FE694FF68D88979EBBE1FBD8340F51496DB089C3271DA76D8418B42

Function 0000016FE515B2D0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE515B2FB

Part of subcall function 0000016FE5167840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5167858

type_info::_name_internal_method.LIBCMTD ref: 0000016FE515B31A
type_info::_name_internal_method.LIBCMTD ref: 0000016FE515B339
type_info::_name_internal_method.LIBCMTD ref: 0000016FE515B358

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: 5bdaa2c5a3aae8e8fe4f6358e547af7deac698fe9c525ced6e650cbc2ec440e8
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: 9B11CE30528B848FE694FF68D84979ABBE1FBD8340F51496DB089C3271DA76E841CB42

Function 0000016FE516F200 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000016FE516F22B

Part of subcall function 0000016FE5167840: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000016FE5167858

type_info::_name_internal_method.LIBCMTD ref: 0000016FE516F24A
type_info::_name_internal_method.LIBCMTD ref: 0000016FE516F269
type_info::_name_internal_method.LIBCMTD ref: 0000016FE516F288

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: 9133d7241c1787c72f1bea6221441efee4e077be929ad67ae10dc502476ea24f
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 5911C130518B848FE694FF68D84979ABBE1FBD8340F51496DB089C3271DA76E841CB42

Function 0000016FE5153550 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 0000016FE5153563
_Func_class.LIBCONCRTD ref: 0000016FE51535BD

Part of subcall function 0000016FE51499D0: _Func_class.LIBCONCRTD ref: 0000016FE51499DE
Part of subcall function 0000016FE51499D0: _Func_class.LIBCONCRTD ref: 0000016FE5149A3C

_Func_class.LIBCONCRTD ref: 0000016FE51535E1
_Func_class.LIBCONCRTD ref: 0000016FE51535ED

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: b803890b92baa551a6f351b648c4053f9769df31390c261aa39a302089fb7c7f
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: 91112130218A084FE684FF5CD89976A7BE1FB99305F41592DB549C32B2EA27D8428702

Function 0000016FE516F100 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE516F14A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE516F15E

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: a5be94854657d5b00daaeb384d3fac32df84855779d025111b4620cdbba1e241
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: 23015670538A4C4BD394DF69D8593AABAD2F784344F85097CB045C32B1E7FBC4458B02

Function 0000016FE516F060 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE516F0AA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE516F0BE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: e6048a48d8946d8ced58c7cf906a53f481f4ca6449da0cddec4fa0d22ef1cda0
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: 0A014430538B884BE394DF69D8A87997AD3F784304F95092CA04AC22F0EBBBC5458702

Function 0000016FE5113D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 0000016FE5115360: _WChar_traits.LIBCPMTD ref: 0000016FE511538D

Part of subcall function 0000016FE5114740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511476C
Part of subcall function 0000016FE5114740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE511477E
Part of subcall function 0000016FE5114740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000016FE51147BB

Part of subcall function 0000016FE5114850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE51148B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000016FE511412A

Strings

X, xrefs: 0000016FE5113EE3
, xrefs: 0000016FE51141B1

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: a757dbef87dfb30b01267c4a16f99c6c95e5acd87679aa1afa54b60f120e79d0
Instruction ID: 7abd2baf575178b04f242f4097d8304990f7ba9f5fe550b93161709dda4a8101
Opcode Fuzzy Hash: a757dbef87dfb30b01267c4a16f99c6c95e5acd87679aa1afa54b60f120e79d0
Instruction Fuzzy Hash: 9BD1DC70518B888FD7B4EF68D4987DAB7E1FBD8301F50492EA48DC3261EB759885CB42

Function 0000016FE5175700 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 0000016FE51757D6
", xrefs: 0000016FE51758EE

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: cc595092e32016d91173b12e2c9e65e9e8196bad8f99b68bd600d2a6a17a99da
Instruction ID: aa7b4f5ad6f2626c9ba0bdba8e11c6f9981127f17ee8e7ef291d239740d24a31
Opcode Fuzzy Hash: cc595092e32016d91173b12e2c9e65e9e8196bad8f99b68bd600d2a6a17a99da
Instruction Fuzzy Hash: 9B711C31118B488BD754EF58D885BDBBBE1FB94340F410A6DB08AC31B2EA37D546CB82

Function 0000016FE5134B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 0000016FE5134CEA

Part of subcall function 0000016FE51301A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 0000016FE51301BD

Strings

@, xrefs: 0000016FE5134BED
@, xrefs: 0000016FE5134B66

Memory Dump Source

Source File: 00000000.00000002.4107115262.0000016FE5110000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016FE5110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16fe5110000_LinxOptimizer.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction ID: e70945ab6afe8cc22e563549e48ff1a09358f8661d6a23138ddde2d82806e6b5
Opcode Fuzzy Hash: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction Fuzzy Hash: 2251E77050C7448FE7A4EF58D898B9ABBE0FB95305F12092DE189C32A0E777D845CB46

Function 00007FF79351F690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

log.LIBCPMTD ref: 00007FF79351F6B9

Strings

NULL, xrefs: 00007FF79351F74A
[io] LockWheelingWindow() "%s", xrefs: 00007FF79351F75B

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID:
String ID: NULL$[io] LockWheelingWindow() "%s"
API String ID: 0-295439587
Opcode ID: 8bef1ba867330f2910f48d6ceeab672b981c9c4703bb67fe28701772f48b1566
Instruction ID: b3e7c0258ff12013431f6382c416bc37732c3ab755537e35626659f4aad866c0
Opcode Fuzzy Hash: 8bef1ba867330f2910f48d6ceeab672b981c9c4703bb67fe28701772f48b1566
Instruction Fuzzy Hash: 3B312336908B8986D770DB76E48026AF3A4FB8CB94F544731EA8D637A5DF7CE1448B10

Function 00007FF79352D850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

Concurrency::details::BoostedObject::IsScheduleGroupSegment.LIBCMTD ref: 00007FF79352D87E

Strings

g.SettingsWindows.empty(), xrefs: 00007FF79352D897
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF79352D890

Memory Dump Source

Source File: 00000000.00000002.4110007745.00007FF793501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF793500000, based on PE: true

Associated: 00000000.00000002.4109985177.00007FF793500000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110060351.00007FF79357D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110101093.00007FF793867000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110191011.00007FF793869000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110214479.00007FF79386E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110246958.00007FF7938A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110267701.00007FF7938A4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110289414.00007FF7938A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110310309.00007FF7938A8000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110389657.00007FF793983000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110413358.00007FF793984000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4110468745.00007FF793A21000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff793500000_LinxOptimizer.jbxd

Similarity

API ID: BoostedConcurrency::details::GroupObject::ScheduleSegment
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
API String ID: 2971748953-1747592857
Opcode ID: 60b57a5fb3dd242d711af64146fc56ffb0ed8617c1471297f8b43ba337cc747c
Instruction ID: 1ba70a92d1966a5b2cc34e505e923d821e48bcf3292c0ca7c553852b9d269e75
Opcode Fuzzy Hash: 60b57a5fb3dd242d711af64146fc56ffb0ed8617c1471297f8b43ba337cc747c
Instruction Fuzzy Hash: 67316122908A8982D771DB36D458369A7A4FB8CB49F844672EECC637A5DF2CD145CF10

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LinxOptimizer.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OFFK2Q5A.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
LinxOptimizer.exe

Function 0000016FE513F46A Relevance: 9.6, APIs: 6, Instructions: 647
fileCOMMON

Function 0000016FE521CCC0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Function 0000016FE51D78E0 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Function 00007FF793A18803 Relevance: 1.5, APIs: 1, Instructions: 7
nativethreadCOMMON

Function 0000016FE5116FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 0000016FE51F88A0 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Function 0000016FE5114740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Function 0000016FE51F8EC0 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Function 0000016FE51F8E20 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Function 0000016FE51F8D40 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Function 0000016FE5239E2C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Function 00007FF793A15D0B Relevance: 1.3, APIs: 1, Instructions: 16
COMMON