Windows Analysis Report
Dragons Dogma 2 v1.0 Plus 36 Trainer.exe

Overview

General Information

Sample name: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Analysis ID: 1432170
MD5: 3412b8b059e693c1a8f0168ca0b07af0
SHA1: f12f0e1b15a6b1f1766ed891a305dc6db5d82b33
SHA256: b0b0880f99265d4dd9e98e0a771025e332b993d71808bc83049d2561e25c5a7c
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Found suspicious QR code URL
Machine Learning detection for sample
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Virustotal: Detection: 24% Perma Link
Machine Learning detection for sample
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Joe Sandbox ML: detected

Phishing
barindex
Found suspicious QR code URL
Source: QR Code extractor URL: http://473750571567004317064230583514468350804565684324378075159610742091604698238217701484029465762430135913242023857750034401559054060945654540273638867228794983640833862748912121851334807031249099092790952130035074227943842970399582505875
Source: QR Code extractor URL: http://473750571567004317064230583514468350804565684324378075159610742091604698238217701484029465762430135913242023857750034401559054060945654540273638867228794983640833862748912121851334807031249099092790952130035074227943842970399582505875
Source: unknown HTTPS traffic detected: 104.21.85.118:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\PRO\_FLiNGTrainerGUI_WPF\FLiNGTrainerGUI_WPF\obj\Release\FLiNGTrainerGUI_WPF.pdb source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: 0.2.Dragons Dogma 2 v1.0 Plus 36 Trainer.exe.1c27c8a0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Dragons Dogma 2 v1.0 Plus 36 Trainer.exe.1c210009ac0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Dragons Dogma 2 v1.0 Plus 36 Trainer.exe.1c27ad95d20.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: global traffic HTTP traffic detected: GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1User-Agent: FLiNGTrainerHost: flingtrainer.com
Source: global traffic HTTP traffic detected: GET /wp-content/check-for-trainer-update/dragons-dogma-2-trainer HTTP/1.1User-Agent: FLiNGTrainerHost: flingtrainer.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGK_wrrEGIjAA-kYpC-Y-c7RBERJsELzsgpywuUS7w5EbA-x6wgoWhDAN92TwrMKaq9jZAJA03X4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=cvNJ8ItQzMni3NqYsSiPX0z3SSoZOvODkTAGhEXffIHWQxkevr79FgGSJ6DDoqwR5ieRGa1bGov1i4if0OxPxm0mNGgkQXQeYkTuY22XbWu35jrBck9beTvDC8c1Oic3RxtdGsNvCG8JxcYy9UHBXjoHZLxQnvNPG1qdKLWrRRc
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGK_wrrEGIjAn3Wc5iwnZMZgX6R7yhDKD_86kMZeGk-qF3cDY8yyy7fbGEK6IqCghGSgQn1GUoW8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=cvNJ8ItQzMni3NqYsSiPX0z3SSoZOvODkTAGhEXffIHWQxkevr79FgGSJ6DDoqwR5ieRGa1bGov1i4if0OxPxm0mNGgkQXQeYkTuY22XbWu35jrBck9beTvDC8c1Oic3RxtdGsNvCG8JxcYy9UHBXjoHZLxQnvNPG1qdKLWrRRc
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oXZTG3c6Ul7wBhg&MD=wpDD45XM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oXZTG3c6Ul7wBhg&MD=wpDD45XM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: flingtrainer.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3526786802.000001C27F59B000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3526786802.000001C27F562000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3526786802.000001C27F572000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://bbs.3dmgame.com/thread-
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://bbs.3dmgame.com/thread-https://flingtrainer.com/tag/TRAINER_INITIALIZEWMURLhttps://flingtrai
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3526167621.000001C27F1CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3526167621.000001C27F1CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/.(R
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C2001ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/2.html0
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/api/v2/app-login.php
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/forums/trainer-request/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/forums/update-request/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/forums/update-request/8
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/support_the_author
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/threads/4260/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/cn/community/threads/4260/3https://flingtrainer.com/qhttps://flingtrainer.c
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://flingtrainer.com/download-wemod-trainer.php?name=
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C20061A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/download-wemod-trainer.php?name=dragons-dogma-2-trainer
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C20061A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/download-wemod-trainer.php?nameHm
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C20061A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/download-wemod-trainer.php?nameHmj
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C200001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/patreon
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://flingtrainer.com/tag/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C2001ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/tag/dragons-dogma-2
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3498575506.000001C2001ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/tag/dragons-dogma-28
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3524873808.000001C27F02F000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3523602534.000001C27EF6F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/dragons-dogma-2-trainer
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3524873808.000001C27F08C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/dragons-dogma-2-trainerZ
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3523602534.000001C27EF9E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateIV
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3524873808.000001C27F103000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateV
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3524873808.000001C27F103000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updatel
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://flingtrainer.com/wp-json/trainer-api/update-page?name=
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://www.3dmgame.com/flxgq.html
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 104.21.85.118:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49755 version: TLS 1.2
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Code function: String function: 00007FFD9B8BD470 appears 94 times
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Code function: String function: 00007FFD9B8BB6C0 appears 31 times
PE file contains executable resources (Code or Archives)
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Resource name: REMOTE type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Resource name: UI type: COM executable for DOS
Sample file is different than original file name gathered from version info
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFLiNGTrainerGUI_WPF.exe@ vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFLiNGTrainerGUI_WPF.exe@ vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000000.1632026782.00007FF7C9371000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTrSpeedHack.dllT vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFLiNGTrainerGUI_WPF.exe@ vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameFLiNGTrainerGUI_WPF.exe@ vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Binary or memory string: OriginalFilenameTrSpeedHack.dllT vs Dragons Dogma 2 v1.0 Plus 36 Trainer.exe
Source: classification engine Classification label: mal60.phis.troj.winEXE@16/3@3/4
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe File created: C:\Users\user\AppData\Local\FLiNGTrainer Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Mutant created: NULL
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe File read: C:\Users\user\AppData\Local\FLiNGTrainer\TrainerSettings.ini Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Virustotal: Detection: 24%
Source: unknown Process created: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe "C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe"
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://473750571567004317064230583514468350804565684324378075159610742091604698238217701484029465762430135913242023857750034401559054060945654540273638867228794983640833862748912121851334807031249099092790952130035074227943842970399582505875/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,12561812202603157812,13767010147293151412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,12561812202603157812,13767010147293151412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: windowscodecsext.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: icm32.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe File written: C:\Users\user\AppData\Local\FLiNGTrainer\TrainerSettings.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static file information: File size 1521664 > 1048576
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\PRO\_FLiNGTrainerGUI_WPF\FLiNGTrainerGUI_WPF\obj\Release\FLiNGTrainerGUI_WPF.pdb source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3518438791.000001C27AD76000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3502015087.000001C210001000.00000004.00000800.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3520301861.000001C27CFE0000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3519890536.000001C27C8A0000.00000004.08000000.00040000.00000000.sdmp
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Code function: 0_2_00007FFD9B79D2A5 pushad ; iretd 0_2_00007FFD9B79D2A6
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Code function: 0_2_00007FFD9B8C5582 push eax; iretd 0_2_00007FFD9B8C55DD
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Code function: 0_2_00007FFD9B8C5550 push eax; iretd 0_2_00007FFD9B8C55DD
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Memory allocated: 1C27C750000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Memory allocated: 1C27CC60000 memory reserve | memory write watch Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Window / User API: threadDelayed 421 Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Window / User API: threadDelayed 3125 Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Window / User API: threadDelayed 5875 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe TID: 7420 Thread sleep time: -625000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe TID: 7420 Thread sleep time: -1175000s >= -30000s Jump to behavior
Source: Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3503421162.000001C21D833000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3508322155.000001C21DC9B000.00000004.00000020.00020000.00000000.sdmp, Dragons Dogma 2 v1.0 Plus 36 Trainer.exe, 00000000.00000002.3523602534.000001C27EF9E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dragons Dogma 2 v1.0 Plus 36 Trainer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432170 Sample: Dragons Dogma 2 v1.0 Plus 3... Startdate: 26/04/2024 Architecture: WINDOWS Score: 60 15 flingtrainer.com 2->15 25 Multi AV Scanner detection for submitted file 2->25 27 Machine Learning detection for sample 2->27 29 Found suspicious QR code URL 2->29 31 Yara detected Generic Downloader 2->31 7 chrome.exe 1 2->7         started        10 Dragons Dogma 2 v1.0 Plus 36 Trainer.exe 16 2->10         started        signatures3 process4 dnsIp5 17 192.168.2.4, 138, 443, 49509 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 12 chrome.exe 7->12         started        21 flingtrainer.com 104.21.85.118, 443, 49732, 49733 CLOUDFLARENETUS United States 10->21 process6 dnsIp7 23 www.google.com 142.250.64.196, 443, 49738, 49739 GOOGLEUS United States 12->23
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.85.118
 flingtrainer.com United States
13335 CLOUDFLARENETUS false
142.250.64.196
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
flingtrainer.com 104.21.85.118 true
www.google.com 142.250.64.196 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update false
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGK_wrrEGIjAn3Wc5iwnZMZgX6R7yhDKD_86kMZeGk-qF3cDY8yyy7fbGEK6IqCghGSgQn1GUoW8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
    		high
    https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGK_wrrEGIjAA-kYpC-Y-c7RBERJsELzsgpywuUS7w5EbA-x6wgoWhDAN92TwrMKaq9jZAJA03X4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
      		high
      https://www.google.com/async/newtab_promos false
        		high
        https://www.google.com/async/ddljson?async=ntp:2 false
          		high
          https://flingtrainer.com/wp-content/check-for-trainer-update/dragons-dogma-2-trainer false
          • 3%, Virustotal, Browse
          • Avira URL Cloud: safe
          		 unknown
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
            		high
            https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
              		high