Windows Analysis Report
main.bin

Overview

General Information

Sample name: main.bin
Analysis ID: 1528663
MD5: e8efaa3e8e34754384322d6a4f4cb7b0
SHA1: 6fd14b0045f5120f6ebcd02ef4851514907de6d0
SHA256: 6c5559b109fe00e44612be2c585048ebcb117a63aca347a66dea7a1b88fbfda5
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Uses schtasks.exe or at.exe to add and modify task schedules
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Uses 32bit PE files
Uses reg.exe to modify the Windows registry
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: main.bin Virustotal: Detection: 26% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.3% probability
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_71a444bd-2
Uses 32bit PE files
Source: main.bin Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: main.bin Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_wxp_x86\i386\cpuz149_x32.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: C:\BUILD\work\655d602927444bef\bin_x86\v143\Release Static\neutral\Speccy.pdb& source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.00000000016F4000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_win7_ia64\ia64\cpuz149_ia64.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: C:\BUILD\work\655d602927444bef\bin_x86\v143\Release Static\neutral\Speccy.pdb source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.00000000016F4000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_win7_amd64\amd64\cpuz149_x64.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /id/poorsmuk HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic HTTP traffic detected: GET /id/smoke_weeed HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic HTTP traffic detected: GET /profiles/76561198360578139 HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic HTTP traffic detected: GET /id/steam---id HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic HTTP traffic detected: GET /id/DotHashtag HTTP/1.1Host: steamcommunity.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: playerAvatar profile_header_size offlineprofile_header_badgeinfo_badge_area{"focusable":true,"clickOnActivate":true}https://steamcommunity.com/id/poorsmuk/badgeshttps://www.youtube.com/watch?v=dQw4w9WgXcQ{"focusable":true,"clickOnActivate":true}profile_content has_profile_background equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: <a class="bb_link" href="https://www.youtube.com/watch?v=dQw4w9WgXcQ" target="_blank" rel="" > View More Info</a> </div> equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: g_rgProfileData = {"url":"https:\/\/steamcommunity.com\/id\/poorsmuk\/","steamid":"76561198111104203","personaname":"Monke","summary":" <a class=\"bb_link\" href=\"https:\/\/www.youtube.com\/watch?v=dQw4w9WgXcQ\" target=\"_blank\" rel=\"\" > View More Info<\/a> "}; equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: cdefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcast equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcast equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;0 equals www.youtube.com (Youtube)
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=dQw4w9WgXcQ equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/EVCodeSigning-g1.crl03
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/EVCodeSigning-g1.crl0K
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000165D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://files.avast.com/beta9x/avast_free_antivirus_setup_online.exeASWSig2A5549FF2866EA44F68D28FB2B1
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exeASWSig2A5FB1A9FDC683FA551EB348
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/beta/avast_cleanup_online_setup.exeASWSig2A1E3DD1C1B204ED89FD
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeASWSig2A4C1A1197A19B18F
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeASWSig2A2D7E61EA63DA
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_internet_security_online_setup.exeASWSig2A40170EEB1
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/beta/avg_battery_saver_online_setup.exeASWSig2A4D178CA216002CE0
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exeASWSig2A7E478FFFFFA84
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/beta/avg_tuneup_online_setup.exeASWSig2A51F05E8C170B452F21205C3
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exeASWSig2A19497FDBA8D930F12196
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://keys.backup.norton.com
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ncc.avast.com/ncc.txt
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ncc.avast.com/ncc.txtCommChannel.dllinvalid
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0H
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0I
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000166D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://p%03d.sb.avast.com/V1/MD/Do
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000166D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://p%03d.sb.avast.com/V1/PD/https:http:Canceling
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://posttestserver.com/test_channel_s://https://posttestserver.com/test_channel_utf8://http://api
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007FBC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E12000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/https://store.steampowered.com/legal/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007FBC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007FBC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/http://store.steampowered.com/account/cookieprefe
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://www.avast.com0/
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: main.exe, 00000001.00000002.1463567357.0000000006A64000.00000002.10000000.00040000.00000000.sdmp, main.exe, 00000001.00000002.1453937471.00000000061F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdtls:
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htmhttps://store.steampowered.com/steam_refunds/responsive_page_m
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://akbr-api.avast.com/acquisition?https://akbr-api.avast.com/activation?avast_activationcodeleg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/010e7539681b438bcc81107d9051df0a3f63631c.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/010e7539681b438bcc81107d9051df0a3f63631c.jpghttps://avatars.a
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/010e7539681b438bcc81107d9051df0a3f63631c_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/48fbb04ffee506450acc49d5036a7412d53a4f0b_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F86000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/6897a5d61235390796f37e4ed9c3b56e72799c62.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F86000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/6897a5d61235390796f37e4ed9c3b56e72799c62_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/70432c1a0d67540d9b209018ef3910e02c7f3d7e.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/731d8000d3a20abf17a6d09dcfbf9d31534ef73d_full.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/7b207d0db6d2ce6e1df9ef8840f674b71b7e8cb4_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/7b207d0db6d2ce6e1df9ef8840f674b71b7e8cb4_medium.jpghttps://av
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/7e8255dd51703bb49458c93202751d86ea14deb8.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/830016a85265ae1d65eb19981a76949924cd25dd_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/830016a85265ae1d65eb19981a76949924cd25dd_medium.jpghttps://av
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/a521352ec938d97a89f4b9655f75924d3cea6344_full.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/a978ca8a81e1026a8e3a9e749558296374768b62.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/a978ca8a81e1026a8e3a9e749558296374768b62_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/cc04b9291a0058ac98558dd047490a2b19a7bbd5.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F86000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/cc04b9291a0058ac98558dd047490a2b19a7bbd5_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/cc65b2e51c12c364fdb62d61b2232e804b4c789a.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/cc65b2e51c12c364fdb62d61b2232e804b4c789a_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/cd713e3e36fda9637f69444d73ae2b464ec8e81c_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CF6000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/e9d3108b127c19328a65cdc9465be8f48353f5f4.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CF6000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/e9d3108b127c19328a65cdc9465be8f48353f5f4_medium.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/ee6ae95fdac9220dcf5dafc4f08b7e3cb0062344.jpg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D70000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/ee6ae95fdac9220dcf5dafc4f08b7e3cb0062344_medium.jpg
Source: main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/b
Source: main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_PRO/platform_WIN/installertype_ONLINE/bu
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/59600ee79937ab3eaf7faab7
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/7bb83b9ab573c9cd3d9dcb9b
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/82341c80b9aed13e34dd0dc2
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/93be56176b437345ba45cab7
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/e643bc42988f7b1635e93862
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/281990/e904a667ec34888a31b100d6
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/581320/3832f9d81bb5755c956b6870
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/apps/581320/8c981a099f412705990b262d
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/2460510/bdf91187d32a3f406b66a3
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/2750340/fd478522b84c117620c02c
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/311060/8c01025c39aec4cd041aee5
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/394870/e61ed2bbae4d49678459fbf
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/423710/6e932a7b7ece43bafaf8576
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/505630/1ffa70482989d10fa76ca7c
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/628670/3b321f3b302bb8ae50b11ac
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/718650/72404c55ed90238aa72cf80
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/730/54e40b9e2288fbab8bd4c6537b
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/730/ef7cb44d312df5038cba0f69a0
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/871990/2ff06dbc927384b91d3525e
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/images/items/878580/06cc1f98f89f2756ce16344
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/2spooky
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/Bad_Pet
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/EasterChick
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/Magicstarfish
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/Mechanicsigil
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/Selfburn
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/WheelOfAges
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/devilhead
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/dos2skull
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/dragonskull
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/gearz
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/gearzhttps://community.akamai.steamstatic.
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/happy_yeti
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/heartpendant
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/helloween
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/hyperion
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/lovegrenade
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/peacedove
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/re3stars
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/skullerz
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/starvanguard
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/steamthumbsup
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/emoticon/steamy
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E4E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C82000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/image/-9a81dlWLwJ2UUGcVs_nsVtzdOEdtWwKGZZLQHTxDZ7I5
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E52000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E62000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/economy/image/RgGbIK_Xaakl8PcQ2KQKK0i_2YIC7wZf7gTzKvLti-4wt
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&l
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&l=e
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/01_community/communityleader_54.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/02_years/steamyears7_54.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/13_gamecollector/500_54.png?v=4
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/65_steamawardnominations/level_01.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/generic/YIR2023_54.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/badges/generic/YIR2023_54.pngprofile_group_li
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/countryflags/nl.gif
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/countryflags/us.gif
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/profile/achievementIcon.svg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CD0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CD0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gifhttps://community.akamai
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1steamCountry=U
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CF4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF6000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D24000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C82000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C06000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C82000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C06000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=englis
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=engli
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DFC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=e
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=engli
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=englishhttps
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=englishh
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=englis
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&l=en
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=e
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E24000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&l=
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C82000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C06000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000154F000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000154F000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://curl.se/docs/hsts.html
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000154F000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeASWSig2A532CCF5ABF
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/beta/avast_breach_guard_online_setup.exeASWSig2A6DF674D10553
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeASWSig2A2457920CE
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/beta/avast_battery_saver_online_setup.exeASWSig2A3A3BE3789E6
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeASWSig2A072492C0
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/beta/avast_driver_updater_online_setup.exeASWSig2A3CBDA28891
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exeASWSig2A021F36B
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeASWSig2A06FCDABA5742BE662
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exeASWSig2A2B99C8EA31CB6D
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/beta/avg_breach_guard_online_setup.exeASWSig2A56213C511B9A9241
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeASWSig2A14AA13983E189
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/beta/avg_driver_updater_online_setup.exeASWSig2A667B4A5D8ECDBD
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exeASWSig2A24A39E8D727
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exeASWSig2A27B1BBBA8E4138C4EDCFD
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/avg/beta9x/avg_internet_security_setup.exeASWSig2A7D77EF27F362060AF957E761
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A123D026AE3BEAC0AC7D4DC35
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A357ACEF8FE55D8ED7E2EA469
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/beta9x/avast_pro_antivirus_setup_online.exeASWSig2A579D90FED0C6441EE7B258F
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000165D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/iavs9x/avast_free_antivirus_setup_online.exeASWSig2A2EC0971AB07DE15C30023C
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://install.avcdn.net/iavs9x/avast_pro_antivirus_setup_online.exeASWSig2A03A4D7B0044FDD707267F64
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://license.piriform.com/activate/?p=%s&c=%s&cv=%s&l=%s&lk=%s&mk=%s.exe64.exe.lic.dat/unregister
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001610000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://license.piriform.com/updatehttps://www.ccleaner.com/go/app_cc_get_updateWMozilla/4.0?%d.%d%s
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000161D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://openid-stage.avast.comhttps://openid-stage.avg.comalpha-iqs-stage.ff.avast.comalpha-crap-sta
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.000000000161D000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://openid.avg.commy-devices.avast.comalpha-rollout-service.ff.avast.comhttps://openid.avast.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001661000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://s-trackoff.avcdn.net/avg/trackoff/7854df286ff1c4e1f4d81d466f4a1b0243b39837ac99c5b98817907f76
Source: main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001661000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://s-trackoff.avcdn.net/trackoff/8ad1526a87b9617cf6dd677cdf9f87a0e3fd1555b6a8828d87ec2bef2850fa
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/1295500/capsule_184x69.jpg?t=1728
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/1295940/capsule_184x69.jpg?t=1634
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/1328670/header.jpg?t=1725576882
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/1522870/header.jpg?t=1725024288
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/252490/21aac0b6e20e1ba12f635e7deb
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/281990/capsule_184x69.jpg?t=17273
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/291480/279bf50786e7af6a71d6f81862
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/292030/capsule_184x69.jpg?t=17260
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/292030/header.jpg?t=1726045366
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/294100/capsule_184x69.jpg?t=17254
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/394360/capsule_184x69.jpg?t=17280
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/418240/header.jpg?t=1725879339
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/427520/capsule_184x69.jpg?t=17281
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/440/capsule_184x69.jpg?t=17219326
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/548430/capsule_184x69.jpg?t=17272
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/553420/capsule_184x69.jpg?t=17195
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/553420/header.jpg?t=1719583787
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DF0000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/578080/4f5bd6fbde8ef39aea742014f1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/581320/capsule_184x69.jpg?t=17277
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/730/capsule_184x69.jpg?t=17194263
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/812140/capsule_184x69.jpg?t=17271
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/812140/header.jpg?t=1727125836
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shared.akamai.steamstatic.com/store_item_assets/steam/apps/979120/capsule_184x69.jpg?t=17250
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E94000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcastshttps://store.steampowered.com/privacy_agreement/ht
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/1295500
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/1295500https://steamcommunity.com/app/1295500game_info_achievements_s
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/281990
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/281990https://steamcommunity.com/app/281990General
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/281990showcase_slot
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/294100
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/294100showcase_slot
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/394360
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/394360favoritegame_showcase_game
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/427520
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/427520https://steamcommunity.com/app/427520game_info_achievements_sum
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/553420
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/553420https://steamcommunity.com/app/553420game_info_achievements_sum
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/553420showcase_content_bg
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/581320
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/app/581320https://steamcommunity.com/app/581320game_info_achievements_sum
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E74000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007FCC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C58000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/comment/Profile/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/https://steamcommunity.com/workshop/https://steamcommunity.co
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/groups/dfsfer345352
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/groups/katowicestickerclub
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D86000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E94000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/https://steamcommunity.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/CloudWorld9
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/CloudWorld9hoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/badges/1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/badges/13
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/badges/1Years
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/badges/1https://steamcommunity.com/id/DotHashtag/badges/13h
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/gamecards/491260
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/gamecards/629280
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/games/?tab=all
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/games/?tab=allhttps://steamcommunity.com/id/DotHashtag/inve
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/inventory/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/stats/252490/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/DotHashtag/stats/578080/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E46000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Hartkern_EisenmannJanuary
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E46000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Hartkern_Eisenmannhoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/HoideID
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/HoideIDDecember
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/HoideIDhoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Pnus
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Pnushoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E12000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Prommix
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/PrommixSeptember
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Prommixhoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/Samiel781
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/lord_francio
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/lord_francioNovember
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/lord_franciohoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/badges
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/badges/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/badges/13https://steamcommunity.com/id/poorsmuk/badges/66Stea
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/badges/65responsive_groupfriends_element_ctn
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/games/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/games/?tab=all&sort=achievements
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/games/https://steamcommunity.com/id/poorsmuk/wishlist/comment
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/images/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/myworkshopfiles/?section=guides
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/1218210/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/1295500/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/219830/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/266130/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/292030/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/418240/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/427520/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/533300/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/548430/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/553420/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/581320/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/641990/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/760060/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/761890/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/stats/844260/achievements/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/poorsmuk/wishlist/commentthread_Profile_76561198111104203_area
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E46000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke-br
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke-brNovember
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E46000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke-brhoverunderline
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/allcomments
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/awards/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/awards/This
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/13
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/33
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/33https://community.akamai.steamstatic.com/economy/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badges/https://steamcommunity.com/id/smoke_weeed/badges/13
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E46000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/badgesfriendPlayerLevel
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/220
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/220?border=1https://steamcommunity.com/id/smoke_
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/2243810
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/245070
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/245070https://steamcommunity.com/id/smoke_weeed/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/25800
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/25800DISTRAINT
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/2750340
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/3027110
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/395170
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/395170Criminal
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/406210
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/463040
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/508550
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/508550https://steamcommunity.com/id/smoke_weeed/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/552980
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/552980World
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/gamecards/620190
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/games/?tab=perfect
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/groups/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/images/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/inventory/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/inventory/#753_6
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/inventory/https://steamcommunity.com/id/smoke_weeed/invent
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/inventory/https://steamcommunity.com/id/smoke_weeed/screen
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/recommended/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/screenshots/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/smoke_weeed/videos/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/badges/1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/badges/1https://steamcommunity.com/id/steam---id/gamecards/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/badges/2
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/badges/2Years
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/badges/https://steamcommunity.com/id/steam---id/badges/show
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/friends/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/2460510
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/2750340
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/311060
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/311060https://steamcommunity.com/id/steam---id/in
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/505630
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/718650
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/718650Ressurection
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/871990
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/871990https://steamcommunity.com/id/steam---id/ga
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/gamecards/878580
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/games/?tab=all
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/games/?tab=allhttps://steamcommunity.com/id/steam---id/game
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/games/?tab=perfect
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/games/?tab=perfectGames
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/inventory/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/inventory/#753_6
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/id/steam---id/inventory/https://steamcommunity.com/id/steam---id/friends/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E12000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CD0000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2FDotHashtag
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2FDotHashtagEspa
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2FDotHashtaghttps://steamcommunity.com/?subsection=br
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsmoke_weeed
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CF4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsmoke_weeed%3FinsideModal%3D0
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsmoke_weeedEspa
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsmoke_weeedhttps://steamcommunity.com/?subsection=b
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsteam---id
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsteam---idEspa
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=id%2Fsteam---idhttps://steamcommunity.com/?subsection=br
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/https://store.steampowered.com/points/shop/https://store.stea
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198029242857
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198272926485
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198348656242
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/1
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/13
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/1https://steamcommunity.com/profiles/76
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/2
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badges/Years
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/badgeshttps://steamcommunity.com/profiles/7656
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/friends/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/games/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/games/https://steamcommunity.com/profiles/7656
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/groups/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/groups/https://steamcommunity.com/profiles/765
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/inventory/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198360578139/wishlist/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198803337653
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198842078368
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198842078368https://steamcommunity.com/profiles/76561198842
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198859380754
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198963983313
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198970312727
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198970312727https://steamcommunity.com/profiles/76561198970
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198990581375
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198991259901
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561198991259901https://steamcommunity.com/profiles/76561198991
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199095277122
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199095277122https://steamcommunity.com/profiles/76561199095
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199205318035/badges/29
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199401715130
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199552257250
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007ED8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/saliengame/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;0
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E94000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/https://store.steampowered.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D30000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E12000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007FD4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F8E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EC4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F9E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E7C000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E34000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007F14000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D86000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E94000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/responsive_page_content_overlayhttps://store.steampowered.com/Link
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D4A000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CAA000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB4000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DCC000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D72000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.steampowered.com/kb_article.php?ref=6899-IOSK-9514&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C18000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.steampowered.com/kb_article.php?ref=6899-IOSK-9514&l=englishLevel
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.steampowered.com/kb_article.php?ref=7849-Radz-6869&l=english
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007DB2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.steampowered.com/kb_article.php?ref=7849-Radz-6869&l=englishhttps://support.steampow
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_home_help0%s?a=%s&v=%s&l=%dopenMainDlg::SaveSnapshotC:
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_privacy_policy0%s?a=&v=%s&l=%d4
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://Register
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://Register00000000UpdateKeyUpdateKey%04d%02d%02
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://RegisterSMDBValForceRemoveNoRemoveDelete/tran
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://Registerbranding.dllv1.00.001v2.00.001v%d.%02
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://Registerlicense.iniLicenseNameLicenseKeySoftw
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://RegisterspspbesptespproMozilla/4.0
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_purchaselocal://Registertemp_spupdatespupdatehttps://www.ccle
Source: main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001517000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/go/app_sp_reg_renewhttps://www.ccleaner.com/autohttps://www.ccleaner.com/sp
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.0000000001615000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.ccleaner.com/inapp/notificationsContent-Type:
Source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007CC8000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F84000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007EA2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007E2B000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D08000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2512439689.0000000007F99000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007C0E000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000002.2504421316.0000000007D1E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/watch?v=dQw4w9WgXcQ
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000001.00000002.1448007807.0000000005920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
PE file contains executable resources (Code or Archives)
Source: main.bin Static PE information: Resource name: BRANDING type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: main.bin Static PE information: Resource name: RT_RCDATA type: MS-DOS executable, LE executable for MS Windows (VxD)
Source: main.bin Static PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: main.bin Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Source: main.bin Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) Intel Itanium, for MS Windows
Source: main.bin Static PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: main.bin Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: BRANDING type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: MS-DOS executable, LE executable for MS Windows (VxD)
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) Intel Itanium, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: CryptoHelper.exe.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Sample file is different than original file name gathered from version info
Source: main.bin Binary or memory string: OriginalFilenamecpuz.sys< vs main.bin
Source: main.bin Binary or memory string: OriginalFilenamebranding.dll\ vs main.bin
Source: main.bin Binary or memory string: OriginalFilenameSpeccy.exe. vs main.bin
Uses 32bit PE files
Source: main.bin Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses reg.exe to modify the Windows registry
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f
Yara signature match
Source: 00000001.00000002.1448007807.0000000005920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: CryptoHelper.exe.1.dr Binary string: \Device\cpuz149\DosDevices\CPUZ149
Source: CryptoHelper.exe.1.dr Binary string: Unable to open file '{}' for reading!Unknown DSA key!ASWSig3AASWSig2AThe digest is not initialized!invalid hex_char_value<char>Unable to read outside of the mapped view!Unable to retrieve pointer of the unmapped view!DiskSN3DiskSN2DiskSN1BoardInformationTAGBoardInformationSNSystemInformationSNDiskSN4ProcessorTAGProcessorSNEnclosureInformatonTAGEnclosureInformatonSNBatterySNMemoryTAGMemorySNMemoryPNSystemUUIDPowerSupplyTAGPowerSupplySNPowerSupplyPN\\?\VolumeSystemVolumeGUIDDiskMajoritySNProcessorIDGetSystemFirmwareTableSCSIDISK\\.\Scsi%u:\\.\PhysicalDrive%u%d/%d/%dNtOpenSection\Device\PhysicalMemoryMicrosoft Hv - .logNtSetInformationFileUnable to retrieve a file name!NtQueryInformationFileFailed to open log file '{}'{}.to_delete.{:016x}.old{}.to_rotate.{:016x}Code: BOM not present in '{}'Failed to create new log file '{}'.tmp.GetModuleHandleW ({})%04hu-%02hu-%02hu %02hu:%02hu:%02hu.%03hu{:#010x} ({})
Source: CryptoHelper.exe.1.dr Binary string: \Device\cpuz149`aNa:a&a
Source: CryptoHelper.exe.1.dr Binary string: app.morph.suite_mode_providerpublic.morph.get_product_instance_{}public.morph.get_branding_data_{}categoryFailed to get template category from product instance dataGetSchemaVersion failedFailed to get schema version from product instance dataGetSchemaCategory failedFailed to get schema category from product instance dataschemametaDataSchemaFailed to get coreBranding nodecoreBrandingFailed to get license branding dataFailed to get license branding data. Try redownloading itFailed to get core branding licensing nodeGetTemplateVersion failedFailed to get template version from product instance dataGetTemplateCategory failedFailed to get fileLocation from branding nodeFailed to get core branding node for member: {}Failed to get coreBranding membersRemoveProductInstance called in controlled productdeactivateget_available_productspinginternal..lifact..lif.activations.Activate.lif.activations.GetActiveProduct.lif.activations.GetActiveProducts.lif.activations.GetAvailableProducts.lif.activations.IsInstalledapp..lif.activations.IsSupportedVersionInstalledapp.lif.activations.IsSupportedVersionInstalledparameter not objecterh_pingHapp.alpha.GetVaarHeaders.lif.activations.GetAccountDataapp.lif.activations.GetAccountData.lif.activations.RemoveLicense.lif.activations.AccountLogoutapp.lif.activations.AccountLogoutInvalidating account cacheWK not providedInvalid argumentActivate callederh_activateHparamsspecified product not known by targeted instanceappId or brandId not setISVI - You must pass application type as parameter.erh_issvinstalled.lifact.get_available_productsInvalid argument.erh_getavailableproductsHerh_deactivateHActivating by WK: {}, licId: {}Activating by lic file with WK: {}, licId: {}companyNameGAP - You must provide source as string.Get available products from code called. Args = {}GAP - You must provide source type.GAP - You must pass object with parameters as parameter.erh_getavailableproductsII - You must pass product identifier as parameter.erh_isinstalledGet available products failed (std exception). Parameters={}Get available products failed. Parameters={}Get available products from code result: {}phonecitystreetcompanyIndustrycompanySizeA - You must provide activation code type.A - You must pass object with parameters as parameter.erh_activateparamsGAcP - You must pass product identifier as parameter.erh_getactiveproductasw::framework::lif::EventRoutingHandlers::GetActiveProducts - finished. Ret = {}, err = {}erh_getactiveproductsRL - You must provide application type.RL - You must pass object with parameters as parameter.erh_removelicenseerh_accountlogoutA - You must provide at least code or license id.A - You must provide license id as string.A - You must provide application type.A - You must provide activation code as string.lic data or wk must be filled inerh_apsRequesting vaar headers outside of alphaerh_getvaarheadersInvalidating account license cache for {}:{}erh_onaccountchangederh_getaccountdataUnable to open file '{}'!ini_SetStr
Source: CryptoHelper.exe.1.dr Binary string: \Device\cpuz149\DosDevices\CPUZ149\DosDevices\Global\CPUZ149
Source: classification engine Classification label: mal64.winBIN@12/3@2/2
Source: C:\ProgramData\CryptoHelper.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\CryptoHelper
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1696:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4872:120:WilError_03
Source: main.bin Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\main.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: main.bin Virustotal: Detection: 26%
Source: unknown Process created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f
Source: unknown Process created: C:\ProgramData\CryptoHelper.exe C:\ProgramData\CryptoHelper.exe
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe" Jump to behavior
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\main.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: version.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: winmm.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: userenv.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: secur32.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: samcli.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Section loaded: gpapi.dll Jump to behavior
Source: main.bin Static PE information: More than 4294 > 100 exports found
Source: main.bin Static PE information: Virtual size of .text is bigger than: 0x100000
Source: main.bin Static file information: File size 20187208 > 1048576
Source: main.bin Static PE information: Raw size of .text is bigger than: 0x100000 < 0xb21400
Source: main.bin Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x321800
Source: main.bin Static PE information: Raw size of .reloc is bigger than: 0x100000 < 0x3a2400
Source: main.bin Static PE information: More than 200 imports for KERNEL32.dll
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: main.bin Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: main.bin Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_wxp_x86\i386\cpuz149_x32.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: C:\BUILD\work\655d602927444bef\bin_x86\v143\Release Static\neutral\Speccy.pdb& source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.00000000016F4000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_win7_ia64\ia64\cpuz149_ia64.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: C:\BUILD\work\655d602927444bef\bin_x86\v143\Release Static\neutral\Speccy.pdb source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, CryptoHelper.exe, 0000000F.00000000.1564260887.00000000016F4000.00000002.00000001.01000000.00000008.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_149\objfre_win7_amd64\amd64\cpuz149_x64.pdb source: main.exe, 00000001.00000000.1222878418.00000000019A1000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.000000000811B000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr
Source: main.bin Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: main.bin Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: main.bin Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: main.bin Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: main.bin Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Drops PE files
Source: C:\Users\user\Desktop\main.exe File created: C:\ProgramData\CryptoHelper.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\main.exe File created: C:\ProgramData\CryptoHelper.exe Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe
Source: C:\Windows\SysWOW64\reg.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CryptoHelper Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CryptoHelper Jump to behavior
Source: C:\Users\user\Desktop\main.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: main.exe, 00000001.00000000.1221168468.0000000001573000.00000002.00000001.01000000.00000006.sdmp, main.exe, 00000001.00000002.1473460065.0000000007C00000.00000004.00001000.00020000.00000000.sdmp, main.bin, CryptoHelper.exe.1.dr Binary or memory string: IsRunningOnVirtualMachine
Source: CryptoHelper.exe.1.dr Binary or memory string: vmware
Source: main.exe, 00000001.00000002.1445723415.00000000007EE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllzzA
Source: CryptoHelper.exe.1.dr Binary or memory string: VMwareVMware
Source: CryptoHelper.exe, 0000000F.00000002.2490143604.0000000004481000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\main.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\main.exe Process token adjusted: Debug Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe" Jump to behavior
Source: C:\Users\user\Desktop\main.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc MINUTE /mo 1 /tn CryptoHelper /tr C:\ProgramData\CryptoHelper.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CryptoHelper /t REG_SZ /d C:\ProgramData\CryptoHelper.exe /f Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\main.exe Queries volume information: C:\Users\user\Desktop\main.exe VolumeInformation Jump to behavior
Source: C:\ProgramData\CryptoHelper.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528663 Sample: main.bin Startdate: 08/10/2024 Architecture: WINDOWS Score: 64 29 steamcommunity.com 2->29 35 Malicious sample detected (through community Yara rule) 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 AI detected suspicious sample 2->39 8 main.exe 1 2->8         started        11 CryptoHelper.exe 2->11         started        signatures3 process4 dnsIp5 27 C:\ProgramData\CryptoHelper.exe, PE32 8->27 dropped 14 cmd.exe 1 8->14         started        17 cmd.exe 1 8->17         started        31 steamcommunity.com 104.102.49.254, 443, 49710, 49711 AKAMAI-ASUS United States 11->31 33 127.0.0.1 unknown unknown 11->33 file6 process7 signatures8 41 Uses schtasks.exe or at.exe to add and modify task schedules 14->41 19 conhost.exe 14->19         started        21 schtasks.exe 1 14->21         started        23 conhost.exe 17->23         started        25 reg.exe 1 1 17->25         started        process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://steamcommunity.com/id/steam---id false
    		unknown